Crash in signal handler emission (more memory corruption?)
Hit another full-desktop crash today. This has got to be memory corruption:
#0 0x00007f6feb213602 in g_bsearch_array_lookup_fuzzy
(bconfig=0x7f6feb23f040 <g_signal_hlbsa_bconfig>, bconfig=0x7f6feb23f040 <g_signal_hlbsa_bconfig>, sibling_or_after=0, key_node=0x7ffdf8227cb0, barray=0x300055fb3063c950) at ../glib/gbsearcharray.h:150
cmp_nodes = 0x7f6feb2087e0 <handler_lists_cmp>
check = 0x0
nodes = 0x300055fb3063c958 <error: Cannot access memory at address 0x300055fb3063c958>
n_nodes = <optimized out>
offs = <optimized out>
sizeof_node = <optimized out>
cmp = <optimized out>
hlbsa = 0x300055fb3063c950
key =
{signal_id = 169, handlers = 0x74, tail_before = 0x0, tail_after = 0x7f6fea36cf55 <__libc_calloc+133>}
fastpath_handler = <optimized out>
closure = <optimized out>
run_type = <optimized out>
hlist = <optimized out>
l = <optimized out>
fastpath = <optimized out>
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = 0x55fb2dd5d5a0
i = <optimized out>
n_params = <optimized out>
__FUNCTION__ = "g_signal_emit_valist"
#1 handler_list_lookup (instance=0x55fb321f86b0, signal_id=169) at ../gobject/gsignal.c:443
hlbsa = 0x300055fb3063c950
key = {signal_id = 169, handlers = 0x74, tail_before = 0x0, tail_after = 0x7f6fea36cf55 <__libc_calloc+133>}
fastpath_handler = <optimized out>
closure = <optimized out>
run_type = <optimized out>
hlist = <optimized out>
l = <optimized out>
fastpath = <optimized out>
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = 0x55fb2dd5d5a0
i = <optimized out>
n_params = <optimized out>
__FUNCTION__ = "g_signal_emit_valist"
#2 g_signal_emit_valist (instance=0x55fb321f86b0, signal_id=169, detail=0, var_args=var_args@entry=0x7ffdf8227db0) at ../gobject/gsignal.c:3207
fastpath_handler = <optimized out>
closure = <optimized out>
run_type = <optimized out>
hlist = <optimized out>
l = <optimized out>
fastpath = <optimized out>
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = 0x55fb2dd5d5a0
i = <optimized out>
n_params = <optimized out>
__FUNCTION__ = "g_signal_emit_valist"
#3 0x00007f6feb2149d3 in g_signal_emit (instance=instance@entry=0x55fb321f86b0, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3453
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7ffdf8227e90, reg_save_area = 0x7ffdf8227dd0}}
#4 0x00007f6fea51e2d8 in meta_cursor_sprite_prepare_at (sprite=sprite@entry=0x55fb321f86b0 [MetaCursorSpriteWayland], x=<optimized out>, y=<optimized out>) at ../src/backends/meta-cursor.c:148
#5 0x00007f6fea51e7e5 in meta_cursor_renderer_update_cursor (renderer=renderer@entry=0x55fb2d9b6c70 [MetaCursorRendererNative], cursor_sprite=0x55fb321f86b0 [MetaCursorSpriteWayland]) at ../src/backends/meta-cursor-renderer.c:255
priv = 0x55fb2d9b6c40
handled_by_backend = <optimized out>
should_redraw = 0
#6 0x00007f6fea51ebdf in meta_cursor_renderer_set_position (renderer=renderer@entry=0x55fb2d9b6c70 [MetaCursorRendererNative], x=1.76696158e-11, x@entry=1627.66125, y=3.08439805e-41, y@entry=131.342529) at ../src/backends/meta-cursor-renderer.c:315
priv = <optimized out>
__func__ = "meta_cursor_renderer_set_position"
#7 0x00007f6fea51fc74 in meta_cursor_tracker_update_position (tracker=0x55fb2ce20400 [MetaCursorTracker], new_x=1627.66125, new_y=131.342529) at ../src/backends/meta-cursor-tracker.c:380
backend = <optimized out>
cursor_renderer = 0x55fb2d9b6c70 [MetaCursorRendererNative]
__func__ = "meta_cursor_tracker_update_position"
#8 0x00007f6fea56adb3 in meta_display_handle_event (event=0x55fb325c4ba0, display=0x55fb2dd5e010 [MetaDisplay]) at ../src/core/events.c:297
cursor_tracker = <optimized out>
compositor = 0x55fb2cdec840 [MetaWaylandCompositor]
