| Summary: | [abrt] gnome-session: _gtk_style_provider_private_get_settings(): gnome-session-failed killed by SIGSEGV: TAINTED | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> | ||||||||||||||||||||||||||||
| Component: | gnome-session | Assignee: | Ray Strode [halfline] <rstrode> | ||||||||||||||||||||||||||||
| Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||||||||||||||||||
| Severity: | unspecified | Docs Contact: | |||||||||||||||||||||||||||||
| Priority: | unspecified | ||||||||||||||||||||||||||||||
| Version: | 26 | CC: | bugzilla, bugzilla, fedora, green, harald, ignatenko, jfrieben, jmccann, lkundrak, mikko.tiihonen, rstrode, sandro.bonazzola, xzj8b3 | ||||||||||||||||||||||||||||
| Target Milestone: | --- | ||||||||||||||||||||||||||||||
| Target Release: | --- | ||||||||||||||||||||||||||||||
| Hardware: | x86_64 | ||||||||||||||||||||||||||||||
| OS: | Unspecified | ||||||||||||||||||||||||||||||
| URL: | https://retrace.fedoraproject.org/faf/reports/bthash/678b18ec64d1ad196ac0e15ca20f0087d92d3957 | ||||||||||||||||||||||||||||||
| Whiteboard: | abrt_hash:4f638432e8ea1a13af56e75238977d10f25cad52;VARIANT_ID=workstation; | ||||||||||||||||||||||||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||||||||||||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||||||||||||||||||
| Clone Of: | Environment: | ||||||||||||||||||||||||||||||
| Last Closed: | 2018-05-29 11:31:16 UTC | Type: | --- | ||||||||||||||||||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||||||||||||||||||
| Documentation: | --- | CRM: | |||||||||||||||||||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||||||||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||||||||||||||
| Attachments: |
|
||||||||||||||||||||||||||||||
|
Description
Adam Williamson
2016-11-17 05:55:01 UTC
Created attachment 1221472 [details]
File: backtrace
Created attachment 1221473 [details]
File: cgroup
Created attachment 1221474 [details]
File: core_backtrace
Created attachment 1221475 [details]
File: dso_list
Created attachment 1221476 [details]
File: environ
Created attachment 1221477 [details]
File: exploitable
Created attachment 1221478 [details]
File: limits
Created attachment 1221479 [details]
File: maps
Created attachment 1221480 [details]
File: mountinfo
Created attachment 1221481 [details]
File: namespaces
Created attachment 1221482 [details]
File: open_fds
Created attachment 1221483 [details]
File: proc_pid_status
Created attachment 1221484 [details]
File: var_log_messages
Hitting this with Fedora-Workstation-Live-x86_64-Rawhide-20170201.n.0.iso in a virt-manager VM on F25. gnome-session-3.23.2-2.fc26.x86_64 This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'. I seem to be hitting this consistently on first boot after install from Fedora-Workstation-Live-x86_64-26-20170313.n.0.iso , if I don't create a user during install. Haven't yet checked if it happens if I *do* create a user during install. Proposing as an Alpha blocker: "A system installed with a release-blocking desktop must boot to a log in screen where it is possible to log in to a working desktop using a user account created during installation or a 'first boot' utility" - https://fedoraproject.org/wiki/Fedora_26_Alpha_Release_Criteria#Expected_installed_system_boot_behavior Here's the backtrace I got with a recent F26 live:
