Bug 1385258

Created attachment 1210814 [details]
File: Xorg.0.log

Created attachment 1210815 [details]
File: backtrace

Created attachment 1210816 [details]
File: dmesg

Created attachment 1210817 [details]
File: dso_list

Created attachment 1210818 [details]
File: etc_X11_xorg_conf_d.tar.gz

Created attachment 1210819 [details]
File: usr_share_xorg_conf_d.tar.gz

Description of problem:
Segmentation fault when switch windows with ALT+TAB

Version-Release number of selected component:
xorg-x11-server-Xwayland-1.19.0-0.2.20160929.fc26

Additional info:
reporter:       libreport-2.8.0
executable:     /usr/bin/Xwayland
kernel:         4.8.0-0.rc8.git1.1.fc26.x86_64
pkg_fingerprint: 812A 6B4B 64DA B85D
pkg_vendor:     Fedora Project
runlevel:       N 5
type:           xorg
uid:            0

Truncated backtrace:
0: /usr/bin/Xwayland (OsLookupColor+0x139) [0x58f439]
1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x7ff2b6ebc63f]
2: /usr/bin/Xwayland (miPointerUpdateSprite+0x242) [0x473132]
3: /usr/bin/Xwayland (mieqProcessInputEvents+0x186) [0x46ef56]
4: /usr/bin/Xwayland (SendErrorToClient+0x126) [0x5551f6]
5: /usr/bin/Xwayland (InitFonts+0x428) [0x559418]
6: /lib64/libc.so.6 (__libc_start_main+0xf1) [0x7ff2b6b06451]
7: /usr/bin/Xwayland (_start+0x2a) [0x423a2a]
8: ? (?+0x2a) [0x2a]

I'm seeing this too, fairly randomly, but addr2line seems to point me deep into mifillarc, which is entirely wrong. Not sure what's up with the debuginfo packages:

 (EE) Backtrace:
 (EE) 0: /usr/bin/Xwayland (OsLookupColor+0x139) [0x58f4d9]
 (EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x7fe2f28fc5bf]
 (EE) 2: /usr/bin/Xwayland (miPointerUpdateSprite+0x242) [0x4731d2]

strictly:~% addr2line -e /usr/lib/debug/usr/bin/Xwayland.debug 0x4731d2
/usr/src/debug/xorg-server-1.18.4/mi/mifillarc.c:609

This is wrong ...

 (EE) 3: /usr/bin/Xwayland (mieqProcessInputEvents+0x186) [0x46eff6]

strictly:~% addr2line -e /usr/lib/debug/usr/bin/Xwayland.debug 0x46eff6
/usr/src/debug/xorg-server-1.18.4/mi/micmap.c:345

This is definitely wrong.

 (EE) 4: /usr/bin/Xwayland (SendErrorToClient+0x126) [0x555296]


strictly:~% addr2line -e /usr/lib/debug/usr/bin/Xwayland.debug 0x555296
/usr/src/debug/xorg-server-1.18.4/dix/dispatch.c:2804 (discriminator 1)

And so is this (should be Dispatch).

Right, there are quite a few similar bugs (with slightly different backtraces), I could never reproduce (so if you have any hint on how to reproduce...) and could not really make sense of the backtrace either, at least not enough to investigate very far.

Last time I checked one of these, it took me to dixGetPrivateAddr() which would be supposedly from MIPOINTER() at the beginning of miPointerUpdateSprite(), so basically the given DeviceIntPtr is corrupted, but I could not really get much farther with the little (presumably broken) info the backtrace provides.

What gives "rpm -qf /usr/lib/debug/usr/bin/Xwayland.debug" on your system?

PResumably same as bug 1384775 in f25 which may lead to a more realistic backtrace:

$ addr2line -fe /usr/lib/debug/usr/bin/Xwayland.debug 0x427108 0x4731fb 0x46eff6 0x555296 0x5594b8 
xwl_seat_set_cursor
/usr/src/debug/xorg-server-20160929/hw/xwayland/xwayland-cursor.c:46
miPointerUpdateSprite
/usr/src/debug/xorg-server-20160929/mi/mipointer.c:477
mieqProcessInputEvents
/usr/src/debug/xorg-server-20160929/mi/mieq.c:567
Dispatch
/usr/src/debug/xorg-server-20160929/dix/dispatch.c:312
dix_main
/usr/src/debug/xorg-server-20160929/dix/main.c:321

Out of curiosity, does your system feature a touch screen?

Oh, this explains a lot ...

xorg-x11-server-Xwayland-1.19.0-0.2.20160929.fc25.x86_64
xorg-x11-server-debuginfo-1.18.4-5.fc25.x86_64

As for the touchscreen - it does! Unfortunately I can't see #1384775 though.

My system has no touchscreen if that makes any difference.

I'd wish I could reproduce, but I never had this crash happening here...

Maybe it has to do with the apps running, the type of cursor they use? Do you remember what application you were using when the crash occurred?

