Mutter crash on destroy/reload under X11
In Ubuntu 19.04 we've quite a lot crashes with the stacktrace below, as we try to access to display when it's unset.
See errors.ubuntu.com details or launchpad bug #1813716.
A similar issue is reported also in RH bugzilla.
I suppose it mostly happens when closing the session or when doing Alt+F2
-> r
.
#0 __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
set = {__val = {0, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 0, 2820939509996372480, 93850586939232, 140724654479040}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x0000555b4ae5801b in dump_gjs_stack_on_signal_handler ()
No symbol table info available.
#2 <signal handler called>
No locals.
#3 meta_x11_display_get_xdisplay (x11_display=0x0) at ../src/x11/meta-x11-display.c:1385
No locals.
#4 0x00007f7c75347284 in detach_pixmap (self=0x555b4eba5650) at ../src/compositor/meta-surface-actor-x11.c:89
display = 0x555b4cbc8010
xdisplay = <optimized out>
stex = <optimized out>
#5 0x00007f7c75347994 in meta_surface_actor_x11_dispose (object=0x555b4eba5650) at ../src/compositor/meta-surface-actor-x11.c:351
self = 0x555b4eba5650
#6 0x00007f7c75f3bf83 in g_object_unref (_object=<optimized out>) at ../../../gobject/gobject.c:3308
weak_locations = 0x0
object = <optimized out>
old_ref = <optimized out>
object = <optimized out>
old_ref = <optimized out>
__FUNCTION__ = "g_object_unref"
_g_boolean_var_ = <optimized out>
has_toggle_ref = <optimized out>
weak_locations = <optimized out>
weak_ref_location = <optimized out>
has_toggle_ref = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
#7 g_object_unref (_object=0x555b4eba5650) at ../../../gobject/gobject.c:3238
object = 0x555b4eba5650
old_ref = <optimized out>
__FUNCTION__ = "g_object_unref"
_g_boolean_var_ = <optimized out>
has_toggle_ref = <optimized out>
weak_locations = <optimized out>
weak_ref_location = <optimized out>
has_toggle_ref = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
#8 0x00007f7c756240cc in ObjectInstance::release_native_object (this=this@entry=0x555b6415a400) at gi/object.cpp:1276
No locals.
#9 0x00007f7c7562b636 in ObjectInstance::disassociate_js_gobject (this=0x555b6415a400) at gi/object.cpp:1474
had_toggle_down = <optimized out>
had_toggle_up = <optimized out>
toggle_queue = <optimized out>
had_toggle_down = <optimized out>
had_toggle_up = <optimized out>
toggle_queue = <optimized out>
#10 ObjectInstance::disassociate_js_gobject (this=0x555b6415a400) at gi/object.cpp:1455
had_toggle_down = <optimized out>
had_toggle_up = <optimized out>
toggle_queue = @0x7f7c756c78a0: {lock = {<std::__mutex_base> = {_M_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}}, <No data fields>}, q = {<std::_Deque_base<ToggleQueue::Item, std::allocator<ToggleQueue::Item> >> = {_M_impl = {<std::allocator<ToggleQueue::Item>> = {<__gnu_cxx::new_allocator<ToggleQueue::Item>> = {<No data fields>}, <No data fields>}, _M_map = 0x555b4cf620d0, _M_map_size = 8, _M_start = {_M_cur = 0x555b4cd70800, _M_first = 0x555b4cd70800, _M_last = 0x555b4cd70a00, _M_node = 0x555b4cf620e8}, _M_finish = {_M_cur = 0x555b4cd70800, _M_first = 0x555b4cd70800, _M_last = 0x555b4cd70a00, _M_node = 0x555b4cf620e8}}}, <No data fields>}, m_shutdown = {_M_base = {static _S_alignment = 1, _M_i = true}}, m_idle_id = 0, m_toggle_handler = 0x0}
#11 0x00007f7c7562726c in std::function<void (ObjectInstance*)>::operator()(ObjectInstance*) const (__args#0=<optimized out>, this=0x7ffd030a9f10) at /usr/include/c++/8/bits/std_function.h:682
No locals.
#12 ObjectInstance::remove_wrapped_gobjects_if(std::function<bool (ObjectInstance*)>, std::function<void (ObjectInstance*)>) (predicate=..., action=...) at gi/object.cpp:1087
priv = <optimized out>
__for_range = @0x7ffd030a9e70: {<std::_Vector_base<ObjectInstance*, std::allocator<ObjectInstance*> >> = {_M_impl = {<std::allocator<ObjectInstance*>> = {<__gnu_cxx::new_allocator<ObjectInstance*>> = {<No data fields>}, <No data fields>}, _M_start = 0x555b52161000, _M_finish = 0x555b52161518, _M_end_of_storage = 0x555b52161800}}, <No data fields>}
__for_begin = <optimized out>
__for_end = <optimized out>
removed = {<std::_Vector_base<ObjectInstance*, std::allocator<ObjectInstance*> >> = {_M_impl = {<std::allocator<ObjectInstance*>> = {<__gnu_cxx::new_allocator<ObjectInstance*>> = {<No data fields>}, <No data fields>}, _M_start = 0x555b52161000, _M_finish = 0x555b52161518, _M_end_of_storage = 0x555b52161800}}, <No data fields>}
#13 0x00007f7c75627344 in update_heap_wrapper_weak_pointers (cx=<optimized out>, compartment=<optimized out>, data=<optimized out>) at /usr/include/c++/8/new:169
No locals.
#14 0x00007f7c73a36fda in js::gc::GCRuntime::callWeakPointerCompartmentCallbacks (comp=0x555b4c93a1d0, this=0x555b4c929978) at ./debian/build/dist/include/mozilla/ThreadLocal.h:223
__for_range = @0x555b4c92a918: {<js::SystemAllocPolicy> = {<No data fields>}, static kElemIsPod = false, static kMaxInlineBytes = 999, static kInlineCapacity = 4, mBegin = 0x555b4c92a930, mLength = 2, mTail = {<mozilla::Vector<js::gc::Callback<void (*)(JSContext*, JSCompartment*, void*)>, 4, js::SystemAllocPolicy>::CapacityAndReserved> = {mCapacity = 4}, mBytes = "p\027bu|\177\000\000\000\000\000\000\000\000\000\000\300rbu|\177", '\000' <repeats 41 times>}, static sMaxInlineStorage = <optimized out>}
__for_begin = 0x555b4c92a940
__for_end = 0x555b4c92a950
__for_range = <optimized out>
__for_begin = <optimized out>
__for_end = <optimized out>
p = @0x555b4c92a940: {op = {<js::ProtectedData<js::CheckActiveThread<(js::AllowedHelperThread)1>, void (*)(JSContext*, JSCompartment*, void*)>> = {value = 0x7f7c756272c0 <update_heap_wrapper_weak_pointers(JSContext*, JSCompartment*, gpointer)>}, <No data fields>}, data = {<js::ProtectedData<js::CheckActiveThread<(js::AllowedHelperThread)1>, void*>> = {value = 0x0}, <No data fields>}}
p = <optimized out>
p = <optimized out>
__for_range = <optimized out>
__for_begin = <optimized out>
__for_end = <optimized out>
#15 js::gc::GCRuntime::beginSweepingSweepGroup (this=0x555b4c929978, fop=<optimized out>, budget=...) at ./js/src/gc/GC.cpp:5651
comp = {zone = 0x555b4c938f10, it = 0x555b4c9394b0}
zone = {current = 0x555b4c938f10}
ap2 = {stats = @0x555b4c9299d0, phaseKind = js::gcstats::PhaseKind::WEAK_COMPARTMENT_CALLBACK, enabled = true}
ap = {stats = @0x555b4c9299d0, phaseKind = js::gcstats::PhaseKind::FINALIZE_START, enabled = true}
scc = {stats = @0x555b4c9299d0, scc = 0, start = {mValue = <optimized out>}}
sweepingAtoms = <optimized out>
#16 0x00007f7c73a10094 in sweepaction::SweepActionSequence<js::gc::GCRuntime*, js::FreeOp*, js::SliceBudget&>::run (this=0x555b4c925c40, args#0=0x555b4c929978, args#1=0x7ffd030aa280, args#2=...) at ./debian/build/dist/include/mozilla/UniquePtr.h:326
iter = {maybeIter = @0x555b4c925c60}
#17 0x00007f7c73a1ae3a in sweepaction::SweepActionRepeatFor<js::gc::SweepGroupsIter, JSRuntime*, js::gc::GCRuntime*, js::FreeOp*, js::SliceBudget&>::run (this=0x555b4c925cc0, args#0=0x555b4c929978, args#1=0x7ffd030aa280, args#2=...) at ./debian/build/dist/include/mozilla/UniquePtr.h:326
