Public bug reported:
## Summary
GNOME Shell crashes with heap corruption after ejecting a CD. The ubuntu-dock
extension attempts to access a GProxyVolume object that has already been
disposed, causing memory corruption that leads to a crash.
## Steps to Reproduce
1. Insert an audio CD
2. Eject the CD (via eject button, file manager, or application like whipper)
3. GNOME Shell crashes immediately (within seconds)
## Environment
- Ubuntu 25.10 (Questing)
- GNOME Shell 49.0
- gnome-shell-extension-ubuntu-dock 102ubuntu1
## Journal Log (relevant excerpts)
**First CD eject (12:07) - errors but no crash:**
```
Dec 23 12:07:16 lappy2 gnome-shell[5007]: glibtop(c=5007): [WARNING] statvfs
'/run/user/1000/gvfs/cdda:host=sr0' failed: No such file or directory
Dec 23 12:07:17 lappy2 gnome-shell[5007]: Object GProxyVolume (0x5b9bc9530a30),
has been already disposed — impossible to access it. This might be caused by
the object having been destroyed from C code using something such as destroy(),
dispose(), or remove() vfuncs.
== Stack trace for context
0x5b9bc1aeeeb0 ==
#0 5b9bc1bbb7a8 i
file:///usr/share/gnome-shell/extensions/[email protected]/locations.js:504
(2794e1aff290 @ 86)
#1 5b9bc1bbb6e0 i
file:///usr/share/gnome-shell/extensions/[email protected]/locations.js:316
(2794e1af8e20 @ 527)
Dec 23 12:07:17 lappy2 gnome-shell[5007]: Impossible to update icon for
location:undefined: Gio.DBusError: Object does not exist at path
"/org/gtk/vfs/mount/1"
```
**Second CD eject (13:07) - immediate crash:**
```
Dec 23 13:07:23 lappy2 gnome-shell[5007]: glibtop(c=5007): [WARNING] statvfs
'/run/user/1000/gvfs/cdda:host=sr0' failed: No such file or directory
Dec 23 13:08:07 lappy2 gnome-shell[5007]: malloc(): unaligned fastbin chunk
detected
Dec 23 13:08:07 lappy2 gnome-shell[5007]: GNOME Shell crashed with signal 6
Dec 23 13:08:07 lappy2 gnome-shell[5007]: == Stack trace for context
0x5b9bc1aeeeb0 ==
Dec 23 13:08:07 lappy2 gnome-shell[5007]: #0 5b9bc1bbb6c0 i
resource:///org/gnome/shell/ui/status/network.js:1261 (1250a1e8ce20 @ 55)
Dec 23 13:08:07 lappy2 gnome-shell[5007]: #1 5b9bc1bbb638 i
resource:///org/gnome/shell/ui/status/network.js:1106 (1250a1e8c880 @ 16)
Dec 23 13:08:07 lappy2 gnome-shell[5007]: #2 5b9bc1bbb5a8 i
resource:///org/gnome/shell/ui/init.js:21 (102b2b18d8d0 @ 48)
```
## Analysis
The ubuntu-dock extension's `locations.js` (lines 316, 504) accesses a
GProxyVolume object after the CD has been ejected and gvfs has disposed of the
volume. This use-after-free corrupts heap memory, causing an immediate crash
(signal 6 / SIGABRT from glibc's malloc corruption detection).
## Related Bugs
- https://github.com/micheleg/dash-to-dock/issues/2255
- https://bugs.launchpad.net/bugs/1856032
** Affects: gnome-shell-extension-ubuntu-dock (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2137078
Title:
GNOME Shell crashes after CD eject - ubuntu-dock accesses disposed
GProxyVolume
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell-extension-ubuntu-dock/+bug/2137078/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
