GNOME Shell / mutter segfaults when a Wayland client crashes during an interactive resize
Affected version
- Fedora 39
- mutter 45.1
- Wayland
Bug summary
While investigating https://gitlab.freedesktop.org/xorg/xserver/-/issues/1621 in Xwayland, I noticed that Xwayland crashing during an interactive resize would also bring GNOME Shell down.
Steps to reproduce
- Build Xwayland git git master
- Run Xwayland rootful
- Resize the Xwayland window
What happened
Xwayland crashes, that's a regression in Xwayland.
But GNOME Shell also dies, which is a bug in GNOME Shell.
What did you expect to happen
Xwayland crashes, but GNOME Shell / mutter remains unaffected.
Relevant logs, screenshots, screencasts etc.
(gdb) bt
#0 0x00007f319f312a24 in wl_resource_add_destroy_listener () at /lib64/libwayland-server.so.0
#1 0x00007f31a13628bf in meta_wayland_keyboard_set_focus (keyboard=0x5592f90800d0, surface=<optimized out>) at ../src/wayland/meta-wayland-keyboard.c:789
#2 0x00007f31a12d5154 in meta_wayland_seat_set_input_focus (surface=0x5592fd6eb090, seat=0x5592f907f810) at ../src/wayland/meta-wayland-seat.c:426
#3 meta_wayland_compositor_set_input_focus (window=<optimized out>, compositor=<optimized out>) at ../src/wayland/meta-wayland.c:359
#4 meta_display_sync_wayland_input_focus (display=<optimized out>) at ../src/core/display.c:1471
#5 0x00007f31a17de52a in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#6 0x00007f31a180cfec in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#7 0x00007f31a17fdd59 in signal_emit_valist_unlocked () at /lib64/libgobject-2.0.so.0
#8 0x00007f31a17fdf91 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#9 0x00007f31a17fe053 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#10 0x00007f31a17e96f4 in g_object_dispatch_properties_changed.lto_priv () at /lib64/libgobject-2.0.so.0
#11 0x00007f31a17ecca7 in g_object_notify_by_pspec () at /lib64/libgobject-2.0.so.0
#12 0x00007f31a15ef41e in clutter_stage_unlink_grab (stage=0x5592f8c8dd20, grab=0x5592fa5a3bd0) at ../clutter/clutter/clutter-stage.c:4094
#13 0x00007f31a12ce530 in meta_window_drag_end (window_drag=0x5592fbb2df20) at ../src/compositor/meta-window-drag.c:381
#14 0x00007f31a17de52a in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#15 0x00007f31a180cfec in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#16 0x00007f31a17fdd59 in signal_emit_valist_unlocked () at /lib64/libgobject-2.0.so.0
#17 0x00007f31a17fdf91 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#18 0x00007f31a17fe053 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#19 0x00007f31a12f7847 in meta_window_unmanage (window=0x5592fb7319e0, timestamp=<optimized out>) at ../src/core/window.c:1442
#20 0x00007f31a136f678 in meta_wayland_shell_surface_destroy_window (shell_surface=<optimized out>) at ../src/wayland/meta-wayland-shell-surface.c:312
#21 0x00007f31a1374cad in xdg_toplevel_destructor (resource=<optimized out>) at ../src/wayland/meta-wayland-xdg-shell.c:212
#22 0x00007f319f314791 in destroy_resource () at /lib64/libwayland-server.so.0
#23 0x00007f319f31672a in wl_resource_destroy () at /lib64/libwayland-server.so.0
#24 0x00007f31a1373b46 in meta_wayland_xdg_toplevel_finalize (object=0x5592f97c9c40) at ../src/wayland/meta-wayland-xdg-shell.c:1044
#25 0x00007f31a17eca93 in g_object_unref () at /lib64/libgobject-2.0.so.0
#26 0x00007f31a136af6a in meta_wayland_surface_finalize (object=0x5592fd6eb090) at ../src/wayland/meta-wayland-surface.c:1459
#27 0x00007f31a17eca93 in g_object_unref () at /lib64/libgobject-2.0.so.0
#28 0x00007f319f314791 in destroy_resource () at /lib64/libwayland-server.so.0
#29 0x00007f319f314f2b in wl_client_destroy () at /lib64/libwayland-server.so.0
#30 0x00007f319f3154b8 in wl_client_connection_data () at /lib64/libwayland-server.so.0
#31 0x00007f319f3148e2 in wl_event_loop_dispatch () at /lib64/libwayland-server.so.0
#32 0x00007f31a13558eb in wayland_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../src/wayland/meta-wayland.c:124
#33 0x00007f31a1d5de5c in g_main_context_dispatch_unlocked.lto_priv () at /lib64/libglib-2.0.so.0
#34 0x00007f31a1db8f18 in g_main_context_iterate_unlocked.isra () at /lib64/libglib-2.0.so.0
#35 0x00007f31a1d5f447 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#36 0x00007f31a12e5b6a in meta_context_run_main_loop (context=<optimized out>, error=0x7ffcad3cd720) at ../src/core/meta-context.c:514
#37 0x00007f31a06dd056 in ffi_call_unix64 () at /lib64/libffi.so.8
#38 0x00007f31a06d95ef in ffi_call_int.lto_priv () at /lib64/libffi.so.8
#39 0x00007f31a06dc3fe in ffi_call () at /lib64/libffi.so.8
#40 0x00007f31a16b2a0f in Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) [clone .localalias] [clone .lto_priv.0] () at /lib64/libgjs.so.0
#41 0x00007f31a16bd2b4 in Gjs::Function::call(JSContext*, unsigned int, JS::Value*) () at /lib64/libgjs.so.0
#42 0x00007f319f92c6b8 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /lib64/libmozjs-115.so.0
#43 0x00007f319f920593 in js::Interpret(JSContext*, js::RunState&) () at /lib64/libmozjs-115.so.0
#44 0x00007f319f92c1fb in js::RunScript(JSContext*, js::RunState&) () at /lib64/libmozjs-115.so.0
#45 0x00007f319f92c58b in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /lib64/libmozjs-115.so.0
#46 0x00007f319f92cafd in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) ()
at /lib64/libmozjs-115.so.0
#47 0x00007f319f9a0a18 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /lib64/libmozjs-115.so.0
#48 0x00007f31a16f1894 in GjsContextPrivate::run_main_loop_hook() [clone .localalias] () at /lib64/libgjs.so.0
#49 0x00007f31a16f892f in gjs_context_eval_module () at /lib64/libgjs.so.0
--Type <RET> for more, q to quit, c to continue without paging--
#50 0x00007f31a16f8c21 in gjs_context_eval_module_file () at /lib64/libgjs.so.0
#51 0x00005592f7509032 in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:708