gnome-shell crashed with SIGSEGV in g_hash_table_iter_next → meta_display_list_windows → meta_workspace_list_windows → ffi_call_SYSV → ffi_call()

Bug #1832869 reported by errors.ubuntu.com bug bridge on 2019-06-14
58
This bug affects 3 people
Affects Status Importance Assigned to Milestone
gnome-shell (Ubuntu)
High
Unassigned
gnome-shell-extension-dashtodock (Ubuntu)
High
Unassigned
mutter (Ubuntu)
High
Unassigned
Bionic
High
Marco Trevisan (Treviño)
Disco
Undecided
Unassigned

Bug Description

[ Description ]

GNOME shell crashes on restart when some window actors are opened

[ Test case ]

- Run gnome-shell in Xorg, start some windows
- Hit Alt+F2
- Write 'r' and press Enter

- The shell should restart without crashing in meta_workspace_list_windows

[ Regression potential ]

Javascript errors might be emitted when trying to access to invalidated data, but nothing really harmful.

[ Note ]

This crash doesn't affect versions after 3.28 for various reasons:
 - The JS code triggering it isn't there anymore
 - MetaScreen doesn't exist anymore.

Similar crashes might happen in newer versions, but as per different code paths, and so to be reported as different bugs.

---

The Ubuntu Error Tracker has been receiving reports about a problem regarding gnome-shell. This problem was most recently seen with package version 3.28.4-0ubuntu18.04.1, the problem page at https://errors.ubuntu.com/problem/d3f9725b7fae2763643521acfc58c734f829dd64 contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/.

https://errors.ubuntu.com/problem/ac8df0b1e2d67e423c634fde1a3acecd3c381d58
https://errors.ubuntu.com/problem/d3f9725b7fae2763643521acfc58c734f829dd64
https://errors.ubuntu.com/problem/1e69eadeb69f4e2b8aa933205d2be3a8db4af36c
https://errors.ubuntu.com/problem/6f7810166a3ae02cc8025514d6ffbbde10063e76
https://errors.ubuntu.com/problem/1bfbc00c70cfe6f4f2b66b4efc86f5c089c28680

Related branches

The crash is happening since gnome-shell/mutter 3.28.3+git20190124.

I wasn't able to track-down the issue since we're missing Javascript stacktrace so, for people who can replicate this, we'd need to get a trace.

You can have one following what said in https://is.gd/wiki_gnome_shell_crash_debug

summary: - /usr/bin/gnome-
- shell:11:g_hash_table_iter_next:meta_display_list_windows:meta_workspace_list_windows:ffi_call_SYSV:ffi_call
+ gnome-shell crashed in g_hash_table_iter_next meta_display_list_windows
+ meta_workspace_list_windows
Changed in gnome-shell (Ubuntu):
importance: Undecided → High
description: updated
summary: - gnome-shell crashed in g_hash_table_iter_next meta_display_list_windows
- meta_workspace_list_windows
+ gnome-shell crashed with SIGSEGV in g_hash_table_iter_next →
+ meta_display_list_windows → meta_workspace_list_windows → ffi_call_SYSV
+ → ffi_call()
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-shell (Ubuntu):
status: New → Confirmed
tags: added: regression-update

I've done some more debugging on this, it happens mostly on Alt+f2 or shell restart, and seems to be due to dash-to-dock

giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: == Stack trace for context 0x55c4534674c0 ==
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #0 0x55c4537ed038 i /<email address hidden>/theming.js:479 (0x7f71e459b560 @ 210)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #1 0x7ffc64834670 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #2 0x55c4537ecfa0 i /<email address hidden>/theming.js:451 (0x7f71e459b4d8 @ 23)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #3 0x7ffc64835250 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #4 0x55c4537ecf18 i /<email address hidden>/theming.js:447 (0x7f71e459b3c8 @ 117)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #5 0x7ffc64835e40 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #6 0x7ffc64835f10 b self-hosted:918 (0x7f72382f12b8 @ 394)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #7 0x55c4537ecea0 i resource:///org/gnome/shell/ui/main.js:206 (0x7f72382da4d8 @ 12)

Changed in gnome-shell-extension-dashtodock (Ubuntu):
status: New → Triaged
importance: Undecided → High
Daniel van Vugt (vanvugt) wrote :

Yes that theming.js around like 479 (on bionic) looks like a candidate for calling the offending `meta_workspace_list_windows`:

    _dockIsNear: function() {
        if (this._dockActor.has_style_pseudo_class('overview'))
            return false;
        /* Get all the windows in the active workspace that are in the primary monitor and visible */
        let activeWorkspace = global.screen.get_active_workspace();
        let dash = this._dash;
        let windows = activeWorkspace.list_windows().filter(function(metaWindow) {
            return metaWindow.get_monitor() === dash._monitorIndex &&
                   metaWindow.showing_on_its_workspace() &&
                   metaWindow.get_window_type() != Meta.WindowType.DESKTOP;
        });

Changed in mutter (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Changed in gnome-shell-extension-dashtodock (Ubuntu):
status: Triaged → Invalid
Changed in gnome-shell (Ubuntu):
status: Confirmed → Triaged
description: updated
Changed in mutter (Ubuntu Disco):
status: New → Won't Fix
Changed in mutter (Ubuntu):
status: In Progress → Won't Fix
Changed in mutter (Ubuntu Bionic):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
importance: Undecided → High
status: New → In Progress
Changed in mutter (Ubuntu):
assignee: Marco Trevisan (Treviño) (3v1n0) → nobody
no longer affects: gnome-shell-extension-dashtodock (Ubuntu Bionic)
no longer affects: gnome-shell-extension-dashtodock (Ubuntu Disco)
no longer affects: gnome-shell (Ubuntu Bionic)
no longer affects: gnome-shell (Ubuntu Disco)
tags: added: eoan
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers