wl_list_remove crash in pointer constraints on main
Seems we're crashing on main when changing input focus from within a keybinding when moving input focus out of an app that is constraining the pointer.
Reproducer:
- Open teeworlds (it should grab the pointer)
- press Meta key to show the overview
- shell crashes reproducibly
Backtrace:
#0 0x0000ffff467d3e30 in wl_list_remove () at /lib64/libwayland-server.so.0
#1 0x0000ffff4917e0f8 [PAC] in meta_wayland_input_detach_event_handler (input=0x557b660, handler=0x9d6c780) at ../src/wayland/meta-wayland-input.c:326
#2 0x0000ffff49185e1c in meta_wayland_pointer_constraint_disable (constraint=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:428
#3 0x0000ffff4918617c in meta_wayland_pointer_constraint_deactivate (constraint=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:557
#4 0x0000ffff49186e1c in pointer_constraints_focus (handler=0x559b500, device=0x54e5260, sequence=0x0, surface=0x0, user_data=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:1024
#5 0x0000ffff4917db38 in meta_wayland_event_handler_invalidate_focus (handler=0x559b500, device=0x54e5260, sequence=0x0) at ../src/wayland/meta-wayland-input.c:134
#6 0x0000ffff4917dba0 in meta_wayland_event_handler_invalidate_all_focus (handler=0x559b500) at ../src/wayland/meta-wayland-input.c:152
#7 0x0000ffff4917e058 in meta_wayland_input_attach_event_handler (input=0x557b660, iface=0xffff492def38 <pointer_constraints_event_interface>, grab=0, user_data=0x9ec2a10)
at ../src/wayland/meta-wayland-input.c:302
#8 0x0000ffff49185d44 in meta_wayland_pointer_constraint_enable (constraint=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:398
#9 0x0000ffff491860d8 in meta_wayland_pointer_constraint_maybe_enable (constraint=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:534
#10 0x0000ffff49185a2c in pointer_focus_surface_changed (pointer=0x557f080, constraint=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:286
#11 0x0000ffff49767c2c in signal_emit_valist_unlocked () at /lib64/libgobject-2.0.so.0
#12 0x0000ffff49767de8 [PAC] in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#13 0x0000ffff49767ea4 [PAC] in g_signal_emit () at /lib64/libgobject-2.0.so.0
#14 0x0000ffff49184714 [PAC] in meta_wayland_pointer_set_focus (pointer=0x557f080, surface=0x0) at ../src/wayland/meta-wayland-pointer.c:1032
#15 0x0000ffff49184798 in meta_wayland_pointer_focus_surface (pointer=0x557f080, surface=0x0) at ../src/wayland/meta-wayland-pointer.c:1055
#16 0x0000ffff4918a0b4 in default_focus (handler=0x557d3c0, device=0x54e5260, sequence=0x0, surface=0x0, user_data=0x557e0f0) at ../src/wayland/meta-wayland-seat.c:245
#17 0x0000ffff4917db38 in meta_wayland_event_handler_invalidate_focus (handler=0x557d3c0, device=0x54e5260, sequence=0x0) at ../src/wayland/meta-wayland-input.c:134
#18 0x0000ffff4917dba0 in meta_wayland_event_handler_invalidate_all_focus (handler=0x557d3c0) at ../src/wayland/meta-wayland-input.c:152
#19 0x0000ffff4917e130 in meta_wayland_input_detach_event_handler (input=0x557b660, handler=0x9d6c780) at ../src/wayland/meta-wayland-input.c:334
#20 0x0000ffff49185e1c in meta_wayland_pointer_constraint_disable (constraint=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:428
#21 0x0000ffff4918617c in meta_wayland_pointer_constraint_deactivate (constraint=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:557
