wayland: surface: NULL pointer dereference after buffer attachment fails
Affected version
Master built from commit 5a565b42.
Bug summary
mutter
crashes when gtk4-demo
is started in a nested session.
Steps to reproduce
- start
mutter
as Wayland compositor with dummy monitor(s) in an X11 session - start
gtk4-demo
-
mutter
crashes
What happened
mutter
is started as follows:
env MUTTER_DEBUG_NUM_DUMMY_MONITORS=1 \
MUTTER_DEBUG_DUMMY_MODE_SPECS=1920x1080 \
MUTTER_DEBUG_DUMMY_MONITOR_SCALES=1 \
CLUTTER_SHOW_FPS=1 \
./build/src/mutter --nested --wayland
The following warning is generated when gtk4-demo
is started:
(mutter:12193): mutter-WARNING **: 18:55:59.434: Could not import pending buffer: Unknown buffer type
in wayland/meta-wayland-surface.c:meta_wayland_surface_apply_state()
because meta_wayland_buffer_attach()
fails in:
Thread 1 "mutter" hit Breakpoint 1, meta_wayland_buffer_attach (buffer=0x5555559b7400, texture=texture@entry=0x555555a26500, error=error@entry=0x7fffffffd5c0) at ../src/wayland/meta-wayland-buffer.c:531
531 {
(gdb) bt
#0 meta_wayland_buffer_attach (buffer=0x5555559b7400, texture=texture@entry=0x555555a26500, error=error@entry=0x7fffffffd5c0) at ../src/wayland/meta-wayland-buffer.c:531
#1 0x00007ffff7eea155 in meta_wayland_surface_apply_state (surface=surface@entry=0x555555a26490, state=0x555555979e30) at ../src/wayland/meta-wayland-surface.c:736
#2 0x00007ffff7eea8ab in meta_wayland_surface_commit (surface=0x555555a26490) at ../src/wayland/meta-wayland-surface.c:994
#3 0x00007ffff7eea8cb in wl_surface_commit (client=<optimized out>, resource=<optimized out>) at ../src/wayland/meta-wayland-surface.c:1159
#4 0x00007ffff639bacd in () at /usr/lib/libffi.so.7
#5 0x00007ffff639b03a in () at /usr/lib/libffi.so.7
#6 0x00007ffff7667124 in () at /usr/lib/libwayland-server.so.0
#7 0x00007ffff766257c in () at /usr/lib/libwayland-server.so.0
#8 0x00007ffff766507a in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#9 0x00007ffff7ed43f2 in wayland_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../src/wayland/meta-wayland.c:97
#10 0x00007ffff7c9f02c in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#11 0x00007ffff7cf2b59 in () at /usr/lib/libglib-2.0.so.0
#12 0x00007ffff7c9e593 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#13 0x00007ffff7e8030d in meta_run_main_loop () at ../src/core/main.c:928
#14 0x00007ffff7e8031d in meta_run () at ../src/core/main.c:943
#15 0x0000555555555294 in main (argc=<optimized out>, argv=<optimized out>) at ../src/core/mutter.c:78
after that the code jumps to the cleanup
label where it calls meta_wayland_surface_role_post_apply_state()
and that results in the following:
Thread 1 "mutter" received signal SIGSEGV, Segmentation fault.
cogl_texture_get_width (texture=0x0) at ../cogl/cogl/cogl-texture.c:201
201 return texture->width;
(gdb) bt
#0 cogl_texture_get_width (texture=0x0) at ../cogl/cogl/cogl-texture.c:201
#1 0x00007ffff7ee91ee in get_buffer_width (surface=0x555555a26490) at ../src/wayland/meta-wayland-surface.c:306
#2 0x00007ffff7ee9dc1 in meta_wayland_surface_get_width (surface=surface@entry=0x555555a26490) at ../src/wayland/meta-wayland-surface.c:2071
#3 0x00007ffff7ee6673 in meta_wayland_shell_surface_calculate_geometry (shell_surface=<optimized out>, out_geometry=out_geometry@entry=0x7fffffffd4d0) at ../src/wayland/meta-wayland-shell-surface.c:57
#4 0x00007ffff7ef5444 in meta_wayland_xdg_surface_post_apply_state (surface_role=<optimized out>, pending=0x555555979e30) at ../src/wayland/meta-wayland-xdg-shell.c:1611
#5 0x00007ffff7ef56e2 in meta_wayland_xdg_toplevel_post_apply_state (surface_role=0x5555559d7ca0, pending=0x555555979e30) at ../src/wayland/meta-wayland-xdg-shell.c:811
#6 0x00007ffff7ee77f6 in meta_wayland_surface_role_post_apply_state (surface_role=<optimized out>, pending=pending@entry=0x555555979e30) at ../src/wayland/meta-wayland-surface.c:1879
#7 0x00007ffff7eea75e in meta_wayland_surface_apply_state (surface=surface@entry=0x555555a26490, state=0x555555979e30) at ../src/wayland/meta-wayland-surface.c:929
#8 0x00007ffff7eea8ab in meta_wayland_surface_commit (surface=0x555555a26490) at ../src/wayland/meta-wayland-surface.c:994
#9 0x00007ffff7eea8cb in wl_surface_commit (client=<optimized out>, resource=<optimized out>) at ../src/wayland/meta-wayland-surface.c:1159
#10 0x00007ffff639bacd in () at /usr/lib/libffi.so.7
#11 0x00007ffff639b03a in () at /usr/lib/libffi.so.7
#12 0x00007ffff7667124 in () at /usr/lib/libwayland-server.so.0
#13 0x00007ffff766257c in () at /usr/lib/libwayland-server.so.0
#14 0x00007ffff766507a in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#15 0x00007ffff7ed43f2 in wayland_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../src/wayland/meta-wayland.c:97
#16 0x00007ffff7c9f02c in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#17 0x00007ffff7cf2b59 in () at /usr/lib/libglib-2.0.so.0
#18 0x00007ffff7c9e593 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#19 0x00007ffff7e8030d in meta_run_main_loop () at ../src/core/main.c:928
#20 0x00007ffff7e8031d in meta_run () at ../src/core/main.c:943
#21 0x0000555555555294 in main (argc=<optimized out>, argv=<optimized out>) at ../src/core/mutter.c:78
If you need more information, let me know.