Page MenuHomePhabricator

systray related crashes
Closed, ResolvedPublic

Description

Using the systray and the OwnCloud desktop client i get random crashes. I can use other applications e.g. Steam that use the systray just fine.

Related backtrace:

GNU gdb (GDB) 8.0
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
Attaching to process 13702
[New LWP 13703]
[New LWP 13705]
[New LWP 13707]
[New LWP 13708]
[New LWP 13709]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
0x00007f2e52a8fe4d in pause () from /usr/lib/libpthread.so.0
Traceback (most recent call last):
  File "/usr/share/gdb/auto-load/usr/lib/libeo.so.1.20.2-gdb.py", line 7, in <module>
    import eo_gdb
ModuleNotFoundError: No module named 'eo_gdb'
(gdb) bt
#0  0x00007f2e52a8fe4d in pause () at /usr/lib/libpthread.so.0
#1  0x00007f2e52a907e0 in <signal handler called> () at /usr/lib/libpthread.so.0
#2  0x00007f2e2f2142c0 in eina_swap32 (x=Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0x17533f5000:
#3  0x00007f2e2f2142c0 in icon_pixmap_deserialize (variant=<optimized out>, data=data@entry=0x175262f4e0, w=w@entry=0x175262f4e8, h=h@entry=0x175262f4ec) at src/modules/systray/e_mod_notifier_host_dbus.c:88
#4  0x00007f2e2f214383 in icon_pixmap_get_cb (data=0x175262f460, msg=<optimized out>, pending=<optimized out>) at src/modules/systray/e_mod_notifier_host_dbus.c:278
#5  0x00007f2e54cef49e in eldbus_pending_dispatch (pending=0x17529197c0, msg=0x1752ad3360) at lib/eldbus/eldbus_pending.c:255
#6  0x00007f2e50a7e815 in  () at /usr/lib/libdbus-1.so.3
#7  0x00007f2e50a82423 in dbus_connection_dispatch () at /usr/lib/libdbus-1.so.3
#8  0x00007f2e54ce9492 in eldbus_idle_enterer (data=0x175249e420) at lib/eldbus/eldbus_core.c:785
#9  0x00007f2e52f3574f in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:291
#10 0x00007f2e52f3574f in _ecore_factorized_idle_process (data=0x1752345240, event=<optimized out>) at lib/ecore/ecore_idler.c:35
#11 0x00007f2e4f1674bf in _event_callback_call (legacy_compare=0 '\000', event_info=<optimized out>, desc=0x7f2e53166440 <_EFL_LOOP_EVENT_IDLE_ENTER>, pd=0x175233e050, obj_id=<optimized out>) at lib/eo/eo_base_class.c:1473
#12 0x00007f2e4f1674bf in _efl_object_event_callback_call (obj_id=<optimized out>, pd=0x175233e050, desc=0x7f2e53166440 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=<optimized out>) at lib/eo/eo_base_class.c:1557
#13 0x00007f2e4f1626f1 in efl_event_callback_call (obj=0x800000000de3ce1e, desc=0x7f2e53166440 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=event_info@entry=0x0) at lib/eo/eo_base_class.c:1560
#14 0x00007f2e52f3561f in _ecore_idle_enterer_call (loop=<optimized out>) at lib/ecore/ecore_idle_enterer.c:48
#15 0x00007f2e52f38c2a in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2309
#16 0x00007f2e52f392c7 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1299
#17 0x00000017518af52c in main (argc=<optimized out>, argv=<optimized out>) at src/bin/e_main.c:1079

Currently on EFL 1.20.2, E 0.21.9. OwnCloud desktop client is 2.3.2 and uses Qt 5.9.1.

rennod created this task.Aug 18 2017, 2:48 PM
rennod edited projects, added Restricted Project; removed enlightenment-git.Aug 18 2017, 2:56 PM
zmike triaged this task as Pending on user input priority.Aug 21 2017, 1:37 PM

I think I will need either your ~/.e-crashdump.txt file or the output of bt full in gdb to make sense of this. Even better would be if you could provide a valgrind log...

