Page MenuHomePhabricator
Create Task
Maniphest T4963

Annoying crash in Luncher
Closed, ResolvedPublic
Actions

Description

Been seeing this for quite some time and happens all the time out of nowhere (opening apps, loging out) thus turning WL in a shitshow.

(gdb) bt
#0 0x080de672 in e_exec_instance_watcher_del (inst=0x9b49040, func=0xa97aa45e <_bar_instance_watch>, data=0x9b4f138) at src/bin/e_exec.c:389
#1 0xa97aa68b in _bar_icon_del (inst=0x94b9098, ic=0x9b4f138) at src/modules/luncher/bar.c:204
#2 0xa97ad6a3 in _bar_cb_exec_del (data=0x0, type=265, ex=0x96dbfa0) at src/modules/luncher/bar.c:1139
#3 0xb6c5a650 in _ecore_call_handler_cb (func=0xa97ad4b3 <_bar_cb_exec_del>, data=0x0, type=265, event=0x96dbfa0) at lib/ecore/ecore_private.h:317
#4 0xb6c5b535 in _ecore_event_call () at lib/ecore/ecore_events.c:518
#5 0xb6c63dcd in _ecore_main_loop_iterate_internal (once_only=0) at lib/ecore/ecore_main.c:2359
#6 0xb6c61e8b in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1287
#7 0x0807ba56 in main (argc=1, argv=0xbfc0f194) at src/bin/e_main.c:1093
(gdb)

Details

Commits
rEb005919ea950: ref clients during exe_inst deletion to avoid invalid access after free
rEbcea88934036: luncher: null out the watchter when the watcher is stopped
rE6becc2b1796b: e_exec: split up the free of the instance
rE12655becaa8a: ref clients during exe_inst deletion to avoid invalid access after free
ApB created this task.Dec 3 2016, 3:19 AM
zmike added a comment.Dec 5 2016, 7:50 AM

Need a valgrind log

ApB added a comment.Dec 22 2016, 4:08 AM

I think i have a reliable(ish) way of reproducing this:

Open transmission-gtk > Close it from the X on the top right > Click on the transmission icon on the launcher > Click File > Quit.

zmike added a comment.Dec 22 2016, 7:16 AM
In T4963#78828, @ApB wrote:

I think i have a reliable(ish) way of reproducing this:

Open transmission-gtk > Close it from the X on the top right > Click on the transmission icon on the launcher > Click File > Quit.

Works fine here.

ApB added a comment.Dec 22 2016, 7:25 AM

I can easily rep with the above :/

32bit issue maybe?

bu5hm4n added a subscriber: bu5hm4n.Dec 22 2016, 7:39 AM

@ApB i had similar problems, I resolved them by export EINA_FREEQ_BYPASS=1 I think there is somewhere a problem with the freeq. Does that export help ?

ApB added a comment.Dec 22 2016, 7:48 AM
In T4963#78834, @bu5hm4n wrote:

@ApB i had similar problems, I resolved them by export EINA_FREEQ_BYPASS=1 I think there is somewhere a problem with the freeq. Does that export help ?

Nope. Just crashed it using the exact same way.

Funny thing it sometimes crashes in a different way. :/

stephenmhouston renamed this task from Annoying crash in Wayland to Annoying crash in Luncher.Jan 8 2017, 6:20 PM
stephenmhouston triaged this task as High priority.
stephenmhouston removed a project: Restricted Project.

I see this... but it is rare and hard to reproduce. @bu5hm4n mentioned he noticed that e_comp misses frames sometimes and misses applications closing from time to time. I think this could be related.

bu5hm4n added a comment.Jan 9 2017, 1:28 AM

not a frame, it misses that the client is dead. It is sometimes also visible in the tiling module. There is just a black area where the client was before...

stephenmhouston added a comment.Jan 12 2017, 5:15 PM

I'm willing to bet a commit I just made might have fixed this. Use luncher for a couple of days and let me know if you see it.

ApB added a comment.Jan 13 2017, 2:02 AM

Just crashed it the same way i always did.

bu5hm4n added a comment.Feb 4 2017, 3:09 PM

I hope the log from below gives you the chance to fix that ?

That really turns out to be annoying, especially when you start / stop a app quite reqular

==18973== Memcheck, a memory error detector
==18973== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==18973== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==18973== Command: enlightenment
==18973== Parent PID: 18951
==18973== 
==18973== Syscall param msync(start) points to uninitialised byte(s)
==18973==    at 0xF22F73D: ??? (in /usr/lib/libpthread-2.24.so)
==18973==    by 0xF008201: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00BCD6: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00C21D: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00C578: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF008C10: _ULx86_64_step (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF0096E2: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF0077E1: backtrace (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xE9705AD: eina_log_print_cb_stderr (eina_log.c:2057)
==18973==    by 0xE973226: eina_log_print_unlocked (eina_log.c:1456)
==18973==    by 0xE972CC7: eina_log_print (eina_log.c:2261)
==18973==    by 0x1A2CDA38: ecore_evas_gl_x11_options_new_internal (ecore_evas_x.c:4585)
==18973==  Address 0xffefbd000 is on thread 1's stack
==18973==  in frame #7, created by backtrace (???:)
==18973== 
==18973== Syscall param msync(start) points to unaddressable byte(s)
==18973==    at 0xF22F73D: ??? (in /usr/lib/libpthread-2.24.so)
==18973==    by 0xF008201: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00877F: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00BC89: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00C21D: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00C578: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF008C10: _ULx86_64_step (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF0096E2: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF0077E1: backtrace (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xE9705AD: eina_log_print_cb_stderr (eina_log.c:2057)
==18973==    by 0xE973226: eina_log_print_unlocked (eina_log.c:1456)
==18973==    by 0xE972CC7: eina_log_print (eina_log.c:2261)
==18973==  Address 0xffefbc000 is on thread 1's stack
==18973==  1920 bytes below stack pointer
==18973== 
==18973== Invalid read of size 1
==18973==    at 0xDD5DD40: ecore_animator_del (ecore_anim.c:799)
==18973==    by 0x5CF4CC: e_efx_move (efx_move.c:170)
==18973==    by 0x5D38DD: e_efx_resize (efx_resize.c:214)
==18973==    by 0x45C774: _bryce_autosize (e_bryce.c:263)
==18973==    by 0xDD67ADC: _ecore_job_event_handler (ecore_job.c:98)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973==  Address 0x246a0908 is 72 bytes inside a block of size 80 free'd
==18973==    at 0x4C2BD3A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0xDD5DE78: _ecore_animator_flush (ecore_anim.c:977)
==18973==    by 0xDD5E5D1: _do_tick (ecore_anim.c:483)
==18973==    by 0xDD5F928: _timer_tick_notify (ecore_anim.c:340)
==18973==    by 0xDD8B266: _ecore_notify_handler (ecore_thread.c:267)
==18973==    by 0xDD5C9A6: _ecore_main_call_flush (ecore.c:1032)
==18973==    by 0xDD5AF87: _thread_callback (ecore.c:1043)
==18973==    by 0xDD859A9: _ecore_pipe_handler_call (ecore_pipe.c:511)
==18973==    by 0xDD84CD4: _ecore_pipe_read (ecore_pipe.c:637)
==18973==    by 0xDD6CF61: _ecore_call_fd_cb (ecore_private.h:333)
==18973==    by 0xDD6C427: _ecore_main_fd_handlers_call (ecore_main.c:1990)
==18973==    by 0xDD68A11: _ecore_main_loop_iterate_internal (ecore_main.c:2375)
==18973==  Block was alloc'd at
==18973==    at 0x4C2CA40: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0xDD5D08D: _ecore_animator_add (ecore_anim.c:505)
==18973==    by 0xDD5D13A: ecore_animator_timeline_add (ecore_anim.c:533)
==18973==    by 0x5CF4EE: e_efx_move (efx_move.c:171)
==18973==    by 0x5D38DD: e_efx_resize (efx_resize.c:214)
==18973==    by 0x45C774: _bryce_autosize (e_bryce.c:263)
==18973==    by 0xDD67ADC: _ecore_job_event_handler (ecore_job.c:98)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973== 
==18973== Invalid read of size 8
==18973==    at 0xDD5DD53: ecore_animator_del (ecore_anim.c:801)
==18973==    by 0x5CF4CC: e_efx_move (efx_move.c:170)
==18973==    by 0x5D38DD: e_efx_resize (efx_resize.c:214)
==18973==    by 0x45C774: _bryce_autosize (e_bryce.c:263)
==18973==    by 0xDD67ADC: _ecore_job_event_handler (ecore_job.c:98)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973==  Address 0x246a08e0 is 32 bytes inside a block of size 80 free'd
==18973==    at 0x4C2BD3A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0xDD5DE78: _ecore_animator_flush (ecore_anim.c:977)
==18973==    by 0xDD5E5D1: _do_tick (ecore_anim.c:483)
==18973==    by 0xDD5F928: _timer_tick_notify (ecore_anim.c:340)
==18973==    by 0xDD8B266: _ecore_notify_handler (ecore_thread.c:267)
==18973==    by 0xDD5C9A6: _ecore_main_call_flush (ecore.c:1032)
==18973==    by 0xDD5AF87: _thread_callback (ecore.c:1043)
==18973==    by 0xDD859A9: _ecore_pipe_handler_call (ecore_pipe.c:511)
==18973==    by 0xDD84CD4: _ecore_pipe_read (ecore_pipe.c:637)
==18973==    by 0xDD6CF61: _ecore_call_fd_cb (ecore_private.h:333)
==18973==    by 0xDD6C427: _ecore_main_fd_handlers_call (ecore_main.c:1990)
==18973==    by 0xDD68A11: _ecore_main_loop_iterate_internal (ecore_main.c:2375)
==18973==  Block was alloc'd at
==18973==    at 0x4C2CA40: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0xDD5D08D: _ecore_animator_add (ecore_anim.c:505)
==18973==    by 0xDD5D13A: ecore_animator_timeline_add (ecore_anim.c:533)
==18973==    by 0x5CF4EE: e_efx_move (efx_move.c:171)
==18973==    by 0x5D38DD: e_efx_resize (efx_resize.c:214)
==18973==    by 0x45C774: _bryce_autosize (e_bryce.c:263)
==18973==    by 0xDD67ADC: _ecore_job_event_handler (ecore_job.c:98)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973== 
==18973== Syscall param msync(start) points to uninitialised byte(s)
==18973==    at 0xF22F73D: ??? (in /usr/lib/libpthread-2.24.so)
==18973==    by 0xF008201: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00877F: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00BC89: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00C21D: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF00C578: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF008C10: _ULx86_64_step (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF0096E2: ??? (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xF0077E1: backtrace (in /usr/lib/libunwind.so.8.0.1)
==18973==    by 0xE9705AD: eina_log_print_cb_stderr (eina_log.c:2057)
==18973==    by 0xE973226: eina_log_print_unlocked (eina_log.c:1456)
==18973==    by 0xE972CC7: eina_log_print (eina_log.c:2261)
==18973==  Address 0xffefc4000 is on thread 1's stack
==18973== 
==18973== Invalid read of size 4
==18973==    at 0x56E88B: e_object_del (e_object.c:43)
==18973==    by 0x5A314B: _e_util_cb_delayed_del (e_utils.c:729)
==18973==    by 0xDD676B9: _ecore_call_task_cb (ecore_private.h:283)
==18973==    by 0xDD6763B: _ecore_factorized_idle_process (ecore_idler.c:35)
==18973==    by 0xE7347AC: _event_callback_call (eo_base_class.c:1399)
==18973==    by 0xE73248F: _efl_object_event_callback_call (eo_base_class.c:1483)
==18973==    by 0xE72F1EA: efl_event_callback_call (efl_object.eo.c:142)
==18973==    by 0xDD673DF: _ecore_idle_enterer_call (ecore_idle_enterer.c:48)
==18973==    by 0xDD687E4: _ecore_main_loop_iterate_internal (ecore_main.c:2292)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973==  Address 0x24e3f620 is 0 bytes inside a block of size 176 free'd
==18973==    at 0x4C2BD3A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x4BDDBE: _e_dialog_free (e_dialog.c:281)
==18973==    by 0x56EEEB: e_object_free (e_object.c:119)
==18973==    by 0x56ECB8: e_object_unref (e_object.c:152)
==18973==    by 0x56EA34: e_object_del (e_object.c:60)
==18973==    by 0x5A314B: _e_util_cb_delayed_del (e_utils.c:729)
==18973==    by 0xDD676B9: _ecore_call_task_cb (ecore_private.h:283)
==18973==    by 0xDD6763B: _ecore_factorized_idle_process (ecore_idler.c:35)
==18973==    by 0xE7347AC: _event_callback_call (eo_base_class.c:1399)
==18973==    by 0xE73248F: _efl_object_event_callback_call (eo_base_class.c:1483)
==18973==    by 0xE72F1EA: efl_event_callback_call (efl_object.eo.c:142)
==18973==    by 0xDD673DF: _ecore_idle_enterer_call (ecore_idle_enterer.c:48)
==18973==  Block was alloc'd at
==18973==    at 0x4C2CA40: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x56E814: e_object_alloc (e_object.c:20)
==18973==    by 0x4BCF1B: _e_dialog_internal_new (e_dialog.c:23)
==18973==    by 0x4BCED9: e_dialog_new (e_dialog.c:83)
==18973==    by 0x5A0F35: e_util_dialog_internal (e_utils.c:396)
==18973==    by 0x5E9FAC: _e_comp_x_add_fail_job (e_comp_x.c:567)
==18973==    by 0xDD67ADC: _ecore_job_event_handler (ecore_job.c:98)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973== 
==18973== Invalid read of size 1
==18973==    at 0x56E8A5: e_object_del (e_object.c:44)
==18973==    by 0x5A314B: _e_util_cb_delayed_del (e_utils.c:729)
==18973==    by 0xDD676B9: _ecore_call_task_cb (ecore_private.h:283)
==18973==    by 0xDD6763B: _ecore_factorized_idle_process (ecore_idler.c:35)
==18973==    by 0xE7347AC: _event_callback_call (eo_base_class.c:1399)
==18973==    by 0xE73248F: _efl_object_event_callback_call (eo_base_class.c:1483)
==18973==    by 0xE72F1EA: efl_event_callback_call (efl_object.eo.c:142)
==18973==    by 0xDD673DF: _ecore_idle_enterer_call (ecore_idle_enterer.c:48)
==18973==    by 0xDD687E4: _ecore_main_loop_iterate_internal (ecore_main.c:2292)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973==  Address 0x24e3f674 is 84 bytes inside a block of size 176 free'd
==18973==    at 0x4C2BD3A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x4BDDBE: _e_dialog_free (e_dialog.c:281)
==18973==    by 0x56EEEB: e_object_free (e_object.c:119)
==18973==    by 0x56ECB8: e_object_unref (e_object.c:152)
==18973==    by 0x56EA34: e_object_del (e_object.c:60)
==18973==    by 0x5A314B: _e_util_cb_delayed_del (e_utils.c:729)
==18973==    by 0xDD676B9: _ecore_call_task_cb (ecore_private.h:283)
==18973==    by 0xDD6763B: _ecore_factorized_idle_process (ecore_idler.c:35)
==18973==    by 0xE7347AC: _event_callback_call (eo_base_class.c:1399)
==18973==    by 0xE73248F: _efl_object_event_callback_call (eo_base_class.c:1483)
==18973==    by 0xE72F1EA: efl_event_callback_call (efl_object.eo.c:142)
==18973==    by 0xDD673DF: _ecore_idle_enterer_call (ecore_idle_enterer.c:48)
==18973==  Block was alloc'd at
==18973==    at 0x4C2CA40: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x56E814: e_object_alloc (e_object.c:20)
==18973==    by 0x4BCF1B: _e_dialog_internal_new (e_dialog.c:23)
==18973==    by 0x4BCED9: e_dialog_new (e_dialog.c:83)
==18973==    by 0x5A0F35: e_util_dialog_internal (e_utils.c:396)
==18973==    by 0x5E9FAC: _e_comp_x_add_fail_job (e_comp_x.c:567)
==18973==    by 0xDD67ADC: _ecore_job_event_handler (ecore_job.c:98)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973== 
==18973== Invalid read of size 2
==18973==    at 0x2B277278: _bar_cb_exec_del (bar.c:1180)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973==  Address 0x13755c68 is 1,000 bytes inside a block of size 1,424 free'd
==18973==    at 0x4C2BD3A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x468ED7: _e_client_free (e_client.c:597)
==18973==    by 0x56EEEB: e_object_free (e_object.c:119)
==18973==    by 0x56ECB8: e_object_unref (e_object.c:152)
==18973==    by 0x477F1E: _e_client_event_simple_free (e_client.c:336)
==18973==    by 0xDD61351: _ecore_call_end_cb (ecore_private.h:298)
==18973==    by 0xDD60903: _ecore_event_del (ecore_events.c:349)
==18973==    by 0xDD611E4: _ecore_event_purge_deleted (ecore_events.c:367)
==18973==    by 0xDD60D98: _ecore_event_call (ecore_events.c:553)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973==  Block was alloc'd at
==18973==    at 0x4C2CA40: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x56E814: e_object_alloc (e_object.c:20)
==18973==    by 0x467EFD: e_client_new (e_client.c:2603)
==18973==    by 0x5EA27B: _e_comp_x_client_new (e_comp_x.c:864)
==18973==    by 0x5DF8A6: _e_comp_x_show_request (e_comp_x.c:1358)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973== 
==18973== Invalid write of size 8
==18973==    at 0x4C9A5F: _e_exec_instance_free (e_exec.c:624)
==18973==    by 0x4CA69D: _e_exec_cb_exec_del_free (e_exec.c:671)
==18973==    by 0xDD61351: _ecore_call_end_cb (ecore_private.h:298)
==18973==    by 0xDD60903: _ecore_event_del (ecore_events.c:349)
==18973==    by 0xDD611E4: _ecore_event_purge_deleted (ecore_events.c:367)
==18973==    by 0xDD60D98: _ecore_event_call (ecore_events.c:553)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973==  Address 0x13755dd0 is 1,360 bytes inside a block of size 1,424 free'd
==18973==    at 0x4C2BD3A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x468ED7: _e_client_free (e_client.c:597)
==18973==    by 0x56EEEB: e_object_free (e_object.c:119)
==18973==    by 0x56ECB8: e_object_unref (e_object.c:152)
==18973==    by 0x477F1E: _e_client_event_simple_free (e_client.c:336)
==18973==    by 0xDD61351: _ecore_call_end_cb (ecore_private.h:298)
==18973==    by 0xDD60903: _ecore_event_del (ecore_events.c:349)
==18973==    by 0xDD611E4: _ecore_event_purge_deleted (ecore_events.c:367)
==18973==    by 0xDD60D98: _ecore_event_call (ecore_events.c:553)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973==  Block was alloc'd at
==18973==    at 0x4C2CA40: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x56E814: e_object_alloc (e_object.c:20)
==18973==    by 0x467EFD: e_client_new (e_client.c:2603)
==18973==    by 0x5EA27B: _e_comp_x_client_new (e_comp_x.c:864)
==18973==    by 0x5DF8A6: _e_comp_x_show_request (e_comp_x.c:1358)
==18973==    by 0xDD61167: _ecore_call_handler_cb (ecore_private.h:317)
==18973==    by 0xDD60C46: _ecore_event_call (ecore_events.c:518)
==18973==    by 0xDD68A31: _ecore_main_loop_iterate_internal (ecore_main.c:2380)
==18973==    by 0xDD68BC5: ecore_main_loop_begin (ecore_main.c:1290)
==18973==    by 0x441E3F: main (e_main.c:1093)
==18973== 
==18973== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18973==    at 0xFC36B7D: ??? (in /usr/lib/libc-2.24.so)
==18973==    by 0x10B05BAC: ??? (in /usr/lib/libxcb.so.1.1.0)
==18973==    by 0x10B05FAC: ??? (in /usr/lib/libxcb.so.1.1.0)
==18973==    by 0x10B0602C: xcb_writev (in /usr/lib/libxcb.so.1.1.0)
==18973==    by 0x9370F4D: _XSend (in /usr/lib/libX11.so.6.3.0)
==18973==    by 0x9371441: _XReply (in /usr/lib/libX11.so.6.3.0)
==18973==    by 0xA8B3203: XIGetClientPointer (in /usr/lib/libXi.so.6.1.0)
==18973==    by 0x8F06267: ecore_x_window_cursor_set (ecore_x_window.c:920)
==18973==    by 0x579FB1: e_pointer_idler_before (e_pointer.c:764)
==18973==    by 0x4427AA: _e_main_cb_idle_before (e_main.c:1789)
==18973==    by 0xDD676B9: _ecore_call_task_cb (ecore_private.h:283)
==18973==    by 0xDD6763B: _ecore_factorized_idle_process (ecore_idler.c:35)
==18973==  Address 0x195ddd44 is 84 bytes inside a block of size 16,384 alloc'd
==18973==    at 0x4C2CA40: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18973==    by 0x9361395: XOpenDisplay (in /usr/lib/libX11.so.6.3.0)
==18973==    by 0x8EE0A76: ecore_x_init (ecore_x.c:752)
==18973==    by 0x4F9C60A: _elm_config_sub_init (elm_config.c:3950)
==18973==    by 0x50A0C08: elm_quicklaunch_sub_init (elm_main.c:735)
==18973==    by 0x50A0723: elm_init (elm_main.c:332)
==18973==    by 0x43D3BB: main (e_main.c:471)
==18973== 
==18973== 
==18973== HEAP SUMMARY:
==18973==     in use at exit: 14,323,657 bytes in 63,954 blocks
==18973==   total heap usage: 1,326,934 allocs, 721,608 frees, 332,050,848 bytes allocated
==18973== 
==18973== LEAK SUMMARY:
==18973==    definitely lost: 4,310 bytes in 40 blocks
==18973==    indirectly lost: 24,857 bytes in 789 blocks
==18973==      possibly lost: 126,924 bytes in 1,391 blocks
==18973==    still reachable: 13,754,222 bytes in 90,949 blocks
==18973==                       of which reachable via heuristic:
==18973==                         newarray           : 10,816 bytes in 132 blocks
==18973==         suppressed: 0 bytes in 0 blocks
==18973== Rerun with --leak-check=full to see details of leaked memory
==18973== 
==18973== For counts of detected and suppressed errors, rerun with: -v
==18973== Use --track-origins=yes to see where uninitialised values come from
==18973== ERROR SUMMARY: 63 errors from 10 contexts (suppressed: 0 from 0)
ApB added a comment.Feb 11 2017, 9:03 AM

@zmike wasn't your merge supposed to fix that? Cause i still see it.

stephenmhouston added a comment.Feb 13 2017, 7:58 AM

@bu5hm4n can you upload the script you are using to open and close apps and reproduce this?

bu5hm4n added a comment.Feb 13 2017, 8:09 AM

while [ true ];
do
extra &
sleep 2 && killall extra
done;

zmike added a comment.Feb 13 2017, 8:16 AM
In T4963#81747, @ApB wrote:

@zmike wasn't your merge supposed to fix that? Cause i still see it.

I fixed the valgrind errors from @bu5hm4n. You still haven't posted a log from your case so I can't fix that.

ApB added a comment.Feb 13 2017, 8:19 AM
In T4963#81839, @zmike wrote:
In T4963#81747, @ApB wrote:

@zmike wasn't your merge supposed to fix that? Cause i still see it.

I fixed the valgrind errors from @bu5hm4n. You still haven't posted a log from your case so I can't fix that.

The test machine is too slow to valgrind anything on it.

ApB reopened this task as Open.Feb 15 2017, 9:45 AM

Just crashed it in the exact same way i described above:

coredumpctl gdb
           PID: 11670 (enlightenment)
           UID: 1000 (toliz)
           GID: 1000 (toliz)
        Signal: 11 (SEGV)
     Timestamp: Wed 2017-02-15 19:41:12 EET (1min 6s ago)
  Command Line: /usr/bin/enlightenment
    Executable: /usr/bin/enlightenment
 Control Group: /user.slice/user-1000.slice/session-c1.scope
          Unit: session-c1.scope
         Slice: user-1000.slice
       Session: c1
     Owner UID: 1000 (toliz)
       Boot ID: d84d326a20fe49e68c595536f73e6102
    Machine ID: 77c42d073644466287ad3d7a519e810c
      Hostname: testland
       Storage: /var/lib/systemd/coredump/core.enlightenment.1000.d84d326a20fe49e68c595536f73e6102.11670.1487180472000000000000.lz4
       Message: Process 11670 (enlightenment) of user 1000 dumped core.

                Stack trace of thread 11670:
                #0  0x00000000080deb4c eina_list_next (enlightenment)
                #1  0x00000000080df6f9 e_exec_instance_watcher_del (enlightenment)
                #2  0x00000000ab535d3e _bar_icon_del (module.so)
                #3  0x00000000ab538f1a _bar_cb_exec_del (module.so)
                #4  0x00000000b6c9e700 _ecore_call_handler_cb (libecore.so.1)
                #5  0x00000000b6c9f5e5 _ecore_event_call (libecore.so.1)
                #6  0x00000000b6ca7d10 _ecore_main_loop_iterate_internal (libecore.so.1)
                #7  0x00000000b6ca5c61 ecore_main_loop_begin (libecore.so.1)
                #8  0x000000000807afb6 main (enlightenment)
                #9  0x00000000b69e2196 __libc_start_main (libc.so.6)
                #10 0x0000000008075551 _start (enlightenment)

GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/enlightenment...Reading symbols from /usr/lib/debug/usr/bin/enlightenment.debug...done.
done.
[New LWP 11670]
[New LWP 11674]
[New LWP 11688]
[New LWP 11681]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `/usr/bin/enlightenment'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x080deb4c in eina_list_next (list=0x228) at /usr/include/eina-1/eina/eina_inline_list.x:32
32         if (list) return list->next;
[Current thread is 1 (Thread 0xb5767d80 (LWP 11670))]
(gdb) bt
#0  0x080deb4c in eina_list_next (list=0x228) at /usr/include/eina-1/eina/eina_inline_list.x:32
#1  0x080df6f9 in e_exec_instance_watcher_del (inst=0xa828658, func=0xab535af9 <_bar_instance_watch>, data=0xad22128) at src/bin/e_exec.c:387
#2  0xab535d3e in _bar_icon_del (inst=0xa69bea8, ic=0xad22128) at src/modules/luncher/bar.c:274
#3  0xab538f1a in _bar_cb_exec_del (data=0x0, type=269, ex=0xa7db850) at src/modules/luncher/bar.c:1239
#4  0xb6c9e700 in _ecore_call_handler_cb (func=0xab538d0e <_bar_cb_exec_del>, data=0x0, type=269, event=0xa7db850) at lib/ecore/ecore_private.h:317
#5  0xb6c9f5e5 in _ecore_event_call () at lib/ecore/ecore_events.c:518
#6  0xb6ca7d10 in _ecore_main_loop_iterate_internal (once_only=0) at lib/ecore/ecore_main.c:2384
#7  0xb6ca5c61 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1292
#8  0x0807afb6 in main (argc=1, argv=0xbfba0764) at src/bin/e_main.c:1093
(gdb)

back to the drawing board :/

zmike added a comment.Feb 15 2017, 11:42 AM

If the previous commit doesn't resolve the issue then it should probably be reverted to avoid confusion in the repo history

bu5hm4n added a comment.Feb 15 2017, 11:48 AM

I think the commit is fine, it fixes the theoretical issue of a e_exec_instance beeing freed twice, in the first run deleted is set, in the next run it is freed, but in the first call a event was scheuduled, which means the event will crash then. So splitting the event and the acual free up looks fine here.

zmike added a comment.Feb 15 2017, 1:22 PM
In T4963#82025, @bu5hm4n wrote:

I think the commit is fine, it fixes the theoretical issue of a e_exec_instance beeing freed twice, in the first run deleted is set, in the next run it is freed, but in the first call a event was scheuduled, which means the event will crash then. So splitting the event and the acual free up looks fine here.

That's not how refcounting works; based on a closer read, there is no real or theoretical issue that your patch resolves. @ApB's comments confirm this.

Having a commit in the log which claims to fix a ticket but does not fix the referenced ticket makes both bisecting and commit log reads more confusing. Another benefit of working in branches is that patches such as this can be tested in order to verify that they do fix the issues they claim to.

bu5hm4n added a comment.Feb 15 2017, 1:47 PM

Well, believe it or not, but this commit was tested by okra and me, and both of us could not reproduce the issue anymore, thats probebly why it got into master.

And to the theoretical issue:

  • call _e_exec_instance_free, the event gets into ecore
  • something else is deleting the client (a event from the xserver, can happen anytime), the e_client is getting deleted, and thus e_exec_phoney_del gets executed the ref (incremented to 1 in e_exec_phony_del) gets decremented to 0, _e_exec_instance_free gets called, the instance is freed
  • The actual event handlers (of E_EVENT_EXEC_DEL) are getting called
  • e_exec_instance_watcher_del gets called with a invalid instance, since its already freed.

With my patch it would go like that:

  • call _e_exec_instance_free, the event gets into ecore
  • something else is deleting the client (a event from the xserver, can happen anytime), the e_client is getting deleted, and thus e_exec_phoney_del gets executed the ref (incremented to 1 in e_exec_phony_del) gets decremented to 0, _e_exec_instance_free gets called,checks it has already the deleted flag, and does nothing
  • The actual event handlers (of E_EVENT_EXEC_DEL) are getting called
  • e_exec_instance_watcher_del gets called with a valid e_exec_instance
  • cleanupcode of the event gets executed and the instance is finally freed.

I thought this solution is cleaner, since the only possible way that the instance is freed is that the del event is completly done. (Which would be a good assertion)

bu5hm4n added a comment.Feb 18 2017, 7:41 AM

@ApB still happening ?

ApB added a comment.Feb 18 2017, 7:57 AM
In T4963#82231, @bu5hm4n wrote:

@ApB still happening ?

with git from yesterday morning yes

and it crashed 3 different ways:

(gdb) bt
#0  0x080deb4c in eina_list_next (list=0x13) at /usr/include/eina-1/eina/eina_inline_list.x:32
#1  0x080df6f9 in e_exec_instance_watcher_del (inst=0x9f00570, func=0xab689af9 <_bar_instance_watch>, data=0x9efcff8) at src/bin/e_exec.c:387
#2  0xab689d3e in _bar_icon_del (inst=0x99ad3a8, ic=0x9efcff8) at src/modules/luncher/bar.c:274
#3  0xab68cf1a in _bar_cb_exec_del (data=0x0, type=269, ex=0x9ed2008) at src/modules/luncher/bar.c:1239
#4  0xb6c2b700 in _ecore_call_handler_cb (func=0xab68cd0e <_bar_cb_exec_del>, data=0x0, type=269, event=0x9ed2008) at lib/ecore/ecore_private.h:317
#5  0xb6c2c5e5 in _ecore_event_call () at lib/ecore/ecore_events.c:518
#6  0xb6c34d10 in _ecore_main_loop_iterate_internal (once_only=0) at lib/ecore/ecore_main.c:2384
#7  0xb6c32c61 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1292
#8  0x0807afb6 in main (argc=1, argv=0xbff206d4) at src/bin/e_main.c:1093
(gdb)
(gdb) bt
#0  0x08096638 in _e_client_del (ec=0x9dcb708) at src/bin/e_client.c:642
#1  0x0816566f in e_object_del (obj=0x9dcb708) at src/bin/e_object.c:59
#2  0x081d7e08 in _e_comp_wl_surface_destroy (resource=0x9942f80) at src/bin/e_comp_wl.c:1803
#3  0xb6d27de0 in destroy_resource (element=0x9942f80, data=0xbfedd808) at src/wayland-server.c:611
#4  0xb6d2e67a in for_each_helper (entries=0x9e4ee38, func=0xb6d27d76 <destroy_resource>, data=0xbfedd808) at src/wayland-util.c:373
#5  0xb6d2e6bc in wl_map_for_each (map=0x9e4ee38, func=0xb6d27d76 <destroy_resource>, data=0xbfedd808) at src/wayland-util.c:386
#6  0xb6d280f5 in wl_client_destroy (client=0x9e4ee18) at src/wayland-server.c:763
#7  0xb6d276cf in wl_client_connection_data (fd=101, mask=5, data=0x9e4ee18) at src/wayland-server.c:283
#8  0xb6d2a63c in wl_event_source_fd_dispatch (source=0x9ddbce0, ep=0xbfedd8fc) at src/event-loop.c:90
#9  0xb6d2b0bc in wl_event_loop_dispatch (loop=0x8f1bad8, timeout=0) at src/event-loop.c:423
#10 0xb6d470b3 in _cb_create_data (data=0x8f1ba08, hdl=0x8c312c0) at lib/ecore_wl2/ecore_wl2_display.c:272
#11 0xb6c6c057 in _ecore_call_fd_cb (func=0xb6d47079 <_cb_create_data>, data=0x8f1ba08, fd_handler=0x8c312c0) at lib/ecore/ecore_private.h:333
#12 0xb6c6e507 in _ecore_main_fd_handlers_call () at lib/ecore/ecore_main.c:1992
#13 0xb6c6ecf7 in _ecore_main_loop_iterate_internal (once_only=0) at lib/ecore/ecore_main.c:2379
#14 0xb6c6cc61 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1292
#15 0x0807afb6 in main (argc=1, argv=0xbff16cf4) at src/bin/e_main.c:1093
(gdb)
(gdb) bt
#0  0xb771ccd9 in __kernel_vsyscall ()
#1  0xb69bfe70 in raise () from /usr/lib/libc.so.6
#2  0xb69c1468 in abort () from /usr/lib/libc.so.6
#3  0xb69fbd2f in __libc_message () from /usr/lib/libc.so.6
#4  0xb6a029c7 in malloc_printerr () from /usr/lib/libc.so.6
#5  0xb6a03196 in _int_free () from /usr/lib/libc.so.6
#6  0x0809624f in _e_client_free (ec=0xade1588) at src/bin/e_client.c:573
#7  0x08165800 in e_object_free (obj=0xade1588) at src/bin/e_object.c:119
#8  0x081659be in e_object_unref (obj=0xade1588) at src/bin/e_object.c:152
#9  0x080b269b in _e_comp_object_animating_end (cw=0xada8f00) at src/bin/e_comp_object.c:809
#10 0x080b273d in _e_comp_object_done_defer (data=0xada8f00, obj=0x4000e860, emission=0xa9aeb00 "e,action,hide,done", source=0xb6c3fc6a <_eina_stringshare_single+202> "e") at src/bin/e_comp_object.c:825
#11 0xb6fca87b in edje_match_callback_exec_check_finals (ssp=0xa8d2c60, matches=0xad85560, signal_states=0xadb3b40, source_states=0xad5ff8c, sig=0xa9aeb00 "e,action,hide,done",
    source=0xb6c3fc6a <_eina_stringshare_single+202> "e", ed=0xade1b10, prop=0 '\000') at lib/edje/edje_match.c:556
#12 0xb6fcad2d in edje_match_callback_exec (ssp=0xa8d2c60, matches=0xad85560, sig=0xa9aeb00 "e,action,hide,done", source=0xb6c3fc6a <_eina_stringshare_single+202> "e", ed=0xade1b10, prop=0 '\000') at lib/edje/edje_match.c:711
#13 0xb6fd25bf in _edje_emit_cb (ed=0xade1b10, sig=0xa9aeb00 "e,action,hide,done", src=0xb6c3fc6a <_eina_stringshare_single+202> "e", data=0x0, prop=0 '\000') at lib/edje/edje_program.c:1645
#14 0xb6fd2434 in _edje_emit_handle (ed=0xade1b10, sig=0xa9aeb00 "e,action,hide,done", src=0xb6c3fc6a <_eina_stringshare_single+202> "e", sdata=0x0, prop=0 '\000') at lib/edje/edje_program.c:1597
#15 0xb6fcc627 in _edje_message_process (em=0xadde5d8) at lib/edje/edje_message_queue.c:684
#16 0xb6fcc9ed in _edje_message_queue_process () at lib/edje/edje_message_queue.c:787
#17 0xb6fcb896 in _edje_job (data=0x0) at lib/edje/edje_message_queue.c:154
#18 0xb6c6edfd in _ecore_job_event_handler (data=0x0, type=15, ev=0xad7ec58) at lib/ecore/ecore_job.c:98
#19 0xb6c68700 in _ecore_call_handler_cb (func=0xb6c6edd5 <_ecore_job_event_handler>, data=0x0, type=15, event=0xad7ec58) at lib/ecore/ecore_private.h:317
#20 0xb6c695e5 in _ecore_event_call () at lib/ecore/ecore_events.c:518
#21 0xb6c71d10 in _ecore_main_loop_iterate_internal (once_only=0) at lib/ecore/ecore_main.c:2384
#22 0xb6c6fc61 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1292
#23 0x0807afb6 in main (argc=1, argv=0xbf840134) at src/bin/e_main.c:1093
(gdb)
ApB reopened this task as Open.Feb 18 2017, 9:31 AM

