gnome-shell crashed with SIGSEGV in g_type_check_instance_cast() from st_label_set_text() from ffi_call_unix64()

This crash has the same stack trace characteristics as bug #1714989. However, the latter was already fixed in an earlier package version than the one in this report. This might be a regression or because the problem is in a dependent package.

StacktraceTop:
 g_type_check_instance_cast (type_instance=0x55ff24115730, iface_type=94554229164800) at ../../../../gobject/gtype.c:4058
 st_label_set_text (label=0x55ff24266c60, text=0x55ff24183980 "VPN is down!") at ../src/st/st-label.c:334
 ffi_call_unix64 () at ../src/x86/unix64.S:76
 ffi_call (cif=cif@entry=0x55ff21108a58, fn=<optimized out>, rvalue=<optimized out>, rvalue@entry=0x7ffeceef9bd8, avalue=avalue@entry=0x7ffeceef9ac0) at ../src/x86/ffi64.c:525
 gjs_invoke_c_function (context=context@entry=0x55ff1f6d1000, function=function@entry=0x55ff21108a40, obj=..., obj@entry=..., args=..., js_rval=..., r_value=r_value@entry=0x0) at gi/function.cpp:1088

Status changed to 'Confirmed' because the bug affects multiple users.

The Ubuntu error tracker also confirms the crash is still happening. Bug 1714989 did not resolve it.

Now tracking in:
https://errors.ubuntu.com/problem/811164cadd3e9e891f9e2d439bda59925f91a62c

For me (Bug #1760588) gnome-shell crashes nearly always when I attach USB drive or phone with storage.

For me, it happens every few times I attach an SD card. Haven't tested with other media.

Not sure if this issue is related but since I upgrade to the last daily update I am not able to click with my trackpad or connected mouse. When I suspend the laptop, I can use the keyboard to open a terminal.

Gnome-shell is reporting this bug since this problem appears.

I am using an XPS 13 - 9370

Anyone affected, please attach your

 journalctl /usr/bin/gnome-shell

Here is the log from `journalctl /usr/bin/gnome-shell`

Sadly this is still happening to me on 18.04 as well. Every single time I resume my machine from suspend. And it's not just that gnome-shell crashes, but I have to sit for a good 2-3 minutes while apport does its thing, while the machine is completely frozen from a UI perspective. This is such a huge usability issue! I still suspect it is being caused by some particular combination of gnome-shell extensions that are installed. I've tried (unsuccessfully) to pin down which one it is, but it never seems to work, leading me to believe it must be a combination.

I've attached my journalctl output, captured from the moment I resumed my machine. Really hope we can get to the bottom of this!

ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: GNOME
DisplayManager: gdm3
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-12-09 (150 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
Package: gnome-shell 3.28.1-0ubuntu2
PackageArchitecture: amd64
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Tags: bionic
Uname: Linux 4.15.0-20-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-04-28 (11 days ago)
UserGroups: adm cdrom dip docker lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True

apport information

apport information

apport information

apport information

We know. There are 830 reports of this crash from 18.04 right now:
https://errors.ubuntu.com/problem/811164cadd3e9e891f9e2d439bda59925f91a62c

And globally this is the 9th most common gnome-shell crash for 18.04 (or 6th if you look at just the past month).

I got it finally with some proper JS stacktrace, in my case it was an extension triggering it:

(gnome-shell:6754): Gjs-CRITICAL **: 12:22:44.730: Object St.BoxLayout (0x55950fcf1230), has been already deallocated - impossible to access to it. This might be caused by the fact that the object has been destroyed from C code using something such as destroy(), dispose(), or remove() vfuncs
== Stack trace for context 0x55950f5194c0 ==
#0 0x7fffe152eed0 I resource:///org/gnome/shell/ui/environment.js:41 (0x7f1e5c586d58 @ 20)
#1 0x7fffe152efc0 b resource:///org/gnome/shell/ui/popupMenu.js:642 (0x7f1e5c224de0 @ 61)
#2 0x7fffe152f060 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f1e5c5b5e68 @ 71)
#3 0x55950f8dd540 i /home<email address hidden>/extension.js:132 (0x7f1e0fa86808 @ 342)
#4 0x55950f8dd480 i /home<email address hidden>/utils.js:121 (0x7f1e0fab9340 @ 458)

