1.5-rc1: Segfault in ipc_json_describe_workspace #5483

mortie · 2020-06-25T20:26:15Z

Sway Version: sway version 1.5-rc1-ba0232e6 (Jun 25 2020, branch 'master')
Debug Log: https://gist.githubusercontent.com/mortie/05dffd169580706b6bd3c396ac35e1a1/raw/344e3db673b4fde235ed4aed93f76fe88e18a859/sway-crash.log
Configuration File: https://gist.githubusercontent.com/mortie/05dffd169580706b6bd3c396ac35e1a1/raw/ab25515e3474e0db895d6535f04b137d0a23c6e5/config
Stack Trace, if sway crashes: https://gist.githubusercontent.com/mortie/05dffd169580706b6bd3c396ac35e1a1/raw/344e3db673b4fde235ed4aed93f76fe88e18a859/sway-crash.backtrace

I was playing around with the new headless output feature. I created an output with swaymsg create_output, then played around a bit, removed the output with swaymsg output HEADLESS-1 disable, reloaded the configuration, then repeated the last two steps a couple of times.

If you want a coredump and the exact executable I built, just ask and I will send it in a PM.

The text was updated successfully, but these errors were encountered:

emersion · 2020-07-02T10:21:56Z

Would be useful to reproduce with ASan.

mortie · 2020-07-02T12:14:21Z

Here's the last few seconds leading up to the crash, plus the crash itself, with asan:

