Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault when enabling screen with changed modes #4730

Closed
kennylevinsen opened this issue Nov 16, 2019 · 4 comments · Fixed by swaywm/wlroots#1944
Closed

Segfault when enabling screen with changed modes #4730

kennylevinsen opened this issue Nov 16, 2019 · 4 comments · Fixed by swaywm/wlroots#1944

Comments

@kennylevinsen
Copy link
Member

kennylevinsen commented Nov 16, 2019
edited
Loading

Problem

After resuming from sleep and reenabling external displays, sway segfaults. This has happened twice with the same trace.

This may be connected to one screen of mine, which sometimes after waking registers with fewer modes than normal (only up to FHD rather than 4k). That this has occurred can be seen in the debug log.

The debug log shows an attempt to set "12336x0@600 mHz", which seems quite bogus.

Sway version

sway version 1.2-f576bcdb (Nov 5 2019, branch 'master')

Debug Log

1-16 15:39:59 - [backend/drm/drm.c:1333] 'DP-2' connected
2019-11-16 15:39:59 - [backend/drm/drm.c:1334] Current CRTC: -1
2019-11-16 15:39:59 - [backend/drm/drm.c:1339] Physical size: 600x340
2019-11-16 15:39:59 - [backend/drm/drm.c:1351] Detected modes:
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1920x1080@60000
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1920x1080@60000
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1920x1080@59940
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1600x900@60000
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1280x1024@60020
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1280x800@59810
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1152x864@59967
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1280x720@60000
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1280x720@60000
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1280x720@59940
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   1024x768@60004
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   800x600@60317
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   720x480@60000
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   720x480@59940
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   640x480@60000
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   640x480@59940
2019-11-16 15:39:59 - [backend/drm/drm.c:1373]   640x480@59940
2019-11-16 15:39:59 - [backend/drm/drm.c:1067] Reallocating CRTCs
2019-11-16 15:39:59 - [backend/drm/drm.c:1078] State before reallocation:
2019-11-16 15:39:59 - [backend/drm/drm.c:1084]   'eDP-1' crtc=0 state=3 desired_enabled=1
2019-11-16 15:39:59 - [backend/drm/drm.c:1084]   'DP-1' crtc=1 state=3 desired_enabled=1
2019-11-16 15:39:59 - [backend/drm/drm.c:1084]   'DP-2' crtc=-1 state=1 desired_enabled=1
2019-11-16 15:39:59 - [backend/drm/drm.c:1136] State after reallocation:
2019-11-16 15:39:59 - [backend/drm/drm.c:1143]   'eDP-1' crtc=0 state=3 desired_enabled=1
2019-11-16 15:39:59 - [backend/drm/drm.c:1143]   'DP-1' crtc=1 state=3 desired_enabled=1
2019-11-16 15:39:59 - [backend/drm/drm.c:1143]   'DP-2' crtc=2 state=1 desired_enabled=1
2019-11-16 15:39:59 - [backend/drm/drm.c:1436] Requesting modeset for 'DP-2'
2019-11-16 15:39:59 - [sway/desktop/output.c:785] New output 0x55957cf94490: DP-2
2019-11-16 15:39:59 - [sway/config/output.c:264] Turning on screen
2019-11-16 15:39:59 - [backend/drm/atomic.c:56] DP-2: Atomic commit failed (modeset): Invalid argument
2019-11-16 15:39:59 - [sway/config/output.c:270] Set Goldstar Company Ltd LG Ultra HD 0x00003200 mode to 3840x2160 (60.000000 Hz)
2019-11-16 15:39:59 - [sway/config/output.c:231] Configured mode for DP-2 not available
2019-11-16 15:39:59 - [sway/config/output.c:232] Picking preferred mode instead
2019-11-16 15:39:59 - [backend/drm/drm.c:653] Modesetting 'DP-2' with '12336x0@600 mHz'
2019-11-16 15:39:59 - [backend/drm/drm.c:549] Initializing renderer on connector 'DP-2'
2019-11-16 15:39:59 - [EGL] command: eglSwapBuffers, error: 0x3003, message: "dri2_swap_buffers"
2019-11-16 15:39:59 - [render/egl.c:402] eglSwapBuffers failed
2019-11-16 15:39:59 - [EGL] command: eglSwapBuffers, error: 0x300d, message: "no front buffer"
2019-11-16 15:40:00 - [common/ipc-client.c:88] Unable to receive IPC response
Gdk-Message: 15:40:00.044: Error reading events from display: Broken pipe
Gdk-Message: 15:40:00.044: Error reading events from display: Broken pipe
Gdk-Message: 15:40:00.044: Error reading events from display: Broken pipe
Gdk-Message: 15:40:00.044: Error reading events from display: Broken pipe
thread 'main' panicked at 'Failed to read from wayland socket: Broken pipe (os error 32)', /home/kenny/.cargo/registry/src/github.com-1ecc6299db9ec823/wayland-client-0.23.6/src/lib.rs:288:33
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.
(EE) failed to read Wayland events: Broken pipe
Gdk-Message: 15:40:00.044: Error reading events from display: Broken pipe
Gdk-Message: 15:40:00.045: Error reading events from display: Broken pipe
Gdk-Message: 15:40:00.046: Error reading events from display: Broken pipe
Gdk-Message: 15:40:00.049: Error reading events from display: Broken pipe

