gnome-shell crashed with SIGSEGV in g_type_check_instance_cast() from st_label_set_text() from ffi_call_unix64()

Bug #1759621 reported by Jim on 2018-03-28
58
This bug affects 11 people
Affects Status Importance Assigned to Milestone
GNOME Shell
Fix Released
Critical
gjs (Ubuntu)
Medium
Marco Trevisan (Treviño)
gnome-shell (Ubuntu)
High
Marco Trevisan (Treviño)

Bug Description

https://errors.ubuntu.com/problem/811164cadd3e9e891f9e2d439bda59925f91a62c

---

trying to get vpn up and running

ProblemType: Crash
DistroRelease: Ubuntu 18.04
Package: gnome-shell 3.28.0-0ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-13.14-generic 4.15.10
Uname: Linux 4.15.0-13-generic x86_64
ApportVersion: 2.20.9-0ubuntu1
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Wed Mar 28 18:00:19 2018
DisplayManager: gdm3
ExecutablePath: /usr/bin/gnome-shell
GsettingsChanges:
 b'org.gnome.shell' b'enabled-extensions' b"['<email address hidden>']"
 b'org.gnome.shell' b'app-picker-view' b'uint32 1'
 b'org.gnome.shell' b'favorite-apps' b"['firefox.desktop', 'rhythmbox.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop', 'yelp.desktop', 'org.gnome.Terminal.desktop', 'cisco-anyconnect.desktop']"
 b'org.gnome.desktop.interface' b'gtk-im-module' b"'gtk-im-context-simple'"
InstallationDate: Installed on 2018-03-23 (4 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20180105.1)
ProcCmdline: /usr/bin/gnome-shell
SegvAnalysis:
 Segfault happened at: 0x7fd17cf23d3d <g_type_check_instance_cast+77>: movzbl 0x16(%rax),%edx
 PC (0x7fd17cf23d3d) ok
 source "0x16(%rax)" (0x00024562) not located in a known VMA region (needed readable region)!
 destination "%edx" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: gnome-shell
StacktraceTop:
 g_type_check_instance_cast () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
 st_label_set_text () at /usr/lib/gnome-shell/libst-1.0.so
 ffi_call_unix64 () at /usr/lib/x86_64-linux-gnu/libffi.so.6
 ffi_call () at /usr/lib/x86_64-linux-gnu/libffi.so.6
 () at /usr/lib/libgjs.so.0
Title: gnome-shell crashed with SIGSEGV in g_type_check_instance_cast()
UpgradeStatus: Upgraded to bionic on 2018-03-24 (4 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Jim (unimailhamburg) wrote :

This crash has the same stack trace characteristics as bug #1714989. However, the latter was already fixed in an earlier package version than the one in this report. This might be a regression or because the problem is in a dependent package.

tags: added: regression-retracer

StacktraceTop:
 g_type_check_instance_cast (type_instance=0x55ff24115730, iface_type=94554229164800) at ../../../../gobject/gtype.c:4058
 st_label_set_text (label=0x55ff24266c60, text=0x55ff24183980 "VPN is down!") at ../src/st/st-label.c:334
 ffi_call_unix64 () at ../src/x86/unix64.S:76
 ffi_call (cif=cif@entry=0x55ff21108a58, fn=<optimized out>, rvalue=<optimized out>, rvalue@entry=0x7ffeceef9bd8, avalue=avalue@entry=0x7ffeceef9ac0) at ../src/x86/ffi64.c:525
 gjs_invoke_c_function (context=context@entry=0x55ff1f6d1000, function=function@entry=0x55ff21108a40, obj=..., obj@entry=..., args=..., js_rval=..., r_value=r_value@entry=0x0) at gi/function.cpp:1088

Changed in gnome-shell (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
information type: Private → Public
summary: - trying to get vpn running ... gnome-shell crashed with SIGSEGV in
- g_type_check_instance_cast()
+ gnome-shell crashed with SIGSEGV in g_type_check_instance_cast() from
+ st_label_set_text() from ffi_call_unix64()
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-shell (Ubuntu):
status: New → Confirmed
Daniel van Vugt (vanvugt) wrote :

The Ubuntu error tracker also confirms the crash is still happening. Bug 1714989 did not resolve it.

Now tracking in:
https://errors.ubuntu.com/problem/811164cadd3e9e891f9e2d439bda59925f91a62c

description: updated
Eugene Romanenko (eros2) wrote :

For me (Bug #1760588) gnome-shell crashes nearly always when I attach USB drive or phone with storage.

Edward Pedemonte (epedemont) wrote :

For me, it happens every few times I attach an SD card. Haven't tested with other media.

Michaël Lambé (mic0331) wrote :

Not sure if this issue is related but since I upgrade to the last daily update I am not able to click with my trackpad or connected mouse. When I suspend the laptop, I can use the keyboard to open a terminal.

Gnome-shell is reporting this bug since this problem appears.

I am using an XPS 13 - 9370

Anyone affected, please attach your

 journalctl /usr/bin/gnome-shell

Changed in gnome-shell (Ubuntu):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Michaël Lambé (mic0331) wrote :

Here is the log from `journalctl /usr/bin/gnome-shell`

hackel (hackel) wrote :

Sadly this is still happening to me on 18.04 as well. Every single time I resume my machine from suspend. And it's not just that gnome-shell crashes, but I have to sit for a good 2-3 minutes while apport does its thing, while the machine is completely frozen from a UI perspective. This is such a huge usability issue! I still suspect it is being caused by some particular combination of gnome-shell extensions that are installed. I've tried (unsuccessfully) to pin down which one it is, but it never seems to work, leading me to believe it must be a combination.

I've attached my journalctl output, captured from the moment I resumed my machine. Really hope we can get to the bottom of this!

ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: GNOME
DisplayManager: gdm3
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-12-09 (150 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
Package: gnome-shell 3.28.1-0ubuntu2
PackageArchitecture: amd64
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Tags: bionic
Uname: Linux 4.15.0-20-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-04-28 (11 days ago)
UserGroups: adm cdrom dip docker lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True

tags: added: apport-collected

apport information

apport information

apport information

apport information

Daniel van Vugt (vanvugt) wrote :

We know. There are 830 reports of this crash from 18.04 right now:
https://errors.ubuntu.com/problem/811164cadd3e9e891f9e2d439bda59925f91a62c

And globally this is the 9th most common gnome-shell crash for 18.04 (or 6th if you look at just the past month).

Changed in gnome-shell (Ubuntu):
importance: Medium → High
Download full text (40.9 KiB)

I got it finally with some proper JS stacktrace, in my case it was an extension triggering it:

(gnome-shell:6754): Gjs-CRITICAL **: 12:22:44.730: Object St.BoxLayout (0x55950fcf1230), has been already deallocated - impossible to access to it. This might be caused by the fact that the object has been destroyed from C code using something such as destroy(), dispose(), or remove() vfuncs
== Stack trace for context 0x55950f5194c0 ==
#0 0x7fffe152eed0 I resource:///org/gnome/shell/ui/environment.js:41 (0x7f1e5c586d58 @ 20)
#1 0x7fffe152efc0 b resource:///org/gnome/shell/ui/popupMenu.js:642 (0x7f1e5c224de0 @ 61)
#2 0x7fffe152f060 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f1e5c5b5e68 @ 71)
#3 0x55950f8dd540 i /home<email address hidden>/extension.js:132 (0x7f1e0fa86808 @ 342)
#4 0x55950f8dd480 i /home<email address hidden>/utils.js:121 (0x7f1e0fab9340 @ 458)

