Bug 1299739

Summary:	[libffi] : gnome-shell process trigger a trap (int 3), within code of libffi.
Product:	Red Hat Enterprise Linux 7	Reporter:	zuogang
Component:	glib2	Assignee:	Colin Walters <walters>
Status:	CLOSED WONTFIX	QA Contact:	Desktop QE <desktop-qa-list>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	7.4	CC:	aph, dbhole
Target Milestone:	rc
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-12-15 07:39:39 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description zuogang 2016-01-19 07:25:36 UTC

Description of problem:
gnome-shell process trigger a trap (int 3), within code of /usr/lib64/libglib-2.0.so.0.4200.2

the problem occurs when the system power on for long time:
[zoge@localhost glib-2.42.2]$ uptime 
 14:55:22 up 18 days, 20:22,  5 users,  load average: 0.96, 1.23, 1.26

Version-Release number of selected component (if applicable):
gnome-shell-3.14.4-37.el7.x86_64
glib2-2.42.2-5.el7.x86_64
3.10.0-327.3.1.el7.x86_64
libffi-3.0.13-16.el7.x86_64

How reproducible:
under desktop gnome, using vnc. open and close app's windows for long time.

Steps to Reproduce:
1.
2.
3.

Actual results:
(gdb) bt
#0  0x00007f9cdb42a8d3 in g_logv (log_domain=log_domain@entry=0x7f9cddc9798b "Cogl", log_level=log_level@entry=
    G_LOG_LEVEL_ERROR, format=<optimized out>, args=<optimized out>) at gmessages.c:1046
#1  0x00007f9cddc87549 in _cogl_set_error (error=error@entry=0x0, domain=<optimized out>, code=code@entry=0, format=<optimized out>) at ./cogl-error.c:83
#2  0x00007f9cddc4267a in _cogl_texture_2d_gl_allocate (error=<optimized out>, loader=<optimized out>, tex_2d=<optimized out>) at driver/gl/cogl-texture-2d-gl.c:408
#3  0x00007f9cddc4267a in _cogl_texture_2d_gl_allocate (tex=0x3593d80, error=0x0) at driver/gl/cogl-texture-2d-gl.c:470
#4  0x00007f9cddc7236b in cogl_texture_allocate (texture=texture@entry=0x3593d80, error=error@entry=0x0) at ./cogl-texture.c:1398
#5  0x00007f9cddc73b80 in cogl_texture_2d_new_from_data (ctx=<optimized out>, width=<optimized out>, height=<optimized out>, format=format@entry=COGL_PIXEL_FORMAT_BGRA_8888_PRE, rowstride=<optimized out>, data=data@entry=0x0, error=error@entry=0x0) at ./cogl-texture-2d.c:225
#6  0x00007f9cdf80df26 in ensure_xfixes_cursor (tracker=tracker@entry=0x16ac230 [MetaCursorTracker]) at backends/meta-cursor-tracker.c:251
#7  0x00007f9cdf80e238 in meta_cursor_tracker_get_sprite (tracker=0x16ac230 [MetaCursorTracker]) at backends/meta-cursor-tracker.c:290
#8  0x00007f9ce483472e in shell_util_cursor_tracker_to_clutter (tracker=<optimized out>, texture=0x1e48350 [ClutterTexture]) at shell-util.c:325
Python Exception <type 'exceptions.RuntimeError'> Cannot locate object file for block.: 
#9  0x00007f9cd9199dac in ffi_call_unix64#10 0x00007f9cd91996d5 in ffi_call (cif=<optimized out>, fn=<optimized out>, rvalue=0x7fff897e83e0, avalue=0x7fff897e82d0)
    at ../src/x86/ffi64.c:522
#11 0x00007f9ce326e19e in gjs_invoke_c_function(JSContext*, Function*, JSObject*, unsigned int, jsval*, jsval*, GArgument*) (context=context@entry=0x1541200, function=function@entry=0x1d4a920, obj=obj@entry=0x7f9cb8135d90, js_argc=js_argc@entry=2, js_argv=js_argv@entry=0x7fff897e8aa8, js_rval=js_rval@entry=0x7fff897e85f0, r_value=r_value@entry=0x0) at gi/function.cpp:972
#12 0x00007f9ce326f65b in function_call(JSContext*, unsigned int, jsval*) (context=0x1541200, js_argc=2, vp=0x7fff897e8a98) at gi/function.cpp:1294
#13 0x00007f9ce2b68482 in js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) (args=..., native=<optimized out>, cx=0x1541200)
    at /usr/src/debug/mozjs-24.2.0/js/src/jscntxtinlines.h:321
#14 0x00007f9ce2b68482 in js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) (cx=cx@entry=0x1541200, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /usr/src/debug/mozjs-24.2.0/js/src/vm/Interpreter.cpp:474
#15 0x00007f9ce2b77c13 in js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*) (cx=cx@entry=0x1541200, thisv=..., fval=..., argc=argc@entry=2, argv=<optimized out>, rval=rval@entry=0x7fff897e8c98) at /usr/src/debug/mozjs-24.2.0/js/src/vm/Interpreter.cpp:531
#16 0x00007f9ce2dd2fc0 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, uint32_t, JS::Value*, JS::MutableHandleValue) (cx=0x1541200, frame=0x7fff897e8d50, stub=0x2ba4d10, argc=2, vp=<optimized out>, res=...) at /usr/src/debug/mozjs-24.2.0/js/src/jit/BaselineIC.cpp:7007
#17 0x00007f9ce4dc1aa2 in  ()
#18 0x00007f9cdef1a1e8 in clutter_paint_debug_flags () at /lib64/libclutter-1.0.so.0
#19 0x00007fff897e8c98 in  ()
#20 0x0000000000000000 in  ()

(gdb) i r
rax            0x0      0
rbx            0x7f9cddc9798b   140311712594315
rcx            0x42876e0        69760736
rdx            0x7f9cdafb17b8   140311665514424
rsi            0x1      1
rdi            0x7f9cdafb1760   140311665514336
rbp            0x0      0x0
rsp            0x7fff897e7e50   0x7fff897e7e50
r8             0x1      1
r9             0x20     32
r10            0x0      0
r11            0x0      0
r12            0x4      4
r13            0x2      2
r14            0x2      2
r15            0x4      4
rip            0x7f9cdb42a8d3   0x7f9cdb42a8d3 <g_logv+739>
eflags         0x246    [ PF ZF IF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0


Expected results:


Additional info:

Comment 2 Andrew Haley 2016-02-02 17:35:02 UTC

It looks to me like Javascript in Mozilla is calling out to glib.  The fault does not happen in libffi itself, but in glib.  I doubt very much that this is a libffi bug: at least, there is no reason here to think that it might be.

Comment 3 Deepak Bhole 2016-02-02 20:44:36 UTC

Re-assigning to glib based on comment #2.

Comment 4 zuogang 2016-02-03 07:33:24 UTC

(In reply to Andrew Haley from comment #2)
> It looks to me like Javascript in Mozilla is calling out to glib.  The fault
> does not happen in libffi itself, but in glib.  I doubt very much that this
> is a libffi bug: at least, there is no reason here to think that it might be.
yes U are very right.

Comment 6 RHEL Program Management 2020-12-15 07:39:39 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.