Stack trace

Core was generated by `sway -d'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fa826ee5660 in gbm_bo_get_user_data () from /usr/lib/libgbm.so.1
[Current thread is 1 (Thread 0x7fa821253a00 (LWP 1038))]
(gdb) #0  0x00007fa826ee5660 in gbm_bo_get_user_data () at /usr/lib/libgbm.so.1
#1  0x00007fa827af4bc0 in get_fb_for_bo (bo=0x0, drm_format=875713089, with_modifiers=<optimized out>) at ../backend/drm/util.c:183
        id = 0
        gbm = <optimized out>
        fd = <optimized out>
        width = <optimized out>
        height = <optimized out>
        handles = {2089138000, 21909, 2089149376, 21909}
        strides = {12336, 0, 532369273, 32680}
        offsets = {2089149376, 21909, 532414334, 32680}
        modifiers = {94100527637448, 140360197028470, 94100535199016, 94100535199016}
#2  0x00007fa827aef962 in drm_connector_pageflip_renderer (conn=0x55957cf94490, mode=0x55957cf94528) at ../backend/drm/drm.c:518
        drm = 0x55957c86cb60
        crtc = 0x55957c85b750
        plane = 0x55957c85e3c0
        bo = <optimized out>
        fb_id = <optimized out>
#3  0x00007fa827aefa89 in drm_connector_init_renderer (conn=conn@entry=0x55957cf94490, mode=mode@entry=0x55957cf94528) at ../backend/drm/drm.c:564
        drm = 0x55957c86cb60
        crtc = <optimized out>
        plane = 0x55957c85e3c0
        width = 12336
        height = 0
        format = <optimized out>
#4  0x00007fa827af1164 in drm_connector_set_mode (output=0x55957cf94490, wlr_mode=0x55957cf94528) at ../backend/drm/drm.c:658
        conn = 0x55957cf94490
        drm = <optimized out>
        mode = 0x55957cf94528
#5  0x000055957b45afd8 in set_mode (custom=<optimized out>, refresh_rate=<optimized out>, height=2160, width=3840, output=0x55957cf94490) at ../sway/sway/config/output.c:237
        mhz = 60000
        mode = <optimized out>
        best = 0x55957cf94528
        wlr_output = 0x55957cf94490
        modeset_success = <optimized out>
        output_box = <optimized out>
#6  0x000055957b45afd8 in apply_output_config (oc=oc@entry=0x55957d415e20, output=output@entry=0x55957d639a60) at ../sway/sway/config/output.c:272
        wlr_output = 0x55957cf94490
        modeset_success = <optimized out>
        output_box = <optimized out>
#7  0x000055957b47a5d5 in output_enable (output=output@entry=0x55957d639a60, oc=0x55957d415e20) at ../sway/sway/tree/output.c:118
        __PRETTY_FUNCTION__ = "output_enable"
        wlr_output = 0x55957cf94490
        len = 4
        ws = <optimized out>
#8  0x000055957b448736 in handle_new_output (listener=0x55957b49ce20 <server+64>, data=0x55957cf94490) at ../sway/sway/desktop/output.c:811
        server = 0x55957b49cde0 <server>
        wlr_output = 0x55957cf94490
        output = 0x55957d639a60
        oc = <optimized out>
#9  0x00007fa827b33a0e in wlr_signal_emit_safe (signal=<optimized out>, data=0x55957cf94490) at ../util/signal.c:29
        pos = 0x55957b49ce20 <server+64>
        l = 0x55957b49ce20 <server+64>
        cursor = {link = {prev = 0x55957b49ce20 <server+64>, next = 0x7fff9b8b53d0}, notify = 0x7fa827b33980 <handle_noop>}
        end = {link = {prev = 0x7fff9b8b53b0, next = 0x55957c856378}, notify = 0x7fa827b33980 <handle_noop>}
#10 0x00007fa827b33a0e in wlr_signal_emit_safe (signal=signal@entry=0x55957c86cb88, data=data@entry=0x55957cf94490) at ../util/signal.c:29
        pos = 0x55957c9e8948
        l = 0x55957c9e8948
        cursor = {link = {prev = 0x55957c9e8948, next = 0x7fff9b8b5440}, notify = 0x7fa827b33980 <handle_noop>}
        end = {link = {prev = 0x7fff9b8b5420, next = 0x55957c86cb88}, notify = 0x7fa827b33980 <handle_noop>}
#11 0x00007fa827af2635 in scan_drm_connectors (drm=<optimized out>) at ../backend/drm/drm.c:1438
        conn = 0x55957cf94490
        i = 0
        res = <optimized out>
        seen_len = 3
        seen = 0x7fff9b8b54b0
        new_outputs_len = <optimized out>
        new_outputs = 0x7fff9b8b5490
        conn = <optimized out>
        tmp_conn = <optimized out>
        index = <optimized out>
#12 0x00007fa827b33a0e in wlr_signal_emit_safe (signal=<optimized out>, data=data@entry=0x55957c8563e0) at ../util/signal.c:29
        pos = 0x55957c86cc08
        l = 0x55957c86cc08
        cursor = {link = {prev = 0x55957c86cc08, next = 0x7fff9b8b55c0}, notify = 0x7fa827b33980 <handle_noop>}
        end = {link = {prev = 0x7fff9b8b55a0, next = 0x55957c85c600}, notify = 0x7fa827b33980 <handle_noop>}
#13 0x00007fa827afa078 in udev_event (fd=<optimized out>, mask=<optimized out>, data=0x55957c8563e0) at ../backend/session/session.c:52
        session = 0x55957c8563e0
        udev_dev = 0x55957cf3dfd0
        action = <optimized out>
        devnum = <optimized out>
        dev = <optimized out>
#14 0x00007fa827b787f2 in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#15 0x00007fa827b7739c in wl_display_run () at /usr/lib/libwayland-server.so.0
#16 0x000055957b43958c in main (argc=2, argv=0x7fff9b8b5998) at ../sway/sway/main.c:403
        verbose = 0
        debug = 1
        validate = 0
        allow_unsupported_gpu = 0
        long_options = 
            {{name = 0x55957b48145b "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x55957b484395 "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x55957b481460 "validate", has_arg = 0, flag = 0x0, val = 67}, {name = 0x55957b481469 "debug", has_arg = 0, flag = 0x0, val = 100}, {name = 0x55957b4813bf "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x55957b48055f "verbose", has_arg = 0, flag = 0x0, val = 86}, {name = 0x55957b48146f "get-socketpath", has_arg = 0, flag = 0x0, val = 112}, {name = 0x55957b48147e "unsupported-gpu", has_arg = 0, flag = 0x0, val = 117}, {name = 0x55957b48148e "my-next-gpu-wont-be-nvidia", has_arg = 0, flag = 0x0, val = 117}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
        config_path = 0x0
        usage = 0x55957b4817c0 "Usage: sway [options] [command]\n\n  -h, --help", ' ' <repeats 13 times>, "Show help message and quit.\n  -c, --config <config>  Specify a config file.\n  -C, --validate         Check the validity of the config file, th"...
        c = <optimized out>
emersion added a commit to emersion/wlroots that referenced this issue Dec 5, 2019
@emersion
backend/drm: fix segfault in init_drm_surface
9e89c81 
When surf->gbm was previously set, we destroy it without setting it to
NULL. Later on, we only create the GBM surface if surf->gbm is NULL.
This result in a use-after-free when we start using surf->gbm.