(gnome-shell:6754): Clutter-CRITICAL **: 12:22:44.730: clutter_layout_manager_get_child_meta: assertion 'CLUTTER_IS_LAYOUT_MANAGER (manager)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.730: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.730: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): Clutter-CRITICAL **: 12:22:44.730: clutter_layout_manager_get_child_meta: assertion 'CLUTTER_IS_LAYOUT_MANAGER (manager)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.730: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.730: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): Gjs-CRITICAL **: 12:22:44.731: Object St.BoxLayout (0x55950fcf1230), has been already deallocated - impossible to access to it. This might be caused by the fact that the object has been destroyed from C code using something such as destroy(), dispose(), or remove() vfuncs
== Stack trace for context 0x55950f5194c0 ==
#0 0x7fffe152eed0 I resource:///org/gnome/shell/ui/environment.js:41 (0x7f1e5c586d58 @ 20)
#1 0x7fffe152efc0 b resource:///org/gnome/shell/ui/popupMenu.js:642 (0x7f1e5c224de0 @ 61)
#2 0x7fffe152f060 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f1e5c5b5e68 @ 71)
#3 0x55950f8dd540 i /home<email address hidden>/extension.js:157 (0x7f1e0fa86808 @ 585)
#4 0x55950f8dd480 i /home<email address hidden>/utils.js:121 (0x7f1e0fab9340 @ 458)

(gnome-shell:6754): Clutter-CRITICAL **: 12:22:44.731: clutter_layout_manager_get_child_meta: assertion 'CLUTTER_IS_LAYOUT_MANAGER (manager)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.731: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): GLib-GObject-CRITICAL **: 12:22:44.731: g_object_set: assertion 'G_IS_OBJECT (object)' failed

(gnome-shell:6754): Clutter-CRITICAL **: 12:22:44.731: clutter_layout_manager_get_child_meta: assertion 'CLUTTER_IS_LAYOUT_MANAGER (manager)' failed

(gnome-shell:6754): GL...

Some gdb debugging is

#1 0x00007f3abc9a1bc8 in st_label_set_text (label=0x555b3f768d10, text=0x555b5369d360 "...")
    at ../../gnome-shell/src/st/st-label.c:331
331 ctext = CLUTTER_TEXT (priv->label);
(gdb) list
326
327 g_return_if_fail (ST_IS_LABEL (label));
328 g_return_if_fail (text != NULL);
329
330 priv = label->priv;
331 ctext = CLUTTER_TEXT (priv->label);
332
333 if (clutter_text_get_editable (ctext) ||
334 g_strcmp0 (clutter_text_get_text (ctext), text) != 0)
335 {
(gdb) print label
$1 = (StLabel *) 0x555b3f768d10
(gdb) print *label
$2 = {parent_instance = {parent_instance = {parent_instance = {g_type_instance = {g_class = 0x555b3e5ea510},
        ref_count = 1, qdata = 0x555b3f759800}, flags = 0, private_flags = 0, priv = 0x555b3f7689f0}},
  priv = 0x555b3f7688b0}
(gdb) print *label->priv
$3 = {label = 0x555b3f712210, text_shadow_pipeline = 0x0, shadow_width = -1, shadow_height = -1}
(gdb) print *label->priv->labe
There is no member named labe.
(gdb) print *label->priv->label
$4 = {parent_instance = {g_type_instance = {g_class = 0x7f3abdf80be0
     <wrapped_gobj_dispose_notify(gpointer, GObject*)>}, ref_count = 1102656128, qdata = 0x30}, flags = 113,
  private_flags = 0, priv = 0x68733b6572616873}

Fixed in https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/115

Plus I've another fix for gjs.

Fix committed upstream. It will be included in gnome-shell versions 3.28.3 and 3.29.3.

It seems we're reopening and continuing this in bug 1714989.