Description of problem: I was running a gtkwaylandsink a test of the waylandsink element in gst-plugins-bad. It worked until I pressed the X button. At that moment the entire compostitor crash. Does not happen in Weston. Version-Release number of selected component: gnome-shell-3.20.4-1.fc24 Additional info: reporter: libreport-2.7.2 backtrace_rating: 4 cmdline: /usr/bin/gnome-shell crash_function: is_surface_effectively_synchronized executable: /usr/bin/gnome-shell global_pid: 29942 kernel: 4.7.2-201.fc24.x86_64 pkg_fingerprint: 73BD E983 81B4 6521 pkg_vendor: Fedora Project runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 is_surface_effectively_synchronized at wayland/meta-wayland-surface.c:590 #1 meta_wayland_surface_commit at wayland/meta-wayland-surface.c:814 #2 wl_surface_commit at wayland/meta-wayland-surface.c:966 #3 ffi_call_unix64 at ../src/x86/unix64.S:76 #4 ffi_call at ../src/x86/ffi64.c:525 #5 wl_closure_invoke at src/connection.c:949 #6 wl_client_connection_data at src/wayland-server.c:337 #7 wl_event_loop_dispatch at src/event-loop.c:421 #8 wayland_event_source_dispatch at wayland/meta-wayland.c:77 #13 meta_run at core/main.c:537
Created attachment 1201355 [details] File: backtrace
Created attachment 1201356 [details] File: cgroup
Created attachment 1201357 [details] File: core_backtrace
Created attachment 1201358 [details] File: dso_list
Created attachment 1201359 [details] File: environ
Created attachment 1201360 [details] File: exploitable
Created attachment 1201361 [details] File: limits
Created attachment 1201362 [details] File: maps
Created attachment 1201363 [details] File: mountinfo
Created attachment 1201364 [details] File: namespaces
Created attachment 1201365 [details] File: open_fds
Created attachment 1201366 [details] File: proc_pid_status
Created attachment 1201367 [details] File: var_log_messages
The test application can be found here: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/tree/tests/examples/waylandsink
I hit the bug with Firefox Wayland port. Crashes whole session after 1-2 minutes of browsing.
Backtrace from gnome-shell crash caused by FF: #0 0x00007f07d128f3e1 in is_surface_effectively_synchronized (surface=0x0) at wayland/meta-wayland-surface.c:621 surface = 0x559d38530810 [MetaWaylandSurface] #1 0x00007f07d128f3e1 in meta_wayland_surface_commit (surface=<optimized out>) at wayland/meta-wayland-surface.c:851 surface = 0x559d38530810 [MetaWaylandSurface] #2 0x00007f07d128f3e1 in wl_surface_commit (client=<optimized out>, resource=<optimized out>) at wayland/meta-wayland-surface surface = 0x559d38530810 [MetaWaylandSurface] #3 0x00007f07c82aec58 in ffi_call_unix64 () at ../src/x86/unix64.S:76 #4 0x00007f07c82ae6ba in ffi_call (cif=cif@entry=0x7fffb282d220, fn=<optimized out>, rvalue=<optimized out>, rvalue@entry=0x0 classes = {X86_64_INTEGER_CLASS, X86_64_NO_CLASS, 943809696, 21917} stack = <optimized out> argp = 0x7fffb282d0f0 "" arg_types = <optimized out> gprcount = 2 ssecount = <optimized out> ngpr = 1 nsse = 0 i = <optimized out> avn = <optimized out> ret_in_memory = <optimized out> reg_args = <optimized out> #5 0x00007f07cc3ef58e in wl_closure_invoke (closure=closure@entry=0x559d3b7bfd10, flags=flags@entry=2, target=<optimized out> count = <optimized out> cif = {abi = FFI_UNIX64, nargs = 2, arg_types = 0x7fffb282d240, rtype = 0x7f07c82af040 <ffi_type_void>, bytes = 0, fla ffi_types = {0x7f07c82aef20 <ffi_type_pointer>, 0x7f07c82aef20 <ffi_type_pointer>, 0x7fffb282d2c0, 0x7fffb282d2bf, 0x7 ffi_args = {0x7fffb282d210, 0x7fffb282d218, 0x6, 0x559d3ae6a100, 0x7f07ce0a00d0 <wl_surface_requests+144>, 0x7f07caeeb implementation = <optimized out> #6 0x00007f07cc3eb787 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x559d3ae6a100) at src/way client = 0x559d3ae6a100 connection = 0x559d3c8f7290 resource = 0x559d384164a0 object = 0x559d384164a0 closure = 0x559d3b7bfd10 message = 0x7f07ce0a00d0 <wl_surface_requests+144> p = {54, 524294} resource_flags = <optimized out> opcode = 6 size = <optimized out> since = <optimized out> len = <optimized out> #7 0x00007f07cc3ed802 in wl_event_loop_dispatch (loop=0x559d3829e130, timeout=timeout@entry=0) at src/event-loop.c:423 ep = {{events = 1, data = {ptr = 0x559d3c3c64d0, fd = 1010590928, u32 = 1010590928, u64 = 94133808817360}}, {events = source = <optimized out> i = <optimized out> count = <optimized out>
Owen, is that something which should be fixed on application side or is that a bug in mutter?
I can reproduce that on Fedora 24 and Fedora 25.
Sorry if I broke the bug assignment, please move if necessary.
If I add a simple null pointer check to is_surface_effectively_synchronized() the crash is a bit different: Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fd6d8606de3 in subsurface_role_get_toplevel (surface_role=0x55597d4daf10 [MetaWaylandSurfaceRoleSubsurface]) at wayland/meta-wayland-surface.c:608 608 if (parent->role) [Current thread is 1 (Thread 0x7fd6dd67c640 (LWP 1378))] Thread 1 (Thread 0x7fd6dd67c640 (LWP 1378)): #0 0x00007fd6d8606de3 in subsurface_role_get_toplevel (surface_role=0x55597d4daf10 [MetaWaylandSurfaceRoleSubsurface]) at wayland/meta-wayland-surface.c:608 surface = 0x55597bdf58f0 [MetaWaylandSurface] parent = 0x0 #1 0x00007fd6d860966c in meta_wayland_surface_role_get_toplevel (surface_role=0x55597d4daf10 [MetaWaylandSurfaceRoleSubsurface]) at wayland/meta-wayland-surface.c:1913 klass = 0x55597a20aba0 #2 0x00007fd6d8608efe in meta_wayland_surface_get_toplevel (surface=0x55597bdf58f0 [MetaWaylandSurface]) at wayland/meta-wayland-surface.c:1693 #3 0x00007fd6d86098af in actor_surface_commit (surface_role=0x55597d4daf10 [MetaWaylandSurfaceRoleSubsurface], pending=0x55597c4e1a40 [MetaWaylandPendingState]) at wayland/meta-wayland-surface.c:2015 surface = 0x55597bdf58f0 [MetaWaylandSurface] toplevel_surface = 0x55597aefec90 #4 0x00007fd6d8606d64 in subsurface_role_commit (surface_role=0x55597d4daf10 [MetaWaylandSurfaceRoleSubsurface], pending=0x55597c4e1a40 [MetaWaylandPendingState]) at wayland/meta-wayland-surface.c:593 surface_role_class = 0x55597aefec90 surface = 0x55597bdf58f0 [MetaWaylandSurface] surface_actor = 0x55597c4a3c60 [MetaSurfaceActorWayland] #5 0x00007fd6d86095d5 in meta_wayland_surface_role_commit (surface_role=0x55597d4daf10 [MetaWaylandSurfaceRoleSubsurface], pending=0x55597c4e1a40 [MetaWaylandPendingState]) at wayland/meta-wayland-surface.c:1889 #6 0x00007fd6d86073cd in apply_pending_state (surface=0x55597bdf58f0 [MetaWaylandSurface], pending=0x55597c4e1a40 [MetaWaylandPendingState]) at wayland/meta-wayland-surface.c:801 surface_actor_wayland = 0x55597c4a3c60 [MetaSurfaceActorWayland] __func__ = "apply_pending_state" #7 0x00007fd6d8607551 in meta_wayland_surface_commit (surface=0x55597bdf58f0 [MetaWaylandSurface]) at wayland/meta-wayland-surface.c:857 #8 0x00007fd6d8607a04 in wl_surface_commit (client=0x55597c756e00, resource=0x55597d54a360) at wayland/meta-wayland-surface.c:1006 surface = 0x55597bdf58f0 [MetaWaylandSurface] #9 0x00007fd6cf57cc58 in ffi_call_unix64 () at ../src/x86/unix64.S:76 #10 0x00007fd6cf57c6ba in ffi_call (cif=cif@entry=0x7fffa1588a70, fn=<optimized out>, rvalue=<optimized out>, rvalue@entry=0x0, avalue=avalue@entry=0x7fffa1588b40) at ../src/x86/ffi64.c:525 classes = {X86_64_INTEGER_CLASS, 32767, 2102698848, 21849} stack = <optimized out> argp = 0x7fffa1588940 "" arg_types = <optimized out> gprcount = 2 ssecount = <optimized out> ngpr = 1 nsse = 0 i = <optimized out> avn = <optimized out> ret_in_memory = <optimized out> reg_args = <optimized out> #11 0x00007fd6d36bd58e in wl_closure_invoke (closure=closure@entry=0x55597d533ee0, flags=flags@entry=2, target=<optimized out>, target@entry=0x55597d54a360, opcode=opcode@entry=6, data=<optimized