Ubuntu
gnome-shell package

JS ERROR: TypeError: malformed UTF-8 character sequence at offset 0 and segfault in _filterKeybinding:windowManager.js:1825 from invoke_handler() from process_event() from process_special_modifier_key()

Bug #1851528 reported by Marius Gedminas on 2019-11-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gnome-shell (Ubuntu)	Expired	High	Unassigned

Bug Description

I was trying to bring my Firefox window to front by pressing Super+2 (it's my second pinned launcher), and gnome-shell crashed.

journalctl shows this:

lapkr. 06 16:38:58 blynas gnome-shell[3417]: JS ERROR: TypeError: malformed UTF-8 character sequence at offset 0
_filterKeybinding@resource:///org/gnome/shell/ui/windowManager.js:1825:43
lapkr. 06 16:38:58 blynas gnome-shell[3417]: GNOME Shell crashed with signal 11
lapkr. 06 16:38:58 blynas gnome-shell[3417]: == Stack trace for context 0x56068fb2e3e0 ==

I have a crash dump in /var/crash/, but apport thinks it's unreportable because my rygel was out of date.

Tags:

Revision history for this message

Marius Gedminas (mgedmin) wrote on 2019-11-06:

Download full text (4.4 KiB)

apport-retrace --gdb --sandbox system --cache ~/.cache/apport-retrace /var/crash/_usr_bin_gnome-shell.1000.crash

...

Program terminated with signal SIGSEGV, Segmentation fault.
#0 __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Toks failas ar aplankas neegzistuoja.
[Current thread is 1 (Thread 0x7f5c91796cc0 (LWP 3417))]
(gdb) bt
#0 __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x000056068ef0852a in dump_gjs_stack_on_signal_handler ()
#2 <signal handler called>
#3 0x00005606b18aca40 in ?? ()
#4 0x00007f5c971a9f11 in invoke_handler (binding=0x56069dc351c0, event=0x5606b4c878c0, window=0x56069dc351c0, handler=<optimized out>,
    display=0x5606900e0020) at ../src/core/keybindings.c:1921
#5 process_event (display=display@entry=0x5606900e0020, window=window@entry=0x56069e5ad220, event=event@entry=0x5606b4c878c0)
    at ../src/core/keybindings.c:2005
#6 0x00007f5c971ab83e in process_special_modifier_key (display=display@entry=0x5606900e0020, event=event@entry=0x5606b4c878c0,
    window=window@entry=0x56069e5ad220, modifier_press_only=modifier_press_only@entry=0x5606900e01a8,
    resolved_key_combo=resolved_key_combo@entry=0x5606900e0198, trigger_callback=0x7f5c971a5100 <meta_display_overlay_key_activate>)
    at ../src/core/keybindings.c:2051
#7 0x00007f5c971ac976 in process_overlay_key (window=0x56069e5ad220, event=0x5606b4c878c0, display=0x5606900e0020)
    at ../src/core/keybindings.c:2151
#8 process_key_event (event=0x5606b4c878c0, window=0x56069e5ad220, display=0x5606900e0020) at ../src/core/keybindings.c:2228
#9 meta_keybindings_process_event (display=display@entry=0x5606900e0020, window=window@entry=0x56069e5ad220,
    event=event@entry=0x5606b4c878c0) at ../src/core/keybindings.c:2326
#10 0x00007f5c971a801c in meta_display_handle_event (event=0x5606b4c878c0, display=0x5606900e0020) at ../src/core/events.c:358
#11 event_callback (event=0x5606b4c878c0, data=0x5606900e0020) at ../src/core/events.c:479
#12 0x00007f5c97368235 in _clutter_event_process_filters ()
   from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/mutter-5/libmutter-clutter-5.so.0
#13 0x00007f5c9737e585 in emit_keyboard_event ()
   from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/mutter-5/libmutter-clutter-5.so.0
#14 0x00007f5c9721c0e0 in meta_input_device_native_process_kbd_a11y_event (event=0x5606b4c878c0, device=0x56068fd782b0,
    emit_event_func=0x7f5c9737e570 <emit_keyboard_event>) at ../src/backends/native/meta-input-device-native.c:1195
#15 0x00007f5c9737fa36 in _clutter_process_event ()
   from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/mutter-5/libmutter-clutter-5.so.0
#16 0x00007f5c97399d08 in _clutter_stage_queue_event ()
   from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/mutter-5/libmutter-clutter-5.so.0
#17 0x00007f5c9721901c in meta_event_dispatch (g_source=<optimized out>, callback=<optimized out>, user_data=<optimized out>)
    at ../src/backends/native/meta-device-manager-native.c:686
#18 0x00007f5c97cf984d in g_main_context_dispatch () from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/libglib-2.0.s...

apport-retrace --gdb --sandbox system --cache ~/.cache/apport-retrace /var/crash/_usr_bin_gnome-shell.1000.crash

...

Program terminated with signal SIGSEGV, Segmentation fault.
#0  __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: Toks failas ar aplankas neegzistuoja.
[Current thread is 1 (Thread 0x7f5c91796cc0 (LWP 3417))]
(gdb) bt
#0  __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x000056068ef0852a in dump_gjs_stack_on_signal_handler ()
#2  <signal handler called>
#3  0x00005606b18aca40 in ?? ()
#4  0x00007f5c971a9f11 in invoke_handler (binding=0x56069dc351c0, event=0x5606b4c878c0, window=0x56069dc351c0, handler=<optimized out>, 
    display=0x5606900e0020) at ../src/core/keybindings.c:1921
#5  process_event (display=display@entry=0x5606900e0020, window=window@entry=0x56069e5ad220, event=event@entry=0x5606b4c878c0)
    at ../src/core/keybindings.c:2005
#6  0x00007f5c971ab83e in process_special_modifier_key (display=display@entry=0x5606900e0020, event=event@entry=0x5606b4c878c0, 
    window=window@entry=0x56069e5ad220, modifier_press_only=modifier_press_only@entry=0x5606900e01a8, 
    resolved_key_combo=resolved_key_combo@entry=0x5606900e0198, trigger_callback=0x7f5c971a5100 <meta_display_overlay_key_activate>)
    at ../src/core/keybindings.c:2051
#7  0x00007f5c971ac976 in process_overlay_key (window=0x56069e5ad220, event=0x5606b4c878c0, display=0x5606900e0020)
    at ../src/core/keybindings.c:2151
#8  process_key_event (event=0x5606b4c878c0, window=0x56069e5ad220, display=0x5606900e0020) at ../src/core/keybindings.c:2228
#9  meta_keybindings_process_event (display=display@entry=0x5606900e0020, window=window@entry=0x56069e5ad220, 
    event=event@entry=0x5606b4c878c0) at ../src/core/keybindings.c:2326
#10 0x00007f5c971a801c in meta_display_handle_event (event=0x5606b4c878c0, display=0x5606900e0020) at ../src/core/events.c:358
#11 event_callback (event=0x5606b4c878c0, data=0x5606900e0020) at ../src/core/events.c:479
#12 0x00007f5c97368235 in _clutter_event_process_filters ()
   from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/mutter-5/libmutter-clutter-5.so.0
#13 0x00007f5c9737e585 in emit_keyboard_event ()
   from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/mutter-5/libmutter-clutter-5.so.0
#14 0x00007f5c9721c0e0 in meta_input_device_native_process_kbd_a11y_event (event=0x5606b4c878c0, device=0x56068fd782b0, 
    emit_event_func=0x7f5c9737e570 <emit_keyboard_event>) at ../src/backends/native/meta-input-device-native.c:1195
#15 0x00007f5c9737fa36 in _clutter_process_event ()
   from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/mutter-5/libmutter-clutter-5.so.0
#16 0x00007f5c97399d08 in _clutter_stage_queue_event ()
   from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/mutter-5/libmutter-clutter-5.so.0
#17 0x00007f5c9721901c in meta_event_dispatch (g_source=<optimized out>, callback=<optimized out>, user_data=<optimized out>)
    at ../src/backends/native/meta-device-manager-native.c:686
#18 0x00007f5c97cf984d in g_main_context_dispatch () from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6200.1
#19 0x00007f5c97cf9ad0 in g_main_context_iterate.isra () from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6200.1
#20 0x00007f5c97cf9dc3 in g_main_loop_run () from /tmp/apport_sandbox_6sb0y3pp/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6200.1
#21 0x00007f5c971aefe0 in meta_run () at ../src/core/main.c:676
#22 0x000056068ef07d85 in main ()
(gdb) frame 4
#4  0x00007f5c971a9f11 in invoke_handler (binding=0x56069dc351c0, event=0x5606b4c878c0, window=0x56069dc351c0, handler=<optimized out>, 
    display=0x5606900e0020) at ../src/core/keybindings.c:1921
1921	../src/core/keybindings.c: Toks failas ar aplankas neegzistuoja.
(gdb) print *binding->handler
$1 = {name = 0x5606b49e5e80 "", func = 0x5606b18aca40, default_func = 0x7f5c5b333f10, data = 0, flags = 0, user_data = 0x5606b10c4e30, 
  user_data_free_func = 0x7f5c97487c60}
(gdb) print *binding
$2 = {name = 0x5606b49d15d0 "\220T\241\234\006V", combo = {keysym = 50, keycode = 0, modifiers = META_VIRTUAL_SUPER_MASK}, 
  resolved_combo = {keycodes = 0x5606a0c44d70, len = 1, mask = 64}, flags = 0, handler = 0x5606b37830b0}

