Compositor crashes when switching tty

adlo adloconwy at gmail.com
Wed May 29 02:36:22 UTC 2019 

On Tue, 2019-05-28 at 13:38 -0400, Adam Jackson wrote:
> On Tue, 2019-05-28 at 08:26 +0100, adlo wrote:
> > When switching tty, my compositor crashes with error messages such
> > as
> > 
> > free (): invalid size Aborted (core dumped) 
> > or 
> > malloc (): invalid chunk size
> 
> This means something is corrupting the malloc arena metadata. Run
> your
> compositor under valgrind and fix what it complains about.
> 

Here is the valgrind output:

==15641== Memcheck, a memory error detector
==15641== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et
al.
==15641== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright
info
==15641== Command: src/xfway
==15641== Parent PID: 7074
==15641== 
==15641== Invalid write of size 8
==15641==    at 0x404604: launch_desktop_shell_process (shell.c:961)
==15641==    by 0x48822D2: wl_event_loop_dispatch_idle (in
/usr/lib64/libwayland-server.so.0.1.0)
==15641==    by 0x4882327: wl_event_loop_dispatch (in
/usr/lib64/libwayland-server.so.0.1.0)
==15641==    by 0x4880F24: wl_display_run (in /usr/lib64/libwayland-
server.so.0.1.0)
==15641==    by 0x403A47: main (main-wayland.c:626)
==15641==  Address 0x8f21c58 is 0 bytes after a block of size 8 alloc'd
==15641==    at 0x483AB1A: calloc (vg_replace_malloc.c:762)
==15641==    by 0x4052C2: zalloc (zalloc.h:38)
==15641==    by 0x4052C2: xfway_server_shell_init (shell.c:982)
==15641==    by 0x403A37: main (main-wayland.c:623)
==15641== 
==15641== Invalid write of size 8
==15641==    at 0x40460D: launch_desktop_shell_process (shell.c:968)
==15641==    by 0x48822D2: wl_event_loop_dispatch_idle (in
/usr/lib64/libwayland-server.so.0.1.0)
==15641==    by 0x4882327: wl_event_loop_dispatch (in
/usr/lib64/libwayland-server.so.0.1.0)
==15641==    by 0x4880F24: wl_display_run (in /usr/lib64/libwayland-
server.so.0.1.0)
==15641==    by 0x403A47: main (main-wayland.c:626)
==15641==  Address 0x8f21c78 is 24 bytes after a block of size 16 in
arena "client"
==15641== 
==15641== Invalid write of size 8
==15641==    at 0x4884AB8: wl_list_insert (in /usr/lib64/libwayland-
server.so.0.1.0)
==15641==    by 0x48822D2: wl_event_loop_dispatch_idle (in
/usr/lib64/libwayland-server.so.0.1.0)
==15641==    by 0x4882327: wl_event_loop_dispatch (in
/usr/lib64/libwayland-server.so.0.1.0)
==15641==    by 0x4880F24: wl_display_run (in /usr/lib64/libwayland-
server.so.0.1.0)
==15641==    by 0x403A47: main (main-wayland.c:626)
==15641==  Address 0x8f21c68 is 16 bytes after a block of size 8
alloc'd
==15641==    at 0x483AB1A: calloc (vg_replace_malloc.c:762)
==15641==    by 0x4052C2: zalloc (zalloc.h:38)
==15641==    by 0x4052C2: xfway_server_shell_init (shell.c:982)
==15641==    by 0x403A37: main (main-wayland.c:623)
==15641== 

valgrind: m_mallocfree.c:305 (get_bszB_as_is): Assertion 'bszB_lo ==
bszB_hi' failed.
valgrind: Heap block lo/hi size mismatch: lo = 80, hi = 4211536.
This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata.  If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away.  Please try that before reporting this as a bug.


host stacktrace:
==15641==    at 0x58046F6A: ??? (in /usr/libexec/valgrind/memcheck-
amd64-linux)
==15641==    by 0x58047097: ??? (in /usr/libexec/valgrind/memcheck-
amd64-linux)
==15641==    by 0x5804723B: ??? (in /usr/libexec/valgrind/memcheck-
amd64-linux)
==15641==    by 0x580513A3: ??? (in /usr/libexec/valgrind/memcheck-
amd64-linux)
==15641==    by 0x5803DD8A: ??? (in /usr/libexec/valgrind/memcheck-
amd64-linux)
==15641==    by 0x5803CC8F: ??? (in /usr/libexec/valgrind/memcheck-
amd64-linux)
==15641==    by 0x58041E04: ??? (in /usr/libexec/valgrind/memcheck-
amd64-linux)
==15641==    by 0x5803C0C8: ??? (in /usr/libexec/valgrind/memcheck-
amd64-linux)
==15641==    by 0x1002D09984: ???
==15641==    by 0x1002BA5F2F: ???
==15641==    by 0x1002BA5F17: ???
==15641==    by 0x1002BA5F2F: ???
==15641==    by 0x1002BA5F3F: ???

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 15641)
==15641==    at 0x4884ABB: wl_list_insert (in /usr/lib64/libwayland-
server.so.0.1.0)
==15641==    by 0x48822D2: wl_event_loop_dispatch_idle (in
/usr/lib64/libwayland-server.so.0.1.0)
==15641==    by 0x4882327: wl_event_loop_dispatch (in
/usr/lib64/libwayland-server.so.0.1.0)
==15641==    by 0x4880F24: wl_display_run (in /usr/lib64/libwayland-
server.so.0.1.0)
==15641==    by 0x403A47: main (main-wayland.c:626)
client stack range: [0x1FFEFF5000 0x1FFF000FFF] client SP: 0x1FFEFFF6C8
valgrind stack range: [0x1002AA6000 0x1002BA5FFF] top usage: 8360 of
1048576

Thread 2: status = VgTs_WaitSys syscall 202 (lwpid 15659)
==15641==    at 0x57A54E5: pthread_cond_wait@@GLIBC_2.3.2 (in
/usr/lib64/libpthread-2.29.so)
==15641==    by 0x6ECC5DA: ??? (in /usr/lib64/dri/i965_dri.so)
==15641==    by 0x6ECC31A: ??? (in /usr/lib64/dri/i965_dri.so)
==15641==    by 0x579F5A1: start_thread (in /usr/lib64/libpthread-
2.29.so)
==15641==    by 0x58B3162: clone (in /usr/lib64/libc-2.29.so)
client stack range: [0x7B2D000 0x832BFFF] client SP: 0x832B9F0
valgrind stack range: [0x1005BC0000 0x1005CBFFFF] top usage: 2936 of
1048576


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.

More information about the wayland-devel mailing list