After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 672307 - Crash while switching applications
Crash while switching applications
Status: RESOLVED FIXED
Product: gnome-shell
Classification: Core
Component: general
unspecified
Other Linux
: Normal critical
: ---
Assigned To: gnome-shell-maint
gnome-shell-maint
: 672778 673382 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2012-03-17 19:02 UTC by Cosimo Cecchi
Modified: 2012-08-27 19:31 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Cosimo Cecchi 2012-03-17 19:02:35 UTC
I was switching apps with Alt+Tab when the shell suddenly crashed.
I believe this could also be a bug in Clutter; using Clutter 1.9.14 and Shell 3.3.90

Core was generated by `/usr/bin/gnome-shell'.
Program terminated with signal 11, Segmentation fault.

Thread 1 (Thread 0x7fb3beb2a9c0 (LWP 11565))

  • #0 _clutter_actor_finish_queue_redraw
    at ./clutter-actor.c line 6541
  • #1 _clutter_stage_maybe_finish_queue_redraws
    at ./clutter-stage.c line 4094
  • #2 _clutter_stage_do_update
    at ./clutter-stage.c line 1217
  • #3 clutter_clock_dispatch
    at ./clutter-master-clock.c line 398
  • #4 g_main_dispatch
    at gmain.c line 2510
  • #5 g_main_context_dispatch
    at gmain.c line 3047
  • #6 g_main_context_iterate
    at gmain.c line 3118
  • #7 g_main_loop_run
    at gmain.c line 3312
  • #8 meta_run
    from /lib64/libmutter.so.0
  • #9 main

Comment 1 Jasper St. Pierre (not reading bugmail) 2012-03-17 20:47:14 UTC
Punting over to Clutter until they say it's our fault.
Comment 2 Emmanuele Bassi (:ebassi) 2012-03-17 21:05:55 UTC
something is keeping alive an actor, which gets into the queue in an invalid state.
Comment 3 Jasper St. Pierre (not reading bugmail) 2012-03-17 21:09:14 UTC
(In reply to comment #2)
> something is keeping alive an actor, which gets into the queue in an invalid
> state.

By "keeping alive", do you mean that it's a stale pointer?
Comment 4 Giovanni Campagna 2012-03-17 21:14:01 UTC
The trace is duplicate of bug 671173 (which tried to tackle it from a different perspective, but didn't succeed). I'm getting this kind of crash often recently, and at least here it seems to be associated with exiting/entering the overview.
Comment 5 Emmanuele Bassi (:ebassi) 2012-03-17 21:20:27 UTC
(In reply to comment #3)
> (In reply to comment #2)
> > something is keeping alive an actor, which gets into the queue in an invalid
> > state.
> 
> By "keeping alive", do you mean that it's a stale pointer?

it's either a stale pointer inside the redraw queue, or an actor that was destroyed (i.e. without a valid state but with a valid refcount) and it's still around.
Comment 6 Jasper St. Pierre (not reading bugmail) 2012-03-17 21:49:37 UTC
If anybody can get a solid reproducer, please let me know and I'll investigate. Otherwise, I haven't seen the crash.
Comment 7 Giovanni Campagna 2012-03-19 18:24:28 UTC
(In reply to comment #5)
> (In reply to comment #3)
> > (In reply to comment #2)
> > > something is keeping alive an actor, which gets into the queue in an invalid
> > > state.
> > 
> > By "keeping alive", do you mean that it's a stale pointer?
> 
> it's either a stale pointer inside the redraw queue, or an actor that was
> destroyed (i.e. without a valid state but with a valid refcount) and it's still
> around.

It's neither, actually. The GList node is valid (at least, next and prev are good and the list is not cyclic), but the data pointer is garbage (I've got a 0x3d2f4c1 here, which is not 8 byte aligned).
Comment 8 Jasper St. Pierre (not reading bugmail) 2012-03-25 15:19:31 UTC
*** Bug 672778 has been marked as a duplicate of this bug. ***
Comment 9 Jasper St. Pierre (not reading bugmail) 2012-03-25 15:20:02 UTC
Punting back over to us.
Comment 10 Jasper St. Pierre (not reading bugmail) 2012-04-03 15:13:33 UTC
*** Bug 673382 has been marked as a duplicate of this bug. ***
Comment 11 Owen Taylor 2012-04-10 18:08:25 UTC
I can't really figure out exactly how it would cause this corruption, but I'm wondering if this is a duplicate of bug 673512 - if you look at the people's description of what they are doing in https://bugzilla.redhat.com/show_bug.cgi?id=791130, there is a common trend of installing packages and then going to the overview.
Comment 12 Jasper St. Pierre (not reading bugmail) 2012-08-27 19:31:55 UTC
This was figured out to be the lack of a dispose in MetaBackgroundActor. I don't know why I didn't attach this patch.

http://git.gnome.org/browse/mutter/commit/src/compositor/meta-background-actor.c?id=c844bab2325d0316f3561fd92169a6cb6c67da8e