[3.28] Gnome shell crashes during display close / restart in meta_display_list_windows
Starting from commit 2e64457f4c85a8e2e0991bce7c2ead869abd594a in gnome-3-28, there are crashes during Alt+f2 -> r
as removing the window actors when the screen has already been destroyed will cause the shell to access to invalid memory regions.
This is the JS trace (caused by an extension, but actually the same code is in the shell, so it could be caused by the shell itself too):
#0 0x00007f346af7693e in g_type_check_instance_is_a (type_instance=type_instance@entry=0x55e414773650, iface_type=<optimized out>) at ../../../../gobject/gtype.c:4013
node = <optimized out>
iface = <optimized out>
check = <optimized out>
#1 0x00007f34691949f1 in meta_display_list_windows (display=0x55e41470f990, flags=flags@entry=META_LIST_DEFAULT) at core/display.c:1039
__inst = 0x55e414773650
__t = <optimized out>
__r = <optimized out>
window = 0x55e414773650
winlist = 0x0
prev = <optimized out>
tmp = <optimized out>
iter = {dummy1 = 0x55e41461a640, dummy2 = 0x7f346b9891ef, dummy3 = 0x0, dummy4 = 0, dummy5 = 1564549123, dummy6 = 0x55e4000004ec}
key = 0x55e41677bc10
value = 0x55e414773650
#2 0x00007f34691b9fea in meta_workspace_list_windows (workspace=0x55e4144048c0) at core/workspace.c:707
display_windows = <optimized out>
l = <optimized out>
workspace_windows = <optimized out>
#3 0x00007f3464f6bdae in ffi_call_unix64 () at ../src/x86/unix64.S:76
No locals.
#4 0x00007f3464f6b71f in ffi_call (cif=cif@entry=0x55e415a8f5f8, fn=<optimized out>, rvalue=<optimized out>, rvalue@entry=0x7fffd098c048, avalue=avalue@entry=0x7fffd098bf30) at ../src/x86/ffi64.c:525
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: == Stack trace for context 0x55c4534674c0 ==
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #0 0x55c4537ed038 i /usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/theming.js:479 (0x7f71e459b560 @ 210)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #1 0x7ffc64834670 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #2 0x55c4537ecfa0 i /usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/theming.js:451 (0x7f71e459b4d8 @ 23)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #3 0x7ffc64835250 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #4 0x55c4537ecf18 i /usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/theming.js:447 (0x7f71e459b3c8 @ 117)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #5 0x7ffc64835e40 I resource:///org/gnome/gjs/modules/_legacy.js:82 (0x7f72382b5de0 @ 71)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #6 0x7ffc64835f10 b self-hosted:918 (0x7f72382f12b8 @ 394)
giu 21 19:44:08 tricky org.gnome.Shell.desktop[32227]: #7 0x55c4537ecea0 i resource:///org/gnome/shell/ui/main.js:206 (0x7f72382da4d8 @ 12)
Basically this func is triggered by a actor-removed
signal mission by the window-group.
During the callback we try to access global.screen.get_active_workspace()
, however this happens when meta_screen_free
has already been called, and so the active workspace returned is actually invalid.