out>, data@entry=0x55597c756e00) at src/connection.c:935 count = <optimized out> cif = {abi = FFI_UNIX64, nargs = 2, arg_types = 0x7fffa1588a90, rtype = 0x7fd6cf57d040 <ffi_type_void>, bytes = 0, flags = 0} ffi_types = {0x7fd6cf57cf20 <ffi_type_pointer>, 0x7fd6cf57cf20 <ffi_type_pointer>, 0x7fffa1588b10, 0x7fffa1588b0f, 0x7fd6cf57cf80 <ffi_type_sint32>, 0x7fd6cf57cf80 <ffi_type_sint32>, 0x7fd6cf57cf80 <ffi_type_sint32>, 0xffff80005ea774f1, 0x3, 0x330000000e, 0x0, 0x0, 0x6e0000005b, 0x0, 0x0, 0x7c00000077, 0x0, 0x555900000000, 0x7fffa1588b50, 0x2, 0x7fffa1588b70, 0x7fd6d24f4ae0 <main_arena>} ffi_args = {0x7fffa1588a60, 0x7fffa1588a68, 0x6, 0x55597c756e00, 0x7fd6d53970d0 <wl_surface_requests+144>, 0x7fd6d21b9f74 <__GI___libc_malloc+84>, 0x55597d5525d8, 0x0, 0x0, 0x7fd6d36bce29 <wl_connection_demarshal+265>, 0x55597d533fb8, 0x55597d062d30, 0x55597d533ee0, 0x55597d552670, 0x55597d55267c, 0x55597c756e38, 0x55597d5525a0, 0x55597c756e38, 0x7fd6d53970d0 <wl_surface_requests+144>, 0x7fd6d36b8847 <log_closure+71>, 0x55597c756e38, 0x7fd6d53970d0 <wl_surface_requests+144>} implementation = <optimized out> #12 0x00007fd6d36b9787 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x55597c756e00) at src/wayland-server.c:371 client = 0x55597c756e00 connection = 0x55597d062d30 resource = 0x55597d54a360 object = 0x55597d54a360 closure = 0x55597d533ee0 message = 0x7fd6d53970d0 <wl_surface_requests+144> p = {49, 524294} resource_flags = <optimized out> opcode = 6 size = <optimized out> since = <optimized out> len = <optimized out> #13 0x00007fd6d36bb802 in wl_event_loop_dispatch (loop=0x555979acdfb0, timeout=<optimized out>) at src/event-loop.c:423 ep = {{events = 1, data = {ptr = 0x55597c746410, fd = 2088002576, u32 = 2088002576, u64 = 93842828452880}}, {events = 21849, data = {ptr = 0x555979d6aee4, fd = 2044112612, u32 = 2044112612, u64 = 93842784562916}}, {events = 4096, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 2706934992, data = {ptr = 0x100007fff, fd = 32767, u32 = 32767, u64 = 4295000063}}, {events = 0, data = {ptr = 0x7fffa1588d20, fd = -1588032224, u32 = 2706935072, u64 = 140735900323104}}, {events = 80, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x7fffa1588d90, fd = -1588032112, u32 = 2706935184, u64 = 140735900323216}}, {events = 2706935200, data = {ptr = 0x79d3983000007fff, fd = 32767, u32 = 32767, u64 = 8778527430601113599}}, {events = 21849, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 2043910192, data = {ptr = 0xa1588d8000005559, fd = 21849, u32 = 21849, u64 = 11626198018952287577}}, {events = 32767, data = {ptr = 0x7fd6d764f525 <_clutter_stage_window_get_update_time+263>, fd = -681249499, u32 = 3613717797, u64 = 140560713446693}}, {events = 0, data = {ptr = 0x79d3983000000000, fd = 0, u32 = 0, u64 = 8778527430601080832}}, {events = 21849, data = {ptr = 0x1a1588da0, fd = -1588032096, u32 = 2706935200, u64 = 7001902496}}, {events = 2043910192, data = {ptr = 0x79d2b2d000005559, fd = 21849, u32 = 21849, u64 = 8778275230121481561}}, {events = 21849, data = {ptr = 0x555979d1c100, fd = 2043789568, u32 = 2043789568, u64 = 93842784239872}}, {events = 2706935216, data = {ptr = 0xd764cc2900007fff, fd = 32767, u32 = 32767, u64 = 15520754692291330047}}, {events = 32726, data = {ptr = 0x7fffa1588db0, fd = -1588032080, u32 = 2706935216, u64 = 140735900323248}}, {events = 2043802400, data = {ptr = 0x5559, fd = 21849, u32 = 21849, u64 = 21849}}, {events = 0, data = {ptr = 0x555979d39830, fd = 2043910192, u32 = 2043910192, u64 = 93842784360496}}, {events = 2706935312, data = {ptr = 0xd762a57600007fff, fd = 32767, u32 = 32767, u64 = 15520149192096907263}}, {events = 32726, data = {ptr = 0x555979cac8b0, fd = 2043332784, u32 = 2043332784, u64 = 93842783783088}}, {events = 2044032064, data = {ptr = 0xa1588e1000005559, fd = 21849, u32 = 21849, u64 = 11626198637427578201}}, {events = 32767, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 4294967295, data = {ptr = 0x79ae6260ffffffff, fd = -1, u32 = 4294967295, u64 = 8768053693288284159}}, {events = 21849, data = {ptr = 0x555979d1e770, fd = 2043799408, u32 = 2043799408, u64 = 93842784249712}}, {events = 2706935344, data = {ptr = 0xa15d8bd900007fff, fd = 32767, u32 = 32767, u64 = 11627603577064685567}}, {events = 32767, data = {ptr = 0x7fffa1588e60, fd = -1588031904, u32 = 2706935392, u64 = 140735900323424}}, {events = 2706935376, data = {ptr = 0x2f00000001, fd = 1, u32 = 1, u64 = 201863462913}}, {events = 0, data = {ptr = 0x20, fd = 32, u32 = 32, u64 = 32}}, {events = 3553927716, data = {ptr = 0xa1588e6000007fd6, fd = 32726, u32 = 32726, u64 = 11626198981024972758}}, {events = 32767, data = {ptr = 0x7fd6d7626e29 <_clutter_context_unlock+16>, fd = -681415127, u32 = 3613552169, u64 = 140560713281065}}} source = <optimized out> i = <optimized out> count = <optimized out> #14 0x00007fd6d85e9549 in wayland_event_source_dispatch (base=0x555979d57c40, callback=0x0, data=0x0) at wayland/meta-wayland.c:79 source = 0x555979d57c40 loop = 0x555979acdfb0 #15 0x00007fd6d3d2be42 in g_main_dispatch (context=0x555979accf00) at gmain.c:3203 dispatch = 0x7fd6d85e9508 <wayland_event_source_dispatch> prev_source = 0x0 was_in_call = 0 user_data = 0x0 callback = 0x0 cb_funcs = 0x0 cb_data = 0x0 need_destroy = <optimized out> source = 0x555979d57c40 current = 0x555979add030 i = 0 #16 0x00007fd6d3d2be42 in g_main_context_dispatch (context=context@entry=0x555979accf00) at gmain.c:3856 #17 0x00007fd6d3d2c1c0 in g_main_context_iterate (context=0x555979accf00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3929 max_priority = 2147483647 timeout = 299898 some_ready = 1 nfds = 17 allocated_nfds = 18 fds = <optimized out> #18 0x00007fd6d3d2c4e2 in g_main_loop_run (loop=0x555979d5a2b0) at gmain.c:4125 __func__ = "g_main_loop_run" #19 0x00007fd6d85a6f82 in meta_run () at core/main.c:572 #20 0x00005559785d8657 in main (argc=<optimized out>, argv=<optimized out>) at main.c:471 ctx = <optimized out> error = 0x0 ecode = <optimized out> sender = 0x7fd6b0013590 [TpDebugSender]
This message is a reminder that Fedora 24 is nearing its end of life. Approximately 2 (two) weeks from now Fedora will stop maintaining and issuing updates for Fedora 24. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '24'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 24 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 24 changed to end-of-life (EOL) status on 2017-08-08. Fedora 24 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
Still happens on F27, reopening.
This has been fixed in mutter-3.28.2-1.fc28.