Bug 754979 – gnome-shell-3.16.3 segfault on start

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 754979 - gnome-shell-3.16.3 segfault on start


Summary:	gnome-shell-3.16.3 segfault on start


Status:	RESOLVED FIXED

Product:	mutter
Classification:	Core
Component:	general
Version:	3.16.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gnome-shell-maint
QA Contact:	gnome-shell-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-09-14 06:34 UTC by Pacho Ramos
Modified:	2015-09-25 17:31 UTC

See Also:
GNOME target:	3.18
GNOME version:	---

Attachments
workaround patch for mutter (1.45 KB, patch) 2015-09-14 12:54 UTC, Alexandre Rostovtsev	rejected	Details \| Review
backend-x11: Fallback to a default keymap if getting it from X fails (1.19 KB, patch) 2015-09-21 15:28 UTC, Rui Matos	committed	Details \| Review

Description Pacho Ramos 2015-09-14 06:34:15 UTC

This is a big problem on some of the machines I handle as, for some reason, gnome-shell crashes as soon as it starts and, then, gnome 3.16 is unusable on them (while 3.14 had no problem at all).

This is reported downstream at:
https://bugs.gentoo.org/show_bug.cgi?id=560330

And other similar reports look to be:
https://bugzilla.redhat.com/show_bug.cgi?id=1154329
https://bugzilla.redhat.com/show_bug.cgi?id=1259052

The backtrace is:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/bin/gnome-shell'.
Program terminated with signal SIGSEGV, Segmentation fault.

+ Trace 235440

Thread 1 (Thread 0x7f3df1e99980 (LWP 817))

#0 xkb_keymap_ref
at /usr/src/debug/x11-libs/libxkbcommon-0.5.0/libxkbcommon-0.5.0/src/keymap.c line 59
#1 xkb_state_new
at /usr/src/debug/x11-libs/libxkbcommon-0.5.0/libxkbcommon-0.5.0/src/state.c line 582
#2 reload_modmap
at core/keybindings.c line 200
#3 on_keymap_changed
at core/keybindings.c line 885
#4 _g_closure_invoke_va
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gclosure.c line 831
#5 g_signal_emit_valist
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gsignal.c line 3214
#6 g_signal_emit_by_name
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gsignal.c line 3401
#7 keymap_changed
at backends/x11/meta-backend-x11.c line 229
#8 handle_host_xevent
at backends/x11/meta-backend-x11.c line 266
#9 x_event_source_dispatch
at backends/x11/meta-backend-x11.c line 336
#10 g_main_dispatch
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3122
#11 g_main_context_dispatch
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3737
#12 g_main_context_iterate
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3808
#13 g_main_loop_run
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 4002
#14 meta_run
at core/main.c line 437
#15 main
at main.c line 462

Comment 1 Pacho Ramos 2015-09-14 06:34:42 UTC

Other collected backtrace:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/bin/gnome-shell'.
Program terminated with signal SIGSEGV, Segmentation fault.

+ Trace 235441

Thread 1 (Thread 0x7ff0ba810980 (LWP 31770))

#0 xkb_keymap_ref
at /usr/src/debug/x11-libs/libxkbcommon-0.5.0/libxkbcommon-0.5.0/src/keymap.c line 59
#1 xkb_state_new
at /usr/src/debug/x11-libs/libxkbcommon-0.5.0/libxkbcommon-0.5.0/src/state.c line 582
#2 ??
from /usr/lib64/libmutter.so.0
#3 ??
from /usr/lib64/libmutter.so.0
#4 _g_closure_invoke_va
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gclosure.c line 831
#5 g_signal_emit_valist
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gsignal.c line 3214
#6 g_signal_emit_by_name
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gsignal.c line 3401
#7 ??
from /usr/lib64/libmutter.so.0
#8 g_main_dispatch
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3122
#9 g_main_context_dispatch
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3737
#10 g_main_context_iterate
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3808
#11 g_main_loop_run
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 4002
#12 meta_run
from /usr/lib64/libmutter.so.0
#13 main
at main.c line 462

Comment 2 Pacho Ramos 2015-09-14 06:34:58 UTC

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/bin/gnome-shell'.
Program terminated with signal SIGSEGV, Segmentation fault.

+ Trace 235442

Thread 1 (Thread 0x7f14db982980 (LWP 24439))

#0 xkb_keymap_ref
from /usr/lib64/libxkbcommon.so.0
#1 xkb_state_new
from /usr/lib64/libxkbcommon.so.0
#2 ??
from /usr/lib64/libmutter.so.0
#3 ??
from /usr/lib64/libmutter.so.0
#4 _g_closure_invoke_va
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gclosure.c line 831
#5 g_signal_emit_valist
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gsignal.c line 3214
#6 g_signal_emit_by_name
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/gobject/gsignal.c line 3401
#7 ??
from /usr/lib64/libmutter.so.0
#8 g_main_dispatch
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3122
#9 g_main_context_dispatch
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3737
#10 g_main_context_iterate
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 3808
#11 g_main_loop_run
at /usr/src/debug/dev-libs/glib-2.44.1/glib-2.44.1/glib/gmain.c line 4002
#12 meta_run
from /usr/lib64/libmutter.so.0
#13 main
at main.c line 462

Comment 3 Alexandre Rostovtsev 2015-09-14 12:54:55 UTC

Created attachment 311275 [details] [review]
workaround patch for mutter

Pacho saw the following in the logs:

> sep 14 10:53:25 optiplex760 gnome-session[31409]: xkbcommon: ERROR:
> xkb_x11_keymap_new_from_device: illegal device ID: -1

Which explains the direct cause of the crash: xkb_x11_keymap_new_from_device() returns NULL, so meta_backend_get_keymap() will return NULL, and attempting to use a NULL keymap in most xkb_* function leads to a segfault.

The mysteries are
(1) why would xkb_x11_get_core_keyboard_device_id() return -1; and
(2) what any of this has to do with mozjs or gnome-shell proper (Pacho states that he can prevent the segfault by recompiling mozjs with -fno-stack-protector in CFLAGS).

In any case, the attached patch for mutter should in theory at least prevent the immediate cause of the segfault.

Comment 4 Pacho Ramos 2015-09-14 13:13:40 UTC

(In reply to Alexandre Rostovtsev from comment #3)
[...]
> (2) what any of this has to do with mozjs or gnome-shell proper (Pacho
> states that he can prevent the segfault by recompiling mozjs with
> -fno-stack-protector in CFLAGS).
> 

It's the other order:
- spidermonkey-24.2.0 compiled with -fno-stack-protector -> crash happens
- spidermonkey-24.2.0 compiled with stack-protector -> gnome-shell works ok

> In any case, the attached patch for mutter should in theory at least prevent
> the immediate cause of the segfault.

Sadly with the patch it still segfaults :(

Comment 5 Rui Matos 2015-09-21 15:28:52 UTC

Created attachment 311768 [details] [review]
backend-x11: Fallback to a default keymap if getting it from X fails

This shouldn't fail but apparently sometimes it does and in that case
having a possibly wrong idea of the keymap is still better than
crashing.

Comment 6 Rui Matos 2015-09-21 15:33:59 UTC

Review of attachment 311275 [details] [review]:

Thanks for the diagnostic but I'd rather use a dummy keymap than doing this and possibly hitting issues further down the line because something isn't properly initialized.

Comment 7 Rui Matos 2015-09-25 17:31:50 UTC

Attachment 311768 [details] pushed as 9abc071 - backend-x11: Fallback to a default keymap if getting it from X fails