Page MenuHomePhabricator

Terminology crashes when trying to "Set title" on arch linux
Closed, ResolvedPublic

Description

I don't know if it's reproducible on other system, but terminology crashes when doing:
right click -> Set title -> type a title -> hit ok -> crash

Strange thing is that it doesn't crash when running terminology under valgrind.

I tried to debug it with valgrind valgrind --vgdb-error=1 build/src/bin/terminology

gdb trace:

(gdb) bt
#0  0x0000000004ef8e44 in _edje_user_definition_free (eud=0x1f3bbb20) at lib/edje/edje_util.c:96
#1  0x0000000005dc2f30 in _eo_evas_object_cb (data=0x1f3ab9f0, event=0x1ffeffdbb0) at lib/evas/canvas/evas_callbacks.c:184
#2  0x000000000c5b4497 in _event_callback_call (legacy_compare=1 '\001', event_info=<optimized out>, desc=<optimized out>, pd=0x1f34c780, obj_id=<optimized out>) at lib/eo/eo_base_class.c:1496
#3  0x000000000c5b4497 in _efl_object_event_callback_legacy_call (obj_id=<optimized out>, pd=0x1f34c780, desc=<optimized out>, event_info=<optimized out>) at lib/eo/eo_base_class.c:1569
#4  0x000000000c5b0811 in efl_event_callback_legacy_call (obj=0x8000001807b55d94, desc=0x61be760 <_EVAS_OBJECT_EVENT_DEL>, event_info=0x0) at lib/eo/eo_base_class.c:1572
#5  0x000000000c5b0811 in efl_event_callback_legacy_call (obj=obj@entry=0x8000001807b55d94, desc=desc@entry=0x61be760 <_EVAS_OBJECT_EVENT_DEL>, event_info=event_info@entry=0x0)
    at lib/eo/eo_base_class.c:1572
#6  0x0000000005dc3677 in evas_object_event_callback_call (eo_obj=0x8000001807b55d94, obj=0x1f34c7c0, type=EVAS_CALLBACK_DEL, event_info=<optimized out>, event_id=<optimized out>, efl_event_desc=0x61be760 <_EVAS_OBJECT_EVENT_DEL>) at lib/evas/canvas/evas_callbacks.c:404
#7  0x0000000005df9983 in _efl_canvas_object_efl_object_destructor (eo_obj=0x8000001807b55d94, obj=0x1f34c7c0) at lib/evas/canvas/evas_object_main.c:1057
#8  0x000000000c5b183d in efl_destructor (obj=0x8000001807b55d94) at lib/eo/efl_object.eo.c:58
#9  0x0000000005e09c47 in _efl_canvas_group_efl_object_destructor (eo_obj=0x8000001807b55d94, o=0x1f34c8e0) at lib/evas/canvas/evas_object_smart.c:642
#10 0x000000000c5b183d in efl_destructor (obj=0x8000001807b55d94) at lib/eo/efl_object.eo.c:58
#11 0x000000000c5b183d in efl_destructor (obj=0x8000001807b55d94) at lib/eo/efl_object.eo.c:58
#12 0x0000000005395b4b in _elm_widget_efl_object_destructor (obj=0x8000001807b55d94, sd=0x1f34c970) at lib/elementary/elm_widget.c:6233
#13 0x000000000c5b183d in efl_destructor (obj=0x8000001807b55d94) at lib/eo/efl_object.eo.c:58
#14 0x000000000c5aa496 in _efl_del_internal (file=0xc5b6e13 "lib/eo/eo.c", line=641, func_name=<synthetic pointer>, obj=<optimized out>) at lib/eo/eo_private.h:260
#15 0x000000000c5aa496 in _efl_unref_internal (file=0xc5b6e13 "lib/eo/eo.c", line=641, func_name=<synthetic pointer>, obj=<optimized out>) at lib/eo/eo_private.h:335
#16 0x000000000c5aa496 in _efl_object_call_end (call=0x1ffeffe060) at lib/eo/eo.c:641
#17 0x000000000c5b081c in efl_event_callback_legacy_call (obj=<optimized out>, desc=0x61be690 <_EFL_UI_EVENT_CLICKED>, event_info=0x0) at lib/eo/eo_base_class.c:1572
#18 0x0000000004edd4cb in edje_match_callback_exec_check_finals (prop=<optimized out>, ed=0x1d12b870, source=0xaaaaaaaaaaaaaaab <error: Cannot access memory at address 0xaaaaaaaaaaaaaaab>, sig=0x1f343530 " 54\037", source_states=<optimized out>, signal_states=<optimized out>, matches=<optimized out>, ssp=0x1d12b870) at lib/edje/edje_match.c:556
#19 0x0000000004edd4cb in edje_match_callback_exec (ssp=ssp@entry=0x1d12b870, matches=<optimized out>, sig=sig@entry=0x17d6c43c "elm,action,click", source=source@entry=0x1eee6840 "elm", ed=ed@entry=0x1f343530, prop=prop@entry=0 '\000') at lib/edje/edje_match.c:711
#20 0x0000000004ee4ae8 in _edje_emit_cb (prop=0 '\000', data=0x0, src=0x1eee6840 "elm", sig=0x17d6c43c "elm,action,click", ed=0x1f343530) at lib/edje/edje_program.c:1674
#21 0x0000000004ee4ae8 in _edje_emit_handle (ed=0x1f343530, sig=0x17d6c43c "elm,action,click", src=0x1eee6840 "elm", sdata=0x0, prop=0 '\000') at lib/edje/edje_program.c:1626
#22 0x0000000004edf05f in _edje_message_queue_process () at lib/edje/edje_message_queue.c:898
#23 0x0000000004edf22a in _edje_message_queue_process () at lib/edje/edje_message_queue.c:864
#24 0x0000000004edf22a in _edje_job (data=<optimized out>) at lib/edje/edje_message_queue.c:265
#25 0x0000000006204a3b in _ecore_job_event_handler (data=<optimized out>, type=<optimized out>, ev=<optimized out>) at lib/ecore/ecore_job.c:98
#26 0x0000000006200101 in _ecore_call_handler_cb (event=<optimized out>, type=<optimized out>, data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:325
#27 0x0000000006200101 in _ecore_event_call () at lib/ecore/ecore_events.c:518
#28 0x0000000006207fab in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2398
#29 0x0000000006208317 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1299
#30 0x0000000000128d63 in elm_main (argc=1, argv=0x1fff0006e8) at ../src/bin/main.c:983
#31 0x0000000000128e7c in main (argc=1, argv=0x1fff0006e8) at ../src/bin/main.c:1022

valgrind:

==5132== Memcheck, a memory error detector
==5132== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==5132== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==5132== Command: build/src/bin/terminology
==5132==
==5132==
==5132== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==5132==   /path/to/gdb build/src/bin/terminology
==5132== and then give GDB the following command
==5132==   target remote | /usr/lib/valgrind/../../bin/vgdb --pid=5132
==5132== --pid is optional if only one valgrind process is running
==5132==
==5132== Thread 4 Eanimator-timer:
==5132== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s)
==5132==    at 0x7DC35E6: epoll_pwait (in /usr/lib/libc-2.26.so)
==5132==    by 0x61FE5A9: _timer_tick_core (ecore_anim.c:249)
==5132==    by 0x621DDF1: _ecore_direct_worker (ecore_thread.c:475)
==5132==    by 0x56EFE6E: _eina_internal_call (eina_thread.c:148)
==5132==    by 0x5937089: start_thread (in /usr/lib/libpthread-2.26.so)
==5132==    by 0x7DC347E: clone (in /usr/lib/libc-2.26.so)
==5132==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==5132==
==5132== (action on error) vgdb me ...
==5132== Continuing ...
==5132== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s)
==5132==    at 0x7DC35E6: epoll_pwait (in /usr/lib/libc-2.26.so)
==5132==    by 0x61FE45B: _timer_tick_core (ecore_anim.c:238)
==5132==    by 0x621DDF1: _ecore_direct_worker (ecore_thread.c:475)
==5132==    by 0x56EFE6E: _eina_internal_call (eina_thread.c:148)
==5132==    by 0x5937089: start_thread (in /usr/lib/libpthread-2.26.so)
==5132==    by 0x7DC347E: clone (in /usr/lib/libc-2.26.so)
==5132==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==5132==
==5132== (action on error) vgdb me ...
==5132== Continuing ...
==5132== Thread 1:
==5132== Invalid read of size 8
==5132==    at 0x4EF8E44: _edje_user_definition_free (edje_util.c:96)
==5132==    by 0x5DC2F2F: _eo_evas_object_cb (evas_callbacks.c:184)
==5132==    by 0xC5B4496: _event_callback_call (eo_base_class.c:1496)
==5132==    by 0xC5B4496: _efl_object_event_callback_legacy_call (eo_base_class.c:1569)
==5132==    by 0xC5B0810: efl_event_callback_legacy_call (eo_base_class.c:1572)
==5132==    by 0xC5B0810: efl_event_callback_legacy_call (eo_base_class.c:1572)
==5132==    by 0x5DC3676: evas_object_event_callback_call (evas_callbacks.c:404)
==5132==    by 0x5DF9982: _efl_canvas_object_efl_object_destructor (evas_object_main.c:1057)
==5132==    by 0xC5B183C: efl_destructor (efl_object.eo.c:58)
==5132==    by 0x5E09C46: _efl_canvas_group_efl_object_destructor (evas_object_smart.c:642)
==5132==    by 0xC5B183C: efl_destructor (efl_object.eo.c:58)
==5132==    by 0xC5B183C: efl_destructor (efl_object.eo.c:58)
==5132==    by 0x5395B4A: _elm_widget_efl_object_destructor (elm_widget.c:6233)
==5132==  Address 0x1f3bbb30 is 16 bytes inside a block of size 40 free'd
==5132==    at 0x4C2E14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5132==    by 0x4ED0728: _edje_file_del (edje_load.c:1906)
==5132==    by 0x4EED33D: _edje_object_efl_canvas_group_group_del (edje_smart.c:156)
==5132==    by 0x5E0654C: efl_canvas_group_del (evas_object_smart.c:1656)
==5132==    by 0x5E094C0: evas_object_smart_del (evas_object_smart.c:1102)
==5132==    by 0x5DF9DB8: _efl_canvas_object_efl_object_destructor (evas_object_main.c:1114)
==5132==    by 0xC5B183C: efl_destructor (efl_object.eo.c:58)
==5132==    by 0x5E09C46: _efl_canvas_group_efl_object_destructor (evas_object_smart.c:642)
==5132==    by 0xC5B183C: efl_destructor (efl_object.eo.c:58)
==5132==    by 0x4EECBF3: _edje_object_efl_object_destructor (edje_smart.c:59)
==5132==    by 0xC5B183C: efl_destructor (efl_object.eo.c:58)
==5132==    by 0xC5AA495: _efl_del_internal (eo_private.h:260)
==5132==    by 0xC5AA495: _efl_unref_internal (eo_private.h:335)
==5132==    by 0xC5AA495: _efl_object_call_end (eo.c:641)
==5132==  Block was alloc'd at
==5132==    at 0x4C2CE5F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5132==    by 0x4EF109D: _edje_user_definition_new (edje_util.c:69)
==5132==    by 0x4EFA2BC: _edje_efl_container_content_set (edje_util.c:2742)
==5132==    by 0x4F001B6: _efl_canvas_layout_internal_swallow_efl_container_content_set (edje_part_swallow.c:21)
==5132==    by 0xC36CA74: efl_content_set (efl_container.eo.c:5)
==5132==    by 0x4ED3240: _edje_object_file_set_internal (edje_load.c:1598)
==5132==    by 0x4EEAA87: _edje_object_efl_file_mmap_set (edje_smart.c:451)
==5132==    by 0xC359090: efl_file_mmap_set (efl_file.eo.c:1)
==5132==    by 0x535E60E: _elm_theme_set.part.3 (elm_theme.c:312)
==5132==    by 0x538D1D5: _elm_widget_theme_object_set (elm_widget.c:4116)
==5132==    by 0x53863F0: elm_obj_widget_theme_object_set (elm_widget.eo.c:154)
==5132==    by 0x52F3C4D: _elm_layout_theme_internal (elm_layout.c:360)
==5132==
==5132== (action on error) vgdb me ...
billiob closed this task as Resolved.Mar 10 2018, 12:32 PM
billiob claimed this task.

I've been doing it quite a few times today to test stuff and it worked all the time.