weston-desktop-shell crashed with SIGSEGV in ffi_call_unix64()

This is an upstream report of weston crash, which occures the first time with
package weston 1.0.3 in Ubuntu 13.04 development branch. During time launchpad has counted 4 who are affected by stacktrace identification.

The original report can be found at:

https://bugs.launchpad.net/ubuntu/+source/weston/+bug/1098064

A stactrace will be attached here. Much more files can be found on the downstream report.

Unfortunally I am by myself not able to hit the crash on any version, so a
stacktrace from myself is not available(I only bring this upstream).

Also no one of the affected people is able to give a valid reproducing
procedure.

The header of

https://bugs.launchpad.net/ubuntu/+source/weston/+bug/1098064

will be copied here and the available stacktrace will be attached.

If there is need to test any further please contact the 4 affected people
automatically by simple commenting on the launchpad report.

Thanks

---------------------------------------------(header of launchpad bug):

No idea when it happened. The weston window was behaving normal all the time

ProblemType: Crash
DistroRelease: Ubuntu 13.04
Package: weston 1.0.3-0ubuntu1
ProcVersionSignature: Ubuntu 3.7.0-7.15-generic 3.7.0
Uname: Linux 3.7.0-7-generic x86_64
.tmp.unity.support.test.0:

ApportVersion: 2.8-0ubuntu1
Architecture: amd64
CompizPlugins: [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,unitymtgrabhandles,workarounds,scale,expo,ezoom,unityshell]
CompositorRunning: compiz
Date: Thu Jan 10 13:40:32 2013
Disassembly: => 0x0: Cannot access memory at address 0x0
DistUpgraded: 2012-11-25 13:52:25,604 DEBUG enabling apt cron job
DistroCodename: raring
DistroVariant: ubuntu
DkmsStatus:
 virtualbox, 4.1.22, 3.7.0-6-generic, x86_64: installed
 virtualbox, 4.1.22, 3.7.0-7-generic, x86_64: installed
EcryptfsInUse: Yes
ExecutablePath: /usr/lib/weston/weston-desktop-shell
GraphicsCard:
 Advanced Micro Devices [AMD] nee ATI Wrestler [Radeon HD 6310] [1002:9802] (prog-if 00 [VGA controller])
   Subsystem: Sony Corporation Device [104d:9082]
InstallationDate: Installed on 2012-11-25 (46 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha amd64 (20120627)
MachineType: Sony Corporation VPCYB16KG
MarkForUpload: True
ProcCmdline: /usr/lib/weston/weston-desktop-shell
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.7.0-7-generic root=UUID=c5e8db97-be79-41c7-a2d8-be5fa7b409a8 ro quiet splash vt.handoff=7
SegvAnalysis:
 Segfault happened at: 0x0: Cannot access memory at address 0x0
 PC (0x00000000) not located in a known VMA region (needed executable region)!
SegvReason: executing NULL VMA
Signal: 11
SourcePackage: weston
StacktraceTop:
 ?? ()
 ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6
 ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6
 ?? () from /usr/lib/x86_64-linux-gnu/libwayland-client.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libwayland-client.so.0
Title: weston-desktop-shell crashed with SIGSEGV in ffi_call_unix64()
UpgradeStatus: Upgraded to raring on 2012-11-25 (45 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo vboxusers
dmi....

#0 0x0000000000000000 in ?? ()
No symbol table info available.
#1 0x00007f4380a40bb8 in ffi_call_unix64 () at ../src/x86/unix64.S:75
No locals.
#2 0x00007f4380a405c0 in ffi_call (cif=cif@entry=0x89bf40, fn=0x0, rvalue=rvalue@entry=0x7fff24b7757c, avalue=avalue@entry=0x89bf60) at ../src/x86/ffi64.c:492
        classes = {X86_64_INTEGERSI_CLASS, 16711935, 16711935, 16711935}
        stack = 0x7fff24b773b0 "\260\250\200"
        argp = 0x7fff24b77460 ""
        arg_types = <optimized out>
        gprcount = 3
        ssecount = <optimized out>
        ngpr = 1
        nsse = 0
        i = <optimized out>
        avn = <optimized out>
        ret_in_memory = <optimized out>
        reg_args = 0x7fff24b773b0
#3 0x00007f4381c8cdcf in wl_closure_invoke (closure=closure@entry=0x89be90, target=target@entry=0x80f010, func=<optimized out>, data=0x80a8b0) at ../../src/connection.c:908
        result = 0
#4 0x00007f4381c8a644 in dispatch_event (display=0x80a9e0, queue=<optimized out>) at ../../src/wayland-client.c:839
        closure = 0x89be90
        opcode = <optimized out>
        proxy = 0x80f010
        proxy_destroyed = false
#5 dispatch_queue (display=0x80a9e0, queue=0x80aa68, block=block@entry=1) at ../../src/wayland-client.c:893
        len = <optimized out>
        count = 0
        ret = <optimized out>
#6 0x00007f4381c8b282 in wl_display_dispatch (display=<optimized out>) at ../../src/wayland-client.c:979
No locals.
#7 0x000000000040672d in handle_display_data (task=0x80a920, events=<optimized out>) at window.c:3857
        display = 0x80a8b0
        ep = {events = 616003200, data = {ptr = 0x24b7768000007fff, fd = 32767, u32 = 32767, u64 = 2645713598231379967}}
        ret = <optimized out>
#8 0x000000000040b607 in display_run (display=0x80a8b0) at window.c:4168
        task = <optimized out>
        ep = {{events = 1, data = {ptr = 0x80a920, fd = 8431904, u32 = 8431904, u64 = 8431904}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x10000000, fd = 268435456, u32 = 268435456, u64 = 268435456}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x100000000, fd = 0, u32 = 0, u64 = 4294967296}}, {events = 32579, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 1, data = {ptr = 0x827c430800000000, fd = 0, u32 = 0, u64 = 9402463823681552384}}, {events = 32579, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 616003160, data = {ptr = 0x80e654a800007fff, fd = 32767, u32 = 32767, u64 = 9288204362029498367}}, {events = 32579, data = {ptr = 0x7f43827a1000, fd = -2105929728, u32 = 2189037568, u64 = 139927928573952}}, {events = 0, data = {ptr = 0x827c466000000000, fd = 0, u32 = 0, u64 = 9402467500173557760}}, {events = 32579, data = {ptr = 0x7fff24b77620, fd = 616003104, u32 = 616003104, u64 = 140733809391136}}, {events = 616003072, data = {ptr = 0x1bc6ade300007fff, fd = 32767, u32 = 32767, u64 = 2001478274881978367}}, {events = 0, data = {ptr = 0x100000002, fd = 2, u32 = 2, u64 = 4294967298}}}
        i = <optimized out>
        coun...

Can you try https://bugs.freedesktop.org/attachment.cgi?id=74394 from bug 59001?

Two weeks, no reply, closing bug now. I just committed

commit 2fc248dc2c877d02694db40aad52180d71373d5a
Author: Jason Ekstrand <email address hidden>
Date: Tue Feb 26 11:30:51 2013 -0500

    Clean up and refactor wl_closure and associated functions

which should fix these alignment problems. If the problem persists, please reopen.

Sorry Kristion, but as I wrote I am myself not affected by this. I have only broght this up to you.

Anyway on

https://bugs.launchpad.net/ubuntu/+source/weston/+bug/1098064

the affected users where informed on your testing request, but do not have react.

We will see if the fix fits for them in futhur.

(In reply to comment #4)
> Sorry Kristion, but as I wrote I am myself not affected by this. I have only
> broght this up to you.
>
> Anyway on
>
> https://bugs.launchpad.net/ubuntu/+source/weston/+bug/1098064
>
> the affected users where informed on your testing request, but do not have
> react.
>
> We will see if the fix fits for them in futhur.

Ah thanks. That bug was closed as CONFIRMED, so I'll take that as VERIFIED.

I guess this is a misunderstood.

We have a case of babylonian language obfuscation.

CONFIRMED on launchpad just means that different users(2 or more) have observed the same crasher/issue. Not more.

This right the stage after NEW and has no association to any testing request like patches.

(In reply to comment #6)
> I guess this is a misunderstood.
>
> We have a case of babylonian language obfuscation.
>
> CONFIRMED on launchpad just means that different users(2 or more) have
> observed the same crasher/issue. Not more.
>
> This right the stage after NEW and has no association to any testing request
> like patches.

Ok, I'll put this back into RESOLVED then. As before, if the bug isn't fixed, please reopen this bug, thanks.

I've experienced this bug in Weston 1.0.5 too.

Can you try again with this patch applied? http://lists.freedesktop.org/archives/wayland-devel/2013-March/007830.html

I am not familiar with applying patches and compiling stuff.

Also, while this bug does seem to occur quite frequently, I am not exactly sure how to reproduce it.

(In reply to comment #8)
> I've experienced this bug in Weston 1.0.5 too.

Or try the 1.0.6 release or git master, thanks.

Hope to see 1.0.6 in Ubuntu repository soon, so I can try it.

OK, putting this back into FIXED, no response for a while.

Created attachment 95383
Stacktrace

I think I just experienced this bug on Ubuntu 14.04 with Weston 1.3.0. The attached stacktrace was generated from a crash dump (https://www.linuxlounge.net/~martin/tmp/_usr_bin_weston.1000.crash [8.5M]). I was watching a video via mpv, when the machine suddenly rebooted.

Software-Versions are:
- weston 1.3.0-1ubuntu1
- libwayland-server0 1.4.0-1
- libffi6 3.0.13-12
- linux-image-generic 3.13.0-16-generic

Observed same issue with wayland 1.5.0, libffi6 3.0.13
call trace shows segmentation fault during call
wl_closure_invoke -> ffi_call.

Most possibly seems to be because of stack corruption. Can't post call trace current, will post in some time.

Wayland 1.5.0 support version 2 for wl_output proxy, which requires wl_output_listener methods (geometry, mode, done and scale )

whereas wayland 1.0.3 support version 1 for wl_output proxy, which requires wl_output_listener methods (geometry, mode).

Wayland client was developed on wayland 1.0.3 hence wl_output_listener had only 2 methods (geometry, mode) and (done, scale) were NULL, causing segmentation fault when wayland server tried to call those callbacks.