Can access already freed data on server shutdown when phosh crashes
I just managed (without doing anything in particular) to crash phoc/phosh. Immediately after the crash I saw some of those tty systemd logs (Status of XYZ [FAILED] or whatever those say) and shortly afterwards got thrown back to gdm.
Looking at the journal logs below might reveal phosh dying (even though that didn't produce a dump) is the actual culprit here, but since I only have a coredump for phoc I've filed it here:
Core was generated by `/usr/bin/phoc -S -C /usr/share/phosh/phoc.ini -E bash -lc 'gnome-session --disa'.
Program terminated with signal SIGSEGV, Segmentation fault.
warning: Section `.reg-xstate/6955' in core file too small.
#0 0x00005615822f0c02 in phoc_seat_set_focus (seat=0x56158461a000, view=0x561584e28980) at ../src/seat.c:1575
1575 ../src/seat.c: No such file or directory.
[Current thread is 1 (Thread 0x7ff877614ac0 (LWP 6955))]
(gdb) bt
#0 0x00005615822f0c02 in phoc_seat_set_focus (seat=0x56158461a000 [PhocSeat], view=0x561584e28980) at ../src/seat.c:1575
#1 0x00005615822f6011 in wl_signal_emit (data=0x561584ed4530, signal=0x561584ed46a0) at /usr/include/wayland-server-core.h:478
#2 view_unmap (view=0x561584ed4530) at ../src/view.c:980
#3 0x00007ff87ba75ccc in wlr_signal_emit_safe () at /lib/x86_64-linux-gnu/libwlroots.so.9
#4 0x00007ff87ba537cf in () at /lib/x86_64-linux-gnu/libwlroots.so.9
#5 0x00007ff87ba53a1d in () at /lib/x86_64-linux-gnu/libwlroots.so.9
#6 0x00007ff87ba53a39 in () at /lib/x86_64-linux-gnu/libwlroots.so.9
#7 0x00007ff87ba528b5 in () at /lib/x86_64-linux-gnu/libwlroots.so.9
#8 0x00007ff87bac4ea7 in () at /lib/x86_64-linux-gnu/libwayland-server.so.0
#9 0x00007ff87bacb270 in () at /lib/x86_64-linux-gnu/libwayland-server.so.0
#10 0x00007ff87bacb760 in () at /lib/x86_64-linux-gnu/libwayland-server.so.0
#11 0x00007ff87bac58f9 in wl_client_destroy () at /lib/x86_64-linux-gnu/libwayland-server.so.0
#12 0x00007ff87bac630e in wl_display_destroy_clients () at /lib/x86_64-linux-gnu/libwayland-server.so.0
#13 0x00005615822e2c9c in phoc_server_dispose (object=0x561583bea000 [PhocServer]) at ../src/server.c:280
#14 0x00007ff87be4f7af in g_object_unref (_object=<optimized out>) at ../../../gobject/gobject.c:3540
#15 g_object_unref (_object=0x561583bea000) at ../../../gobject/gobject.c:3470
#16 0x00005615822e22ab in glib_autoptr_clear_GObject (_ptr=0x561583bea000 [PhocServer]) at /usr/include/glib-2.0/gobject/gobject-autocleanups.h:27
#17 glib_autoptr_clear_PhocServer (_ptr=0x561583bea000 [PhocServer]) at ../src/server.h:23
#18 glib_autoptr_cleanup_PhocServer (_ptr=<synthetic pointer>) at ../src/server.h:23
#19 main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:102
(gdb) set directories ~/git/phoc/src/
(gdb) l
warning: Source file is more recent than executable.