[New LWP 1422]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/libexec/gnome-session-failed --allow-logout'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f0875fc48d9 in _gtk_style_provider_private_get_settings (provider=0x0) at gtkstyleproviderprivate.c:123
123 iface = GTK_STYLE_PROVIDER_PRIVATE_GET_INTERFACE (provider);
Thread 1 (Thread 0x7f0876753a80 (LWP 1422)):
#0 0x00007f0875fc48d9 in _gtk_style_provider_private_get_settings (provider=0x0) at gtkstyleproviderprivate.c:123
iface = <optimized out>
#1 0x00007f0875e5eb58 in gtk_css_value_initial_compute (value=<optimized out>, property_id=1, provider=0x0, style=0x562ad0c98020, parent_style=0x0) at gtkcssinitialvalue.c:52
settings = <optimized out>
#2 0x00007f0875e74643 in gtk_css_static_style_compute_value (style=0x562ad0c98020, provider=0x0, parent_style=0x0, id=1, specified=0x7f08765e8b20 <inherit>, section=0x0) at gtkcssstaticstyle.c:237
value = <optimized out>
#3 0x00007f0875e5fecc in _gtk_css_lookup_resolve (lookup=lookup@entry=0x562ad0c95800, provider=provider@entry=0x0, style=style@entry=0x562ad0c98020, parent_style=parent_style@entry=0x0) at gtkcsslookup.c:122
i = 1
#4 0x00007f0875e7457c in gtk_css_static_style_new_compute (provider=provider@entry=0x0, matcher=matcher@entry=0x0, parent=parent@entry=0x0) at gtkcssstaticstyle.c:195
result = 0x562ad0c98020
lookup = 0x562ad0c95800
change = 4294967295
#5 0x00007f0875e745d5 in gtk_css_static_style_get_default () at gtkcssstaticstyle.c:164
settings = 0x0
#6 0x00007f0875e60862 in gtk_css_node_init (cssnode=0x562ad0c84e90) at gtkcssnode.c:663
No locals.
#7 0x00007f08746572cf in g_type_create_instance (type=94741891466560) at gtype.c:1860
pnode = <optimized out>
node = 0x562ad0c94540
instance = 0x562ad0c84e90
class = 0x562ad0c94d00
allocated = <optimized out>
private_size = <optimized out>
ivar_size = <optimized out>
i = <optimized out>
#8 0x00007f0874637848 in g_object_new_internal (class=class@entry=0x562ad0c94d00, params=params@entry=0x0, n_params=n_params@entry=0) at gobject.c:1783
nqueue = 0x0
object = <optimized out>
__func__ = "g_object_new_internal"
#9 0x00007f08746392b5 in g_object_newv (object_type=object_type@entry=94741891466560, n_parameters=n_parameters@entry=0, parameters=parameters@entry=0x0) at gobject.c:1930
class = 0x562ad0c94d00
unref_class = 0x562ad0c94d00
object = <optimized out>
__func__ = "g_object_newv"
#10 0x00007f0874639a74 in g_object_new (object_type=94741891466560, first_property_name=first_property_name@entry=0x0) at gobject.c:1623
object = <optimized out>
var_args = {{gp_offset = 9264, fp_offset = 0, overflow_arg_area = 0x7f0873fc975f <_int_memalign+351>, reg_save_area = 0x562ad0c93fa0}}
__func__ = "g_object_new"
#11 0x00007f0875e7c94a in gtk_css_widget_node_new (widget=widget@entry=0x562ad0c96380) at gtkcsswidgetnode.c:301
result = <optimized out>
#12 0x00007f0876058e87 in gtk_widget_init (instance=0x562ad0c96380, g_class=0x562ad0c93fa0) at gtkwidget.c:4414
widget = 0x562ad0c96380
priv = 0x562ad0c96290
__func__ = "gtk_widget_init"
#13 0x00007f08746572cf in g_type_create_instance (type=94741891389024) at gtype.c:1860
pnode = <optimized out>
node = 0x562ad0c81660