(In reply to Olivier Fourdan from comment #14)
> Do you remember what application you were using when the crash occurred?

Since this is XWayland issue, it was very likely Nuvola Player:

https://tiliado.eu/nuvolaplayer/

But it was not the latest version. It is GTK3 app, using WebKit (and probably flash) on the background. Will try to dig through journal entries when I'll be back to that computer.

Another one that looks similar but yet slightly different: bug 1387281

Created attachment 1212617 [details]
journal

This is my journal content from around the crash (sorry for the czech, it does not look like journal can be convinced to use english :/). I can't see nothing really suspicious, but may be it will help ...

I am a bit wary with Xorg backtraces to be honest (well, even though this one looks "plausible").

Ideally, if you can, the best course of action is to:

1. Make sure you have the xorg-x11-server-debuginfo package installed for the same version of xorg-x11-server-Xwayland version

2. From a *remote* machine, connect to your workstation, and run gdb on your running Xwayland process:

  $ gdb /usr/bin/Xwayland $(pidof Xwayland)
  (gdb)
  (gdb) handle SIGUSR1 nostop
  (gdb) handle SIGUSR2 nostop
  (gdb) handle SIGPIPE nostop
  (gdb) cont

3. When the crash occurs, capture the core file and the full backtrace:

  (gdb) generate-core-file
  (gdb) bt full

Also, what gives "xinput list" on your system?

(In reply to Olivier Fourdan from comment #19)
> Also, what gives "xinput list" on your system?


$ xinput list
⎡ Virtual core pointer                    	id=2	[master pointer  (3)]
⎜   ↳ Virtual core XTEST pointer              	id=4	[slave  pointer  (2)]
⎜   ↳ xwayland-pointer:14                     	id=6	[slave  pointer  (2)]
⎣ Virtual core keyboard                   	id=3	[master keyboard (2)]
    ↳ Virtual core XTEST keyboard             	id=5	[slave  keyboard (3)]
    ↳ xwayland-keyboard:14                    	id=7	[slave  keyboard (3)]

Most likelt the same as bug 1393158 in F25

I have posted a patch upstream that should fix this issue:

  https://patchwork.freedesktop.org/series/15344/

And also prepared a test package for Fedora which includes this patch:

  F25:     http://koji.fedoraproject.org/koji/taskinfo?taskID=16471034
  rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=16471224

Could you try this build and see if that fixes the issue for you?

Note: these builds are scratch builds, they will automatically be deleted shortly.

(In reply to Olivier Fourdan from comment #22)
Thx. Will try to update the package, but since I have not met this bug for two weeks, its will be hard to confirm anything ....

On further investigation and even more testing, I don't think the previous patch actually fixed the issue...

So new patch, new scratch build here:

f25:     http://koji.fedoraproject.org/koji/taskinfo?taskID=16555185
rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=16555199

*** Bug 1397401 has been marked as a duplicate of this bug. ***

(In reply to Olivier Fourdan from comment #24)
> On further investigation and even more testing, I don't think the previous
> patch actually fixed the issue...
> 
> So new patch, new scratch build here:
> 
> f25:     http://koji.fedoraproject.org/koji/taskinfo?taskID=16555185
> rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=16555199

Either I am luckier or this ^^^ is much worser, since I hit the bug 1397401 just in 4 hours

(In reply to Vít Ondruch from comment #26)
> Either I am luckier or this ^^^ is much worser, since I hit the bug 1397401
> just in 4 hours

This is unexpected, can you capture the exact backtrace?

(In reply to Olivier Fourdan from comment #27)
> This is unexpected, can you capture the exact backtrace?

Quick update, after discussing with Vít on irc, it appears the old version of Xwayland was still in use at the time of the crash as the session had not been restarted after installing the new test package, which explains why the issue occurred.

I tried the reproducer from https://bugzilla.redhat.com/show_bug.cgi?id=1387281#c13 and it always crashed on first or second attempt. With the test build from comment 24, I cannot reproduce the issue anymore.

Similar experience with the "testclose.c" you provided me.

So it seems you nailed it!

(In reply to Vít Ondruch from comment #29)
> I tried the reproducer from
> https://bugzilla.redhat.com/show_bug.cgi?id=1387281#c13 and it always
> crashed on first or second attempt. With the test build from comment 24, I
> cannot reproduce the issue anymore.
> 
> Similar experience with the "testclose.c" you provided me.
> 
> So it seems you nailed it!

Excellent! Are you okay with me adding "Tested-by: Vít Ondruch <vondruch>" to the patch upstream?

(In reply to Olivier Fourdan from comment #30)
> Are you okay with me adding "Tested-by: Vít Ondruch
> <vondruch>" to the patch upstream?

Yes I am. Thx.

xorg-x11-server-1.19.0-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-45775f3dcf

xorg-x11-server-1.19.0-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-45775f3dcf

xorg-x11-server-1.19.0-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.