window = <optimized out>
bypass_clutter = 0
backend = 0x55fb2cdf00e0 [MetaBackendNative]
bypass_wayland = 0
gesture_tracker = <optimized out>
sequence = <optimized out>
source = <optimized out>
compositor = 0x55fb2cdec840 [MetaWaylandCompositor]
display = 0x55fb2dd5e010 [MetaDisplay]
#9 event_callback (event=0x55fb325c4ba0, data=0x55fb2dd5e010) at ../src/core/events.c:479
display = 0x55fb2dd5e010 [MetaDisplay]
#10 0x00007f6fea75a585 in _clutter_event_process_filters (event=event@entry=0x55fb325c4ba0) at ../clutter/clutter/clutter-event.c:1922
event_filter = <optimized out>
context = <optimized out>
l = <optimized out>
next = 0x0
#11 0x00007f6fea771e64 in emit_pointer_event (device=0x55fb2d9a2130 [MetaInputDeviceNative], event=0x55fb325c4ba0) at ../clutter/clutter/clutter-main.c:1979
actor = <optimized out>
x = 1627.66125
y = 131.342529
device = 0x55fb2d9a2130 [MetaInputDeviceNative]
context = 0x55fb2d858310
stage = <optimized out>
#12 _clutter_process_event_details (context=0x55fb2d858310, event=0x55fb325c4ba0, stage=<optimized out>) at ../clutter/clutter/clutter-main.c:1979
actor = <optimized out>
x = 1627.66125
y = 131.342529
device = 0x55fb2d9a2130 [MetaInputDeviceNative]
context = 0x55fb2d858310
stage = <optimized out>
#13 _clutter_process_event (event=event@entry=0x55fb325c4ba0) at ../clutter/clutter/clutter-main.c:2155
context = 0x55fb2d858310
stage = <optimized out>
#14 0x00007f6fea789ce8 in _clutter_stage_process_queued_events (stage=0x55fb2d9b98f0 [MetaStage]) at ../clutter/clutter/clutter-stage.c:1250
next_event = <optimized out>
device = 0x55fb2d9a2130 [MetaInputDeviceNative]
device_type = <optimized out>
event = 0x55fb325c4ba0
next_device = <optimized out>
check_device = <optimized out>
priv = 0x55fb2d9b92d0
events = 0x55fb314a4ea0 = {0x55fb325c4ba0}
l = 0x55fb314a4ea0 = {0x55fb325c4ba0}
__func__ = "_clutter_stage_process_queued_events"
#15 0x00007f6fea7732b9 in master_clock_process_events (master_clock=<optimized out>, stages=0x55fb31be4860 = {...}) at ../clutter/clutter/clutter-master-clock-default.c:288
l = 0x55fb31be4860 = {0x55fb2d9b98f0}
clock_source = 0x55fb319569e0
stages = 0x55fb31be4860 = {0x55fb2d9b98f0}
#16 clutter_clock_dispatch (source=source@entry=0x55fb319569e0, callback=<optimized out>, user_data=<optimized out>) at ../clutter/clutter/clutter-master-clock-default.c:483
clock_source = 0x55fb319569e0
stages = 0x55fb31be4860 = {0x55fb2d9b98f0}
#17 0x00007f6feb10d4a0 in g_main_dispatch (context=0x55fb2cdea9c0) at ../glib/gmain.c:3179
dispatch = <optimized out>
prev_source = 0x0
was_in_call = <optimized out>
user_data = 0x0
callback = 0x0
cb_funcs = 0x0
cb_data = 0x0
need_destroy = <optimized out>
source = 0x55fb319569e0
current = 0x55fb2cdbb090
i = 0
__FUNCTION__ = "g_main_dispatch"
#18 g_main_context_dispatch (context=context@entry=0x55fb2cdea9c0) at ../glib/gmain.c:3844
#19 0x00007f6feb10d830 in g_main_context_iterate (context=0x55fb2cdea9c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3917
max_priority = 2147483647
timeout = 12
some_ready = 1
nfds = <optimized out>
allocated_nfds = <optimized out>
fds = 0x55fb32254860
#20 0x00007f6feb10db23 in g_main_loop_run (loop=0x55fb2da99270) at ../glib/gmain.c:4111
__FUNCTION__ = "g_main_loop_run"
#21 0x00007f6fea571cb0 in meta_run () at ../src/core/main.c:676
#22 0x000055fb2c11fcad in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:552
ctx = <optimized out>
error = 0x0
ecode = <optimized out>
We might need to think hard about what we can do to debug such issues. Running gnome-shell under valgrind for a month, hoping to catch a crash, doesn't sound fun or practical to me. Maybe we need to deploy an asan build or something.