00:02:17.134 [sway/ipc-server.c:960] Added IPC reply of type 0x6 to client 57 queue: { "id": "bar-0", "mode": "dock", "hidden_state": "hide", "position": "bottom", "status_command": "~\/.config\/sway\/status.sh", "font": "monospace 10", "gaps": { "top": 0, "right": 0, "bottom": 0, "left": 0 }, "bar_height": 0, "status_padding": 1, "status_edge_padding": 3, "wrap_scroll": false, "workspace_buttons": true, "strip_workspace_numbers": false, "strip_workspace_name": false, "binding_mode_indicator": true, "verbose": false, "pango_markup": true, "colors": { "background": "#232323ff", "statusline": "#ddddddff", "separator": "#666666ff", "focused_background": "#232323ff", "focused_statusline": "#ddddddff", "focused_separator": "#666666ff", "focused_workspace_border": "#000000ff", "focused_workspace_bg": "#000000ff", "focused_workspace_text": "#ffb946ff", "inactive_workspace_border": "#000000ff", "inactive_workspace_bg": "#000000ff", "inactive_workspace_text": "#888888ff", "active_workspace_border": "#000000ff", "active_workspace_bg": "#000000ff", "active_workspace_text": "#888888ff", "urgent_workspace_border": "#2f343aff", "urgent_workspace_bg": "#900000ff", "urgent_workspace_text": "#ffffffff", "binding_mode_border": "#2f343aff", "binding_mode_bg": "#900000ff", "binding_mode_text": "#ffffffff" }, "tray_padding": 2 }
00:02:17.134 [sway/ipc-server.c:536] Client 87 writable
00:02:17.134 [sway/ipc-server.c:536] Client 107 writable
00:02:17.152 [sway/input/cursor.c:865] denying request to set cursor from unfocused client
00:02:17.153 [sway/input/cursor.c:865] denying request to set cursor from unfocused client
00:02:17.153 [sway/ipc-server.c:536] Client 182 writable
00:02:17.153 [sway/desktop/layer_shell.c:343] Layer surface destroyed (wallpaper)
00:02:17.155 [sway/ipc-server.c:536] Client 57 writable
00:02:17.172 [sway/ipc-server.c:214] Client 182 hung up
00:02:17.172 [sway/ipc-server.c:566] IPC Client 182 disconnected
00:02:17.177 [sway/ipc-server.c:219] Client 189 readable
00:02:17.178 [sway/ipc-server.c:960] Added IPC reply of type 0x2 to client 189 queue: {"success": true}
00:02:17.178 [sway/ipc-server.c:536] Client 189 writable
00:02:17.216 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.216 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.216 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.216 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.250 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.250 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.250 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.250 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.258 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.258 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.258 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.258 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.269 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.269 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.269 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.269 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.286 [sway/ipc-server.c:219] Client 57 readable
00:02:17.288 [sway/ipc-server.c:960] Added IPC reply of type 0x1 to client 57 queue: [ { "id": 4, "name": "1", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 5, 6 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ { "id": 5, "name": "bash", "rect": { "x": 477, "y": 129, "width": 966, "height": 800 }, "focused": true, "focus": [ ], "border": "pixel", "current_border_width": 3, "layout": "none", "orientation": "none", "percent": 0.37268518518518517, "window_rect": { "x": 3, "y": 3, "width": 960, "height": 794 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 1920, "height": 1027 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 0, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "type": "floating_con", "pid": 753545, "app_id": "scratchpad", "visible": true, "max_render_time": 0, "shell": "xdg_shell", "inhibit_idle": false, "idle_inhibitors": { "user": "none", "application": "none" } } ], "sticky": false, "num": 1, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": true, "visible": true }, { "id": 10, "name": "2", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 27 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 2, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": false, "visible": false }, { "id": 25, "name": "3", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 26 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 3, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": false, "visible": false }, { "id": 23, "name": "4", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 24 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 4, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": false, "visible": false }, { "id": 21, "name": "5", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 22 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 5, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": false, "visible": false }, { "id": 19, "name": "6", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 20 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 6, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": false, "visible": false }, { "id": 17, "name": "7", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 18 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 7, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": false, "visible": false }, { "id": 15, "name": "8", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 16 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 8, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": false, "visible": false }, { "id": 13, "name": "9", "rect": { "x": 0, "y": 0, "width": 1920, "height": 1080 }, "focus": [ 14 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 9, "output": "eDP-1", "type": "workspace", "representation": "H[kitty]", "focused": false, "visible": false }, { "id": 11, "name": "10", "rect": { "x": 10, "y": 10, "width": 1900, "height": 1060 }, "focus": [ 28, 12 ], "border": "none", "current_border_width": 0, "layout": "splith", "orientation": "horizontal", "percent": null, "window_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "deco_rect": { "x": 0, "y": 0, "width": 0, "height": 0 }, "geometry": { "x": 0, "y": 0, "width": 0, "height": 0 }, "window": null, "urgent": false, "marks": [ ], "fullscreen_mode": 1, "nodes": [ ], "floating_nodes": [ ], "sticky": false, "num": 10, "output": "eDP-1", "type": "workspace", "representation": "H[kitty firefox-trunk]", "focused": false, "visible": false } ]
00:02:17.289 [sway/ipc-server.c:536] Client 57 writable
00:02:17.296 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.296 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.296 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.296 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.300 [sway/ipc-server.c:208] IPC Client socket error, removing client
00:02:17.300 [sway/ipc-server.c:566] IPC Client 87 disconnected
00:02:17.300 [sway/ipc-server.c:214] Client 92 hung up
00:02:17.300 [sway/ipc-server.c:566] IPC Client 92 disconnected
00:02:17.312 [DEBUG] [types/wlr_surface.c:666] New wlr_surface 0x619000126b80 (res 0x60c00008e180)
00:02:17.312 [DEBUG] [types/wlr_layer_shell_v1.c:439] new layer_surface 0x6130000bea80 (res 0x60c00008ee40)
00:02:17.312 [sway/desktop/layer_shell.c:513] new layer surface: namespace panel layer 1 anchor 1 size 0x19 margin 0,0,0,0
00:02:17.312 [sway/desktop/layer_shell.c:189] Usable area changed, rearranging output
00:02:17.312 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.312 [sway/tree/arrange.c:293] Arranging workspace '1' at 0.000000, 0.000000
00:02:17.312 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.312 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.312 [sway/tree/arrange.c:293] Arranging workspace '2' at 0.000000, 0.000000
