This bug only occurs with the "start-desktop" subcommand, it also seems to go away when turning on all debug with "-d all" - which points towards a race condition.
It looked like maybe the screen updates were overwriting the mmap verification token, which was always stored at index 512 - r14781 makes it possible for the server to place it anywhere (and tell the client where to find it - for client that expose this new capability). This doesn't fix the problem.
With the patch attached to this ticket, I can dump the contents of the whole mmap area as the client sees it after receiving the hello back from the server. For regular servers, the mmap area is empty except for the token. For broken "desktop" servers, the mmap area has random areas filled with 0xff.
This bug also affects the 1.0 branch.
always dump mmap area from client when server sends hello
A broken mmap area:
001ae500 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff |................| 001ae510 ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 |................| 001ae520 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 |................| 001ae530 00 00 ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001ae540 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001aeae0 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001aeaf0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001afb80 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 |................| 001afb90 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff |................| 001afba0 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff |................| 001afbb0 ff ff ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001afbc0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001b0160 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001b0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001b1200 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff |................| 001b1210 ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 |................| 001b1220 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 |................| 001b1230 00 00 ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001b1240 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001b17e0 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001b17f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001b2880 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 |................| 001b2890 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff |................| 001b28a0 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff |................| 001b28b0 ff ff ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001b28c0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001b2e60 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001b2e70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001b3f00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff |................| 001b3f10 ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 |................| 001b3f20 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 |................| 001b3f30 00 00 ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001b3f40 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001b44e0 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001b44f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001b5580 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 |................| 001b5590 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff |................| 001b55a0 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff |................| 001b55b0 ff ff ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001b55c0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001b5b60 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001b5b70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001b6c00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff |................| 001b6c10 ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 |................| 001b6c20 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 |................| 001b6c30 00 00 ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001b6c40 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001b71e0 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001b71f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001b8280 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 |................| 001b8290 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff |................| 001b82a0 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff |................| 001b82b0 ff ff ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001b82c0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001b8860 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001b8870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001b9900 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff |................| 001b9910 ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 |................| 001b9920 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff 00 |................| 001b9930 00 00 ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001b9940 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001b9ee0 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001b9ef0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001baf80 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 |................| 001baf90 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff ff ff |................| 001bafa0 00 00 00 ff ff ff 00 00 00 ff ff ff 00 00 00 ff |................| 001bafb0 ff ff ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001bafc0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001bb560 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001bb570 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 001bc600 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff |................| 001bc610 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001bc630 ff ff ff ff ff 00 00 00 ff ff ff ff ff ff ff ff |................| 001bc640 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 001bcbe0 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 001bcbf0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 10001000
A correct mmap area (from "start" subcommand) showing the token only:
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000200 c8 f8 08 af 43 f1 03 89 77 43 0d f8 53 13 4b 42 |....C...wC..S.KB| 00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 10001000
Made some changes to try to debug better and improve the code to make the it more future proof (r14783, r14784, r14788). I don't understand why / how, but that also seems to fix the bug!
At some point, I thought I had found that adding a 0.5 second delay before reading the token in the server source check code allowed the client to correctly readback the value we were writing after that. Which doesn't make any sense.
For 1.0, I am tempted to either:
Went for the easy option: r14799 removes the token check client side in v1.0.x.
I would like to revisit this and actually figure out which change fixed things, just to figure out if we have actually fixed things. So not closing this ticket yet..
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1409