Bug 100053 - Xwayland: reproducible crash in 1.19.x
Summary: Xwayland: reproducible crash in 1.19.x
Status: RESOLVED FIXED
Alias: None
Product: Wayland
Classification: Unclassified
Component: XWayland (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Wayland bug list
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-03 16:16 UTC by Olivier Fourdan
Modified: 2017-07-07 07:03 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
valgrind logs (12.56 KB, text/plain)
2017-03-03 16:16 UTC, Olivier Fourdan 		Details
View All

Description Olivier Fourdan 2017-03-03 16:16:36 UTC 
Created attachment 130052 [details]
valgrind logs

Description:

I can reliably crash Xwayaldn when the last X11 client exits.

How reproducible:

Awlays

Steps to reproduce:

1. Run "Xwayland :1" from a Wayland session
2. Start an X11 client
   DISPLAY=:1 xterm
3. Quit the xterm,
4. Repeat

Actual result:

Xwayland crashes either with a segfault or a double-free

Expected result:

No crash

Additional data:

Xwayland handler signature:

(EE) 
(EE) Backtrace:
(EE) 0: /home/ofourdan/local/bin/Xwayland (OsSigHandler+0x29) [0x4762b9]
(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x70515bf]
(EE) 2: /usr/lib64/dri/swrast_dri.so (__driDriverGetExtensions_virtio_gpu+0x30f54d) [0x1009612d]
(EE) 3: /usr/lib64/dri/swrast_dri.so (__driDriverGetExtensions_virtio_gpu+0x30f615) [0x100962b5]
(EE) 4: /usr/lib64/dri/swrast_dri.so (__driDriverGetExtensions_virtio_gpu+0x30d22f) [0x10091aef]
(EE) 5: /home/ofourdan/local/bin/Xwayland (__glXDRIscreenDestroy+0x17) [0x4fba57]
(EE) 6: /home/ofourdan/local/bin/Xwayland (glxCloseScreen+0x36) [0x4fc286]
(EE) 7: /home/ofourdan/local/bin/Xwayland (dix_main+0x4f9) [0x43f5f9]
(EE) 8: /lib64/libc.so.6 (__libc_start_main+0xf1) [0x727e401]
(EE) 9: /home/ofourdan/local/bin/Xwayland (_start+0x2a) [0x4231fa]
(EE) 10: ? (?+0x2a) [0x2a]
(EE) 
(EE) Segmentation fault at address 0x18
(EE) 
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE) 
Aborted (core dumped)


actual backtrace from gdb.

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
#1  0x000000000729551a in __GI_abort () at abort.c:89
#2  0x000000000047923e in OsAbort () at utils.c:1355
#3  0x00000000004740c3 in AbortServer () at log.c:877
#4  0x0000000000474e38 in FatalError (
    f=f@entry=0x598220 "Caught signal %d (%s). Server aborting\n") at log.c:1015
#5  0x000000000047630e in OsSigHandler (signo=11, sip=<optimized out>, unused=<optimized out>)
    at osinit.c:154
#6  <signal handler called>
#7  dri_destroy_screen_helper (screen=screen@entry=0x0) at dri_screen.c:393
#8  0x000000000fd86cb5 in dri_destroy_screen (sPriv=0xea5bdd0) at dri_screen.c:408
#9  0x000000000fd848cf in driDestroyScreen (psp=0xea5bdd0) at dri_util.c:229
#10 0x00000000004fba57 in __glXDRIscreenDestroy (baseScreen=0xe1ebf10) at glxdriswrast.c:430
#11 0x00000000004fc286 in glxCloseScreen (pScreen=0xd3d6c60) at glxscreens.c:164
#12 0x000000000043f5f9 in dix_main (argc=3, argv=0xffefffbe8, envp=<optimized out>) at main.c:336
#13 0x000000000727e401 in __libc_start_main (main=0x4231c0 <main>, argc=3, argv=0xffefffbe8, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0xffefffbd8)
    at ../csu/libc-start.c:289
#14 0x00000000004231fa in _start ()
Comment 1 Olivier Fourdan 2017-07-07 07:03:55 UTC 
Should be fixed with commit 4f29366

https://cgit.freedesktop.org/xorg/xserver/commit/?id=4f29366

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.