00:02:17.312 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.312 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.312 [sway/tree/arrange.c:293] Arranging workspace '3' at 0.000000, 0.000000
00:02:17.312 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.312 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '4' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '5' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '6' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '7' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '8' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '9' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1061@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '10' at 10.000000, 10.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e980c0 horizontally
00:02:17.313 [sway/desktop/transaction.c:414] Transaction 0x60400024cb10 committing with 22 instructions
00:02:17.313 [DEBUG] [types/wlr_surface.c:666] New wlr_surface 0x619000179380 (res 0x60c00035b840)
00:02:17.313 [sway/desktop/layer_shell.c:189] Usable area changed, rearranging output
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '1' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '2' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '3' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '4' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '5' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '6' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '7' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '8' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '9' at 0.000000, 0.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.313 [sway/tree/arrange.c:263] Usable area for ws: 1920x1059@0,0
00:02:17.313 [sway/tree/arrange.c:293] Arranging workspace '10' at 10.000000, 10.000000
00:02:17.313 [sway/tree/arrange.c:77] Arranging 0x7ffff8e98170 horizontally
00:02:17.319 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.319 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.319 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.319 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.365 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.365 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.365 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.365 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.374 [sway/input/cursor.c:865] denying request to set cursor from unfocused client
00:02:17.446 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.446 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.446 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.446 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.446 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.446 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.446 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.446 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.471 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.471 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.471 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.471 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.480 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.480 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.480 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:17.480 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:17.480 [sway/desktop/transaction.c:492] Transaction 0x60400024cb10 is ready
00:02:17.480 [sway/desktop/transaction.c:281] Applying transaction 0x60400024cb10
00:02:17.480 [sway/desktop/transaction.c:414] Transaction 0x60400024c9d0 committing with 22 instructions
00:02:17.480 [sway/ipc-server.c:208] IPC Client socket error, removing client
00:02:17.480 [sway/ipc-server.c:566] IPC Client 107 disconnected
00:02:17.480 [sway/ipc-server.c:214] Client 123 hung up
00:02:17.480 [sway/ipc-server.c:566] IPC Client 123 disconnected
00:02:17.680 [sway/desktop/transaction.c:379] Transaction 0x60400024c9d0 timed out (1 waiting)
00:02:17.680 [sway/desktop/transaction.c:281] Applying transaction 0x60400024c9d0
00:02:19.107 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:19.107 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:19.107 [DEBUG] [xwayland/selection/selection.c:117] not handling selection events: no seat assigned to xwayland
00:02:19.107 [DEBUG] [xwayland/xwm.c:1306] unhandled X11 event: 34
00:02:19.726 [sway/ipc-server.c:153] Event on IPC listening socket
00:02:19.726 [sway/ipc-server.c:199] New client: fd 111
00:02:19.726 [sway/ipc-server.c:219] Client 111 readable
00:02:19.726 [sway/commands.c:255] Handling command 'output HEADLESS-1 disable'
00:02:19.726 [sway/commands.c:423] Subcommand: disable
00:02:19.726 [sway/config/output.c:204] Merging on top of existing output config
00:02:19.726 [sway/config/output.c:227] Config stored for output HEADLESS-1 (enabled: 0) (-1x-1@-1.000000Hz position -1,-1 scale -1.000000 subpixel unknown transform -1) (bg (null) (null)) (dpms 0) (max render time: -1)
00:02:19.726 [sway/config/output.c:403] Disabling output HEADLESS-1
00:02:19.726 [sway/tree/output.c:254] Disabling output 'HEADLESS-1'
=================================================================
==753490==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700001ad48 at pc 0x7ff592b1303d bp 0x7ffff8e97dd0 sp 0x7ffff8e97578
WRITE of size 8 at 0x60700001ad48 thread T0
    #0 0x7ff592b1303c in __interceptor_memmove (/lib/x86_64-linux-gnu/libasan.so.5+0xa103c)
    #1 0x55de6fb62be9 in memmove /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
    #2 0x55de6fb62be9 in list_del ../common/list.c:47
    #3 0x55de6fb62be9 in output_disable ../sway/tree/output.c:262
    #4 0x55de6fc01c17 in output_disable ../common/list.c:133
    #5 0x55de6fc01c17 in apply_output_config ../sway/config/output.c:405
    #6 0x55de6fc05dfa in apply_output_config_to_outputs ../sway/config/output.c:628
    #7 0x55de6fbb8712 in cmd_output ../sway/commands/output.c:108
    #8 0x55de6fbb8712 in cmd_output ../sway/commands/output.c:29
    #9 0x55de6fc79471 in execute_command ../sway/commands.c:286
    #10 0x55de6fc65f51 in ipc_client_handle_command ../sway/ipc-server.c:646
    #11 0x55de6fc67eff in ipc_client_handle_command ../sway/ipc-server.c:610
    #12 0x55de6fc67eff in ipc_client_handle_readable ../sway/ipc-server.c:268
    #13 0x7ff59205d659 in wl_event_loop_dispatch (/lib/x86_64-linux-gnu/libwayland-server.so.0+0xa659)
    #14 0x7ff59205bbd4 in wl_display_run (/lib/x86_64-linux-gnu/libwayland-server.so.0+0x8bd4)
    #15 0x55de6fb493c8 in server_run ../sway/server.c:233
    #16 0x55de6fb493c8 in main ../sway/main.c:410
    #17 0x7ff5928a70b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #18 0x55de6fb4a2dd in _start (/opt/sway/bin/sway+0x402dd)
0x60700001ad48 is located 8 bytes to the left of 80-byte region [0x60700001ad50,0x60700001ada0)
allocated by thread T0 here:
    #0 0x7ff592b7fbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
    #1 0x55de6fb5b175 in create_list ../common/list.c:14
SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib/x86_64-linux-gnu/libasan.so.5+0xa103c) in __interceptor_memmove
Shadow bytes around the buggy address:
  0x0c0e7fffb550: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 fa fa
  0x0c0e7fffb560: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 fa fa
  0x0c0e7fffb570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e7fffb580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00
  0x0c0e7fffb590: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
=>0x0c0e7fffb5a0: 00 00 00 00 00 00 fa fa fa[fa]00 00 00 00 00 00
  0x0c0e7fffb5b0: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c0e7fffb5c0: 00 00 fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
  0x0c0e7fffb5d0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 fa fa
  0x0c0e7fffb5e0: fa fa 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
  0x0c0e7fffb5f0: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==753490==ABORTING

