Bug 671231 – GNOME Shell often segfaults on NetworkManager reconnect

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 671231 - GNOME Shell often segfaults on NetworkManager reconnect


Summary:	GNOME Shell often segfaults on NetworkManager reconnect


Status:	RESOLVED DUPLICATE of bug 673783

Product:	clutter
Classification:	Platform
Component:	general
Version:	1.9.x
Hardware:	Other Linux

Importance:	High critical
Target Milestone:	---
Assigned To:	clutter-maint
QA Contact:	clutter-maint

URL:
Whiteboard:

Duplicates:	673737 (view as bug list)
Depends on:
Blocks:

Reported:	2012-03-02 22:03 UTC by Dimitri
Modified:	2012-04-09 16:25 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Dimitri 2012-03-02 22:03:09 UTC

GNOME Shell segfaults when NetworkManager reconnects and the corresponding notification is about to be rendered. GNOME Shell 3.3.90, Clutter 1.9.12, Mageia Linux. That "Вы подключены к сети «XXXXXXXX connection 1»." messages mean "You are connected to «XXXXXXXX connection 1»." Can't remember GNOME Shell segfaulting after the very first connection attempt (per session) - notification is displayed OK.

Inside clutter_text_buffer_normal_insert_text, pv->normal_text_bytes is 0xffffffff.

+ Trace 229786

#0 __memmove_ssse3
from /lib/i686/libc.so.6
#1 clutter_text_buffer_normal_insert_text
at /usr/include/bits/string3.h line 58
#2 clutter_text_buffer_insert_text
at ./clutter-text-buffer.c line 682
#3 clutter_text_buffer_set_text
at ./clutter-text-buffer.c line 576
#4 clutter_text_set_markup_internal
at ./clutter-text.c line 1122
#5 clutter_text_set_markup
at ./clutter-text.c line 4783
#6 ffi_call_SYSV
from /usr/lib/libmozjs185.so.1.0
#7 ffi_call
from /usr/lib/libmozjs185.so.1.0
#8 ??
from /usr/lib/libgjs.so.0
#9 ??
from /usr/lib/libgjs.so.0
#10 ??
from /usr/lib/libmozjs185.so.1.0
#11 ??
from /usr/lib/libmozjs185.so.1.0
#12 ??
from /usr/lib/libmozjs185.so.1.0
#13 ??
from /usr/lib/libmozjs185.so.1.0
#14 ??
from /usr/lib/libmozjs185.so.1.0
#15 ??
from /usr/lib/libmozjs185.so.1.0
#16 ??
from /usr/lib/libmozjs185.so.1.0
#17 ??
from /usr/lib/libmozjs185.so.1.0
#18 ??
from /usr/lib/libmozjs185.so.1.0
#19 ??
from /usr/lib/libmozjs185.so.1.0
#20 ??
from /usr/lib/libmozjs185.so.1.0
#21 ??
from /usr/lib/libmozjs185.so.1.0
#22 ??
from /usr/lib/libmozjs185.so.1.0
#23 ??
from /usr/lib/libmozjs185.so.1.0
#24 ??
from /usr/lib/libmozjs185.so.1.0
#25 ??
from /usr/lib/libmozjs185.so.1.0
#26 ??
from /usr/lib/libmozjs185.so.1.0
#27 ??
from /usr/lib/libmozjs185.so.1.0
#28 ??
from /usr/lib/libmozjs185.so.1.0
#29 ??
from /usr/lib/libmozjs185.so.1.0
#30 ??
from /usr/lib/libmozjs185.so.1.0
#31 ??
from /usr/lib/libmozjs185.so.1.0
#32 ??
from /usr/lib/libmozjs185.so.1.0
#33 ??
from /usr/lib/libmozjs185.so.1.0
#34 ??
from /usr/lib/libmozjs185.so.1.0
#35 ??
from /usr/lib/libmozjs185.so.1.0
#36 ??
from /usr/lib/libmozjs185.so.1.0
#37 ??
from /usr/lib/libmozjs185.so.1.0
#38 ??
from /usr/lib/libmozjs185.so.1.0
#39 ??
from /usr/lib/libmozjs185.so.1.0
#40 ??
from /usr/lib/libmozjs185.so.1.0
#41 ??
from /usr/lib/libmozjs185.so.1.0
#42 ??
from /usr/lib/libmozjs185.so.1.0
#43 JS_CallFunctionValue
from /usr/lib/libmozjs185.so.1.0
#44 ??
from /usr/lib/libgjs.so.0
#45 ??
from /usr/lib/libmozjs185.so.1.0
#46 ??
from /usr/lib/libmozjs185.so.1.0
#47 g_simple_async_result_complete
from /lib/libgio-2.0.so.0
#48 ??
from /lib/libgio-2.0.so.0
#49 g_simple_async_result_complete
from /lib/libgio-2.0.so.0
#50 ??
from /lib/libgio-2.0.so.0
#51 g_simple_async_result_complete
from /lib/libgio-2.0.so.0
#52 ??
from /lib/libgio-2.0.so.0
#53 ??
from /lib/libglib-2.0.so.0
#54 g_main_context_dispatch
from /lib/libglib-2.0.so.0
#55 ??
from /lib/libglib-2.0.so.0
#56 g_main_loop_run
from /lib/libglib-2.0.so.0
#57 meta_run
from /usr/lib/libmutter.so.0
#58 main
at main.c line 352

