Hello Guenter Grodotzki,
I just tried to help triage that issue.
For some reason you just added the segfault line.
I assume there was one line following starting with "Code:".
Please add that line too when submitting bugs.
As this information is still kind of small, you might consider
to install a coredump collector like systemd-coredump.
That way you could list crashes of the current boot by:
coredumpctl list
And some more information is entered into journal that would
help a lot to triage such crashes ("Stack trace of thread...".
journalctl --no-pager
Even better would be if you could install the debug symbol
packages e.g. gnome-shell-dbgsym like described in [1].
Then following commands should print a backtrace
with source line information.
Nevertheless, I tried if that little information brings
us somewhere and I think it leads into function
shell_app_dispose. There, I assume, we reach line 1485,
unfortunately dereferencing a null pointer
in app->running_state->windows.
There are some upstream bugs [2], which point to that line.
Unfortunately it looks like there is no fix yet commited.
But, if I am right, something like this could
help already (untested)?
while (app->running_state)
- _shell_app_remove_window (app, app->running_state->windows->data);
+ if (app->running_state->windows) _shell_app_remove_window (app,
app->running_state->windows->data);
/* We should have been transitioned when we removed all of our windows */
Kind regards,
Bernhard
[1] https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols
[2] https://gitlab.gnome.org/GNOME/gnome-shell/issues/590
https://gitlab.gnome.org/GNOME/gnome-shell/issues/766
https://gitlab.gnome.org/GNOME/gnome-shell/issues/750
https://gitlab.gnome.org/GNOME/gnome-shell/issues/918
https://gitlab.gnome.org/GNOME/gnome-shell/issues/822
https://bugzilla.redhat.com/show_bug.cgi?id=1654420#c22
(gdb) list shell-app.c:1477,1492
1477 static void
1478 shell_app_dispose (GObject *object)
1479 {
1480 ShellApp *app = SHELL_APP (object);
1481
1482 g_clear_object (&app->info);
1483
1484 while (app->running_state)
1485 _shell_app_remove_window (app, app->running_state->windows->data);
1486
1487 /* We should have been transitioned when we removed all of our
windows */
1488 g_assert (app->state == SHELL_APP_STATE_STOPPED);
1489 g_assert (app->running_state == NULL);
1490
1491 G_OBJECT_CLASS(shell_app_parent_class)->dispose (object);
1492 }
# Buster amd64 qemu VM 2019-04-05
apt update
apt dist-upgrade
apt install dpkg-dev devscripts systemd-coredump bc xserver-xorg dbus-x11 gdm3
gnome gdb elfutils binutils gnome-shell-dbgsym
systemctl start gdm3
mkdir /home/benutzer/source/gnome-shell/orig -p
cd /home/benutzer/source/gnome-shell/orig
apt source gnome-shell
cd
############
# From submitter
[39719.061358] gnome-shell[1279]: segfault at 0 ip 00007fd4fa6ae3bf sp
00007ffcf4dbaea0 error 4 in libgnome-shell.so[7fd4fa6a6000+1f000]
https://www.enodev.fr/posts/decode-segfault-errors-in-dmesg.html
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/mm/fault.c?h=linux-4.9.y#n31
/*
* Page fault error code bits:
*
* bit 0 ==<-> 0: no page found<----->1: protection fault
* bit 1 ==<-> 0: read access><------>1: write access
* bit 2 ==<-> 0: kernel-mode access<>1: user-mode access
* bit 3 ==<-><------><------><------>1: use of reserved bit detected
* bit 4 ==<-><------><------><------>1: fault was an instruction fetch
* bit 5 ==<-><------><------><------>1: protection keys block access
*/
enum x86_pf_error_code {
<------>PF_PROT><------>=<-----><------>1 << 0,
<------>PF_WRITE<------>=<-----><------>1 << 1,
<------>PF_USER><------>=<-----><------>1 << 2,
<------>PF_RSVD><------>=<-----><------>1 << 3,
<------>PF_INSTR<------>=<-----><------>1 << 4,
<------>PF_PK<-><------>=<-----><------>1 << 5,
};
"error 4" == 0b100
bit 0 ==<------> 0: no page found
bit 1 ==<------> 0: read access
bit 2 ==<------> 1: user-mode access
############
# From submitter
[39719.061358] gnome-shell[1279]: segfault at 0 ip 00007fd4fa6ae3bf sp