1570 }
1571
1572 void
1573 phoc_seat_set_focus (PhocSeat *seat, PhocView *view)
1574 {
1575 if (view && !phoc_seat_allow_input (seat, view->wlr_surface->resource)) {
1576 return;
1577 }
1578
1579 // Make sure the view will be rendered on top of others, even if it's
(gdb) p *view
$1 = {type = ROOTS_XWAYLAND_VIEW, impl = 0x56158230bc80 <view_impl>, desktop = 0x5615843660d0 [PhocDesktop], link = {prev = 0x0, next = 0x0}, parent_link = {prev = 0x0, next = 0x0}, box = {x = 2560, y = 0, width = 0, height = 0}, alpha = 1, scale = 1, decorated = false,
border_width = 0, titlebar_height = 0, title = 0x5615846845d0 "Which account? - Liberapay — Mozilla Firefox", app_id = 0x561584df1f80 "Firefox-esr", settings = 0x7ff70c012460 [GSettings], state = PHOC_VIEW_STATE_MAXIMIZED, tile_direction = PHOC_VIEW_TILE_LEFT,
fullscreen_output = 0x0, saved = {x = 2560, y = 0, width = 960, height = 1080}, pending_move_resize = {update_x = false, update_y = false, x = 0, y = 0, width = 960, height = 1080}, pending_centering = false, parent = 0x0, stack = {prev = 0x561584e28a48, next = 0x561584e28a48},
wlr_surface = 0x0, child_surfaces = {prev = 0x561584e28a60, next = 0x561584e28a60}, toplevel_handle = 0x0, toplevel_handle_request_maximize = {link = {prev = 0x561584e6a2b0, next = 0x561584e6a2b0}, notify = 0x5615822f4cf0 <handle_toplevel_handle_request_maximize>},
toplevel_handle_request_activate = {link = {prev = 0x561584e6a2d0, next = 0x561584e6a2d0}, notify = 0x5615822f3830 <handle_toplevel_handle_request_activate>}, toplevel_handle_request_fullscreen = {link = {prev = 0x561584e6a2e0, next = 0x561584e6a2e0},
notify = 0x5615822f56b0 <handle_toplevel_handle_request_fullscreen>}, toplevel_handle_request_close = {link = {prev = 0x561584e6a2f0, next = 0x561584e6a2f0}, notify = 0x5615822f3f50 <handle_toplevel_handle_request_close>}, surface_new_subsurface = {link = {prev = 0x0,
next = 0x0}, notify = 0x5615822f5bc0 <phoc_view_handle_surface_new_subsurface>}, events = {unmap = {listener_list = {prev = 0x561584d9e268, next = 0x561584d9e268}}, destroy = {listener_list = {prev = 0x561584d9e280, next = 0x561584d9e280}}}}
(gdb) p view->wlr_surface
$2 = (struct wlr_surface *) 0x0
(gdb) frame 2
#2 view_unmap (view=0x561584ed4530) at ../src/view.c:980
warning: Source file is more recent than executable.
980 wl_signal_emit(&view->events.unmap, view);
(gdb) l
975 void view_unmap(struct roots_view *view) {
976 assert(view->wlr_surface != NULL);
977
978 bool was_visible = phoc_desktop_view_is_visible(view->desktop, view);
979
980 wl_signal_emit(&view->events.unmap, view);
981
982 phoc_view_damage_whole (view);
983
984 wl_list_remove(&view->surface_new_subsurface.link);
(gdb) p *view
$3 = {type = ROOTS_XDG_SHELL_VIEW, impl = 0x56158230bc00 <view_impl>, desktop = 0x5615843660d0 [PhocDesktop], link = {prev = 0x5615843660e8, next = 0x5615843660e8}, parent_link = {prev = 0x0, next = 0x0}, box = {x = 0, y = 32, width = 2560, height = 1368}, alpha = 1, scale = 1,
decorated = false, border_width = 0, titlebar_height = 0, title = 0x561584d8e110 "mobile-maintainers — Evolution", app_id = 0x561584bdd060 "org.gnome.Evolution", settings = 0x5615843627a0 [GSettings], state = PHOC_VIEW_STATE_MAXIMIZED, tile_direction = PHOC_VIEW_TILE_LEFT,
fullscreen_output = 0x0, saved = {x = 0, y = 0, width = 0, height = 0}, pending_move_resize = {update_x = false, update_y = true, x = 0, y = 0, width = 2560, height = 1440}, pending_centering = false, parent = 0x0, stack = {prev = 0x561584ed45f8, next = 0x561584ed45f8},
