Bug 1185585
Summary: | anaconda crashes after continuing from language selection screen | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Chris Murphy <bugzilla> | ||||||
Component: | gtk3 | Assignee: | Matthias Clasen <mclasen> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 22 | CC: | anaconda-maint-list, awilliam, bugzilla, ccecchi, danofsatx, g.kaviyarasu, jonathan, mclasen, robatino, satellitgo, vanmeeuwen+fedora, vpodzime | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | AcceptedBlocker | ||||||||
Fixed In Version: | gtk3-3.15.9-1.fc22 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-03-03 04:20:30 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1043121 | ||||||||
Attachments: |
|
Description
Chris Murphy
2015-01-24 22:56:09 UTC
Crash appears to be happening in gtk Stack trace of thread 997: #0 0x00000000b77cebac __kernel_vsyscall (linux-gate.so.1) #1 0x00000000b73f4137 raise (libc.so.6) #2 0x00000000b73f5a09 abort (libc.so.6) #3 0x00000000b743dd39 free_check (libc.so.6) #4 0x00000000b74414c2 __libc_free (libc.so.6) #5 0x00000000b6db49c2 g_free (libglib-2.0.so.0) #6 0x00000000b2e5f600 _gtk_allocated_bitmask_free (libgtk-3.so.0) #7 0x00000000b2e5f66e gtk_allocated_bitmask_shrink (libgtk-3.so.0) #8 0x00000000b2ef6f74 gtk_css_static_style_new_update (libgtk-3.so.0) #9 0x00000000b3067b89 update_properties (libgtk-3.so.0) #10 0x00000000b306aeec _gtk_style_context_validate (libgtk-3.so.0) #11 0x00000000b306ae22 _gtk_style_context_validate (libgtk-3.so.0) #12 0x00000000b306ae22 _gtk_style_context_validate (libgtk-3.so.0) #13 0x00000000b306ae22 _gtk_style_context_validate (libgtk-3.so.0) #14 0x00000000b306ae22 _gtk_style_context_validate (libgtk-3.so.0) #15 0x00000000b306ae22 _gtk_style_context_validate (libgtk-3.so.0) #16 0x00000000b306ae22 _gtk_style_context_validate (libgtk-3.so.0) #17 0x00000000b306ae22 _gtk_style_context_validate (libgtk-3.so.0) #18 0x00000000b2ece455 gtk_container_idle_sizer (libgtk-3.so.0) #19 0x00000000b6eb8669 g_cclosure_marshal_VOID__VOIDv (libgobject-2.0.so.0) #20 0x00000000b6eb6b4d _g_closure_invoke_va (libgobject-2.0.so.0) #21 0x00000000b6ed306c g_signal_emit_valist (libgobject-2.0.so.0) #22 0x00000000b6ed3dd5 g_signal_emit_by_name (libgobject-2.0.so.0) #23 0x00000000b2cbd076 gdk_frame_clock_paint_idle (libgdk-3.so.0) #24 0x00000000b2ca9e26 gdk_threads_dispatch (libgdk-3.so.0) #25 0x00000000b6daf442 g_timeout_dispatch (libglib-2.0.so.0) #26 0x00000000b6dae8d3 g_main_context_dispatch (libglib-2.0.so.0) #27 0x00000000b6daec98 g_main_context_iterate.isra.29 (libglib-2.0.so.0) #28 0x00000000b6daf023 g_main_loop_run (libglib-2.0.so.0) #29 0x00000000b2faa23d gtk_main (libgtk-3.so.0) #30 0x00000000b7026f7a ffi_call_SYSV (libffi.so.6) #31 0x00000000b7026a0a ffi_call (libffi.so.6) #32 0x00000000b6f64c6c pygi_invoke_c_callable (_gi.so) #33 0x00000000b6f657d4 _function_cache_invoke_real (_gi.so) #34 0x00000000b6f6681e pygi_function_cache_invoke (_gi.so) #35 0x00000000b6f6542c pygi_callable_info_invoke (_gi.so) #36 0x00000000b6f65483 _wrap_g_callable_info_invoke (_gi.so) #37 0x00000000b6f58db5 _callable_info_call (_gi.so) #38 0x00000000b7642765 PyObject_Call (libpython2.7.so.1.0) #39 0x00000000b76e3387 PyEval_EvalFrameEx (libpython2.7.so.1.0) #40 0x00000000b76e5205 PyEval_EvalFrameEx (libpython2.7.so.1.0) #41 0x00000000b76e645a PyEval_EvalCodeEx (libpython2.7.so.1.0) #42 0x00000000b76e65b4 PyEval_EvalCode (libpython2.7.so.1.0) #43 0x00000000b76ffbab run_mod (libpython2.7.so.1.0) #44 0x00000000b7701040 PyRun_FileExFlags (libpython2.7.so.1.0) #45 0x00000000b7702433 PyRun_SimpleFileExFlags (libpython2.7.so.1.0) #46 0x00000000b7702998 PyRun_AnyFileExFlags (libpython2.7.so.1.0) #47 0x00000000b7714d61 Py_Main (libpython2.7.so.1.0) #48 0x0000000008048578 main (python2.7) #49 0x00000000b73de6fe __libc_start_main (libc.so.6) #50 0x000000000804859e _start (python2.7) *** Bug 1192020 has been marked as a duplicate of this bug. *** Created attachment 992988 [details] journal2 journalctl -x -o short-monotonic Still happens with default boot params, as well as with 'enforcing=0 nodmodeset' and attempting to do a VNC installation. https://kojipkgs.fedoraproject.org/mash/branched-20150217/22/i386/os/images/boot.iso kernel-3.20.0-0.rc0.git6.1.fc22.i686 Same stack trace as previously reported. I also see "[ 385.738820] localhost systemd-coredump[1788]: Process 1120 (anaconda) of user 0 