#gnome-shell reactions on IRC:

18:34 <jadahl> looks suspicious
18:35 <jadahl> its as if the looked up binding was freed already and now just contains garbage

Revision history for this message

Marius Gedminas (mgedmin) wrote on 2019-11-06:

The JS traceback points to this line:
https://gitlab.gnome.org/GNOME/gnome-shell/blob/3913fa5044b2cd1d5abadc9b4254d06215491458/js/ui/windowManager.js#L1771

(GitLab commit doesn't match gnome-shell from Ubuntu 19.10, sorry! I didn't have the time to go hunt for the exact commit that corresponds to the package, instead I extracted the source file with gresource extract /usr/lib/gnome-shell/libgnome-shell.so /org/gnome/shell/ui/windowManager.js, looked up the line, then found the same code in the same function in the current gitlab tree.)

The column points to the `binding.get_name()` call.

Revision history for this message

Marius Gedminas (mgedmin) wrote on 2019-11-06:

Upstream bug report: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1870

Sebastien Bacher (seb128) on 2019-11-11

Changed in gnome-shell (Ubuntu):
importance:	Undecided → High
status:	New → Triaged

Bug Watch Updater (bug-watch-updater) on 2019-11-12

Changed in gnome-shell:
status:	Unknown → New

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2019-12-05:

Are you able to fully update the machine, reproduce the crash and create a fresh report? That might be easier to debug.

tags:	added: eoan
summary:	JS ERROR: TypeError: malformed UTF-8 character sequence at offset 0 and - segfault + segfault in _filterKeybinding:windowManager.js:1825 from + invoke_handler() from process_event() from + process_special_modifier_key()

Revision history for this message

Marius Gedminas (mgedmin) wrote on 2019-12-08:

Unfortunately I was unable to reproduce the bug.

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2019-12-09:

OK, incomplete then. I have detached https://gitlab.gnome.org/GNOME/gnome-shell/issues/1870 so that the bug can expire if there is still no news in 60 days.

Changed in gnome-shell (Ubuntu):
status:	Triaged → Incomplete
affects:	gnome-shell → ubuntu
Changed in ubuntu:
importance:	Unknown → Undecided
no longer affects:	ubuntu

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-02-07:

[Expired for gnome-shell (Ubuntu) because there has been no activity for 60 days.]

Changed in gnome-shell (Ubuntu):
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntugnome-shell package

JS ERROR: TypeError: malformed UTF-8 character sequence at offset 0 and segfault in _filterKeybinding:windowManager.js:1825 from invoke_handler() from process_event() from process_special_modifier_key()

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
gnome-shell package