I actually saved bt full of this:

(gdb) bt full
#0  0x00007f2e52a8fe4d in pause () at /usr/lib/libpthread.so.0
#1  0x00007f2e52a907e0 in <signal handler called> () at /usr/lib/libpthread.so.0
#2  0x00007f2e2f2142c0 in eina_swap32 (x=Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0x17533f5000:
#3  0x00007f2e2f2142c0 in icon_pixmap_deserialize (variant=<optimized out>, data=data@entry=0x175262f4e0, w=w@entry=0x175262f4e8, h=h@entry=0x175262f4ec) at src/modules/systray/e_mod_notifier_host_dbus.c:88
        pos = <optimized out>
        img = 0x1753349cdc
        len = 262144
        imgdata = 0x1752c9cc20
        iter = 0x1752ee8790
        struc = 0x1752d461d0
        tmpw = 256
        tmph = 256
#4  0x00007f2e2f214383 in icon_pixmap_get_cb (data=0x175262f460, msg=<optimized out>, pending=<optimized out>) at src/modules/systray/e_mod_notifier_host_dbus.c:278
        item = 0x175262f460
        variant = 0x1752d98170
#5  0x00007f2e54cef49e in eldbus_pending_dispatch (pending=0x17529197c0, msg=0x1752ad3360) at lib/eldbus/eldbus_pending.c:255
#6  0x00007f2e50a7e815 in  () at /usr/lib/libdbus-1.so.3
#7  0x00007f2e50a82423 in dbus_connection_dispatch () at /usr/lib/libdbus-1.so.3
#8  0x00007f2e54ce9492 in eldbus_idle_enterer (data=0x175249e420) at lib/eldbus/eldbus_core.c:785
        conn = 0x175249e420
        status = <optimized out>
        data = 0x175249e420
        conn = 0x175249e420
#9  0x00007f2e52f3574f in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:291
        idler = 0x1752345240
#10 0x00007f2e52f3574f in _ecore_factorized_idle_process (data=0x1752345240, event=<optimized out>) at lib/ecore/ecore_idler.c:35
        idler = 0x1752345240
#11 0x00007f2e4f1674bf in _event_callback_call (legacy_compare=0 '\000', event_info=<optimized out>, desc=0x7f2e53166440 <_EFL_LOOP_EVENT_IDLE_ENTER>, pd=0x175233e050, obj_id=<optimized out>) at lib/eo/eo_base_class.c:1473
        it = 0x7f2e53168910 <internal+16>
        ev = {object = 0x800000000de3ce1e, desc = 0x7f2e53166440 <_EFL_LOOP_EVENT_IDLE_ENTER>, info = 0x0}
        ret = 1 '\001'
        frame = {next = 0x0, idx = 6, inserted_before = 0, generation = 1}
        cb = <optimized out>
        lookup = 0x7ffe6a3469e0
        saved = {__in_list = {next = 0x0, prev = 0x0, last = 0x7ffe6a3469e0}, desc = 0x7f2e53166440 <_EFL_LOOP_EVENT_IDLE_ENTER>, current = 5}
        idx = 6
        callback_already_stopped = 0 '\000'
#12 0x00007f2e4f1674bf in _efl_object_event_callback_call (obj_id=<optimized out>, pd=0x175233e050, desc=0x7f2e53166440 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=<optimized out>) at lib/eo/eo_base_class.c:1557
#13 0x00007f2e4f1626f1 in efl_event_callback_call (obj=0x800000000de3ce1e, desc=0x7f2e53166440 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=event_info@entry=0x0) at lib/eo/eo_base_class.c:1560
        _r = <optimized out>
        ___cache = {index = {{klass = 0x175233d430}}, entry = {{func = 0x175233df60}}, off = {{off = 64}}, op = 29, generation = 1}
        ___call = {eo_id = 0x800000000de3ce1e, obj = 0x175233e010, func = 0x7f2e4f167310 <_efl_object_event_callback_call>, data = 0x175233e050, extn1 = 0x0, extn2 = 0x7ffe6a346aec, extn3 = 0x0, extn4 = 0x40d233762b9e08bf}
        _func_ = <optimized out>
#14 0x00007f2e52f3561f in _ecore_idle_enterer_call (loop=<optimized out>) at lib/ecore/ecore_idle_enterer.c:48
#15 0x00007f2e52f38c2a in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2309
        next_time = -1
        f = <optimized out>
        p = <optimized out>
#16 0x00007f2e52f392c7 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1299
#17 0x00000017518af52c in main (argc=<optimized out>, argv=<optimized out>) at src/bin/e_main.c:1079
        safe_mode = <optimized out>
        after_restart = <optimized out>
        waslocked = <optimized out>
        t = <optimized out>
        tstart = <optimized out>
        s = <optimized out>
        buff = "1503091648.1", '\000' <repeats 19 times>
        action = {__sigaction_handler = {sa_handler = 0x1751987060 <e_sigabrt_act>, sa_sigaction = 0x1751987060 <e_sigabrt_act>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = -1073741820, sa_restorer = 0x0}
        __FUNCTION__ = "main"