iter = {maybeIter = @0x555b4c925cd8}
#18 0x00007f7c73a1b975 in js::gc::GCRuntime::performSweepActions (this=this@entry=0x555b4c929978, budget=...) at ./debian/build/dist/include/mozilla/UniquePtr.h:326
threadIsSweeping = <optimized out>
ap = {stats = @0x555b4c9299d0, phaseKind = js::gcstats::PhaseKind::SWEEP, enabled = true}
fop = {<JSFreeOp> = {runtime_ = 0x555b4c929480}, freeLaterList = {<js::SystemAllocPolicy> = {<No data fields>}, static kElemIsPod = true, static kMaxInlineBytes = <optimized out>, static kInlineCapacity = 0, mBegin = 0x0, mLength = 0, mTail = {<mozilla::Vector<void*, 0, js::SystemAllocPolicy>::CapacityAndReserved> = {mCapacity = 0}, <No data fields>}, static sMaxInlineStorage = <optimized out>}, jitPoisonRanges = {<js::SystemAllocPolicy> = {<No data fields>}, static kElemIsPod = false, static kMaxInlineBytes = <optimized out>, static kInlineCapacity = 0, mBegin = 0x0, mLength = 0, mTail = {<mozilla::Vector<js::jit::JitPoisonRange, 0, js::SystemAllocPolicy>::CapacityAndReserved> = {mCapacity = 0}, <No data fields>}, static sMaxInlineStorage = <optimized out>}}
#19 0x00007f7c73a3eb89 in js::gc::GCRuntime::incrementalCollectSlice (this=this@entry=0x555b4c929978, budget=..., reason=reason@entry=JS::gcreason::API, session=...) at ./js/src/gc/GC.cpp:7084
slice = <optimized out>
destroyingRuntime = false
useZeal = false
#20 0x00007f7c73a3fb08 in js::gc::GCRuntime::gcCycle (this=this@entry=0x555b4c929978, nonincrementalByAPI=nonincrementalByAPI@entry=true, budget=..., reason=reason@entry=JS::gcreason::API) at ./js/src/gc/GC.cpp:7413
callCallbacks = <optimized out>
agc = {stats = @0x555b4c9299d0}
session = {maybeLock = {mStorage = "\200\224\222L[U\000", mIsSome = 1 '\001'}, runtime = 0x555b4c929480, prevState = JS::HeapState::Idle, pseudoFrame = {profiler_ = 0x0}}
result = <optimized out>
#21 0x00007f7c73a3ffd8 in js::gc::GCRuntime::collect (this=this@entry=0x555b4c929978, nonincrementalByAPI=nonincrementalByAPI@entry=true, budget=..., reason=reason@entry=JS::gcreason::API) at ./js/src/gc/GC.cpp:7556
wasReset = <optimized out>
logGC = <optimized out>
av = <optimized out>
aept = {gc_ = @0x555b4c929978}
asz = <optimized out>
repeat = <optimized out>
#22 0x00007f7c73a4015b in js::gc::GCRuntime::gc (this=0x555b4c929978, gckind=gckind@entry=GC_NORMAL, reason=reason@entry=JS::gcreason::API) at ./debian/build/dist/include/js/SliceBudget.h:61
No locals.
#23 0x00007f7c7372bb3e in JS_GC (cx=<optimized out>) at ./js/src/vm/JSContext.h:305
No locals.
#24 0x00007f7c7563ba5c in gjs_context_dispose (object=<optimized out>) at gjs/context.cpp:392
js_context = 0x555b4c8d6250
#25 0x00007f7c75f3bf83 in g_object_unref (_object=<optimized out>) at ../../../gobject/gobject.c:3308
weak_locations = 0x0
object = <optimized out>
old_ref = <optimized out>
object = <optimized out>
old_ref = <optimized out>
__FUNCTION__ = "g_object_unref"
_g_boolean_var_ = <optimized out>
has_toggle_ref = <optimized out>
weak_locations = <optimized out>
weak_ref_location = <optimized out>
has_toggle_ref = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
#26 g_object_unref (_object=0x555b4c8d6250) at ../../../gobject/gobject.c:3238
object = 0x555b4c8d6250
old_ref = <optimized out>
__FUNCTION__ = "g_object_unref"
_g_boolean_var_ = <optimized out>
has_toggle_ref = <optimized out>
weak_locations = <optimized out>
weak_ref_location = <optimized out>
has_toggle_ref = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
#27 0x0000555b4ae5786b in main ()
No symbol table info available.