Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

input/seatop_default: properly notify pointer leave causing SEGV in wlroots.so #5294

Closed
adee opened this issue May 2, 2020 · 4 comments
Closed

input/seatop_default: properly notify pointer leave causing SEGV in wlroots.so #5294

adee opened this issue May 2, 2020 · 4 comments
Labels
bug Not working as intended input/pointer

Comments

@adee
Copy link
Contributor

adee commented May 2, 2020

kernel: sway[45781]: segfault at 0 ip 00007f7dcb2cabd2 sp 00007ffdd967fa10 error 4 in libwlroots.so.5[7f7dcb2a4000+4f000]`

To reproduce:

  • open GHex
  • set it floating
  • open the rightmost dropdown menu (Help)
  • move the cursor to the left to open the menus there
  • when it reaches the leftmost menu sway crashes

The commit is: 091f580.
This does not generate a coredump. Any ideas how can I make it create one?

CC: @nickdiego
@Xyene
Copy link
Member

Xyene commented May 2, 2020
edited
Loading

Here's a trace from ASan, from the latest master:

Thread 1 "sway" received signal SIGSEGV, Segmentation fault.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==15827==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ffff6e6cf80 bp 0x7fffffffd340 sp 0x7fffffffd310 T0)
==15827==The signal is caused by a READ memory access.
==15827==Hint: address points to the zero page.
    #0 0x7ffff6e6cf7f in xdg_pointer_grab_enter ../types/xdg_shell/wlr_xdg_popup.c:21
    #1 0x7ffff6e4eb8d in wlr_seat_pointer_notify_enter ../types/seat/wlr_seat_pointer.c:335
    #2 0x5555555fd40a in handle_motion ../sway/input/seatop_default.c:463
    #3 0x5555555f9bd4 in seatop_motion ../sway/input/seat.c:1455
    #4 0x5555555dfe80 in pointer_motion ../sway/input/cursor.c:324
    #5 0x5555555e0090 in handle_pointer_motion_relative ../sway/input/cursor.c:332
    #6 0x7ffff6ecee92 in wlr_signal_emit_safe ../util/signal.c:29
    #7 0x7ffff6e8156e in handle_pointer_motion ../types/wlr_cursor.c:355
    #8 0x7ffff6ecee92 in wlr_signal_emit_safe ../util/signal.c:29
    #9 0x7ffff6e2bf40 in relative_pointer_handle_relative_motion ../backend/wayland/seat.c:469
    #10 0x7ffff61bbccc  (/lib/x86_64-linux-gnu/libffi.so.7+0x6ccc)
    #11 0x7ffff61bb259  (/lib/x86_64-linux-gnu/libffi.so.7+0x6259)
    #12 0x7ffff60f51bf  (/lib/x86_64-linux-gnu/libwayland-client.so.0+0x91bf)
    #13 0x7ffff60f1ad7  (/lib/x86_64-linux-gnu/libwayland-client.so.0+0x5ad7)
    #14 0x7ffff60f308b in wl_display_dispatch_queue_pending (/lib/x86_64-linux-gnu/libwayland-client.so.0+0x708b)
    #15 0x7ffff6e21dff in dispatch_events ../backend/wayland/backend.c:46
    #16 0x7ffff6f98401 in wl_event_loop_dispatch (/lib/x86_64-linux-gnu/libwayland-server.so.0+0xb401)
    #17 0x7ffff6f969e4 in wl_display_run (/lib/x86_64-linux-gnu/libwayland-server.so.0+0x99e4)
    #18 0x5555555b5b63 in server_run ../sway/server.c:225
    #19 0x5555555b40aa in main ../sway/main.c:409
    #20 0x7ffff6b6ce0a in __libc_start_main ../csu/libc-start.c:308
    #21 0x555555593539 in _start (/usr/local/bin/sway+0x3f539)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../types/xdg_shell/wlr_xdg_popup.c:21 in xdg_pointer_grab_enter
==15827==ABORTING

Full trace: https://gist.github.com/Xyene/3434cc47c690ab8c80482f7c97e04706

@Xyene Xyene added bug Not working as intended input/pointer labels May 2, 2020
@Xyene Xyene mentioned this issue May 5, 2020
Closed
@tchebb tchebb mentioned this issue May 7, 2020
Closed
@Xyene Xyene mentioned this issue May 10, 2020
Closed
@emersion emersion mentioned this issue May 11, 2020
Closed
@quantum5
Copy link
Contributor

Also hit by this bug:

(gdb) bt full
#0  0x00007f172b19b5d2 in xdg_pointer_grab_enter (grab=0x556470173068, surface=0x0, sx=0, sy=0) at ../types/xdg_shell/wlr_xdg_popup.c:21
        popup_grab = 0x556470173060
#1  0x000055646d7fc8b9 in  ()
#2  0x000055646d7f4eb3 in  ()
#3  0x000055646d7f507d in  ()
#4  0x00007f172b1b9b1c in wlr_signal_emit_safe (signal=0x55646f9ea0c8, data=0x7ffc9f3db160) at ../util/signal.c:29
        pos = 0x55646f9e9f18
        l = 0x55646f9e9f18
        cursor = {link = {prev = 0x55646f9e9f18, next = 0x7ffc9f3db0a0}, notify = 0x7f172b1b9a90 <handle_noop>}
        end = {link = {prev = 0x7ffc9f3db080, next = 0x55646f9ea0c8}, notify = 0x7f172b1b9a90 <handle_noop>}
#5  0x00007f172b1b9b1c in wlr_signal_emit_safe (signal=0x55646fc5b288, data=data@entry=0x7ffc9f3db160) at ../util/signal.c:29
        pos = 0x55647032e390
        l = 0x55647032e390
        cursor = {link = {prev = 0x55647032e390, next = 0x7ffc9f3db110}, notify = 0x7f172b1b9a90 <handle_noop>}
        end = {link = {prev = 0x7ffc9f3db0f0, next = 0x55646fc5b288}, notify = 0x7f172b1b9a90 <handle_noop>}
#6  0x00007f172b183781 in handle_pointer_motion (event=event@entry=0x556472c0ce80, libinput_dev=<optimized out>) at ../backend/libinput/pointer.c:41
        wlr_dev = 0x55646fc58ad0
        pevent = 0x556472c0ce80
        wlr_event = {device = 0x55646fc58ad0, time_msec = 492307673, delta_x = -9.8637968050396143, delta_y = 25.645871693102997, unaccel_dx = -5, unaccel_dy = 13}
#7  0x00007f172b182f51 in handle_libinput_event (backend=backend@entry=0x55646f1f4e60, event=event@entry=0x556472c0ce80) at ../backend/libinput/events.c:240
        libinput_dev = <optimized out>
        event_type = <optimized out>
#8  0x00007f172b18253b in handle_libinput_readable (fd=<optimized out>, mask=<optimized out>, _backend=0x55646f1f4e60) at ../backend/libinput/backend.c:41
        backend = 0x55646f1f4e60
        event = 0x556472c0ce80
#9  0x00007f172b20836a in wl_event_loop_dispatch (loop=0x55646f1e8940, timeout=timeout@entry=-1) at ../src/event-loop.c:1027
        ep = 
              {{events = 1, data = {ptr = 0x55646fda19c0, fd = 1876564416, u32 = 1876564416, u64 = 93889861654976}}, {events = 1, data = {ptr = 0x55646f1f5920, fd = 1864325408, u32 = 1864325408, u64 = 93889849415968}}, {events = 2559595008, data = {ptr = 0x556468ffa224, fd = 1761583652, u32 = 1761583652, u64 = 93889746674212}}, {events = 4, data = {ptr = 0x1c, fd = 28, u32 = 28, u64 = 28}}, {events = 1873424144, data = {ptr = 0x9f3db2a000005564, fd = 21860, u32 = 21860, u64 = 11474523825874425188}}, {events = 32764, data = {ptr = 0x55646faa5f28, fd = 1873436456, u32 = 1873436456, u64 = 93889858527016}}, {events = 1873428248, data = {ptr = 0x9f3db2e000005564, fd = 21860, u32 = 21860, u64 = 11474524100752332132}}, {events = 32764, data = {ptr = 0x7f172b208acd <wl_connection_flush+365>, fd = 723552973, u32 = 723552973, u64 = 139737484528333}}, {events = 28, data = {ptr = 0x9f3db31000000000, fd = 0, u32 = 0, u64 = 11474524306910740480}}, {events = 32764, data = {ptr = 0x7ffc9f3db300, fd = -1623346432, u32 = 2671620864, u64 = 140722980107008}}, {events = 1, data = {ptr = 0x3a80, fd = 14976, u32 = 14976, u64 = 14976}}, {events = 0, data = {ptr = 0x556400000000, fd = 0, u32 = 0, u64 = 93887985090560}}, {events = 2671620832, data = {ptr = 0x100007ffc, fd = 32764, u32 = 32764, u64 = 4295000060}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 1, data = {ptr = 0x55646ffb9790, fd = 1878759312, u32 = 1878759312, u64 = 93889863849872}}, {events = 1873430936, data = {ptr = 0x1c00005564, fd = 21860, u32 = 21860, u64 = 120259106148}}, {events = 0, data = {ptr = 0x55646faa3f18, fd = 1873428248, u32 = 1873428248, u64 = 93889858518808}}, {events = 20, data = {ptr = 0x1400000000, fd = 0, u32 = 0, u64 = 85899345920}}, {events = 0, data = {ptr = 0x100000001, fd = 1, u32 = 1, u64 = 4294967297}}, {events = 124, data = {ptr = 0x55646ffc1d10, fd = 1878793488, u32 = 1878793488, u64 = 93889863884048}}, {events = 1, data = {ptr = 0x55646fc58800, fd = 1875216384, u32 = 1875216384, u64 = 93889860306944}}, {events = 258, data = {ptr = 0x13000000119, fd = 281, u32 = 281, u64 = 1305670058265}}, {events = 327, data = {ptr = 0xf50000015e, fd = 350, u32 = 350, u64 = 1052266987870}}, {events = 267, data = {ptr = 0x1220000010c, fd = 268, u32 = 268, u64 = 1245540516108}}, {events = 291, data = {ptr = 0x13a00000139, fd = 313, u32 = 313, u64 = 1348619731257}}, {events = 336, data = {ptr = 0x16700000151, fd = 337, u32 = 337, u64 = 1541893259601}}, {events = 360, data = {ptr = 0x25e00000247, fd = 583, u32 = 583, u64 = 2602750181959}}, {events = 1837271131, data = {ptr = 0x2affbb8a00005564, fd = 21860, u32 = 21860, u64 = 3098401270034093412}}, {events = 32535, data = {ptr = 0x55646d82885b, fd = 1837271131, u32 = 1837271131, u64 = 93889822361691}}, {events = 2559595008, data = {ptr = 0x7012fb1068ffa224, fd = 1761583652, u32 = 1761583652, u64 = 8075793129728352804}}, {events = 21860, data = {ptr = 0x556472cf4ed0, fd = 1926188752, u32 = 1926188752, u64 = 93889911279312}}}
        source = <optimized out>
        i = <optimized out>
        count = <optimized out>
        has_timers = <optimized out>
#10 0x00007f172b2069ba in wl_display_run (display=0x55646f1e8e00) at ../src/wayland-server.c:1351
#11 0x000055646d7de842 in  ()
#12 0x00007f172af3509b in __libc_start_main (main=
    0x55646d7de320, argc=2, argv=0x7ffc9f3db578, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc9f3db568) at ../csu/libc-start.c:308
        result = <optimized out>
        unwind_buf = 
              {cancel_jmp_buf = {{jmp_buf = {0, -8586657582086508689, 93889822058896, 140722980107632, 0, 0, -2456725605730635921, -2580388253119565969}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffc9f3db590, 0x7f172b86f190}, data = {prev = 0x0, cleanup = 0x0, canceltype = -1623345776}}}
        not_first_call = <optimized out>
#13 0x000055646d7de9ba in  ()

This was referenced May 20, 2020
Closed
Closed
tchebb added a commit to tchebb/sway that referenced this issue May 21, 2020
@tchebb
Use new wlroots API for clearing keyboard/pointer focus during grabs
c3d35b2 
We are not allowed to do what we did in swaywm#5222 and pass a `NULL` surface
wlr_seat_pointer_notify_enter(), and it's causing crashes when an
xdg-shell popup is active (see swaywm#5294 and swaywm/wlroots#2161).

Instead, solve swaywm#5220 using the new wlroots API introduced in
swaywm/wlroots#2217.
@tchebb tchebb mentioned this issue May 21, 2020
Merged
@Xyene Xyene mentioned this issue May 24, 2020
Closed
This was referenced May 26, 2020
Closed
Closed
@FreeFull
Copy link
Contributor

Here's another backtrace from me reproducing the issue with DeaDBeeF's menus, since the other backtraces seem to be missing some info.

(gdb) bt full
#0  xdg_pointer_grab_enter (grab=0x56028059a3b8, surface=0x0, sx=0, sy=0) at ../types/xdg_shell/wlr_xdg_popup.c:21
        popup_grab = 0x56028059a3b0
#1  0x000056027e1192eb in handle_pointer_motion (seat=0x56028007ab10, time_msec=114322545, dx=<optimized out>, dy=<optimized out>) at ../sway/sway/input/seatop_default.c:482
        e = 0x5602800d78c0
        cursor = 0x560280055350
        surface = 0x0
        sx = -33
        sy = 4.6723148411411608e-310
        node = 0x560280598f20
        drag_icon = <optimized out>
#2  0x000056027e110c8e in handle_pointer_motion_relative (listener=<optimized out>, data=<optimized out>) at ../sway/sway/input/cursor.c:335
        cursor = <optimized out>
        e = <optimized out>
#3  0x00007efca411531e in wlr_signal_emit_safe (signal=<optimized out>, data=0x7fff8d6b4fb0) at ../util/signal.c:29
        pos = 0x560280055480
        l = 0x560280055480
        cursor = {link = {prev = 0x560280055480, next = 0x7fff8d6b4ef0}, notify = 0x7efca4115290 <handle_noop>}
        end = {link = {prev = 0x7fff8d6b4ed0, next = 0x56028006c108}, notify = 0x7efca4115290 <handle_noop>}
#4  0x00007efca411531e in wlr_signal_emit_safe (signal=<optimized out>, data=data@entry=0x7fff8d6b4fb0) at ../util/signal.c:29
        pos = 0x5602801a8e20
        l = 0x5602801a8e20
        cursor = {link = {prev = 0x5602801a8e20, next = 0x7fff8d6b4f60}, notify = 0x7efca4115290 <handle_noop>}
        end = {link = {prev = 0x7fff8d6b4f40, next = 0x5602801ec228}, notify = 0x7efca4115290 <handle_noop>}
#5  0x00007efca40da66a in handle_pointer_motion (event=<optimized out>, libinput_dev=<optimized out>) at ../backend/libinput/pointer.c:41
        wlr_dev = 0x56028020ae10
        pevent = 0x5602800e9fe0
        wlr_event = {device = 0x56028020ae10, time_msec = 114322545, delta_x = -6.0617213860809853, delta_y = -10.528252933719607, unaccel_dx = -19, unaccel_dy = -33}
#6  0x00007efca40d93dc in handle_libinput_readable (fd=<optimized out>, mask=<optimized out>, _backend=0x56027f39d110) at ../backend/libinput/backend.c:41
        backend = 0x56027f39d110
        event = 0x5602800e9fe0
#7  0x00007efca4164faa in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#8  0x00007efca41634e7 in wl_display_run () at /usr/lib/libwayland-server.so.0
#9  0x000056027e0f95a0 in main (argc=1, argv=0x7fff8d6b53c8) at ../sway/sway/main.c:409
        verbose = 0
        debug = 0
        validate = 0
        allow_unsupported_gpu = 0
        long_options = 
            {{name = 0x56027e14943b "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x56027e14cca9 "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x56027e149440 "validate", has_arg = 0, flag = 0x0, val = 67}, {name = 0x56027e149449 "debug", has_arg = 0, flag = 0x0, val = 100}, {name = 0x56027e14939f "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x56027e14851d "verbose", has_arg = 0, flag = 0x0, val = 86}, {name = 0x56027e14944f "get-socketpath", has_arg = 0, flag = 0x0, val = 112}, {name = 0x56027e14945e "unsupported-gpu", has_arg = 0, flag = 0x0, val = 117}, {name = 0x56027e14946e "my-next-gpu-wont-be-nvidia", has_arg = 0, flag = 0x0, val = 117}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
        config_path = 0x0
        usage = 0x56027e1497e0 "Usage: sway [options] [command]\n\n  -h, --help", ' ' <repeats 13 times>, "Show help message and quit.\n  -c, --config <config>  Specify a config file.\n  -C, --validate         Check the validity of the config file, th"...
        c = <optimized out>

@Xyene Xyene mentioned this issue Jun 1, 2020
Closed
emersion pushed a commit that referenced this issue Jun 5, 2020
@tchebb @emersion
Use new wlroots API for clearing keyboard/pointer focus during grabs
84ec8f9 
We are not allowed to do what we did in #5222 and pass a `NULL` surface
wlr_seat_pointer_notify_enter(), and it's causing crashes when an
xdg-shell popup is active (see #5294 and swaywm/wlroots#2161).

Instead, solve #5220 using the new wlroots API introduced in
swaywm/wlroots#2217.
@emersion emersion closed this as completed Jun 5, 2020
@emersion
Copy link
Member

emersion commented Jun 5, 2020

Fixed in #5368

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Not working as intended input/pointer
Milestone
No milestone
Development

No branches or pull requests
5 participants
@quantum5 @emersion @adee @Xyene @FreeFull