gnome-shell crashed with SIGSEGV in g_hash_table_iter_next → meta_display_list_windows → meta_workspace_list_windows → ffi_call_SYSV → ffi_call()

Bug #1832869 reported by errors.ubuntu.com bug bridge on 2019-06-14
60
This bug affects 3 people
Affects Status Importance Assigned to Milestone
gnome-shell (Ubuntu)
High
Unassigned
gnome-shell-extension-dashtodock (Ubuntu)
High
Unassigned
mutter (Ubuntu)
High
Unassigned
Bionic
High
Marco Trevisan (Treviño)
Disco
Undecided
Unassigned

Bug Description

[ Description ]

GNOME shell crashes on restart when some window actors are opened

[ Test case ]

- Run gnome-shell in Xorg, start some windows
- Hit Alt+F2
- Write 'r' and press Enter

- The shell should restart without crashing in meta_workspace_list_windows

[ Regression potential ]

Javascript errors might be emitted when trying to access to invalidated data, but nothing really harmful.

[ Note ]

This crash doesn't affect versions after 3.28 for various reasons:
 - The JS code triggering it isn't there anymore
 - MetaScreen doesn't exist anymore.

Similar crashes might happen in newer versions, but as per different code paths, and so to be reported as different bugs.

---

The Ubuntu Error Tracker has been receiving reports about a problem regarding gnome-shell. This problem was most recently seen with package version 3.28.4-0ubuntu18.04.1, the problem page at https://errors.ubuntu.com/problem/d3f9725b7fae2763643521acfc58c734f829dd64 contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/.

https://errors.ubuntu.com/problem/ac8df0b1e2d67e423c634fde1a3acecd3c381d58
https://errors.ubuntu.com/problem/d3f9725b7fae2763643521acfc58c734f829dd64
https://errors.ubuntu.com/problem/1e69eadeb69f4e2b8aa933205d2be3a8db4af36c
https://errors.ubuntu.com/problem/6f7810166a3ae02cc8025514d6ffbbde10063e76
https://errors.ubuntu.com/problem/1bfbc00c70cfe6f4f2b66b4efc86f5c089c28680

Related branches

The crash is happening since gnome-shell/mutter 3.28.3+git20190124.

I wasn't able to track-down the issue since we're missing Javascript stacktrace so, for people who can replicate this, we'd need to get a trace.

You can have one following what said in https://is.gd/wiki_gnome_shell_crash_debug

summary: - /usr/bin/gnome-
- shell:11:g_hash_table_iter_next:meta_display_list_windows:meta_workspace_list_windows:ffi_call_SYSV:ffi_call
+ gnome-shell crashed in g_hash_table_iter_next meta_display_list_windows
+ meta_workspace_list_windows
Changed in gnome-shell (Ubuntu):
importance: Undecided → High
description: updated
summary: - gnome-shell crashed in g_hash_table_iter_next meta_display_list_windows
- meta_workspace_list_windows
+ gnome-shell crashed with SIGSEGV in g_hash_table_iter_next →
+ meta_display_list_windows → meta_workspace_list_windows → ffi_call_SYSV
+ → ffi_call()
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-shell (Ubuntu):
status: New → Confirmed
tags: added: regression-update

I've done some more debugging on this, it happens mostly on Alt+f2 or shell restart, and seems to be due to dash-to-dock

giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: == Stack trace for context 0x55c4534674c0 ==
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #0 0x55c4537ed038 i /<email address hidden>/theming.js:479 (0x7f71e459b560 @ 210)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #1 0x7ffc64834670 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #2 0x55c4537ecfa0 i /<email address hidden>/theming.js:451 (0x7f71e459b4d8 @ 23)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #3 0x7ffc64835250 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #4 0x55c4537ecf18 i /<email address hidden>/theming.js:447 (0x7f71e459b3c8 @ 117)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #5 0x7ffc64835e40 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #6 0x7ffc64835f10 b self-hosted:918 (0x7f72382f12b8 @ 394)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #7 0x55c4537ecea0 i resource:///org/gnome/shell/ui/main.js:206 (0x7f72382da4d8 @ 12)