00007ffcf4dbaea0 error 4 in libgnome-shell.so[7fd4fa6a6000+1f000]
crash instruction - start .init == diff
0x00007fd4fa6ae3bf - 0x7fd4fa6a6000 == 0x83BF
benutzer@debian:~$ gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'info
share' -ex 'info target' -ex 'detach' -ex 'quit' --pid $(pidof gnome-shell)
2>&1 | grep libgnome-shell.so
0x00007f2482ab2f10 0x00007f2482acd22e Yes
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482a98238 - 0x00007f2482a9825c is .note.gnu.build-id in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482a98260 - 0x00007f2482a99004 is .gnu.hash in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482a99008 - 0x00007f2482a9fd40 is .dynsym in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482a9fd40 - 0x00007f2482aa7075 is .dynstr in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482aa7076 - 0x00007f2482aa7990 is .gnu.version in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482aa7990 - 0x00007f2482aa7a50 is .gnu.version_r in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482aa7a50 - 0x00007f2482aa87d0 is .rela.dyn in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482aa87d0 - 0x00007f2482aae5c0 is .rela.plt in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482aaf000 - 0x00007f2482aaf017 is .init in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482aaf020 - 0x00007f2482ab2ed0 is .plt in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482ab2ed0 - 0x00007f2482ab2f08 is .plt.got in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482ab2f10 - 0x00007f2482acd22e is .text in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482acd230 - 0x00007f2482acd239 is .fini in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482ace000 - 0x00007f2482ad2b29 is .rodata in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482ad2b30 - 0x00007f2482cd47d8 is
.gresource.shell_js_resources in /usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482cd47d8 - 0x00007f2482cd5c94 is .eh_frame_hdr in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482cd5c98 - 0x00007f2482cdd908 is .eh_frame in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482cdf200 - 0x00007f2482cdf210 is .init_array in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482cdf210 - 0x00007f2482cdf220 is .fini_array in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482cdf220 - 0x00007f2482cdfbf0 is .data.rel.ro in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482cdfbf0 - 0x00007f2482cdffa0 is .dynamic in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482cdffa0 - 0x00007f2482ce1fe8 is .got in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482ce2000 - 0x00007f2482ce20e0 is .data in
/usr/lib/gnome-shell/libgnome-shell.so
0x00007f2482ce20e0 - 0x00007f2482ce24b8 is .bss in
/usr/lib/gnome-shell/libgnome-shell.so
current start .init + diff == current ip
0x00007f2482aaf000 + 0x83BF == 0x7F2482AB73BF
benutzer@debian:~$ gdb -q -ex 'set width 0' -ex 'set pagination off' -ex
'disassemble 0x00007f2482ab2f10,0x00007f2482acd22e' -ex 'b *0x7F2482AB73BF' -ex
'detach' -ex 'quit' --pid $(pidof gnome-shell) 2>&1 | grep -i "7F2482AB73BF"
0x00007f2482ab73bf <shell_app_dispose+63>: mov (%rax),%rsi
Breakpoint 1 at 0x7f2482ab73bf: file ../src/shell-app.c, line 1485.
############
# From submitter
[39719.061358] gnome-shell[1279]: segfault at 0 ip 00007fd4fa6ae3bf sp
00007ffcf4dbaea0 error 4 in libgnome-shell.so[7fd4fa6a6000+1f000]
start .text - start .init
= offset
benutzer@debian:~$ printf "0x%x\\n" $(( 0x00007f2482ab2f10 -
0x00007f2482aaf000))
0x3f10
ip - start .init -
offset
benutzer@debian:~$ printf "0x%x\\n" $(( 0x00007fd4fa6ae3bf - 0x7fd4fa6a6000 -
0x3f10))
0x44af
benutzer@debian:~$ addr2line -e /usr/lib/gnome-shell/libgnome-shell.so -j .text
0x44af
./obj-x86_64-linux-gnu/../src/shell-app.c:1485
############
benutzer@debian:~$ gdb -q -ex 'set width 0' -ex 'set pagination off' -ex
'directory /home/benutzer/source/gnome-shell/orig/gnome-shell-3.30.2/src' --pid
$(pidof gnome-shell)
...
