Skip to content

[Regression] Xwayland rootful crashes on resize after commit cad42fcb

With commit cad42fcb, Xwayland rootful crashes on resize (and takes GNOME Shell with it!).

Steps to reproduce:

  1. Run Xwayland rootful
  2. Resize the Xwayland rootful window

Actual result:

(gdb) bt
#0  0x00007fe221d77834 in __pthread_kill_implementation () at /lib64/libc.so.6
#1  0x00007fe221d258ee in raise () at /lib64/libc.so.6
#2  0x00007fe221d0d8ff in abort () at /lib64/libc.so.6
#3  0x00000000005f366f in System (command=0x4a84c85ebf939d00 <error: Cannot access memory at address 0x4a84c85ebf939d00>) at ../os/utils.c:1385
#4  0x00000000005fb4ee in FreeAuditTimer () at ../os/log.c:907
#5  0x00000000005fb990 in VErrorF (f=0x7fff64c5ba48 "0\223\264!\342\177", args=0x2386) at ../os/log.c:1044
#6  0x00000000005ef8c1 in OsInit () at ../os/osinit.c:172
#7  0x00007fe221d259a0 in <signal handler called> () at /lib64/libc.so.6
#8  0x000000000052746d in dixGetPrivate (privates=0x3d0, key=0x702de0 <damageScrPrivateKeyRec>) at ../include/privates.h:135
#9  0x00000000005274d3 in dixSetPrivate (privates=0x3d0, key=0x702de0 <damageScrPrivateKeyRec>, val=0x5274d3 <dixSetPrivate+19>) at ../include/privates.h:146
#10 0x000000000052757f in dixLookupPrivateAddr (privates=0x3d0, key=0x702de0 <damageScrPrivateKeyRec>) at ../include/privates.h:179
#11 0x000000000052c69d in damageDestroyPixmap (pPixmap=0x23b6c50) at ../miext/damage/damage.c:1494
#12 0x00000000004217a2 in update_backing_pixmaps (xwl_screen=0x18df9f0, width=641, height=479) at ../hw/xwayland/xwayland-output.c:180
#13 0x000000000042184e in update_screen_size (xwl_screen=0x18df9f0, width=641, height=479) at ../hw/xwayland/xwayland-output.c:196
#14 0x00000000004236fe in xwl_output_set_mode_fixed (xwl_output=0x1953d80, mode=0x26f6f10) at ../hw/xwayland/xwayland-output.c:1190
#15 0x0000000000426bff in xwl_window_maybe_resize (xwl_window=0x2455610, width=641, height=479) at ../hw/xwayland/xwayland-window.c:656
#16 0x0000000000426d2f in handle_libdecor_configure (frame=0x2480c60, configuration=0x2835de0, data=0x2455610) at ../hw/xwayland/xwayland-window.c:699
#17 0x00007fe222072a1c in xdg_surface_configure () at /lib64/libdecor-0.so.0
#18 0x00007fe221b46056 in ffi_call_unix64 () at /lib64/libffi.so.8
#19 0x00007fe221b425ef in ffi_call_int.lto_priv () at /lib64/libffi.so.8
#20 0x00007fe221b453fe in ffi_call () at /lib64/libffi.so.8
#21 0x00007fe2221f7f0e in wl_closure_invoke.constprop () at /lib64/libwayland-client.so.0
#22 0x00007fe2221f8793 in dispatch_event.isra () at /lib64/libwayland-client.so.0
#23 0x00007fe2221f8a3c in wl_display_dispatch_queue_pending () at /lib64/libwayland-client.so.0
#24 0x00007fe2223aa039 in libdecor_plugin_gtk_dispatch () at /usr/lib64/libdecor/plugins-1/libdecor-gtk.so
#25 0x000000000041f62d in xwl_dispatch_events_with_libdecor (xwl_screen=0x18df9f0) at ../hw/xwayland/xwayland-screen.c:577
#26 0x000000000041f80f in socket_handler (fd=7, ready=1, data=0x18df9f0) at ../hw/xwayland/xwayland-screen.c:636
#27 0x00000000005ec665 in SetNotifyFd (fd=7, notify=0x1974980, mask=1, data=0x5ec665 <SetNotifyFd+21>) at ../os/connection.c:820
#28 0x00000000005f05d1 in ospoll_wait (ospoll=0x18cc030, timeout=597189) at ../os/ospoll.c:659
#29 0x00000000005e7f4f in WaitForSomething (are_ready=0) at ../os/WaitFor.c:211
#30 0x00000000004aec82 in Dispatch () at ../dix/dispatch.c:495
#31 0x00000000004bd17f in dix_main (argc=3, argv=0x7fff64c5cbb8, envp=0x7fff64c5cbd8) at ../dix/main.c:279
#32 0x0000000000435ddd in dixGetPrivateAddr (privates=0x364c5cbb8, key=0x7fff64c5cbb8) at ../include/privates.h:121
#33 0x00007fe221d0f14a in __libc_start_call_main () at /lib64/libc.so.6
#34 0x00007fe221d0f20b in __libc_start_main_impl () at /lib64/libc.so.6
#35 0x0000000000413085 in _start ()

My take is that the pixmap is already gone in step 11.

Reverting commit cad42fcb fixes the issue (but reintroduce the leak).

/cc @daenzer

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information