GNOME Bugzilla – Bug 782893
gnome-shell crashes when disabling Location Services
Last modified: 2017-05-26 22:57:55 UTC
This can be reproduced by the following steps: 1. Ensure org.gnome.Weather.Application locations is not set (as per default setting) 2. Disable Location Services 3. gnome-shell will crash Stacktrace
+ Trace 237501
That's a bug in the memory management of either gjs or libgweather.
valgrind snippet that could be relevant ==7302== Thread 1: ==7302== Invalid read of size 4 ==7302== at 0x40415039: gweather_location_unref (gweather-location.c:390) ==7302== by 0x716DE5A: g_boxed_free (gboxed.c:407) ==7302== by 0x55334D2: ??? (boxed.cpp:505) ==7302== by 0xCA86082: finalize (jsobjinlines.h:42) ==7302== by 0xCA86082: finalize<JSObject> (jsgc.cpp:497) ==7302== by 0xCA86082: FinalizeTypedArenas<JSObject> (jsgc.cpp:557) ==7302== by 0xCA86082: FinalizeArenas(js::FreeOp*, js::gc::ArenaHeader**, js::gc::SortedArenaList&, js::gc::AllocKind, js::SliceBudget&, js::gc::ArenaLists::KeepArenasEnum) (jsgc.cpp:600) ==7302== by 0xCAE172B: js::gc::ArenaLists::forceFinalizeNow(js::FreeOp*, js::gc::AllocKind, js::gc::ArenaLists::KeepArenasEnum, js::gc::ArenaHeader**) (jsgc.cpp:2758) ==7302== by 0xCA87360: finalizeNow (jsgc.cpp:2741) ==7302== by 0xCA87360: js::gc::ArenaLists::queueForegroundObjectsForSweep(js::FreeOp*) (jsgc.cpp:2876) ==7302== by 0xCA9CC69: js::gc::GCRuntime::beginSweepingZoneGroup() (jsgc.cpp:5069) ==7302== by 0xCA9D6EB: js::gc::GCRuntime::beginSweepPhase(bool) (jsgc.cpp:5164) ==7302== by 0xCA9F464: js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason) (jsgc.cpp:5889) ==7302== by 0xCA9FE35: js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason) (jsgc.cpp:6076) ==7302== by 0xCAA0056: js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason) (jsgc.cpp:6190) ==7302== by 0xCAA03E3: js::gc::GCRuntime::gc(JSGCInvocationKind, JS::gcreason::Reason) (jsgc.cpp:6251) ==7302== Address 0x42fd6918 is 168 bytes inside a block of size 176 free'd ==7302== at 0x4C2ED5B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7302== by 0x716DE5A: g_boxed_free (gboxed.c:407) ==7302== by 0x55334D2: ??? (boxed.cpp:505) ==7302== by 0xCA86082: finalize (jsobjinlines.h:42) ==7302== by 0xCA86082: finalize<JSObject> (jsgc.cpp:497) ==7302== by 0xCA86082: FinalizeTypedArenas<JSObject> (jsgc.cpp:557) ==7302== by 0xCA86082: FinalizeArenas(js::FreeOp*, js::gc::ArenaHeader**, js::gc::SortedArenaList&, js::gc::AllocKind, js::SliceBudget&, js::gc::ArenaLists::KeepArenasEnum) (jsgc.cpp:600) ==7302== by 0xCAE172B: js::gc::ArenaLists::forceFinalizeNow(js::FreeOp*, js::gc::AllocKind, js::gc::ArenaLists::KeepArenasEnum, js::gc::ArenaHeader**) (jsgc.cpp:2758) ==7302== by 0xCA87360: finalizeNow (jsgc.cpp:2741) ==7302== by 0xCA87360: js::gc::ArenaLists::queueForegroundObjectsForSweep(js::FreeOp*) (jsgc.cpp:2876) ==7302== by 0xCA9CC69: js::gc::GCRuntime::beginSweepingZoneGroup() (jsgc.cpp:5069) ==7302== by 0xCA9D6EB: js::gc::GCRuntime::beginSweepPhase(bool) (jsgc.cpp:5164) ==7302== by 0xCA9F464: js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason) (jsgc.cpp:5889) ==7302== by 0xCA9FE35: js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason) (jsgc.cpp:6076) ==7302== by 0xCAA0056: js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason) (jsgc.cpp:6190) ==7302== by 0xCAA03E3: js::gc::GCRuntime::gc(JSGCInvocationKind, JS::gcreason::Reason) (jsgc.cpp:6251) ==7302== Block was alloc'd at ==7302== at 0x4C2DB2F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7302== by 0x74029E8: g_malloc (gmem.c:94) ==7302== by 0x741AE22: g_slice_alloc (gslice.c:1025) ==7302== by 0x741B44D: g_slice_alloc0 (gslice.c:1051) ==7302== by 0x40415200: location_new_from_xml (gweather-location.c:138) ==7302== by 0x4041578E: location_new_from_xml (gweather-location.c:253) ==7302== by 0x404155E8: location_new_from_xml (gweather-location.c:248) ==7302== by 0x4041560F: location_new_from_xml (gweather-location.c:238) ==7302== by 