Ubuntu
gnome-shell package

gnome-shell crashed with SIGSEGV in clutter_actor_remove_effect() from st_scroll_view_dispose() from g_object_unref() from GjsAutoPointer() from GjsAutoPointer()

Bug #2016217 reported by errors.ubuntu.com bug bridge
70
This bug affects 6 people
Affects Status Importance Assigned to Milestone
GNOME Shell
Fix Released
Unknown
gnome-shell (Fedora)
Confirmed
Undecided
gnome-shell (Ubuntu)
Fix Committed
High
Unassigned
gnome-shell-extension-ubuntu-dock (Ubuntu)
Won't Fix
High
Unassigned

Bug Description

The Ubuntu Error Tracker has been receiving reports about a problem regarding gnome-shell. This problem was most recently seen with package version 44.0-2ubuntu3, the problem page at https://errors.ubuntu.com/problem/677a794c2788cd0244c8fc6d7d34780a85127bc9 contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/.

#0 0x00007f3aa429dd82 in clutter_actor_remove_effect (self=self@entry=0x55d60fa59e90, effect=0x55d6101c48a0) at ../clutter/clutter/clutter-actor.c:14830
        __inst = 0x55d6101c48a0
        __t = 94377826055744
        __r = <optimized out>
        _g_boolean_var_274 = <optimized out>
        __func__ = "clutter_actor_remove_effect"
#1 0x00007f3aa3f9d27f in st_scroll_view_dispose (object=0x55d60fa59e90) at ../src/st/st-scroll-view.c:246
        priv = 0x55d60fa59a00
#2 0x00007f3aa4aeada0 in g_object_unref (_object=0x55d60fa59e90) at ../../../gobject/gobject.c:3891
        _pp = <optimized out>
        gaig_temp = <optimized out>
        gaig_temp = <optimized out>
        weak_locations = <optimized out>
        nqueue = 0x55d60fa6da60
        _ptr = <optimized out>
        object = 0x55d60fa59e90
        old_ref = <optimized out>
        retry_atomic_decrement1 = <optimized out>
        __func__ = "g_object_unref"
#3 0x00007f3aa43b4b2c in GjsAutoPointer<_GObject, void, &g_object_unref, &g_object_ref>::reset (ptr=0x0, this=<optimized out>) at ../gjs/jsapi-util.h:229
        old_ptr = <optimized out>
#4 GjsAutoPointer<_GObject, void, &g_object_unref, &g_object_ref>::~GjsAutoPointer (this=<optimized out>, this=<optimized out>) at ../gjs/jsapi-util.h:172
No locals.
#5 GjsSmartPointer<_GObject>::~GjsSmartPointer (this=<optimized out>, this=<optimized out>) at ../gjs/jsapi-util.h:349
No locals.
#6 ObjectInstance::release_native_object (this=0x55d60fa0ce80) at /usr/src/gjs-1.76.0-1/obj-x86_64-linux-gnu/../gi/object.cpp:1524
No locals.
#7 ObjectInstance::release_native_object (this=0x55d60fa0ce80) at /usr/src/gjs-1.76.0-1/obj-x86_64-linux-gnu/../gi/object.cpp:1500
No locals.
#8 0x00007f3aa43c9ec0 in ObjectInstance::~ObjectInstance (this=<optimized out>, this=<optimized out>) at /usr/src/gjs-1.76.0-1/obj-x86_64-linux-gnu/../gi/object.cpp:1945
        was_using_toggle_refs = false
        had_toggle_up = false
        had_toggle_down = <optimized out>
        had_toggle_up = <optimized out>
        had_toggle_down = <optimized out>
        was_using_toggle_refs = <optimized out>
#9 GIWrapperInstance<ObjectBase, ObjectPrototype, ObjectInstance, _GObject>::finalize_impl (this=0x55d60fa0ce80) at ../gi/wrapperutils.h:1113
No locals.
#10 ObjectInstance::finalize_impl (gcx=<optimized out>, obj=0x35b1abd24820, this=0x55d60fa0ce80) at /usr/src/gjs-1.76.0-1/obj-x86_64-linux-gnu/../gi/object.cpp:1912
        query = {type = 94377830362416, type_name = 0x7f3aa3fdcda6 "StScrollView", class_size = 664, instance_size = 48}
        query = <optimized out>
        _g_boolean_var_74 = <optimized out>
#11 GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::finalize (gcx=<optimized out>, obj=0x35b1abd24820) at ../gi/wrapperutils.h:411
        priv = 0x55d60fa0ce80

See original description
Daniel van Vugt (vanvugt)
summary: - /usr/bin/gnome-
- shell:11:clutter_actor_remove_effect:st_scroll_view_dispose:g_object_unref:GjsAutoPointer:GjsAutoPointer
+ gnome-shell crashed with SIGSEGV in clutter_actor_remove_effect() from
+ st_scroll_view_dispose() from g_object_unref() from GjsAutoPointer()
+ from GjsAutoPointer()
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Looks closest to https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6521

description: updated
Bug Watch Updater (bug-watch-updater)
Changed in gnome-shell:
status: Unknown → New
Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :
Download full text (3.9 KiB)

Description of problem:
Total crash of the system. Thi appened instantly after a mouse press/key press to wake up my PC after a very short inactivity.

