Bug 1373196 - [abrt] gnome-shell: meta_wayland_surface_get_toplevel(): gnome-shell killed by SIGSEGV
Summary: [abrt] gnome-shell: meta_wayland_surface_get_toplevel(): gnome-shell killed b...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-shell
Version: 25
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Owen Taylor
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:d109f9f095bed462936d5da82e4...
Keywords:
Depends On:
Blocks: WaylandRelated WaylandByDefault
TreeView+ depends on / blocked
 
Reported: 2016-09-05 13:12 UTC by Kamil Páral
Modified: 2016-09-15 12:50 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-09-08 13:27:46 UTC


Attachments (Terms of Use)
File: backtrace (45.73 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: cgroup (272 bytes, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: core_backtrace (5.62 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: dso_list (26.89 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: environ (1.05 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: exploitable (82 bytes, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: limits (1.29 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: maps (160.35 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: mountinfo (3.93 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: namespaces (102 bytes, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: open_fds (7.76 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: proc_pid_status (1.14 KB, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details
File: var_log_messages (485 bytes, text/plain)
2016-09-05 13:12 UTC, Kamil Páral
no flags Details

Description Kamil Páral 2016-09-05 13:12:35 UTC
Description of problem:
This seems to happen *sometimes* when you press Shift+F10 in Nautilus to display a context menu for the selected file (not sure if right mouse click can trigger the same crash). This exact crash happened to me twice already just today. The whole session dies just because of that, and all my unsaved work in all apps is lost.

Version-Release number of selected component:
gnome-shell-3.21.90.1-1.fc25

Additional info:
reporter:       libreport-2.7.2
backtrace_rating: 4
cmdline:        /usr/bin/gnome-shell
crash_function: meta_wayland_surface_get_toplevel
executable:     /usr/bin/gnome-shell
global_pid:     8377
kernel:         4.8.0-0.rc4.git0.1.fc25.x86_64
pkg_fingerprint: 4089 D8F2 FDB1 9C98
pkg_vendor:     Fedora Project
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 meta_wayland_surface_get_toplevel at wayland/meta-wayland-surface.c:1750
 #1 meta_wayland_surface_get_toplevel_window at wayland/meta-wayland-surface.c:1761
 #2 meta_surface_actor_wayland_get_scale at compositor/meta-surface-actor-wayland.c:104
 #3 meta_surface_actor_wayland_sync_state at compositor/meta-surface-actor-wayland.c:196
 #4 actor_surface_commit at wayland/meta-wayland-surface.c:2010
 #5 xdg_popup_role_commit at wayland/meta-wayland-xdg-shell.c:603
 #6 meta_wayland_surface_role_commit at wayland/meta-wayland-surface.c:1891
 #7 apply_pending_state at wayland/meta-wayland-surface.c:700
 #8 ffi_call_unix64 at ../src/x86/unix64.S:76
 #9 ffi_call at ../src/x86/ffi64.c:525

Comment 1 Kamil Páral 2016-09-05 13:12:40 UTC
Created attachment 1197943 [details]
File: backtrace

Comment 2 Kamil Páral 2016-09-05 13:12:42 UTC
Created attachment 1197944 [details]
File: cgroup

Comment 3 Kamil Páral 2016-09-05 13:12:43 UTC
Created attachment 1197945 [details]
File: core_backtrace

Comment 4 Kamil Páral 2016-09-05 13:12:45 UTC
Created attachment 1197946 [details]
File: dso_list

Comment 5 Kamil Páral 2016-09-05 13:12:46 UTC
Created attachment 1197947 [details]
File: environ

Comment 6 Kamil Páral 2016-09-05 13:12:48 UTC
Created attachment 1197948 [details]
File: exploitable

Comment 7 Kamil Páral 2016-09-05 13:12:49 UTC
Created attachment 1197949 [details]
File: limits

Comment 8 Kamil Páral 2016-09-05 13:12:52 UTC
Created attachment 1197950 [details]
File: maps

