Bug 1833856

Summary: Gnome Shell/Mutter crash on Wayland when resizing window with mouse
Product: [Fedora] Fedora Reporter: Alex Villacís Lasso <alexvillacislasso>
Component: mutterAssignee: Jonas Ådahl <jadahl>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 32CC: fmuellner, gnome-sig, jadahl, niloy.kumar, otaylor, philip.wyett, walters
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-10 09:01:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alex Villacís Lasso 2020-05-11 03:50:30 UTC
Description of problem:
If currently-selected mouse cursor theme is missing some cursor images, possibly the ones related to window resizing, GNOME Shell crashes hard if an attempt is made to resize a Wayland window horizontally, possibly vertically too, and the missing cursor image is requested.

Version-Release number of selected component (if applicable):
mutter-3.36.2-1.fc32.x86_64
gnome-shell-3.36.2-2.fc32.x86_64
oxygen-cursor-themes-5.18.5-1.fc32.noarch

How reproducible:
Always (if cursor theme is missing some cursors)

Steps to Reproduce:
1. Start GNOME Shell in Wayland mode
2. Install oxygen-cursor-themes in latest version, and select Oxygen_Blue as current cursor theme
3. Start any Wayland client. Tested with both Firefox and gedit
4. Unmaximize the window if required
5. Grab the right window border with mouse and attempt to resize

Actual results:
Entire desktop crashes and user is sent back to login screen

Expected results:
No crash. Desktop should either use no cursor, use last valid cursor, or use a fallback known-good cursor

Additional info:
ABRT fails to log this bug. Here is some information on the crash itself from journalctl:

may 10 22:28:01 karlalex.palosanto.com systemd[5737]: Started VTE child process 16739 launched by gnome-terminal-server process 16734.
may 10 22:28:01 karlalex.palosanto.com systemd[5737]: gnome-launched-org.gnome.Terminal.desktop-16726.scope: Succeeded.
may 10 22:28:12 karlalex.palosanto.com abrt-notification[16822]: Process 13592 (gnome-shell) crashed in dump_gjs_stack_on_signal_handler()
may 10 22:28:22 karlalex.palosanto.com gnome-shell[15844]: Could not find cursor. Perhaps set XCURSOR_PATH?
may 10 22:28:22 karlalex.palosanto.com audit[15844]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=15844 comm="gnome-shell" exe="/usr/bin/gnome-shell" sig=5 res=1
may 10 22:28:22 karlalex.palosanto.com audit: BPF prog-id=102 op=LOAD
may 10 22:28:22 karlalex.palosanto.com audit: BPF prog-id=103 op=LOAD
may 10 22:28:22 karlalex.palosanto.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@1-16831-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr>


may 10 22:28:34 karlalex.palosanto.com systemd-coredump[16832]: Process 15844 (gnome-shell) of user 1000 dumped core.
                                                                
