After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 642699 - Segfault when closing some applications
Segfault when closing some applications
Status: RESOLVED FIXED
Product: gnome-shell
Classification: Core
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: Colin Walters
gnome-shell-maint
Depends on:
Blocks:
 
 
Reported: 2011-02-18 18:03 UTC by drago01
Modified: 2011-02-22 15:35 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
ShellWindowTracker: fix a reference counting bug (2.08 KB, patch)
2011-02-19 15:22 UTC, Giovanni Campagna 		committed Details | Review

Description drago01 2011-02-18 18:03:57 UTC 
While trying to reproduce bug 642684 I have installed qt4 designer and noticed that after closing it and going to the overview the shell crashes.

#
(gdb) bt
#

+ Trace 226022

  • #0 g_type_name
  • #1 object_instance_new_resolve
    at gi/object.c line 399
  • #2 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #3 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #4 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #5 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #6 js_Invoke
  • #7 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #8 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #9 js_Invoke
  • #10 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #11 JS_CallFunctionValue
  • #12 gjs_call_function_value
    at gjs/jsapi-util.c line 1151
  • #13 gjs_closure_invoke
  • #14 closure_marshal
  • #15 g_closure_invoke
    at gclosure.c line 767
  • #16 signal_emit_unlocked_R
    at gsignal.c line 3252
  • #17 g_signal_emit_valist
    at gsignal.c line 2983
  • #18 g_signal_emit
  • #19 clutter_actor_dispose
  • #20 g_object_run_dispose
  • #21 clutter_actor_destroy
  • #22 g_list_foreach
    at glist.c line 938
  • #23 st_container_dispose
  • #24 g_object_run_dispose
  • #25 clutter_actor_destroy
  • #26 ffi_call_unix64
    from /usr/lib64/libffi.so.5
  • #27 ffi_call
    from /usr/lib64/libffi.so.5
  • #28 gjs_invoke_c_function
  • #29 js_Invoke
  • #30 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #31 js_Invoke
  • #32 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #33 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #34 js_Invoke
  • #35 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #36 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #37 js_Invoke
  • #38 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #39 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #40 js_Invoke
  • #41 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #42 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #43 js_Invoke
  • #44 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #45 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #46 js_Invoke
  • #47 ??
    from /usr/lib64/xulrunner-1.9.2/libmozjs.so
  • #48 JS_CallFunctionValue
  • #49 gjs_call_function_value
    at gjs/jsapi-util.c line 1151
  • #50 gjs_closure_invoke
  • #51 closure_marshal
  • #52 g_closure_invoke
    at gclosure.c line 767
  • #53 signal_emit_unlocked_R
    at gsignal.c line 3252
  • #54 g_signal_emit_valist
    at gsignal.c line 2983
  • #55 g_signal_emit
  • #56 clutter_timeline_do_frame
  • #57 _clutter_master_clock_advance
  • #58 clutter_clock_dispatch
  • #59 g_main_dispatch
    at gmain.c line 2440
  • #60 g_main_context_dispatch
    at gmain.c line 3013
  • #61 g_main_context_iterate
    at gmain.c line 3091
  • #62 g_main_loop_run
    at gmain.c line 3299
  • #63 main
    at core/main.c line 707 


It seems like the call to this.app.disconnect() in dash.js triggers that:

#
(gdb) call gjs_dumpstack()
#
== Stack trace for context 0x8b39e0 ==
#
0 anonymous([0x8a3a9c0 StButton.app-well-app]) ["/home/linux/gnome-shell/source/gnome-shell/js/ui/appDisplay.js":376]
#
1 anonymous([0x8a3a9c0 StButton.app-well-app]) ["/home/linux/gnome-shell/install/share/gjs-1.0/lang.js":110]
#
2 [native frame]
#
3 anonymous() ["/home/linux/gnome-shell/source/gnome-shell/js/ui/dash.js":127]
#
4 anonymous() ["/home/linux/gnome-shell/install/share/gjs-1.0/lang.js":110]
#
5 anonymous() ["/home/linux/gnome-shell/source/gnome-shell/js/ui/tweener.js":101]
#
6 _callOnFunction(params = undefined, fallbackScope = [object Object], scope = undefined, fnname = "onComplete", fn = [function]) ["/home/linux/gnome-shell/install/share/gjs-1.0/tweener/tweener.js":202]
#
7 _updateTweenByIndex(i = 14) ["/home/linux/gnome-shell/install/share/gjs-1.0/tweener/tweener.js":332]
#
8 _updateTweens() ["/home/linux/gnome-shell/install/share/gjs-1.0/tweener/tweener.js":344]
#
9 _onEnterFrame([object Object]) ["/home/linux/gnome-shell/install/share/gjs-1.0/tweener/tweener.js":359]
#
10 _emit(name = "prepare-frame") ["/home/linux/gnome-shell/install/share/gjs-1.0/signals.js":124]
#
11 anonymous(frame = 203) ["/home/linux/gnome-shell/source/gnome-shell/js/ui/tweener.js":237]
#
12 anonymous(frame = 203, timeline = [object instance proxy GIName:Clutter.Timeline jsobj@0x10eaf00 native@0xf8d460]) ["/home/linux/gnome-shell/source/gnome-shell/js/ui/tweener.js":213]
#
13 anonymous([object instance proxy GIName:Clutter.Timeline jsobj@0x10eaf00 native@0xf8d460], 203) ["/home/linux/gnome-shell/install/share/gjs-1.0/lang.js":110]

I am not exactly sure what is going on here (and neither why it is 100% reproduce able with one specific app and not with others).
Comment 1 Giovanni Campagna 2011-02-19 15:21:56 UTC 
Looking at source code, I think that get_app_from_window_pid in
src/shell-window-tracker.c should return a new reference to the ShellApp it
returns, since all other functions do (get_app_from_window_group,
get_app_from_window_wmclass), so get_app_from_window is probably (transfer
full).

Will soon prepare the easy patch, so you can check if the bug persists.
Comment 2 Giovanni Campagna 2011-02-19 15:22:24 UTC 
Created attachment 181322 [details] [review]
ShellWindowTracker: fix a reference counting bug

When retrieving a ShellApp from the GHashTable of child processes,
we need to take an extra reference, that the GHashTable of windows
to apps will own.
Also add some documentation to avoid repeating this bug in the future.
Comment 3 drago01 2011-02-19 15:56:27 UTC 
(In reply to comment #2)
> Created an attachment (id=181322) [details] [review]
> ShellWindowTracker: fix a reference counting bug
> 
> When retrieving a ShellApp from the GHashTable of child processes,
> we need to take an extra reference, that the GHashTable of windows
> to apps will own.
> Also add some documentation to avoid repeating this bug in the future.

This seems to fix it, thanks!
Comment 4 Colin Walters 2011-02-21 22:10:22 UTC 
Review of attachment 181322 [details] [review]:

This looks good to me!  Thanks for finding it.
Comment 5 Giovanni Campagna 2011-02-22 15:35:15 UTC 
Attachment 181322 [details] pushed as 5683bb9 - ShellWindowTracker: fix a reference counting bug