Segfault when destroying shm buffers in a client
I encountered this while working on a feature for mpv. When the window resizes, I was destroying all the previously allocated shm buffers, but this actually causes Weston to segfault. In the actual PR, I managed to avoid this by attaching NULL to the surface first and then doing a commit which makes sense, but still Weston shouldn't segfault here. I assume this is specific to shm since that code destroys buffers imported with linux-dmabuf and that has never caused any issues. Here's the traceback. Looks like shm_buffer is null which I assume is the problem.
Thread 1 "weston" received signal SIGSEGV, Segmentation fault.
0x00007ffff7ce9234 in wl_shm_buffer_get_stride () from /usr/lib/libwayland-server.so.0
#0 0x00007ffff7ce9234 in wl_shm_buffer_get_stride () at /usr/lib/libwayland-server.so.0
#1 0x00007ffff723dd78 in gl_renderer_attach_shm (es=0x555555ead3b0, buffer=0x555555eab430) at ../libweston/renderer-gl/gl-renderer.c:2317
bpp = 32
ec = 0x5555555699f0
gr = 0x555555588160
gs = 0x5555556eb1e0
gb = 0x20560
shm_buffer = 0x0
old_buffer = 0x0
gl_format = {0, 0, 0}
gl_pixel_type = 32767
shader_variant = SHADER_VARIANT_RGBA
pitch = 21845
offset = {0, 0, 0}
num_planes = 1
i = 5
using_glesv2 = false
yuv = 0x0
__PRETTY_FUNCTION__ = "gl_renderer_attach_shm"
#2 0x00007ffff7240332 in gl_renderer_attach (es=0x555555ead3b0, buffer=0x555555eab430) at ../libweston/renderer-gl/gl-renderer.c:3200
gs = 0x5555556eb1e0
ret = false
__PRETTY_FUNCTION__ = "gl_renderer_attach"
#3 0x00007ffff7240d1a in gl_renderer_create_surface (surface=0x555555ead3b0) at ../libweston/renderer-gl/gl-renderer.c:3445
gs = 0x5555556eb1e0
gr = 0x555555588160
#4 0x00007ffff72380dd in get_surface_state (surface=0x555555ead3b0) at ../libweston/renderer-gl/gl-renderer.c:250
#5 0x00007ffff724028b in gl_renderer_attach (es=0x555555ead3b0, buffer=0x555555eab430) at ../libweston/renderer-gl/gl-renderer.c:3176
gs = 0x0
ret = false
__PRETTY_FUNCTION__ = "gl_renderer_attach"
#6 0x00007ffff7d2b4bc in weston_surface_attach (surface=0x555555ead3b0, state=0x555555ee33e0, status=(WESTON_SURFACE_DIRTY_BUFFER | WESTON_SURFACE_DIRTY_SIZE | WESTON_SURFACE_DIRTY_BUFFER_PARAMS | WESTON_SURFACE_DIRTY_INPUT)) at ../libweston/compositor.c:2843
buffer = 0x555555eab430
old_buffer = 0x0
#7 0x00007ffff7d2e676 in weston_surface_commit_state (surface=0x555555ead3b0, state=0x555555ee33e0) at ../libweston/compositor.c:4222
view = 0x7fffffffdb20
opaque = {
extents = {
x1 = -8816,
y1 = 32767,
x2 = -138291166,
y2 = 32767
},
data = 0x555555ead030
}
status = (WESTON_SURFACE_DIRTY_BUFFER | WESTON_SURFACE_DIRTY_SIZE | WESTON_SURFACE_DIRTY_INPUT)
__PRETTY_FUNCTION__ = "weston_surface_commit_state"
#8 0x00007ffff7d2f322 in weston_subsurface_commit_from_cache (sub=0x555555ee3350) at ../libweston/compositor.c:4597
surface = 0x555555ead3b0