                                                                Stack trace of thread 15844:
                                                                #0  0x00007f0653e41a25 raise (libc.so.6 + 0x3ca25)
                                                                #1  0x00005562808613b2 dump_gjs_stack_on_signal_handler (gnome-shell + 0x33b2)
                                                                #2  0x00007f0653e41ab0 __restore_rt (libc.so.6 + 0x3cab0)
                                                                #3  0x00007f0654cc3977 g_log_structured_array (libglib-2.0.so.0 + 0x59977)
                                                                #4  0x00007f0654cc3d89 g_log_default_handler (libglib-2.0.so.0 + 0x59d89)
                                                                #5  0x000055628086109e default_log_handler (gnome-shell + 0x309e)
                                                                #6  0x00007f0654cc3fd9 g_logv (libglib-2.0.so.0 + 0x59fd9)
                                                                #7  0x00007f0654cc4273 g_log (libglib-2.0.so.0 + 0x5a273)
                                                                #8  0x00007f06540476b7 meta_cursor_sprite_xcursor_realize_texture (libmutter-6.so.0 + 0x766b7)
                                                                #9  0x00007f0654116610 meta_cursor_renderer_native_update_cursor (libmutter-6.so.0 + 0x145610)
                                                                #10 0x00007f0654046cb4 meta_cursor_renderer_update_cursor (libmutter-6.so.0 + 0x75cb4)
                                                                #11 0x00007f0654047c16 sync_cursor (libmutter-6.so.0 + 0x76c16)
                                                                #12 0x00007f0654090bc2 meta_display_reload_cursor (libmutter-6.so.0 + 0xbfbc2)
                                                                #13 0x00007f0654091044 meta_display_begin_grab_op (libmutter-6.so.0 + 0xc0044)
                                                                #14 0x00007f06540feb61 meta_wayland_surface_begin_grab_op (libmutter-6.so.0 + 0x12db61)
                                                                #15 0x00007f065410a3d7 xdg_toplevel_resize (libmutter-6.so.0 + 0x1393d7)
                                                                #16 0x00007f06532c5af0 ffi_call_unix64 (libffi.so.6 + 0x6af0)
                                                                #17 0x00007f06532c52ab ffi_call (libffi.so.6 + 0x62ab)
                                                                #18 0x00007f0653a6ecd2 wl_closure_invoke (libwayland-server.so.0 + 0xdcd2)
                                                                #19 0x00007f0653a6a132 wl_client_connection_data (libwayland-server.so.0 + 0x9132)
                                                                #20 0x00007f0653a6cbea wl_event_loop_dispatch (libwayland-server.so.0 + 0xbbea)
                                                                #21 0x00007f06540eb4ab wayland_event_source_dispatch (libmutter-6.so.0 + 0x11a4ab)
                                                                #22 0x00007f0654cbc7cf g_main_context_dispatch (libglib-2.0.so.0 + 0x527cf)
                                                                #23 0x00007f0654cbcb58 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x52b58)
                                                                #24 0x00007f0654cbce73 g_main_loop_run (libglib-2.0.so.0 + 0x52e73)
                                                                #25 0x00007f065409d430 meta_run (libmutter-6.so.0 + 0xcc430)
                                                                #26 0x0000556280860c9c main (gnome-shell + 0x2c9c)
                                                                #27 0x00007f0653e2c042 __libc_start_main (libc.so.6 + 0x27042)
                                                                #28 0x0000556280860e7e _start (gnome-shell + 0x2e7e)
                                                                
                                                                Stack trace of thread 15849:
                                                                #0  0x00007f0653efbb6f __poll (libc.so.6 + 0xf6b6f)
                                                                #1  0x00007f0654cbcaee g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x52aee)
                                                                #2  0x00007f0654cbcc23 g_main_context_iteration (libglib-2.0.so.0 + 0x52c23)
                                                                #3  0x00007f0654cbcc71 glib_worker_main (libglib-2.0.so.0 + 0x52c71)
                                                                #4  0x00007f0654ce67f2 g_thread_proxy (libglib-2.0.so.0 + 0x7c7f2)
                                                                #5  0x00007f06532d3432 start_thread (libpthread.so.0 + 0x9432)
                                                                #6  0x00007f0653f069d3 __clone (libc.so.6 + 0x1019d3)
                                                                
                                                                Stack trace of thread 15881:
                                                                #0  0x00007f06532d9e92 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 + 0xfe92)
                                                                #1  0x00007f0651d1530d _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-68.so.0 + 0x79230d)
                                                                #2  0x00007f0651d16cb5 _ZN7mozilla6detail21ConditionVariableImpl8wait_forERNS0_9MutexImplERKNS_16BaseTimeDurationINS_27TimeDurationValueCalculatorEEE (libmozjs-68.so.0 + 0x7>
                                                                #3  0x00007f06517ac6f5 _ZN2js12HelperThread10threadLoopEv (libmozjs-68.so.0 + 0x2296f5)
                                                                #4  0x00007f065179ff39 _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE5StartES2_ (libmozjs-68.so.0 + 0x21cf39)
                                                                #5  0x00007f06532d3432 start_thread (libpthread.so.0 + 0x9432)
                                                                #6  0x00007f0653f069d3 __clone (libc.so.6 + 0x1019d3)
                                                                
