Ubuntu
mutter package

gnome-shell crashed with SIGSEGV in g_hash_table_iter_next → meta_display_list_windows → meta_workspace_list_windows → ffi_call_SYSV → ffi_call()

  1. Bionic (18.04)
  2. Bug #1832869
Bug #1832869 reported by errors.ubuntu.com bug bridge
60
This bug affects 3 people
Affects Status Importance Assigned to Milestone
gnome-shell (Ubuntu)
Invalid
High
Unassigned
gnome-shell-extension-dashtodock (Ubuntu)
Invalid
High
Unassigned
mutter (Ubuntu)
Won't Fix
High
Unassigned
Bionic
Fix Released
High
Marco Trevisan (Treviño)
Disco
Won't Fix
Undecided
Unassigned

Bug Description

[ Description ]

GNOME shell crashes on restart when some window actors are opened

[ Test case ]

- Run gnome-shell in Xorg, start some windows
- Hit Alt+F2
- Write 'r' and press Enter

- The shell should restart without crashing in meta_workspace_list_windows

[ Regression potential ]

Javascript errors might be emitted when trying to access to invalidated data, but nothing really harmful.

[ Note ]

This crash doesn't affect versions after 3.28 for various reasons:
 - The JS code triggering it isn't there anymore
 - MetaScreen doesn't exist anymore.

Similar crashes might happen in newer versions, but as per different code paths, and so to be reported as different bugs.

---

The Ubuntu Error Tracker has been receiving reports about a problem regarding gnome-shell. This problem was most recently seen with package version 3.28.4-0ubuntu18.04.1, the problem page at https://errors.ubuntu.com/problem/d3f9725b7fae2763643521acfc58c734f829dd64 contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/.

https://errors.ubuntu.com/problem/ac8df0b1e2d67e423c634fde1a3acecd3c381d58
https://errors.ubuntu.com/problem/d3f9725b7fae2763643521acfc58c734f829dd64
https://errors.ubuntu.com/problem/1e69eadeb69f4e2b8aa933205d2be3a8db4af36c
https://errors.ubuntu.com/problem/6f7810166a3ae02cc8025514d6ffbbde10063e76
https://errors.ubuntu.com/problem/1bfbc00c70cfe6f4f2b66b4efc86f5c089c28680

See original description

Related branches

~3v1n0/ubuntu/+source/mutter:ubuntu/bionic
Ubuntu Desktop: Pending requested
Diff: 1948 lines (+1815/-0)
19 files modified
debian/changelog (+27/-0)
debian/libmutter-2-0.symbols (+2/-0)
debian/patches/screen-Destroy-window-actors-after-windows-while-unmanagi.patch (+106/-0)
debian/patches/screen-Unset-the-active-workspace-and-remove-workspaces-o.patch (+43/-0)
debian/patches/series (+16/-0)
debian/patches/stack-Add-a-function-to-get-a-sorted-list-of-focus-candid.patch (+134/-0)
debian/patches/test-runner-Add-assert_focused-command.patch (+76/-0)
debian/patches/test-runner-Add-dispatch-command.patch (+84/-0)
debian/patches/test-runner-Add-sleep-command.patch (+82/-0)
debian/patches/tests-Add-accept_focus-command-to-runner-and-client.patch (+78/-0)
debian/patches/tests-Add-can_take_focus-command-to-runner-and-client.patch (+116/-0)
debian/patches/tests-Verify-focused-window-in-closed-transient-tests.patch (+64/-0)
debian/patches/tests-stacking-Add-tests-with-no-input-and-no-take-focus-.patch (+125/-0)
debian/patches/window-Emit-an-error-and-return-when-trying-to-activate-a.patch (+43/-0)
debian/patches/window-x11-Accept-any-focusable-window-as-fallback-focus.patch (+109/-0)
debian/patches/window-x11-Don-t-double-check-for-unmanaging-windows.patch (+39/-0)
debian/patches/window-x11-Focus-the-default-window-with-delay-while-wait.patch (+247/-0)
debian/patches/window-x11-Use-any-focusable-window-as-fallback-delayed-f.patch (+339/-0)
debian/patches/workspace-Focus-only-ancestors-that-are-focusable.patch (+85/-0)
Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote : Re: gnome-shell crashed in g_hash_table_iter_next meta_display_list_windows meta_workspace_list_windows

The crash is happening since gnome-shell/mutter 3.28.3+git20190124.

I wasn't able to track-down the issue since we're missing Javascript stacktrace so, for people who can replicate this, we'd need to get a trace.

You can have one following what said in https://is.gd/wiki_gnome_shell_crash_debug

summary: - /usr/bin/gnome-
- shell:11:g_hash_table_iter_next:meta_display_list_windows:meta_workspace_list_windows:ffi_call_SYSV:ffi_call
+ gnome-shell crashed in g_hash_table_iter_next meta_display_list_windows
+ meta_workspace_list_windows
Changed in gnome-shell (Ubuntu):
importance: Undecided → High
Marco Trevisan (Treviño) (3v1n0)
description: updated
Daniel van Vugt (vanvugt)
summary: - gnome-shell crashed in g_hash_table_iter_next meta_display_list_windows
- meta_workspace_list_windows
+ gnome-shell crashed with SIGSEGV in g_hash_table_iter_next →
+ meta_display_list_windows → meta_workspace_list_windows → ffi_call_SYSV
+ → ffi_call()
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-shell (Ubuntu):
status: New → Confirmed
Daniel van Vugt (vanvugt)
tags: added: regression-update
Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :

I've done some more debugging on this, it happens mostly on Alt+f2 or shell restart, and seems to be due to dash-to-dock

giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: == Stack trace for context 0x55c4534674c0 ==
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #0 0x55c4537ed038 i /<email address hidden>/theming.js:479 (0x7f71e459b560 @ 210)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #1 0x7ffc64834670 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #2 0x55c4537ecfa0 i /<email address hidden>/theming.js:451 (0x7f71e459b4d8 @ 23)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #3 0x7ffc64835250 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #4 0x55c4537ecf18 i /<email address hidden>/theming.js:447 (0x7f71e459b3c8 @ 117)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #5 0x7ffc64835e40 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #6 0x7ffc64835f10 b self-hosted:918 (0x7f72382f12b8 @ 394)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #7 0x55c4537ecea0 i resource:///org/gnome/shell/ui/main.js:206 (0x7f72382da4d8 @ 12)

Changed in gnome-shell-extension-dashtodock (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Yes that theming.js around like 479 (on bionic) looks like a candidate for calling the offending `meta_workspace_list_windows`:

    _dockIsNear: function() {
        if (this._dockActor.has_style_pseudo_class('overview'))
            return false;
        /* Get all the windows in the active workspace that are in the primary monitor and visible */
        let activeWorkspace = global.screen.get_active_workspace();
        let dash = this._dash;
        let windows = activeWorkspace.list_windows().filter(function(metaWindow) {
            return metaWindow.get_monitor() === dash._monitorIndex &&
                   metaWindow.showing_on_its_workspace() &&
                   metaWindow.get_window_type() != Meta.WindowType.DESKTOP;
        });

Marco Trevisan (Treviño) (3v1n0)
Changed in mutter (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Marco Trevisan (Treviño) (3v1n0)
Changed in gnome-shell-extension-dashtodock (Ubuntu):
status: Triaged → Invalid
Changed in gnome-shell (Ubuntu):
status: Confirmed → Triaged
Marco Trevisan (Treviño) (3v1n0)
description: updated
Changed in mutter (Ubuntu Disco):
status: New → Won't Fix
Changed in mutter (Ubuntu):
status: In Progress → Won't Fix
Changed in mutter (Ubuntu Bionic):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
importance: Undecided → High
status: New → In Progress
Changed in mutter (Ubuntu):
assignee: Marco Trevisan (Treviño) (3v1n0) → nobody
Marco Trevisan (Treviño) (3v1n0)
no longer affects: gnome-shell-extension-dashtodock (Ubuntu Bionic)
no longer affects: gnome-shell-extension-dashtodock (Ubuntu Disco)
no longer affects: gnome-shell (Ubuntu Bionic)
no longer affects: gnome-shell (Ubuntu Disco)
El jinete sin cabeza (ejsc)
tags: added: eoan
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello errors.ubuntu.com, or anyone else affected,

Accepted mutter into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mutter/3.28.4-0ubuntu18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in mutter (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :

Confirm no crash on restarting 3.28.4-0ubuntu18.04.2

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mutter - 3.28.4-0ubuntu18.04.2

---------------
mutter (3.28.4-0ubuntu18.04.2) bionic; urgency=medium

  [ Marco Trevisan (Treviño) ]
  * d/p/screen-Destroy-window-actors-after-windows-while-unmanagi.patch,
    d/p/screen-Unset-the-active-workspace-and-remove-workspaces-o.patch:
    - Destroy window actors after windows while unmanaging compositor
      (LP: #1832869)
  * d/p/window-Emit-an-error-and-return-when-trying-to-activate-a.patch:
    - window: Emit an error and return when trying to activate an unmanaged
      (LP: #1827401)
  * d/p/stack-Add-a-function-to-get-a-sorted-list-of-focus-candid.patch,
    d/p/test-runner-Add-assert_focused-command.patch,
    d/p/test-runner-Add-dispatch-command.patch,
    d/p/test-runner-Add-sleep-command.patch,
    d/p/tests-Add-accept_focus-command-to-runner-and-client.patch,
    d/p/tests-Add-can_take_focus-command-to-runner-and-client.patch,
    d/p/tests-Verify-focused-window-in-closed-transient-tests.patch,
    d/p/tests-stacking-Add-tests-with-no-input-and-no-take-focus-.patch,
    d/p/window-x11-Accept-any-focusable-window-as-fallback-focus.patch,
    d/p/window-x11-Don-t-double-check-for-unmanaging-windows.patch,
    d/p/window-x11-Focus-the-default-window-with-delay-while-wait.patch,
    d/p/window-x11-Use-any-focusable-window-as-fallback-delayed-f.patch,
    d/p/window-x11-Focus-a-window-in-the-active-workspace-as-take.patch,
    d/p/workspace-Focus-only-ancestors-that-are-focusable.patch:
    - Workspace: Take-Input windows focus fixes (LP: #1791574)
  * debian/libmutter-2-0.symbols: Update with new symbols

  [ Iain Lane ]
  * debian/libmutter-2-0.symbols: Add a tilde. These were added in an Ubuntu
    revision, so they should cause dependencies on the full version - but we
    add a tilde in case of backports.

 -- Iain Lane <email address hidden> Tue, 09 Jul 2019 17:03:10 +0100

Changed in mutter (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for mutter has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Daniel van Vugt (vanvugt)
tags: removed: eoan
Daniel van Vugt (vanvugt)
Changed in gnome-shell (Ubuntu):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.