status = (WESTON_SURFACE_DIRTY_BUFFER | WESTON_SURFACE_DIRTY_POS | WESTON_SURFACE_DIRTY_INPUT | unknown: 0x5540)
#9 0x00007ffff7d2f8b4 in weston_subsurface_synchronized_commit (sub=0x555555ee3350) at ../libweston/compositor.c:4746
surface = 0x555555ead3b0
status = WESTON_SURFACE_CLEAN
tmp = 0x0
#10 0x00007ffff7d2f9e5 in weston_subsurface_parent_commit (sub=0x555555ee3350, parent_is_synchronized=0) at ../libweston/compositor.c:4772
status = WESTON_SURFACE_CLEAN
view = 0x555555ead448
#11 0x00007ffff7d2f84c in weston_subsurface_commit (sub=0x555555ee3760) at ../libweston/compositor.c:4725
surface = 0x555555ead030
status = (WESTON_SURFACE_DIRTY_BUFFER | WESTON_SURFACE_DIRTY_SIZE | WESTON_SURFACE_DIRTY_SUBSURFACE_CONFIG)
tmp = 0x555555ee3350
#12 0x00007ffff7d2ee3b in surface_commit (client=0x555555f5bc50, resource=0x555555e9c0f0) at ../libweston/compositor.c:4409
surface = 0x555555ead030
sub = 0x555555ee3760
status = (WESTON_SURFACE_DIRTY_BUFFER | WESTON_SURFACE_DIRTY_POS | WESTON_SURFACE_DIRTY_INPUT | unknown: 0x5540)
__PRETTY_FUNCTION__ = "surface_commit"
#13 0x00007ffff7a624f6 in () at /usr/lib/libffi.so.8
#14 0x00007ffff7a5ef5e in () at /usr/lib/libffi.so.8
#15 0x00007ffff7a61b73 in ffi_call () at /usr/lib/libffi.so.8
#16 0x00007ffff7ce8ada in () at /usr/lib/libwayland-server.so.0
#17 0x00007ffff7ced180 in () at /usr/lib/libwayland-server.so.0
#18 0x00007ffff7cebae2 in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#19 0x00007ffff7cec2d7 in wl_display_run () at /usr/lib/libwayland-server.so.0
#20 0x00007ffff7fb24bd in wet_main (argc=1, argv=0x7fffffffe998, test_data=0x0) at ../compositor/main.c:4226
ret = 1
cmdline = 0x555555566b40 "H\227VUUU"
display = 0x5555555692e0
signals = {0x5555555694c0, 0x555555569510, 0x555555569560}
loop = 0x5555555693d0
i = 1
fd = -1
backend = 0x5555555699d0 "x11"
renderer = 0x0
shell = 0x555555dfe6f0 "desktop"
xwayland = false
modules = 0x555555dfdfe0 ""
option_modules = 0x0
log = 0x0
log_scopes = 0x0
flight_rec_scopes = 0x7ffff7fbc0b6 "log,drm-backend"
server_socket = 0x0
require_outputs = 0x0
idle_time = 300
help = 0
socket_name = 0x0
version = 0
noconfig = 0
debug_protocol = 0
numlock_on = false
config_file = 0x0
config = 0x555555566b40
section = 0x0
primary_client = 0x7fffffffe9a8
primary_client_destroyed = {
link = {
prev = 0x7ffff7ffd000 <_rtld_global>,
next = 0x7ffff7fda7e2 <_dl_fixup+258>
},
notify = 0x1
}
seat = 0x7fff00000001
wet = {
compositor = 0x5555555699f0,
config = 0x555555566b40,
parsed_options = 0x55555556a4e0,
drm_use_current_mode = false,
heads_changed_listener = {
link = {
prev = 0x555555569e20,
next = 0x555555569e20
},
notify = 0x7ffff7fabcc7 <simple_heads_changed>
},
simple_output_configure = 0x7ffff7fb0274 <x11_backend_output_configure>,
init_failed = false,
layoutput_list = {
prev = 0x7fffffffe4c8,
next = 0x7fffffffe4c8
},
child_process_list = {
prev = 0x555555e19b70,
