After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 787361 - SEGV in g_type_check_instance_cast() called by shell_gtk_embed_window_created_cb()
SEGV in g_type_check_instance_cast() called by shell_gtk_embed_window_created...
Product: gnome-shell
Classification: Core
Component: general
Other Linux
: Normal normal
: ---
Assigned To: gnome-shell-maint
: 784355 (view as bug list)
Depends on:
Reported: 2017-09-06 12:40 UTC by Julian Andres Klode
Modified: 2017-12-19 00:13 UTC
See Also:
GNOME target: ---
GNOME version: ---

gtk-embed: stop watching for new windows when icon is unmapped (6.76 KB, patch)
2017-09-12 17:37 UTC, Ray Strode [halfline]
none Details | Review
gtk-embed: ensure we only listen for window-created events once (3.93 KB, patch)
2017-09-14 18:51 UTC, Ray Strode [halfline]
committed Details | Review

Description Julian Andres Klode 2017-09-06 12:40:19 UTC
IIRC, this way Wayland, but it has x11 in there, and I just had the crash in X11. 

gnome-shell: 3.25.91
mutter: ce515c5 + dd4ad4efc419e9f1f00477116fbfee8fba7fff25 cherry-picked

  • #0 g_type_check_instance_cast
    at ../../../../gobject/gtype.c line 4052
  • #1 shell_gtk_embed_window_created_cb
    at ../src/shell-gtk-embed.c line 67
  • #5 <emit signal ??? on instance 0x5621ea6a5c00 [MetaDisplay]>
    at ../../../../gobject/gsignal.c line 3447
  • #6 meta_display_notify_window_created
    at core/display.c line 1716
  • #7 _meta_window_shared_new
    at core/window.c line 1277
  • #8 meta_window_x11_new
    at x11/window-x11.c line 3048
  • #9 handle_other_xevent
    at x11/events.c line 1365
  • #10 meta_display_handle_xevent
    at x11/events.c line 1784
  • #11 xevent_filter
    at x11/events.c line 1823
  • #12 gdk_event_apply_filters
    at ././gdk/x11/gdkeventsource.c line 79
  • #13 gdk_event_source_translate_event
    at ././gdk/x11/gdkeventsource.c line 198
  • #14 _gdk_x11_display_queue_events
    at ././gdk/x11/gdkeventsource.c line 341
  • #15 gdk_display_get_event
    at ././gdk/gdkdisplay.c line 438
  • #16 gdk_event_source_dispatch
    at ././gdk/x11/gdkeventsource.c line 363
  • #17 g_main_dispatch
    at ../../../../glib/gmain.c line 3148
  • #18 g_main_context_dispatch
    at ../../../../glib/gmain.c line 3813
  • #19 g_main_context_iterate
    at ../../../../glib/gmain.c line 3886
  • #20 g_main_loop_run
    at ../../../../glib/gmain.c line 4082
  • #21 meta_run
    at core/main.c line 648
  • #22 main
    at ../src/main.c line 462

Comment 1 Julian Andres Klode 2017-09-09 19:59:27 UTC
Here's a downstream Ubuntu bug:

(me used Debian)
Comment 2 Julian Andres Klode 2017-09-12 08:50:04 UTC
This is a potential security issue, it just crashed while the screen was locked, revealing the screen content, maybe because network went up again (it was suspended) and chrome put out some notifications (windows).
Comment 3 Ray Strode [halfline] 2017-09-12 17:37:29 UTC
Created attachment 359653 [details] [review]
gtk-embed: stop watching for new windows when icon is unmapped

Right now an icon could map itself, unmap itself, then remap itself,
and we'd end up leaking a signal handler to watch for new windows.

Later if the icon gets destroyed the handler will get called with
freed memory.

This commit fixes that by connecting to "unmap" instead of "destroy"
Comment 4 Ray Strode [halfline] 2017-09-12 17:38:08 UTC
^ this is an untested patch that may be the cause of the crash. just a guess from reading through the code.
Comment 5 Julian Andres Klode 2017-09-13 09:29:36 UTC
I applied the patch at around 18:00 UTC and used it until 00:00 UTC without any crashes, so it seems to be solving the issue.
Comment 6 Julian Andres Klode 2017-09-13 10:15:13 UTC
Hmm, now the icons became invisible, but are still clickable. So I guess I reached a point where it would have crashed previously, but now it forgets icons.
Comment 7 Julian Andres Klode 2017-09-13 10:19:23 UTC
journalctl says:

Sep 13 11:53:23 jak-x230 gnome-shell[2266]: _shell_embedded_window_map: assertion 'SHELL_IS_EMBEDDED_WINDOW (window)' failed
Sep 13 11:53:23 jak-x230 gnome-shell[2266]: _shell_embedded_window_map: assertion 'SHELL_IS_EMBEDDED_WINDOW (window)' failed
Sep 13 11:53:24 jak-x230 gnome-shell[2266]: _shell_embedded_window_unmap: assertion 'SHELL_IS_EMBEDDED_WINDOW (window)' failed
Sep 13 11:53:24 jak-x230 gnome-shell[2266]: _shell_embedded_window_unmap: assertion 'SHELL_IS_EMBEDDED_WINDOW (window)' failed
Comment 8 Julian Andres Klode 2017-09-14 11:36:31 UTC
So, after some more time I can say that it's really stable (both X11 and Wayland), just the icons disappear occasionally. Well, disappear is a strong word - space is still reserved, it's still interactable, just the pixmap or whatever is missing :)
Comment 9 Ray Strode [halfline] 2017-09-14 18:50:58 UTC
i'm a little shaky on what's going on but try this one instead!
Comment 10 Ray Strode [halfline] 2017-09-14 18:51:16 UTC
Created attachment 359808 [details] [review]
gtk-embed: ensure we only listen for window-created events once

If a tray icon gets a mapped and unmapped and the mapped again
in quick succession, we can end up with multiple handlers
listening for window creation events.

This commit tries to guard against that by only listening for
window-created events when we don't  know the actor associated
with the icon.
Comment 11 Julian Andres Klode 2017-09-14 20:02:23 UTC
Built & started. Will report back later.
Comment 12 Julian Andres Klode 2017-09-17 18:29:35 UTC
I've noticed no crashes nor any regression with the new patch in the past 3 days, so it seems good to go :)
Comment 13 Florian Müllner 2017-09-17 21:15:42 UTC
Review of attachment 359808 [details] [review]:

Comment 14 Ray Strode [halfline] 2017-09-18 14:16:19 UTC
Attachment 359808 [details] pushed as 90c55e1 - gtk-embed: ensure we only listen for window-created events once
Comment 15 Florian Müllner 2017-09-19 15:42:35 UTC
*** Bug 784355 has been marked as a duplicate of this bug. ***
Comment 16 Adam Williamson 2017-12-19 00:06:36 UTC
Per , this affects 3.24 (in Fedora 26). It would be good to apply this fix to the 3.24 branch and perhaps ship a new release so other distros pick up the fix; I'm planning to backport the fix for F26 as a downstream patch in the package build.
Comment 17 Adam Williamson 2017-12-19 00:13:10 UTC
Correct: Florian already applied it as a patch downstream in Fedora 26, so Fedora 26 is fixed, but other distros on 3.24 or older branches may still not have the fix.