dumped core." But I'm not finding the core dump file in /var, where would it be and is it even written out somewhere on netinstalls? Hardware is rather old! 01:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] RV250/M9 GL [Mobility FireGL 9000/Radeon 9000] [1002:4c66] (rev 02) (prog-if 00 [VGA controller]) Subsystem: Dell Device [1028:011d] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop+ ParErr- Stepping+ SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 32 (2000ns min), Cache Line Size: 32 bytes Interrupt: pin A routed to IRQ 11 Region 0: Memory at e8000000 (32-bit, prefetchable) [size=128M] Region 1: I/O ports at c000 [size=256] Region 2: Memory at fcff0000 (32-bit, non-prefetchable) [size=64K] [virtual] Expansion ROM at fc000000 [disabled] [size=128K] Capabilities: [58] AGP version 2.0 Status: RQ=48 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW+ AGP3- Rate=x1,x2,x4 Command: RQ=32 ArqSz=0 Cal=0 SBA+ AGP+ GART64- 64bit- FW- Rate=x4 Capabilities: [50] Power Management version 2 Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-) Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME- Kernel driver in use: radeon Kernel modules: radeon (In reply to Chris Murphy from comment #4) > Same stack trace as previously reported. I also see "[ 385.738820] > localhost systemd-coredump[1788]: Process 1120 (anaconda) of user 0 dumped > core." But I'm not finding the core dump file in /var, where would it be and > is it even written out somewhere on netinstalls? > > Hardware is rather old! This doesn't seem to be HW dependent. It's just a bug (segfault) in 32bit Gtk triggered by hovering over the "Continue" button for which anaconda is using the "suggested-action" CSS class. Proposed as a Blocker for 22-alpha by Fedora user chrismurphy using the blocker tracking app because: When using a dedicated installer image, the installer must be able to complete an installation using the text, graphical and VNC installation interfaces. (This is a showstopper.) Hum, I feel vaguely like we already had a bug for this? But anyway, +1, showstopper for 32-bit images. Discussed at today's blocker review meeting [1]. AcceptedBlocker Alpha - This bug is a clear violation of the Alpha criterion: "When using a dedicated installer image, the installer must be able to complete an installation using the text, graphical and VNC installation interfaces." http://meetbot.fedoraproject.org/fedora-blocker-review/2015-02-23/ I fail to even get a 32bit live image to boot. Tried with https://kojipkgs.fedoraproject.org//work/tasks/2668/9052668/Fedora-Live-Workstation-i686-22-20150224.iso It doesn't get beyond plymouth in either gnome-boxes or virt-manager. Can't really investigate under these circumstances. I believe that's likely due to https://bugzilla.redhat.com/show_bug.cgi?id=1195905 . Note that you may also hit an intermittent failure during early boot with recent images: that's https://bugzilla.redhat.com/show_bug.cgi?id=1195899 . I'm trying to identify a live image that avoids at least the libinput bug and ideally also the kernel bug, but runs into this bug. I'm also not sure if the bug even happens from a live image - all the reports seem to have been from boot.iso. This bug seems limited to the boot.iso images, somehow. I've tested several bootable 32-bit lives (02-07, 02-10, 02-21) and could not reproduce the bug with any of them. So there's something about the installer environment that's related to it. Something that's stripped by lorax? Something about running on whatever bare WM anaconda runs, rather than running in GNOME? (In reply to Adam Williamson (Red Hat) from comment #10) > I'm also not sure > if the bug even happens from a live image - all the reports seem to have > been from boot.iso. For me, never happens with live, always happens with boot.iso. The problem is calling free() on an invalid pointer, so the difference is that anaconda runs with MALLOC_PERTURB_ set. gtk3-3.15.9-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/gtk3-3.15.9-1.fc22 Package gtk3-3.15.9-1.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing gtk3-3.15.9-1.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-2553/gtk3-3.15.9-1.fc22 then log in and leave karma (feedback). I no longer run into this with server boot.iso TC7 i686. Problem appears to be fixed. gtk3-3.15.9-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |