dccsillag
commented
3 years ago Update: I've just witnessed this cause a "corrupted double-linked list" error. But about 90% still yield a segfault.
Closed dccsillag closed 3 years ago
dccsillag
commented
3 years ago Update: I've just witnessed this cause a "corrupted double-linked list" error. But about 90% still yield a segfault.
dccsillag
commented
3 years ago Valgrind output on debug build:
==1044492== Memcheck, a memory error detector
==1044492== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1044492== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==1044492== Command: .build_debug/src/picom --experimental-backends
==1044492==
[ 29/07/2021 09:28:04.935 get_cfg WARN ] Rounded corner is only supported on legacy backends, it will be disabled
==1044492== Invalid read of size 8
==1044492== at 0x161F62: gl_release_image (gl_common.c:1094)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492== Address 0x13b026d0 is 0 bytes inside a block of size 48 free'd
==1044492== at 0x484118B: free (vg_replace_malloc.c:755)
==1044492== by 0x161FD2: gl_release_image (gl_common.c:1100)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492== Block was alloc'd at
==1044492== at 0x48435FF: calloc (vg_replace_malloc.c:1117)
==1044492== by 0x1555E5: default_clone_image (backend_common.c:431)
==1044492== by 0x12119C: win_process_update_flags (win.c:493)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492==
==1044492== Invalid read of size 4
==1044492== at 0x161F6D: gl_release_image (gl_common.c:1095)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492== Address 0x13ebbde0 is 0 bytes inside a block of size 40 free'd
==1044492== at 0x484118B: free (vg_replace_malloc.c:755)
==1044492== by 0x161F2E: gl_release_image_inner (gl_common.c:1088)
==1044492== by 0x161FC6: gl_release_image (gl_common.c:1098)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492== Block was alloc'd at
==1044492== at 0x48435FF: calloc (vg_replace_malloc.c:1117)
==1044492== by 0x166A0D: glx_bind_pixmap (glx.c:393)
==1044492== by 0x12086B: win_bind_pixmap (win.c:330)
==1044492== by 0x121433: win_process_image_flags (win.c:561)
==1044492== by 0x11AEA3: refresh_images (picom.c:1516)
==1044492== by 0x11B151: handle_pending_updates (picom.c:1575)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B46D: draw_callback_impl (picom.c:1637)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492==
==1044492== Invalid write of size 4
==1044492== at 0x161F76: gl_release_image (gl_common.c:1095)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492== Address 0x13ebbde0 is 0 bytes inside a block of size 40 free'd
==1044492== at 0x484118B: free (vg_replace_malloc.c:755)
==1044492== by 0x161F2E: gl_release_image_inner (gl_common.c:1088)
==1044492== by 0x161FC6: gl_release_image (gl_common.c:1098)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492== Block was alloc'd at
==1044492== at 0x48435FF: calloc (vg_replace_malloc.c:1117)
==1044492== by 0x166A0D: glx_bind_pixmap (glx.c:393)
==1044492== by 0x12086B: win_bind_pixmap (win.c:330)
==1044492== by 0x121433: win_process_image_flags (win.c:561)
==1044492== by 0x11AEA3: refresh_images (picom.c:1516)
==1044492== by 0x11B151: handle_pending_updates (picom.c:1575)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B46D: draw_callback_impl (picom.c:1637)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492==
==1044492== Invalid read of size 4
==1044492== at 0x161F7C: gl_release_image (gl_common.c:1096)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492== Address 0x13ebbde0 is 0 bytes inside a block of size 40 free'd
==1044492== at 0x484118B: free (vg_replace_malloc.c:755)
==1044492== by 0x161F2E: gl_release_image_inner (gl_common.c:1088)
==1044492== by 0x161FC6: gl_release_image (gl_common.c:1098)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492== by 0x11EF32: main (picom.c:2672)
==1044492== Block was alloc'd at
==1044492== at 0x48435FF: calloc (vg_replace_malloc.c:1117)
==1044492== by 0x166A0D: glx_bind_pixmap (glx.c:393)
==1044492== by 0x12086B: win_bind_pixmap (win.c:330)
==1044492== by 0x121433: win_process_image_flags (win.c:561)
==1044492== by 0x11AEA3: refresh_images (picom.c:1516)
==1044492== by 0x11B151: handle_pending_updates (picom.c:1575)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B46D: draw_callback_impl (picom.c:1637)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x11EC21: session_run (picom.c:2570)
==1044492==
picom: ../src/backend/gl/gl_common.c:1096: gl_release_image: Assertion `inner->refcount >= 0' failed.
==1044492==
==1044492== Process terminating with default action of signal 6 (SIGABRT): dumping core
==1044492== at 0x4E0AD22: raise (in /usr/lib/libc-2.33.so)
==1044492== by 0x4DF4861: abort (in /usr/lib/libc-2.33.so)
==1044492== by 0x4DF4746: __assert_fail_base.cold (in /usr/lib/libc-2.33.so)
==1044492== by 0x4E03615: __assert_fail (in /usr/lib/libc-2.33.so)
==1044492== by 0x161FA9: gl_release_image (gl_common.c:1096)
==1044492== by 0x121153: win_process_update_flags (win.c:490)
==1044492== by 0x11AE25: refresh_windows (picom.c:1510)
==1044492== by 0x11B0CA: handle_pending_updates (picom.c:1563)
==1044492== by 0x11B276: draw_callback_impl (picom.c:1590)
==1044492== by 0x11B758: draw_callback (picom.c:1691)
==1044492== by 0x49C9032: ev_invoke_pending (in /usr/lib/libev.so.4.0.0)
==1044492== by 0x49CC901: ev_run (in /usr/lib/libev.so.4.0.0)
==1044492==
==1044492== HEAP SUMMARY:
==1044492== in use at exit: 8,115,115 bytes in 47,561 blocks
==1044492== total heap usage: 112,037 allocs, 64,476 frees, 47,125,514 bytes allocated
==1044492==
==1044492== LEAK SUMMARY:
==1044492== definitely lost: 0 bytes in 0 blocks
==1044492== indirectly lost: 0 bytes in 0 blocks
==1044492== possibly lost: 6,823,203 bytes in 42,378 blocks
==1044492== still reachable: 1,290,180 bytes in 5,181 blocks
==1044492== suppressed: 1,732 bytes in 2 blocks
==1044492== Rerun with --leak-check=full to see details of leaked memory
==1044492==
==1044492== For lists of detected and suppressed errors, rerun with: -s
==1044492== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 4 from 3)
zsh: abort (core dumped) valgrind .build_debug/src/picom --experimental-backendsIt looks like the cause is an extra call to ops->release_image.
dccsillag
commented
3 years ago Solved.
Steps to reproduce:
Full) sublayout. B is shown, A is hidden.I've also seen one instance where this raised a 'corrupted size vs. prev_size' error instead of a segfault, but haven't been able to reproduce it since.
Also, I've checked and this doesn't happen in upstream. In fact, disabling animations solves this.