Bug 102474

Summary: segfault in zwp_pointer_constraints_v1_lock_pointer
Product: Wayland Reporter: Sebastien Bacher <seb128>
Component: XWaylandAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Sebastien Bacher 2017-08-30 11:30:41 UTC 
The ubutnu maintainer recently backported the upstream commits for pointer confinement and keyboard grabbing and since GNOME/wayland segfault when kvm is used

"Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
0x00000092f4790b6e in zwp_pointer_constraints_v1_lock_pointer (lifetime=2, region=0x0, pointer=<optimized out>, surface=<optimized out>, zwp_pointer_constraints_v1=0x92f72d8060)
    at ./pointer-constraints-unstable-v1-client-protocol.h:347
347	./pointer-constraints-unstable-v1-client-protocol.h: Aucun fichier ou dossier de ce type.
#0  0x00000092f4790b6e in zwp_pointer_constraints_v1_lock_pointer (lifetime=2, region=0x0, pointer=<optimized out>, surface=<optimized out>, 
    zwp_pointer_constraints_v1=0x92f72d8060) at ./pointer-constraints-unstable-v1-client-protocol.h:347
#1  xwl_pointer_warp_emulator_lock (warp_emulator=0x92f7951ab0) at ../../../../../hw/xwayland/xwayland-input.c:2590
#2  0x00000092f47930f8 in xwl_seat_maybe_lock_on_hidden_cursor (xwl_seat=xwl_seat@entry=0x92f72d7dd0) at ../../../../../hw/xwayland/xwayland-input.c:2762
#3  0x00000092f4794660 in xwl_seat_maybe_lock_on_hidden_cursor (xwl_seat=0x92f72d7dd0) at ../../../../../hw/xwayland/xwayland-input.c:2823
#4  xwl_seat_confine_pointer (xwl_seat=0x92f72d7dd0, xwl_window=0x92f7464630) at ../../../../../hw/xwayland/xwayland-input.c:2814
#5  0x00000092f48d60cf in ActivatePointerGrab (mouse=0x92f724e890, grab=0x92f797b910, time=..., autoGrab=<optimized out>) at ../../../../dix/events.c:1531
#6  0x00000092f48d0db4 in GrabDevice (client=client@entry=0x92f769b470, dev=dev@entry=0x92f724e890, pointer_mode=1, keyboard_mode=1, grabWindow=<optimized out>, 
    ownerEvents=<optimized out>, ctime=0, mask=0x7ffcba605420, grabtype=1, curs=0, confineToWin=31457299, status=0x7ffcba60541f "") at ../../../../dix/events.c:5120
#7  0x00000092f48d3a1a in ProcGrabPointer (client=0x92f769b470) at ../../../../dix/events.c:4908
#8  0x00000092f48c5e58 in Dispatch () at ../../../../dix/dispatch.c:479
#9  0x00000092f48c9e80 in dix_main (argc=10, argv=0x7ffcba605628, envp=<optimized out>) at ../../../../dix/main.c:287
#10 0x00007f6be880b421 in __libc_start_main (main=0x92f478ec50 <main>, argc=10, argv=0x7ffcba605628, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7ffcba605618) at ../csu/libc-start.c:291
#11 0x00000092f478ec8a in _start ()"
Comment 1 Olivier Fourdan 2017-08-30 12:47:11 UTC 
There've been several fixes in all those trees upstream.

Can you try with upstream code instead (for both mutter, gnome-shell, Xwayland) so we can rule out a problem with the Ubuntu backport?

Does it occur only in kvm? What about real hardware?
Comment 2 Sebastien Bacher 2017-08-30 13:38:01 UTC 
> There've been several fixes in all those trees upstream.

> Can you try with upstream code instead (for both mutter, gnome-shell, Xwayland) > so we can rule out a problem with the Ubuntu backport?

I can try having a go, is there specific branches to try? or just GNOME trunk (3.25) ones?

> Does it occur only in kvm? What about real hardware?

sorry if the description was not clear, that's using GNOME on a laptop not in kvm, it's start kvm in the session to do tested on a daily iso which takes xwayland down
Comment 3 Olivier Fourdan 2017-08-30 14:55:36 UTC 
I can reproduce a similar crash using qemu-kvm with SDL backend and alt-tabbing between the qemu window and some ohter native window in gnome-shell:

Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
0x000000000042b77e in zwp_pointer_constraints_v1_lock_pointer (lifetime=2, region=0x0, pointer=<optimized out>, surface=<optimized out>, 
    zwp_pointer_constraints_v1=0x1ef37d0) at pointer-constraints-unstable-v1-client-protocol.h:347
347		id = wl_proxy_marshal_constructor((struct wl_proxy *) zwp_pointer_constraints_v1,
(gdb) bt
#0  0x000000000042b77e in zwp_pointer_constraints_v1_lock_pointer (lifetime=2, region=0x0, pointer=<optimized out>, surface=<optimized out>, 
    zwp_pointer_constraints_v1=0x1ef37d0) at pointer-constraints-unstable-v1-client-protocol.h:347
#1  xwl_pointer_warp_emulator_lock (warp_emulator=0x2c26db0) at xwayland-input.c:2584
#2  0x000000000042d998 in xwl_seat_maybe_lock_on_hidden_cursor (xwl_seat=xwl_seat@entry=0x29142f0) at xwayland-input.c:2756
#3  0x000000000042ef15 in xwl_seat_maybe_lock_on_hidden_cursor (xwl_seat=0x29142f0) at xwayland-input.c:2765
#4  xwl_seat_cursor_visibility_changed (xwl_seat=xwl_seat@entry=0x29142f0) at xwayland-input.c:2768
#5  0x000000000042fa68 in xwl_set_cursor (device=<optimized out>, screen=<optimized out>, cursor=<optimized out>, x=<optimized out>, y=<optimized out>)
    at xwayland-cursor.c:245
#6  0x00000000004c4b8a in miPointerUpdateSprite (pDev=0x28e6fa0) at mipointer.c:468
#7  0x00000000004c4dda in miPointerDisplayCursor (pDev=0x28e6fa0, pScreen=0x1ee6740, pCursor=0x2b988a0) at mipointer.c:206
#8  0x00000000004b2250 in CursorDisplayCursor (pDev=0x28e6fa0, pScreen=0x1ee6740, pCursor=0x2b988a0) at cursor.c:150
#9  0x000000000052e44f in AnimCurDisplayCursor (pDev=0x28e6fa0, pScreen=0x1ee6740, pCursor=0x2b988a0) at animcur.c:220
#10 0x000000000044cc4b in ChangeToCursor (pDev=0x28e6fa0, cursor=0x2b988a0) at events.c:936
#11 0x0000000000453d3e in ActivatePointerGrab (mouse=0x28e6fa0, grab=0x2d1d7f0, time=..., autoGrab=<optimized out>) at events.c:1542
#12 0x000000000044ecd1 in GrabDevice (client=client@entry=0x2ae5720, dev=dev@entry=0x28e6fa0, pointer_mode=1, keyboard_mode=1, grabWindow=<optimized out>, 
    ownerEvents=<optimized out>, ctime=0, mask=0x7ffce3a623f0, grabtype=1, curs=0, confineToWin=4194314, status=0x7ffce3a623ef "") at events.c:5120
#13 0x000000000045180a in ProcGrabPointer (client=0x2ae5720) at events.c:4908
#14 0x0000000000443ffa in Dispatch () at dispatch.c:478
#15 0x0000000000447f08 in dix_main (argc=10, argv=0x7ffce3a625e8, envp=<optimized out>) at main.c:276
#16 0x00007efc0168250a in __libc_start_main () from /lib64/libc.so.6
#17 0x000000000042979a in _start ()
Comment 4 Olivier Fourdan 2017-08-30 15:02:41 UTC 
(gdb) f 1
#1  xwl_pointer_warp_emulator_lock (warp_emulator=0x2c26db0) at xwayland-input.c:2584
2584	        zwp_pointer_constraints_v1_lock_pointer(pointer_constraints,
(gdb) list
2579	    struct xwl_window *lock_window = xwl_seat->focus_window;
2580	
2581	    warp_emulator->locked_window = lock_window;
2582	
2583	    warp_emulator->locked_pointer =
2584	        zwp_pointer_constraints_v1_lock_pointer(pointer_constraints,
2585	                                                lock_window->surface,
2586	                                                xwl_seat->wl_pointer,
2587	                                                NULL,
2588	                                                ZWP_POINTER_CONSTRAINTS_V1_LIFETIME_PERSISTENT);
(gdb) p *xwl_seat
value has been optimized out
(gdb) p *lock_window
Cannot access memory at address 0x0
Comment 5 Olivier Fourdan 2017-08-31 08:24:53 UTC 
Possible fix here:

https://patchwork.freedesktop.org/patch/174476/
Comment 6 Sebastien Bacher 2017-08-31 23:04:01 UTC 
the patch seems to fix the segfault indeed
Comment 7 Olivier Fourdan 2017-09-05 07:55:03 UTC 
Patch has bee pushed in git master, commit cdd0352b

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.