Here's the full crash log: https://gist.githubusercontent.com/mortie/05dffd169580706b6bd3c396ac35e1a1/raw/681b74f391abfda66ea0c9c2b2d3d486f3befce8/crash-with-asan.log

The crash without asan was in ipc_json_describe_workspace, but my reading of asan's output suggests that the IPC system is innocent; that the bug is actually in output_disable, and that bug just happened to not trigger a segfault without asan.

emersion · 2020-07-02T13:44:45Z

Ah, thanks, that helps a lot.

What happens is that:

Headless output gets enabled, all is well
Headless output is disabled in Sway's state
Headless output is disabled in wlroots, which fails because it doesn't make sense for a headless output to be disabled
Since the output commit failed, Sway resets output->enabled back to true, but the rest of the state still assumes the output is disabled
Disabling the headless output again goes through output_disable, which calls list_find and list_del blindly without making sure the output is in the list. This results in a list_del call with a negative index, which corrupts memory.

Previously, we called output_disable prior to wlr_output_commit. This mutates Sway's output state before the output commit actually succeeds. This results in Sway's state getting out-of-sync with wlroots'. An alternative fix [1] was to revert the changes made by output_disable in case of failure. This is a little complicated. Instead, this patch makes it so Sway's internal state is never changed before a successful wlr_output commit. We had two output flags: enabled and configured. However enabled was set prior to the output becoming enabled, and was used to prevent the output event handlers (specifically, the mode handler) from calling apply_output_config again (infinite loop). Rename enabled to enabling and use it exclusively for this purpose. Rename configure to enabled, because that's what it really means. [1]: swaywm#5521 Closes: swaywm#5483

Previously, we called output_disable prior to wlr_output_commit. This mutates Sway's output state before the output commit actually succeeds. This results in Sway's state getting out-of-sync with wlroots'. An alternative fix [1] was to revert the changes made by output_disable in case of failure. This is a little complicated. Instead, this patch makes it so Sway's internal state is never changed before a successful wlr_output commit. We had two output flags: enabled and configured. However enabled was set prior to the output becoming enabled, and was used to prevent the output event handlers (specifically, the mode handler) from calling apply_output_config again (infinite loop). Rename enabled to enabling and use it exclusively for this purpose. Rename configure to enabled, because that's what it really means. [1]: #5521 Closes: #5483

