Crash in meta_output_kms_get_privacy_screen_state when screen locks
Since upgrading to Fedora 39 yesterday, gnome-shell has crashed four times, each time after I've stepped away from the computer and the screen locked on idle. This crash does not happen when I lock it manually using Ctrl+L. The top of the backtrace is:
Thread 1 (Thread 0x7f2d75bfa640 (LWP 2545)):
#0 0x00007f2d7b587db2 in meta_output_kms_get_privacy_screen_state (output=<optimized out>) at ../src/backends/native/meta-output-kms.c:139
output_kms = <optimized out>
connector_state = 0x0
#1 0x00007f2d7b5960fa in meta_output_get_privacy_screen_state (output=<optimized out>) at ../src/backends/meta-output.c:479
output_class = <optimized out>
#2 meta_output_is_privacy_screen_supported (output=<optimized out>) at ../src/backends/meta-output.c:485
No locals.
#3 meta_onscreen_native_invalidate (onscreen_native=onscreen_native@entry=0x5606a7aa01d0) at ../src/backends/native/meta-onscreen-native.c:2267
No locals.
#4 0x00007f2d7b59f6eb in meta_renderer_native_queue_modes_reset (renderer_native=0x5606a7a90360) at ../src/backends/native/meta-renderer-native.c:1113
onscreen_native = 0x5606a7aa01d0
crtc = <optimized out>
kms_crtc = <optimized out>
view_scale = <optimized out>
crtc_layout = {crtc = 0x7fff68b0d8d0, layout = {origin = {x = 6.68098643e+24, y = 4.59163468e-41}, size = {width = 6.68077429e+24, height = 4.59163468e-41}}, scale = 2.54924995e+36}
view_layout = {x = 1756420304, y = 32767, width = -1482095008, height = 22022}
stage_view = 0x5606a7aa1a30
framebuffer = 0x5606a7aa01d0
renderer = 0x5606a7a90360
backend = <optimized out>
kms = <optimized out>
kms_cursor_manager = 0x5606a78a5a50
l = 0x5606a7aa3f20
crtc_layouts = 0x5606ad6998c0
#5 0x00007f2d7bf2c52a in g_closure_invoke (closure=0x5606a7a90660, return_value=0x0, n_param_values=1, param_values=0x7fff68b0d8d0, invocation_hint=0x7fff68b0d820) at ../gobject/gclosure.c:832
marshal = 0x7f2d7bf31510 <g_cclosure_marshal_VOID__VOID>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x5606a7a90640
__func__ = "g_closure_invoke"
Full backtrace is available downstream in https://bugzilla.redhat.com/show_bug.cgi?id=2231680.
Crashing function was added in 47d7bc7a:
static MetaPrivacyScreenState
meta_output_kms_get_privacy_screen_state (MetaOutput *output)
{
MetaOutputKms *output_kms = META_OUTPUT_KMS (output);
const MetaKmsConnectorState *connector_state;
connector_state =
meta_kms_connector_get_current_state (output_kms->kms_connector);
return connector_state->privacy_screen_state;
}
The code assumes that meta_kms_connector_get_current_state
will never return NULL, but it does and then crashes when dereferencing connector_state
.