After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 783951 - gjs 1.48.4 regression causes gnome-shell crashes
gjs 1.48.4 regression causes gnome-shell crashes
Status: RESOLVED DUPLICATE of bug 783935
Product: gjs
Classification: Bindings
Component: general
1.48.x
Other Linux
: Normal critical
: ---
Assigned To: Tomas Popela
gjs-maint
Depends on:
Blocks:
 
 
Reported: 2017-06-19 08:35 UTC by Kalev Lember
Modified: 2017-07-25 18:37 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
object: Zero out new ConnectData (974 bytes, patch)
2017-06-19 23:23 UTC, Philip Chimento 		committed Details | Review
object: Don't invalidate closure if already invalid (2.32 KB, patch)
2017-06-19 23:24 UTC, Philip Chimento 		committed Details | Review
valgrind log (16.69 KB, text/plain)
2017-06-22 12:55 UTC, Tomas Popela 		  Details
object: Invalidate signals even if GObject is null (4.42 KB, patch)
2017-06-22 22:38 UTC, Philip Chimento 		none Details | Review
gjs debug log before crash (79.63 KB, text/plain)
2017-07-03 08:39 UTC, Tomas Popela 		  Details

Description Kalev Lember 2017-06-19 08:35:26 UTC 
We have a downstream report that seems to point to a regression in 1.48.4 that causes gnome-shell crashes. Please see https://bugzilla.redhat.com/show_bug.cgi?id=1462444 and the "backtrace" attachment that has a high quality stack trace of the crash; I don't want to copy the trace here as I'm not able to provide additional details.
Comment 1 Philip Chimento 2017-06-19 18:54:28 UTC 
If Owen's patch on that bug prevents the crashes, then we should probably commit it; but Cosimo flagged that particular thing in code review, and I was pretty sure it should not be necessary:

> > Is it possible for this code to get called before
> > signal_connection_invalidate_idle() had a chance to fire? If not, then all
> > good; otherwise you would need to only schedule the idle timeout when it
> > hasn't been scheduled already.
>
> The documentation seemed to imply that a closure's invalidate notifier can 
> only ever be called once, and I double checked in the source:
> https://git.gnome.org/browse/glib/tree/gobject/gclosure.c#n572

So maybe this is me misunderstanding the above GLib code?
Comment 2 Philip Chimento 2017-06-19 23:23:57 UTC 
Created attachment 354071 [details] [review]
object: Zero out new ConnectData

The idle_invalidate_id member was being filled with garbage, leading to
errors later where nonexisting (or worse, existing) source IDs were being
removed.
Comment 3 Philip Chimento 2017-06-19 23:24:00 UTC 
Created attachment 354072 [details] [review]
object: Don't invalidate closure if already invalid

In object_instance_finalize() we get two kinds of signal connections:
ones that are still connected, which we need to invalidate; and ones that
have just been disconnected and invalidated but whose invalidate idle
function has not yet run.

The second kind we just need to disconnect the idle handler and free the
ConnectData. We should not try to remove the invalidate notifier, since
it has already run. The first kind, we must remove the invalidate
notifier so that no idle invalidation is scheduled, and then invalidate
them, and also free the ConnectData.

Previously we were mixing the two and removing notifiers from both kinds.
This led to warnings about removing uninstalled invalidation notifiers.
Comment 4 Philip Chimento 2017-06-19 23:24:20 UTC 
Try these patches?
Comment 5 Kalev Lember 2017-06-20 06:45:36 UTC 
Great, thanks! Posted an rpm with the patches applied in the redhat bugzilla ticket for people to try.
Comment 6 Cosimo Cecchi 2017-06-20 06:58:02 UTC 
Review of attachment 354071 [details] [review]:

This is obviously correct.
Comment 7 Cosimo Cecchi 2017-06-20 06:59:41 UTC 
Review of attachment 354072 [details] [review]:

Looks correct.
Comment 8 Kalev Lember 2017-06-20 07:36:38 UTC 
According to https://bugzilla.redhat.com/show_bug.cgi?id=1462444#c28 it still crashes, but with a different backtrace now.
Comment 9 Philip Chimento 2017-06-21 00:34:44 UTC 
Is there any way to get the rest of that backtrace? It says "truncated". I'm interested in the value of context in frames 7 and 8, and the output of `call gjs_dumpstack()`.
Comment 10 Philip Chimento 2017-06-21 00:48:31 UTC 
Attachment 354071 [details] pushed as 9eb4a2b - object: Zero out new ConnectData
Attachment 354072 [details] pushed as bace908 - object: Don't invalidate closure if already invalid
Comment 11 Philip Chimento 2017-06-21 02:57:41 UTC 
I think it's unrelated, but you might also try the patch in bug 783935.
Comment 12 Tomas Popela 2017-06-21 10:58:15 UTC 
(In reply to Philip Chimento from comment #9)
> Is there any way to get the rest of that backtrace? It says "truncated". I'm
> interested in the value of context in frames 7 and 8

