Bug 252666

Summary: x11/alacritty crashes on exit with wayland on CURRENT
Product: Ports & Packages Reporter: shamaz.mazum
Component: Individual Port(s)Assignee: Mikael Urankar <mikael>
Status: Closed Overcome By Events    
Severity: Affects Only Me CC: 2khramtsov, jbeich, mikael
Priority: --- Flags: linimon: maintainer-feedback? (mikael)
Version: Latest   
Hardware: Any   
OS: Any   

Description shamaz.mazum 2021-01-14 11:29:26 UTC 
Hello. I am on commit f2b794e1e90c1163e21d69dbc63101df8276eaa6. All userland is built for version 1300133. I use sway and alacritty. When I exit alacritty, it crashes. Dumps are always different, but memory is always corrupted with 5a pattern. Any ideas?

vasily@vonbraun:~ % lldb
(lldb) target create /usr/local/bin/alacritty  --core alacritty.core
Core file '/home/vasily/alacritty.core' (x86_64) was loaded.

(lldb) bt
* thread #1, name = 'smithay-clipboard', stop reason = signal SIGBUS
  * frame #0: 0x0000000801d00d4b libwayland-client.so`wl_list_insert(list=0x5a5a5a5a5a5a5a5a, elm=0x00000\
0080f184d38) at wayland-util.c:47:20
    frame #1: 0x0000000801cfc7de libwayland-client.so`queue_event(display=0x0000000802041000, len=180) at\
 wayland-client.c:1406:2
    frame #2: 0x0000000801cfb7bb libwayland-client.so`read_events(display=0x0000000802041000) at wayland-\
client.c:1484:11
    frame #3: 0x0000000801cfb663 libwayland-client.so`wl_display_read_events(display=0x0000000802041000) \
at wayland-client.c:1567:8
    frame #4: 0x0000000801cfb56c libwayland-client.so`wl_display_dispatch_queue(display=0x000000080204100\
0, queue=0x0000000810e00020) at wayland-client.c:1806:6
    frame #5: 0x0000000801cfb1f0 libwayland-client.so`wl_display_roundtrip_queue(display=0x00000008020410\
00, queue=0x0000000810e00020) at wayland-client.c:1251:9
    frame #6: 0x00000000014223db alacritty`___lldb_unnamed_symbol3551$$alacritty + 22187
    frame #7: 0x00000000014063a3 alacritty`___lldb_unnamed_symbol3417$$alacritty + 35
    frame #8: 0x00000000014006ee alacritty`___lldb_unnamed_symbol3370$$alacritty + 206
    frame #9: 0x0000000001454c1d alacritty`___lldb_unnamed_symbol3879$$alacritty + 45
    frame #10: 0x0000000801b4e77b libthr.so.3`thread_start(curthread=0x000000080f4b4100) at thr_create.c:\
292:16
(lldb) frame select 1
frame #1: 0x0000000801cfc7de libwayland-client.so`queue_event(display=0x0000000802041000, len=180) at way\
land-client.c:1406:2
   1403         else
   1404                 queue = proxy->queue;
   1405
-> 1406         wl_list_insert(queue->event_list.prev, &closure->link);
   1407
   1408         return size;
   1409 }
(lldb) p *queue
(wl_event_queue) $0 = {
  event_list = {
    prev = 0x5a5a5a5a5a5a5a5a
    next = 0x5a5a5a5a5a5a5a5a
  }
  display = 0x5a5a5a5a5a5a5a5a
}
(lldb)

Software versions:
alacritty: 0.7.1
wayland: 1.18.0_4
sway: 1.5.1_1
wlroots: 0.12.0
Comment 1 Jan Beich freebsd_committer freebsd_triage 2021-01-14 21:23:50 UTC 
Can you reproduce with MALLOC_CONF=junk:false per malloc(3) or WITH_MALLOC_PRODUCTION=yes per src.conf(5)? 0x5a is a value assigned to deallocated memory likely to catch use-after-free.

Bisecting led to alacritty v0.5.0 (since ports r543906) via https://github.com/alacritty/alacritty/commit/04f0bcaf54ed.
Comment 2 shamaz.mazum 2021-01-15 05:12:57 UTC 
Yes, with MALLOC_CONF=junk:false all is OK. Should I report it to alacritty developers then?
Comment 3 Jan Beich freebsd_committer freebsd_triage 2021-01-15 07:28:47 UTC 
(In reply to shamaz.mazum from comment #2)
> Should I report it to alacritty developers then?

Yep as upstream may provide additional ideas. However, if it's not reproducible on Linux you'd need to debug further. There're many differences to account:
- FreeBSD -CURRENT enables debugging (like junk:true) by default
- jemalloc maybe more unforgiving to use-after-free than glibc malloc
- epoll-shim (as used by libwayland) may behave slightly different than native epoll
- Tests from wayland-rs (wayland-client crate) fail to build on FreeBSD
- Other wayland-rs consumers like ion-shell or veloren don't crash
Comment 4 Mikael Urankar freebsd_committer freebsd_triage 2021-01-17 14:41:55 UTC 
Can you test the patch at https://github.com/Smithay/smithay-clipboard/issues/32 ?
(taken from https://github.com/alacritty/alacritty/issues/4702)
Comment 5 shamaz.mazum 2021-01-18 05:58:39 UTC 
comment #4, no this does not help. Must be unrelated problem.
Comment 6 Jan Beich freebsd_committer freebsd_triage 2021-02-20 00:52:49 UTC 
Can you reproduce after 0.7.2 aka ports r566130?
Comment 7 Jan Beich freebsd_committer freebsd_triage 2021-02-20 00:54:23 UTC 
Nevermind, "env MALLOC_CONF=junk:true alacritty" still crashes here.
Comment 8 Jan Beich freebsd_committer freebsd_triage 2021-02-20 00:55:42 UTC 
> ports r566130

Typo: should be ports r566128
Comment 9 Ghost 2021-03-05 15:01:12 UTC 
(In reply to Jan Beich from comment #8)
I can't reproduce this, but I have a different environment (poudriere log with my make.conf can be seen in 254009).