GNOME Bugzilla – Bug 780681
EGL wayland surfaces are freed too early (?)
Last modified: 2018-05-02 18:20:08 UTC
GTK+ EGL applications such as totem or gnome-maps on wayland segphault on exit because they try to use surfaces that have been already freed. The issue seems to be in GDK, because in gnome, they crash the entire session (gnome-shell also crashes), but in weston only the application throws segpfault when exiting. I am assuming this is because weston does not use GTK+ but gnome-shell does. This is an example trace from totem: ---------------------------------------------------------------------------- Core was generated by `totem bbb_720p.mov'. Program terminated with signal SIGSEGV, Segmentation fault.
+ Trace 237295
(gdb) print (struct wl_proxy) *0x7f6bedb0 $3 = {object = {interface = 0x7fe1bfc8, implementation = 0x7fb51c30, id = 44}, display = 0x7f660ec0, queue = 0x7f660f2c, flags = 2, refcount = 1, user_data = 0x0, dispatcher = 0x0, version = 3} (gdb) print (struct wl_interface) *0x7fe1bfc8 # => this is proxy->interface - you can see the name is garbage already $4 = {name = 0xa93e931d "iXh\377\367Һ\022KP!0\265{D\021L\205\260\025F\034Y#h\003\223\377\367\f\354\016IjF", version = 49, method_count = -2147421248, methods = 0x7f6beda8, event_count = 0, events = 0x0} (gdb) print (struct wl_message) *0x7f6beda8 # => this is proxy->interface->methods => you can see the signature field cannot be accessed (0x31 is invalid) leading to the segmentation fault $5 = {name = 0x0, signature = 0x31 <error: Cannot access memory at address 0x31>, types = 0x7fe1bfc8} ---------------------------------------------------------------------------- This is running gtk+ 3.22.8 (debian stretch) on armhf architecture with Mali T628 GPU using the ARM wayland drivers version r12p0. All files in the egl-current directory (including libwayland-egl.so) are symlinks to the binary mali driver libmali.so I've raised the issue first with ARM (see https://community.arm.com/graphics/f/discussions/8146/r12p0-wayland-driver-odroid-xu3-frees-objects-too-early-leading-to-segm-fault) and after investigation I was told by an ARM engineer that the issue probably is in GDK: <quote> This segfault can happen if the application frees the Wayland surface too early, specifically if the associated EGL surface is still current. If this is the case, the application is doing something like the following during clean up: eglDestroySurface(egl_surface); wl_egl_window_destroy(wl_egl_window_win); wl_surface_destroy(wl_surface); If egl_surface was either the draw or read argument in the previous call to eglMakeCurrent, egl_surface and wl_egl_window_win are only marked for deletion and are still in use. Destroying wl_surface results in the SEGFAULT when the driver subsequently needs to do something with the wl_surface (in this case, part of deletion). EGL spec 1.5 sections 3.5.5 and 3.2 cover the lifetime of EGL objects. There are 2 possible application fixes you could consider: * Call eglMakeCurrent(display, EGL_NO_SURFACE, EGL_NO_SURFACE, EGL_NO_CONTEXT) before destroying the surface. * Call eglTerminate() instead of destroying the surfaces individually. I'm reasonably confident that this is an issue in GDK (or how totem is calling GTK+) rather than the driver. </quote>
Not necessarily gdk, could be clutter as well, as both totem and gnome-maps uses clutter (which use a subsurface). That leads to another question, which version of clutter do you use? Can you try with clutter from git master which has a different implementation for subsurfaces (one that uses gdk, rather than using wayland directly). (Also, I find it odd that it crashes the rest of the session, even if a client is crashing, why would that cause gnome-shell to crash as well, those are completely different processes)
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gtk/issues/795.