Closes: swaywm#1868
Closes: swaywm#1874
Closes: swaywm/sway#4785
Closes: swaywm/sway#4717
Closes: swaywm/sway#4730
Fixes: 2bdd1d0 ("backend/drm: use modifiers for our GBM buffers")
@emersion emersion mentioned this issue Dec 5, 2019
Merged
ddevault pushed a commit to swaywm/wlroots that referenced this issue Dec 5, 2019
@emersion @ddevault
backend/drm: fix segfault in init_drm_surface
6ca8208 
When surf->gbm was previously set, we destroy it without setting it to
NULL. Later on, we only create the GBM surface if surf->gbm is NULL.
This result in a use-after-free when we start using surf->gbm.

Closes: #1868
Closes: #1874
Closes: swaywm/sway#4785
Closes: swaywm/sway#4717
Closes: swaywm/sway#4730
Fixes: 2bdd1d0 ("backend/drm: use modifiers for our GBM buffers")
@kennylevinsen
Copy link
Member Author

kennylevinsen commented Dec 14, 2019
edited
Loading

This issue was unfortunately not fixed. Following backtrace is from sway version 1.2-b7f0656f, built two days ago:

#0  0x00007faf5201c660 in gbm_bo_get_user_data () at /usr/lib/libgbm.so.1
#1  0x00007faf52accc30 in get_fb_for_bo (bo=0x0, drm_format=875713089, with_modifiers=<optimized out>) at ../backend/drm/util.c:184
        id = 0
        gbm = <optimized out>
        fd = <optimized out>
        width = <optimized out>
        height = <optimized out>
        handles = {3372031344, 21883, 3371969168, 21883}
        strides = {12336, 0, 1255845753, 32687}
        offsets = {3371969168, 21883, 1255890798, 32687}
        modifiers = {93990141307544, 140390983056086, 93990143276152, 93990143276152}
#2  0x00007faf52ac79c2 in drm_connector_pageflip_renderer (conn=0x557bc91a33e0, mode=0x557bc91a3478) at ../backend/drm/drm.c:518
        drm = 0x557bc8fbfbc0
        crtc = 0x557bc8fd1d70
        plane = 0x557bc8fc2a90
        bo = <optimized out>
        fb_id = <optimized out>
#3  0x00007faf52ac7ae9 in drm_connector_init_renderer (conn=conn@entry=0x557bc91a33e0, mode=mode@entry=0x557bc91a3478) at ../backend/drm/drm.c:564
        drm = 0x557bc8fbfbc0
        crtc = <optimized out>
        plane = 0x557bc8fc2a90
        width = 12336
        height = 0
        format = <optimized out>
#4  0x00007faf52ac91c4 in drm_connector_set_mode (output=0x557bc91a33e0, wlr_mode=0x557bc91a3478) at ../backend/drm/drm.c:658
        conn = 0x557bc91a33e0
        drm = <optimized out>
        mode = 0x557bc91a3478
#5  0x0000557bc73e90b8 in set_mode (custom=<optimized out>, refresh_rate=<optimized out>, height=2160, width=3840, output=0x557bc91a33e0) at ../sway/sway/config/output.c:263
        mhz = 59997
        mode = <optimized out>
        best = 0x557bc91a3478
        wlr_output = 0x557bc91a33e0
        modeset_success = <optimized out>
        output_box = <optimized out>
#6  0x0000557bc73e90b8 in apply_output_config (oc=oc@entry=0x557bc94a9eb0, output=output@entry=0x557bc98b3960) at ../sway/sway/config/output.c:298
        wlr_output = 0x557bc91a33e0
        modeset_success = <optimized out>
        output_box = <optimized out>
#7  0x0000557bc7408d45 in output_enable (output=output@entry=0x557bc98b3960, oc=0x557bc94a9eb0) at ../sway/sway/tree/output.c:119
        __PRETTY_FUNCTION__ = "output_enable"
        wlr_output = 0x557bc91a33e0
        len = 4
        ws = <optimized out>
#8  0x0000557bc73d59d2 in handle_new_output (listener=0x557bc742be78 <server+88>, data=0x557bc91a33e0) at ../sway/sway/desktop/output.c:896
        server = 0x557bc742be20 <server>
        wlr_output = 0x557bc91a33e0
        output = 0x557bc98b3960
        oc = <optimized out>
#9  0x00007faf52b0a68e in wlr_signal_emit_safe (signal=<optimized out>, data=0x557bc91a33e0) at ../util/signal.c:29
