Skip to content
This repository has been archived by the owner on Nov 1, 2021. It is now read-only.

Segfault with keyboard unplugged #2073

Closed
aidanharris opened this issue Mar 19, 2020 · 5 comments · Fixed by #2110
Closed

Segfault with keyboard unplugged #2073

aidanharris opened this issue Mar 19, 2020 · 5 comments · Fixed by #2110
Labels
bug

Comments

@aidanharris
Copy link 

Core was generated by `sway -d'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  seat_client_create_keyboard (id=37, version=<optimized out>, seat_client=<optimized out>) at ../wlroots-9999/types/seat/wlr_seat_keyboard.c:425
425			size_t num_keycodes = keyboard->num_keycodes;
[Current thread is 1 (Thread 0x7fc5e4f574c0 (LWP 3704))]
(gdb) bt
#0  0x00007fc5e597f850 in seat_client_create_keyboard (id=37, version=<optimized out>, seat_client=<optimized out>) at ../wlroots-9999/types/seat/wlr_seat_keyboard.c:425
#1  0x00007fc5e597f850 in seat_handle_get_keyboard (client=<optimized out>, seat_resource=<optimized out>, id=37) at ../wlroots-9999/types/seat/wlr_seat.c:43
#2  0x00007fc5e5254bfd in ffi_call_unix64 () at /usr/src/debug/dev-libs/libffi-3.3-r1/libffi-3.3/src/x86/unix64.S:101
#3  0x00007fc5e525037a in ffi_call_int (cif=0x7ffdb6da47b0, fn=0x7fc5e597f6e0 <seat_handle_get_keyboard>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at /usr/src/debug/dev-libs/libffi-3.3-r1/libffi-3.3/src/x86/ffi64.c:669
#4  0x00007fc5e5a07ea9 in wl_closure_invoke (closure=closure@entry=0x55ce1f4c8230, target=target@entry=0x55ce1f4cdcb0, opcode=opcode@entry=1, data=data@entry=0x55ce1f505670, flags=<optimized out>)
    at /usr/src/debug/dev-libs/wayland-9999/wayland-9999/src/connection.c:1018
#5  0x00007fc5e5a0c864 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x55ce1f505670) at /usr/src/debug/dev-libs/wayland-9999/wayland-9999/src/wayland-server.c:432
#6  0x00007fc5e5a0d032 in wl_event_loop_dispatch (loop=0x55ce1e5fff00, timeout=timeout@entry=-1) at /usr/src/debug/dev-libs/wayland-9999/wayland-9999/src/event-loop.c:1027
#7  0x00007fc5e5a0d4ae in wl_display_run (display=0x55ce1e6065d0) at /usr/src/debug/dev-libs/wayland-9999/wayland-9999/src/wayland-server.c:1351
#8  0x000055ce1e244d1a in server_run (server=<optimized out>) at ../sway-9999/sway/server.c:218
#9  0x000055ce1e244d1a in main (argc=<optimized out>, argv=<optimized out>) at ../sway-9999/sway/main.c:409

gdb.txt
@emersion
Copy link
Member

Can you try again with ASan enabled?

How to reproduce?

Which wlroots commit is this?

Debug logs?

@minus7
Copy link

minus7 commented Mar 30, 2020

Actually the same just happened to me when replugging my keyboard (after a couple of times, not reproducible). There's nothing in the logs between plugging in the keyboard and the ASan report:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==787==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000e0 (pc 0x7fb29c75078b bp 0x7ffe9ce5f430 sp 0x7ffe9ce5f330 T0)
==787==The signal is caused by a READ memory access.
==787==Hint: address points to the zero page.
    #0 0x7fb29c75078a in seat_client_create_keyboard ../subprojects/wlroots/types/seat/wlr_seat_keyboard.c:425
    #1 0x7fb29c7552db in seat_handle_get_keyboard ../subprojects/wlroots/types/seat/wlr_seat.c:43
    #2 0x7fb29b469699 in ffi_call_unix64 (/usr/lib/libffi.so.6+0x6699)
    #3 0x7fb29b468fb5 in ffi_call (/usr/lib/libffi.so.6+0x5fb5)
    #4 0x7fb29c095f61  (/usr/lib/libwayland-server.so.0+0xcf61)
    #5 0x7fb29c0922db  (/usr/lib/libwayland-server.so.0+0x92db)
    #6 0x7fb29c093fa9 in wl_event_loop_dispatch (/usr/lib/libwayland-server.so.0+0xafa9)
    #7 0x7fb29c0924e6 in wl_display_run (/usr/lib/libwayland-server.so.0+0x94e6)
    #8 0x563d1a8ce7f5 in server_run ../sway/server.c:216
    #9 0x563d1a8ccea0 in main ../sway/main.c:409
    #10 0x7fb29be6f022 in __libc_start_main (/usr/lib/libc.so.6+0x27022)
    #11 0x563d1a8ac40d in _start (/usr/local/bin/sway+0x3e40d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../subprojects/wlroots/types/seat/wlr_seat_keyboard.c:425 in seat_client_create_keyboard
==787==ABORTING

Revision: 13db99b

@emersion emersion added the bug label Mar 30, 2020
@ammen99
Copy link
Member

ammen99 commented Mar 31, 2020

I have had the same crash with a virtual keyboard, again, not reproducible each time.

@valpackett
Copy link
Contributor

Yep, just encountered this by killing and restarting squeekboard.

In types/seat/wlr_seat_keyboard.c, handle_keyboard_destroy does wlr_seat_set_keyboard(state->seat, NULL).
And the seat_client_create_keyboard in the stacktrace dereferences that NULL, because there might not have been anything else to call wlr_seat_set_keyboard with non-NULL.

I guess handle_keyboard_destroy should try to set it to any other available keyboard..?

I'm honestly kinda confused about why does the seat_client need to know about particular physical (well.. or virtual) keyboards in general.

@emersion
Copy link
Member

emersion commented Apr 6, 2020

I think seat_client_create_keyboard should handle a NULL keyboard. A machine without any keyboard device plugged in should be handled correctly.

@r-c-f r-c-f mentioned this issue Apr 14, 2020
Merged
emersion pushed a commit that referenced this issue Apr 14, 2020
@r-c-f
seat: add check for NULL keyboard
f679895 
Check for a NULL keyboard_state.keyboard value in
seat_client_create_keyboard() before trying to use it, as is done in
other functions like seat_client_send_repeat_info(). Prevents a segfault
in certain situations on keyboard removal, as seen in the sway issue.

Closes: swaywm/sway#5205
Closes: #2073
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add check for NULL keyboard (fix sway #5205) r-c-f/wlroots
5 participants
@valpackett @minus7 @emersion @aidanharris @ammen99