Bug 100897

Summary: SIGSEGV on desktop-shell focus change
Product: Wayland Reporter: worknesday
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED MOVED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
See Also: https://bugs.freedesktop.org/show_bug.cgi?id=100878
Whiteboard:
i915 platform: i915 features:

Description worknesday 2017-05-01 21:32:30 UTC
As seen on SHA 9ad4de1f7ad411fcb5a62eb85e17cf96ae076a0f; no modification

Stack trace:
    #0  0x00007ffff79a0313 in wl_list_insert () from /usr/lib64/libwayland-server.so.0
    #1  0x00007fffeeae16cf in wl_signal_add (signal=<optimized out>, listener=<optimized out>) at /usr/include/wayland-server-core.h:320
    #2  focus_state_set_focus (state=<optimized out>, surface=<optimized out>) at desktop-shell/shell.c:735
    #3  0x00007fffeeae7435 in activate (shell=0x7820e0, view=<optimized out>, seat=0x622100, flags=3) at desktop-shell/shell.c:3686
    #4  0x00007ffff7bc5d5d in weston_compositor_run_button_binding (compositor=compositor@entry=0x614c60, pointer=pointer@entry=0x76c900, 
        time=time@entry=3071980015, button=button@entry=272, state=state@entry=WL_POINTER_BUTTON_STATE_PRESSED) at libweston/bindings.c:368
    #5  0x00007ffff7bc13cd in notify_button (seat=seat@entry=0x622100, time=3071980015, button=button@entry=272, 
        state=WL_POINTER_BUTTON_STATE_PRESSED) at libweston/input.c:1673
    #6  0x00007ffff531065b in x11_backend_deliver_button_event (event=0x7bc180, b=0x622070) at libweston/compositor-x11.c:1230
    #7  x11_backend_handle_event (fd=<optimized out>, mask=<optimized out>, data=0x622070) at libweston/compositor-x11.c:1422
    #8  0x00007ffff799dd12 in wl_event_loop_dispatch () from /usr/lib64/libwayland-server.so.0
    #9  0x00007ffff799c1b5 in wl_display_run () from /usr/lib64/libwayland-server.so.0
    #10 0x0000000000405719 in main (argc=1, argv=<optimized out>) at compositor/main.c:1969

surface data:
    (gdb) p *es
    $6 = {resource = 0x7b2fb0, destroy_signal = {listener_list = {prev = 0x622190, next = 0x793a90}}, ...

    (gdb) p *es->destroy_signal.listener_list.prev
    $10 = {prev = 0x0, next = 0x7e1348}
Comment 1 worknesday 2017-05-01 21:33:53 UTC
I don't have any reproduction steps, it was out-of-the blue as I was playing with weston-editor. However, weston itself came crashing down
Comment 2 Pekka Paalanen 2017-05-02 09:09:42 UTC
Thanks for filing a new report.

Without steps to reproduce or a Valgrind error report, it's going to be hard to look into this, I guess. My first wild guesses would be either a stale pointer to a weston_surface(?), maybe together with use-after-free, or a generic overwriting of unintended memory.
Comment 3 GitLab Migration User 2018-06-08 23:55:25 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/wayland/weston/issues/91.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.