Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault on SIGTERM leaving the display hanging #339

Open
I-Al-Istannen opened this issue Jun 10, 2024 · 1 comment
Open

Segfault on SIGTERM leaving the display hanging #339

I-Al-Istannen opened this issue Jun 10, 2024 · 1 comment

Comments

@I-Al-Istannen
Copy link

I-Al-Istannen commented Jun 10, 2024
edited
Loading

Hey,

cage keeps segfaulting and leaving the display in a connected state when shutting down the service. From some cursory debugging it seems like the terminate file descriptor ist not valid (write returns EBADF) and cage crashes with

cage: ../src/wayland-server.c:1483: wl_display_terminate: Assertion `ret >= 0 || errno == EAGAIN' failed.

The state of the display at that point seems to be

Expand me 
pwndbg> p *display
$2 = {
  loop = 0x11d73d0,
  run = 28274680,
  next_global_name = 0,
  serial = 28274680,
  registry_resource_list = {
    prev = 0x11d7650,
    next = 0x12d2c50
  },
  global_list = {
    prev = 0x1a5c890,
    next = 0x1a89a40
  },
  socket_list = {
    prev = 0x1a8a260,
    next = 0x1a60c60
  },
  client_list = {
    prev = 0x1a60c90,
    next = 0x1a60c90
  },
  protocol_loggers = {
    prev = 0x406dd0 <handle_idle_inhibitor_v1_new>,
    next = 0x7ffe81162520
  },
  destroy_signal = {
    listener_list = {
      prev = 0x7ffe81162520,
      next = 0x0
    },
    emit_list = {
      prev = 0x1a89710,
      next = 0x1a89760
    }
  },
  create_client_signal = {
    listener_list = {
      prev = 0x1ad5358,
      next = 0x1ad5358
    },
    emit_list = {
      prev = 0x11d7678,
      next = 0x11d7678
    }
  },
  additional_shm_formats = {
    size = 4223760,
    alloc = 27825968,
    data = 0x1a89858
  },
  global_filter = 0x4072f0 <handle_output_layout_change>,
  global_filter_data = 0x1a8be40,
  terminate_efd = 27835968,
  term_source = 0x409960 <handle_xdg_toplevel_decoration>
}

and the backtrace is

Expand me 
Module libpciaccess.so.0 without build-id.
Module libbz2.so.1 without build-id.
Module libxml2.so.2 without build-id.
Module libncursesw.so.6 without build-id.
Module libstdc++.so.6 without build-id.
Module libdrm_intel.so.1 without build-id.
Module libdrm_nouveau.so.2 without build-id.
Module libdrm_amdgpu.so.1 without build-id.
Module libdrm_radeon.so.1 without build-id.
Module libsensors.so.5 without build-id.
Module libz.so.1 without build-id.
Module libgcc_s.so.1 without build-id.
Module libxshmfence.so.1 without build-id.
Module libxcb-sync.so.1 without build-id.
Module libxcb-dri2.so.0 without build-id.
Module libX11-xcb.so.1 without build-id.
Module libgpg-error.so.0 without build-id.
Module libpcre2-8.so.0 without build-id.
Module libzstd.so.1 without build-id.
Module liblzma.so.5 without build-id.
Module liblz4.so.1 without build-id.
Module libgcrypt.so.20 without build-id.
Module libgudev-1.0.so.0 without build-id.
Module libsystemd.so.0 without build-id.
Module libXdmcp.so.6 without build-id.
Module libXau.so.6 without build-id.
Module libwacom.so.9 without build-id.
Module libevdev.so.2 without build-id.
Module libmtdev.so.1 without build-id.
Module libX11.so.6 without build-id.
Module libxcb-randr.so.0 without build-id.
Module libexpat.so.1 without build-id.
Module libGLdispatch.so.0 without build-id.
Module libcap.so.2 without build-id.
Module libxcb-errors.so.0 without build-id.
Module libxcb-res.so.0 without build-id.
Module libxcb-icccm.so.4 without build-id.
Module libxcb-composite.so.0 without build-id.
Module libseat.so.1 without build-id.
Module libxcb-xinput.so.0 without build-id.
Module libxcb-xfixes.so.0 without build-id.
Module libxcb-shm.so.0 without build-id.
Module libxcb-render-util.so.0 without build-id.
Module libxcb-render.so.0 without build-id.
Module libxcb-present.so.0 without build-id.
Module libxcb-dri3.so.0 without build-id.
Module libxcb.so.1 without build-id.
Module libinput.so.10 without build-id.
Module libvulkan.so.1 without build-id.
Module libGLESv2.so.2 without build-id.
Module libEGL.so.1 without build-id.
Module libudev.so.1 without build-id.
Module libdrm.so.2 without build-id.
Module libffi.so.8 without build-id.
Module libxkbcommon.so.0 without build-id.
Module libwlroots.so.11 without build-id.
Stack trace of thread 4386:
#0  0x00007f49d5c67efc __pthread_kill_implementation (libc.so.6 + 0x8fefc)
#1  0x00007f49d5c17e86 raise (libc.so.6 + 0x3fe86)
#2  0x00007f49d5c00935 abort (libc.so.6 + 0x28935)
#3  0x00007f49d5c00859 __assert_fail_base.cold (libc.so.6 + 0x28859)
#4  0x00007f49d5c106e6 __assert_fail (libc.so.6 + 0x386e6)
#5  0x00007f49d5f1f3a9 wl_display_terminate (libwayland-server.so.0 + 0x93a9)
#6  0x0000000000406c8c handle_signal (.cage-wrapped + 0x6c8c)
#7  0x00007f49d5f20eb4 wl_event_source_signal_dispatch (libwayland-server.so.0 + 0xaeb4)
#8  0x00007f49d5f218f2 wl_event_loop_dispatch (libwayland-server.so.0 + 0xb8f2)
#9  0x00007f49d5f1f455 wl_display_run (libwayland-server.so.0 + 0x9455)
#10 0x0000000000406579 main (.cage-wrapped + 0x6579)
#11 0x00007f49d5c0210e __libc_start_call_main (libc.so.6 + 0x2a10e)
#12 0x00007f49d5c021c9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2a1c9)
#13 0x0000000000406ba5 _start (.cage-wrapped + 0x6ba5)

Stack trace of thread 4392:
#0  0x00007f49d5c62c5e __futex_abstimed_wait_common (libc.so.6 + 0x8ac5e)
#1  0x00007f49d5c654c0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8d4c0)
#2  0x00007f49d2d175e9 cnd_wait (iris_dri.so + 0x1175e9)
#3  0x00007f49d2cf79db util_queue_thread_func (iris_dri.so + 0xf79db)
#4  0x00007f49d2d17527 impl_thrd_routine (iris_dri.so + 0x117527)
#5  0x00007f49d5c66272 start_thread (libc.so.6 + 0x8e272)
#6  0x00007f49d5ce1dec __clone3 (libc.so.6 + 0x109dec)

Stack trace of thread 4391:
#0  0x00007f49d5c62c5e __futex_abstimed_wait_common (libc.so.6 + 0x8ac5e)
#1  0x00007f49d5c654c0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8d4c0)
#2  0x00007f49d2d175e9 cnd_wait (iris_dri.so + 0x1175e9)
#3  0x00007f49d2cf79db util_queue_thread_func (iris_dri.so + 0xf79db)
#4  0x00007f49d2d17527 impl_thrd_routine (iris_dri.so + 0x117527)
#5  0x00007f49d5c66272 start_thread (libc.so.6 + 0x8e272)
#6  0x00007f49d5ce1dec __clone3 (libc.so.6 + 0x109dec)

Stack trace of thread 4396:
#0  0x00007f49d5c62c5e __futex_abstimed_wait_common (libc.so.6 + 0x8ac5e)
#1  0x00007f49d5c654c0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8d4c0)
#2  0x00007f49d2d175e9 cnd_wait (iris_dri.so + 0x1175e9)
#3  0x00007f49d2cf79db util_queue_thread_func (iris_dri.so + 0xf79db)
#4  0x00007f49d2d17527 impl_thrd_routine (iris_dri.so + 0x117527)
#5  0x00007f49d5c66272 start_thread (libc.so.6 + 0x8e272)
#6  0x00007f49d5ce1dec __clone3 (libc.so.6 + 0x109dec)

Stack trace of thread 4393:
#0  0x00007f49d5c62c5e __futex_abstimed_wait_common (libc.so.6 + 0x8ac5e)
#1  0x00007f49d5c654c0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8d4c0)
#2  0x00007f49d2d175e9 cnd_wait (iris_dri.so + 0x1175e9)
#3  0x00007f49d2cf79db util_queue_thread_func (iris_dri.so + 0xf79db)
#4  0x00007f49d2d17527 impl_thrd_routine (iris_dri.so + 0x117527)
#5  0x00007f49d5c66272 start_thread (libc.so.6 + 0x8e272)
#6  0x00007f49d5ce1dec __clone3 (libc.so.6 + 0x109dec)

Stack trace of thread 4395:
#0  0x00007f49d5c62c5e __futex_abstimed_wait_common (libc.so.6 + 0x8ac5e)
#1  0x00007f49d5c654c0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8d4c0)
#2  0x00007f49d2d175e9 cnd_wait (iris_dri.so + 0x1175e9)
#3  0x00007f49d2cf79db util_queue_thread_func (iris_dri.so + 0xf79db)
#4  0x00007f49d2d17527 impl_thrd_routine (iris_dri.so + 0x117527)
#5  0x00007f49d5c66272 start_thread (libc.so.6 + 0x8e272)
#6  0x00007f49d5ce1dec __clone3 (libc.so.6 + 0x109dec)

Stack trace of thread 4394:
#0  0x00007f49d5c62c5e __futex_abstimed_wait_common (libc.so.6 + 0x8ac5e)
#1  0x00007f49d5c654c0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8d4c0)
#2  0x00007f49d2d175e9 cnd_wait (iris_dri.so + 0x1175e9)
#3  0x00007f49d2cf79db util_queue_thread_func (iris_dri.so + 0xf79db)
#4  0x00007f49d2d17527 impl_thrd_routine (iris_dri.so + 0x117527)
#5  0x00007f49d5c66272 start_thread (libc.so.6 + 0x8e272)
#6  0x00007f49d5ce1dec __clone3 (libc.so.6 + 0x109dec)
ELF object binary architecture: AMD x86-64

I am running this on NixOS 24.05.
@joggee-fr
Copy link
Collaborator

Reminds me PR #313 and commit a24600038c1af9baa5ed4f579966d7c981b4a73e. Which version are you testing right now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@I-Al-Istannen @joggee-fr