Bug 755313 – gnome-shell-3.16.3 crashed

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 755313 - gnome-shell-3.16.3 crashed


Summary:	gnome-shell-3.16.3 crashed


Status:	RESOLVED FIXED

Product:	gnome-shell
Classification:	Core
Component:	general
Version:	3.16.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gnome-shell-maint
QA Contact:	gnome-shell-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-09-20 16:22 UTC by Pacho Ramos
Modified:	2016-09-08 10:12 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
[PATCH] systray: Bail out if the plug window is gone (1.01 KB, patch) 2016-09-07 12:04 UTC, Olivier Fourdan	committed	Details \| Review

Description Pacho Ramos 2015-09-20 16:22:24 UTC

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/bin/gnome-shell'.
Program terminated with signal SIGSEGV, Segmentation fault.

+ Trace 235475

Thread 1 (Thread 0x7f052fe5b9c0 (LWP 12645))

#0 gdk_window_has_impl
at /var/tmp/portage/x11-libs/gtk+-3.16.6/work/gtk+-3.16.6/gdk/gdkwindow.c line 592
#1 _gdk_window_has_impl
at /var/tmp/portage/x11-libs/gtk+-3.16.6/work/gtk+-3.16.6/gdk/gdkwindow.c line 593
#2 gdk_x11_window_get_xid
at /var/tmp/portage/x11-libs/gtk+-3.16.6/work/gtk+-3.16.6/gdk/x11/gdkwindow-x11.c line 5527
#3 shell_tray_icon_click
at shell-tray-icon.c line 201
#4 ffi_call_unix64
from /usr/lib64/libffi.so.6
#5 ffi_call
from /usr/lib64/libffi.so.6
#6 gjs_invoke_c_function
at gi/function.cpp line 997
#7 function_call
at gi/function.cpp line 1319
#8 CallJSNative
at ./jscntxtinlines.h line 321
#9 js::Invoke
at /var/tmp/portage/dev-lang/spidermonkey-24.2.0-r3/work/mozjs-24.2.0/js/src/vm/Interpreter.cpp line 474
#10 Interpret
at /var/tmp/portage/dev-lang/spidermonkey-24.2.0-r3/work/mozjs-24.2.0/js/src/vm/Interpreter.cpp line 2298
#11 js::RunScript
at /var/tmp/portage/dev-lang/spidermonkey-24.2.0-r3/work/mozjs-24.2.0/js/src/vm/Interpreter.cpp line 438
#12 js::Invoke
at /var/tmp/portage/dev-lang/spidermonkey-24.2.0-r3/work/mozjs-24.2.0/js/src/vm/Interpreter.cpp line 500
#13 js::Invoke
at /var/tmp/portage/dev-lang/spidermonkey-24.2.0-r3/work/mozjs-24.2.0/js/src/vm/Interpreter.cpp line 531
#14 JS_CallFunctionValue
at /var/tmp/portage/dev-lang/spidermonkey-24.2.0-r3/work/mozjs-24.2.0/js/src/jsapi.cpp line 5635
#15 gjs_call_function_value
at gjs/jsapi-util.cpp line 724
#16 gjs_closure_invoke
at gi/closure.cpp line 282
#17 closure_marshal
at gi/value.cpp line 160
#18 g_closure_invoke
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/gobject/gclosure.c line 768
#19 signal_emit_unlocked_R
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/gobject/gsignal.c line 3549
#20 g_signal_emit_valist
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/gobject/gsignal.c line 3305
#21 g_signal_emit
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/gobject/gsignal.c line 3361
#22 st_button_button_release
at st/st-button.c line 215
#23 _clutter_marshal_BOOLEAN__BOXED
at clutter-marshal.c line 85
#24 g_closure_invoke
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/gobject/gclosure.c line 768
#25 signal_emit_unlocked_R
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/gobject/gsignal.c line 3587
#26 g_signal_emit_valist
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/gobject/gsignal.c line 3315
#27 g_signal_emit
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/gobject/gsignal.c line 3361
#28 clutter_actor_event
at clutter-actor.c line 13789
#29 emit_pointer_event
at clutter-main.c line 2041
#30 _clutter_process_event_details
at clutter-main.c line 2377
#31 _clutter_process_event
at clutter-main.c line 2537
#32 _clutter_stage_process_queued_events
at clutter-stage.c line 1031
#33 master_clock_process_events
at clutter-master-clock-default.c line 358
#34 clutter_clock_dispatch
at clutter-master-clock-default.c line 555
#35 g_main_dispatch
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/glib/gmain.c line 3122
#36 g_main_context_dispatch
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/glib/gmain.c line 3737
#37 g_main_context_iterate
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/glib/gmain.c line 3808
#38 g_main_loop_run
at /var/tmp/portage/dev-libs/glib-2.44.1/work/glib-2.44.1/glib/gmain.c line 4002
#39 meta_run
at core/main.c line 437
#40 main
at main.c line 462

Comment 1 Olivier Fourdan 2016-09-07 12:04:50 UTC

Created attachment 334979 [details] [review]
[PATCH] systray: Bail out if the plug window is gone

Same as downstream bug https://bugzilla.redhat.com/show_bug.cgi?id=1372287

A safe fix could be to simply check if the return window is non NULL and bail out in that case, at least it won't crash gnome-shel lanymore.

Would that be acceptable?

Comment 2 Rui Matos 2016-09-07 16:31:24 UTC

Review of attachment 334979 [details] [review]:

If I'm reading the code correctly (which I might not because this code _is_ hairy) I don't see how the JS code can be calling shell_tray_icon_click() after the plug is gone since that should have triggered the NaTrayManager to emit ::tray-icon-removed which should result in ShellTrayManager emitting its own ::tray-icon-removed and finally the JS code destroying the StButton that emits the events which cause shell_tray_icon_click() to be called.

Anyway, since this fixes a crash I think we should get it in.

Comment 3 Olivier Fourdan 2016-09-08 10:09:25 UTC

Comment on attachment 334979 [details] [review]
[PATCH] systray: Bail out if the plug window is gone

attachment 334979 [details] [review] pushed on git master as commit 0b6c5b4 - systray: Bail out if the plug window is gone