Skip to content

sendGetLayerSurface null pointer dereference #275

New issue
New issue
Open
Open
sendGetLayerSurface null pointer dereference#275
@fidgetingbits

Description

@fidgetingbits
fidgetingbits
opened on Sep 15, 2025

Ran into a crash which so far I haven't been able to reproduce unfortunately. I had logged out of hyprland using hyprctl dispatch exit and the hyprpaper service for some reason didn't exit, and would crash indefinitely. I noticed it spamming dmesg while I was in a separate gnome session.

❯ /nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper --help
[LOG] Welcome to hyprpaper!
built from commit v0.7.5 ()
Hyprpaper usage: hyprpaper [arg [...]].

The stack trace is:

(gdb) bt
#0  0x0000000000445320 in CCZwlrLayerShellV1::sendGetLayerSurface(wl_proxy*, wl_proxy*, zwlrLayerShellV1Layer, char const*) ()
#1  0x000000000043ad1d in CLayerSurface::CLayerSurface(SMonitor*) ()
#2  0x0000000000410b59 in CHyprpaper::createLSForMonitor(SMonitor*) ()
#3  0x000000000041471b in CHyprpaper::ensureMonitorHasActiveWallpaper(SMonitor*) ()
#4  0x0000000000419811 in CHyprpaper::recheckMonitor(SMonitor*) ()
#5  0x00000000004198af in CHyprpaper::recheckAllMonitors() ()
#6  0x0000000000419dfd in CHyprpaper::init() ()
#7  0x000000000040f841 in main ()
(gdb) i r
rax            0x29f9a110          704225552
rbx            0x29f9a7a0          704227232
rcx            0x0                 0
rdx            0x29f8f500          704181504
rsi            0x29f9a7e0          704227296
rdi            0x0                 0
rbp            0x29f9a850          0x29f9a850
rsp            0x7ffca4c412b8      0x7ffca4c412b8
r8             0x44f3e2            4518882
r9             0x0                 0
r10            0x0                 0
r11            0x0                 0
r12            0x46bb60            4635488
r13            0x29f8f500          704181504
r14            0x1                 1
r15            0x0                 0
rip            0x445320            0x445320 <CCZwlrLayerShellV1::sendGetLayerSurface(wl_proxy*, wl_proxy*, zwlrLayerShellV1Layer, char const*)>
...
(gdb) x/i $pc
=> 0x445320 <_ZN18CCZwlrLayerShellV119sendGetLayerSurfaceEP8wl_proxyS1_21zwlrLayerShellV1LayerPKc>:     mov    0x8(%rdi),%rax

The systemd service log shows:

 9月 15 10:10:07 onyx hyprpaper[193470]: [LOG] Welcome to hyprpaper!
 9月 15 10:10:07 onyx hyprpaper[193470]: built from commit v0.7.5 ()
 9月 15 10:10:07 onyx hyprpaper[193470]: [LOG] Cleaned old hyprpaper preloads (1), removing 132.7MB
 9月 15 10:10:07 onyx hyprpaper[193470]: [LOG] Preloaded target /nix/store/40h6rqb1q0ikz8kv7pdbp8l6i75nlq20-source/images/wallpapers/forest_temple.webp in 180.28ms -> Pixel size: [3840, 2160]
 9月 15 10:10:07 onyx hyprpaper[193470]: [LOG] Buffer created for target /nix/store/40h6rqb1q0ikz8kv7pdbp8l6i75nlq20-source/images/wallpapers/forest_temple.webp, Shared Memory usage: 132.7MB
 9月 15 10:10:07 onyx hyprpaper[193470]: [LOG] Total SM usage for all buffers: 132.7MB
 9月 15 10:10:07 onyx systemd-coredump[193475]: Process 193470 (hyprpaper) of user 1000 dumped core.