(gdb) disassemble shell_app_dispose
Dump of assembler code for function shell_app_dispose:
0x00007f2482ab7380 <+0>: push %rbp
0x00007f2482ab7381 <+1>: mov %rdi,%rbp
0x00007f2482ab7384 <+4>: push %rbx
0x00007f2482ab7385 <+5>: sub $0x8,%rsp
0x00007f2482ab7389 <+9>: callq 0x7f2482ab0fa0 <shell_app_get_type@plt>
0x00007f2482ab738e <+14>: mov %rbp,%rdi
0x00007f2482ab7391 <+17>: mov %rax,%rsi
0x00007f2482ab7394 <+20>: callq 0x7f2482aafa90
<g_type_check_instance_cast@plt>
0x00007f2482ab7399 <+25>: mov 0x20(%rax),%rdi
0x00007f2482ab739d <+29>: mov %rax,%rbx
$rax == app, copy into $rbx
0x00007f2482ab73a0 <+32>: movq $0x0,0x20(%rax)
0x00007f2482ab73a8 <+40>: test %rdi,%rdi
0x00007f2482ab73ab <+43>: je 0x7f2482ab73c7 <shell_app_dispose+71>
0x00007f2482ab73ad <+45>: callq 0x7f2482ab2ef8 <g_object_unref@plt>
0x00007f2482ab73b2 <+50>: jmp 0x7f2482ab73c7 <shell_app_dispose+71>
0x00007f2482ab73b4 <+52>: nopl 0x0(%rax)
0x00007f2482ab73b8 <+56>: mov 0x8(%rdx),%rax
$rdx == app->running_state, copy
app->running_state->windows into $rax
0x00007f2482ab73bc <+60>: mov %rbx,%rdi
0x00007f2482ab73bf <+63>: mov (%rax),%rsi
<<<<<<<<<<<<<<<<<<< $rax == app->running_state->windows, copy memory there
into %rsi --> app->running_state->windows == 0
0x00007f2482ab73c2 <+66>: callq 0x7f2482aaf6a0
<_shell_app_remove_window@plt>
0x00007f2482ab73c7 <+71>: mov 0x28(%rbx),%rdx
$rbx == app, copy app->running_state into $rdx
0x00007f2482ab73cb <+75>: test %rdx,%rdx
0x00007f2482ab73ce <+78>: jne 0x7f2482ab73b8 <shell_app_dispose+56>
if $rdx != 0 (app->running_state != 0), jump to +56
0x00007f2482ab73d0 <+80>: mov 0x1c(%rbx),%eax
0x00007f2482ab73d3 <+83>: test %eax,%eax
0x00007f2482ab73d5 <+85>: je 0x7f2482ab7400 <shell_app_dispose+128>
0x00007f2482ab73d7 <+87>: lea 0x17b22(%rip),%r8 # 0x7f2482acef00
0x00007f2482ab73de <+94>: lea 0x17d7b(%rip),%rcx #
0x7f2482acf160 <__func__.85989>
0x00007f2482ab73e5 <+101>: mov $0x5d0,%edx
0x00007f2482ab73ea <+106>: xor %edi,%edi
0x00007f2482ab73ec <+108>: lea 0x17788(%rip),%rsi #
0x7f2482aceb7b
0x00007f2482ab73f3 <+115>: callq 0x7f2482ab2690
<g_assertion_message_expr@plt>
0x00007f2482ab73f8 <+120>: nopl 0x0(%rax,%rax,1)
0x00007f2482ab7400 <+128>: mov 0x22ad59(%rip),%rdi #
0x7f2482ce2160 <shell_app_parent_class>
0x00007f2482ab7407 <+135>: mov $0x50,%esi
0x00007f2482ab740c <+140>: callq 0x7f2482ab2a00
<g_type_check_class_cast@plt>
0x00007f2482ab7411 <+145>: mov %rbp,%rdi
0x00007f2482ab7414 <+148>: mov 0x28(%rax),%rax
0x00007f2482ab7418 <+152>: add $0x8,%rsp
0x00007f2482ab741c <+156>: pop %rbx
0x00007f2482ab741d <+157>: pop %rbp
0x00007f2482ab741e <+158>: jmpq *%rax
End of assembler dump.
(gdb) list shell-app.c:1477,1492
1477 static void
1478 shell_app_dispose (GObject *object)
1479 {
1480 ShellApp *app = SHELL_APP (object);
1481
1482 g_clear_object (&app->info);
1483
1484 while (app->running_state)
1485 _shell_app_remove_window (app, app->running_state->windows->data);
1486
1487 /* We should have been transitioned when we removed all of our
windows */
1488 g_assert (app->state == SHELL_APP_STATE_STOPPED);
1489 g_assert (app->running_state == NULL);
1490
1491 G_OBJECT_CLASS(shell_app_parent_class)->dispose (object);
1492 }
