Bug 1192020

Summary: 32bit Gtk segfaults if "suggested-action" buttons are used
Product: [Fedora] Fedora Reporter: Vratislav Podzimek <vpodzime>
Component: gtk3Assignee: Matthias Clasen <mclasen>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: awilliam, ccecchi, dshea, mclasen, mkolman, mrmazda, vpodzime, vtrefny
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-13 22:36:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
journal dump with the GTK stack trace & drm stack traces none

Description Vratislav Podzimek 2015-02-12 12:40:26 UTC 
Description of problem:
32bit installation images crash when the first "Cotinue" button is hovered over. The button is marked as "suggested-action" and the crash happens in Gtk when it's trying to free some memory. Here is the backtrace:

Feb 12 11:44:39 localhost systemd-coredump[1303]: Process 1030 (anaconda) of user 0 dumped core.
 
                                                  Stack trace of thread 1030:
                                                  #0  0x00000000b7710b90 __kernel_vsyscall (linux-gate.so.1)
                                                  #1  0x00000000b733a137 raise (libc.so.6)
                                                  #2  0x00000000b733ba09 abort (libc.so.6)
                                                  #3  0x00000000b7383d39 free_check (libc.so.6)
                                                  #4  0x00000000b73874c2 __libc_free (libc.so.6)
                                                  #5  0x00000000b6cfa9c2 g_free (libglib-2.0.so.0)
                                                  #6  0x00000000b2ce1600 _gtk_allocated_bitmask_free (libgtk-3.so.0)
                                                  #7  0x00000000b2ce166e gtk_allocated_bitmask_shrink (libgtk-3.so.0)
                                                  #8  0x00000000b2d78f74 gtk_css_static_style_new_update (libgtk-3.so.0)
                                                  #9  0x00000000b2ee9b89 update_properties (libgtk-3.so.0)
                                                  #10 0x00000000b2eeceec _gtk_style_context_validate (libgtk-3.so.0)
                                                  #11 0x00000000b2eece22 _gtk_style_context_validate (libgtk-3.so.0)
                                                  #12 0x00000000b2eece22 _gtk_style_context_validate (libgtk-3.so.0)
                                                  #13 0x00000000b2eece22 _gtk_style_context_validate (libgtk-3.so.0)
                                                  #14 0x00000000b2eece22 _gtk_style_context_validate (libgtk-3.so.0)
                                                  #15 0x00000000b2eece22 _gtk_style_context_validate (libgtk-3.so.0)
                                                  #16 0x00000000b2eece22 _gtk_style_context_validate (libgtk-3.so.0)
                                                  #17 0x00000000b2eece22 _gtk_style_context_validate (libgtk-3.so.0)
                                                  #18 0x00000000b2d50455 gtk_container_idle_sizer (libgtk-3.so.0)
                                                  #19 0x00000000b6dfe669 g_cclosure_marshal_VOID__VOIDv (libgobject-2.0.so.0)
                                                  #20 0x00000000b6dfcb4d _g_closure_invoke_va (libgobject-2.0.so.0)
                                                  #21 0x00000000b6e1906c g_signal_emit_valist (libgobject-2.0.so.0)
                                                  #22 0x00000000b6e19dd5 g_signal_emit_by_name (libgobject-2.0.so.0)
                                                  #23 0x00000000b2b3f076 gdk_frame_clock_paint_idle (libgdk-3.so.0)
                                                  #24 0x00000000b2b2be26 gdk_threads_dispatch (libgdk-3.so.0)
                                                  #25 0x00000000b6cf5442 g_timeout_dispatch (libglib-2.0.so.0)
                                                  #26 0x00000000b6cf48d3 g_main_context_dispatch (libglib-2.0.so.0)
                                                  #27 0x00000000b6cf4c98 g_main_context_iterate.isra.29 (libglib-2.0.so.0)
                                                  #28 0x00000000b6cf5023 g_main_loop_run (libglib-2.0.so.0)
                                                  #29 0x00000000b2e2c23d gtk_main (libgtk-3.so.0)
                                                  #30 0x00000000b6f6cf7a ffi_call_SYSV (libffi.so.6)
                                                  #31 0x00000000b6f6ca0a ffi_call (libffi.so.6)
                                                  #32 0x00000000b6eaac6c pygi_invoke_c_callable (_gi.so)
                                                  #33 0x00000000b6eab7d4 _function_cache_invoke_real (_gi.so)
                                                  #34 0x00000000b6eac81e pygi_function_cache_invoke (_gi.so)
                                                  #35 0x00000000b6eab42c pygi_callable_info_invoke (_gi.so)
                                                  #36 0x00000000b6eab483 _wrap_g_callable_info_invoke (_gi.so)
                                                  #37 0x00000000b6e9edb5 _callable_info_call (_gi.so)
                                                  #38 0x00000000b7588765 PyObject_Call (libpython2.7.so.1.0)
                                                  #39 0x00000000b7628d17 PyEval_EvalFrameEx (libpython2.7.so.1.0)
                                                  #40 0x00000000b762a69c PyEval_EvalFrameEx (libpython2.7.so.1.0)
                                                  #41 0x00000000b762bc74 PyEval_EvalCodeEx (libpython2.7.so.1.0)
                                                  #42 0x00000000b762bdf4 PyEval_EvalCode (libpython2.7.so.1.0)
                                                  #43 0x00000000b7644f4a run_mod (libpython2.7.so.1.0)
                                                  #44 0x00000000b76463de PyRun_FileExFlags (libpython2.7.so.1.0)
                                                  #45 0x00000000b76477a3 PyRun_SimpleFileExFlags (libpython2.7.so.1.0)
                                                  #46 0x00000000b7647ce8 PyRun_AnyFileExFlags (libpython2.7.so.1.0)
                                                  #47 0x00000000b765abb4 Py_Main (libpython2.7.so.1.0)
                                                  #48 0x0000000008048578 main (python2.7)
                                                  #49 0x00000000b73246fe __libc_start_main (libc.so.6)
                                                  #50 0x000000000804859e _start (python2.7)