                                                 Module /nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper without build-id.
                                                 Module liblcms2.so.2 without build-id.
                                                 Module libbrotlienc.so.1 without build-id.
                                                 Module libbrotlicommon.so.1 without build-id.
                                                 Module libsharpyuv.so.0 without build-id.
                                                 Module libXdmcp.so.6 without build-id.
                                                 Module libXau.so.6 without build-id.
                                                 Module libdatrie.so.1 without build-id.
                                                 Module libselinux.so.1 without build-id.
                                                 Module libexpat.so.1 without build-id.
                                                 Module libbrotlidec.so.1 without build-id.
                                                 Module libbz2.so.1 without build-id.
                                                 Module libjxl_threads.so.0.11 without build-id.
                                                 Module libjxl_cms.so.0.11 without build-id.
                                                 Module libjxl.so.0.11 without build-id.
                                                 Module libspng.so.0 without build-id.
                                                 Module libwebp.so.7 without build-id.
                                                 Module libjpeg.so.62 without build-id.
                                                 Module libxcb-shm.so.0 without build-id.
                                                 Module libxcb-render.so.0 without build-id.
                                                 Module libxcb.so.1 without build-id.
                                                 Module libXrender.so.1 without build-id.
                                                 Module libXext.so.6 without build-id.
                                                 Module libX11.so.6 without build-id.
                                                 Module libpng16.so.16 without build-id.
                                                 Module libgraphite2.so.3 without build-id.
                                                 Module libfreetype.so.6 without build-id.
                                                 Module libpcre2-8.so.0 without build-id.
                                                 Module libthai.so.0 without build-id.
                                                 Module libfribidi.so.0 without build-id.
                                                 Module libfontconfig.so.1 without build-id.
                                                 Module libpangoft2-1.0.so.0 without build-id.
                                                 Module libffi.so.8 without build-id.
                                                 Module libz.so.1 without build-id.
                                                 Module libGLdispatch.so.0 without build-id.
                                                 Module libgcc_s.so.1 without build-id.
                                                 Module libstdc++.so.6 without build-id.
                                                 Module libhyprgraphics.so.0 without build-id.
                                                 Module libhyprutils.so.6 without build-id.
                                                 Module libhyprlang.so.2 without build-id.
                                                 Module libharfbuzz.so.0 without build-id.
                                                 Module libpango-1.0.so.0 without build-id.
                                                 Module libpangocairo-1.0.so.0 without build-id.
                                                 Module libmagic.so.1 without build-id.
                                                 Module libGLESv2.so.2 without build-id.
                                                 Module libOpenGL.so.0 without build-id.
                                                 Stack trace of thread 193470:
                                                 #0  0x0000000000445320 _ZN18CCZwlrLayerShellV119sendGetLayerSurfaceEP8wl_proxyS1_21zwlrLayerShellV1LayerPKc (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0x45320)
                                                 #1  0x000000000043ad1d _ZN13CLayerSurfaceC2EP8SMonitor (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0x3ad1d)
                                                 #2  0x0000000000410b59 _ZN10CHyprpaper18createLSForMonitorEP8SMonitor (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0x10b59)
                                                 #3  0x000000000041471b _ZN10CHyprpaper31ensureMonitorHasActiveWallpaperEP8SMonitor (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0x1471b)
                                                 #4  0x0000000000419811 _ZN10CHyprpaper14recheckMonitorEP8SMonitor (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0x19811)
                                                 #5  0x00000000004198af _ZN10CHyprpaper18recheckAllMonitorsEv (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0x198af)
                                                 #6  0x0000000000419dfd _ZN10CHyprpaper4initEv (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0x19dfd)
                                                 #7  0x000000000040f841 main (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0xf841)
                                                 #8  0x00007f3c3e82a47e __libc_start_call_main (libc.so.6 + 0x2a47e)
                                                 #9  0x00007f3c3e82a539 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2a539)
                                                 #10 0x000000000040ff75 _start (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0xff75)

                                                 Stack trace of thread 193471:
                                                 #0  0x00007f3c3e90d40f __poll (libc.so.6 + 0x10d40f)
                                                 #1  0x00007f3c3e96d141 wait_on_socket (libc.so.6 + 0x16d141)
                                                 #2  0x00007f3c3e96d918 __nscd_get_mapping (libc.so.6 + 0x16d918)
                                                 #3  0x00007f3c3e96dcef __nscd_get_map_ref (libc.so.6 + 0x16dcef)
                                                 #4  0x00007f3c3e9697d4 nscd_getpw_r (libc.so.6 + 0x1697d4)
                                                 #5  0x00007f3c3e969cd4 __nscd_getpwuid_r (libc.so.6 + 0x169cd4)
                                                 #6  0x00007f3c3e951c9f getpwuid_r@@GLIBC_2.2.5 (libc.so.6 + 0x151c9f)
                                                 #7  0x00007f3c3e951a30 getpwuid (libc.so.6 + 0x151a30)
                                                 #8  0x0000000000436b6c _ZZN10CIPCSocket10initializeEvENKUlvE_clEv (/nix/store/81gf3ipyamzjiwylvyfimmqb9815r559-hyprpaper-0.7.5/bin/hyprpaper + 0x36b6c)
                                                 #9  0x00007f3c3eced064 execute_native_thread_routine (libstdc++.so.6 + 0xed064)
                                                 #10 0x00007f3c3e8978ee start_thread (libc.so.6 + 0x978ee)
                                                 #11 0x00007f3c3e91b9bc __clone3 (libc.so.6 + 0x11b9bc)
                                                 ELF object binary architecture: AMD x86-64
 9月 15 10:10:07 onyx systemd[21246]: hyprpaper.service: Main process exited, code=dumped, status=11/SEGV
 9月 15 10:10:07 onyx systemd[21246]: hyprpaper.service: Failed with result 'core-dump'.
 9月 15 10:10:17 onyx systemd[21246]: hyprpaper.service: Scheduled restart job, restart counter is at 4.

So far attempts to reproduce by exiting hyprland in the same way show that hyprpaper is exiting gracefully.

fwiw I use sddm to start hyprland

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions