Hide Forgot
Description of problem: Likely a race-condition, but when clicking on the full-screen button on Youtube or BlueJeans, my Xwayland server often crashes and I end up back at the GDM prompt. Version-Release number of selected component (if applicable): wayland-debuginfo-1.9.92-1.fc24.x86_64 libwayland-cursor-devel-1.9.92-1.fc24.x86_64 mesa-libwayland-egl-11.2.0-0.devel.8.24ea81a.fc24.x86_64 wayland-protocols-devel-1.0-2.fc24.noarch libwayland-client-devel-1.9.92-1.fc24.x86_64 libwayland-cursor-1.9.92-1.fc24.x86_64 ibus-wayland-1.5.12-1.fc24.x86_64 gnome-session-wayland-session-3.19.4-1.fc24.x86_64 wayland-devel-1.9.92-1.fc24.x86_64 libwayland-client-1.9.92-1.fc24.x86_64 libwayland-server-1.9.92-1.fc24.x86_64 mesa-libwayland-egl-devel-11.2.0-0.devel.8.24ea81a.fc24.x86_64 xorg-x11-server-Xwayland-1.18.0-2.fc24.x86_64 How reproducible: Inconsistently. I had a hard time reproducing it after I attached the debugger, but eventually was able to do so. [1] Steps to Reproduce: 1. Run the GNOME Wayland Session 2. Run Google Chrome (I was using version 48) 3. Browse to YouTube or BlueJeans and attempt to full-screen the video. Actual results: XWayland crashes (see backtrace below) Expected results: Full-screen video. Additional info: Captured backtrace with gdb: #0 linear_to_xtiled (mem_copy=<optimized out>, swizzle_bit=<optimized out>, src_pitch=<optimized out>, src=0x3124020 <error: Cannot access memory at address 0x3124020>, dst=<optimized out>, y1=<optimized out>, y0=<optimized out>, x3=<optimized out>, x2=<optimized out>, x1=<optimized out>, x0=<optimized out>) at intel_tiled_memcpy.c:203 swizzle = 64 xo = 0 yo = 3072 #1 linear_to_xtiled_faster (x0=<optimized out>, x1=<optimized out>, x2=512, x3=<optimized out>, y0=y0@entry=0, y1=y1@entry=8, dst=0x7f789e3bd000 "", src=0x3115020 "", src_pitch=10240, swizzle_bit=64, mem_copy=0x7f78bfb61410 <__memcpy_avx_unaligned>) at intel_tiled_memcpy.c:395 No locals. #2 0x00007f78ba81f2ab in linear_to_tiled (xt1=0, xt2=10240, yt1=0, yt2=1440, dst=0x7f789d73d000 "", src=0x2495020 "", dst_pitch=10240, src_pitch=10240, has_swizzling=true, tiling=1, mem_copy=0x7f78bfb61410 <__memcpy_avx_unaligned>) at intel_tiled_memcpy.c:624 x0 = <optimized out> y1 = 1288 x2 = <optimized out> y0 = 1280 x3 = 512 x1 = <optimized out> tile_copy = 0x7f78ba81e2e0 <linear_to_xtiled_faster> xt0 = 0 xt3 = 10240 yt0 = 0 yt3 = 1440 xt = <optimized out> yt = 1280 tw = 512 th = 8 span = 64 swizzle_bit = 64 #3 0x00007f78ba81d751 in intel_texsubimage_tiled_memcpy (ctx=ctx@entry=0x7f78c26fb038, dims=dims@entry=2, texImage=texImage@entry=0x2f74180, xoffset=xoffset@entry=0, yoffset=<optimized out>, yoffset@entry=0, zoffset=zoffset@entry=0, width=2560, height=1440, depth=1, format=32993, type=33639, pixels=0x2495020, packing=0x7f78c2716390, for_glTexImage=false) at intel_tex_subimage.c:178 brw = <optimized out> image = <optimized out> src_pitch = 10240 bo = 0x2f74070 error = <optimized out> cpp = 4 mem_copy = 0x7f78bfb61410 <__memcpy_avx_unaligned> __func__ = "intel_texsubimage_tiled_memcpy" level = <optimized out> #4 0x00007f78ba81d943 in intelTexSubImage (ctx=0x7f78c26fb038, dims=2, texImage=0x2f74180, xoffset=0, yoffset=0, zoffset=0, width=2560, height=1440, depth=1, format=32993, type=33639, pixels=0x2495020, packing=0x7f78c2716390) at intel_tex_subimage.c:221 intelImage = 0x2f74180 ok = <optimized out> tex_busy = <optimized out> __func__ = "intelTexSubImage" #5 0x00007f78ba5b725b in _mesa_texture_sub_image (ctx=ctx@entry=0x7f78c26fb038, dims=dims@entry=2, texObj=texObj@entry=0x2f770e0, texImage=0x2f74180, target=target@entry=3553, level=level@entry=0, xoffset=0, yoffset=0, zoffset=0, width=2560, height=1440, depth=1, format=32993, type=33639, pixels=0x2495020, dsa=false) at main/teximage.c:3155 No locals. #6 0x00007f78ba5b74a2 in texsubimage (ctx=0x7f78c26fb038, dims=2, target=3553, level=0, xoffset=0, yoffset=0, zoffset=0, width=2560, height=1440, depth=1, format=32993, type=33639, pixels=0x2495020, callerName=0x7f78ba96abe6 "glTexSubImage2D") at main/teximage.c:3213 texObj = 0x2f770e0 texImage = <optimized out> height = 1440 width = 2560 zoffset = 0 ctx = 0x7f78c26fb038 callerName = <optimized out> type = 33639 xoffset = 0 pixels = 0x2495020 format = 32993 depth = 1 yoffset = 0 level = 0 target = 3553 dims = 2 #7 0x00007f78ba5b78c8 in _mesa_TexSubImage2D (target=<optimized out>, level=<optimized out>, xoffset=<optimized out>, yoffset=<optimized out>, width=<optimized out>, height=<optimized out>, format=32993, type=33639, pixels=0x2495020) at main/teximage.c:3354 No locals. #8 0x000000000043b370 in glamor_upload_boxes (pixmap=pixmap@entry=0x2f64690, in_boxes=in_boxes@entry=0x7ffeeac8c670, in_nbox=in_nbox@entry=1, dx_src=0, dy_src=0, dx_dst=0, dy_dst=0, bits=0x2495020 "", byte_stride=0) at glamor_transfer.c:107 x2 = <optimized out> y1 = 0 x1 = 0 y2 = 1440 ofs = 0 boxes = 0x7ffeeac8c678 nbox = <optimized out> screen = <optimized out> priv = 0x2f646e0 box_x = 0 box_y = 0 bytes_per_pixel = 4 type = 33639 format = 32993 #9 0x000000000042ac06 in glamor_copy_cpu_fbo (reverse=0, upsidedown=0, bitplane=0, closure=0x0, dy=0, dx=0, nbox=1, box=0x7ffeeac8c670, gc=0x2495110, dst=0x2f64690, src=0x2495850) at glamor_copy.c:225 src_stride = <optimized out> src_yoff = <optimized out> screen = <optimized out> src_bits = <optimized out> dst_xoff = 0 dst_pixmap = 0x2f64690 src_bpp = <optimized out> src_xoff = <optimized out> dst_yoff = 0 #10 glamor_copy_gl (reverse=0, upsidedown=0, closure=0x0, bitplane=0, dy=0, dx=0, nbox=1, box=0x7ffeeac8c670, gc=0x2495110, dst=0x2f64690, src=0x2495850) at glamor_copy.c:619 src_pixmap = <optimized out> dst_pixmap = <optimized out> src_priv = <optimized out> dst_priv = <optimized out> #11 glamor_copy (src=src@entry=0x2495850, dst=dst@entry=0x2f64690, gc=gc@entry=0x2495110, box=box@entry=0x7ffeeac8c670, nbox=nbox@entry=1, dx=0, dy=0, reverse=0, upsidedown=0, bitplane=0, closure=0x0) at glamor_copy.c:643 No locals. #12 0x000000000046c5ab in miCopyRegion ( pSrcDrawable=pSrcDrawable@entry=0x2495850, pDstDrawable=pDstDrawable@entry=0x2f64690, pGC=pGC@entry=0x2495110, pDstRegion=pDstRegion@entry=0x7ffeeac8c670, dx=dx@entry=0, dy=dy@entry=0, copyProc=0x42a970 <glamor_copy>, bitPlane=0, closure=0x0) at micopy.c:121 careful = <optimized out> reverse = <optimized out> upsidedown = <optimized out> pbox = 0x7ffeeac8c670 nbox = 1 pboxNew1 = <optimized out> pboxNew2 = 0x0 pboxBase = <optimized out> pboxNext = <optimized out> pboxTmp = <optimized out> #13 0x000000000046cb56 in miDoCopy (pSrcDrawable=0x2495850, pDstDrawable=0x2f64690, pGC=0x2495110, xIn=0, yIn=0, widthSrc=2560, heightSrc=1440, xOut=0, yOut=0, copyProc=0x42a970 <glamor_copy>, bitPlane=0, closure=0x0) at micopy.c:296 prgnSrcClip = 0x0 freeSrcClip = 0 prgnExposed = 0x0 rgnDst = {extents = {x1 = 0, y1 = 0, x2 = 2560, y2 = 1440}, data = 0x0} dx = 0 dy = 0 box_x1 = <optimized out> box_y1 = <optimized out> box_x2 = <optimized out> box_y2 = <optimized out> fastSrc = <optimized out> fastDst = <optimized out> fastExpose = <optimized out> #14 0x000000000042b464 in glamor_copy_area (src=<optimized out>, dst=<optimized out>, gc=<optimized out>, srcx=<optimized out>, srcy=<optimized out>, width=<optimized out>, height=1440, dstx=0, dsty=0) at glamor_copy.c:652 No locals. #15 0x00000000004f4dc1 in damageCopyArea (pSrc=0x2495850, pDst=0x2f64690, pGC=0x2495110, srcx=0, srcy=<optimized out>, width=2560, height=1440, dstx=0, dsty=0) at damage.c:765 ret = <optimized out> oldFuncs = 0x802de0 <damageGCFuncs> #16 0x0000000000539ff9 in compNewPixmap (pWin=pWin@entry=0x2f970b0, x=x@entry=0, y=y@entry=0, w=2560, h=1440) at compalloc.c:554 val = {val = 1, ptr = 0x1} pGC = 0x2495110 pScreen = 0x199c3b0 pParent = 0x2495850 pPixmap = <optimized out> #17 0x000000000053b41f in compReallocPixmap (pWin=pWin@entry=0x2f970b0, draw_x=<optimized out>, draw_y=<optimized out>, w=2560, h=1440, bw=bw@entry=0) at compalloc.c:681 pScreen = <optimized out> pOld = 0x2eb1070 pNew = <optimized out> pix_x = 0 pix_y = 0 pix_w = 2560 pix_h = 1440 __PRETTY_FUNCTION__ = "compReallocPixmap" #18 0x0000000000538672 in compConfigNotify (pWin=0x2f970b0, x=0, y=0, w=<optimized out>, h=<optimized out>, bw=0, pSib=0x2eaa620) at compwindow.c:806 pScreen = 0x199c3b0 ret = <optimized out> pParent = 0x2495850 draw_x = <optimized out> draw_y = <optimized out> alloc_ret = <optimized out> #19 0x00000000004ec222 in present_config_notify (window=0x2f970b0, x=0, y=0, w=2560, h=1440, bw=0, sibling=0x2eaa620) at present_screen.c:145 ret = <optimized out> screen = 0x199c3b0 #20 0x000000000057a5a6 in ConfigureWindow (pWin=<optimized out>, mask=<optimized out>, vlist=vlist@entry=0x2d397f0, client=client@entry=0x26e0e60) at window.c:2248 ret = <optimized out> pSib = 0x2eaa620 pParent = <optimized out> sibwid = <optimized out> index2 = <optimized out> tmask = <optimized out> pVlist = <optimized out> x = 0 y = 0 beforeX = 0 beforeY = 27 w = 2560 h = 1440 bw = <optimized out> rc = <optimized out> action = 2 smode = <optimized out> #21 0x00000000005476f6 in ProcConfigureWindow (client=0x26e0e60) at dispatch.c:868 pWin = 0x2f970b0 stuff = <optimized out> len = 4 rc = <optimized out> #22 0x000000000054d01f in Dispatch () at dispatch.c:430 clientReady = 0x1994ab0 result = <optimized out> client = 0x26e0e60 nready = 0 icheck = 0x8104b0 <checkForInput> start_tick = 9365 #23 0x0000000000551033 in dix_main (argc=10, argv=0x7ffeeac8cbe8, envp=<optimized out>) at main.c:300 i = <optimized out> alwaysCheckForInput = {0, 1} #24 0x00007f78bfa27861 in __libc_start_main (main=0x4234c0 <main>, argc=10, argv=0x7ffeeac8cbe8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffeeac8cbd8) at ../csu/libc-start.c:289 result = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 7784271585285737695, 4338896, 140732837448672, 0, 0, -7783736518178272033, -7857032898259612449}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x5939b0 <__libc_csu_fini>, 0x7f78c2663ec0 <_dl_fini>}, data = {prev = 0x0, cleanup = 0x0, canceltype = 5847472}}} not_first_call = <optimized out> #25 0x00000000004234f9 in _start () No symbol table info available. [1] I ultimately was able to reproduce it after I did the following: I started with my laptop (Lenovo T540p) using an external monitor only (internal screen disabled). I attached the debugger and couldn't reproduce the crash (though it usually happens almost every time). I then re-enabled the laptop screen as a secondary monitor and adjusted it's position. The next time I hit full-screen in Chrome, Xwayland crashed with the above backtrace.