(gnome-shell:6754): Clutter-CRITICAL **: 12:22:44.730: clutter_layout_manager_get_child_meta: assertion 'CLUTTER_IS_LAYOUT_MANAGER (manager)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.730: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.730: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): Clutter-CRITICAL **: 12:22:44.730: clutter_layout_manager_get_child_meta: assertion 'CLUTTER_IS_LAYOUT_MANAGER (manager)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.730: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.730: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): Gjs-CRITICAL **: 12:22:44.731: Object St.BoxLayout (0x55950fcf1230), has been already deallocated - impossible to access to it. This might be caused by the fact that the object has been destroyed from C code using something such as destroy(), dispose(), or remove() vfuncs
== Stack trace for context 0x55950f5194c0 ==
#0 0x7fffe152eed0 I resource:///org/gnome/shell/ui/environment.js:41 (0x7f1e5c586d58 @ 20)
#1 0x7fffe152efc0 b resource:///org/gnome/shell/ui/popupMenu.js:642 (0x7f1e5c224de0 @ 61)
#2 0x7fffe152f060 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f1e5c5b5e68 @ 71)
#3 0x55950f8dd540 i /home<email address hidden>/extension.js:157 (0x7f1e0fa86808 @ 585)
#4 0x55950f8dd480 i /home<email address hidden>/utils.js:121 (0x7f1e0fab9340 @ 458)

(gnome-shell:6754): Clutter-CRITICAL **: 12:22:44.731: clutter_layout_manager_get_child_meta: assertion 'CLUTTER_IS_LAYOUT_MANAGER (manager)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.731: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.731: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): Clutter-CRITICAL **: 12:22:44.731: clutter_layout_manager_get_child_meta: assertion 'CLUTTER_IS_LAYOUT_MANAGER (manager)' failed

(gnome-shell:6754): GL...

Some gdb debugging is

#1 0x00007f3abc9a1bc8 in st_label_set_text (label=0x555b3f768d10, text=0x555b5369d360 "...")
    at ../../gnome-shell/src/st/st-label.c:331
331 ctext = CLUTTER_TEXT (priv->label);
(gdb) list
326
327 g_return_if_fail (ST_IS_LABEL (label));
328 g_return_if_fail (text != NULL);
329
330 priv = label->priv;
331 ctext = CLUTTER_TEXT (priv->label);
332
333 if (clutter_text_get_editable (ctext) ||
334 g_strcmp0 (clutter_text_get_text (ctext), text) != 0)
335 {
(gdb) print label
$1 = (StLabel *) 0x555b3f768d10
(gdb) print *label
$2 = {parent_instance = {parent_instance = {parent_instance = {g_type_instance = {g_class = 0x555b3e5ea510},
        ref_count = 1, qdata = 0x555b3f759800}, flags = 0, private_flags = 0, priv = 0x555b3f7689f0}},
  priv = 0x555b3f7688b0}
(gdb) print *label->priv
$3 = {label = 0x555b3f712210, text_shadow_pipeline = 0x0, shadow_width = -1, shadow_height = -1}
(gdb) print *label->priv->labe
There is no member named labe.
(gdb) print *label->priv->label
$4 = {parent_instance = {g_type_instance = {g_class = 0x7f3abdf80be0
     <wrapped_gobj_dispose_notify(gpointer, GObject*)>}, ref_count = 1102656128, qdata = 0x30}, flags = 113,
  private_flags = 0, priv = 0x68733b6572616873}

Changed in gnome-shell (Ubuntu):
status: Confirmed → In Progress
tags: added: cosmic
Changed in gjs (Ubuntu):
status: New → Fix Committed
status: Fix Committed → In Progress
importance: Undecided → Medium
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Daniel van Vugt (vanvugt) wrote :

Fix committed upstream. It will be included in gnome-shell versions 3.28.3 and 3.29.3.

tags: added: fixed-in-3.28.3 fixed-in-3.29.3
Changed in gnome-shell:
importance: Unknown → Critical
status: Unknown → Fix Released
Daniel van Vugt (vanvugt) wrote :

It seems we're reopening and continuing this in bug 1714989.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.