instance = 0x562ad0c96380
class = 0x562ad0c93fa0
allocated = <optimized out>
private_size = <optimized out>
ivar_size = <optimized out>
i = <optimized out>
#14 0x00007f0874637848 in g_object_new_internal (class=class@entry=0x562ad0c93fa0, params=params@entry=0x0, n_params=n_params@entry=0) at gobject.c:1783
nqueue = 0x0
object = <optimized out>
__func__ = "g_object_new_internal"
#15 0x00007f08746392b5 in g_object_newv (object_type=object_type@entry=94741891389024, n_parameters=n_parameters@entry=0, parameters=parameters@entry=0x0) at gobject.c:1930
class = 0x562ad0c93fa0
unref_class = 0x562ad0c93fa0
object = <optimized out>
__func__ = "g_object_newv"
#16 0x00007f0874639a74 in g_object_new (object_type=94741891389024, first_property_name=0x0) at gobject.c:1623
object = <optimized out>
var_args = {{gp_offset = 1101651616, fp_offset = 32766, overflow_arg_area = 0x562ad0c81070, reg_save_area = 0x7ffe41a9dea0}}
__func__ = "g_object_new"
#17 0x0000562acf198e4d in main (argc=<optimized out>, argv=<optimized out>) at gsm-fail-whale-dialog.c:382
entries = {{long_name = 0x562acf199aef "debug", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x562acf39b020 <debug_mode>, description = 0x562acf199af5 "Enable debugging code", arg_description = 0x0}, {long_name = 0x562acf199b0b "allow-logout", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x562acf39b01c <allow_logout>, description = 0x562acf199b18 "Allow logout", arg_description = 0x0}, {long_name = 0x562acf199b25 "extensions", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x562acf39b018 <extensions>, description = 0x562acf199b30 "Show extension warning", arg_description = 0x0}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}}
fail_dialog = <optimized out>
error = 0x0
From To Syms Read Shared Object Library
0x00007f0875d68cc0 0x00007f08760aa839 Yes /lib64/libgtk-3.so.0
0x00007f0875a18010 0x00007f0875a8c447 Yes /lib64/libgdk-3.so.0
0x00007f08757e62e0 0x00007f08757eb1de Yes /lib64/libpangocairo-1.0.so.0
0x00007f08755a37f0 0x00007f08755c2416 Yes /lib64/libpango-1.0.so.0
0x00007f087537bac0 0x00007f0875388073 Yes /lib64/libatk-1.0.so.0
0x00007f087516b480 0x00007f087516c3f9 Yes /lib64/libcairo-gobject.so.2
0x00007f0874e52c40 0x00007f0874f219e6 Yes /lib64/libcairo.so.2
0x00007f0874c1fb80 0x00007f0874c35779 Yes /lib64/libgdk_pixbuf-2.0.so.0
0x00007f08748ac3e0 0x00007f0874992e82 Yes /lib64/libgio-2.0.so.0
0x00007f087462d2f0 0x00007f087465f995 Yes /lib64/libgobject-2.0.so.0
0x00007f087432a780 0x00007f08743a23a8 Yes /lib64/libglib-2.0.so.0
0x00007f0873f5ec90 0x00007f08740bb003 Yes /lib64/libc.so.6
0x00007f0873d3bff0 0x00007f0873d3cf06 Yes /lib64/libgmodule-2.0.so.0
0x00007f0873a19900 0x00007f0873aa0458 Yes /lib64/libX11.so.6
0x00007f08737ef070 0x00007f08737f9987 Yes /lib64/libXi.so.6
0x00007f08735e8480 0x00007f08735ea716 Yes /lib64/libXfixes.so.3
0x00007f08733c1b30 0x00007f08733d5ac8 Yes /lib64/libatk-bridge-2.0.so.0
0x00007f087311aef0 0x00007f087315d752 Yes /lib64/libepoxy.so.0
0x00007f0872eb38f0 0x00007f0872ebbe7d Yes /lib64/libpangoft2-1.0.so.0
0x00007f0872c6fa30 0x00007f0872c8f23a Yes /lib64/libfontconfig.so.1
0x00007f0872958f00 0x00007f08729d5a4b Yes /lib64/libm.so.6
0x00007f087273a870 0x00007f0872748a31 Yes /lib64/libpthread.so.0
