Skip to content

Xwayland 1.20.4 crashes in xwl_present_sync_callback()

Running Xwayland from xserver-1.20.4 may crash in xwl_present_sync_callback(), the event passed is pointing to an invalid xwl_present_window, hence a crash when trying to destroy the xwl_present_window->sync_callback

(gdb) bt
#0  0x00007f67e992e53f in raise () from /lib64/libc.so.6
#1  0x00007f67e9918895 in abort () from /lib64/libc.so.6
#2  0x0000557c19bddf50 in OsAbort () at utils.c:1351
#3  0x0000557c19be31e9 in AbortServer () at log.c:879
#4  0x0000557c19be405d in FatalError (f=f@entry=0x557c19c08e50 "Caught signal %d (%s). Server aborting\n") at log.c:1017
#5  0x0000557c19bdb255 in OsSigHandler (unused=<optimized out>, sip=<optimized out>, signo=11) at osinit.c:156
#6  OsSigHandler (signo=11, sip=<optimized out>, unused=<optimized out>) at osinit.c:110
#7  <signal handler called>
#8  0x00007f67ea030025 in wl_proxy_destroy () from /lib64/libwayland-client.so.0
#9  0x0000557c19a828ba in wl_callback_destroy (wl_callback=<optimized out>) at /usr/include/wayland-client-protocol.h:1154
#10 xwl_present_sync_callback (data=0x557c1b68b090, callback=<optimized out>, time=<optimized out>) at xwayland-present.c:284
#11 0x00007f67e9836ace in ffi_call_unix64 () from /lib64/libffi.so.6
#12 0x00007f67e983648f in ffi_call () from /lib64/libffi.so.6
#13 0x00007f67ea0337ad in ?? () from /lib64/libwayland-client.so.0
#14 0x00007f67ea02ff09 in ?? () from /lib64/libwayland-client.so.0
#15 0x00007f67ea03141c in wl_display_dispatch_queue_pending () from /lib64/libwayland-client.so.0
#16 0x0000557c19a77e9b in xwl_read_events (xwl_screen=0x557c1b17d440) at xwayland.c:826
#17 0x0000557c19bdbc41 in ospoll_wait (ospoll=0x557c1b1728f0, timeout=<optimized out>) at ospoll.c:651
#18 0x0000557c19bd5513 in WaitForSomething (are_ready=0) at WaitFor.c:208
#19 0x0000557c19ba50b0 in Dispatch () at ../include/list.h:220
#20 0x0000557c19ba9356 in dix_main (argc=12, argv=0x7ffd0c9c1df8, envp=<optimized out>) at main.c:276
#21 0x00007f67e991a413 in __libc_start_main () from /lib64/libc.so.6
#22 0x0000557c19a7737e in _start ()

(gdb) f 10
#10 xwl_present_sync_callback (data=0x557c1b68b090, callback=<optimized out>, time=<optimized out>) at xwayland-present.c:284

(gdb) p xwl_present_window
$1 = (struct xwl_present_window *) 0x557c1b689f50

(gdb) p *xwl_present_window
$2 = {xwl_screen = 0x557c1b7baff0, sync_flip = 0xf1f1f1f1f1f1f1f1, window = 0xf1f1f1f1f1f1f1f1, link = {next = 0xf1f1f1f1f1f1f1f1, 
    prev = 0xf1f1f1f1f1f1f1f1}, msc = 17433981653976478193, ust = 17433981653976478193, frame_timer = 0xf1f1f1f1f1f1f1f1, frame_timer_firing = -235802127, 
  frame_callback = 0xf1f1f1f1f1f1f1f1, sync_callback = 0xf1f1f1f1f1f1f1f1, event_list = {next = 0xf1f1f1f1f1f1f1f1, prev = 0xf1f1f1f1f1f1f1f1}, 
  release_queue = {next = 0xf1f1f1f1f1f1f1f1, prev = 0x557c1b689fb8}}

(gdb) p *event
$3 = {event_id = 3, target_msc = 2, abort = 1, pending = 1, buffer_released = 0, xwl_present_window = 0x557c1b689f50, buffer = 0x557c1b780110, list = {
    next = 0x557c1b68b0c0, prev = 0x557c1b68b0c0}}
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information