Comment 9 Kamil Páral 2016-09-05 13:12:53 UTC
Created attachment 1197951 [details]
File: mountinfo

Comment 10 Kamil Páral 2016-09-05 13:12:55 UTC
Created attachment 1197952 [details]
File: namespaces

Comment 11 Kamil Páral 2016-09-05 13:12:56 UTC
Created attachment 1197953 [details]
File: open_fds

Comment 12 Kamil Páral 2016-09-05 13:12:58 UTC
Created attachment 1197954 [details]
File: proc_pid_status

Comment 13 Kamil Páral 2016-09-05 13:12:59 UTC
Created attachment 1197955 [details]
File: var_log_messages

Comment 14 Jonas Ådahl 2016-09-06 14:37:17 UTC
Does this still happen with 3.21.91? The changes between 3.21.90 and 3.21.91 changes a lot of things where the backtrace shows it crashed.

Comment 15 Chris Murphy 2016-09-06 19:26:41 UTC
Interesting, I do this often, but on Fedora 24/gnome-shell 3.20.4 (on Wayland). Could be a regression?

Comment 16 Jonas Ådahl 2016-09-07 01:13:13 UTC
Could have, at some point during 3.21.x, but I believe its likely that its fixed by 3.21.91.

Comment 17 Kamil Páral 2016-09-07 10:04:44 UTC
(In reply to Jonas Ådahl from comment #14)
> Does this still happen with 3.21.91? 

Unfortunately bug 1373372 prevents from from updating gtk3, which prevents me from updating mutter (causes other issues), which prevents me from updating gnome-shell. Will test once I'm able to update gnome-shell.

Comment 18 Kamil Páral 2016-09-08 13:27:46 UTC
Seems to be working now with:
gtk3-3.21.5-1.fc25.x86_64
mutter-3.21.91-2.fc25.x86_64

Will reopen if it happens again.

Comment 19 Dima Ryazanov 2016-09-15 09:51:56 UTC
I'm seeing a similar crash, and I can reproduce it almost 100% of the time in 3.21.91 as well as mutter and gnome-shell that I built from the latest git:

- Open gnome-terminal
- Press left and right mouse buttons simultaneously (they need to be handled as separate buttons - i.e., middle button emulation needs to be OFF)

This crashes gnome-shell immediately.

The backtrace in gdb looks bizarre:

Thread 1 "gnome-shell" received signal SIGSEGV, Segmentation fault.
meta_wayland_surface_get_toplevel (surface=0x0, surface@entry=0xb5a790) at wayland/meta-wayland-surface.c:1689
1689	  if (surface->role)

See the "surface" and "surface@entry": the correct value was passed into the function, but it somehow became NULL, even before the first line of the function got executed.

I set a breakpoint in "meta_wayland_surface_get_toplevel" to see what happens before the crash. It gets called lots of times; usually, surface and surface@entry are equal - but not always, e.g.:

Thread 1 "gnome-shell" hit Breakpoint 1, meta_wayland_surface_get_toplevel (surface=0xb5ace0, surface@entry=0xfe6370)
    at wayland/meta-wayland-surface.c:1689
1689	  if (surface->role)

I have no explanation for what's happening. Memory corruption? Concurrency issue? I'm guessing it's some kind of race condition given that it happens only when two events happen at almost the same time, but they're all processed by the main thread, right?

Comment 20 Kamil Páral 2016-09-15 12:50:00 UTC
(In reply to Dima Ryazanov from comment #19)
> I'm seeing a similar crash, and I can reproduce it almost 100% of the time
> in 3.21.91 as well as mutter and gnome-shell that I built from the latest
> git:
> 
> - Open gnome-terminal
> - Press left and right mouse buttons simultaneously (they need to be handled
> as separate buttons - i.e., middle button emulation needs to be OFF)

I can reproduce that 100%, I filed a new bug 1376447. Please continue the discussion in that bug, thanks.


Note You need to log in before you can comment on or make changes to this bug.