GNOME Bugzilla – Bug 787361
SEGV in g_type_check_instance_cast() called by shell_gtk_embed_window_created_cb()
Last modified: 2017-12-19 00:13:10 UTC
IIRC, this way Wayland, but it has x11 in there, and I just had the crash in X11. gnome-shell: 3.25.91 mutter: ce515c5 + dd4ad4efc419e9f1f00477116fbfee8fba7fff25 cherry-picked
+ Trace 237933
Here's a downstream Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1714745 (me used Debian)
This is a potential security issue, it just crashed while the screen was locked, revealing the screen content, maybe because network went up again (it was suspended) and chrome put out some notifications (windows).
Created attachment 359653 [details] [review] gtk-embed: stop watching for new windows when icon is unmapped Right now an icon could map itself, unmap itself, then remap itself, and we'd end up leaking a signal handler to watch for new windows. Later if the icon gets destroyed the handler will get called with freed memory. This commit fixes that by connecting to "unmap" instead of "destroy"
^ this is an untested patch that may be the cause of the crash. just a guess from reading through the code.
I applied the patch at around 18:00 UTC and used it until 00:00 UTC without any crashes, so it seems to be solving the issue.
Hmm, now the icons became invisible, but are still clickable. So I guess I reached a point where it would have crashed previously, but now it forgets icons.
journalctl says: Sep 13 11:53:23 jak-x230 gnome-shell[2266]: _shell_embedded_window_map: assertion 'SHELL_IS_EMBEDDED_WINDOW (window)' failed Sep 13 11:53:23 jak-x230 gnome-shell[2266]: _shell_embedded_window_map: assertion 'SHELL_IS_EMBEDDED_WINDOW (window)' failed Sep 13 11:53:24 jak-x230 gnome-shell[2266]: _shell_embedded_window_unmap: assertion 'SHELL_IS_EMBEDDED_WINDOW (window)' failed Sep 13 11:53:24 jak-x230 gnome-shell[2266]: _shell_embedded_window_unmap: assertion 'SHELL_IS_EMBEDDED_WINDOW (window)' failed
So, after some more time I can say that it's really stable (both X11 and Wayland), just the icons disappear occasionally. Well, disappear is a strong word - space is still reserved, it's still interactable, just the pixmap or whatever is missing :)
i'm a little shaky on what's going on but try this one instead!
Created attachment 359808 [details] [review] gtk-embed: ensure we only listen for window-created events once If a tray icon gets a mapped and unmapped and the mapped again in quick succession, we can end up with multiple handlers listening for window creation events. This commit tries to guard against that by only listening for window-created events when we don't know the actor associated with the icon.
Built & started. Will report back later.
I've noticed no crashes nor any regression with the new patch in the past 3 days, so it seems good to go :)
Review of attachment 359808 [details] [review]: LGTM
Attachment 359808 [details] pushed as 90c55e1 - gtk-embed: ensure we only listen for window-created events once
*** Bug 784355 has been marked as a duplicate of this bug. ***
Per https://bugzilla.redhat.com/show_bug.cgi?id=1464503 , this affects 3.24 (in Fedora 26). It would be good to apply this fix to the 3.24 branch and perhaps ship a new release so other distros pick up the fix; I'm planning to backport the fix for F26 as a downstream patch in the package build.
Correct: Florian already applied it as a patch downstream in Fedora 26, so Fedora 26 is fixed, but other distros on 3.24 or older branches may still not have the fix.