Bug 1525499 - gnome-shell segfaults in g_type_check_instance_cast() from st_label_set_text()
Summary: gnome-shell segfaults in g_type_check_instance_cast() from st_label_set_text()
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gnome-shell
Version: 7.5
Hardware: x86_64
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Florian Müllner
QA Contact: Desktop QE
Whiteboard: abrt_hash:17c2b611b4c771b2d1160cbbc46...
Depends On: 1517890
TreeView+ depends on / blocked
Reported: 2017-12-13 12:51 UTC by Matěj Cepl
Modified: 2018-05-17 14:39 UTC (History)
5 users (show)

Fixed In Version: gjs-1.50.4-1.el7 mutter-3.26.2-7.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-04-10 13:08:48 UTC
Target Upstream Version:

Attachments (Terms of Use)
File: backtrace (33.73 KB, text/plain)
2017-12-13 12:51 UTC, Matěj Cepl
no flags Details
output of journalctl -xb (4.90 MB, text/plain)
2017-12-13 15:17 UTC, Matěj Cepl
no flags Details
backtrace (20.35 KB, text/plain)
2017-12-13 16:21 UTC, Matěj Cepl
no flags Details

System ID Private Priority Status Summary Last Updated
GNOME Bugzilla 788931 0 None None None 2019-04-09 08:06:06 UTC
Red Hat Product Errata RHBA-2018:0770 0 None None None 2018-04-10 13:09:52 UTC

Description Matěj Cepl 2017-12-13 12:51:21 UTC
Version-Release number of selected component:

Additional info:
reporter:       libreport-
backtrace_rating: 4
cmdline:        /usr/bin/Xwayland :1 -rootless -terminate -core -listen 4 -listen 5 -displayfd 6
crash_function: xwl_read_events
executable:     /usr/bin/Xwayland
global_pid:     13323
kernel:         3.10.0-801.el7.x86_64
pkg_fingerprint: 199E 2F91 FD43 1D51
pkg_vendor:     Red Hat, Inc.
reproducible:   Not sure how to reproduce the problem
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (6 frames)
 #5 xwl_read_events at xwayland.c:594
 #6 ospoll_wait at ospoll.c:412
 #7 WaitForSomething at WaitFor.c:226
 #8 Dispatch at dispatch.c:422
 #9 dix_main at main.c:287
 #11 _start

Comment 1 Matěj Cepl 2017-12-13 12:51:26 UTC
Created attachment 1367329 [details]
File: backtrace

Comment 3 Tomas Pelka 2017-12-13 13:08:17 UTC
Most probably dup of bz1516408

Comment 4 Olivier Fourdan 2017-12-13 13:09:02 UTC
This is simply Xwayland telling your Wayland compositor (namely gnome-shell/mutter) has died.

Basically, gnome-shell (now) runs Xwayland with “-core” which means that *any* FatalError() in Xwayland will dump a core file.

xwl_read_events() triggers a FatalError() because the Wayland socket is unusable, and it's unusable because the Wayland compositor (the other side of the socket) has died, i.e. crashed most likely.

The Wayland compositor is gnome-shell/mutter, so if you could please look into journalctl and coredumpctl to find a backtrace and/or generate one with coredumpctl and gdb.

Comment 5 Olivier Fourdan 2017-12-13 13:15:26 UTC
(In reply to Tomas Pelka from comment #3)
> Most probably dup of bz1516408

Matěj said on irc he's using mutter-3.26.2-6 which contanis the fix for bug 1516408, so it's a different issue.

We'll need the backtrace of gnome-shell for sure.

Comment 6 Matěj Cepl 2017-12-13 15:17:28 UTC
Created attachment 1367436 [details]
output of journalctl -xb

Comment 7 Matěj Cepl 2017-12-13 15:22:38 UTC
coredumpctl is completely silent.


core.13028: ELF 64-bit LSB core file x86-64, version 1 (SYSV), too many program header sections (2128)
core.13323: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/bin/Xwayland :1 -rootless -terminate -core -listen 4 -listen 5 -displayfd', real uid: 1000, effective uid: 1000, real gid: 1000, effective gid: 1000, execfn: '/usr/bin/Xwayland', platform: 'x86_64'

The second coredump is apparently the one we have backtrace from, but the other one is a myster (it has 1.1G, so it is by far not empty).

Comment 8 Olivier Fourdan 2017-12-13 15:31:48 UTC
From attachment 1367436 [details] :

Dec 13 13:27:50 mitmanek.ceplovi.cz kernel: traps: gnome-shell[13028] general protection ip:7f1d1f8f8bc0 sp:7fff91fcb1e0 error:0 in libgobject-2.0.so.0.5400.2[7f1d1f8c6000+4f000]
Dec 13 13:27:50 mitmanek.ceplovi.cz abrt-hook-ccpp[19713]: Process 13028 (gnome-shell) of user 1000 killed by SIGSEGV - dumping core
Dec 13 13:27:59 mitmanek.ceplovi.cz abrt-hook-ccpp[19713]: /var/spool/abrt is 5076597800 bytes (more than 1279MiB), deleting 'ccpp-2017-12-13-13:23:24-17860'
Dec 13 13:27:59 mitmanek.ceplovi.cz abrt-server[19742]: Package 'gnome-shell' isn't signed with proper key

Unfortunately, that doesn't tell us much on the root cause of the crash...

Comment 9 Matěj Cepl 2017-12-13 16:21:23 UTC
Created attachment 1367491 [details]

Actually, gdb was able to decipher the other coredump and it was truly from gnome-shell.

Comment 10 Olivier Fourdan 2017-12-13 16:33:55 UTC
Oh right! This seems to come from the JS part of gnome-shell, moving to gnome-shell then (apparently unrelated to Wayland).

Comment 11 Olivier Fourdan 2018-01-30 14:38:32 UTC
Backtrace is similar to https://bugzilla.gnome.org/show_bug.cgi?id=788931

Comment 12 Kalev Lember 2018-02-01 15:17:21 UTC
(In reply to Olivier Fourdan from comment #11)
> Backtrace is similar to https://bugzilla.gnome.org/show_bug.cgi?id=788931

gjs 1.50.4 should have fixes to avoid crashing in this case. I'd like to get the update into 7.5; it's a minor bug fix release that should help with several gnome-shell crashes.

lmiksik, could you provide pm_ack and exception+ for this, please?

Comment 13 Kalev Lember 2018-02-02 08:48:52 UTC
gjs-1.50.4-1.el7 should fix the crash and turn it into a warning in system logs. We should still try to get the gnome-shell fix in though, if possible.

Comment 20 errata-xmlrpc 2018-04-10 13:08:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.