Bug 1373196 - [abrt] gnome-shell: meta_wayland_surface_get_toplevel(): gnome-shell killed by SIGSEGV
Summary: [abrt] gnome-shell: meta_wayland_surface_get_toplevel(): gnome-shell killed b...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-shell
Version: 25
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Owen Taylor
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:d109f9f095bed462936d5da82e4...
Keywords:
Depends On:
Blocks: WaylandRelated WaylandByDefault
TreeView+ depends on / blocked
 
Reported: 2016-09-05 13:12 UTC by Kamil Páral
Modified: 2016-09-15 12:50 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-09-08 13:27:46 UTC

Attachments (Terms of Use)
File: backtrace (45.73 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: cgroup (272 bytes, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: core_backtrace (5.62 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: dso_list (26.89 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: environ (1.05 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: exploitable (82 bytes, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: limits (1.29 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: maps (160.35 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: mountinfo (3.93 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: namespaces (102 bytes, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: open_fds (7.76 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: proc_pid_status (1.14 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
File: var_log_messages (485 bytes, text/plain)
2016-09-05 13:12 UTC, Kamil Páral 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Description Kamil Páral 2016-09-05 13:12:35 UTC 
Description of problem:
This seems to happen *sometimes* when you press Shift+F10 in Nautilus to display a context menu for the selected file (not sure if right mouse click can trigger the same crash). This exact crash happened to me twice already just today. The whole session dies just because of that, and all my unsaved work in all apps is lost.

Version-Release number of selected component:
gnome-shell-3.21.90.1-1.fc25

Additional info:
reporter:       libreport-2.7.2
backtrace_rating: 4
cmdline:        /usr/bin/gnome-shell
crash_function: meta_wayland_surface_get_toplevel
executable:     /usr/bin/gnome-shell
global_pid:     8377
kernel:         4.8.0-0.rc4.git0.1.fc25.x86_64
pkg_fingerprint: 4089 D8F2 FDB1 9C98
pkg_vendor:     Fedora Project
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 meta_wayland_surface_get_toplevel at wayland/meta-wayland-surface.c:1750
 #1 meta_wayland_surface_get_toplevel_window at wayland/meta-wayland-surface.c:1761
 #2 meta_surface_actor_wayland_get_scale at compositor/meta-surface-actor-wayland.c:104
 #3 meta_surface_actor_wayland_sync_state at compositor/meta-surface-actor-wayland.c:196
 #4 actor_surface_commit at wayland/meta-wayland-surface.c:2010
 #5 xdg_popup_role_commit at wayland/meta-wayland-xdg-shell.c:603
 #6 meta_wayland_surface_role_commit at wayland/meta-wayland-surface.c:1891
 #7 apply_pending_state at wayland/meta-wayland-surface.c:700
 #8 ffi_call_unix64 at ../src/x86/unix64.S:76
 #9 ffi_call at ../src/x86/ffi64.c:525
Comment 1 Kamil Páral 2016-09-05 13:12:40 UTC 
Created attachment 1197943 [details]
File: backtrace
Comment 2 Kamil Páral 2016-09-05 13:12:42 UTC 
Created attachment 1197944 [details]
File: cgroup
Comment 3 Kamil Páral 2016-09-05 13:12:43 UTC 
Created attachment 1197945 [details]
File: core_backtrace
Comment 4 Kamil Páral 2016-09-05 13:12:45 UTC 
Created attachment 1197946 [details]
File: dso_list
Comment 5 Kamil Páral 2016-09-05 13:12:46 UTC 
Created attachment 1197947 [details]
File: environ
Comment 6 Kamil Páral 2016-09-05 13:12:48 UTC 
Created attachment 1197948 [details]
File: exploitable
Comment 7 Kamil Páral 2016-09-05 13:12:49 UTC 
Created attachment 1197949 [details]
File: limits
Comment 8 Kamil Páral 2016-09-05 13:12:52 UTC 
Created attachment 1197950 [details]
File: maps
Comment 9 Kamil Páral 2016-09-05 13:12:53 UTC 
Created attachment 1197951 [details]
File: mountinfo
Comment 10 Kamil Páral 2016-09-05 13:12:55 UTC 
Created attachment 1197952 [details]
File: namespaces
Comment 11 Kamil Páral 2016-09-05 13:12:56 UTC 
Created attachment 1197953 [details]
File: open_fds
Comment 12 Kamil Páral 2016-09-05 13:12:58 UTC 
Created attachment 1197954 [details]
File: proc_pid_status
Comment 13 Kamil Páral 2016-09-05 13:12:59 UTC 
Created attachment 1197955 [details]
File: var_log_messages
Comment 14 Jonas Ådahl 2016-09-06 14:37:17 UTC 
Does this still happen with 3.21.91? The changes between 3.21.90 and 3.21.91 changes a lot of things where the backtrace shows it crashed.
Comment 15 Chris Murphy 2016-09-06 19:26:41 UTC 
Interesting, I do this often, but on Fedora 24/gnome-shell 3.20.4 (on Wayland). Could be a regression?
Comment 16 Jonas Ådahl 2016-09-07 01:13:13 UTC 
Could have, at some point during 3.21.x, but I believe its likely that its fixed by 3.21.91.
Comment 17 Kamil Páral 2016-09-07 10:04:44 UTC 
(In reply to Jonas Ådahl from comment #14)
> Does this still happen with 3.21.91? 

Unfortunately bug 1373372 prevents from from updating gtk3, which prevents me from updating mutter (causes other issues), which prevents me from updating gnome-shell. Will test once I'm able to update gnome-shell.
Comment 18 Kamil Páral 2016-09-08 13:27:46 UTC 
Seems to be working now with:
gtk3-3.21.5-1.fc25.x86_64
mutter-3.21.91-2.fc25.x86_64

Will reopen if it happens again.
Comment 19 Dima Ryazanov 2016-09-15 09:51:56 UTC 
I'm seeing a similar crash, and I can reproduce it almost 100% of the time in 3.21.91 as well as mutter and gnome-shell that I built from the latest git:

- Open gnome-terminal
- Press left and right mouse buttons simultaneously (they need to be handled as separate buttons - i.e., middle button emulation needs to be OFF)

This crashes gnome-shell immediately.

The backtrace in gdb looks bizarre:

Thread 1 "gnome-shell" received signal SIGSEGV, Segmentation fault.
meta_wayland_surface_get_toplevel (surface=0x0, surface@entry=0xb5a790) at wayland/meta-wayland-surface.c:1689
1689	  if (surface->role)

See the "surface" and "surface@entry": the correct value was passed into the function, but it somehow became NULL, even before the first line of the function got executed.

I set a breakpoint in "meta_wayland_surface_get_toplevel" to see what happens before the crash. It gets called lots of times; usually, surface and surface@entry are equal - but not always, e.g.:

Thread 1 "gnome-shell" hit Breakpoint 1, meta_wayland_surface_get_toplevel (surface=0xb5ace0, surface@entry=0xfe6370)
    at wayland/meta-wayland-surface.c:1689
1689	  if (surface->role)

I have no explanation for what's happening. Memory corruption? Concurrency issue? I'm guessing it's some kind of race condition given that it happens only when two events happen at almost the same time, but they're all processed by the main thread, right?
Comment 20 Kamil Páral 2016-09-15 12:50:00 UTC 
(In reply to Dima Ryazanov from comment #19)
> I'm seeing a similar crash, and I can reproduce it almost 100% of the time
> in 3.21.91 as well as mutter and gnome-shell that I built from the latest
> git:
> 
> - Open gnome-terminal
> - Press left and right mouse buttons simultaneously (they need to be handled
> as separate buttons - i.e., middle button emulation needs to be OFF)

I can reproduce that 100%, I filed a new bug 1376447. Please continue the discussion in that bug, thanks.
Note You need to log in before you can comment on or make changes to this bug.