Changed in gnome-shell-extension-dashtodock (Ubuntu):
status: New → Triaged
importance: Undecided → High
Daniel van Vugt (vanvugt) wrote :

Yes that theming.js around like 479 (on bionic) looks like a candidate for calling the offending `meta_workspace_list_windows`:

    _dockIsNear: function() {
        if (this._dockActor.has_style_pseudo_class('overview'))
            return false;
        /* Get all the windows in the active workspace that are in the primary monitor and visible */
        let activeWorkspace = global.screen.get_active_workspace();
        let dash = this._dash;
        let windows = activeWorkspace.list_windows().filter(function(metaWindow) {
            return metaWindow.get_monitor() === dash._monitorIndex &&
                   metaWindow.showing_on_its_workspace() &&
                   metaWindow.get_window_type() != Meta.WindowType.DESKTOP;
        });

Changed in mutter (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Changed in gnome-shell-extension-dashtodock (Ubuntu):
status: Triaged → Invalid
Changed in gnome-shell (Ubuntu):
status: Confirmed → Triaged
description: updated
Changed in mutter (Ubuntu Disco):
status: New → Won't Fix
Changed in mutter (Ubuntu):
status: In Progress → Won't Fix
Changed in mutter (Ubuntu Bionic):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
importance: Undecided → High
status: New → In Progress
Changed in mutter (Ubuntu):
assignee: Marco Trevisan (Treviño) (3v1n0) → nobody
no longer affects: gnome-shell-extension-dashtodock (Ubuntu Bionic)
no longer affects: gnome-shell-extension-dashtodock (Ubuntu Disco)
no longer affects: gnome-shell (Ubuntu Bionic)
no longer affects: gnome-shell (Ubuntu Disco)
tags: added: eoan

Hello errors.ubuntu.com, or anyone else affected,

Accepted mutter into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mutter/3.28.4-0ubuntu18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in mutter (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic

Confirm no crash on restarting 3.28.4-0ubuntu18.04.2

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mutter - 3.28.4-0ubuntu18.04.2

---------------
mutter (3.28.4-0ubuntu18.04.2) bionic; urgency=medium

  [ Marco Trevisan (Treviño) ]
  * d/p/screen-Destroy-window-actors-after-windows-while-unmanagi.patch,
    d/p/screen-Unset-the-active-workspace-and-remove-workspaces-o.patch:
    - Destroy window actors after windows while unmanaging compositor
      (LP: #1832869)
  * d/p/window-Emit-an-error-and-return-when-trying-to-activate-a.patch:
    - window: Emit an error and return when trying to activate an unmanaged
      (LP: #1827401)
  * d/p/stack-Add-a-function-to-get-a-sorted-list-of-focus-candid.patch,
    d/p/test-runner-Add-assert_focused-command.patch,
    d/p/test-runner-Add-dispatch-command.patch,
    d/p/test-runner-Add-sleep-command.patch,
    d/p/tests-Add-accept_focus-command-to-runner-and-client.patch,
    d/p/tests-Add-can_take_focus-command-to-runner-and-client.patch,
    d/p/tests-Verify-focused-window-in-closed-transient-tests.patch,
    d/p/tests-stacking-Add-tests-with-no-input-and-no-take-focus-.patch,
    d/p/window-x11-Accept-any-focusable-window-as-fallback-focus.patch,
    d/p/window-x11-Don-t-double-check-for-unmanaging-windows.patch,
    d/p/window-x11-Focus-the-default-window-with-delay-while-wait.patch,
    d/p/window-x11-Use-any-focusable-window-as-fallback-delayed-f.patch,
    d/p/window-x11-Focus-a-window-in-the-active-workspace-as-take.patch,
    d/p/workspace-Focus-only-ancestors-that-are-focusable.patch:
    - Workspace: Take-Input windows focus fixes (LP: #1791574)
  * debian/libmutter-2-0.symbols: Update with new symbols

  [ Iain Lane ]
  * debian/libmutter-2-0.symbols: Add a tilde. These were added in an Ubuntu
    revision, so they should cause dependencies on the full version - but we
    add a tilde in case of backports.

 -- Iain Lane <email address hidden> Tue, 09 Jul 2019 17:03:10 +0100

Changed in mutter (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for mutter has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers