102474 – segfault in zwp_pointer_constraints_v1_lock_pointer

Bug 102474 - segfault in zwp_pointer_constraints_v1_lock_pointer

Summary: segfault in zwp_pointer_constraints_v1_lock_pointer

Status:	RESOLVED FIXED

Alias:	None

Product:	Wayland
Classification:	Unclassified
Component:	XWayland (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	Wayland bug list
QA Contact:	Xorg Project Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-30 11:30 UTC by Sebastien Bacher
Modified:	2017-09-05 07:55 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastien Bacher 2017-08-30 11:30:41 UTC

The ubutnu maintainer recently backported the upstream commits for pointer confinement and keyboard grabbing and since GNOME/wayland segfault when kvm is used

"Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
0x00000092f4790b6e in zwp_pointer_constraints_v1_lock_pointer (lifetime=2, region=0x0, pointer=<optimized out>, surface=<optimized out>, zwp_pointer_constraints_v1=0x92f72d8060)
    at ./pointer-constraints-unstable-v1-client-protocol.h:347
347	./pointer-constraints-unstable-v1-client-protocol.h: Aucun fichier ou dossier de ce type.
#0  0x00000092f4790b6e in zwp_pointer_constraints_v1_lock_pointer (lifetime=2, region=0x0, pointer=<optimized out>, surface=<optimized out>, 
    zwp_pointer_constraints_v1=0x92f72d8060) at ./pointer-constraints-unstable-v1-client-protocol.h:347
#1  xwl_pointer_warp_emulator_lock (warp_emulator=0x92f7951ab0) at ../../../../../hw/xwayland/xwayland-input.c:2590
#2  0x00000092f47930f8 in xwl_seat_maybe_lock_on_hidden_cursor (xwl_seat=xwl_seat@entry=0x92f72d7dd0) at ../../../../../hw/xwayland/xwayland-input.c:2762
#3  0x00000092f4794660 in xwl_seat_maybe_lock_on_hidden_cursor (xwl_seat=0x92f72d7dd0) at ../../../../../hw/xwayland/xwayland-input.c:2823
#4  xwl_seat_confine_pointer (xwl_seat=0x92f72d7dd0, xwl_window=0x92f7464630) at ../../../../../hw/xwayland/xwayland-input.c:2814
#5  0x00000092f48d60cf in ActivatePointerGrab (mouse=0x92f724e890, grab=0x92f797b910, time=..., autoGrab=<optimized out>) at ../../../../dix/events.c:1531
#6  0x00000092f48d0db4 in GrabDevice (client=client@entry=0x92f769b470, dev=dev@entry=0x92f724e890, pointer_mode=1, keyboard_mode=1, grabWindow=<optimized out>, 
    ownerEvents=<optimized out>, ctime=0, mask=0x7ffcba605420, grabtype=1, curs=0, confineToWin=31457299, status=0x7ffcba60541f "") at ../../../../dix/events.c:5120
#7  0x00000092f48d3a1a in ProcGrabPointer (client=0x92f769b470) at ../../../../dix/events.c:4908
#8  0x00000092f48c5e58 in Dispatch () at ../../../../dix/dispatch.c:479
#9  0x00000092f48c9e80 in dix_main (argc=10, argv=0x7ffcba605628, envp=<optimized out>) at ../../../../dix/main.c:287
#10 0x00007f6be880b421 in __libc_start_main (main=0x92f478ec50 <main>, argc=10, argv=0x7ffcba605628, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7ffcba605618) at ../csu/libc-start.c:291
#11 0x00000092f478ec8a in _start ()"

Comment 1 Olivier Fourdan 2017-08-30 12:47:11 UTC

There've been several fixes in all those trees upstream.

Can you try with upstream code instead (for both mutter, gnome-shell, Xwayland) so we can rule out a problem with the Ubuntu backport?

Does it occur only in kvm? What about real hardware?

Comment 2 Sebastien Bacher 2017-08-30 13:38:01 UTC

> There've been several fixes in all those trees upstream.

> Can you try with upstream code instead (for both mutter, gnome-shell, Xwayland) > so we can rule out a problem with the Ubuntu backport?

I can try having a go, is there specific branches to try? or just GNOME trunk (3.25) ones?