        pos = 0x557bc742be78 <server+88>
        l = 0x557bc742be78 <server+88>
        cursor = {link = {prev = 0x557bc742be78 <server+88>, next = 0x7ffce215fcb0}, notify = 0x7faf52b0a600 <handle_noop>}
        end = {link = {prev = 0x7ffce215fc90, next = 0x557bc8fba1d8}, notify = 0x7faf52b0a600 <handle_noop>}
#10 0x00007faf52b0a68e in wlr_signal_emit_safe (signal=signal@entry=0x557bc8fbfbe8, data=data@entry=0x557bc91a33e0) at ../util/signal.c:29
        pos = 0x557bc913fde8
        l = 0x557bc913fde8
        cursor = {link = {prev = 0x557bc913fde8, next = 0x7ffce215fd20}, notify = 0x7faf52b0a600 <handle_noop>}
        end = {link = {prev = 0x7ffce215fd00, next = 0x557bc8fbfbe8}, notify = 0x7faf52b0a600 <handle_noop>}
#11 0x00007faf52aca695 in scan_drm_connectors (drm=<optimized out>) at ../backend/drm/drm.c:1438
        conn = 0x557bc91a33e0
        i = 0
        res = <optimized out>
        seen_len = 3
        seen = 0x7ffce215fd90
        new_outputs_len = <optimized out>
        new_outputs = 0x7ffce215fd70
        conn = <optimized out>
        tmp_conn = <optimized out>
        index = <optimized out>
#12 0x00007faf52b0a68e in wlr_signal_emit_safe (signal=<optimized out>, data=data@entry=0x557bc8fba240) at ../util/signal.c:29
        pos = 0x557bc8fbfc80
        l = 0x557bc8fbfc80
        cursor = {link = {prev = 0x557bc8fbfc80, next = 0x7ffce215fea0}, notify = 0x7faf52b0a600 <handle_noop>}
        end = {link = {prev = 0x7ffce215fe80, next = 0x557bc8fc0be0}, notify = 0x7faf52b0a600 <handle_noop>}
#13 0x00007faf52ad2108 in udev_event (fd=<optimized out>, mask=<optimized out>, data=0x557bc8fba240) at ../backend/session/session.c:52
        session = 0x557bc8fba240
        udev_dev = 0x557bc984b210
        action = <optimized out>
        devnum = <optimized out>
        dev = <optimized out>
#14 0x00007faf52b507f2 in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#15 0x00007faf52b4f39c in wl_display_run () at /usr/lib/libwayland-server.so.0
#16 0x0000557bc73c658c in main (argc=1, argv=0x7ffce2160278) at ../sway/sway/main.c:403
        verbose = 0
        debug = 0
        validate = 0
        allow_unsupported_gpu = 0
        long_options =
            {{name = 0x557bc740f47b "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x557bc74126d1 "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x557bc740f480 "validate", has_arg = 0, flag = 0x0, val = 67}, {name = 0x557bc740f489 "debug", has_arg = 0, flag = 0x0, val = 100}, {name = 0x557bc740f3df "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x557bc740e57c "verbose", has_arg = 0, flag = 0x0, val = 86}, {name = 0x557bc740f48f "get-socketpath", has_arg = 0, flag = 0x0, val = 112}, {name = 0x557bc740f49e "unsupported-gpu", has_arg = 0, flag = 0x0, val = 117}, {name = 0x557bc740f4ae "my-next-gpu-wont-be-nvidia", has_arg = 0, flag = 0x0, val = 117}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
        config_path = 0x0
        usage = 0x557bc740f7e0 "Usage: sway [options] [command]\n\n  -h, --help", ' ' <repeats 13 times>, "Show help message and quit.\n  -c, --config <config>  Specify a config file.\n  -C, --validate         Check the validity of the config file, th"...
        c = <optimized out>

@emersion
Copy link
Member

This one is a dup of #4717

aiqs4 pushed a commit to aiqs4/wlroots that referenced this issue Dec 19, 2019
@emersion @aiqs4
backend/drm: fix segfault in init_drm_surface
c46b427 
When surf->gbm was previously set, we destroy it without setting it to
NULL. Later on, we only create the GBM surface if surf->gbm is NULL.
This result in a use-after-free when we start using surf->gbm.

