Bug 85060

Summary: notification area segv
Product: [Retired] Red Hat Linux Reporter: Matt Wilson <msw>
Component: gnome-panelAssignee: Havoc Pennington <hp>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: otaylor
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-10-21 20:11:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 79578, 100643    

Description Matt Wilson 2003-02-25 06:47:24 UTC 
(gdb) bt
#0  0xffffe002 in ?? ()
#1  0x401affa7 in libgnomeui_segv_handle (signum=-512) at gnome-ui-init.c:646
#2  <signal handler called>
#3  0x40675eb9 in gdk_x11_drawable_get_xid (drawable=0x0)
    at gdkdrawable-x11.c:928
#4  0x405b6d7d in send_xembed_message (socket=0x0, message=-512, detail=-512,
    data1=-512, data2=-512, time=4294966784) at gtksocket.c:1079
#5  0x405b627c in socket_update_active (socket=0x0) at gtksocket.c:714
#6  0x408a0754 in g_cclosure_marshal_VOID__PARAM (closure=0x0,
    return_value=0x0, n_param_values=2, param_values=0x8dc,
    invocation_hint=0xbfffd9a8, marshal_data=0x0) at gmarshal.c:531
#7  0x4088ced7 in g_closure_invoke (closure=0x0, return_value=0xfffffe00,
    n_param_values=4294966784, param_values=0xfffffe00,
    invocation_hint=0xfffffe00) at gclosure.c:437
#8  0x4089f983 in signal_emit_unlocked_R (node=0x8052658, detail=517,
    instance=0x809c090, emission_return=0x0, instance_and_params=0xbfffdaa0)
    at gsignal.c:2822
#9  0x4089e9a8 in g_signal_emit_valist (instance=0x809c090, signal_id=1,
    detail=517, var_args=0xbfffdc30 "") at gsignal.c:2554
#10 0x4089ebe4 in g_signal_emit (instance=0xfffffe00, signal_id=4294966784,
    detail=4294966784) at gsignal.c:2612
#11 0x4088f1c5 in g_object_dispatch_properties_changed (object=0x809c090,
    n_pspecs=1, pspecs=0x1) at gobject.c:464
---Type <return> to continue, or q <return> to quit---
#12 0x4088e84f in g_object_notify_dispatcher (object=0x0, n_pspecs=4294966784,
    pspecs=0xfffffe00) at gobject.c:228
#13 0x40893827 in g_object_notify_queue_thaw (object=0x809c090,
    nqueue=0x80551e0) at gobjectnotifyqueue.c:123
#14 0x4088f470 in g_object_notify (object=0x809c090,
    property_name=0x4062cb92 "is_active") at gobject.c:530
#15 0x405b2ed8 in _gtk_window_set_is_active (window=0x809c090,
    is_active=-1073750880) at gtkwindow.c:6809
#16 0x405b4e25 in handle_xembed_message (plug=0x809c090, message=0,
    detail=-1073750880, data1=0, data2=0, time=0) at gtkplug.c:1008
#17 0x405b4fb0 in gtk_plug_filter_func (gdk_xevent=0x809c090,
    event=0xfffffe00, data=0x809c090) at gtkplug.c:1074
#18 0x40677048 in gdk_event_apply_filters (xevent=0xbfffdf20, event=0x809c090,
    filters=0x8055030) at gdkevents-x11.c:299
#19 0x40678c3c in gdk_event_translate (display=0x80639f8, event=0x8124878,
    xevent=0xbfffdf20, return_exposes=0) at gdkevents-x11.c:814
#20 0x40678ee6 in _gdk_events_queue (display=0x80639f8) at gdkevents-x11.c:1952
#21 0x406790ed in gdk_event_dispatch (source=0xfffffe00, callback=0,
    user_data=0x0) at gdkevents-x11.c:2012
#22 0x408e0b35 in g_main_dispatch (context=0x8065728) at gmain.c:1653
#23 0x408e1b78 in g_main_context_dispatch (context=0x80639f8) at gmain.c:2197
#24 0x408e1e8d in g_main_context_iterate (context=0x8065728, block=1,
    dispatch=1, self=0x8054c48) at gmain.c:2278
---Type <return> to continue, or q <return> to quit---
#25 0x408e258f in g_main_loop_run (loop=0x8061508) at gmain.c:2498
#26 0x40752328 in bonobo_main () from /usr/lib/libbonobo-2.so.0
#27 0x407503f4 in bonobo_generic_factory_main () from /usr/lib/libbonobo-2.so.0
#28 0x40029a4a in panel_applet_factory_main_closure ()
   from /usr/lib/libpanel-applet-2.so.0
#29 0x40029b73 in panel_applet_factory_main ()
   from /usr/lib/libpanel-applet-2.so.0
#30 0x0804b9e5 in main ()
#31 0x420154d4 in __libc_start_main () from /lib/tls/libc.so.6
(gdb)
Comment 1 Havoc Pennington 2003-02-25 06:52:41 UTC 
<msw> hp: I was just sitting there
<msw> hp: it came up 1 pixel wide
<msw> hp: I right clicked on the 1 pixel in order to quit rhn
<msw> hp: then I went and added the rhn applet again
<msw> hp: and a little while later it crashed
Comment 2 Havoc Pennington 2003-02-25 06:56:03 UTC 
<msw> hah!
<msw> duplicated!
<msw> I had to log in N times to get it to be 1 pixel wide again
<msw> right click on the notification icon, exit, then system
tools->notification applet
Comment 3 Havoc Pennington 2003-02-25 08:06:01 UTC 
The situation seems to be a socket that's inside a plug that's inside a socket. 
Outermost socket activates the plug, which changes is_active, which then 
invokes socket_update_active(). So the innermost socket is in same process 
as the plug. The plug must be the applet and the socket is the system tray slot.

Trying to see some reason socket_update_active wouldn't be removed 
while socket was invalid. Wild theory: hierarchy-changed is not received when
destroying the system 
tray slot, because GTK_ANCHORED flag is not set on GtkPlug, and there's code
in gtk_widget_unparent() that only does the hierarchy-changed if the 
toplevel for the window (in this case the plug) has GTK_ANCHORED set.
If hierarchy-changed is not received when destroying the system tray slot 
socket, then socket_update_active() callback would not be removed
and we would get a crash like this.

That has to be crack though because it doesn't explain why it only happens
sometimes; you'd expect it to crash any time you focused the 
applet after removing a tray icon. Probably 3am nonsense.
Comment 4 Owen Taylor 2003-02-25 16:14:32 UTC 
In general, the ANCHORED flag is set on GtkPlug; it inherits from
GtkWindow and GtkWindow sets it in it's _init(). There might
be some problems if you reused a plug from in-process 
out-of-process. I'm not we update the flag properly when 
we make the GtkPlug a toplevel again, but that shouldn't matter
here.
Comment 5 Alexander Larsson 2003-10-10 10:34:40 UTC 
Isn't this bug just the 1 pixel wide bug which has been fixed?
Comment 6 Matt Wilson 2003-10-21 20:11:17 UTC 
yea, I've not been able to reproduce it anymore.