Happens with efl and enlightenment from git too. Could try valgrind. Would an AddressSanitizer build help?

zmike added a comment.Aug 21 2017, 1:45 PM

Valgrind would allow me to immediately solve the issue, no guarantees that asan would do the same.

rennod added a comment.EditedAug 21 2017, 4:44 PM

Found those in the valgrind log:

==1360== Invalid read of size 4
==1360==    at 0x25DF7300: eina_swap32 (eina_inline_cpu.x:57)
==1360==    by 0x25DF7300: icon_pixmap_deserialize (e_mod_notifier_host_dbus.c:88)
==1360==    by 0x25DF81B9: item_prop_get (e_mod_notifier_host_dbus.c:115)
==1360==    by 0x6A6A2EA: eldbus_message_iter_dict_iterate (eldbus_message_helper.c:29)
==1360==    by 0x25DF761E: props_get_all_cb (e_mod_notifier_host_dbus.c:206)
==1360==    by 0x6A643D5: eldbus_pending_dispatch (eldbus_pending.c:255)
==1360==    by 0xACC7814: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACCB422: dbus_connection_dispatch (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0x6A5E151: eldbus_idle_enterer (eldbus_core.c:785)
==1360==    by 0x880AC0E: _ecore_call_task_cb (ecore_private.h:291)
==1360==    by 0x880AC0E: _ecore_factorized_idle_process (ecore_idler.c:35)
==1360==    by 0xC61851E: _event_callback_call (eo_base_class.c:1479)
==1360==    by 0xC61851E: _efl_object_event_callback_call (eo_base_class.c:1563)
==1360==    by 0xC613570: efl_event_callback_call (eo_base_class.c:1566)
==1360==    by 0x880E519: _ecore_main_loop_iterate_internal (ecore_main.c:2310)
==1360==    by 0x880EC86: ecore_main_loop_begin (ecore_main.c:1299)
==1360==    by 0x149115: main (e_main.c:1088)
==1360==  Address 0x3c325eb8 is 3 bytes after a block of size 344,661 alloc'd
==1360==    at 0x4C2E15F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1360==    by 0xACE670D: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE67E2: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE6912: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACD86B8: _dbus_message_loader_queue_messages (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1010: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1108: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1C83: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE2490: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE0D5D: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACC9B2E: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0x6A5B6CB: eldbus_fd_handler (eldbus_core.c:586)
==1360==    by 0x880E7A9: _ecore_call_fd_cb (ecore_private.h:341)
==1360==    by 0x880E7A9: _ecore_main_fd_handlers_call (ecore_main.c:2005)
==1360==    by 0x880E7A9: _ecore_main_loop_iterate_internal (ecore_main.c:2393)
==1360==    by 0x880EC86: ecore_main_loop_begin (ecore_main.c:1299)
==1360==    by 0x149115: main (e_main.c:1088)
==1360== 
==1360== Invalid read of size 4
==1360==    at 0x25DF730F: icon_pixmap_deserialize (e_mod_notifier_host_dbus.c:87)
==1360==    by 0x25DF81B9: item_prop_get (e_mod_notifier_host_dbus.c:115)
==1360==    by 0x6A6A2EA: eldbus_message_iter_dict_iterate (eldbus_message_helper.c:29)
==1360==    by 0x25DF761E: props_get_all_cb (e_mod_notifier_host_dbus.c:206)
==1360==    by 0x6A643D5: eldbus_pending_dispatch (eldbus_pending.c:255)
==1360==    by 0xACC7814: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACCB422: dbus_connection_dispatch (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0x6A5E151: eldbus_idle_enterer (eldbus_core.c:785)
==1360==    by 0x880AC0E: _ecore_call_task_cb (ecore_private.h:291)
==1360==    by 0x880AC0E: _ecore_factorized_idle_process (ecore_idler.c:35)
==1360==    by 0xC61851E: _event_callback_call (eo_base_class.c:1479)
==1360==    by 0xC61851E: _efl_object_event_callback_call (eo_base_class.c:1563)
==1360==    by 0xC613570: efl_event_callback_call (eo_base_class.c:1566)
==1360==    by 0x880E519: _ecore_main_loop_iterate_internal (ecore_main.c:2310)
==1360==    by 0x880EC86: ecore_main_loop_begin (ecore_main.c:1299)
==1360==    by 0x149115: main (e_main.c:1088)
==1360==  Address 0x3c325ebc is 7 bytes after a block of size 344,661 alloc'd
==1360==    at 0x4C2E15F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1360==    by 0xACE670D: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE67E2: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE6912: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACD86B8: _dbus_message_loader_queue_messages (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1010: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1108: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1C83: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE2490: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE0D5D: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACC9B2E: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0x6A5B6CB: eldbus_fd_handler (eldbus_core.c:586)
