Bug 1373196
Summary: | [abrt] gnome-shell: meta_wayland_surface_get_toplevel(): gnome-shell killed by SIGSEGV | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kamil Páral <kparal> | ||||||||||||||||||||||||||||
Component: | gnome-shell | Assignee: | Owen Taylor <otaylor> | ||||||||||||||||||||||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||||||||||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||||||||||||||||||||
Priority: | unspecified | ||||||||||||||||||||||||||||||
Version: | 25 | CC: | bugzilla, dima, fmuellner, jadahl, mclasen, otaylor | ||||||||||||||||||||||||||||
Target Milestone: | --- | ||||||||||||||||||||||||||||||
Target Release: | --- | ||||||||||||||||||||||||||||||
Hardware: | x86_64 | ||||||||||||||||||||||||||||||
OS: | Unspecified | ||||||||||||||||||||||||||||||
URL: | https://retrace.fedoraproject.org/faf/reports/bthash/4ad7e1121b1b4efdc34d7c33d87320503f187811 | ||||||||||||||||||||||||||||||
Whiteboard: | abrt_hash:d109f9f095bed462936d5da82e4b1009f3597690;VARIANT_ID=workstation; | ||||||||||||||||||||||||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||||||||||||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||||||||||||||||||
Clone Of: | Environment: | ||||||||||||||||||||||||||||||
Last Closed: | 2016-09-08 13:27:46 UTC | Type: | --- | ||||||||||||||||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||||||||||||||
Embargoed: | |||||||||||||||||||||||||||||||
Bug Depends On: | |||||||||||||||||||||||||||||||
Bug Blocks: | 1277927, 1372055 | ||||||||||||||||||||||||||||||
Attachments: |
|
Description
Kamil Páral
2016-09-05 13:12:35 UTC
Created attachment 1197943 [details]
File: backtrace
Created attachment 1197944 [details]
File: cgroup
Created attachment 1197945 [details]
File: core_backtrace
Created attachment 1197946 [details]
File: dso_list
Created attachment 1197947 [details]
File: environ
Created attachment 1197948 [details]
File: exploitable
Created attachment 1197949 [details]
File: limits
Created attachment 1197950 [details]
File: maps
Created attachment 1197951 [details]
File: mountinfo
Created attachment 1197952 [details]
File: namespaces
Created attachment 1197953 [details]
File: open_fds
Created attachment 1197954 [details]
File: proc_pid_status
Created attachment 1197955 [details]
File: var_log_messages
Does this still happen with 3.21.91? The changes between 3.21.90 and 3.21.91 changes a lot of things where the backtrace shows it crashed. Interesting, I do this often, but on Fedora 24/gnome-shell 3.20.4 (on Wayland). Could be a regression? Could have, at some point during 3.21.x, but I believe its likely that its fixed by 3.21.91. (In reply to Jonas Ådahl from comment #14) > Does this still happen with 3.21.91? Unfortunately bug 1373372 prevents from from updating gtk3, which prevents me from updating mutter (causes other issues), which prevents me from updating gnome-shell. Will test once I'm able to update gnome-shell. Seems to be working now with: gtk3-3.21.5-1.fc25.x86_64 mutter-3.21.91-2.fc25.x86_64 Will reopen if it happens again. I'm seeing a similar crash, and I can reproduce it almost 100% of the time in 3.21.91 as well as mutter and gnome-shell that I built from the latest git: - Open gnome-terminal - Press left and right mouse buttons simultaneously (they need to be handled as separate buttons - i.e., middle button emulation needs to be OFF) This crashes gnome-shell immediately. The backtrace in gdb looks bizarre: Thread 1 "gnome-shell" received signal SIGSEGV, Segmentation fault. meta_wayland_surface_get_toplevel (surface=0x0, surface@entry=0xb5a790) at wayland/meta-wayland-surface.c:1689 1689 if (surface->role) See the "surface" and "surface@entry": the correct value was passed into the function, but it somehow became NULL, even before the first line of the function got executed. I set a breakpoint in "meta_wayland_surface_get_toplevel" to see what happens before the crash. It gets called lots of times; usually, surface and surface@entry are equal - but not always, e.g.: Thread 1 "gnome-shell" hit Breakpoint 1, meta_wayland_surface_get_toplevel (surface=0xb5ace0, surface@entry=0xfe6370) at wayland/meta-wayland-surface.c:1689 1689 if (surface->role) I have no explanation for what's happening. Memory corruption? Concurrency issue? I'm guessing it's some kind of race condition given that it happens only when two events happen at almost the same time, but they're all processed by the main thread, right? (In reply to Dima Ryazanov from comment #19) > I'm seeing a similar crash, and I can reproduce it almost 100% of the time > in 3.21.91 as well as mutter and gnome-shell that I built from the latest > git: > > - Open gnome-terminal > - Press left and right mouse buttons simultaneously (they need to be handled > as separate buttons - i.e., middle button emulation needs to be OFF) I can reproduce that 100%, I filed a new bug 1376447. Please continue the discussion in that bug, thanks. |