References: swaywm#5483

References: #5483

Previously, we called output_disable prior to wlr_output_commit. This mutates Sway's output state before the output commit actually succeeds. This results in Sway's state getting out-of-sync with wlroots'. An alternative fix [1] was to revert the changes made by output_disable in case of failure. This is a little complicated. Instead, this patch makes it so Sway's internal state is never changed before a successful wlr_output commit. We had two output flags: enabled and configured. However enabled was set prior to the output becoming enabled, and was used to prevent the output event handlers (specifically, the mode handler) from calling apply_output_config again (infinite loop). Rename enabled to enabling and use it exclusively for this purpose. Rename configure to enabled, because that's what it really means. [1]: swaywm#5521 Closes: swaywm#5483 (cherry picked from commit 5432f00)

References: swaywm#5483 (cherry picked from commit 9bb7028)

Previously, we called output_disable prior to wlr_output_commit. This mutates Sway's output state before the output commit actually succeeds. This results in Sway's state getting out-of-sync with wlroots'. An alternative fix [1] was to revert the changes made by output_disable in case of failure. This is a little complicated. Instead, this patch makes it so Sway's internal state is never changed before a successful wlr_output commit. We had two output flags: enabled and configured. However enabled was set prior to the output becoming enabled, and was used to prevent the output event handlers (specifically, the mode handler) from calling apply_output_config again (infinite loop). Rename enabled to enabling and use it exclusively for this purpose. Rename configure to enabled, because that's what it really means. [1]: swaywm#5521 Closes: swaywm#5483

References: swaywm#5483

mortie changed the title ~~1.5-rc1: Segfault in ipc_json_describe_workspace after~~ 1.5-rc1: Segfault in ipc_json_describe_workspace Jun 25, 2020

emersion added bug Not working as intended ipc labels Jun 25, 2020

emersion added this to the 1.5 milestone Jun 30, 2020

This was referenced Jul 6, 2020

config/output: reconfigure on commit failure #5521

Closed

Provide a way for headless outputs to be destroyed #5522

Closed

emersion mentioned this issue Jul 10, 2020

config/output: don't change output state before commit #5535

Merged

RedSoxFan closed this as completed in #5535 Jul 10, 2020

emersion added a commit to emersion/sway that referenced this issue Jul 12, 2020

Assert output is found before removing from list

dbfc1b2

References: swaywm#5483

emersion mentioned this issue Jul 12, 2020

Assert output is found before removing from list #5543

Merged

emersion added a commit to emersion/sway that referenced this issue Jul 13, 2020

Assert output is found before removing from list

ea98f4c

References: swaywm#5483

RedSoxFan pushed a commit that referenced this issue Jul 13, 2020

Assert output is found before removing from list

9bb7028

References: #5483

emersion added a commit to emersion/sway that referenced this issue Jul 15, 2020

Assert output is found before removing from list

863b9c8

References: swaywm#5483 (cherry picked from commit 9bb7028)

Geo25rey pushed a commit to Geo25rey/sway that referenced this issue Aug 16, 2020

Assert output is found before removing from list

c0f8ca1

References: swaywm#5483

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.5-rc1: Segfault in ipc_json_describe_workspace #5483

1.5-rc1: Segfault in ipc_json_describe_workspace #5483

mortie commented Jun 25, 2020

emersion commented Jul 2, 2020

mortie commented Jul 2, 2020 •

edited

Loading

emersion commented Jul 2, 2020

1.5-rc1: Segfault in ipc_json_describe_workspace #5483

1.5-rc1: Segfault in ipc_json_describe_workspace #5483

Comments

mortie commented Jun 25, 2020

emersion commented Jul 2, 2020

mortie commented Jul 2, 2020 • edited Loading

emersion commented Jul 2, 2020

mortie commented Jul 2, 2020 •

edited

Loading