gnome-shell random crash in get_top_visible_window_actor()
Hi everybody,
I have experiencing some random crashes with gnome shell and recently I got some time to drill down where the issue is
It seems to be something related to libmozjs or something else, I was able to reproduce the bug under wayland only (not xorg).
I found a reliable way to crash gnome shell by scratching four fingers across the touchpad, hard to explain, here is the video: https://www.youtube.com/watch?v=GzTMzasyxyw
The same procedure crashes gnome-shell on my old macbook air as well on a thinkpad t440p (it just took a bit longer to reproduce).
These are the version of the packages I'm using:
ii gnome-shell 3.30.0-2 amd64 graphical shell for the GNOME desktop
ii gnome-shell-common 3.30.0-2 all common files for the GNOME graphical shell
ii gnome-shell-dbgsym 3.30.0-2 amd64 debug symbols for gnome-shell
ii gnome-shell-extension-hard-disk-led 19-1 all Shows harddisk activity (IO speed read/write and LED) in GNOME Shell
ii gnome-shell-extensions 3.30.0-1 all Extensions to extend functionality of GNOME Shell
ii libinput-bin 1.12.0-1 amd64 input device management and event handling library - udev quirks
ii libinput-tools 1.12.0-1 amd64 input device management and event handling library - command line tools
ii libinput10:amd64 1.12.0-1 amd64 input device management and event handling library - shared library
ii libinput10-dbgsym:amd64 1.12.0-1 amd64 debug symbols for libinput10
ii libmozjs-52-0:amd64 52.9.1-1 amd64 SpiderMonkey JavaScript library
ii libmozjs-52-0-dbgsym:amd64 52.9.1-1 amd64 debug symbols for libmozjs-52-0
ii xserver-xorg-input-libinput 0.28.0-1 amd64 X.Org X server -- libinput input driver
after the crash dmesg shows this message:
[ 305.045980] gnome-shell[3670]: segfault at 181 ip 00007f3aaf5a66bc sp 00007fffbb6c9b60 error 4 in libmutter-3.so.0.0.0[7f3aaf570000+d9000]
[ 305.045987] Code: 64 24 20 48 8d 6c 24 10 4d 8d 74 24 0c 4d 8d 6c 24 08 0f 1f 40 00 49 8b 1f 48 89 df e8 1d af fc ff 66 0f ef c0 0f 29 44 24 20 <f6> 80 81 01 00 00 02 74 2d 48 89 c7 48 89 ee e8 60 d1 fc ff 48 8b
this is the coredump with the debug symbols:
PID: 5343 (gnome-shell)
UID: 1000 (fgbreel)
GID: 1000 (fgbreel)
Signal: 11 (SEGV)
Timestamp: Wed 2018-10-03 16:38:12 CEST (5h 12min ago)
Command Line: /usr/bin/gnome-shell
Executable: /usr/bin/gnome-shell
Control Group: /user.slice/user-1000.slice/session-13.scope
Unit: session-13.scope
Slice: user-1000.slice
Session: 13
Owner UID: 1000 (fgbreel)
Boot ID: f3248bf88320490788518fd6de4b1a98
Machine ID: 566854d4d7ef46f79a309221a5e5e9b8
Hostname: zaphod
Storage: /var/lib/systemd/coredump/core.gnome-shell.1000.f3248bf88320490788518fd6de4b1a98.5343.1538577492000000.lz4
Message: Process 5343 (gnome-shell) of user 1000 dumped core.
Stack trace of thread 5343:
#0 0x00007fbb392dd6bc get_top_visible_window_actor (libmutter-3.so.0)
#1 0x00007fbb39306dbd meta_stack_tracker_sync_stack (libmutter-3.so.0)
#2 0x00007fbb39306eb9 stack_tracker_sync_stack_later (libmutter-3.so.0)
#3 0x00007fbb39307c42 run_repaint_laters (libmutter-3.so.0)
#4 0x00007fbb394d8142 _clutter_run_repaint_functions (libmutter-clutter-3.so)
#5 0x00007fbb394d8ee7 master_clock_update_stages (libmutter-clutter-3.so)
#6 0x00007fbb3a04bc3e g_main_dispatch (libglib-2.0.so.0)
#7 0x00007fbb3a04bed8 g_main_context_iterate (libglib-2.0.so.0)
#8 0x00007fbb3a04c1d2 g_main_loop_run (libglib-2.0.so.0)
#9 0x00007fbb392ff8ac meta_run (libmutter-3.so.0)
#10 0x00005597f9098782 main (gnome-shell)
#11 0x00007fbb3908fb17 __libc_start_main (libc.so.6)
#12 0x00005597f90988da _start (gnome-shell)
Stack trace of thread 5345:
#0 0x00007fbb3915a739 __GI___poll (libc.so.6)
#1 0x00007fbb3a04be46 g_main_context_poll (libglib-2.0.so.0)
#2 0x00007fbb3a04bf6c g_main_context_iteration (libglib-2.0.so.0)
#3 0x00007fbb3a04bfb1 glib_worker_main (libglib-2.0.so.0)
#4 0x00007fbb3a074135 g_thread_proxy (libglib-2.0.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5349:
#0 0x00007fbb39237e6c futex_wait_cancelable (libpthread.so.0)
#1 0x00007fbb26951d8b n/a (i965_dri.so)
#2 0x00007fbb26951ab7 n/a (i965_dri.so)
#3 0x00007fbb39231f2a start_thread (libpthread.so.0)
#4 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5444:
#0 0x00007fbb3915a739 __GI___poll (libc.so.6)
#1 0x00007fbb25ae20f1 n/a (libpulse.so.0)
#2 0x00007fbb25ad3920 pa_mainloop_poll (libpulse.so.0)
#3 0x00007fbb25ad3f6e pa_mainloop_iterate (libpulse.so.0)
