Bug 1245834

What happens here is that mutter/gnome-shell crashes and Xwayland (which is an X server *and* a Wayland client) fails to write to the file descriptor communicating with the Wayland compositor (because it's dead), thus the "broken pipe" error.

All Wayland clients log the same error:

quodlibet.desktop[29465]: (quodlibet:29465): Gdk-WARNING **: Error 32 (Broken pipe) dispatching to Wayland display.

gnome-session[28436]: (evolution-alarm-notify:28962): Gdk-WARNING **: Error 32 (Broken pipe) dispatching to Wayland display.

org.gnome.Terminal[28434]: (gnome-terminal-server:29369): Gdk-WARNING **: Error 32 (Broken pipe) dispatching to Wayland display.

And obviously Xwayland as well.

gnome-session[28436]: (EE) failed to write to XWayland fd: Broken pipe

This is typical of the Wayland compositor crashing.

So I would rather say "quodlibet crashes mutter". But then any hint on how to reproduce, I have started "quodlibet" and left it running for some time and nothing happened.

Do you need to actually /play/ some music to crash mutter?

I was hoping the bug is easily reproducible also for maintainers, so I didn't waste a lot of time with bug reporting.

I don't know is it necessary for audio to be playing, but I was scrolling the album list when it crashed.
I try enabling systemd coredumps and try to get backtraces later today.

Yes, a core file or even a backtrace would be useful.

I had disable creation of core files by systemd  with command
echo "" > /proc/sys/kernel/core_pattern
because it ignored my "ulimit -c 0", but unfortunately systemd fails to start creating core files when I reset core_pattern to the default.

Now, after reboot, I have cores working again.
Just a boring null pointer dereference.
I add check for NULL and try if it helps.

