Crash when destroying a newly resized EGLsurface with wayland egl (dri2)
Submitted by Johan Helsing
Assigned to Wayland bug list
Link to original bug (#105507)
Description
In dri2_wl_surface_release_buffers, a wl_buffer is not destroyed if it's locked. Afterwards it's set to null regardless (dri2_surf->color_buffers[i].wl_buffer = NULL;)
Normally, this is fine, since the buffer will be released by the wl_buffer_release event when the compositor is done with it. But if the EGLSurface is destroyed first, then the event queue for the surface (and for the wl_buffer) is destroyed, and the wl_release event then causes a crash because we try to use a destroyed event queue.
One solution would be to maintain a separate list of buffers we tried to destroy, but couldn't because they were locked. And make sure they are destroyed in dri2_wl_destroy_surface.
This might not be a problem users frequently run into, but it's causing many unit tests in Qt to be flaky, and we probably have to blacklist them until this is fixed (https://bugreports.qt.io/browse/QTBUG-66848)
Version: 17.3