SEGV in touch_surface_decrement_touch while suspending
Affected version
Ubuntu 24.04 LTS Surface Linux 6.8.8-surface-1 GNOME 46
Bug summary
gnome-shell crashes with SEGV in touch_surface_decrement_touch while suspending
Steps to reproduce
- Set power button action to suspend.
- Push power button
- Wait a whlie
- Push power button again
What happened
Usually it works, but sometimes I get prompted to log in and when I do all my state has been lost. In this particular case, there was a crash file in /var/crash/_usr_bin_gnome-shell.1000.crash
What did you expect to happen
To get back to where I was when I suspended.
Relevant logs, screenshots, screencasts etc.
I tried to debug it with apport-retrace -g. Here is what seems to be the important part of the backtrace:
#5 0x00007979fdc45320 in <signal handler called> ()
at /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007979fe15f477 in touch_surface_decrement_touch
(touch_surface=0x5aef71f62720) at ../src/wayland/meta-wayland-touch.c:121
#7 touch_info_free (touch_info=0x5aef74e52720)
at ../src/wayland/meta-wayland-touch.c:488
#8 0x00007979feb28c22 in g_hash_table_remove_all_nodes
(hash_table=0x5aef73dd62c0, notify=<optimized out>, destruction=<otimized out>) at ../../../glib/ghash.c:651
#9 0x00007979feb2b63b in g_hash_table_remove_all_nodes
(destruction=1, notify=1, hash_table=0x5aef73dd62c0)
at ../../../glib/ghash.c:573
#10 g_hash_table_unref (hash_table=0x5aef73dd62c0)
at ../../../glib/ghash.c:1433
#11 0x00007979fe159a95 in meta_wayland_touch_disable (touch=0x5aef71a52610)
at ../src/wayland/meta-wayland-touch.c:536
Full backtrace in gnome-crash-backtrace.text
I examined the state in the crashing function. Here is the code:
108 static void
109 touch_surface_decrement_touch (MetaWaylandTouchSurface *touch_surface)
110 {
111 touch_surface->touch_count--;
112
113 if (touch_surface->touch_count == 0)
114 {
115 /* Now that there are no touches on the surface, free the
116 * MetaWaylandTouchSurface, the memory is actually owned by
117 * the touch_surface->touch_surfaces hashtable, so remove the
118 * item from there.
119 */
120 MetaWaylandTouch *touch = touch_surface->touch;
121 g_hash_table_remove (touch->touch_surfaces, touch_surface->surface);
Here's my attempt to examine the data structure:
(gdb) frame 6
#6 0x00007979fe15f477 in touch_surface_decrement_touch (
touch_surface=0x5aef71f62720) at ../src/wayland/meta-wayland-touch.c:121
121 g_hash_table_remove (touch->touch_surfaces, touch_surface->surface);
(gdb) p touch_surface
$1 = (MetaWaylandTouchSurface *) 0x5aef71f62720
(gdb) p *touch_surface
$2 = {surface = 0x5aeada0fd332, touch = 0x5ca502b2383c67c1,
surface_destroy_listener = {link = {prev = 0x0, next = 0x0},
notify = 0x7979fe160a40 <touch_handle_surface_destroy>}, resource_list = {
prev = 0x5aef71f62748, next = 0x5aef71f62748}, touch_count = 0}
(gdb) p *touch_surface->touch
Cannot access memory at address 0x5ca502b2383c67c1
I guess that's the problem, but I do not entirely know what I'm doing.