gnome-panel crashed with SIGSEGV in gtk_widget_show()

StacktraceTop:IA__gtk_widget_show (widget=0x1eac8d0)
g_closure_invoke ()
?? () from /usr/lib/libgobject-2.0.so.0
g_signal_emit_valist ()
g_signal_emit () from /usr/lib/libgobject-2.0.so.0

this could be related to bug 353767

Ted, several of those bugs seem to indicate indicator applet issues, could it be that the gnome-panel change is crashing when the indicator-applet has issues? Could you have a look to the issue there?

Regarding indicator applet issues: update-notifier on my system does not give me a notification when there are updates available. I checked with ps aux and it is running. I killed it and restarted it from a terminal with simply 'update-notifier' and in the panel I see a thin black line which then disappears. I had first checked with the update manager and there are updates to install.

Also, I note that I have had crashes since my last post, but they have only been while running freecell from the aisleriot package.

On Wed, 2009-10-28 at 08:59 +0000, Sebastien Bacher wrote:
> Ted, several of those bugs seem to indicate indicator applet issues,
> could it be that the gnome-panel change is crashing when the indicator-
> applet has issues? Could you have a look to the issue there?

I don't see anything indicator-applet related in the stack trace, and in
theory, the gnome-panel binary should protected from anything that
indicator-applet could do via Bonobo. So it seems unlikely that
something in the indicator-applet itself could be the cause.

I was curious about the patch that we've applied to hide the system
items when indicator-applet-session gets removed. The reason I think it
may be suspect is that the crash is happening in panel applet remove,
but the function is gtk_widget_show() -- it's atypical that you'd show
something on a destroy. But, infact that's what the FUSA patch does
when FUSA is removed.

It looks like the gtk_widget_show() is being called directly from the
marshaller, which would mean that the show function itself would need to
be the callback function. All of the signal handlers in the patch use a
wrapper function to check which applet is being requested. But, it's
possible that the compilers is doing a tail-recursion optimization...

All in all, that's a long way of saying: I'm not sure what's causing
this. But I think that the system item removal patch is suspect. It
could be made more bullet-proof in that it could attach signal handlers
to the widgets to ensure they aren't destroyed anytime. I'm not sure
why that'd be happening though, and why would wouldn't have seen this on
Jaunty and Intrepid as well. And it seems like a big change for a
Karmic update. Thoughts?

When I got the crash, it said the the "Indicator applet" has crashed.

Short on ideas, but here is an interesting fact.
When logging into my account for the first time, this error popped up. After reporting it, I went back and added another Indicator Applet (just outside of Notification Area 2.28.0, the one with the Volume and UbuntuOne applets) to my top panel. After a restart there was no indicator in the Notification Area still, but the Indicator Applet which I added was there and working.
Hope it helps to narrow the search somehow.

P.S. Later on the UbuntuOne applet disappeared from the Notification Area 2.28.0! (Upon changing to the default desktop theme)

I had this problem too. I've only had this problem very few times and started when I first used Jaunty.
I wonder if it's related to the programs I had done and had opened when I last logged off? I had a pdf viewer (evince, I think) and was trying out a "wmblob" program which was still open when I shutdown. Also, I tried a workaround for another bug before shutting down (https://bugs.launchpad.net/ubuntu/karmic/+source/udev/+bug/463347). After that, I tried a livecd (which shouldn't affect anything, right?), and when I rebooted after that, the crash and only the pdf viewer were there.

just a minor irritation.

Tony, I am sure you meant to help us somehow. Any ideas about this issue?

Zeniff, just like in your case the applet crashed between logging in for the very first time and before I was able to run any programmes. My guess gnome panel 2.28 has some unresolved compatibility issues. Keep in mind that this problem might affect Lucid release. We don't want to greet new Ubuntu users with a crash reporting procedure :)

P.S. UbuntuOne disappearance was obviously related to the settings. The icon is set to hind when not in use. Soz ;)

I had just inserted a floppy disk in the floppy drive?

Is anybody able to reproduce this with Lucid? there's no reports coming from that release, thanks all.

I can confirm that similar crash happened in Lucid. It happened only once, although it was not as big of a problem as updating the kernel. Sorry, I don't have any technical info.

the crash is due to the Ubuntu change to mask the system menu session actions when the session indicator is in the configuration

I have investigated this a bit. Based on stack traces the crash happens here:

void
gtk_widget_show (GtkWidget *widget)
{
  g_return_if_fail (GTK_IS_WIDGET (widget)); <==== line 3005

I'm assuming that the signal for this is attached here in gnome-panel/panel-toplevel.c (line 2740):

signals [i++] = g_signal_connect_swapped (
           toplevel->priv->attach_widget, "show",
           G_CALLBACK (gtk_widget_show), toplevel);

And before the "show" signal is emitted, panel_applet_destroy() is called from gnome-panel/applet.c. I'm guessing there's a race condition which makes it possible to destroy PanelToplevel object and after that send a show signal to the destroyed object.

I haven't been able to reproduce the problem myself, all tips how to do it would help.

I tried to reproduce over an hour, without luck. I was able to crash gnome-panel once with a different strack trace, it crashed in gtk_widget_hide(). Might be related to this, though. I'll file a separate bug report about that one.

Back to this bug. The event was emitted from applet.c line 741:

static void
panel_applet_destroy (GtkWidget *widget,
        AppletInfo *info)
{
 GList *l;

 g_return_if_fail (info != NULL);

 info->widget = NULL;

 registered_applets = g_slist_remove (registered_applets, info);
 panel_applet_signaler_remove_applet(info); <==== line 741

 queued_position_saves =
  g_slist_remove (queued_position_saves, info);

 if (info->type == PANEL_OBJECT_DRAWER) {
  Drawer *drawer = info->data;

panel_applet_signaler_remove_applet() emits applet removed signal:

+ g_signal_emit(signaler, signals[APPLET_REMOVED], NULL, applet);

But as I said in comment #17, the crash seems to happen in "show" event handler. I don't yet understand how this happens.

I have tried still to reproduce this, but no luck. The timing, or the combination of events, to trigger this seems to very tricky.

I'm taking a look through this and I'm still not sure what the problem is yet, but there are a couple things that concern me a little bit and seem like they could be related.

default_signaler is never unref'd anywhere, and the signals that are connected to it are never disconnected anywhere. I'm worried that these signals might be triggered and are passing in objects that may no longer exist, but the pointers that were registered as as the user_data on the signal connections are still pointing to those old memory addresses. As Kalle points out, gtk_widget_show() is crashing on g_return_if_fail() and the only reason I can think of that this might happen is illegal memory access.

Okay, something is b0rked in the Launchpad merge request. Here's an updated version of 25_dynamic_fusa_detection.patch that I'm proposing.

Updated of the previous patch. There was one other place where I didn't add a weak reference to, and this patch adds that.

This bug was fixed in the package gnome-panel - 1:2.30.0-0ubuntu1

---------------
gnome-panel (1:2.30.0-0ubuntu1) lucid; urgency=low

  * New upstream version
  * debian/patches/25_dynamic_fusa_detection.patch:
    - update by Cody Russell to try to fix a crasher in the change
      (lp: #448084)
  * debian/patches/70_relibtoolize.patch:
    - new version update
 -- Sebastien Bacher <email address hidden> Tue, 30 Mar 2010 11:59:32 +0200