next = 0x555555e19510
},
autolaunch_pid = -1,
autolaunch_watch = false,
use_color_manager = false,
screenshot_auth = {
link = {
prev = 0x0,
next = 0x0
},
notify = 0x0
},
require_outputs = REQUIRE_OUTPUTS_ANY
}
log_ctx = 0x55555555f5b0
logger = 0x555555568be0
flight_rec = 0x555555568c20
process = 0xffffffff
process_tmp = 0x7ffff7fa1ba0
wet_xwl = 0x0
mask = {
__val = {512, 140737352167415, 93824992290304, 96, 7, 26, 93824992269584, 0, 3, 140737352167415, 93824992290448, 80, 6, 140737352167415, 0, 0}
}
action = {
__sigaction_handler = {
sa_handler = 0x7ffff7fb1482 <sigint_helper>,
sa_sigaction = 0x7ffff7fb1482 <sigint_helper>
},
sa_mask = {
__val = {0, 140737349886944, 140737349881120, 140737350132768, 0, 140737350133952, 0, 140737350135392, 0, 140737350127328, 0, 140737350131808, 0, 12, 16, 0}
},
sa_flags = 0,
sa_restorer = 0x0
}
wait_for_debugger = false
protologger = 0x5555555681b0
core_options = {{
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbbfd3 "backend",
short_name = 66 'B',
data = 0x7fffffffe388
}, {
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbbfdb "renderer",
short_name = 0 '\000',
data = 0x7fffffffe390
}, {
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbbe73 "shell",
short_name = 0 '\000',
data = 0x7fffffffe398
}, {
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbbfe4 "socket",
short_name = 83 'S',
data = 0x7fffffffe3d0
}, {
type = WESTON_OPTION_INTEGER,
name = 0x7ffff7fbbfeb "idle-time",
short_name = 105 'i',
data = 0x7fffffffe36c
}, {
type = WESTON_OPTION_BOOLEAN,
name = 0x7ffff7fbbff5 "xwayland",
short_name = 0 '\000',
data = 0x7fffffffe365
}, {
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbbffe "modules",
short_name = 0 '\000',
data = 0x7fffffffe3a8
}, {
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbbfcf "log",
short_name = 0 '\000',
data = 0x7fffffffe3b0
}, {
type = WESTON_OPTION_BOOLEAN,
name = 0x7ffff7fbc006 "help",
short_name = 104 'h',
data = 0x7fffffffe370
}, {
type = WESTON_OPTION_BOOLEAN,
name = 0x7ffff7fbc00b "version",
short_name = 0 '\000',
data = 0x7fffffffe374
}, {
type = WESTON_OPTION_BOOLEAN,
name = 0x7ffff7fbc013 "no-config",
short_name = 0 '\000',
data = 0x7fffffffe378
}, {
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbc01d "config",
short_name = 99 'c',
data = 0x7fffffffe3d8
}, {
type = WESTON_OPTION_BOOLEAN,
name = 0x7ffff7fbc024 "wait-for-debugger",
short_name = 0 '\000',
data = 0x7fffffffe367
}, {
type = WESTON_OPTION_BOOLEAN,
name = 0x7ffff7fbc036 "debug",
short_name = 0 '\000',
data = 0x7fffffffe37c
}, {
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbc03c "logger-scopes",
short_name = 108 'l',
data = 0x7fffffffe3b8
}, {
type = WESTON_OPTION_STRING,
name = 0x7ffff7fbc04a "flight-rec-scopes",
short_name = 102 'f',
data = 0x7fffffffe3c0
}}
#21 0x000055555555515e in main (argc=1, argv=0x7fffffffe998) at ../compositor/executable.c:33