0x4041555F: location_new_from_xml (gweather-location.c:233) ==7302== by 0x4041552F: location_new_from_xml (gweather-location.c:228) ==7302== by 0x40415A08: gweather_location_get_world (gweather-location.c:333) ==7302== by 0xC142E17: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==2186== Thread 1: ==2186== Invalid read of size 1 ==2186== at 0x79854C0: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24) ==2186== by 0x73EC7E8: g_str_equal (ghash.c:1848) ==2186== by 0x73EBD4F: g_hash_table_lookup_node (ghash.c:396) ==2186== by 0x73EBD4F: g_hash_table_lookup (ghash.c:1149) ==2186== by 0x4041676F: gweather_location_find_by_station_code (gweather-location.c:1149) ==2186== by 0x4040B590: gweather_info_set_location_internal (gweather-weather.c:2022) ==2186== by 0x4040F5F2: gweather_info_set_location (gweather-weather.c:2061) ==2186== by 0xC142E17: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==2186== by 0xC142879: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==2186== by 0x553AA5E: ??? (function.cpp:1021) ==2186== by 0x553C113: ??? (function.cpp:1341) ==2186== by 0xC78FCD7: CallJSNative (jscntxtinlines.h:226) ==2186== by 0xC78FCD7: js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) (Interpreter.cpp:498) ==2186== by 0xC785796: Interpret(JSContext*, js::RunState&) (Interpreter.cpp:2602) ==2186== Address 0x42756790 is 0 bytes after a block of size 32 free'd ==2186== at 0x4C2F75B: operator delete[](void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2186== by 0x22C9D343: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C9DCE0: llvm::DecodePSHUFBMask(llvm::Constant const*, llvm::SmallVectorImpl<int>&) (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C1A23F: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C1A8F8: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C5C643: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C5FCD4: llvm::X86TargetLowering::PerformDAGCombine(llvm::SDNode*, llvm::TargetLowering::DAGCombinerInfo&) const (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x21901E8C: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x2190318C: llvm::SelectionDAG::Combine(llvm::CombineLevel, llvm::AAResults&, llvm::CodeGenOpt::Level) (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x21A2A0BA: llvm::SelectionDAGISel::CodeGenAndEmitDAG() (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x21A325EA: llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x21A34268: llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== Block was alloc'd at ==2186== at 0x4C2E8BF: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2186== by 0x21468038: llvm::APInt::shlSlowCase(unsigned int) const (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C9D675: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C9DCE0: llvm::DecodePSHUFBMask(llvm::Constant const*, llvm::SmallVectorImpl<int>&) (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C1A23F: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C1A8F8: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C5C643: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x22C5FCD4: llvm::X86TargetLowering::PerformDAGCombine(llvm::SDNode*, llvm::TargetLowering::DAGCombinerInfo&) const (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x21901E8C: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x2190318C: llvm::SelectionDAG::Combine(llvm::CombineLevel, llvm::AAResults&, llvm::CodeGenOpt::Level) (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x21A2A0BA: llvm::SelectionDAGISel::CodeGenAndEmitDAG() (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186== by 0x21A325EA: llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (in /usr/lib/x86_64-linux-gnu/libLLVM-4.0.so.1) ==2186==
interestingly both this bug and bug 782458 seem to be blowing up processing data returned from 782458 gweather_location_get_world()
Quite likely a duplicate of bug 782761 then.
I can confirm that patch on that bug fixes this