sway icon indicating copy to clipboard operation
sway copied to clipboard
verified publisher icon swaywm

Sway crashes when dragging container

Open codebling opened this issue 5 months ago • 7 comments

Please fill out the following:

  • Sway Version: sway version 1.12-dev-055be4ec

  • Debug Log: swaycrash2.log

  • Configuration File: swayconfig

  • Stack Trace: trace

  • Description:

    • open sway
    • press mod+w for tabbed layout
    • press mod+s for stacked layout
    • open 2 terminals (mod+enter)
    • press mod+w for tabbed layout
    • drag topmost container (T[foot foot]) to the right side of screen
    • observe crash

codebling avatar Nov 10 '25 20:11 codebling

The backtrace you provided doesn't contain debug symbols. This most likely happens because the Sway binary you're using doesn't have debug information bundled.

Can you try again with a manually compiled Sway binary? See https://github.com/swaywm/sway/wiki/Development-Setup#compiling-as-a-subproject

emersion avatar Nov 11 '25 13:11 emersion

The backtrace you provided doesn't contain debug symbols. This most likely happens because the Sway binary you're using doesn't have debug information bundled.

Can you try again with a manually compiled Sway binary? See https://github.com/swaywm/sway/wiki/Development-Setup#compiling-as-a-subproject

Added stack trace

codebling avatar Nov 11 '25 21:11 codebling

Can you try re-compiling with the address sanitizer (ASan) and reproducing the crash?

You can compile with ASan by passing -Db_sanitize=address to Meson.

#0  0x000055ace6275a16 in container_build_representation (layout=L_HORIZ, children=0x55ad1cc5c280, buffer=0x0) at ../sway/tree/container.c:792
        child = 0x61
        identifier = 0x0
        i = 0
        len = 2
#1  0x000055ace6281344 in workspace_update_representation (ws=0x55ad1c885160) at ../sway/tree/workspace.c:934
        len = 94201999856816
#2  0x000055ace6280c97 in workspace_insert_tiling_direct (workspace=0x55ad1c885160, con=0x55ad1cbd14b0, index=1) at ../sway/tree/workspace.c:832
#3  0x000055ace6280d27 in workspace_insert_tiling (workspace=0x55ad1c885160, con=0x55ad1cbd14b0, index=1) at ../sway/tree/workspace.c:845
#4  0x000055ace624adbb in finalize_move (seat=0x55ad1bc30e00) at ../sway/input/seatop_move_tiling.c:376
        new_layout = L_HORIZ
        e = 0x55ad1cbe3e10
        con = 0x55ad1cbd14b0
        old_parent = 0x0
        old_ws = 0x55ad1c885160
        target_node = 0x55ad1c885160
        new_ws = 0x55ad1c885160
        edge = WLR_EDGE_RIGHT
        after = 1
        swap = false
        siblings = 0x55ad1bc30e00
#5  0x000055ace624af0b in handle_button (seat=0x55ad1bc30e00, time_msec=112073744, device=0x55ad1ca156b8, button=272, state=WL_POINTER_BUTTON_STATE_RELEASED) at ../sway/input/seatop_move_tiling.c:410
#6  0x000055ace6245564 in seatop_button (seat=0x55ad1bc30e00, time_msec=112073744, device=0x55ad1ca156b8, button=272, state=WL_POINTER_BUTTON_STATE_RELEASED) at ../sway/input/seat.c:1567
#7  0x000055ace623b888 in dispatch_cursor_button (cursor=0x55ad1bb39ef0, device=0x55ad1ca156b8, time_msec=112073744, button=272, state=WL_POINTER_BUTTON_STATE_RELEASED) at ../sway/input/cursor.c:359
#8  0x000055ace623b974 in handle_pointer_button (listener=0x55ad1bb3a078, data=0x7ffcd3767c50) at ../sway/input/cursor.c:377
        cursor = 0x55ad1bb39ef0
        event = 0x7ffcd3767c50
#9  0x00007f843d6354d0 in wl_signal_emit_mutable (signal=<optimized out>, data=0x7ffcd3767c50) at ../wayland-1.24.0/src/wayland-server.c:2369
        pos = 0x55ad1bb3a078
        l = 0x55ad1bb3a078
        cursor = {link = {prev = 0x55ad1bb3a078, next = 0x7ffcd3767b50}, notify = 0x7f843d6321c0 <handle_noop>}
        end = {link = {prev = 0x7ffcd3767b70, next = 0x55ad1c6d0f28}, notify = 0x7f843d6321c0 <handle_noop>}

emersion avatar Nov 11 '25 21:11 emersion 

(gdb) bt full
#0  0x000055ace6275a16 in ?? ()
No symbol table info available.
#1  0x000055ace6299f01 in ?? ()
No symbol table info available.
#2  0x0000000000000000 in ?? ()
No symbol table info available.

