GNOME Shell crashes Iris driver when screen sharing Firefox that manipulates custom cursors regularly
Affected version
Arch Linux kernel 6.3.0 gnome-shell 43.5, 44.1 xdg-desktop-portal 1.16.0 xdg-desktop-portal-gnome 43.1
Wayland (Haven't tested XOrg) Possibly tested with Extensions disabled, not sure.
Bug summary
This is possibly a Mesa Iris specific bug, isolated to the i915 kernel driver, or perhaps GNOME Shell is doing something wrong.
https://gitlab.freedesktop.org/mesa/mesa/-/issues/8888
Basically, when using the following web site in Firefox nightly, or 112.0.1, and moving the cursor over the image in the post repeatedly:
https://cohost.org/mcc/post/1372446-empty
While screen sharing, either with OBS Studio, or with TeamViewer, any xdg-desktop-portal-gnome consumer that touches the cursor capturing. Doing the cursor swapping repeatedly while sharing will crash GNOME Shell.
Does not affect the Xe KMD, apparently.
Steps to reproduce
- Possibly needed: Set desktop scaling to 200% or higher.
- Open Firefox to the above linked cohost site.
- Open OBS Studio and capture the screen that's showing Firefox.
- Move the cursor around on and off the spot that changes it to the picture of a window containing a motorbike.
- GNOME Shell should crash eventually, or OBS Studio will crash, depending.
What happened
Either GNOME Shell, or the xdg-desktop-portal-gnome consuming app will crash.
What did you expect to happen
No crash should occur.
Relevant logs, screenshots, screencasts etc.
Here is a stack trace of GNOME Shell from the crash, as included in the above Mesa bug as well:
#0 __memcpy_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:540
#1 0x00007f706a1e3499 in memcpy () at /usr/include/bits/string_fortified.h:29
#2 copy_to_staging_dest () at ../mesa-23.0.3/src/mesa/state_tracker/st_cb_texture.c:229
#3 st_GetTexSubImage() () at ../mesa-23.0.3/src/mesa/state_tracker/st_cb_texture.c:2575
#4 0x00007f706b2bb020 in get_texture_image.constprop.0 () at ../mesa-23.0.3/src/mesa/main/texgetimage.c:1441
#5 0x00007f706a40c2f7 in _get_texture_image() () at ../mesa-23.0.3/src/mesa/main/texgetimage.c:1479
#6 0x00007f706a40c4fc in _mesa_GetTexImage() () at ../mesa-23.0.3/src/mesa/main/texgetimage.c:1514
#7 0x00007f708249e265 in _cogl_texture_driver_gl_get_tex_image (ctx=<optimized out>, gl_target=<optimized out>, dest_gl_format=<optimized out>, dest_gl_type=<optimized out>, dest=<optimized out>)
at ../mutter-vrr/cogl/cogl/driver/gl/gl/cogl-texture-driver-gl.c:358
#8 0x00007f708249bacf in _cogl_texture_2d_gl_get_data
(tex_2d=0x560356af8a70, format=COGL_PIXEL_FORMAT_RGBA_8888_PRE, rowstride=2048, data=0x7f6fe7703048 "+G{\204+G{\204=d\254\270=d\254\270?e\256\270?e\256\2706`\256\2706`\256\270-W\250\270-W\250\270/W\250\270/W\250\270/W\251\270/W\251\270/W\252\270/W\252\2702Y\254\2702Y\254\2701Z\256\2701Z\256\2700Y\255\2700Y\255\270/W\253\270/W\253\270/X\252\270/X\252\270.X\251\270.X\251\270.W\251\270.W\251\270.W\251\270.W\251\270-V\251\270-V\251\270-V\252\270-V\252\270-W\253\270-W\253\270-W\253\270-W\253\270.V\252\270.V\252\270.V\251\270.V\251\270-V\251\270-V\251\270-U\251\270-U\251\270-U\251\270-U\251\270"...) at ../mutter-vrr/cogl/cogl/driver/gl/cogl-texture-2d-gl.c:654
#9 0x00007f70824dc9cf in _cogl_texture_2d_get_data (tex=<optimized out>, format=<optimized out>, rowstride=<optimized out>, data=<optimized out>) at ../mutter-vrr/cogl/cogl/cogl-texture-2d.c:476
#10 0x00007f70824e69af in texture_get_cb (subtexture=0x560356af8a70, subtexture_coords=0x7fffd1b93fe0, virtual_coords=<optimized out>, user_data=0x7fffd1b94110) at ../mutter-vrr/cogl/cogl/cogl-texture.c:705
#11 0x00007f70824ecdd1 in re_normalize_sub_texture_coords_cb (user_data=0x7fffd1b93f20, meta_coords=<synthetic pointer>, sub_texture_coords=0x7fffd1b93fe0, sub_texture=<optimized out>) at ../mutter-vrr/cogl/cogl/cogl-texture-2d-sliced.c:93
#12 _cogl_texture_spans_foreach_in_region
(user_data=0x7fffd1b93f20, callback=0x7f70824ea050 <normalize_meta_coords_cb>, wrap_y=<optimized out>, wrap_x=<optimized out>, y_normalize_factor=<optimized out>, x_normalize_factor=<optimized out>, virtual_coords=<synthetic pointer>, textures=0x7fffd1b93f00, n_y_spans=1, y_spans=0x7fffd1b93f08, n_x_spans=1, x_spans=0x7fffd1b93f14) at ../mutter-vrr/cogl/cogl/cogl-texture.c:1057
#13 cogl_meta_texture_foreach_in_region (meta_texture=meta_texture@entry=0x560356af8a70, tx_1=<optimized out>, tx_1@entry=0, ty_1=<optimized out>, ty_1@entry=0, tx_2=<optimized out>, tx_2@entry=1, ty_2=<optimized out>,
ty_2@entry=1, wrap_s=<optimized out>, wrap_s@entry=COGL_PIPELINE_WRAP_MODE_REPEAT, wrap_t=<optimized out>, wrap_t@entry=COGL_PIPELINE_WRAP_MODE_REPEAT, callback=0x7f70824ea050 <normalize_meta_coords_cb>,
callback@entry=0x7f70824e67b0 <texture_get_cb>, user_data=0x7fffd1b93f20, user_data@entry=0x7fffd1b94110) at ../mutter-vrr/cogl/cogl/cogl-meta-texture.c:568
#14 0x00007f70824e7250 in cogl_texture_get_data
(texture=texture@entry=0x560356af8a70, format=format@entry=COGL_PIXEL_FORMAT_RGBA_8888_PRE, rowstride=rowstride@entry=2048, data=data@entry=0x7f6fe7703048 "+G{\204+G{\204=d\254\270=d\254\270?e\256\270?e\256\2706`\256\2706`\256\270-W\250\270-W\250\270/W\250\270/W\250\270/W\251\270/W\251\270/W\252\270/W\252\2702Y\254\2702Y\254\2701Z\256\2701Z\256\2700Y\255\2700Y\255\270/W\253\270/W\253\270/X\252\270/X\252\270.X\251\270.X\251\270.W\251\270.W\251\270.W\251\270.W\251\270-V\251\270-V\251\270-V\252\270-V\252\270-W\253\270-W\253\270-W\253\270-W\253\270.V\252\270.V\252\270.V\251\270.V\251\270-V\251\270-V\251\270-U\251\270-U\251\270-U\251\270-U\251\270"...) at ../mutter-vrr/cogl/cogl/cogl-texture.c:859
#15 0x00007f7082ba5193 in meta_screen_cast_stream_src_draw_cursor_into
(src=src@entry=0x5603566d7430, cursor_texture=cursor_texture@entry=0x560356af8a70, scale=scale@entry=1, transform=transform@entry=META_MONITOR_TRANSFORM_NORMAL, data=0x7f6fe7703048 "+G{\204+G{\204=d\254\270=d\254\270?e\256\270?e\256\2706`\256\2706`\256\270-W\250\270-W\250\270/W\250\270/W\250\270/W\251\270/W\251\270/W\252\270/W\252\2702Y\254\2702Y\254\2701Z\256\2701Z\256\2700Y\255\2700Y\255\270/W\253\270/W\253\270/X\252\270/X\252\270.X\251\270.X\251\270.W\251\270.W\251\270.W\251\270.W\251\270-V\251\270-V\251\270-V\252\270-V\252\270-W\253\270-W\253\270-W\253\270-W\253\270.V\252\270.V\252\270.V\251\270.V\251\270-V\251\270-V\251\270-U\251\270-U\251\270-U\251\270-U\251\270"..., error=error@entry=0x7fffd1b94260)
at ../mutter-vrr/src/backends/meta-screen-cast-stream-src.c:337
#16 0x00007f7082ba534c in meta_screen_cast_stream_src_set_cursor_sprite_metadata
(src=0x5603566d7430, spa_meta_cursor=0x7f6fe7703018, cursor_sprite=<optimized out>, x=<optimized out>, y=<optimized out>, scale=1, transform=META_MONITOR_TRANSFORM_NORMAL) at ../mutter-vrr/src/backends/meta-screen-cast-stream-src.c:459
#17 0x00007f7082b95c26 in meta_screen_cast_monitor_stream_src_set_cursor_metadata (src=0x5603566d7430, spa_meta_cursor=0x7f6fe7703018) at ../mutter-vrr/src/backends/meta-screen-cast-monitor-stream-src.c:696
#18 0x00007f7082ba587e in meta_screen_cast_stream_src_set_cursor_metadata (spa_meta_cursor=<optimized out>, src=0x5603566d7430) at ../mutter-vrr/src/backends/meta-screen-cast-stream-src.c:244
#19 add_cursor_metadata (spa_buffer=<optimized out>, src=<optimized out>) at ../mutter-vrr/src/backends/meta-screen-cast-stream-src.c:481
#20 maybe_record_cursor (spa_buffer=0x5603538a4c00, src=0x5603566d7430) at ../mutter-vrr/src/backends/meta-screen-cast-stream-src.c:496
#21 meta_screen_cast_stream_src_maybe_record_frame (src=0x5603566d7430, flags=<optimized out>) at ../mutter-vrr/src/backends/meta-screen-cast-stream-src.c:721
#22 0x00007f7082b934b6 in maybe_record_frame_on_idle.lto_priv () at ../mutter-vrr/src/backends/meta-screen-cast-monitor-stream-src.c:123
#23 0x00007f70837d253b in g_main_dispatch (context=0x56034fad44b0) at ../glib/glib/gmain.c:3460
#24 g_main_context_dispatch (context=0x56034fad44b0) at ../glib/glib/gmain.c:4200
#25 0x00007f708382f219 in g_main_context_iterate.constprop.0 (context=0x56034fad44b0, block=1, dispatch=1, self=<optimized out>) at ../glib/glib/gmain.c:4276
#26 0x00007f70837d1c7f in g_main_loop_run (loop=0x56035132ab70) at ../glib/glib/gmain.c:4479
#27 0x00007f7082b24b6b in meta_context_run_main_loop (context=context@entry=0x56034fad23e0, error=error@entry=0x7fffd1b94580) at ../mutter-vrr/src/core/meta-context.c:465
#28 0x000056034f15f478 in main (argc=<optimized out>, argv=<optimized out>) at ../gnome-shell/src/main.c:582
I can't tell if GNOME Shell is in the wrong, or if Iris is.