Nope. Still happens. Just build e (with efl from yesterday) after your commit and still crashed.

bu5hm4n added a comment.Feb 18 2017, 9:43 AM

No. Way. okra was able to reproduce, i was able to reproduce, noone of us can reproduce anymore, double check, give us a bt, and (yeah i know you cannot ;) ) but GIVE us a valgrind log, without a valgrind log we cannot do anything else than "guessing" what could go wrong and rebuild and check. Now we cannot anymore...

bu5hm4n lowered the priority of this task from High to Pending on user input.Feb 18 2017, 9:55 AM
ApB added a comment.Feb 18 2017, 10:34 AM

¯\_(ツ)_/¯

The other possible way of reproducing this would probably be to make a script that uninstalls and installs one or two desktop apps in Arch. As i said i've seen it also after updates. Other than that sorry. I cant valgrind. The machine is slow.

bu5hm4n added a comment.Feb 18 2017, 11:34 AM

So i run now since 30 min. un/installing of packages. Nothing happens.

bu5hm4n added a comment.Feb 19 2017, 2:22 AM

It ran the complete night without any problem ...

ApB added a comment.Feb 19 2017, 9:34 AM

Might be some kind of 32 bit thing. I'll ask derek to test again. :/

bu5hm4n added a comment.Feb 20 2017, 2:45 PM

https://git.enlightenment.org/core/enlightenment.git/log/?h=devs/bu5hm4n/luncher_verbose

Can you:

  • Build that branch
  • Run with "export EINA_LOG_LEVELS="luncher:10"
  • Reproduce the bug
  • Upload the output of e

This makes luncher a bit more verbose, prints error messages when clients are added / freeed.

ManMower added a comment.Feb 21 2017, 6:48 AM
In T4963#82248, @ApB wrote:

Might be some kind of 32 bit thing. I'll ask derek to test again. :/

No

ApB added a comment.Feb 21 2017, 10:04 AM

lunclog.txt251 KBDownload

yo.

ApB added a comment.Feb 21 2017, 10:35 AM

lunclog2.txt84 KBDownload

i had to start transmission 3 times in a row but it happened at the end. Probably the previous is useless.

bu5hm4n closed this task as Resolved.Feb 21 2017, 10:52 AM

For the record: http://pastebin.com/R9epmzz5 <- this was the last bt the user produced, if he produces again watcher_del bt's please reopen, otherwise, its DONE