unity-panel-service crashed with SIGSEGV in g_type_check_instance_cast()

Bug #851954 reported by Chito Tuason on 2011-09-16
This bug affects 9 people
Affects Status Importance Assigned to Milestone
Fix Released
Won't Fix
unity (Ubuntu)

Bug Description

Clicking minimize/maximize button

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: unity-services 4.16.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-11.18-generic-pae 3.0.4
Uname: Linux 3.0.0-11-generic-pae i686
NonfreeKernelModules: fglrx

ApportVersion: 1.23-0ubuntu1
Architecture: i386
CompizPlugins: [core,bailer,detection,composite,opengl,compiztoolbox,decor,regex,place,move,snap,mousepoll,vpswitch,imgpng,resize,animation,gnomecompat,wall,grid,session,expo,workarounds,fade,scale,unitymtgrabhandles,ezoom,unityshell]
CompositorRunning: compiz
Date: Fri Sep 16 22:33:42 2011
DistUpgraded: Log time: 2011-09-02 07:18:36.314818
DistroCodename: oneiric
DistroVariant: ubuntu
ExecutablePath: /usr/lib/unity/unity-panel-service
 ATI Technologies Inc AMD Radeon HD 6310 GraphicsATI [1002:9802] (prog-if 00 [VGA controller])
   Subsystem: Micro-Star International Co., Ltd. Device [1462:1096]
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha i386 (20110829.1)
JockeyStatus: xorg:fglrx - ATI/AMD proprietary FGLRX graphics driver (Proprietary, Enabled, In use)
MachineType: Micro-Star International Co., Ltd. U270 series
ProcCmdline: /usr/lib/unity/unity-panel-service
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.0.0-11-generic-pae root=UUID=03e6764f-ef12-44b9-a857-a1e1eedd9231 ro quiet splash vt.handoff=7
 Segfault happened at: 0xb70ae8df <g_type_check_instance_cast+15>: call 0xb7082e17
 PC (0xb70ae8df) ok
 source "0xb7082e17" (0xb7082e17) ok
 destination "(%esp)" (0xbf502000) not located in a known VMA region (needed writable region)!
 Stack memory exhausted (SP below stack segment)
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: unity
 g_type_check_instance_cast () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
 gtk_menu_popdown () from /usr/lib/libgtk-3.so.0
 ?? () from /usr/lib/libgtk-3.so.0
 g_cclosure_marshal_VOID__VOID () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
 ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
Title: unity-panel-service crashed with SIGSEGV in g_type_check_instance_cast()
UpgradeStatus: Upgraded to oneiric on 2011-09-16 (0 days ago)
UserGroups: adm admin cdrom dialout libvirtd lpadmin plugdev sambashare
dmi.bios.date: 05/23/2011
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: E1245AMS.10H
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: MS-1245
dmi.board.vendor: Micro-Star International Co., Ltd.
dmi.board.version: Ver 1.000
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 10
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrE1245AMS.10H:bd05/23/2011:svnMicro-StarInternationalCo.,Ltd.:pnU270series:pvrE1245AMS.10H:rvnMicro-StarInternationalCo.,Ltd.:rnMS-1245:rvrVer1.000:cvnToBeFilledByO.E.M.:ct10:cvrToBeFilledByO.E.M.:
dmi.product.name: U270 series
dmi.product.version: E1245AMS.10H
dmi.sys.vendor: Micro-Star International Co., Ltd.
version.compiz: compiz 1:
version.fglrx-installer: fglrx-installer N/A
version.libdrm2: libdrm2 2.4.26-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 7.11-0ubuntu3
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 7.11-0ubuntu3
version.xserver-xorg: xserver-xorg 1:7.6+7ubuntu7
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.6.0-1ubuntu13
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.99~git20110811.g93fc084-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.15.901-1ubuntu2
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20110411+8378443-1

Related branches

Chito Tuason (chitotuason) wrote :

 g_type_check_instance_cast (type_instance=0x921dca0, iface_type=147557224) at /build/buildd/glib2.0-2.29.90/./gobject/gtype.c:3977
 gtk_menu_popdown (menu=0x921dca0) at /build/buildd/gtk+3.0-3.1.90/./gtk/gtkmenu.c:1808
 gtk_menu_deactivate (menu_shell=0x921dca0) at /build/buildd/gtk+3.0-3.1.90/./gtk/gtkmenu.c:4636
 g_cclosure_marshal_VOID__VOID (closure=0x8cb8888, return_value=0x0, n_param_values=1, param_values=0x954c3c0, invocation_hint=0xbf502210, marshal_data=0xb7460e50) at /build/buildd/glib2.0-2.29.90/./gobject/gmarshal.c:85
 g_type_class_meta_marshal (closure=0x8cb8888, return_value=0x0, n_param_values=1, param_values=0x954c3c0, invocation_hint=0xbf502210, marshal_data=0x1ec) at /build/buildd/glib2.0-2.29.90/./gobject/gclosure.c:885

Changed in unity (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Mirco Müller (macslow) on 2011-09-28
Changed in unity (Ubuntu):
importance: Medium → Critical
status: New → Triaged
milestone: none → ubuntu-11.10
Didier Roche (didrocks) on 2011-09-30
Changed in unity:
status: New → Triaged
Michael Terry (mterry) wrote :

OK, this one is a bit silly and it's my fault.

In unity's services/panel-service.c, I added this line:
          g_signal_connect (priv->last_menu, "deactivate", G_CALLBACK (gtk_widget_destroy), NULL);

But destroying the widget causes dispose to be run, and GtkMenuShell's dispose causes "deactivate" to run.

I'm pretty sure I tested this code and didn't get this behavior. So either this sequence changed or I'm misremembering. Regardless, it's like that now.

The fix should be to disconnect the signal handler when we get that signal. I'll work on a patch.

Michal Hruby (mhr3) on 2011-11-11
Changed in unity:
status: Triaged → In Progress
visibility: private → public
Didier Roche (didrocks) on 2011-11-22
Changed in unity (Ubuntu):
status: Triaged → In Progress
Changed in unity:
status: In Progress → Fix Committed
Omer Akram (om26er) on 2011-12-08
Changed in unity:
importance: Undecided → High
Changed in unity (Ubuntu):
importance: Critical → High
status: In Progress → Fix Committed
milestone: ubuntu-11.10 → none
milestone: none → oneiric-updates
Omer Akram (om26er) on 2012-01-20
Changed in unity (Ubuntu):
milestone: oneiric-updates → none
Changed in unity:
status: Fix Committed → Fix Released
Changed in unity (Ubuntu):
status: Fix Committed → Fix Released
Changed in unity (Ubuntu Oneiric):
importance: Undecided → High
status: New → Triaged
Stephen M. Webb (bregma) on 2013-08-06
Changed in unity (Ubuntu Oneiric):
status: Triaged → Won't Fix
To post a comment you must log in.