Bug 1412534

Summary: [abrt] xorg-x11-server-Xwayland: Segmentation fault at address 0x14877a0
Product: [Fedora] Fedora Reporter: Will Thompson <will>
Component: xorg-x11-serverAssignee: X/OpenGL Maintenance List <xgl-maint>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: kasad12, ofourdan, xgl-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:de7a04c24d7f6ad83eadb227f033768989cc595f;VARIANT_ID=workstation;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-12 10:39:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: Xorg.0.log
none
File: backtrace
none
File: dmesg
none
File: dso_list
none
File: etc_X11_xorg_conf_d.tar.gz
none
File: usr_share_xorg_conf_d.tar.gz none

Description Will Thompson 2017-01-12 08:37:07 UTC 
Description of problem:
I don't know whether this can be reproduced. I had just opened a new Chrome window, but wasn't doing anything particularly remarkable.

Version-Release number of selected component:
xorg-x11-server-Xwayland-1.19.0-1.fc25

Additional info:
reporter:       libreport-2.8.0
executable:     /usr/bin/Xwayland
kernel:         4.7.6-200.fc24.x86_64
pkg_fingerprint: 4089 D8F2 FDB1 9C98
pkg_vendor:     Fedora Project
runlevel:       N 5
type:           xorg
uid:            0

Truncated backtrace:
0: /usr/bin/Xwayland (OsLookupColor+0x139) [0x5907c9]
1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x7fd134ab55bf]
2: ? (?+0x0) [0x14877a0]
Comment 1 Will Thompson 2017-01-12 08:37:11 UTC 
Created attachment 1239811 [details]
File: Xorg.0.log
Comment 2 Will Thompson 2017-01-12 08:37:13 UTC 
Created attachment 1239812 [details]
File: backtrace
Comment 3 Will Thompson 2017-01-12 08:37:16 UTC 
Created attachment 1239813 [details]
File: dmesg
Comment 4 Will Thompson 2017-01-12 08:37:17 UTC 
Created attachment 1239814 [details]
File: dso_list
Comment 5 Will Thompson 2017-01-12 08:37:19 UTC 
Created attachment 1239815 [details]
File: etc_X11_xorg_conf_d.tar.gz
Comment 6 Will Thompson 2017-01-12 08:37:21 UTC 
Created attachment 1239816 [details]
File: usr_share_xorg_conf_d.tar.gz
Comment 7 Olivier Fourdan 2017-01-12 10:33:07 UTC 
The backtrace doesn't contain enough data to make much sense of it, unfortunately, but dmesg shows some worrying info about a memory contention situation and possibly gnome-shell being killed by the kernel's oom-killer:

[96166.945997] gnome-shell invoked oom-killer: gfp_mask=0x240c0d0(GFP_TEMPORARY|__GFP_COMP|__GFP_ZERO), order=3, oom_score_adj=0
...
[100928.065546] traps: gnome-shell[2182] trap int3 ip:7f11ef6a0a21 sp:7fff3b18d260 error:0 in libglib-2.0.so.0.5000.2[7f11ef651000+110000]

So if gnome-shell was killed by the kernel, Xwayland won't survive it.

i.e. I don't think this is an Xwayland issue.
Comment 8 Will Thompson 2017-01-12 10:39:41 UTC 
Good spot though dmesg does also say that it's a chrome process that got OOM-killed:

[96166.946671] Out of memory: Kill process 25158 (chrome) score 321 or sacrifice child
[96166.946680] Killed process 25158 (chrome) total-vm:1472768kB, anon-rss:207600kB, file-rss:8316kB, shmem-rss:51024kB

But fair enough that there's not enough here to debug!
Comment 9 Will Thompson 2017-01-13 09:59:42 UTC 
FWIW this has recurred under the same conditions: I launched a new Chrome window (actually an "app" created with "Save to Desktop…").

The backtrace is a little more informative but once again seems to be happening in a signal handler (at least, that's my possibly-wrong understanding of the __restore_rt stack frame):

(EE)
(EE) Backtrace:
(EE) 0: /usr/bin/Xwayland (OsLookupColor+0x139) [0x5907c9]
(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x7ff2c88005bf]
(EE) 2: /usr/bin/Xwayland (WriteFdToClient+0x4) [0x58f994]
(EE) 3: /usr/bin/Xwayland (dri3_send_open_reply+0x6d) [0x4f108d]
(EE) 4: /usr/bin/Xwayland (InitExtensions+0x657) [0x42aae7]
(EE) 5: /lib64/libffi.so.6 (ffi_call_unix64+0x4c) [0x7ff2c7d9dc58]
(EE) 6: /lib64/libffi.so.6 (ffi_call+0x32a) [0x7ff2c7d9d6ba]
(EE) 7: /lib64/libwayland-client.so.0 (wl_log_set_handler_client+0x1c9e) [0x7ff2ca5e680e]
(EE) 8: /lib64/libwayland-client.so.0 (_init+0x850) [0x7ff2ca5e20e0]
(EE) 9: /lib64/libwayland-client.so.0 (wl_display_dispatch_queue_pending+0x74) [0x7ff2ca5e2be4]
(EE) 10: /usr/bin/Xwayland (_start+0x92b) [0x424f7b]
(EE) 11: /usr/bin/Xwayland (OsCleanup+0x641) [0x591731]
(EE) 12: /usr/bin/Xwayland (WaitForSomething+0x17d) [0x58aa6d]
(EE) 13: /usr/bin/Xwayland (SendErrorToClient+0x13a) [0x5564ca]
(EE) 14: /usr/bin/Xwayland (InitFonts+0x428) [0x55a6d8]
(EE) 15: /lib64/libc.so.6 (__libc_start_main+0xf1) [0x7ff2c8449401]
(EE) 16: /usr/bin/Xwayland (_start+0x2a) [0x423d8a]
(EE) 17: ? (?+0x2a) [0x2a]
(EE)
(EE) Segmentation fault at address 0x0
(EE)
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE)

0x5907c9 is actually midway through an instruction in OsInit – I must be misreading the disassembly, or the backtrace is junk.

Is there some way I can attach the new abrt report to this ticket rather than filing a new one? Can't see how to do so from the UI. But maybe it's useless.
Comment 10 Olivier Fourdan 2017-01-13 10:04:28 UTC 
I am always wary with the xserver self generated backtraces, tbh...

Can you update to Xwayland from xserver-1.19.1 in case? xorg-x11-server-1.19.1-1.fc25 has been pushed to the Fedora 25 stable repository.