gnome-shell crashed with SIGSEGV in _cogl_boxed_value_set_x()

Bug #1715330 reported by Jean-Baptiste Lallement on 2017-09-06
42
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Mutter
Fix Released
Critical
mutter (Ubuntu)
High
Unassigned
Artful
High
Unassigned

Bug Description

https://errors.ubuntu.com/problem/923e1f8ff89aa3ff451c6aec260ec590152cf01a

---

Artful Desktop daily, wayland session

Test Case:
Pre-requisites: Package update that downloads a payload and download fails (ie flash plugin)
1. Wait until the update-notifier dialog informing the user about the download failure shows up
2. Click on the 'Execute' buitton
3. Enter your credentials
4. Proceed with the download

Expected result
The package is downloaded

Actual result
This crash happens when the authentication window is displayed

ProblemType: Crash
DistroRelease: Ubuntu 17.10
Package: gnome-shell 3.25.91-0ubuntu3
ProcVersionSignature: Ubuntu 4.12.0-12.13-generic 4.12.8
Uname: Linux 4.12.0-12-generic x86_64
ApportVersion: 2.20.7-0ubuntu1
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Wed Sep 6 09:41:48 2017
DisplayManager: gdm3
ExecutablePath: /usr/bin/gnome-shell
GsettingsChanges:
 b'org.gnome.shell' b'had-bluetooth-devices-setup' b'true'
 b'org.gnome.shell' b'favorite-apps' b"['org.gnome.Nautilus.desktop', 'firefox.desktop', 'google-chrome-beta.desktop', 'streamtuner2.desktop']"
 b'org.gnome.desktop.interface' b'gtk-im-module' b"'gtk-im-context-simple'"
InstallationDate: Installed on 2014-07-23 (1140 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
ProcCmdline: /usr/bin/gnome-shell
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=fr_FR.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x7f72063804ef: mov 0x8(%rdi),%eax
 PC (0x7f72063804ef) ok
 source "0x8(%rdi)" (0x00000008) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: gnome-shell
StacktraceTop:
 ?? () from /usr/lib/x86_64-linux-gnu/mutter/libmutter-cogl-1.so
 ?? () from /usr/lib/x86_64-linux-gnu/mutter/libmutter-cogl-1.so
 ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6
 ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6
 ?? () from /usr/lib/libgjs.so.0
Title: gnome-shell crashed with SIGSEGV in ffi_call_unix64()
UpgradeStatus: Upgraded to artful on 2017-06-13 (84 days ago)
UserGroups: adm dialout libvirt lpadmin lxd sambashare sudo

Jean-Baptiste Lallement (jibel) wrote :
information type: Private → Public

StacktraceTop:
 _cogl_boxed_value_set_x (bv=0x0, size=1, count=1, type=type@entry=COGL_BOXED_FLOAT, value_size=4, value=0x10080d8e800, transpose=0) at cogl-boxed-value.c:141
 _cogl_boxed_value_set_float (bv=<optimized out>, n_components=<optimized out>, count=<optimized out>, value=<optimized out>) at cogl-boxed-value.c:212
 ffi_call_unix64 () at ../src/x86/unix64.S:76
 ffi_call (cif=cif@entry=0x1007f034eb8, fn=<optimized out>, rvalue=<optimized out>, rvalue@entry=0x7ffed1542b68, avalue=avalue@entry=0x7ffed1542a20) at ../src/x86/ffi64.c:525
 gjs_invoke_c_function (context=context@entry=0x1007d9a7000, function=function@entry=0x1007f034ea0, obj=..., obj@entry=..., args=..., js_rval=..., r_value=r_value@entry=0x0) at gi/function.cpp:1037

Changed in gnome-shell (Ubuntu):
importance: Undecided → Medium
summary: - gnome-shell crashed with SIGSEGV in ffi_call_unix64()
+ gnome-shell crashed with SIGSEGV in _cogl_boxed_value_set_x()
tags: removed: need-amd64-retrace
Changed in gnome-shell (Ubuntu):
importance: Medium → High
status: New → Confirmed
Adam Williamson (awilliamson) wrote :

We're seeing what's probably the same crash in Fedora 27, though my reproducer is to start a VM in virt-manager:

https://bugzilla.redhat.com/show_bug.cgi?id=1490072

It was suggested to try 3.25.92 and see if that fixes it.

Adam Williamson (awilliamson) wrote :

There's some discussion upstream too at https://bugzilla.gnome.org/show_bug.cgi?id=787240 - but note that it's a confused bug report that starts out being about a different bug, which is reported in Launchpad as https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1714330 . I will file a new upstream bug for the _console_boxed_value_set_x crash.

affects: gnome-shell (Ubuntu) → mutter (Ubuntu)
Changed in mutter:
importance: Unknown → Critical
status: Unknown → Confirmed
tags: added: rls-aa-incoming
Changed in mutter:
status: Confirmed → Fix Released
Iain Lane (laney) on 2017-09-27
Changed in mutter (Ubuntu):
assignee: nobody → Jean-Baptiste Lallement (jibel)
tags: removed: rls-aa-incoming
Jean-Baptiste Lallement (jibel) wrote :

I verified in artful with the latest mutter and cannot reproduce this defect. I'm marking it as fix released.

Changed in mutter (Ubuntu Artful):
status: Confirmed → Fix Released
Daniel van Vugt (vanvugt) wrote :

Not fixed?... It's still happening with the latest gnome-shell/mutter -> bug 1725162

Daniel van Vugt (vanvugt) wrote :

This crash continues to reoccur. See the duplicates and also:
https://errors.ubuntu.com/problem/923e1f8ff89aa3ff451c6aec260ec590152cf01a

Maybe we're linked to the wrong upstream bug and need a new one.

Changed in mutter (Ubuntu):
status: Fix Released → Confirmed
assignee: Jean-Baptiste Lallement (jibel) → nobody
Changed in mutter (Ubuntu Artful):
assignee: Jean-Baptiste Lallement (jibel) → nobody
status: Fix Released → Confirmed
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.