Ubuntu
xorg-server package

Xmir crashes when using the '-fd' option

Bug #1675481 reported by Christopher Townsend
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xorg-server (Ubuntu)
Won't Fix
Medium
Christopher Townsend

Bug Description

I'm trying to use the '-fd' option in Xmir and get a crash when Xmir starts up.

This is what I'm doing:

I'm using socket()/bind()/listen()/accept() on a AF_UNIX socket at /tmp/.X11-unix/X0 (or whatever available display number). DISPLAY is then set based on this. Then, when an X app accesses that socket, the code then starts Xmir and passes the fd returned in the accept() call to Xmir in the '-fd' option.

This is what I get in journalctl when this crash occurs: http://pastebin.ubuntu.com/24235520/

I installed the Xmir debug symbols and also passed in '-core' when starting Xmir and here is the bt: http://pastebin.ubuntu.com/24236088/

See original description
Tags: xmir
Christopher Townsend (townsend)
description: updated
Christopher Townsend (townsend)
description: updated
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

I'm not familiar with the -fd option myself, but confirm it can be made to crash:

Xmir :1 -fd 9999

Changed in xorg-server (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

I was wrong. What I was reproducing is a different crash with large FDs not specific to Xmir.

I'm really not sure how to reproduce your crash or if your use case is valid.

Only one theory: the logic for the -fd client connection is executed early before Xmir has started properly. We can try moving it to a lower location after the server has actually initialized.

Changed in xorg-server (Ubuntu):
importance: High → Medium
status: Confirmed → Incomplete
Revision history for this message
Christopher Townsend (townsend) wrote :

The following diff seems to fix the crash: http://pastebin.ubuntu.com/24242549/

I haven't committed it yet since I'm really not sure if this method is valid or if there is a bug.

After a client connects to the X socket and Xmir is started with the fd returned from accept(), the client just hangs. I got a backtrace of the client, and it's blocked on xcb_connect_to_fd(). Here is a snippet of the bt:

(gdb) bt full
#0 0x00007fc8426b2b40 in __poll_nocancel () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x00007fc83c0a1d0b in poll (__timeout=-1, __nfds=1, __fds=0x7ffcbb227250) at /usr/include/x86_64-linux-gnu/bits/poll2.h:46
No locals.
#2 read_block (len=8, buf=0x22e6950, fd=4) at ../../src/xcb_in.c:388
        pfd = {fd = 4, events = 1, revents = 0}
        ret = <optimized out>
        done = 0
#3 _xcb_in_read_block (c=c@entry=0x2505cd0, buf=0x22e6950, len=len@entry=8) at ../../src/xcb_in.c:1057
        done = 0
#4 0x00007fc83c09fa93 in read_setup (c=0x2505cd0) at ../../src/xcb_conn.c:157
No locals.
#5 xcb_connect_to_fd (fd=fd@entry=4, auth_info=auth_info@entry=0x0) at ../../src/xcb_conn.c:339
        c = <optimized out>
#6 0x00007fc83c0a3679 in xcb_connect_to_display_with_auth_info (displayname=<optimized out>, auth=0x0, screenp=0x0) at ../../src/xcb_util.c:528
        display = 0
        host = 0x22c6480 ""
        protocol = 0x0
        ourauth = {namelen = 1155370049, name = 0x7ffcbb2273bf "", datalen = -1717986919, data = 0x7fc84297bb20 <main_arena> ""}
        c = <optimized out>
        parsed = <optimized out>
#7 0x00007fc83e74780a in _XConnectXCB () from target:/usr/lib/x86_64-linux-gnu/libX11.so.6
No symbol table info available.

So it seems it's waiting on the X server to send something back, but the X server is not. Most likely a bug in the X server...

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Your diff appears to be what I was suggesting in comment #2.

Please try just moving that whole block to near the end of the function (without using timers). If that works then please do commit.

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

... and if moving the block is insufficient and the timer is your only option, I pre-approve of that landing too. Makes sense either of those should fix it.

Changed in xorg-server (Ubuntu):
assignee: nobody → Christopher Townsend (townsend)
status: Incomplete → In Progress
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

https://git.launchpad.net/~xmir-team/xorg-server/+git/xmir/commit/?id=e8435ece23017fb4153487f6157eb11cac985697

Changed in xorg-server (Ubuntu):
status: In Progress → Fix Committed
Daniel van Vugt (vanvugt)
Changed in xorg-server (Ubuntu):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.