Bug 1525499 – gnome-shell segfaults in g_type_check_instance_cast() from st_label_set_text()

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1525499 - gnome-shell segfaults in g_type_check_instance_cast() from st_label_set_text()

Summary:	gnome-shell segfaults in g_type_check_instance_cast() from st_label_set_text()

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	gnome-shell (Show other bugs)
Sub Component:
Version:	7.5
Hardware:	x86_64 Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Florian Müllner
QA Contact:	Desktop QE
Docs Contact:

URL:
Whiteboard:	abrt_hash:17c2b611b4c771b2d1160cbbc46...
Keywords:

Depends On:	1517890
Blocks:
	Show dependency tree / graph

Reported:	2017-12-13 07:51 EST by Matěj Cepl
Modified:	2018-05-17 10:39 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	gjs-1.50.4-1.el7 mutter-3.26.2-7.el7
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-04-10 09:08:48 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
File: backtrace (33.73 KB, text/plain) 2017-12-13 07:51 EST, Matěj Cepl	no flags	Details
output of journalctl -xb (4.90 MB, text/plain) 2017-12-13 10:17 EST, Matěj Cepl	no flags	Details
backtrace (20.35 KB, text/plain) 2017-12-13 11:21 EST, Matěj Cepl	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
GNOME Bugzilla	788931	None	None	None	2018-01-30 09:38 EST
Red Hat Product Errata	RHBA-2018:0770	None	None	None	2018-04-10 09:09 EDT

Groups: None (edit)

Description Matěj Cepl 2017-12-13 07:51:21 EST

Version-Release number of selected component:
xorg-x11-server-Xwayland-1.19.5-2.el7

Additional info:
reporter:       libreport-2.1.11.1
backtrace_rating: 4
cmdline:        /usr/bin/Xwayland :1 -rootless -terminate -core -listen 4 -listen 5 -displayfd 6
crash_function: xwl_read_events
executable:     /usr/bin/Xwayland
global_pid:     13323
kernel:         3.10.0-801.el7.x86_64
pkg_fingerprint: 199E 2F91 FD43 1D51
pkg_vendor:     Red Hat, Inc.
reproducible:   Not sure how to reproduce the problem
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (6 frames)
 #5 xwl_read_events at xwayland.c:594
 #6 ospoll_wait at ospoll.c:412
 #7 WaitForSomething at WaitFor.c:226
 #8 Dispatch at dispatch.c:422
 #9 dix_main at main.c:287
 #11 _start

Comment 1 Matěj Cepl 2017-12-13 07:51:26 EST

Created attachment 1367329 [details]
File: backtrace

Comment 3 Tomas Pelka 2017-12-13 08:08:17 EST

Most probably dup of bz1516408

Comment 4 Olivier Fourdan 2017-12-13 08:09:02 EST

This is simply Xwayland telling your Wayland compositor (namely gnome-shell/mutter) has died.

Basically, gnome-shell (now) runs Xwayland with “-core” which means that *any* FatalError() in Xwayland will dump a core file.

xwl_read_events() triggers a FatalError() because the Wayland socket is unusable, and it's unusable because the Wayland compositor (the other side of the socket) has died, i.e. crashed most likely.

The Wayland compositor is gnome-shell/mutter, so if you could please look into journalctl and coredumpctl to find a backtrace and/or generate one with coredumpctl and gdb.

Comment 5 Olivier Fourdan 2017-12-13 08:15:26 EST

(In reply to Tomas Pelka from comment #3)
> Most probably dup of bz1516408

Matěj said on irc he's using mutter-3.26.2-6 which contanis the fix for bug 1516408, so it's a different issue.

We'll need the backtrace of gnome-shell for sure.

Comment 6 Matěj Cepl 2017-12-13 10:17 EST

Created attachment 1367436 [details]
output of journalctl -xb

Comment 7 Matěj Cepl 2017-12-13 10:22:38 EST

coredumpctl is completely silent.

Also:

core.13028: ELF 64-bit LSB core file x86-64, version 1 (SYSV), too many program header sections (2128)
core.13323: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/bin/Xwayland :1 -rootless -terminate -core -listen 4 -listen 5 -displayfd', real uid: 1000, effective uid: 1000, real gid: 1000, effective gid: 1000, execfn: '/usr/bin/Xwayland', platform: 'x86_64'

The second coredump is apparently the one we have backtrace from, but the other one is a myster (it has 1.1G, so it is by far not empty).

Comment 8 Olivier Fourdan 2017-12-13 10:31:48 EST

From attachment 1367436 [details] :

Dec 13 13:27:50 mitmanek.ceplovi.cz kernel: traps: gnome-shell[13028] general protection ip:7f1d1f8f8bc0 sp:7fff91fcb1e0 error:0 in libgobject-2.0.so.0.5400.2[7f1d1f8c6000+4f000]
Dec 13 13:27:50 mitmanek.ceplovi.cz abrt-hook-ccpp[19713]: Process 13028 (gnome-shell) of user 1000 killed by SIGSEGV - dumping core
Dec 13 13:27:59 mitmanek.ceplovi.cz abrt-hook-ccpp[19713]: /var/spool/abrt is 5076597800 bytes (more than 1279MiB), deleting 'ccpp-2017-12-13-13:23:24-17860'
Dec 13 13:27:59 mitmanek.ceplovi.cz abrt-server[19742]: Package 'gnome-shell' isn't signed with proper key

Unfortunately, that doesn't tell us much on the root cause of the crash...

Comment 9 Matěj Cepl 2017-12-13 11:21 EST

Created attachment 1367491 [details]
backtrace

Actually, gdb was able to decipher the other coredump and it was truly from gnome-shell.

Comment 10 Olivier Fourdan 2017-12-13 11:33:55 EST

Oh right! This seems to come from the JS part of gnome-shell, moving to gnome-shell then (apparently unrelated to Wayland).

Comment 11 Olivier Fourdan 2018-01-30 09:38:32 EST

Backtrace is similar to https://bugzilla.gnome.org/show_bug.cgi?id=788931

Comment 12 Kalev Lember 2018-02-01 10:17:21 EST

(In reply to Olivier Fourdan from comment #11)
> Backtrace is similar to https://bugzilla.gnome.org/show_bug.cgi?id=788931

gjs 1.50.4 should have fixes to avoid crashing in this case. I'd like to get the update into 7.5; it's a minor bug fix release that should help with several gnome-shell crashes.

lmiksik, could you provide pm_ack and exception+ for this, please?

Comment 13 Kalev Lember 2018-02-02 03:48:52 EST

gjs-1.50.4-1.el7 should fix the crash and turn it into a warning in system logs. We should still try to get the gnome-shell fix in though, if possible.

Comment 20 errata-xmlrpc 2018-04-10 09:08:48 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0770

Note You need to log in before you can comment on or make changes to this bug.