<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body><span class="vcard"><a class="email" href="mailto:kiagiadakis.george@gmail.com" title="George Kiagiadakis <kiagiadakis.george@gmail.com>"> <span class="fn">George Kiagiadakis</span></a> </span> changed <a class="bz_bug_link bz_status_NEW " title="NEW --- - subsurfaces: crash when destroying nested subsurfaces" href="https://bugs.freedesktop.org/show_bug.cgi?id=79684">bug 79684</a> <br> <table border="1" cellspacing="0" cellpadding="8"> <tr> <th>What</th> <th>Removed</th> <th>Added</th> </tr> <tr> <td style="text-align:right;">CC</td> <td> </td> <td>kiagiadakis.george@gmail.com </td> </tr></table> <p> <div> <b><a class="bz_bug_link bz_status_NEW " title="NEW --- - subsurfaces: crash when destroying nested subsurfaces" href="https://bugs.freedesktop.org/show_bug.cgi?id=79684#c2">Comment # 2</a> on <a class="bz_bug_link bz_status_NEW " title="NEW --- - subsurfaces: crash when destroying nested subsurfaces" href="https://bugs.freedesktop.org/show_bug.cgi?id=79684">bug 79684</a> from <span class="vcard"><a class="email" href="mailto:kiagiadakis.george@gmail.com" title="George Kiagiadakis <kiagiadakis.george@gmail.com>"> <span class="fn">George Kiagiadakis</span></a> </span></b> <pre>I had a look at this bug. The backtrace looks like: #0 0x00007ffff7bd7b47 in wl_list_remove (elm=elm@entry=0xbbc1a8) at src/wayland-util.c:54 #1 0x000000000040cba0 in weston_view_destroy (view=0xbbc180) at src/compositor.c:1711 #2 0x000000000040cc6b in surface_free_unused_subsurface_views (surface=0xac6610) at src/compositor.c:2018 #3 0x000000000040cc37 in surface_free_unused_subsurface_views (surface=0xac5da0) at src/compositor.c:2015 #4 0x000000000040ce20 in weston_compositor_build_view_list (compositor=0x63a250) at src/compositor.c:2104 #5 0x000000000040cb97 in weston_view_destroy (view=0xbbe280) at src/compositor.c:1708 #6 0x000000000040cc6b in surface_free_unused_subsurface_views (surface=0xacd4f0) at src/compositor.c:2018 #7 0x000000000040cc37 in surface_free_unused_subsurface_views (surface=0xac6610) at src/compositor.c:2015 #8 0x000000000040cc37 in surface_free_unused_subsurface_views (surface=0xac5da0) at src/compositor.c:2015 #9 0x000000000040ce20 in weston_compositor_build_view_list (compositor=0x63a250) at src/compositor.c:2104 #10 0x000000000040cb97 in weston_view_destroy (view=0xbbeac0) at src/compositor.c:1708 and continues for ~500 frames. It looks to me as if weston_compositor_build_view_list() is not meant to be called recursively, as it operates on the same object (compositor) all the time and just corrupts the lists on which it works on. I did a quick hack that works, but it's probably not the best idea: diff --git a/src/compositor.c b/src/compositor.c index 2c33297..6691e49 100644 --- a/src/compositor.c +++ b/src/compositor.c @@ -1699,13 +1699,18 @@ weston_surface_discard_queue(struct weston_surface *surface) WL_EXPORT void weston_view_destroy(struct weston_view *view) { + static int recursing = 0; + recursing++; + wl_signal_emit(&view->destroy_signal, view); assert(wl_list_empty(&view->geometry.child_list)); if (weston_view_is_mapped(view)) { weston_view_unmap(view); - weston_compositor_build_view_list(view->surface->compositor); + if (recursing == 1) + weston_compositor_build_view_list(view->surface->compositor); } wl_list_remove(&view->link); @@ -1719,6 +1724,8 @@ weston_view_destroy(struct weston_view *view) wl_list_remove(&view->surface_link); free(view); + recursing--; } WL_EXPORT void</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>