Here is the backtrace with the two patches from this bug applied on top of 1.48.4:

(gdb) bt full

+ Trace 237587

  • #0 std::less<_ConnectData*>::operator()(_ConnectData* const&, _ConnectData* const&) const
    at /usr/include/c++/7/bits/stl_function.h line 386
  • #1 std::_Rb_tree<_ConnectData*, _ConnectData*, std::_Identity<_ConnectData*>, std::less<_ConnectData*>, std::allocator<_ConnectData*> >::equal_range(_ConnectData* const&)
    at /usr/include/c++/7/bits/stl_tree.h line 1940
  • #2 std::_Rb_tree<_ConnectData*, _ConnectData*, std::_Identity<_ConnectData*>, std::less<_ConnectData*>, std::allocator<_ConnectData*> >::erase(_ConnectData* const&)
    at /usr/include/c++/7/bits/stl_tree.h line 2500
  • #3 std::set<_ConnectData*, std::less<_ConnectData*>, std::allocator<_ConnectData*> >::erase(_ConnectData* const&)
    at /usr/include/c++/7/bits/stl_set.h line 675
  • #4 signal_connection_invalidate_idle(void*)
    at gi/object.cpp line 1585
  • #5 g_idle_dispatch
  • #6 g_main_dispatch
    at gmain.c line 3230
  • #7 g_main_context_dispatch
    at gmain.c line 3895
  • #8 g_main_context_iterate
    at gmain.c line 3968
  • #9 g_main_loop_run
    at gmain.c line 4164
  • #10 meta_run
    at core/main.c line 648
  • #11 main
    at main.c line 454 

> and the output of `call gjs_dumpstack()`.

I'm failed to run gnome-shell under gdb, so no output..
Comment 13 Philip Chimento 2017-06-21 17:53:23 UTC 
I'm looking specifically at

+ Trace 237590

  • #1 std::_Rb_tree<_ConnectData*, _ConnectData*, std::_Identity<_ConnectData*>, std::less<_ConnectData*>, std::allocator<_ConnectData*> >::equal_range(_ConnectData* const&)
    at /usr/include/c++/7/bits/stl_tree.h line 1940 

Looks like __x is some kind of already-freed memory overwritten with a poison value. Even if it's not possible to run under GDB, maybe it would be possible to run under Valgrind? That should be able to track down the use-after-free and show where the data was freed.
Comment 14 Kalev Lember 2017-06-21 19:16:19 UTC 
Tomas, I've built the new 1.48.5 release that Philip just did, https://bodhi.fedoraproject.org/updates/gjs-1.48.5-1.fc26 if you want to give it a try.
Comment 15 Tomas Popela 2017-06-22 12:55:51 UTC 
Created attachment 354246 [details]
valgrind log

Here is the log from valgrind while running gnome-shell in it with gjs compiled from master.
Comment 16 Philip Chimento 2017-06-22 22:38:08 UTC 
Created attachment 354286 [details] [review]
object: Invalidate signals even if GObject is null

Elsewhere we use (priv->gobj == nullptr) to distinguish whether the
JSObject we are dealing with is an object instance or a prototype.
However, that's not quite right in the case of the finalizer: it seems
that priv->gobj may be nulled out by release_native_object() before the
ObjectInstance's finalizer is called. So, we should clear priv->signals
even if priv->gobj is null. In the case of a prototype object,
priv->signals will be empty anyway, so it will have no effect.

This patch implies that the priv->gobj check is not reliable elsewhere
either, but let's test and see if this works first.
Comment 17 Philip Chimento 2017-06-22 22:38:33 UTC 
Thanks. If you could manage to get the same log with debug symbols for GJS installed, even better, but I think I have an idea of what's going on. Please try the attached patch.
Comment 18 Tomas Popela 2017-06-23 04:40:37 UTC 
(In reply to Philip Chimento from comment #17)
> Thanks. If you could manage to get the same log with debug symbols for GJS
> installed, even better, but I think I have an idea of what's going on.