                                                                Stack trace of thread 15851:
                                                                #0  0x00007f0653efbb6f __poll (libc.so.6 + 0xf6b6f)
                                                                #1  0x00007f0654cbcaee g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x52aee)
                                                                #2  0x00007f0654cbce73 g_main_loop_run (libglib-2.0.so.0 + 0x52e73)
                                                                #3  0x00007f0654f1063a gdbus_shared_thread_func (libgio-2.0.so.0 + 0x12263a)
                                                                #4  0x00007f0654ce67f2 g_thread_proxy (libglib-2.0.so.0 + 0x7c7f2)
                                                                #5  0x00007f06532d3432 start_thread (libpthread.so.0 + 0x9432)
                                                                #6  0x00007f0653f069d3 __clone (libc.so.6 + 0x1019d3)
                                                                
                                                                Stack trace of thread 15856:
                                                                #0  0x00007f0653efbb6f __poll (libc.so.6 + 0xf6b6f)
                                                                #1  0x00007f0654cbcaee g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x52aee)
                                                                #2  0x00007f0654cbcc23 g_main_context_iteration (libglib-2.0.so.0 + 0x52c23)
                                                                #3  0x00007f064ea70fbd dconf_gdbus_worker_thread (libdconfsettings.so + 0xafbd)
                                                                #4  0x00007f0654ce67f2 g_thread_proxy (libglib-2.0.so.0 + 0x7c7f2)
                                                                #5  0x00007f06532d3432 start_thread (libpthread.so.0 + 0x9432)
                                                                #6  0x00007f0653f069d3 __clone (libc.so.6 + 0x1019d3)
                                                                
                                                                Stack trace of thread 15882:
                                                                #0  0x00007f06532d9e92 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 + 0xfe92)
                                                                #1  0x00007f0651d1530d _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-68.so.0 + 0x79230d)
                                                                #2  0x00007f0651d16cb5 _ZN7mozilla6detail21ConditionVariableImpl8wait_forERNS0_9MutexImplERKNS_16BaseTimeDurationINS_27TimeDurationValueCalculatorEEE (libmozjs-68.so.0 + 0x7>
                                                                #3  0x00007f06517ac6f5 _ZN2js12HelperThread10threadLoopEv (libmozjs-68.so.0 + 0x2296f5)
                                                                #4  0x00007f065179ff39 _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE5StartES2_ (libmozjs-68.so.0 + 0x21cf39)
                                                                #5  0x00007f06532d3432 start_thread (libpthread.so.0 + 0x9432)
                                                                #6  0x00007f0653f069d3 __clone (libc.so.6 + 0x1019d3)
                                                                
                                                                Stack trace of thread 16826:
                                                                #0  0x00007f0653f0143d syscall (libc.so.6 + 0xfc43d)
                                                                #1  0x00007f0654d0b416 g_cond_wait_until (libglib-2.0.so.0 + 0xa1416)
                                                                #2  0x00007f0654c8c4c1 g_async_queue_pop_intern_unlocked (libglib-2.0.so.0 + 0x224c1)
                                                                #3  0x00007f0654c8cb06 g_async_queue_timeout_pop (libglib-2.0.so.0 + 0x22b06)
                                                                #4  0x00007f0654ce7199 g_thread_pool_thread_proxy (libglib-2.0.so.0 + 0x7d199)
                                                                #5  0x00007f0654ce67f2 g_thread_proxy (libglib-2.0.so.0 + 0x7c7f2)
                                                                #6  0x00007f06532d3432 start_thread (libpthread.so.0 + 0x9432)
                                                                #7  0x00007f0653f069d3 __clone (libc.so.6 + 0x1019d3)

Comment 1 Jonas Ådahl 2020-05-11 17:05:43 UTC
Yea, we should handle that more gracefully, and not crash. I.e. I can fix this bug by not crashing, but instead you'll just get an invisible cursor since it seems your theme is not complete.

Comment 2 NK 2020-05-21 22:03:33 UTC
this is not about oxygen theme at all..

I have installed a fresh image of fedora 32 and gnome extension - dash to panel v37. I see frequent crashes which re-initializes the desktop. And I loose all shortcuts in right hand bottom corner --mainly clock, wifi, sound, power)

ABRT is not working at all in this version..no problems can be reported through it -(retrace server is unable to process package gnome x.x.x.)

at this point if I go to settings-->extensions--> change the dash placement to top i get the only clock back not others.

this shell is really turning out to be a major bug.