#0  0x00007f256b325818 in af_loader_load_g (globals=0x0, globals=0x0, gindex=86) at /home/rpmbuild/rpmbuild/BUILD/freetype-2.5.5/src/autofit/afglobal.c:457
#1  0x00007f256b325818 in af_loader_load_g (loader=loader@entry=0x57782f0, scaler=scaler@entry=0x7f250f7eabd0, glyph_index=glyph_index@entry=86, load_flags=load_flags@entry=2593, depth=depth@entry=0)
    at /home/rpmbuild/rpmbuild/BUILD/freetype-2.5.5/src/autofit/afloader.c:450
#2  0x00007f256b3295b1 in af_autofitter_load_glyph (load_flags=2593, gindex=<optimized out>, face=<optimized out>, module=<optimized out>) at /home/rpmbuild/rpmbuild/BUILD/freetype-2.5.5/src/autofit/afloader.c:567
#3  0x00007f256b3295b1 in af_autofitter_load_glyph (module=0x57782d0, slot=<optimized out>, size=<optimized out>, glyph_index=86, load_flags=544) at /home/rpmbuild/rpmbuild/BUILD/freetype-2.5.5/src/autofit/afmodule.c:279
#4  0x00007f256b2d7fe5 in FT_Load_Glyph (face=0x7f25047e4000, glyph_index=86, load_flags=<optimized out>) at /home/rpmbuild/rpmbuild/BUILD/freetype-2.5.5/src/base/ftobjs.c:722
#5  0x00007f2573e51ec6 in _cairo_ft_scaled_glyph_init (abstract_font=0x7f250494d270, scaled_glyph=0x7f250498e228, info=CAIRO_SCALED_GLYPH_INFO_METRICS) at cairo-ft-font.c:2249
#6  0x00007f2573dd6abb in _cairo_scaled_font_glyph_device_extents (scaled_glyph_ret=<synthetic pointer>, info=CAIRO_SCALED_GLYPH_INFO_METRICS, index=86, scaled_font=0x7f250494d270) at cairo-scaled-font.c:2981
#7  0x00007f2573dd6abb in _cairo_scaled_font_glyph_device_extents (scaled_font=0x7f250494d270, glyphs=<optimized out>, num_glyphs=<optimized out>, extents=<optimized out>, overlap_out=<optimized out>) at cairo-scaled-font.c:2237
#8  0x00007f2573d71252 in _cairo_composite_rectangles_init_for_glyphs (extents=0x7f250f7eb270, surface=<optimized out>, op=<optimized out>, source=<optimized out>, scaled_font=0x7f250494d270, glyphs=0x7f250f7eba70, num_glyphs=15, clip=0x0,
overlap=0x7f250f7eb26c) at cairo-composite-rectangles.c:447
#9  0x00007f2573d718ea in _cairo_compositor_glyphs (compositor=0x7f2573eb9820 <spans>, surface=0x7f25047f91c0, op=<optimized out>, source=<optimized out>, glyphs=0x7f250f7eba70, num_glyphs=15, scaled_font=0x7f250494d270, clip=0x0)
    at cairo-compositor.c:238
#10 0x00007f2573d8fa57 in _cairo_image_surface_glyphs (abstract_surface=<optimized out>, op=<optimized out>, source=<optimized out>, glyphs=<optimized out>, num_glyphs=<optimized out>, scaled_font=<optimized out>, clip=0x0)
    at cairo-image-surface.c:1005
#11 0x00007f2573de18ee in _cairo_surface_show_text_glyphs (surface=0x7f25047f91c0, op=CAIRO_OPERATOR_OVER, source=0x7f250f7eb720, utf8=<optimized out>, utf8_len=<optimized out>, glyphs=0x7f250f7eba70, num_glyphs=15, clusters=0x0, num_clusters=0, cluster_flags=(unknown: 0), scaled_font=0x7f250494d270, clip=0x0) at cairo-surface.c:2600
#12 0x00007f2573d7da8b in _cairo_gstate_show_text_glyphs (gstate=<optimized out>, glyphs=<optimized out>, num_glyphs=15, info=0x0) at cairo-gstate.c:2023
#13 0x00007f2573d6adb9 in cairo_show_glyphs (cr=0x7f24f45c24f0, glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3319
#14 0x00007f25745430cb in pango_cairo_renderer_show_text_glyphs.isra () at /lib64/libpangocairo-1.0.so.0
#15 0x00007f25745434af in pango_cairo_renderer_draw_glyphs () at /lib64/libpangocairo-1.0.so.0
#16 0x00007f2574318109 in pango_renderer_draw_glyphs (renderer=0x7f252007c720, font=0x7f25040880c0, glyphs=0x96d9160, x=0, y=1555) at pango-renderer.c:641
#17 0x00007f2574318d76 in pango_renderer_draw_layout_line (renderer=renderer@entry=0x7f252007c720, line=line@entry=0x7f2504086720, x=0, y=1555) at pango-renderer.c:570
#18 0x00007f2574319185 in pango_renderer_draw_layout (renderer=0x7f252007c720, layout=<optimized out>, x=0, y=0) at pango-renderer.c:194
#19 0x00007f25745440de in pango_cairo_show_layout () at /lib64/libpangocairo-1.0.so.0
#20 0x00007f25315363d5 in rsvg_cairo_render_pango_layout () at /usr/lib64/librsvg-2.so.2
#21 0x00007f253153092c in _rsvg_node_text_type_children.isra.7 () at /usr/lib64/librsvg-2.so.2
#22 0x00007f25315307ae in _rsvg_node_text_type_children.isra.7 () at /usr/lib64/librsvg-2.so.2
#23 0x00007f2531530be0 in _rsvg_node_text_draw () at /usr/lib64/librsvg-2.so.2
#24 0x00007f253152b48e in rsvg_node_draw () at /usr/lib64/librsvg-2.so.2
#25 0x00007f253152b513 in _rsvg_node_draw_children () at /usr/lib64/librsvg-2.so.2
#26 0x00007f253152b48e in rsvg_node_draw () at /usr/lib64/librsvg-2.so.2
#27 0x00007f253152b8b3 in rsvg_node_svg_draw () at /usr/lib64/librsvg-2.so.2
#28 0x00007f253152b48e in rsvg_node_draw () at /usr/lib64/librsvg-2.so.2
#29 0x00007f25315380e3 in rsvg_handle_render_cairo_sub () at /usr/lib64/librsvg-2.so.2
#30 0x00007f25315385d8 in rsvg_handle_get_pixbuf_sub () at /usr/lib64/librsvg-2.so.2
#31 0x00007f2531744ed6 in gdk_pixbuf.svg_image_stop_load () at /usr/lib64/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so
#32 0x00007f25740d354b in gdk_pixbuf_loader_close (loader=loader@entry=0x7f251e6f2480, error=error@entry=0x992e990) at gdk-pixbuf-loader.c:819
#33 0x00007f25740cf16b in load_from_stream (loader=loader@entry=0x7f251e6f2480, stream=stream@entry=0x9b01270, cancellable=cancellable@entry=0x0, error=error@entry=0x992e990) at gdk-pixbuf-io.c:1489
#34 0x00007f25740d114d in gdk_pixbuf_new_from_stream_at_scale (stream=stream@entry=0x9b01270, width=96, height=96, preserve_aspect_ratio=preserve_aspect_ratio@entry=1, cancellable=cancellable@entry=0x0, error=error@entry=0x992e990)
    at gdk-pixbuf-io.c:1564
#35 0x00007f2576a47c2f in icon_info_ensure_scale_and_pixbuf (icon_info=0x992e900) at gtkicontheme.c:3903
#36 0x00007f2576a47ecc in load_icon_thread (task=0x4b5a820, source_object=<optimized out>, task_data=<optimized out>, cancellable=<optimized out>) at gtkicontheme.c:4101
#37 0x00007f2574aa4fe8 in g_task_thread_pool_thread (thread_data=0x4b5a820, pool_data=<optimized out>) at gtask.c:1283
#38 0x00007f257381b05c in g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:307
#39 0x00007f257381a945 in g_thread_proxy (data=0x5bf40a0) at gthread.c:764
#40 0x00007f2571fa9555 in start_thread (arg=0x7f250f7fe700) at pthread_create.c:333
#41 0x00007f2571ce3f3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb) frame
#0  0x00007f256b325818 in af_face_globals_is_digit (globals=0x0, globals=0x0, gindex=86) at /home/rpmbuild/rpmbuild/BUILD/freetype-2.5.5/src/autofit/afglobal.c:457
457         if ( gindex < (FT_ULong)globals->glyph_count )
(gdb) p gindex
$1 = 86

has been running 3 h without crashing, when I patched freetype

Created attachment 1058587 [details]
check for NULL

Created attachment 1058588 [details]
check for NULL

Hi Sami,

this looks like the af_loader_done() was called sooner then it should. This could be a threading problem. In that case, freetype-2.6 could help since it has been made thread safe recently. Could you try to update to the freetype from Fedora 23 and test?
Calling "dnf update --releasever=23 freetype" should be enough (and accepting the GPG key).

gnome-wayland has now been running for six hours without crashes due to freetype 2.6.

I've prepared a scratch build which backports the commits which improves thread-safety. Could you test it? You can find it here:

http://koji.fedoraproject.org/koji/taskinfo?taskID=10613234

I've created an update which improves the thread-safety as part of the bug #678397.

Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.