#4 0x00007fbb25ad4020 pa_mainloop_run (libpulse.so.0)
#5 0x00007fbb25ae2039 n/a (libpulse.so.0)
#6 0x00007fbb25a7f3d8 n/a (libpulsecommon-12.2.so)
#7 0x00007fbb39231f2a start_thread (libpthread.so.0)
#8 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5346:
#0 0x00007fbb3915a739 __GI___poll (libc.so.6)
#1 0x00007fbb3a04be46 g_main_context_poll (libglib-2.0.so.0)
#2 0x00007fbb3a04c1d2 g_main_loop_run (libglib-2.0.so.0)
#3 0x00007fbb3a23e7b6 gdbus_shared_thread_func (libgio-2.0.so.0)
#4 0x00007fbb3a074135 g_thread_proxy (libglib-2.0.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5348:
#0 0x00007fbb3915a739 __GI___poll (libc.so.6)
#1 0x00007fbb3a04be46 g_main_context_poll (libglib-2.0.so.0)
#2 0x00007fbb3a04bf6c g_main_context_iteration (libglib-2.0.so.0)
#3 0x00007fbb3a335fdd n/a (libdconfsettings.so)
#4 0x00007fbb3a074135 g_thread_proxy (libglib-2.0.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5449:
#0 0x00007fbb39237e6c futex_wait_cancelable (libpthread.so.0)
#1 0x00007fbb34fd26f4 _ZN2js17ConditionVariable4waitERNS_9LockGuardINS_5MutexEEE (libmozjs-52.so.0)
#2 0x00007fbb34fd29c5 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#3 0x00007fbb353bb77a _ZN2js23GlobalHelperThreadState4waitERNS_25AutoLockHelperThreadStateENS0_7CondVarEN7mozilla16BaseTimeDurationINS4_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#4 0x00007fbb353dbdf2 _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-52.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5450:
#0 0x00007fbb39237e6c futex_wait_cancelable (libpthread.so.0)
#1 0x00007fbb34fd26f4 _ZN2js17ConditionVariable4waitERNS_9LockGuardINS_5MutexEEE (libmozjs-52.so.0)
#2 0x00007fbb34fd29c5 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#3 0x00007fbb353bb77a _ZN2js23GlobalHelperThreadState4waitERNS_25AutoLockHelperThreadStateENS0_7CondVarEN7mozilla16BaseTimeDurationINS4_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#4 0x00007fbb353dbdf2 _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-52.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5451:
#0 0x00007fbb39237e6c futex_wait_cancelable (libpthread.so.0)
#1 0x00007fbb34fd26f4 _ZN2js17ConditionVariable4waitERNS_9LockGuardINS_5MutexEEE (libmozjs-52.so.0)
#2 0x00007fbb34fd29c5 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#3 0x00007fbb353bb77a _ZN2js23GlobalHelperThreadState4waitERNS_25AutoLockHelperThreadStateENS0_7CondVarEN7mozilla16BaseTimeDurationINS4_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#4 0x00007fbb353dbdf2 _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-52.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5452:
#0 0x00007fbb39237e6c futex_wait_cancelable (libpthread.so.0)
#1 0x00007fbb34fd26f4 _ZN2js17ConditionVariable4waitERNS_9LockGuardINS_5MutexEEE (libmozjs-52.so.0)
#2 0x00007fbb34fd29c5 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#3 0x00007fbb353bb77a _ZN2js23GlobalHelperThreadState4waitERNS_25AutoLockHelperThreadStateENS0_7CondVarEN7mozilla16BaseTimeDurationINS4_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#4 0x00007fbb353dbdf2 _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-52.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5453:
#0 0x00007fbb39237e6c futex_wait_cancelable (libpthread.so.0)
#1 0x00007fbb34fd26f4 _ZN2js17ConditionVariable4waitERNS_9LockGuardINS_5MutexEEE (libmozjs-52.so.0)
#2 0x00007fbb34fd29c5 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#3 0x00007fbb353bb77a _ZN2js23GlobalHelperThreadState4waitERNS_25AutoLockHelperThreadStateENS0_7CondVarEN7mozilla16BaseTimeDurationINS4_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#4 0x00007fbb353dbdf2 _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-52.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Stack trace of thread 5448:
#0 0x00007fbb39237e6c futex_wait_cancelable (libpthread.so.0)
#1 0x00007fbb34fd26f4 _ZN2js17ConditionVariable4waitERNS_9LockGuardINS_5MutexEEE (libmozjs-52.so.0)
#2 0x00007fbb34fd29c5 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#3 0x00007fbb353bb77a _ZN2js23GlobalHelperThreadState4waitERNS_25AutoLockHelperThreadStateENS0_7CondVarEN7mozilla16BaseTimeDurationINS4_27TimeDurationValueCalculatorEEE (libmozjs-52.so.0)
#4 0x00007fbb353dbdf2 _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-52.so.0)
#5 0x00007fbb39231f2a start_thread (libpthread.so.0)
#6 0x00007fbb39164edf __clone (libc.so.6)
Edited by Jonas Ådahl