Mir

Nested Mir server crashes on exit ("corrupted double-linked list") since Mesa 10.3

Bug #1377853 reported by Daniel van Vugt on 2014-10-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mir	Invalid	High	Alexandros Frantzis
	mesa (Ubuntu)	Fix Released	High	Alexandros Frantzis	Ubuntu ubuntu-14.10

Bug Description

Nested Mir server crashes on exit:

1. bin/mir_demo_server_minimal -f /tmp/outer & sleep 1 ; bin/mir_demo_server_shell --host-socket /tmp/outer -f /tmp/inner
2. Ctrl+C
3. *** Error in `bin/mir_demo_server_shell': corrupted double-linked list: 0x000000000074e970 ***

Tags:

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2014-10-06:

Download full text (4.2 KiB)

Both MALLOC_CHECK_ and valgrind agree on the cause of the crash. The nested server is trying to set up and then destroy real DRM resources (which it should not, because it's a nested server):

==29944== Invalid free() / delete / delete[] / realloc()
==29944== at 0x4C2BE10: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29944== by 0x937F228: ??? (in /usr/lib/x86_64-linux-gnu/libgbm.so.1.0.0)
==29944== by 0xB2F77F0: mir::graphics::mesa::helpers::GBMHelper::~GBMHelper() (display_helpers.cpp:292)
==29944== by 0xB31EC50: mir::graphics::mesa::NativePlatform::~NativePlatform() (native_platform.cpp:51)
==29944== by 0xB322C98: void __gnu_cxx::new_allocator<mir::graphics::mesa::NativePlatform>::destroy<mir::graphics::mesa::NativePlatform>(mir::graphics::mesa::NativePlatform*) (new_allocator.h:124)
==29944== by 0xB322C4A: std::enable_if<std::__and_<std::allocator_traits<std::allocator<mir::graphics::mesa::NativePlatform> >::__destroy_helper<mir::graphics::mesa::NativePlatform>::type>::value, void>::type std::allocator_traits<std::allocator<mir::graphics::mesa::NativePlatform> >::_S_destroy<mir::graphics::mesa::NativePlatform>(std::allocator<mir::graphics::mesa::NativePlatform>&, mir::graphics::mesa::NativePlatform*) (alloc_traits.h:282)
==29944== by 0xB322BF2: void std::allocator_traits<std::allocator<mir::graphics::mesa::NativePlatform> >::destroy<mir::graphics::mesa::NativePlatform>(std::allocator<mir::graphics::mesa::NativePlatform>&, mir::graphics::mesa::NativePlatform*) (alloc_traits.h:411)
==29944== by 0xB322AE4: std::_Sp_counted_ptr_inplace<mir::graphics::mesa::NativePlatform, std::allocator<mir::graphics::mesa::NativePlatform>, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (shared_ptr_base.h:524)
==29944== by 0x4E81CDF: std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (shared_ptr_base.h:149)
==29944== by 0x4E81A48: std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() (shared_ptr_base.h:666)
==29944== by 0x4F96393: std::__shared_ptr<mir::graphics::NativePlatform, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (shared_ptr_base.h:914)
==29944== by 0x4F963AD: std::shared_ptr<mir::graphics::NativePlatform>::~shared_ptr() (shared_ptr.h:93)
==29944== Address 0xab3cb60 is 0 bytes inside a block of size 5 free'd
==29944== at 0x4C2BE10: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29944== by 0x714518D: ??? (in /usr/lib/x86_64-linux-gnu/mesa-egl/libEGL.so.1.0.0)
==29944== by 0x713C551: eglTerminate (in /usr/lib/x86_64-linux-gnu/mesa-egl/libEGL.so.1.0.0)
==29944== by 0x50211E4: mir::graphics::nested::detail::EGLDisplayHandle::~EGLDisplayHandle() (nested_display.cpp:119)
==29944== by 0x5021513: mir::graphics::nested::NestedDisplay::~NestedDisplay() (nested_display.cpp:141)
==29944== by 0x502DBA4: void __gnu_cxx::new_allocator<mir::graphics::nested::NestedDisplay>::destroy<mir::graphics::nested::NestedDisplay>(mir::graphics::nested::NestedDisplay*) (new_allocator.h:124)
==29944== by 0x502DB56: std::enable_if<std::__and_<std::allocator_traits<std::allocator<mir::graphics::nested::NestedDisplay> >::__destroy_helper<mir::graphics::nested::NestedDi...

Both MALLOC_CHECK_ and valgrind agree on the cause of the crash. The nested server is trying to set up and then destroy real DRM resources (which it should not, because it's a nested server):

==29944== Invalid free() / delete / delete[] / realloc()
==29944==    at 0x4C2BE10: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29944==    by 0x937F228: ??? (in /usr/lib/x86_64-linux-gnu/libgbm.so.1.0.0)
==29944==    by 0xB2F77F0: mir::graphics::mesa::helpers::GBMHelper::~GBMHelper() (display_helpers.cpp:292)
==29944==    by 0xB31EC50: mir::graphics::mesa::NativePlatform::~NativePlatform() (native_platform.cpp:51)
==29944==    by 0xB322C98: void __gnu_cxx::new_allocator<mir::graphics::mesa::NativePlatform>::destroy<mir::graphics::mesa::NativePlatform>(mir::graphics::mesa::NativePlatform*) (new_allocator.h:124)
==29944==    by 0xB322C4A: std::enable_if<std::__and_<std::allocator_traits<std::allocator<mir::graphics::mesa::NativePlatform> >::__destroy_helper<mir::graphics::mesa::NativePlatform>::type>::value, void>::type std::allocator_traits<std::allocator<mir::graphics::mesa::NativePlatform> >::_S_destroy<mir::graphics::mesa::NativePlatform>(std::allocator<mir::graphics::mesa::NativePlatform>&, mir::graphics::mesa::NativePlatform*) (alloc_traits.h:282)
==29944==    by 0xB322BF2: void std::allocator_traits<std::allocator<mir::graphics::mesa::NativePlatform> >::destroy<mir::graphics::mesa::NativePlatform>(std::allocator<mir::graphics::mesa::NativePlatform>&, mir::graphics::mesa::NativePlatform*) (alloc_traits.h:411)
==29944==    by 0xB322AE4: std::_Sp_counted_ptr_inplace<mir::graphics::mesa::NativePlatform, std::allocator<mir::graphics::mesa::NativePlatform>, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (shared_ptr_base.h:524)
==29944==    by 0x4E81CDF: std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (shared_ptr_base.h:149)
==29944==    by 0x4E81A48: std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() (shared_ptr_base.h:666)
==29944==    by 0x4F96393: std::__shared_ptr<mir::graphics::NativePlatform, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (shared_ptr_base.h:914)
==29944==    by 0x4F963AD: std::shared_ptr<mir::graphics::NativePlatform>::~shared_ptr() (shared_ptr.h:93)
==29944==  Address 0xab3cb60 is 0 bytes inside a block of size 5 free'd
==29944==    at 0x4C2BE10: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29944==    by 0x714518D: ??? (in /usr/lib/x86_64-linux-gnu/mesa-egl/libEGL.so.1.0.0)
==29944==    by 0x713C551: eglTerminate (in /usr/lib/x86_64-linux-gnu/mesa-egl/libEGL.so.1.0.0)
==29944==    by 0x50211E4: mir::graphics::nested::detail::EGLDisplayHandle::~EGLDisplayHandle() (nested_display.cpp:119)
==29944==    by 0x5021513: mir::graphics::nested::NestedDisplay::~NestedDisplay() (nested_display.cpp:141)
==29944==    by 0x502DBA4: void __gnu_cxx::new_allocator<mir::graphics::nested::NestedDisplay>::destroy<mir::graphics::nested::NestedDisplay>(mir::graphics::nested::NestedDisplay*) (new_allocator.h:124)
==29944==    by 0x502DB56: std::enable_if<std::__and_<std::allocator_traits<std::allocator<mir::graphics::nested::NestedDisplay> >::__destroy_helper<mir::graphics::nested::NestedDisplay>::type>::value, void>::type std::allocator_traits<std::allocator<mir::graphics::nested::NestedDisplay> >::_S_destroy<mir::graphics::nested::NestedDisplay>(std::allocator<mir::graphics::nested::NestedDisplay>&, mir::graphics::nested::NestedDisplay*) (alloc_traits.h:282)
==29944==    by 0x502DAFE: void std::allocator_traits<std::allocator<mir::graphics::nested::NestedDisplay> >::destroy<mir::graphics::nested::NestedDisplay>(std::allocator<mir::graphics::nested::NestedDisplay>&, mir::graphics::nested::NestedDisplay*) (alloc_traits.h:411)
==29944==    by 0x502D9F0: std::_Sp_counted_ptr_inplace<mir::graphics::nested::NestedDisplay, std::allocator<mir::graphics::nested::NestedDisplay>, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (shared_ptr_base.h:524)
==29944==    by 0x4E81CDF: std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (shared_ptr_base.h:149)
==29944==    by 0x4E81A48: std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() (shared_ptr_base.h:666)
==29944==    by 0x4E85D79: std::__shared_ptr<mir::graphics::Display, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (shared_ptr_base.h:914

Alexandros Frantzis (afrantzis) on 2014-10-06

Changed in mir:
assignee:	nobody → Alexandros Frantzis (afrantzis)

Alexandros Frantzis (afrantzis) on 2014-10-06

Changed in mir:
status:	New → In Progress

Revision history for this message

Alexandros Frantzis (afrantzis) wrote on 2014-10-06:

This is an issue with our Mir Mesa EGL platform. I have a fix which I am working on pushing to our Mesa package.

Revision history for this message

Alexandros Frantzis (afrantzis) wrote on 2014-10-06:

> This is an issue with our Mir Mesa EGL platform. I have a fix which I am working on pushing to our Mesa package.

To be more precise, we need to update the Mir EGL platform to adapt to a change in the latest Mesa version.

Daniel van Vugt (vanvugt) on 2014-10-07

summary:

- Nested Mir server crashes on exit ("corrupted double-linked list")
+ Nested Mir server crashes on exit ("corrupted double-linked list") since
+ Mesa 10.3

Daniel van Vugt (vanvugt) on 2014-10-07

Changed in mesa (Ubuntu):
assignee:	nobody → Alexandros Frantzis (afrantzis)
importance:	Undecided → High
status:	New → In Progress

Maarten Lankhorst (mlankhorst) on 2014-10-07

Changed in mesa (Ubuntu):
milestone:	none → ubuntu-14.10

Revision history for this message

Alexandros Frantzis (afrantzis) wrote on 2014-10-07:

mesa-10.3-egl-platform-update.debdiff Edit (10.1 KiB, text/plain)

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2014-10-07:

The attachment "mesa-10.3-egl-platform-update.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags:

added: patch

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-10-07:

This bug was fixed in the package mesa - 10.3.0-0ubuntu3

---------------
mesa (10.3.0-0ubuntu3) utopic; urgency=medium

  [ Andreas Pokorny ]
  * debian/patches/egl-platform-mir.patch:
    - Add support for get_image_buffers and KHR_image_pixmap.

  [ Alexandros Frantzis ]
  * debian/patches/egl-platform-mir.patch:
    - Update for Mesa 10.3 (LP: #1377853).
-- Alexandros Frantzis <email address hidden> Tue, 07 Oct 2014 13:06:26 +0300