0x00007f0872532a90 0x00007f0872533405 Yes /lib64/libXinerama.so.1
0x00007f0872328ba0 0x00007f087232eb85 Yes /lib64/libXrandr.so.2
0x00007f087211e730 0x00007f0872123180 Yes /lib64/libXcursor.so.1
0x00007f0871f19bd0 0x00007f0871f1a5a5 Yes /lib64/libXcomposite.so.1
0x00007f0871d16b20 0x00007f0871d1740b Yes /lib64/libXdamage.so.1
0x00007f0871ada250 0x00007f0871af4afa Yes /lib64/libxkbcommon.so.0
0x00007f08718cf0e0 0x00007f08718d0bdf Yes /lib64/libwayland-cursor.so.0
0x00007f08716cc640 0x00007f08716cc806 Yes /lib64/libwayland-egl.so.1
0x00007f08714c23f0 0x00007f08714c6d3f Yes /lib64/libwayland-client.so.0
0x00007f08712ae4f0 0x00007f08712b850f Yes /lib64/libXext.so.6
0x00007f08710a4fa0 0x00007f08710a8466 Yes /lib64/librt.so.1
0x00007f0870e9ad90 0x00007f0870e9e7f3 Yes /lib64/libthai.so.0
0x00007f0870c97600 0x00007f0870c9775a Yes /lib64/libgthread-2.0.so.0
0x00007f0870a09ab0 0x00007f0870a5be78 Yes /lib64/libharfbuzz.so.0
0x00007f087075d420 0x00007f08707d2764 Yes /lib64/libfreetype.so.6
0x00007f08704b7220 0x00007f087053983d Yes /lib64/libpixman-1.so.0
0x00007f087029cd60 0x00007f08702a6fd7 Yes /lib64/libEGL.so.1
0x00007f0870096de0 0x00007f0870097b0e Yes /lib64/libdl.so.2
0x00007f086fe67ff0 0x00007f086fe896d8 Yes /lib64/libpng16.so.16
0x00007f086fc5fd30 0x00007f086fc60823 Yes /lib64/libxcb-shm.so.0
0x00007f086fa426a0 0x00007f086fa543f5 Yes /lib64/libxcb.so.1
0x00007f086f82df80 0x00007f086f832898 Yes /lib64/libxcb-render.so.0
0x00007f086f6209a0 0x00007f086f626935 Yes /lib64/libXrender.so.1
0x00007f086f40a260 0x00007f086f41709f Yes /lib64/libz.so.1
0x00007f086f1bc2c0 0x00007f086f1bfc1f Yes /lib64/libGL.so.1
0x00007f086ef75680 0x00007f086ef79e3a Yes /lib64/libffi.so.6
0x00007f086ed03540 0x00007f086ed53f4d Yes /lib64/libpcre.so.1
0x00007f086eae0490 0x00007f086eaf74bf Yes /lib64/libselinux.so.1
0x00007f086e8c3550 0x00007f086e8d211f Yes /lib64/libresolv.so.2
0x00007f086e67dda0 0x00007f086e6aca18 Yes /lib64/libmount.so.1
0x00007f08765efc50 0x00007f087660e1f0 Yes /lib64/ld-linux-x86-64.so.2
0x00007f086e450e60 0x00007f086e462728 Yes /lib64/libatspi.so.0
0x00007f086e1ff800 0x00007f086e22a8e1 Yes /lib64/libdbus-1.so.3
0x00007f086dfc3c90 0x00007f086dfdfdc3 Yes /lib64/libexpat.so.1
0x00007f086ddba260 0x00007f086ddbd3f0 Yes /lib64/libdatrie.so.1
0x00007f086db8f650 0x00007f086dbb04a8 Yes /lib64/libgraphite2.so.3
0x00007f086d97e570 0x00007f086d98a5e2 Yes /lib64/libbz2.so.1
0x00007f086d705aa0 0x00007f086d708977 Yes /lib64/libGLdispatch.so.0
0x00007f086d4c3d40 0x00007f086d4c4a38 Yes /lib64/libXau.so.6
0x00007f086d2949d0 0x00007f086d29e515 Yes /lib64/libGLX.so.0
0x00007f086d055900 0x00007f086d07eeb8 Yes /lib64/libblkid.so.1
0x00007f086ce493d0 0x00007f086ce4aa61 Yes /lib64/libuuid.so.1
0x00007f087676a970 0x00007f08767c38af Yes (*) /lib64/libsystemd.so.0
0x00007f086cc33ac0 0x00007f086cc43fc5 Yes (*) /lib64/libgcc_s.so.1
0x00007f086ca2d480 0x00007f086ca2ed87 Yes /lib64/libcap.so.2
0x00007f086c808df0 0x00007f086c81f7c2 Yes /lib64/liblzma.so.5
0x00007f086c5f4330 0x00007f086c602801 Yes /lib64/liblz4.so.1
0x00007f086c2efe00 0x00007f086c3af758 Yes /lib64/libgcrypt.so.20
0x00007f086c0d4820 0x00007f086c0ddc78 Yes /lib64/libgpg-error.so.0
0x00007f086beca3e0 0x00007f086beceff8 Yes /lib64/libnss_sss.so.2
(*): Shared library is missing debugging information.
$1 = 0x0
$2 = 0x0
rax 0x562ad0ca2cf0 94741891525872
rbx 0x0 0
rcx 0x7f087404a7a9 139674282928041
rdx 0x7fffffff 2147483647
rsi 0x1 1
rdi 0x7f0874621e70 139674289053296
rbp 0x0 0x0
rsp 0x7ffe41a9d6f0 0x7ffe41a9d6f0
r8 0x6 6
r9 0x562ad0ca2cf0 94741891525872
r10 0x0 0
r11 0x246 582
r12 0x562ad0c98020 94741891481632
r13 0x0 0
r14 0x0 0
r15 0x0 0
rip 0x7f0875fc48d9 0x7f0875fc48d9 <_gtk_style_provider_private_get_settings+9>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
Dump of assembler code for function _gtk_style_provider_private_get_settings:
0x00007f0875fc48d0 <+0>: push %rbx
0x00007f0875fc48d1 <+1>: mov %rdi,%rbx
0x00007f0875fc48d4 <+4>: callq 0x7f0875fc4720 <_gtk_style_provider_private_get_type>
=> 0x00007f0875fc48d9 <+9>: mov (%rbx),%rdi
0x00007f0875fc48dc <+12>: mov %rax,%rsi
0x00007f0875fc48df <+15>: callq 0x7f0875d65458
0x00007f0875fc48e4 <+20>: mov 0x18(%rax),%rax
0x00007f0875fc48e8 <+24>: test %rax,%rax
0x00007f0875fc48eb <+27>: je 0x7f0875fc48f3 <_gtk_style_provider_private_get_settings+35>
0x00007f0875fc48ed <+29>: mov %rbx,%rdi
0x00007f0875fc48f0 <+32>: pop %rbx
0x00007f0875fc48f1 <+33>: jmpq *%rax
0x00007f0875fc48f3 <+35>: xor %eax,%eax
0x00007f0875fc48f5 <+37>: pop %rbx
0x00007f0875fc48f6 <+38>: retq
End of assembler dump.
== EXPLOITABLE ==
Hmm, this is actually gnome-session-failed (i.e. the 'oh no!' screen, I think) crashing. So there seems to be an earlier problem which caused the session to fail. I'll investigate a bit and file a separate bug for that... *** Bug 1450610 has been marked as a duplicate of this bug. *** (In reply to Adam Williamson from comment #18) > Hmm, this is actually gnome-session-failed (i.e. the 'oh no!' screen, I > think) crashing. So there seems to be an earlier problem which caused the > session to fail. I'll investigate a bit and file a separate bug for that... Every time I run into bug #1450620 (Fedora 26), gnome-session-failed is being started multiple times (e.g. 9 times) as user gdm. I do not get any "oh no!" screens. Sometimes it crashes, and ABRT lead me here with the backtrace. Similar problem has been detected: Updated to Fedora26 from Fedora25, restarted and logged in for the first time to be greeted with a crash report of gnome-session reporter: libreport-2.9.1 backtrace_rating: 4 cmdline: /usr/libexec/gnome-session-failed --allow-logout crash_function: _gtk_style_provider_private_get_settings executable: /usr/libexec/gnome-session-failed global_pid: 2085744 kernel: 4.11.3-200.fc25.x86_64 package: gnome-session-3.22.3-1.fc25 reason: gnome-session-failed killed by SIGSEGV runlevel: N 5 type: CCpp uid: 1000 *** Bug 1461567 has been marked as a duplicate of this bug. *** This message is a reminder that Fedora 26 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '26'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 26 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. Fedora 26 changed to end-of-life (EOL) status on 2018-05-29. Fedora 26 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. |