It could be either a bug in glamor or in intel dri driver as well, the crash occurs in mesa.
Oddly enough I cannot reproduce that crash in Xwayland but I can reproduce a hang in gnome-shell/mutter (100% of the time) using the same reproducer steps... 1. Run google-chrome 2. F11 to switch to fullscreen 3. F11 again to revert to normal size => gnome-shell/mutter ends up taking 100% of the CPU and the backtrace points to i965 dri as well: #0 0x00007ff32b8c9c47 in convert_ubyte () at /usr/lib64/dri/i965_dri.so #1 0x00007ff32b8da97b in _mesa_format_convert () at /usr/lib64/dri/i965_dri.so #2 0x00007ff32b91fb25 in _mesa_GetTexSubImage_sw () at /usr/lib64/dri/i965_dri.so #3 0x00007ff32b9e4616 in _mesa_meta_GetTexSubImage () at /usr/lib64/dri/i965_dri.so #4 0x00007ff32bb80fad in intel_get_tex_sub_image () at /usr/lib64/dri/i965_dri.so #5 0x00007ff32b91e873 in get_texture_image.isra () at /usr/lib64/dri/i965_dri.so #6 0x00007ff32b920793 in _mesa_GetTexImage () at /usr/lib64/dri/i965_dri.so #7 0x00007ff350f3b9c3 in _cogl_texture_driver_gl_get_tex_image () at /lib64/libcogl.so.20 #8 0x00007ff350f2e853 in _cogl_texture_2d_gl_get_data () at /lib64/libcogl.so.20 #9 0x00007ff350f63abe in _cogl_texture_2d_get_data () at /lib64/libcogl.so.20 #10 0x00007ff350f62a2d in texture_get_cb () at /lib64/libcogl.so.20 #11 0x00007ff350f6bc4c in normalize_meta_coords_cb () at /lib64/libcogl.so.20 #12 0x00007ff350f6bee8 in padded_grid_repeat_cb () at /lib64/libcogl.so.20 #13 0x00007ff350f62597 in _cogl_texture_spans_foreach_in_region () at /lib64/libcogl.so.20 #14 0x00007ff350f6be1b in create_grid_and_repeat_cb () at /lib64/libcogl.so.20 #15 0x00007ff350f618b6 in _cogl_sub_texture_foreach_sub_texture_in_region () at /lib64/libcogl.so.20 #16 0x00007ff350f6c08c in cogl_meta_texture_foreach_in_region () at /lib64/libcogl.so.20 #17 0x00007ff350f62c56 in cogl_texture_get_data () at /lib64/libcogl.so.20 [...]
... and gnome-shell/mutter eventually (and unexpectedly) recovered after several minutes using 100% of the CPU, as if it had to deal with an extremely large surface... odd.
Sorry, the issue I've been reproducing/investigating has to do with the key event being repeated continuously causing gnome-shell to spin continously, probably an entirely different issue from the Xwayland crash reported in comment 0
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
If it's still reproducible - report to bugs.freedesktop.org please.