> Does it occur only in kvm? What about real hardware?

sorry if the description was not clear, that's using GNOME on a laptop not in kvm, it's start kvm in the session to do tested on a daily iso which takes xwayland down

Comment 3 Olivier Fourdan 2017-08-30 14:55:36 UTC

I can reproduce a similar crash using qemu-kvm with SDL backend and alt-tabbing between the qemu window and some ohter native window in gnome-shell:

Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
0x000000000042b77e in zwp_pointer_constraints_v1_lock_pointer (lifetime=2, region=0x0, pointer=<optimized out>, surface=<optimized out>, 
    zwp_pointer_constraints_v1=0x1ef37d0) at pointer-constraints-unstable-v1-client-protocol.h:347
347		id = wl_proxy_marshal_constructor((struct wl_proxy *) zwp_pointer_constraints_v1,
(gdb) bt
#0  0x000000000042b77e in zwp_pointer_constraints_v1_lock_pointer (lifetime=2, region=0x0, pointer=<optimized out>, surface=<optimized out>, 
    zwp_pointer_constraints_v1=0x1ef37d0) at pointer-constraints-unstable-v1-client-protocol.h:347
#1  xwl_pointer_warp_emulator_lock (warp_emulator=0x2c26db0) at xwayland-input.c:2584
#2  0x000000000042d998 in xwl_seat_maybe_lock_on_hidden_cursor (xwl_seat=xwl_seat@entry=0x29142f0) at xwayland-input.c:2756
#3  0x000000000042ef15 in xwl_seat_maybe_lock_on_hidden_cursor (xwl_seat=0x29142f0) at xwayland-input.c:2765
#4  xwl_seat_cursor_visibility_changed (xwl_seat=xwl_seat@entry=0x29142f0) at xwayland-input.c:2768
#5  0x000000000042fa68 in xwl_set_cursor (device=<optimized out>, screen=<optimized out>, cursor=<optimized out>, x=<optimized out>, y=<optimized out>)
    at xwayland-cursor.c:245
#6  0x00000000004c4b8a in miPointerUpdateSprite (pDev=0x28e6fa0) at mipointer.c:468
#7  0x00000000004c4dda in miPointerDisplayCursor (pDev=0x28e6fa0, pScreen=0x1ee6740, pCursor=0x2b988a0) at mipointer.c:206
#8  0x00000000004b2250 in CursorDisplayCursor (pDev=0x28e6fa0, pScreen=0x1ee6740, pCursor=0x2b988a0) at cursor.c:150
#9  0x000000000052e44f in AnimCurDisplayCursor (pDev=0x28e6fa0, pScreen=0x1ee6740, pCursor=0x2b988a0) at animcur.c:220
#10 0x000000000044cc4b in ChangeToCursor (pDev=0x28e6fa0, cursor=0x2b988a0) at events.c:936
#11 0x0000000000453d3e in ActivatePointerGrab (mouse=0x28e6fa0, grab=0x2d1d7f0, time=..., autoGrab=<optimized out>) at events.c:1542
#12 0x000000000044ecd1 in GrabDevice (client=client@entry=0x2ae5720, dev=dev@entry=0x28e6fa0, pointer_mode=1, keyboard_mode=1, grabWindow=<optimized out>, 
    ownerEvents=<optimized out>, ctime=0, mask=0x7ffce3a623f0, grabtype=1, curs=0, confineToWin=4194314, status=0x7ffce3a623ef "") at events.c:5120
#13 0x000000000045180a in ProcGrabPointer (client=0x2ae5720) at events.c:4908
#14 0x0000000000443ffa in Dispatch () at dispatch.c:478
#15 0x0000000000447f08 in dix_main (argc=10, argv=0x7ffce3a625e8, envp=<optimized out>) at main.c:276
#16 0x00007efc0168250a in __libc_start_main () from /lib64/libc.so.6
#17 0x000000000042979a in _start ()

Comment 4 Olivier Fourdan 2017-08-30 15:02:41 UTC

(gdb) f 1
#1  xwl_pointer_warp_emulator_lock (warp_emulator=0x2c26db0) at xwayland-input.c:2584
2584	        zwp_pointer_constraints_v1_lock_pointer(pointer_constraints,
(gdb) list
2579	    struct xwl_window *lock_window = xwl_seat->focus_window;
2580	
2581	    warp_emulator->locked_window = lock_window;
2582	
2583	    warp_emulator->locked_pointer =
2584	        zwp_pointer_constraints_v1_lock_pointer(pointer_constraints,
2585	                                                lock_window->surface,
2586	                                                xwl_seat->wl_pointer,
2587	                                                NULL,
2588	                                                ZWP_POINTER_CONSTRAINTS_V1_LIFETIME_PERSISTENT);
(gdb) p *xwl_seat
value has been optimized out
(gdb) p *lock_window
Cannot access memory at address 0x0

Comment 5 Olivier Fourdan 2017-08-31 08:24:53 UTC

Possible fix here:

https://patchwork.freedesktop.org/patch/174476/

Comment 6 Sebastien Bacher 2017-08-31 23:04:01 UTC

the patch seems to fix the segfault indeed

Comment 7 Olivier Fourdan 2017-09-05 07:55:03 UTC

Patch has bee pushed in git master, commit cdd0352b

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct.