FS#37302 - [gtk3][gnome-shell] crash due to double free in gtkicontheme.c

Attached to Project: Arch Linux
Opened by Sebastián Peyrott (Pse) - Saturday, 12 October 2013, 06:56 GMT
Last edited by Jan Alexander Steffens (heftig) - Tuesday, 15 October 2013, 23:50 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 5
Private No

Details

Description:
Since the update to gtk3-3.10.1-1, Gnome Shell has been crashing when showing the activities view (which makes Gnome unusable). Reverting to gtk3-3.10.0-2 fixes the problem. I traced the crash to a commit added in 3.10.1 and reported the bug upstream, however since this could make Gnome Shell unusable for those who experience the crash, it may be worth it to add the patch to the package until a proper upstream fix and/or release is issued.

Additional info:
* gtk3-3.10.1-1
* gnome-shell 3.10.0.1-1
* All the gritty details can be found in the upstream report: https://bugzilla.gnome.org/show_bug.cgi?id=709967
* Backtrace:

Program received signal SIGABRT, Aborted.
0x00000034b74353d9 in raise () from /usr/lib/libc.so.6
#0 0x00000034b74353d9 in raise () from /usr/lib/libc.so.6
#1 0x00000034b74367d8 in abort () from /usr/lib/libc.so.6
#2 0x000000315ea63f30 in g_slice_free1 () from /usr/lib/libglib-2.0.so.0
#3 0x000000315ea351d6 in g_clear_error () from /usr/lib/libglib-2.0.so.0
#4 0x00007f452b3b456d in gtk_icon_info_finalize () from /usr/lib/libgtk-3.so.0
#5 0x000000315ee1506a in g_object_unref () from /usr/lib/libgobject-2.0.so.0
#6 0x000000315f67a2c5 in ?? () from /usr/lib/libgio-2.0.so.0
#7 0x000000315ee1506a in g_object_unref () from /usr/lib/libgobject-2.0.so.0
#8 0x000000315ea45338 in ?? () from /usr/lib/libglib-2.0.so.0
#9 0x000000315ea45887 in ?? () from /usr/lib/libglib-2.0.so.0
#10 0x000000315ea48290 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#11 0x000000315ea48598 in ?? () from /usr/lib/libglib-2.0.so.0
#12 0x000000315ea4899a in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#13 0x0000003168a619d1 in meta_run () from /usr/lib/libmutter.so.0
#14 0x0000000000401d21 in ?? ()
#15 0x00000034b7421bc5 in __libc_start_main () from /usr/lib/libc.so.6
#16 0x0000000000401e21 in ?? ()


Steps to reproduce:
1) Upgrate to gtk3-3.10.1-1
2) Reboot or log out all sessions and login again or restart the display manager.
3) Move the pointer to the top left corner (activities area) or press the activities key in Gnome Shell.
4) Crash.
   gtkicontheme-double-free.diff (1 KiB)
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Tuesday, 15 October 2013, 23:50 GMT
Reason for closing:  Fixed
Additional comments about closing:  gtk3 3.10.1-2
Comment by Alfonso (euoar) - Saturday, 12 October 2013, 14:57 GMT
Having the same issue here, making the system unusable. As a temporal fix, I downgraded to the previous package version which still runs fine. The downgrade run smoothly, apparently no other packages depended on the new version.
Comment by Zach Jibben (threeofsix) - Saturday, 12 October 2013, 17:32 GMT
Same here. When I go into activities, then list applications, then click "all" next to "frequent", GNOME crashes every time. Downgrading to the version you mentioned does indeed solve the problem, thanks.
Comment by ridams (ridams) - Saturday, 12 October 2013, 21:40 GMT
same here and downgrading gtk resolve also the problem
Comment by Peter Weber (hoschi) - Sunday, 13 October 2013, 09:47 GMT
I'm not affected. What grahics-driver is your system using?
Comment by Ionut Biru (wonder) - Sunday, 13 October 2013, 10:11 GMT
do you guys use the default theme for gtk and gnome-shell?
Comment by ridams (ridams) - Sunday, 13 October 2013, 14:59 GMT
me yes, the default one
Comment by Sebastián Peyrott (Pse) - Sunday, 13 October 2013, 16:21 GMT
Yes, the default one (Adwaita). As explained in the upstream report, this is a double-free bug. G_SLICE allocations of certain sizes use a custom allocator (i.e. they don't go through malloc), so the chances of triggering a crash are related to the way memory is laid out in the custom allocator pool. If you want to increase the chances of seeing the crash, add the following global environment variable:

G_SLICE=debug-blocks

You can also try G_SLICE=always-malloc and use Valgrind, but it will be slower.

To those who are experiencing the crash, it'd be useful to add your comments in the upstream report.

Edit: after changing G_SLICE remember to reboot or do whatever is necessary to make sure Gnome Shell is launched in the environment with the variable set.
Comment by Alfonso (euoar) - Sunday, 13 October 2013, 16:32 GMT
Default themes here too. Comment added to the upstream bug.
Comment by Sebastián Peyrott (Pse) - Sunday, 13 October 2013, 23:47 GMT
New patch with upstream's suggestions. Obsoletes the old patch.
   gtkicontheme-double-free.diff (0.7 KiB)
Comment by Philipe Reis (phireis) - Monday, 14 October 2013, 16:12 GMT
Same here. Downgrading gtk3 solved too. Strangely, in another computer, upgraded too, I'm not affected. Both computers use intel graphics, the affected one is a laptop with hd3000, the other is a desktop with hd4000.
Comment by Sebastián Peyrott (Pse) - Monday, 14 October 2013, 18:44 GMT
More reports of affected users here: https://bbs.archlinux.org/viewtopic.php?id=171257
Comment by Sebastián Peyrott (Pse) - Monday, 14 October 2013, 19:33 GMT
Patched gtk3 x86_64 build: https://s3.amazonaws.com/Public-Arch/gtk3-3.10.1-1-x86_64.pkg.tar.xz
Comment by Sebastián Peyrott (Pse) - Tuesday, 15 October 2013, 14:16 GMT
Fix committed in Gtk master: https://git.gnome.org/browse/gtk+/commit/?id=d967266b772f3050dffae98aa449128f63055fc4
Edit: don't apply the fix in master, there appears to be a mistake, wait for review.

Loading...