Version-Release number of selected component:
gnome-shell-44.0-4.fc38

Additional info:
reporter: libreport-2.17.9
type: CCpp
reason: gnome-shell killed by SIGSEGV
journald_cursor: s=6b015dd413ce4f6a80ab6f7cb684f9a9;i=623f2;b=31fdfa8f8f9047aca13bbef8d441260b;m=10467daf0;t=5fa11740d2238;x=ca7a1286f1f332a
executable: /usr/bin/gnome-shell
cmdline: /usr/bin/gnome-shell
cgroup: 0::/user.slice/user-1000.slice/user@<email address hidden>
rootdir: /
uid: 1000
kernel: 6.2.11-300.fc38.x86_64
package: gnome-shell-44.0-4.fc38
runlevel: N 5
backtrace_rating: 4
crash_function: clutter_actor_remove_effect
comment: Total crash of the system. Thi appened instantly after a mouse press/key press to wake up my PC after a very short inactivity.

Truncated backtrace:
Thread no. 0 (29 frames)
 #0 clutter_actor_remove_effect at ../clutter/clutter/clutter-actor.c:14830
 #2 st_scroll_view_dispose at ../src/st/st-scroll-view.c:246
 #4 GjsAutoPointer<_GObject, void, &g_object_unref, &g_object_ref>::reset at ../gjs/jsapi-util.h:229
 #5 GjsAutoPointer<_GObject, void, &g_object_unref, &g_object_ref>::~GjsAutoPointer at ../gjs/jsapi-util.h:172
 #6 GjsSmartPointer<_GObject>::~GjsSmartPointer at ../gjs/jsapi-util.h:349
 #7 ObjectInstance::release_native_object at ../gi/object.cpp:1524
 #9 ObjectInstance::~ObjectInstance at ../gi/object.cpp:1945
 #10 GIWrapperInstance<ObjectBase, ObjectPrototype, ObjectInstance, _GObject>::finalize_impl at ../gi/wrapperutils.h:1113
 #11 ObjectInstance::finalize_impl at ../gi/object.cpp:1912
 #12 GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::finalize at ../gi/wrapperutils.h:411
 #13 JSClass::doFinalize at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/dist/include/js/Class.h:649
 #14 JSObject::finalize at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/vm/JSObject-inl.h:97
 #15 js::gc::Arena::finalize<JSObject> at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Sweeping.cpp:128
 #16 FinalizeTypedArenas<JSObject> at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Sweeping.cpp:194
 #18 js::gc::GCRuntime::finalizeAllocKind at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Sweeping.cpp:1894
 #19 sweepaction::SweepActionForEach<ContainerIter<mozilla::EnumSet<js::gc::AllocKind, unsigned long> >, mozilla::EnumSet<js::gc::AllocKind, unsigned long> >::run at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Sweeping.cpp:2120
 #20 sweepaction::SweepActionSequence::run at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Sweeping.cpp:2085
 #21 sweepaction::SweepActionForEach<js::gc::SweepGroupZonesIter, JSRuntime*>::run at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Sweeping.cpp:2120
 #22 sweepaction::SweepActionSequence::run at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Sweeping.cpp:2085
 #23 sweepaction::SweepActionForEach<js::gc::SweepGroupsIter, JSRuntime*>::run at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Sweeping.cpp:2120
 #24 js::gc::GCRuntime:...

Read more...

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959493
File: proc_pid_status

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959494
File: maps

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959495
File: limits

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959496
File: environ

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959497
File: open_fds

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959498
File: mountinfo

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959499
File: os_info

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959500
File: cpuinfo

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959501
File: core_backtrace

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959502
File: exploitable

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959503
File: dso_list

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959504
File: var_log_messages

Revision history for this message
In , mattia.trabucco (mattia.trabucco-redhat-bugs) wrote :

Created attachment 1959505
File: backtrace

Revision history for this message
In , matkaz1003 (matkaz1003-redhat-bugs) wrote :

I had YouTube opened in Firefox and BT headphones connected. Then I locked the screen. After a few seconds, the headphones disconnected. My laptop got suspended. After resuming, I learned that gnome-shell crashed.

reporter: libreport-2.17.9
type: CCpp
reason: gnome-shell killed by SIGSEGV
journald_cursor: s=a598689ac7cb48e393ee9f11ca7a190c;i=11a50;b=82fab4c1940e4f9185f4b440f65ec9fd;m=1d784099a;t=5fb4584004951;x=2f30e48c9db1b666
executable: /usr/bin/gnome-shell
cmdline: /usr/bin/gnome-shell
cgroup: 0::/user.slice/user-1000.slice/user@<email address hidden>
rootdir: /
uid: 1000
kernel: 6.2.13-300.fc38.x86_64
package: gnome-shell-44.1-1.fc38
runlevel: N 5
backtrace_rating: 4
crash_function: clutter_actor_remove_effect
comment: I had YouTube opened in Firefox and BT headphones connected. Then I locked the screen. After a few seconds, the headphones disconnected. My laptop got suspended. After resuming, I learned that gnome-shell crashed.

