Bug#927162: gnome-shell segfaults in libst-1.0.so

[Simon McVittie]

Control: retitle -1 gnome-shell: intermittent segfault in st_widget_get_theme_node() at st-widget.c:603
Control: forwarded -1 https://gitlab.gnome.org/GNOME/gnome-shell/issues/1018

On Mon, 15 Apr 2019 at 12:12:36 -0700, Eloston wrote:
> Just using GNOME normally causes the crash to happen.

This is probably going to make it hard to fix the crash or know whether
it's been fixed, unfortunately. Is there anything you can do that seems
to make it more likely to happen?

Roughly how often is this happening, in how much use of GNOME?

Is there anything (for instance an upgrade of a package or some packages)
that coincides with this starting to happen?

>         It seems to happen randomly, more so on Wayland. I haven't been able to
> pinpoint any specific application, extension, or setting.

Does this still happen if you disable all Shell extensions?

What extensions are you normally using?

> I have had this crash happen multiple times on Wayland and X11; this is the
> first crash where I was able to get a coredump.

Are you using a core-dump-capturing service like systemd-coredump? If
not, please install systemd-coredump, gdb, gnome-shell-dbgsym (see
<https://wiki.debian.org/HowToGetABacktrace>) and debug symbols for any
libraries that appear in the stack trace after you get one. After a crash,
you should be able to use "coredumpctl gdb" to inspect the core dump,
and "bt" to get a C-level backtrace (not the same as the Javascript
backtrace that was logged).

> different each time the crash occurs, e.g. this is the first time I've
> seen TopIcons show up in the trace. Everything else looks the same.

Please could you quote a few of these things that look the same so that
we have an overview of what's happening, how the crashes are similar and
how they're different?

There's a limit to how much information I can extract from the core
dump, because I'm not running the same versions of everything that you
are, but this is a start:

(gdb) bt
#0  0x00007f1af86f5ae8 in st_widget_get_theme_node (widget=<optimized out>) at ../src/st/st-widget.c:603
#1  0x00007ffdf9b077e0 in  ()
#2  0x00007ffdf9b07908 in  ()
#3  0x00007ffdf9b077e0 in  ()
#4  0x0000000000000000 in  ()

Line 603 is this:

StThemeNode *
st_widget_get_theme_node (StWidget *widget)
{
  StWidgetPrivate *priv = st_widget_get_instance_private (widget);

  if (priv->theme_node == NULL)                <----------- 603
    {
      StThemeContext *context;

so presumably something is calling st_widget_get_theme_node() on a widget
that has been freed or is an invalid pointer - but gdb couldn't decode the
rest of the stack, so I can't tell what called it.

There's an upstream patch
<https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/438> that
should make this less likely to crash, although it isn't really a full
solution (something somewhere is still wrong, but we can't tell what).

    smcv