#22 0x0000ffff49186e1c in pointer_constraints_focus (handler=0x9d6c780, device=0x54e5260, sequence=0x0, surface=0x0, user_data=0x9ec2a10) at ../src/wayland/meta-wayland-pointer-constraints.c:1024
#23 0x0000ffff4917db38 in meta_wayland_event_handler_invalidate_focus (handler=0x9d6c780, device=0x54e5260, sequence=0x0) at ../src/wayland/meta-wayland-input.c:134
#24 0x0000ffff4917dba0 in meta_wayland_event_handler_invalidate_all_focus (handler=0x9d6c780) at ../src/wayland/meta-wayland-input.c:152
#25 0x0000ffff4917ded4 in meta_wayland_input_sync_focus (input=0x557b660) at ../src/wayland/meta-wayland-input.c:251
#26 0x0000ffff4917d87c in on_stage_is_grabbed_change (input=0x557b660) at ../src/wayland/meta-wayland-input.c:58
#27 0x0000ffff49745ec4 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#28 0x0000ffff497789e4 [PAC] in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#29 0x0000ffff49767b14 [PAC] in signal_emit_valist_unlocked () at /lib64/libgobject-2.0.so.0
#30 0x0000ffff49767de8 [PAC] in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#31 0x0000ffff49767ea4 [PAC] in g_signal_emit () at /lib64/libgobject-2.0.so.0
#32 0x0000ffff49752610 [PAC] in g_object_dispatch_properties_changed.lto_priv () at /lib64/libgobject-2.0.so.0
#33 0x0000ffff49756664 [PAC] in g_object_notify_by_pspec () at /lib64/libgobject-2.0.so.0
#34 0x0000ffff494a8ca8 [PAC] in clutter_stage_grab_full (stage=0x5540df0, actor=0x5540df0, owns_actor=0) at ../clutter/clutter/clutter-stage.c:3931
#35 0x0000ffff494a8cf0 in clutter_stage_grab (stage=0x5540df0, actor=0x5540df0) at ../clutter/clutter/clutter-stage.c:3954
#36 0x0000ffff47d5c050 in ffi_call_SYSV () at /lib64/libffi.so.8
#37 0x0000ffff47d563ac in ffi_call_int () at /lib64/libffi.so.8
#38 0x0000ffff495807c8 [PAC] in Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) [clone .localalias] [clone .lto_priv.0] () at /lib64/libgjs.so.0
#39 0x0000ffff4958a9bc [PAC] in Gjs::Function::call(JSContext*, unsigned int, JS::Value*) () at /lib64/libgjs.so.0
#40 0x0000ffff46f6f218 [PAC] in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /lib64/libmozjs-115.so.0
#41 0x0000ffff46f63b54 [PAC] in js::Interpret(JSContext*, js::RunState&) () at /lib64/libmozjs-115.so.0
#42 0x0000ffff46f6ee2c [PAC] in js::RunScript(JSContext*, js::RunState&) () at /lib64/libmozjs-115.so.0
#43 0x0000ffff46f6f318 [PAC] in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /lib64/libmozjs-115.so.0
#44 0x0000ffff46f6f77c [PAC] in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) () at /lib64/libmozjs-115.so.0
#45 0x0000ffff46fe8f7c [PAC] in JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /lib64/libmozjs-115.so.0
#46 0x0000ffff4957dfac [PAC] in Gjs::Closure::invoke(JS::Handle<JSObject*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /lib64/libgjs.so.0
#47 0x0000ffff495b801c [PAC] in Gjs::Closure::marshal(_GValue*, unsigned int, _GValue const*, void*, void*) () at /lib64/libgjs.so.0
#48 0x0000ffff49745ec4 [PAC] in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#49 0x0000ffff497789e4 [PAC] in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#50 0x0000ffff49767b14 [PAC] in signal_emit_valist_unlocked () at /lib64/libgobject-2.0.so.0
#51 0x0000ffff49767de8 [PAC] in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#52 0x0000ffff49767ea4 [PAC] in g_signal_emit () at /lib64/libgobject-2.0.so.0
