Regression of !10941: mutter Wayland on bare metal crashes when closing HW accelerated windows
System information
System: Host: akaboushi Kernel: 5.12.8-300.fc34.x86_64 x86_64 bits: 64 compiler: gcc v: 2.35.1-41.fc34 Desktop: N/A
wm: gnome-shell dm: GDM Distro: Fedora release 34 (Thirty Four)
CPU: Info: Quad Core model: Intel Core i7-8665U bits: 64 type: MT MCP arch: Kaby Lake note: check rev: C cache:
L2: 8 MiB
flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 33599
Speed: 485 MHz min/max: 400/4800 MHz Core speeds (MHz): 1: 485 2: 1001 3: 1000 4: 1001 5: 950 6: 950 7: 994 8: 995
Graphics: Device-1: Intel WhiskeyLake-U GT2 [UHD Graphics 620] vendor: Lenovo driver: i915 v: kernel bus-ID: 00:02.0
chip-ID: 8086:3ea0
Device-2: IMC Networks Integrated Camera type: USB driver: uvcvideo bus-ID: 1-8:3 chip-ID: 13d3:56bc
Display: server: X.Org 1.21.1.1 compositor: gnome-shell driver: loaded: modesetting unloaded: fbdev,vesa
resolution: 1920x1080~60Hz s-dpi: 96
OpenGL: renderer: Mesa Intel UHD Graphics 620 (WHL GT2) v: 4.6 Mesa 21.2.0-devel (git-f62724ccac)
direct render: Yes
Reproduction steps
- Start mutter/gnome-shell in Wayland mode on bare metal (I've reproduced with mutter 40 & a recent Git master snapshot)
- Run a HW accelerated app (I've reproduced with GpuTest's furmark or
glxgears
) - Close the app window
mutter crashes.
The backtrace is weird, see below (The exact symbol name passed to do_lookup_x
varies).
valgrind
also reports a crash with the same backtrace, no other errors before. Still, I suspect this is some kind of memory corruption.
#0 do_lookup_x
(undef_name=undef_name@entry=0x7fe8975040c0 "clutter_actor_destroy", new_hash=new_hash@entry=1568822825, old_hash=old_hash@entry=0x7ffe61118140, ref=0x7fe8974f04d0, result=result@entry=0x7ffe61118150, scope=<optimized out>, i=0, version=0x0, flags=5, skip=<optimized out>, type_class=<optimized out>, undef_map=0x7fe8976fe000) at dl-lookup.c:402
#1 0x00007fe897727931 in _dl_lookup_symbol_x
(undef_name=0x7fe8975040c0 "clutter_actor_destroy", undef_map=0x7fe8976fe000, ref=ref@entry=0x7ffe611181e8, symbol_scope=<optimized out>, version=0x0, type_class=type_class@entry=1, flags=5, skip_map=0x0) at dl-lookup.c:855
#2 0x00007fe89772bc14 in _dl_fixup (l=<optimized out>, reloc_arg=<optimized out>) at dl-runtime.c:109
#3 0x00007fe89773323e in _dl_runtime_resolve_xsavec () at ../sysdeps/x86_64/dl-trampoline.h:126
#4 0x00007fe897617c2b in meta_window_actor_after_effects (self=0x1cf2d30 [MetaWindowActorX11]) at ../src/compositor/meta-window-actor.c:678
#5 meta_window_actor_effect_completed (self=0x1cf2d30 [MetaWindowActorX11], event=<optimized out>) at ../src/compositor/meta-window-actor.c:770
#6 0x00007fe896e1683a in _g_closure_invoke_va (param_types=0x0, n_params=<optimized out>, args=0x7ffe611187c0, instance=0x1384210, return_value=0x0, closure=0x1b49990) at ../gobject/gclosure.c:873
#7 g_signal_emit_valist (instance=0x1384210, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffe611187c0) at ../gobject/gsignal.c:3406
#8 0x00007fe896e16983 in g_signal_emit (instance=instance@entry=0x1384210, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3553
#9 0x00007fe89711387c in clutter_timeline_do_frame (timeline=0x1384210 [ClutterPropertyTransition]) at ../clutter/clutter/clutter-timeline.c:1298
#10 0x00007fe8971141b8 in _clutter_timeline_do_tick (timeline=<optimized out>, tick_time=<optimized out>) at ../clutter/clutter/clutter-timeline.c:1941
#11 0x00007fe8970ce0cb in advance_timelines (frame_clock=<optimized out>, frame_clock=0x1386510 [ClutterFrameClock], time_us=3418748493) at ../clutter/clutter/clutter-frame-clock.c:184
#12 clutter_frame_clock_dispatch (time_us=3418748493, frame_clock=0x1386510 [ClutterFrameClock]) at ../clutter/clutter/clutter-frame-clock.c:613
#13 frame_clock_source_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../clutter/clutter/clutter-frame-clock.c:657
#14 0x00007fe89740a4cf in g_main_dispatch (context=0xfb42b0) at ../glib/gmain.c:3337
#15 g_main_context_dispatch (context=0xfb42b0) at ../glib/gmain.c:4055
#16 0x00007fe89745e4e8 in g_main_context_iterate.constprop.0 (context=0xfb42b0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4131
#17 0x00007fe897409a93 in g_main_loop_run (loop=0x1394530) at ../glib/gmain.c:4329
#18 0x00007fe897630c0c in meta_run_main_loop () at ../src/core/main.c:928
#19 0x00007fe897630c1e in meta_run () at ../src/core/main.c:943
#20 0x0000000000201b13 in main (argc=<optimized out>, argv=<optimized out>) at ../src/core/mutter.c:78
Regression
This is a regression. I bisected to !10941 (f62724cc) .