Revision history for this message
In , esimopoulo (esimopoulo-redhat-bugs) wrote :

Just closed the lid to get the laptop on standby mode. When opening the lid and logging in to the OS, got the error straight away.

reporter: libreport-2.17.10
type: CCpp
reason: gnome-shell killed by SIGSEGV
journald_cursor: s=c8b16bdd19ea4065be0989242ddaa9cf;i=c0e36;b=a7a39c975491422e90251f4df56fddee;m=70791b9a;t=5ff1e39c03bda;x=9d334fd69aa39dd5
executable: /usr/bin/gnome-shell
cmdline: /usr/bin/gnome-shell
cgroup: 0::/user.slice/user-1000.slice/user@<email address hidden>
rootdir: /
uid: 1000
kernel: 6.3.8-200.fc38.x86_64
package: gnome-shell-44.2-1.fc38
runlevel: N 5
backtrace_rating: 4
crash_function: clutter_actor_remove_effect
comment: Just closed the lid to get the laptop on standby mode. When opening the lid and logging in to the OS, got the error straight away.

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Bumped to High, just because this is the top gnome-shell crasher for lunar.

affects: gnome-shell (Ubuntu) → gnome-shell-extension-appindicator (Ubuntu)
no longer affects: gnome-shell-extension-appindicator (Ubuntu)
Changed in gnome-shell-extension-ubuntu-dock (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gnome-shell:
status: New → Fix Released
Daniel van Vugt (vanvugt)
tags: added: mantic
Revision history for this message
In , conradjhaupt+redhat (conradjhaupt+redhat-redhat-bugs) wrote :

I closed my laptop screen, then re-opened it soon afterwards.

reporter: libreport-2.17.11
type: CCpp
reason: gnome-shell killed by SIGSEGV
journald_cursor: s=af365208a8164ea5ad1214ce15f6445b;i=2a7d4;b=8b996a4b926f4b4d885fe0da5d690416;m=f613bf5f;t=60483f04efaee;x=7993a8b018b5afed
executable: /usr/bin/gnome-shell
cmdline: /usr/bin/gnome-shell
cgroup: 0::/user.slice/user-1000.slice/user@<email address hidden>
rootdir: /
uid: 1000
kernel: 6.4.13-200.fc38.x86_64
package: gnome-shell-44.4-1.fc38
runlevel: N 5
backtrace_rating: 4
crash_function: clutter_actor_remove_effect
comment: I closed my laptop screen, then re-opened it soon afterwards.

Revision history for this message
Marcos Alano (mhalano) wrote :

I'm getting this problem on Mantic with GNOME Shell 45 RC. There is a way to produce debug information to confirm the problem?

Revision history for this message
Marcos Alano (mhalano) wrote :

Here it's my crash ID: a0a547e0-4eb2-11ee-b3a4-fa163e55efd0. I couldn't open a bug for it because I was running on a VM and for some reason the Firefox wasn't responsive at that moment, but the problem is a crash on Wayland after back from entering the stand by mode under unknown circumstances.

Daniel van Vugt (vanvugt)
no longer affects: gnome-shell
Revision history for this message
In , padamstx (padamstx-redhat-bugs) wrote :

I've encountered this problem while simply trying to lock the screen. I click the screen lock icon in the system menu (upper-right of my laptop screen), and then poof, I'm completely logged out and end up back at the login screen. I'm running Fedoar 38 with Gnome and Wayland in case that matters.

Revision history for this message
Roland (Rolandixor) Taylor (rolandixor) wrote :

Confirmed on bare metal, running 23.10, on a MSI GE 76 Raider 11UE.

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Upstream fix proposed in: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2974

Changed in gnome-shell (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Bug Watch Updater (bug-watch-updater)
Changed in gnome-shell (Fedora):
importance: Unknown → Undecided
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gnome-shell:
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in gnome-shell:
status: New → Fix Released
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Ignore that the upstream bugs are closed prematurely. A fix is still on the way:
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2974

Changed in gnome-shell:
status: Fix Released → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in gnome-shell:
status: Unknown → Fix Released
Daniel van Vugt (vanvugt)
Changed in gnome-shell (Ubuntu):
status: Confirmed → Fix Committed
Changed in gnome-shell-extension-ubuntu-dock (Ubuntu):
status: Confirmed → Won't Fix
tags: added: fixed-in-gnome-shell-45.1 fixed-upstream
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Also tracking in https://errors.ubuntu.com/problem/b3b9287ceddb6c240bd1503530c0cbe8b4448cab

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.