Comment 1 Jasper St. Pierre (not reading bugmail) 2012-03-02 22:09:25 UTC

Looks to be an issue with ClutterTextBuffer, moving to Clutter.

Comment 2 Dimitri 2012-03-02 23:04:23 UTC

...and it has just segfaulted on the very first connection :)

I'm keeping coredumps, so feel free to ask for any clarifications.

Comment 3 Emmanuele Bassi (:ebassi) 2012-03-03 07:37:28 UTC

Thanks for taking the time to report this bug.
Unfortunately, that stack trace is missing some elements that will help a lot to solve the problem, so it will be hard for the developers to fix that crash. Can you get us a stack trace with debugging symbols? Please see http://live.gnome.org/GettingTraces for more information on how to do so and reopen this bug or report a new one. Thanks in advance!

Comment 4 Dimitri 2012-03-04 23:22:27 UTC

Here's the stack trace with full debug info. It looks slightly different from my initial report (unfortunately, I've lost the original core file), but it was taken at similar circumstances - GNOME Shell segfaulted when NetworkManager has just connected to 3G network. With 3G networks, two successive notifications are issued by NetworkManager applet (could this be the cause?)

+ Trace 229795

#0 __memmove_ssse3
at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S line 1283
#1 clutter_text_buffer_normal_delete_text
at /usr/include/bits/string3.h line 58
#2 clutter_text_buffer_delete_text
at ./clutter-text-buffer.c line 725
#3 clutter_text_buffer_set_text
at ./clutter-text-buffer.c line 575
#4 clutter_text_set_markup_internal
at ./clutter-text.c line 1122
#5 clutter_text_set_markup
at ./clutter-text.c line 4783
#6 ffi_call_SYSV
at src/x86/sysv.S line 64
#7 ffi_call
at src/x86/ffi.c line 303
#8 gjs_invoke_c_function
at gi/function.c line 799
#9 function_call
at gi/function.c line 1110
#10 CallJSNative
at jscntxtinlines.h line 701
#11 js::Invoke
at jsinterp.cpp line 696
#12 js::Interpret
at jsinterp.cpp line 4810
#13 js::RunScript
at jsinterp.cpp line 653
#14 js::Invoke
at jsinterp.cpp line 740
#15 js_fun_apply
at jsfun.cpp line 2205
#16 CallJSNative
at jscntxtinlines.h line 701
#17 js::Interpret
at jsinterp.cpp line 4799
#18 js::RunScript
at jsinterp.cpp line 653
#19 js::Invoke
at jsinterp.cpp line 740
#20 js_fun_apply
at jsfun.cpp line 2205
#21 CallJSNative
at jscntxtinlines.h line 701
#22 js::Interpret
at jsinterp.cpp line 4799
#23 js::RunScript
at jsinterp.cpp line 653
#24 js::Invoke
at jsinterp.cpp line 740
#25 js_fun_apply
at jsfun.cpp line 2205
#26 CallJSNative
at jscntxtinlines.h line 701
#27 js::Interpret
at jsinterp.cpp line 4799
#28 js::RunScript
at jsinterp.cpp line 653
#29 js::Invoke
at jsinterp.cpp line 740
#30 js_fun_apply
at jsfun.cpp line 2205