#53 0x0000ffff490c2630 [PAC] in meta_display_overlay_key_activate (display=0x5584da0) at ../src/core/display.c:2517
#54 0x0000ffff490cb1e0 in process_special_modifier_key
(display=0x5584da0, event=0xfffefc094c00, window=0x9d92a70, modifier_press_only=0x5584e60, resolved_key_combo=0x5584e50, trigger_callback=0xffff490c2608 <meta_display_overlay_key_activate>)
#55 0x0000ffff490cb340 in process_overlay_key (display=0x5584da0, event=0xfffefc094c00, window=0x9d92a70) at ../src/core/keybindings.c:2051
#56 0x0000ffff490cb560 in process_key_event (display=0x5584da0, window=0x9d92a70, event=0xfffefc094c00) at ../src/core/keybindings.c:2128
#57 0x0000ffff490cb6b8 in meta_keybindings_process_event (display=0x5584da0, window=0x9d92a70, event=0xfffefc094c00) at ../src/core/keybindings.c:2191
#58 0x0000ffff490c5d94 in meta_display_handle_event (display=0x5584da0, event=0xfffefc094c00, event_actor=0x5540df0) at ../src/core/events.c:398
#59 0x0000ffff490c6008 in event_callback (event=0xfffefc094c00, event_actor=0x5540df0, data=0x5584da0) at ../src/core/events.c:497
#60 0x0000ffff49469fd0 in _clutter_event_process_filters (event=0xfffefc094c00, event_actor=0x5540df0) at ../clutter/clutter/clutter-event.c:1281
#61 0x0000ffff4948bf40 in clutter_stage_handle_event (stage=0x5540df0, event=0xfffefc094c00) at ../clutter/clutter/clutter-main.c:557
#62 0x0000ffff49050c98 in dispatch_clutter_event (backend=0x506cf50) at ../src/backends/meta-backend.c:1133
#63 0x0000ffff49050d60 in clutter_source_dispatch (source=0x5530790, callback=0x0, user_data=0x0) at ../src/backends/meta-backend.c:1177
#64 0x0000ffff49820350 in g_main_context_dispatch_unlocked.lto_priv () at /lib64/libglib-2.0.so.0
#65 0x0000ffff4987e75c [PAC] in g_main_context_iterate_unlocked.isra () at /lib64/libglib-2.0.so.0
#66 0x0000ffff49821aa4 [PAC] in g_main_loop_run () at /lib64/libglib-2.0.so.0
#67 0x0000ffff490d1be8 [PAC] in meta_context_run_main_loop (context=0x4ee06a0, error=0xffffdae65df0) at ../src/core/meta-context.c:523
#68 0x0000ffff47d5c050 in ffi_call_SYSV () at /lib64/libffi.so.8
#69 0x0000ffff47d563ac in ffi_call_int () at /lib64/libffi.so.8
#70 0x0000ffff495807c8 [PAC] in Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) [clone .localalias] [clone .lto_priv.0] () at /lib64/libgjs.so.0
#71 0x0000ffff4958a9bc [PAC] in Gjs::Function::call(JSContext*, unsigned int, JS::Value*) () at /lib64/libgjs.so.0
#72 0x0000ffff46f6f218 [PAC] in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /lib64/libmozjs-115.so.0
#73 0x0000ffff46f63b54 [PAC] in js::Interpret(JSContext*, js::RunState&) () at /lib64/libmozjs-115.so.0
#74 0x0000ffff46f6eec0 [PAC] in js::RunScript(JSContext*, js::RunState&) () at /lib64/libmozjs-115.so.0
#75 0x0000ffff46f6f318 [PAC] in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /lib64/libmozjs-115.so.0
#76 0x0000ffff46f6f77c [PAC] in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) () at /lib64/libmozjs-115.so.0
#77 0x0000ffff46fe8cc0 [PAC] in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /lib64/libmozjs-115.so.0
#78 0x0000ffff495bacfc [PAC] in GjsContextPrivate::run_main_loop_hook() [clone .localalias] () at /lib64/libgjs.so.0
#79 0x0000ffff495c28bc [PAC] in gjs_context_eval_module () at /lib64/libgjs.so.0
#80 0x0000ffff495c2c90 [PAC] in gjs_context_eval_module_file () at /lib64/libgjs.so.0
#81 0x0000000000411b58 [PAC] in main (argc=1, argv=0xffffdae66928) at ../src/main.c:708
Edited by Jonas Dreßler