Bug 1299739 - [libffi] : gnome-shell process trigger a trap (int 3), within code of libffi.
[libffi] : gnome-shell process trigger a trap (int 3), within code of libffi.
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: glib2 (Show other bugs)
7.4
x86_64 Linux
unspecified Severity high
: rc
: ---
Assigned To: Colin Walters
Desktop QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-19 02:25 EST by zuogang
Modified: 2017-01-09 05:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description zuogang 2016-01-19 02:25:36 EST
Description of problem:
gnome-shell process trigger a trap (int 3), within code of /usr/lib64/libglib-2.0.so.0.4200.2

the problem occurs when the system power on for long time:
[zoge@localhost glib-2.42.2]$ uptime 
 14:55:22 up 18 days, 20:22,  5 users,  load average: 0.96, 1.23, 1.26

Version-Release number of selected component (if applicable):
gnome-shell-3.14.4-37.el7.x86_64
glib2-2.42.2-5.el7.x86_64
3.10.0-327.3.1.el7.x86_64
libffi-3.0.13-16.el7.x86_64

How reproducible:
under desktop gnome, using vnc. open and close app's windows for long time.

Steps to Reproduce:
1.
2.
3.

Actual results:
(gdb) bt
#0  0x00007f9cdb42a8d3 in g_logv (log_domain=log_domain@entry=0x7f9cddc9798b "Cogl", log_level=log_level@entry=
    G_LOG_LEVEL_ERROR, format=<optimized out>, args=<optimized out>) at gmessages.c:1046
#1  0x00007f9cddc87549 in _cogl_set_error (error=error@entry=0x0, domain=<optimized out>, code=code@entry=0, format=<optimized out>) at ./cogl-error.c:83
#2  0x00007f9cddc4267a in _cogl_texture_2d_gl_allocate (error=<optimized out>, loader=<optimized out>, tex_2d=<optimized out>) at driver/gl/cogl-texture-2d-gl.c:408
#3  0x00007f9cddc4267a in _cogl_texture_2d_gl_allocate (tex=0x3593d80, error=0x0) at driver/gl/cogl-texture-2d-gl.c:470
#4  0x00007f9cddc7236b in cogl_texture_allocate (texture=texture@entry=0x3593d80, error=error@entry=0x0) at ./cogl-texture.c:1398
#5  0x00007f9cddc73b80 in cogl_texture_2d_new_from_data (ctx=<optimized out>, width=<optimized out>, height=<optimized out>, format=format@entry=COGL_PIXEL_FORMAT_BGRA_8888_PRE, rowstride=<optimized out>, data=data@entry=0x0, error=error@entry=0x0) at ./cogl-texture-2d.c:225
#6  0x00007f9cdf80df26 in ensure_xfixes_cursor (tracker=tracker@entry=0x16ac230 [MetaCursorTracker]) at backends/meta-cursor-tracker.c:251
#7  0x00007f9cdf80e238 in meta_cursor_tracker_get_sprite (tracker=0x16ac230 [MetaCursorTracker]) at backends/meta-cursor-tracker.c:290
#8  0x00007f9ce483472e in shell_util_cursor_tracker_to_clutter (tracker=<optimized out>, texture=0x1e48350 [ClutterTexture]) at shell-util.c:325
Python Exception <type 'exceptions.RuntimeError'> Cannot locate object file for block.: 
#9  0x00007f9cd9199dac in ffi_call_unix64#10 0x00007f9cd91996d5 in ffi_call (cif=<optimized out>, fn=<optimized out>, rvalue=0x7fff897e83e0, avalue=0x7fff897e82d0)
    at ../src/x86/ffi64.c:522
#11 0x00007f9ce326e19e in gjs_invoke_c_function(JSContext*, Function*, JSObject*, unsigned int, jsval*, jsval*, GArgument*) (context=context@entry=0x1541200, function=function@entry=0x1d4a920, obj=obj@entry=0x7f9cb8135d90, js_argc=js_argc@entry=2, js_argv=js_argv@entry=0x7fff897e8aa8, js_rval=js_rval@entry=0x7fff897e85f0, r_value=r_value@entry=0x0) at gi/function.cpp:972
#12 0x00007f9ce326f65b in function_call(JSContext*, unsigned int, jsval*) (context=0x1541200, js_argc=2, vp=0x7fff897e8a98) at gi/function.cpp:1294
#13 0x00007f9ce2b68482 in js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) (args=..., native=<optimized out>, cx=0x1541200)
    at /usr/src/debug/mozjs-24.2.0/js/src/jscntxtinlines.h:321
#14 0x00007f9ce2b68482 in js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) (cx=cx@entry=0x1541200, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /usr/src/debug/mozjs-24.2.0/js/src/vm/Interpreter.cpp:474
#15 0x00007f9ce2b77c13 in js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*) (cx=cx@entry=0x1541200, thisv=..., fval=..., argc=argc@entry=2, argv=<optimized out>, rval=rval@entry=0x7fff897e8c98) at /usr/src/debug/mozjs-24.2.0/js/src/vm/Interpreter.cpp:531
#16 0x00007f9ce2dd2fc0 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, uint32_t, JS::Value*, JS::MutableHandleValue) (cx=0x1541200, frame=0x7fff897e8d50, stub=0x2ba4d10, argc=2, vp=<optimized out>, res=...) at /usr/src/debug/mozjs-24.2.0/js/src/jit/BaselineIC.cpp:7007
#17 0x00007f9ce4dc1aa2 in  ()
#18 0x00007f9cdef1a1e8 in clutter_paint_debug_flags () at /lib64/libclutter-1.0.so.0
#19 0x00007fff897e8c98 in  ()
#20 0x0000000000000000 in  ()

(gdb) i r
rax            0x0      0
rbx            0x7f9cddc9798b   140311712594315
rcx            0x42876e0        69760736
rdx            0x7f9cdafb17b8   140311665514424
rsi            0x1      1
rdi            0x7f9cdafb1760   140311665514336
rbp            0x0      0x0
rsp            0x7fff897e7e50   0x7fff897e7e50
r8             0x1      1
r9             0x20     32
r10            0x0      0
r11            0x0      0
r12            0x4      4
r13            0x2      2
r14            0x2      2
r15            0x4      4
rip            0x7f9cdb42a8d3   0x7f9cdb42a8d3 <g_logv+739>
eflags         0x246    [ PF ZF IF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0


Expected results:


Additional info:
Comment 2 Andrew Haley 2016-02-02 12:35:02 EST
It looks to me like Javascript in Mozilla is calling out to glib.  The fault does not happen in libffi itself, but in glib.  I doubt very much that this is a libffi bug: at least, there is no reason here to think that it might be.
Comment 3 Deepak Bhole 2016-02-02 15:44:36 EST
Re-assigning to glib based on comment #2.
Comment 4 zuogang 2016-02-03 02:33:24 EST
(In reply to Andrew Haley from comment #2)
> It looks to me like Javascript in Mozilla is calling out to glib.  The fault
> does not happen in libffi itself, but in glib.  I doubt very much that this
> is a libffi bug: at least, there is no reason here to think that it might be.
yes U are very right.

Note You need to log in before you can comment on or make changes to this bug.