How reproducible:
100%

Steps to Reproduce:
1. use 32bit Gtk with 'suggested-action' buttons
2. try to hover over one of such buttons (others work)


Actual results:
crash (segfault)

Expected results:
Gtk working

Additional info:
doesn't happen with 64bit Gtk
Comment 1 Martin Kolman 2015-02-12 13:19:45 UTC 
I got the same behavior when testing on baremetal (on older Dell latop). Got the same GTK stack trace but also a few stack traces from the drm subsystem. So attaching full journal dump that contains both kinds of stack traces.
Comment 2 Martin Kolman 2015-02-12 13:20:52 UTC 
Created attachment 990925 [details]
journal dump with the GTK stack trace & drm stack traces
Comment 3 Matthias Clasen 2015-02-12 14:47:52 UTC 
you forgot the most important piece of information here: what version of GTK+ is this ?
Comment 4 Adam Williamson 2015-02-13 18:32:06 UTC 
Assuming people were using the image listed for download on the Anaconda Test Day page, it was the 2015-02-10 nightly build. Looking at http://kojipkgs.fedoraproject.org/mash/rawhide-20150210/rawhide/i386/os/Packages/g/ , it probably had	gtk3-3.15.4-1.fc22 .

To anticipate your next question, no, they probably can't test with a newer nightly (with GTK+ 3.15.6) quite yet; 02-11 and 02-12 were broken by https://bugzilla.redhat.com/show_bug.cgi?id=1191713 , a new lorax build has now fixed that but 02-13 nightly compose failed.
Comment 5 Vratislav Podzimek 2015-02-13 18:37:56 UTC 
(In reply to Adam Williamson (Red Hat) from comment #4)
> Assuming people were using the image listed for download on the Anaconda
> Test Day page, it was the 2015-02-10 nightly build. Looking at
> http://kojipkgs.fedoraproject.org/mash/rawhide-20150210/rawhide/i386/os/
> Packages/g/ , it probably had	gtk3-3.15.4-1.fc22 .
I can confirm this version by looking directly into the used image.
Comment 6 Matthias Clasen 2015-02-13 21:06:37 UTC 
my next question would actually be: can you reproduce this without anaconda ? (its a bit inconvenient as a reproduction and debugging environment)
Comment 7 Matthias Clasen 2015-02-13 22:36:10 UTC 
stacktrace looks identical to bug 1185585

*** This bug has been marked as a duplicate of bug 1185585 ***
Comment 8 Adam Williamson 2015-02-21 19:11:17 UTC 
*** Bug 1194991 has been marked as a duplicate of this bug. ***