wlr_surface = 0x561584e5bf40, child_surfaces = {prev = 0x561584ed4610, next = 0x561584ed4610}, toplevel_handle = 0x561584e082a0, toplevel_handle_request_maximize = {link = {prev = 0x561584e08300, next = 0x561584e08300},
notify = 0x5615822f4cf0 <handle_toplevel_handle_request_maximize>}, toplevel_handle_request_activate = {link = {prev = 0x561584e08320, next = 0x561584e08320}, notify = 0x5615822f3830 <handle_toplevel_handle_request_activate>}, toplevel_handle_request_fullscreen = {link = {
prev = 0x561584e08330, next = 0x561584e08330}, notify = 0x5615822f56b0 <handle_toplevel_handle_request_fullscreen>}, toplevel_handle_request_close = {link = {prev = 0x561584e08340, next = 0x561584e08340}, notify = 0x5615822f3f50 <handle_toplevel_handle_request_close>},
surface_new_subsurface = {link = {prev = 0x561584e5c2d8, next = 0x561584e5c2d8}, notify = 0x5615822f5bc0 <phoc_view_handle_surface_new_subsurface>}, events = {unmap = {listener_list = {prev = 0x561584ed46a0, next = 0x561584ed46a0}}, destroy = {listener_list = {
prev = 0x561584ed46b0, next = 0x561584ed46b0}}}}
I'm not really familiar with the codebase, but from what I can see a PhocView represents a view of a client (=some GUI) to be shown on the screen. I think there are maybe two issues here:
First: The wlr_surface
being NULL. Not sure how this happened as I certainly didn't close Firefox at the time (instead I was about to click on something).
Second: The pointer view
in #2 view_unmap (view=0x561584ed4530) at ../src/view.c:980
is not the same as in #0 0x00005615822f0c02 in phoc_seat_set_focus (seat=0x56158461a000 [PhocSeat], view=0x561584e28980) at ../src/seat.c:1575
Regarding my setup: I have two monitors (1440p@60Hz on the left, 1080p@144Hz on the right) and FF was on the right. Not quite sure on which monitor Evolution was, but I'm pretty certain that it wasn't currently visible.
I've also checked dmesg
but the phoc crash was the only thing that showed up there. journalctl
did show the following (which makes me question if the blame isn't phosh 0.15.0 instead...)
Feb 20 08:14:12 zeus gsd-color[7365]: unable to get EDID for xrandr-DVI-D-1: unable to get EDID for output
Feb 20 08:14:12 zeus gsd-color[7365]: unable to get EDID for xrandr-DP-1: unable to get EDID for output
Feb 20 08:14:12 zeus gsd-color[7365]: unable to get EDID for xrandr-DVI-D-1: unable to get EDID for output
Feb 20 08:14:12 zeus gsd-color[7365]: unable to get EDID for xrandr-DP-1: unable to get EDID for output
Feb 20 08:14:12 zeus gsd-color[7365]: unable to get EDID for xrandr-DVI-D-1: unable to get EDID for output
Feb 20 08:14:12 zeus gsd-color[7365]: unable to get EDID for xrandr-DP-1: unable to get EDID for output
Feb 20 08:14:13 zeus gsd-color[7365]: unable to get EDID for xrandr-DVI-D-1: unable to get EDID for output
Feb 20 08:14:13 zeus phosh[7278]: Error flushing display: Too many open files
Feb 20 08:14:13 zeus gsd-color[7365]: unable to get EDID for xrandr-DP-1: unable to get EDID for output
Feb 20 08:14:13 zeus gnome-session[7161]: gnome-session-binary[7161]: WARNING: App 'sm.puri.Phosh.desktop' exited with code 1
Feb 20 08:14:13 zeus gnome-session-binary[7161]: WARNING: App 'sm.puri.Phosh.desktop' exited with code 1
Feb 20 08:14:13 zeus polkitd(authority=local)[4440]: Unregistered Authentication Agent for unix-session:2 (system bus name :1.71, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 20 08:14:13 zeus kernel: rfkill: input handler enabled
Feb 20 08:14:13 zeus kernel: phoc[6955]: segfault at 0 ip 00005615822f0c02 sp 00007ffc9534e540 error 4 in phoc[5615822e0000+1d000]
Feb 20 08:14:13 zeus kernel: Code: fc 55 53 48 83 ec 20 64 48 8b 04 25 28 00 00 00 48 89 44 24 18 31 c0 48 85 f6 0f 84 68 01 00 00 48 8b 86 d8 00 00 00 48 89 f3 <48> 8b 30 e8 96 ff ff ff 84 c0 0f 84 2c 01 00 00 48 83 bb c0 00 00
Feb 20 08:14:13 zeus audit[6955]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=2 subj==unconfined pid=6955 comm="phoc" exe="/usr/bin/phoc" sig=11 res=1
Feb 20 08:14:13 zeus audit: BPF prog-id=31 op=LOAD
Feb 20 08:14:13 zeus audit: BPF prog-id=32 op=LOAD
Feb 20 08:14:13 zeus audit: BPF prog-id=33 op=LOAD
Feb 20 08:14:13 zeus audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=systemd-coredump@2-40542-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 20 08:14:13 zeus gnome-session-binary[7161]: Unrecoverable failure in required component sm.puri.Phosh.desktop
Feb 20 08:14:13 zeus /usr/libexec/gdm-wayland-session[7185]: (EE) failed to read Wayland events: Broken pipe
Feb 20 08:14:13 zeus unknown[7360]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus unknown[7362]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus unknown[7365]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus unknown[7419]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus unknown[7404]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus evolution-alarm[7541]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus unknown[7647]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus unknown[7667]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus unknown[7537]: Error reading events from display: Broken pipe
Feb 20 08:14:13 zeus systemd[6899]: xdg-desktop-portal-gnome.service: Main process exited, code=exited, status=1/FAILURE
Feb 20 08:14:13 zeus systemd[6899]: xdg-desktop-portal-gnome.service: Failed with result 'exit-code'.
Feb 20 08:14:13 zeus systemd[6899]: xdg-desktop-portal-gtk.service: Main process exited, code=exited, status=1/FAILURE
Feb 20 08:14:13 zeus systemd[6899]: xdg-desktop-portal-gtk.service: Failed with result 'exit-code'.
Feb 20 08:14:13 zeus systemd[1]: Started Process Core Dump (PID 40542/UID 0).
Feb 20 08:14:13 zeus unknown[8317]: Error flushing display: Broken pipe
Feb 20 08:14:13 zeus systemd[6899]: vte-spawn-3db706a0-1bfe-43c6-b7f7-0dbfe96ddc6e.scope: Consumed 14min 45.173s CPU time.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[12550]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[14022]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[10659]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[12405]: [GFX1-]: Receive IPC close with reason=AbnormalShutdown
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[9237]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[9153]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[9206]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[9061]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[12405]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[8946]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[9004]: Exiting due to channel error.
Feb 20 08:14:13 zeus sm.puri.Phosh.desktop[8892]: Exiting due to channel error.
Feb 20 08:14:13 zeus systemd[6899]: vte-spawn-49cf5de4-d8a6-4df8-8cba-b8d81f351455.scope: Consumed 2min 34.115s CPU time.
Feb 20 08:14:13 zeus callaudiod[7291]: No suitable card found, retrying in 3s...
Feb 20 08:14:14 zeus systemd-coredump[40556]: Process 6955 (phoc) of user 1000 dumped core.
Probably the gsd-color[7365]: unable to get EDID for ...
aren't relevant as those are repeated all over my logs.
If there's anything you want me to poke/investigate just give me a shout.