==1360==    by 0x880E7A9: _ecore_call_fd_cb (ecore_private.h:341)
==1360==    by 0x880E7A9: _ecore_main_fd_handlers_call (ecore_main.c:2005)
==1360==    by 0x880E7A9: _ecore_main_loop_iterate_internal (ecore_main.c:2393)
==1360==    by 0x880EC86: ecore_main_loop_begin (ecore_main.c:1299)
==1360==    by 0x149115: main (e_main.c:1088)
==1360== 
==1360== Invalid read of size 4
==1360==    at 0x25DF730F: icon_pixmap_deserialize (e_mod_notifier_host_dbus.c:87)
==1360==    by 0x25DF73C2: icon_pixmap_get_cb (e_mod_notifier_host_dbus.c:278)
==1360==    by 0x6A643D5: eldbus_pending_dispatch (eldbus_pending.c:255)
==1360==    by 0xACC7814: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACCB422: dbus_connection_dispatch (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0x6A5E151: eldbus_idle_enterer (eldbus_core.c:785)
==1360==    by 0x880AC0E: _ecore_call_task_cb (ecore_private.h:291)
==1360==    by 0x880AC0E: _ecore_factorized_idle_process (ecore_idler.c:35)
==1360==    by 0xC61851E: _event_callback_call (eo_base_class.c:1479)
==1360==    by 0xC61851E: _efl_object_event_callback_call (eo_base_class.c:1563)
==1360==    by 0xC613570: efl_event_callback_call (eo_base_class.c:1566)
==1360==    by 0x880E519: _ecore_main_loop_iterate_internal (ecore_main.c:2310)
==1360==    by 0x880EC86: ecore_main_loop_begin (ecore_main.c:1299)
==1360==    by 0x149115: main (e_main.c:1088)
==1360==  Address 0x20cc3e24 is 0 bytes after a block of size 344,132 alloc'd
==1360==    at 0x4C2E15F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1360==    by 0xACE670D: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE67E2: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE6912: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACD86B8: _dbus_message_loader_queue_messages (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1010: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1108: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1C83: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE2490: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE0D5D: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACC9B2E: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0x6A5B6CB: eldbus_fd_handler (eldbus_core.c:586)
==1360==    by 0x880E7A9: _ecore_call_fd_cb (ecore_private.h:341)
==1360==    by 0x880E7A9: _ecore_main_fd_handlers_call (ecore_main.c:2005)
==1360==    by 0x880E7A9: _ecore_main_loop_iterate_internal (ecore_main.c:2393)
==1360==    by 0x880EC86: ecore_main_loop_begin (ecore_main.c:1299)
==1360==    by 0x149115: main (e_main.c:1088)
==1360== 
==1360== Invalid read of size 4
==1360==    at 0x25DF7300: eina_swap32 (eina_inline_cpu.x:57)
==1360==    by 0x25DF7300: icon_pixmap_deserialize (e_mod_notifier_host_dbus.c:88)
==1360==    by 0x25DF73C2: icon_pixmap_get_cb (e_mod_notifier_host_dbus.c:278)
==1360==    by 0x6A643D5: eldbus_pending_dispatch (eldbus_pending.c:255)
==1360==    by 0xACC7814: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACCB422: dbus_connection_dispatch (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0x6A5E151: eldbus_idle_enterer (eldbus_core.c:785)
==1360==    by 0x880AC0E: _ecore_call_task_cb (ecore_private.h:291)
==1360==    by 0x880AC0E: _ecore_factorized_idle_process (ecore_idler.c:35)
==1360==    by 0xC61851E: _event_callback_call (eo_base_class.c:1479)
==1360==    by 0xC61851E: _efl_object_event_callback_call (eo_base_class.c:1563)
==1360==    by 0xC613570: efl_event_callback_call (eo_base_class.c:1566)
==1360==    by 0x880E519: _ecore_main_loop_iterate_internal (ecore_main.c:2310)
==1360==    by 0x880EC86: ecore_main_loop_begin (ecore_main.c:1299)
==1360==    by 0x149115: main (e_main.c:1088)
==1360==  Address 0x20cc3e28 is 4 bytes after a block of size 344,132 alloc'd
==1360==    at 0x4C2E15F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1360==    by 0xACE670D: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE67E2: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE6912: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACD86B8: _dbus_message_loader_queue_messages (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1010: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1108: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE1C83: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE2490: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACE0D5D: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0xACC9B2E: ??? (in /usr/lib/libdbus-1.so.3.14.13)
==1360==    by 0x6A5B6CB: eldbus_fd_handler (eldbus_core.c:586)
==1360==    by 0x880E7A9: _ecore_call_fd_cb (ecore_private.h:341)
==1360==    by 0x880E7A9: _ecore_main_fd_handlers_call (ecore_main.c:2005)
==1360==    by 0x880E7A9: _ecore_main_loop_iterate_internal (ecore_main.c:2393)
==1360==    by 0x880EC86: ecore_main_loop_begin (ecore_main.c:1299)
==1360==    by 0x149115: main (e_main.c:1088)
==1360==

On efl and enlightenment git.

I just noticed that hp-systray also triggers that crash. It's also a Qt application.

Do you need more information to solve this?

zmike added a comment.Aug 26 2017, 8:09 AM

This actually seems like a client misuse of the dbus api...I'm not sure there's anything I can do?

zmike added a comment.Aug 29 2017, 8:57 AM

Can you post a 'bt full' from the crash

I posted one early, but here you go:

(gdb) bt full
#0  0x00007f272d198e4d in pause () at /usr/lib/libpthread.so.0
#1  0x00007f272d1997e0 in <signal handler called> () at /usr/lib/libpthread.so.0
#2  0x00007f27098e9300 in eina_swap32 (x=Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0x55f702640000:
#3  0x00007f27098e9300 in icon_pixmap_deserialize (variant=<optimized out>, data=data@entry=0x55f6f7e77640, w=w@entry=0x55f6f7e77648, h=h@entry=0x55f6f7e7764c) at src/modules/systray/e_mod_notifier_host_dbus.c:88
        pos = <optimized out>
        img = 0x55f7025dfd3c
        len = 262144
        imgdata = 0x55f6f822ea20
        iter = 0x55f6f7d4bfa0
        struc = 0x55f6f7f6ebb0
        tmpw = 256
        tmph = 256
#4  0x00007f27098e93c3 in icon_pixmap_get_cb (data=0x55f6f7e775c0, msg=<optimized out>, pending=<optimized out>) at src/modules/systray/e_mod_notifier_host_dbus.c:278
        item = 0x55f6f7e775c0
        variant = 0x55f6f8cfe1a0
#5  0x00007f272f4063d6 in eldbus_pending_dispatch (pending=0x55f6fac58670, msg=0x55f6f801b820) at lib/eldbus/eldbus_pending.c:255
        __FUNCTION__ = "eldbus_pending_dispatch"
#6  0x00007f272b185815 in  () at /usr/lib/libdbus-1.so.3
#7  0x00007f272b189423 in dbus_connection_dispatch () at /usr/lib/libdbus-1.so.3
#8  0x00007f272f400152 in eldbus_idle_enterer (data=0x55f6f79764b0) at lib/eldbus/eldbus_core.c:785
        conn = 0x55f6f79764b0
        status = <optimized out>
        data = 0x55f6f79764b0
        conn = 0x55f6f79764b0
#9  0x00007f272d640c0f in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:291
        idler = 0x55f6f77d37b0
#10 0x00007f272d640c0f in _ecore_factorized_idle_process (data=0x55f6f77d37b0, event=<optimized out>) at lib/ecore/ecore_idler.c:35
        idler = 0x55f6f77d37b0
#11 0x00007f272986a51f in _event_callback_call (legacy_compare=0 '\000', event_info=<optimized out>, desc=0x7f272d876420 <_EFL_LOOP_EVENT_IDLE_ENTER>, pd=0x55f6f77cc180, obj_id=<optimized out>) at lib/eo/eo_base_class.c:1479
        it = 0x7f272d878930 <internal+16>
        ev = {object = 0x8000000008810cfa, desc = 0x7f272d876420 <_EFL_LOOP_EVENT_IDLE_ENTER>, info = 0x0}
        ret = 1 '\001'
        frame = {next = 0x0, idx = 6, inserted_before = 0, generation = 1}
        cb = <optimized out>
        lookup = 0x7ffc8e2328f0
        saved = {__in_list = {next = 0x0, prev = 0x0, last = 0x7ffc8e2328f0}, desc = 0x7f272d876420 <_EFL_LOOP_EVENT_IDLE_ENTER>, current = 5}
        idx = 6
        callback_already_stopped = 0 '\000'
#12 0x00007f272986a51f in _efl_object_event_callback_call (obj_id=<optimized out>, pd=0x55f6f77cc180, desc=0x7f272d876420 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=<optimized out>) at lib/eo/eo_base_class.c:1563
#13 0x00007f2729865571 in efl_event_callback_call (obj=0x8000000008810cfa, desc=0x7f272d876420 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=event_info@entry=0x0) at lib/eo/eo_base_class.c:1566
        _r = <optimized out>
        ___cache = {index = {{klass = 0x55f6f77cb560}}, entry = {{func = 0x55f6f77cc0a0}}, off = {{off = 64}}, op = 30, generation = 1}
        ___call = {eo_id = 0x8000000008810cfa, obj = 0x55f6f77cc140, func = 0x7f272986a370 <_efl_object_event_callback_call>, data = 0x55f6f77cc180, extn1 = 0x0, extn2 = 0x7ffc8e2329fc, extn3 = 0x0, extn4 = 0x4120b262398c4ab8}
        _func_ = <optimized out>
#14 0x00007f272d640adf in _ecore_idle_enterer_call (loop=<optimized out>) at lib/ecore/ecore_idle_enterer.c:48
#15 0x00007f272d64451a in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2310
        next_time = -1
        f = <optimized out>
        p = <optimized out>
#16 0x00007f272d644c87 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1299
#17 0x000055f6f7170116 in main (argc=<optimized out>, argv=<optimized out>) at src/bin/e_main.c:1088
        safe_mode = <optimized out>
        waslocked = <optimized out>
        strshare = <optimized out>
        t = <optimized out>
        tstart = <optimized out>
        s = <optimized out>
        buff = "1503938765.1", '\000' <repeats 19 times>
        action = {__sigaction_handler = {sa_handler = 0x55f6f724f3b0 <e_sigabrt_act>, sa_sigaction = 0x55f6f724f3b0 <e_sigabrt_act>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = -1073741820, sa_restorer = 0x0}
        __FUNCTION__ = "main"
zmike added a comment.Aug 30 2017, 1:39 PM

Oh oops I forgot to expand the hidden comments when I was looking again.

zmike added a comment.Aug 31 2017, 9:05 AM

Can you build with -O0 so that variables don't get optimized out?

Sure:

(gdb) bt full
#0  0x00007fb914d39e4d in pause () at /usr/lib/libpthread.so.0
#1  0x00005623d80e4756 in e_alert_show () at src/bin/e_alert.c:43
#2  0x00005623d8089c0f in _e_crash () at src/bin/e_signals.c:117
#3  0x00005623d8089c2c in e_sigseg_act (x=11, info=0x7ffd84d3e3f0, data=0x7ffd84d3e2c0) at src/bin/e_signals.c:127
#4  0x00007fb914d3a7e0 in <signal handler called> () at /usr/lib/libpthread.so.0
#5  0x00007fb8ee6f1d69 in icon_pixmap_deserialize (variant=0x5623d8eb76a0, data=0x5623d8fbbce0, w=0x5623d8fbbce8, h=0x5623d8fbbcec) at src/modules/systray/e_mod_notifier_host_dbus.c:88
        pos = 98633
        img = 0x5623d9b22adc
        len = 262144
        imgdata = 0x5623d90a8cb0
        iter = 0x5623d9702180
        struc = 0x5623d93789b0
        tmpw = 256
        tmph = 256
#6  0x00007fb8ee6f1f00 in item_prop_get (data=0x5623d8fbbc60, key=0x5623d9b0ea94, var=0x5623d8eb76a0) at src/modules/systray/e_mod_notifier_host_dbus.c:115
        item = 0x5623d8fbbc60
#7  0x00007fb916ffa985 in eldbus_message_iter_dict_iterate (array=0x5623d8ed7f20, signature=0x7fb8ee6f49a6 "sv", cb=0x7fb8ee6f1dd2 <item_prop_get>, data=0x5623d8fbbc60) at lib/eldbus/eldbus_message_helper.c:29
        key = 0x5623d9b0ea94
        var = 0x5623d8eb76a0
        entry = 0x5623d8f3c480
        iter_sig = 0x5623d951bc70 "\240\340[\331#V"
        len = 3
        __FUNCTION__ = "eldbus_message_iter_dict_iterate"
#8  0x00007fb8ee6f2395 in props_get_all_cb (data=0x5623d8fbbc60, msg=0x5623d94e7a50, pending=0x5623d96d0e80) at src/modules/systray/e_mod_notifier_host_dbus.c:206
        error = 0x0
        error_name = 0x0
        dict = 0x5623d8ed7f20
        item = 0x5623d8fbbc60
        conn = 0x7fb91700e306
#9  0x00007fb916fe4583 in _on_proxy_message_cb (data=0x5623d8fbbc60, msg=0x5623d94e7a50, pending=0x5623d96d0e80) at lib/eldbus/eldbus_proxy.c:539
        cb = 0x7fb8ee6f22b6 <props_get_all_cb>
        proxy = 0x5623d95686f0
        __FUNCTION__ = "_on_proxy_message_cb"
#10 0x00007fb916ff3604 in eldbus_pending_dispatch (pending=0x5623d96d0e80, msg=0x5623d94e7a50) at lib/eldbus/eldbus_pending.c:255
#11 0x00007fb916ff2bb5 in cb_pending (dbus_pending=0x5623d94f9ab0, user_data=0x5623d96d0e80) at lib/eldbus/eldbus_pending.c:74
        msg = 0x5623d94e7a50
        pending = 0x5623d96d0e80
        __FUNCTION__ = "cb_pending"
#12 0x00007fb912d1a815 in  () at /usr/lib/libdbus-1.so.3
#13 0x00007fb912d1e423 in dbus_connection_dispatch () at /usr/lib/libdbus-1.so.3
#14 0x00007fb916fe8411 in eldbus_idle_enterer (data=0x5623d8adc9a0) at lib/eldbus/eldbus_core.c:785
        conn = 0x5623d8adc9a0
        status = (DBUS_DISPATCH_COMPLETE | unknown: 32764)
#15 0x00007fb9151fb733 in _ecore_call_task_cb (func=0x7fb916fe83b0 <eldbus_idle_enterer>, data=0x5623d8adc9a0) at lib/ecore/ecore_private.h:291
#16 0x00007fb9151fb79b in _ecore_factorized_idle_process (data=0x5623d89ade60, event=0x7ffd84d3ed40) at lib/ecore/ecore_idler.c:35
        idler = 0x5623d89ade60
#17 0x00007fb9113e6d5a in _event_callback_call (obj_id=0x800000000b63ec0e, pd=0x5623d89a7050, desc=0x7fb915438e00 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=0x0, legacy_compare=0 '\000') at lib/eo/eo_base_class.c:1473
        it = 0x7fb91543b930 <internal+16>
        cb = 0x5623d89a70f8
        lookup = 0x7ffd84d3ed80
        saved = {__in_list = {next = 0x0, prev = 0x0, last = 0x7ffd84d3ed80}, desc = 0x7fb915438e00 <_EFL_LOOP_EVENT_IDLE_ENTER>, current = 5}
        ev = {object = 0x800000000b63ec0e, desc = 0x7fb915438e00 <_EFL_LOOP_EVENT_IDLE_ENTER>, info = 0x0}
        idx = 6
        callback_already_stopped = 0 '\000'
        ret = 1 '\001'
        frame = {next = 0x0, idx = 6, inserted_before = 0, generation = 1}
#18 0x00007fb9113e709e in _efl_object_event_callback_call (obj_id=0x800000000b63ec0e, pd=0x5623d89a7050, desc=0x7fb915438e00 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=0x0) at lib/eo/eo_base_class.c:1557
#19 0x00007fb9113e7183 in efl_event_callback_call (obj=0x800000000b63ec0e, desc=0x7fb915438e00 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=0x0) at lib/eo/eo_base_class.c:1560
        _r = 0 '\000'
        ___cache = {index = {{klass = 0x5623d89a6430}}, entry = {{func = 0x5623d89a6f60}}, off = {{off = 64}}, op = 29, generation = 1}
        ___call = {eo_id = 0x800000000b63ec0e, obj = 0x5623d89a7010, func = 0x7fb9113e7068 <_efl_object_event_callback_call>, data = 0x5623d89a7050, extn1 = 0x0, extn2 = 0x7fb914f7909f <eina_main_loop_is+10>, extn3 = 0x7ffd84d3ee80, extn4 = 0x405f2dfd77bec237}
        _func_ = 0x7fb9113e7068 <_efl_object_event_callback_call>
#20 0x00007fb9151fb584 in _ecore_idle_enterer_call (loop=0x800000000b63ec0e) at lib/ecore/ecore_idle_enterer.c:48
#21 0x00007fb9151fef38 in _ecore_main_loop_iterate_internal (once_only=0) at lib/ecore/ecore_main.c:2309
        next_time = -1
        f = 0x0
        p = 0x0
#22 0x00007fb9151fcb86 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1299
        __FUNCTION__ = "ecore_main_loop_begin"
#23 0x00005623d7f41957 in main (argc=1, argv=0x7ffd84d77108) at src/bin/e_main.c:1079
        nostartup = 0 '\000'
        safe_mode = 0 '\000'
        after_restart = 0 '\000'
        waslocked = 0 '\000'
        t = 1504201899.9900761
        tstart = 1504201899.9900761
        s = 0x0
        buff = "1504201900.0", '\000' <repeats 19 times>
        action = {__sigaction_handler = {sa_handler = 0x5623d8089ca7 <e_sigabrt_act>, sa_sigaction = 0x5623d8089ca7 <e_sigabrt_act>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = -1073741820, sa_restorer = 0x0}
        __FUNCTION__ = "main"

Back on efl 1.20.2, enlightenment 0.21.9.

This continues to get weirder. Can you post a dbus-monitor log leading up to the crash?

I did that, attached the interesting (I hope) part of the log. It's the last few messages and related to pixmaps.

zmike raised the priority of this task from Pending on user input to Incoming Queue.Mar 9 2018, 10:24 AM

hmmm. just looking at this now. i thing i see the problem:

if (eldbus_message_iter_fixed_array_get(imgdata, 'y', &img, &len))

specifically "y". i had to look this up.. y is the signature for BYTE. not a 32bit int. (which is i or u). that means len will be in bytes... and the numbers make sense for that. 256x256 is 65536 ... but if its a 32bit images its 4 bytes per pixel so 262144. the following code assumes len is in ints (or pixel count):

unsigned int pos;

*data = malloc(len * sizeof(int));
for (pos = 0; pos < (unsigned int)len; pos++)
  (*data)[pos] = eina_swap32(img[pos]);

so that's the mistake. it crashed out not long after the 65k count pos at 98633 - so it finally went out of a mem segment at this point). valgrind also complained of invalid reads just after a segment of 344661 ... though oddly this is far bigger than 262144. i'm going to guess dbus might be using a pool of memory here for a buffer and has extended it at the end for this buffer).

anyway.... i think that makes the case for why this code is wrong. i also spot a memory leak there too as it allocates over the *data return without freeing what may have been previously allocated (and decoded by swapping bytes). ALSO the swap is unconditional. not "if it's big endian" or "little endian" ... it just always swaps. i'm going to assume the swap was there for little endian to keep wire protocol the same regardless of endianess.

I can confirm that the crash is now fixed. There are some render issues on enlightenment-git though, see attachment. Probably an unrelated, separate issue?


Only the tiny part rendered on the shelf brings up the menu on left click.

that;d be a different issue - it looks like systray is not somehow sizing up the widget of its gadget when it gets content.

rennod added a comment.EditedMar 10 2018, 10:56 AM

You want a new task for that one?

i actually have seen it myself a lot. it just didnt bother me enough to even look into it... :)

the only thing i have that ever goes into a systray is steam... so that's why it kind of is ... low on the worrying list :)

Well i usually have more stuff in the systray, so i do care :P

see the above commit :)

Thanks, looks and works correct now.