#31 CallJSNative
at jscntxtinlines.h line 701
#32 js::Interpret
at jsinterp.cpp line 4799
#33 js::RunScript
at jsinterp.cpp line 653
#34 js::Invoke
at jsinterp.cpp line 740
#35 js_fun_apply
at jsfun.cpp line 2205
#36 CallJSNative
#37 js::Interpret
at jsinterp.cpp line 4799
#38 js::RunScript
at jsinterp.cpp line 653
#39 js::Invoke
at jsinterp.cpp line 740
#40 js_fun_apply
at jsfun.cpp line 2205
#41 CallJSNative
at jscntxtinlines.h line 701
#42 js::Interpret
at jsinterp.cpp line 4799
#43 js::RunScript
at jsinterp.cpp line 653
#44 js::Invoke
at jsinterp.cpp line 740
#45 js::CallOrConstructBoundFunction
at jsfun.cpp line 2319
#46 CallJSNative
at jscntxtinlines.h line 701
#47 js::Interpret
at jsinterp.cpp line 4799
#48 js::RunScript
at jsinterp.cpp line 653
#49 js::Invoke
at jsinterp.cpp line 740
#50 js::ExternalInvoke
at jsinterp.cpp line 863
#51 JS_CallFunctionValue
at jsapi.cpp line 5145
#52 gjs_callback_closure
at gi/function.c line 257
#53 ffi_closure_SYSV_inner
at src/x86/ffi.c line 384
#54 ffi_closure_SYSV
at src/x86/sysv.S line 188
#55 g_simple_async_result_complete
at gsimpleasyncresult.c line 744
#56 reply_cb
at gdbusproxy.c line 2612
#57 g_simple_async_result_complete
at gsimpleasyncresult.c line 744
#58 g_dbus_connection_call_done
at gdbusconnection.c line 5300
#59 g_simple_async_result_complete
at gsimpleasyncresult.c line 744
#60 complete_in_idle_cb
at gsimpleasyncresult.c line 756
#61 g_idle_dispatch
at gmain.c line 4629
#62 g_main_dispatch
at gmain.c line 2510
#63 g_main_context_dispatch
at gmain.c line 3047
#64 g_main_context_iterate
at gmain.c line 3118
#65 g_main_context_iterate
at gmain.c line 3055
#66 g_main_loop_run
at gmain.c line 3312
#67 meta_run
at core/main.c line 555
#68 main
at main.c line 352

Comment 5 Jasper St. Pierre (not reading bugmail) 2012-04-09 15:15:24 UTC

*** Bug 673737 has been marked as a duplicate of this bug. ***

Comment 6 Emmanuele Bassi (:ebassi) 2012-04-09 15:23:37 UTC

seems like some memory corruption - probably because the input is not valid UTF-8.

Comment 7 Jasper St. Pierre (not reading bugmail) 2012-04-09 15:37:01 UTC

Dimitri: I notice you're on a Russian locale, so it's potential that this is a translator bug... right?

Alexey: are you on a foreign locale?

Comment 8 Emmanuele Bassi (:ebassi) 2012-04-09 15:45:31 UTC

alternatively: are you guys using KOI8-R instead of a UTF-8 locale?

Comment 9 Owen Taylor 2012-04-09 16:25:52 UTC

It's unlikely that invalid UTF-8 as input would get through the GMarkup parser without causing an error - and this crash like all duplicates involves clutter_text_set_markup_internal(). See bug 673783 for my patch.

*** This bug has been marked as a duplicate of bug 673783 ***