I will try to attach it during today..

> Please try the attached patch.

After installing gjs with this patch applied and restarting the laptop, the GDM won't load at all, but gjs is not the one that is crashing..

Program terminated with signal SIGSEGV, Segmentation fault.

+ Trace 237591

  • #0 _gtk_style_provider_private_get_settings
    at gtkstyleproviderprivate.c line 123
  • #0 _gtk_style_provider_private_get_settings
    at gtkstyleproviderprivate.c line 123
  • #1 gtk_css_value_initial_compute
    at gtkcssinitialvalue.c line 52
  • #2 gtk_css_static_style_compute_value
    at gtkcssstaticstyle.c line 237
  • #3 _gtk_css_lookup_resolve
    at gtkcsslookup.c line 122
  • #4 gtk_css_static_style_new_compute
    at gtkcssstaticstyle.c line 195
  • #5 gtk_css_static_style_get_default
    at gtkcssstaticstyle.c line 164
  • #6 gtk_css_node_init
    at gtkcssnode.c line 663
  • #7 g_type_create_instance
    at gtype.c line 1860
  • #8 g_object_new_internal
    at gobject.c line 1783
  • #9 g_object_newv
    at gobject.c line 1930
  • #10 g_object_new
    at gobject.c line 1623
  • #11 gtk_css_widget_node_new
    at gtkcsswidgetnode.c line 297
  • #12 gtk_widget_init
    at gtkwidget.c line 4414
  • #13 g_type_create_instance
    at gtype.c line 1860
  • #14 g_object_new_internal
    at gobject.c line 1783
  • #15 g_object_newv
    at gobject.c line 1930
  • #16 g_object_new
    at gobject.c line 1623
  • #17 main
    at gsm-fail-whale-dialog.c line 382 

0 $ rpm -qa gtk3
gtk3-3.22.15-2.fc26.x86_64
Comment 19 Tomas Popela 2017-06-23 09:28:02 UTC 
(In reply to Tomas Popela from comment #18)
> I will try to attach it during today..

Heh I'm actually compiling gjs with -g so I don't know why the symbols are not resolved there..

> > Please try the attached patch.
> 
> After installing gjs with this patch applied and restarting the laptop, the
> GDM won't load at all, but gjs is not the one that is crashing..

When I tried it again (with latest gnome-session that is fixing the above bug) the situation is unchanged.. It still crashes and the valgrind log is the same as previously..
Comment 20 Philip Chimento 2017-06-25 02:11:03 UTC 
Looks like in some particular case (i.e., yours) the invariant that I tried to set in the 1.48.4 patches is being broken: there are still idle handlers pending at the time the ObjectInstance is freed in object_instance_finalize(). I thought maybe it was because priv->gobj had already been set to nullptr, and so the g_source_remove() wasn't run, but since the patch didn't help, that must not be the problem.

At this point it would be helpful if you (or someone else) could run the gnome-shell session under RR (see rr-project.org for installation instructions) and find out why the idle handler is not removed in gi/object.cpp:1441-1455.
Comment 21 Tomas Popela 2017-06-30 12:37:19 UTC 
Sorry I didn't have the time to run it under rr (I actually tried it, but was not able to run rr replay later.., need to investigate why).. I saw that there is some debug print in object_instance_finalize() for I changed it to g_warning (as the code won't compile if I enable the debug prints in util/log.h) and it printed the following before crashing (I don't know if it is useful or not, but maybe worth looking at it):

Jun 30 12:12:36 seppuku-t450s kernel: traps: gnome-shell[1716] general protection ip:7f6d030620fe sp:7ffec47a62d0 error:0 in libgjs.so.0.0.0[7f6d02fdb000+14c000]
Jun 30 12:12:36 seppuku-t450s kernel: do_general_protection: 62 callbacks suppressed
Jun 30 12:12:36 seppuku-t450s audit[1716]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=1716 comm="gnome-shell" exe="/usr/bin/gnome-shell" sig=11 res=1
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4072600 priv 0x55ba407c16b0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4dd2740 priv 0x55ba3fbbead0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4dd2280 priv 0x55ba3fba89d0 gtype MetaBackgroundActor gobj 0x55ba3fba92e0
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d9760 priv 0x55ba412a2e00 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d63d0 priv 0x55ba3f423d00 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d6070 priv 0x55ba40e36bc0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d1850 priv 0x55ba3f468060 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d16a0 priv 0x55ba41226c70 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d1640 priv 0x55ba4122f820 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d15b0 priv 0x55ba4122ecb0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d1400 priv 0x55ba412237f0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d1370 priv 0x55ba410c2420 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40d10d0 priv 0x55ba406afcb0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40c1970 priv 0x55ba411f90b0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40c1670 priv 0x55ba410c0a50 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40c15b0 priv 0x55ba4050d2e0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40c14c0 priv 0x55ba41088030 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40c13a0 priv 0x55ba41087f20 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40bcbe0 priv 0x55ba40de6dd0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40bc610 priv 0x55ba407c2580 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40babe0 priv 0x55ba4107f0c0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40babb0 priv 0x55ba408ee9d0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40bab80 priv 0x55ba4055aa10 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b37f0 priv 0x55ba40da65e0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b3730 priv 0x55ba40812fe0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b35e0 priv 0x55ba40f7f910 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b3580 priv 0x55ba40829170 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b3520 priv 0x55ba408224c0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b34c0 priv 0x55ba410eb590 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b3400 priv 0x55ba40f7e8a0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b32e0 priv 0x55ba40de5790 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b3220 priv 0x55ba41014cf0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b31c0 priv 0x55ba40f63030 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b1dc0 priv 0x55ba410ced80 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b1ca0 priv 0x55ba410d1bf0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40b1be0 priv 0x55ba410d11a0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40a56d0 priv 0x55ba3fbd2880 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093e20 priv 0x55ba3fc63350 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093ca0 priv 0x55ba41068b30 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40939a0 priv 0x55ba40e04700 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093970 priv 0x55ba40e05650 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093910 priv 0x55ba40e04d00 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40938e0 priv 0x55ba40ea5c10 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40938b0 priv 0x55ba40df4900 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093850 priv 0x55ba40d71b50 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093820 priv 0x55ba40d715b0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40937f0 priv 0x55ba40e2fc60 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093790 priv 0x55ba40fc65d0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093760 priv 0x55ba40f44300 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093730 priv 0x55ba40ffae10 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40936d0 priv 0x55ba40f06ee0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40936a0 priv 0x55ba40f06830 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093670 priv 0x55ba41136950 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093610 priv 0x55ba40d6d430 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40935e0 priv 0x55ba40d6d300 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40935b0 priv 0x55ba4103ad60 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093550 priv 0x55ba40ff0e30 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40934f0 priv 0x55ba40f0e930 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093490 priv 0x55ba40f3b3b0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093460 priv 0x55ba40fc8250 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093430 priv 0x55ba410aa490 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093400 priv 0x55ba4102ed10 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40933a0 priv 0x55ba4110b180 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093370 priv 0x55ba40fc62c0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093310 priv 0x55ba40fe4000 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40932e0 priv 0x55ba40f93d00 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40932b0 priv 0x55ba409397d0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093250 priv 0x55ba41026790 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40931f0 priv 0x55ba410523f0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40931c0 priv 0x55ba40ffc230 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093190 priv 0x55ba40fab4e0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4093160 priv 0x55ba4075c050 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40930d0 priv 0x55ba40f44ff0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40930a0 priv 0x55ba41040560 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd40868b0 priv 0x55ba408d9ba0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4082a60 priv 0x55ba408202e0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4082a30 priv 0x55ba4081fec0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4082550 priv 0x55ba40823370 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4082520 priv 0x55ba40823020 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4082040 priv 0x55ba40817ee0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407ffd0 priv 0x55ba4081e660 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407faf0 priv 0x55ba40813d30 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407fac0 priv 0x55ba40817b90 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407f5e0 priv 0x55ba4080f590 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407f5b0 priv 0x55ba408139f0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407f0d0 priv 0x55ba4080b1e0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407f0a0 priv 0x55ba4080f2a0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407db80 priv 0x55ba40807010 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407db50 priv 0x55ba4080aeb0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407d670 priv 0x55ba408034b0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407d640 priv 0x55ba40806d20 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407d160 priv 0x55ba407ff2d0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407d130 priv 0x55ba40803090 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407bc10 priv 0x55ba407faca0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407bbe0 priv 0x55ba407feea0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407b700 priv 0x55ba407dd4a0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407b6d0 priv 0x55ba407e7df0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407b1f0 priv 0x55ba407e69f0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407b1c0 priv 0x55ba407efe30 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd407b190 priv 0x55ba407ea4c0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd406cb50 priv 0x55ba407c0780 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd406cb20 priv 0x55ba407dcf70 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd406c5e0 priv 0x55ba407c9fc0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd406c5b0 priv 0x55ba407ce850 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd406c580 priv 0x55ba407ce970 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd406c520 priv 0x55ba407cd780 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd406c4f0 priv 0x55ba407bf5a0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd400de20 priv 0x55ba406a40d0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4138af0 priv 0x55ba404475f0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4138ac0 priv 0x55ba404325a0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4dfac70 priv 0x55ba3fcfc290 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4dcff40 priv 0x55ba3fb7e910 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4d34a00 priv 0x55ba3fa11e00 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4d349d0 priv 0x55ba3fa12d30 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4d349a0 priv 0x55ba3f8e1fc0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4d34970 priv 0x55ba3f8e1a80 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4d348e0 priv 0x55ba3f8e0ea0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4d347c0 priv 0x55ba3f8df1e0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4d34790 priv 0x55ba3f8de9d0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: finalize obj 0x7f6cd4d346a0 priv 0x55ba3f8dd3a0 gtype <no gobject> gobj (nil)
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: JS WARNING: [resource:///org/gnome/shell/ui/status/network.js 1897]: reference to undefined property this._mainConnectionStateChangedId
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: STACK_OP_ADD: window 0x2800001 already in stack
Jun 30 12:12:36 seppuku-t450s gnome-shell[1716]: STACK_OP_ADD: window 0x2800001 already in stack
3eb628acb7ec48f9f2ce8fcead22b9ca.icc”: Permission denied
Jun 30 12:12:35 seppuku-t450s gnome-shell[1716]: JS WARNING: [resource:///org/gnome/shell/misc/ibusManager.js 196]: reference to undefined property this._engines[id]
Comment 22 Philip Chimento 2017-06-30 23:40:41 UTC 
Thanks!