Looks not very helpful.

codebling avatar Nov 13 '25 05:11 codebling

ASan print stack traces to stdout/stderr.

emersion avatar Nov 13 '25 12:11 emersion 

../sway/input/seatop_move_tiling.c:120:20: runtime error: member access within null pointer of type 'struct sway_container'
=================================================================
==1711430==ERROR: AddressSanitizer: negative-size-param: (size=-8)
    #0 0x7fa62631dd9a in memmove /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:98
    #1 0x55b4665caab2 in list_insert ../common/list.c:40
    #2 0x55b4665a5b14 in workspace_insert_tiling_direct ../sway/tree/workspace.c:828
    #3 0x55b4665a5e5d in workspace_insert_tiling ../sway/tree/workspace.c:845
    #4 0x55b4664919b3 in finalize_move ../sway/input/seatop_move_tiling.c:376
    #5 0x55b46649223c in handle_button ../sway/input/seatop_move_tiling.c:410
    #6 0x55b466473271 in seatop_button ../sway/input/seat.c:1567
    #7 0x55b46643978f in dispatch_cursor_button ../sway/input/cursor.c:359
    #8 0x55b466439d7f in handle_pointer_button ../sway/input/cursor.c:377
    #9 0x7fa625c944cf in wl_signal_emit_mutable (/usr/lib/libwayland-server.so.0+0x84cf) (BuildId: b9664217748f523995e3f855fa197cf8e59942d1)
    #10 0x7fa625c944cf in wl_signal_emit_mutable (/usr/lib/libwayland-server.so.0+0x84cf) (BuildId: b9664217748f523995e3f855fa197cf8e59942d1)
    #11 0x7fa625ba275d  (/usr/lib/libwlroots-0.20.so+0x6d75d) (BuildId: a213c4b3a7cf29b2d17c1dd0ac744455c26761b2)
    #12 0x7fa625ba168b  (/usr/lib/libwlroots-0.20.so+0x6c68b) (BuildId: a213c4b3a7cf29b2d17c1dd0ac744455c26761b2)
    #13 0x7fa625c96181 in wl_event_loop_dispatch (/usr/lib/libwayland-server.so.0+0xa181) (BuildId: b9664217748f523995e3f855fa197cf8e59942d1)
    #14 0x7fa625c98296 in wl_display_run (/usr/lib/libwayland-server.so.0+0xc296) (BuildId: b9664217748f523995e3f855fa197cf8e59942d1)
    #15 0x55b4663efaf2 in server_run ../sway/server.c:617
    #16 0x55b4663e4654 in main ../sway/main.c:376
    #17 0x7fa625027674  (/usr/lib/libc.so.6+0x27674) (BuildId: 4fe011c94a88e8aeb6f2201b9eb369f42b4a1e9e)
    #18 0x7fa625027728 in __libc_start_main (/usr/lib/libc.so.6+0x27728) (BuildId: 4fe011c94a88e8aeb6f2201b9eb369f42b4a1e9e)
    #19 0x55b46639df54 in _start (/home/arch/src-other/sway/build/sway/sway+0x390f54) (BuildId: 5aae9b9532beaabb338914d1d80f2543fd8256e2)

0x7c16237cb678 is located 8 bytes inside of 80-byte region [0x7c16237cb670,0x7c16237cb6c0)
allocated by thread T0 here:
    #0 0x7fa626320cb5 in malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:67
    #1 0x55b4665ca22c in create_list ../common/list.c:14
    #2 0x55b46659aeec in workspace_create ../sway/tree/workspace.c:90
    #3 0x55b4665ad220 in output_enable ../sway/tree/output.c:163
    #4 0x55b4664bb2d6 in finalize_output_config ../sway/config/output.c:609
    #5 0x55b4664c115a in apply_resolved_output_configs ../sway/config/output.c:1008
    #6 0x55b4664c1de5 in apply_output_configs ../sway/config/output.c:1070
    #7 0x55b4664c2100 in apply_stored_output_configs ../sway/config/output.c:1080
    #8 0x55b466406af8 in force_modeset ../sway/desktop/output.c:428
    #9 0x55b4663e4538 in main ../sway/main.c:366
    #10 0x7fa625027674  (/usr/lib/libc.so.6+0x27674) (BuildId: 4fe011c94a88e8aeb6f2201b9eb369f42b4a1e9e)
    #11 0x7fa625027728 in __libc_start_main (/usr/lib/libc.so.6+0x27728) (BuildId: 4fe011c94a88e8aeb6f2201b9eb369f42b4a1e9e)
    #12 0x55b46639df54 in _start (/home/arch/src-other/sway/build/sway/sway+0x390f54) (BuildId: 5aae9b9532beaabb338914d1d80f2543fd8256e2)

SUMMARY: AddressSanitizer: negative-size-param ../common/list.c:40 in list_insert
==1711430==ABORTING

codebling avatar Nov 13 '25 17:11 codebling

Waiting on reporter status should be removed

codebling avatar Nov 14 '25 20:11 codebling