gnome-shell segfault on suspend due to "rounded-window-corners" third-party extension
Affected version
GNOME version 42.4, kernel version 5.19.4-200.fc36.x86_64, Fedora 36 Wayland with hybrid (intel + nvidia) graphics.
Bug summary
Occasionally, when suspending, gnome-shell crashes with SIGSEGV. The reported likely crash reason is "Jump to an invalid address" in function meta_compositor_size_change_window. This manifests itself as the following: As indicated by status light, computer enters suspend state as expected. Upon resume, user is greeted with a blank screen with a partial line of '^@' characters at the top. The cursor blinks, and the user can type. User can switch to a tty, and confirm that gnome-shell is not running. Additionally, after a long timeout (couple minutes), the system returns to GDM and the user can log in again (can also switch to GDM's tty to do so earlier). The problem reporting application gives the timestamp of the time the laptop lid was closed and the system entered suspend as the crash time.
Note: Just a hunch, but this might be related to a bug that I noticed recently but hadn't reported yet. When resuming from suspend, all windows are maximized for a split second before they return to their original, pre-suspend, size. Is there a reason why windows are maximized at this time?
Steps to reproduce
Suspend laptop by closing lid. Does not happen every time. Appears to happen seemingly at random, with an increased chance if something is running on the nvidia GPU.
What happened
gnome-shell crashes.
What did you expect to happen
gnome-shell remains alive throughout the suspend, and presents the user with the lock screen on resume.
Relevant logs, screenshots, screencasts etc.
gnome's problem reporting gives a massive report, but for some reason I can't report it through there.
Attached is a core dump, analyzed with gdb: I can also directly upload the core dump itself if requested - I have two of them.
Here is (what I think is) the relevant section of the stuff gdb spat out:
#0 0x00007f05e59a6ac6 in meta_compositor_size_change_window () at /lib64/libmutter-10.so.0
#1 0x00007f05e59efbc1 in meta_window_make_fullscreen () at /lib64/libmutter-10.so.0
#2 0x00007f05e4d79746 in ffi_call_unix64 () at /lib64/libffi.so.8
#3 0x00007f05e4d764d2 in ffi_call_int.lto_priv () at /lib64/libffi.so.8
#4 0x00007f05e5cc867e in Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) [clone .localalias] [clone .lto_priv.0] () at /lib64/libgjs.so.0
#5 0x00007f05e5cc8d77 in Gjs::Function::call(JSContext*, unsigned int, JS::Value*) () at /lib64/libgjs.so.0
#6 0x00007f05e3c515a2 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /lib64/libmozjs-91.so.0
#7 0x00007f05e3c45010 in Interpret(JSContext*, js::RunState&) () at /lib64/libmozjs-91.so.0
#8 0x00007f05e3c50f3c in js::RunScript(JSContext*, js::RunState&) () at /lib64/libmozjs-91.so.0
#9 0x00007f05e3c513b0 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /lib64/libmozjs-91.so.0
#10 0x00007f05e3c51875 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) () at /lib64/libmozjs-91.so.0
#11 0x00007f05e3cb412c in JS_CallFunction(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSFunction*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /lib64/libmozjs-91.so.0
#12 0x00007f05e5cc6d92 in Gjs::Closure::invoke(JS::Handle<JSObject*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /lib64/libgjs.so.0
#13 0x00007f05e5cfaf21 in Gjs::Closure::marshal(_GValue*, unsigned int, _GValue const*, void*, void*) ()
at /lib64/libgjs.so.0
#14 0x00007f05e6786db0 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#15 0x00007f05e67b34d6 in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#16 0x00007f05e67a3a2e in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#17 0x00007f05e67a3cb3 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#18 0x00007f05e5988792 in meta_monitor_manager_notify_monitors_changed () at /lib64/libmutter-10.so.0
#19 0x00007f05e598fc25 in meta_monitor_manager_rebuild () at /lib64/libmutter-10.so.0
#20 0x00007f05e5a6c729 in meta_monitor_manager_native_apply_monitors_config () at /lib64/libmutter-10.so.0
#21 0x00007f05e598136c in meta_monitor_manager_apply_monitors_config.lto_priv () at /lib64/libmutter-10.so.0
#22 0x00007f05e59864b3 in meta_monitor_manager_ensure_configured () at /lib64/libmutter-10.so.0
--Type <RET> for more, q to quit, c to continue without paging--
#23 0x00007f05e6784f76 in g_cclosure_marshal_VOID__BOOLEANv () at /lib64/libgobject-2.0.so.0
#24 0x00007f05e67a3b79 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#25 0x00007f05e67a3cb3 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#26 0x00007f05e597635d in upower_properties_changed () at /lib64/libmutter-10.so.0
#27 0x00007f05e6786db0 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#28 0x00007f05e67b34d6 in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#29 0x00007f05e67a3a2e in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#30 0x00007f05e67a3cb3 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#31 0x00007f05e68eb57b in on_properties_changed () at /lib64/libgio-2.0.so.0
#32 0x00007f05e68d744f in emit_signal_instance_in_idle_cb () at /lib64/libgio-2.0.so.0
#33 0x00007f05e66884cb in g_idle_dispatch () at /lib64/libglib-2.0.so.0
#34 0x00007f05e668bfaf in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#35 0x00007f05e66e12c8 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0
#36 0x00007f05e668b6cf in g_main_loop_run () at /lib64/libglib-2.0.so.0
#37 0x00007f05e59d4dc9 in meta_context_run_main_loop () at /lib64/libmutter-10.so.0
#38 0x0000559a35c26e27 in main ()