> I changed it to g_warning (as the code won't compile if I enable the debug prints in util/log.h)

There may be a few places where `.get()` needs to be added to autoptrs that were previously plain `char*` pointers.

> and it printed the following before crashing (I don't know if it is useful or not, but maybe worth looking at it):
> ...
> finalize obj 0x7f6cd4d346a0 priv 0x55ba3f8dd3a0 gtype <no gobject> gobj (nil)
> ...

This confirms what I was suspecting, that the priv->gobj is NULL at the time it's finalized... would it be possible to get the output with all the debug prints enabled?

And if you can manage to get `rr replay` to work, that would still be much appreciated.
Comment 23 Tomas Popela 2017-07-03 08:39:10 UTC 
Created attachment 354823 [details]
gjs debug log before crash
Comment 24 Tomas Popela 2017-07-19 12:21:23 UTC 
Philip were the logs that I provided in comment 23 useful?
Comment 25 Philip Chimento 2017-07-22 01:08:14 UTC 
Ugh, sorry for the delay - I looked at it, didn't notice anything immediately, meant to look at it in more detail.

Is this with all the #defines in util/log.h enabled? If so, I'm surprised that it is so short. If not, could you get another one with at least GJS_VERBOSE_ENABLE_LIFECYCLE and GJS_VERBOSE_ENABLE_CLOSURE defined?
Comment 26 Tomas Popela 2017-07-24 04:29:23 UTC 
(In reply to Philip Chimento from comment #25)
> Is this with all the #defines in util/log.h enabled?

It indeed is..

> If so, I'm surprised
> that it is so short. If not, could you get another one with at least
> GJS_VERBOSE_ENABLE_LIFECYCLE

It is enabled as you can see from the logs:

Jul 03 10:28:15 seppuku-t450s org.gnome.Shell.desktop[17016]:    JS KP ALV: GjsMaybeOwned 0x55d937451da0 created

and there are no other debug prints for it in the code:

0 $ git grep GJS_DEBUG_KEEP_ALIVE
gjs/jsapi-util-root.h:130:        gjs_debug_lifecycle(GJS_DEBUG_KEEP_ALIVE, "GjsMaybeOwned %p %s", this,


> and GJS_VERBOSE_ENABLE_CLOSURE defined?

I don't know why there are no occurrences of it in the logs and whether there are supposed to be any..
Comment 27 Philip Chimento 2017-07-25 18:37:43 UTC 
From the logs on bug 783935 I am now almost certain this is the same bug as that one. Let's consolidate the discussion there.

*** This bug has been marked as a duplicate of bug 783935 ***