Closes: swaywm#1868
Closes: swaywm#1874
Closes: swaywm/sway#4785
Closes: swaywm/sway#4717
Closes: swaywm/sway#4730
Fixes: 2bdd1d0 ("backend/drm: use modifiers for our GBM buffers")
aiqs4 pushed a commit to aiqs4/wlroots that referenced this issue Dec 19, 2019
@emersion @aiqs4
backend/drm: fix segfault in init_drm_surface
5069c1c 
When surf->gbm was previously set, we destroy it without setting it to
NULL. Later on, we only create the GBM surface if surf->gbm is NULL.
This result in a use-after-free when we start using surf->gbm.

Closes: swaywm#1868
Closes: swaywm#1874
Closes: swaywm/sway#4785
Closes: swaywm/sway#4717
Closes: swaywm/sway#4730
Fixes: 2bdd1d0 ("backend/drm: use modifiers for our GBM buffers")
aiqs4 pushed a commit to aiqs4/wlroots that referenced this issue Dec 19, 2019
@emersion @aiqs4
backend/drm: fix segfault in init_drm_surface
e0f7da4 
When surf->gbm was previously set, we destroy it without setting it to
NULL. Later on, we only create the GBM surface if surf->gbm is NULL.
This result in a use-after-free when we start using surf->gbm.

Closes: swaywm#1868
Closes: swaywm#1874
Closes: swaywm/sway#4785
Closes: swaywm/sway#4717
Closes: swaywm/sway#4730
Fixes: 2bdd1d0 ("backend/drm: use modifiers for our GBM buffers")
aiqs4 pushed a commit to aiqs4/wlroots that referenced this issue Dec 19, 2019
@emersion @aiqs4
backend/drm: fix segfault in init_drm_surface
91f6b1c 
When surf->gbm was previously set, we destroy it without setting it to
NULL. Later on, we only create the GBM surface if surf->gbm is NULL.
This result in a use-after-free when we start using surf->gbm.

Closes: swaywm#1868
Closes: swaywm#1874
Closes: swaywm/sway#4785
Closes: swaywm/sway#4717
Closes: swaywm/sway#4730
Fixes: 2bdd1d0 ("backend/drm: use modifiers for our GBM buffers")
aiqs4 pushed a commit to aiqs4/wlroots that referenced this issue Dec 19, 2019
@emersion @aiqs4
backend/drm: fix segfault in init_drm_surface
f3ee1f3 
When surf->gbm was previously set, we destroy it without setting it to
NULL. Later on, we only create the GBM surface if surf->gbm is NULL.
This result in a use-after-free when we start using surf->gbm.

Closes: swaywm#1868
Closes: swaywm#1874
Closes: swaywm/sway#4785
Closes: swaywm/sway#4717
Closes: swaywm/sway#4730
Fixes: 2bdd1d0 ("backend/drm: use modifiers for our GBM buffers")
@TheOneWithTheBraid
Copy link

Did you find any solution @kennylevinsen ? I still have this issue randomly occurring during normal usage (not only when changing outputs).

@kennylevinsen
Copy link
Member Author

@Jasmich Open a new issue with logs and stacktrace. Crashes occurring during normal use is unlikely to be related to this issue. Also, compare segfaults from output changes and normal usage, just in case they are in fact different crashes.

filips pushed a commit to filips/wlroots that referenced this issue Mar 15, 2020
@emersion @filips
backend/drm: fix segfault in init_drm_surface
1fbd495 
When surf->gbm was previously set, we destroy it without setting it to
NULL. Later on, we only create the GBM surface if surf->gbm is NULL.
This result in a use-after-free when we start using surf->gbm.

Closes: swaywm#1868
Closes: swaywm#1874
Closes: swaywm/sway#4785
Closes: swaywm/sway#4717
Closes: swaywm/sway#4730
Fixes: 2bdd1d0 ("backend/drm: use modifiers for our GBM buffers")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

backend/drm: fix segfault in init_drm_surface emersion/wlroots
3 participants
@kennylevinsen @emersion @TheOneWithTheBraid