Bug 73871

Summary: Weston 1.3.93 crashes when I'm shutting down a Wayland-EGL Qt5 client(assistant-qt5) on both X11 backend and DRM backend. The breakpoint is in wayland library.
Product: Wayland Reporter: Icenowy Zheng <icenowylin>
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Icenowy Zheng 2014-01-21 11:30:05 UTC 
My Qt version is 5.2.0, and qtwayland is the newest git version.

[11:24:54.078] caught signal: 11
[11:24:54.078]   [000000000040824a]  --  (weston)
[11:24:54.078]   [00000000004082b7]  --  (weston)
[11:24:54.078]   [00007f07deffa7f0]  --  (/lib/libpthread.so.0)
[11:24:54.078]   [00007f07e002bc47]  wl_list_remove  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [00007f07d60b834f]  --  (/usr/lib/weston/desktop-shell.so)
[11:24:54.078]   [00007f07e002729c]  --  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [00007f07e002785c]  wl_resource_destroy  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [000000000040c254]  weston_surface_destroy  (weston)
[11:24:54.078]   [00007f07e002729c]  --  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [00007f07e002bbf6]  --  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [00007f07e002c19e]  wl_map_for_each  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [00007f07e0027ab8]  wl_client_destroy  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [00007f07e0027c4f]  --  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [00007f07e0029dc3]  wl_event_loop_dispatch  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.078]   [00007f07e0028215]  wl_display_run  (/usr/lib/../lib64/libwayland-server.so.0)
[11:24:54.079]   [0000000000407b27]  --  (weston)
[11:24:54.079]   [00007f07dec5e9e5]  __libc_start_main  (/lib/libc.so.6)
[11:24:54.079]   [0000000000407c89]  --  (weston)
Trace/breakpoint trap(Core dumped)

While I am debugging the core, 
#0  0x00007f07deffa6cb in raise (sig=5)
    at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:38
#1  <signal handler called>
#2  0x00007f07e002bc47 in wl_list_remove (elm=elm@entry=0x13bb0c0)
    at wayland-util.c:53
#3  0x00007f07d60b834f in destroy_shell_surface (shsurf=0x13bb060)
    at shell.c:2916
#4  0x00007f07e002729c in destroy_resource (element=0x13118c0, 
    data=data@entry=0x0) at wayland-server.c:533
#5  0x00007f07e002785c in wl_resource_destroy (resource=<optimized out>)
    at wayland-server.c:546
#6  0x000000000040c254 in wl_signal_emit (data=0x13bae70, signal=0x13bae78)
    at /usr/include/wayland-server.h:260
#7  weston_surface_destroy (surface=0x13bae70) at compositor.c:1454
#8  weston_surface_destroy (surface=0x13bae70) at compositor.c:1446
#9  0x00007f07e002729c in destroy_resource (element=0x134aa90, 
    data=<optimized out>) at wayland-server.c:533
#10 0x00007f07e002bbf6 in for_each_helper (
    func=func@entry=0x7f07e0027240 <destroy_resource>, 
    data=data@entry=0x7fff65dfe57c, entries=0x12dcc68, entries=0x12dcc68)
    at wayland-util.c:353
#11 0x00007f07e002c19e in wl_map_for_each (map=map@entry=0x12dcc68, 
    func=func@entry=0x7f07e0027240 <destroy_resource>,
...

The code near wayland-utils.c : 53 : 
WL_EXPORT void
wl_list_remove(struct wl_list *elm)
{
        elm->prev->next = elm->next;
        elm->next->prev = elm->prev;
        elm->next = NULL;
        elm->prev = NULL;
}
Comment 1 Icenowy Zheng 2014-01-21 11:44:16 UTC 
I'm wrong... It's maybe the bug from weston...
Comment 2 Ander Conselvan de Oliveira 2014-04-30 08:45:23 UTC 
I believe this bug was solved by the following commit:

commit adaa20c017a549593e2a735a2d8a73edc9c17b6d
Author: Emilio Pozuelo Monfort <emilio.pozuelo@collabora.co.uk>
Date:   Tue Jan 28 13:54:16 2014 +0100

    desktop-shell: initialize children link
    
    Since commit 9046d2, when destroying a surface, we remove all the
    links from its children. But when the child surfaces are destroyed,
    those links will be removed again, but since they were not properly
    initialized, weston will crash.
    
    Call shell_surface_set_parent instead which removes the link and
    sets parent while also initializing the link, thus avoiding this
    crash.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.