Page MenuHomePhabricator

Moving gadgets crashes E
Closed, ResolvedPublic

Description

Alt+click on a gadget > move it > crash with:

(gdb) bt
#0  0xb7f10cd9 in __kernel_vsyscall ()
#1  0xb6fd75e2 in raise () at /usr/lib/libc.so.6
#2  0xb6fd8b22 in abort () at /usr/lib/libc.so.6
#3  0xb7d6aa76 in eina_log_print_unlocked (domain=, level=, file=, fnc=0xb68d895c  "efl_unref", line=1920, fmt=0xb68d82f0 "Obj:%s@%p. User refcount (%d) ) at lib/eina/eina_log.c:1420
#4  0xb7d6bdd1 in eina_log_print (domain=33, level=EINA_LOG_LEVEL_CRITICAL, file=0xb68d75fa "lib/eo/eo.c", fnc=0xb68d895c  "efl_unref", line=1920, fmt=0xb68d82f0 "Obj:%s@%p. User refcount (%d) ) at lib/evas/canvas/evas_object_main.c:1043
#10 0x004c475f in _site_drop (data=0x17a8bd0, obj=0x80008dcc, event_info=0x8000b3bd) at ../src/bin/e_gadget.c:1483
#11 0xb794f0ff in _eo_evas_smart_cb (data=0x17d4360, event=0xbfd1856c) at lib/evas/canvas/evas_object_smart.c:78
#12 0xb68d46ee in _event_callback_call (legacy_compare=1 '\001', event_info=0x8000b3bd, desc=0x1769a10, pd=0x17d4018, obj_id=0x80008dcc) at lib/eo/eo_base_class.c:1694
#13 0xb68d46ee in _efl_object_event_callback_legacy_call (obj_id=0x80008dcc, pd=0x17d4018, desc=0x1769a10, event_info=0x8000b3bd) at lib/eo/eo_base_class.c:1767
#14 0xb68cec67 in efl_event_callback_legacy_call (obj=0x80008dcc, desc=0x1769a10, event_info=0x8000b3bd) at lib/eo/eo_base_class.c:1770
#15 0xb68cec67 in efl_event_callback_legacy_call (obj=0x80008dcc, desc=0x1769a10, event_info=0x8000b3bd) at lib/eo/eo_base_class.c:1770
#16 0xb79509c6 in evas_object_smart_callback_call (eo_obj=, event=, event_info=) at lib/evas/canvas/evas_object_smart.c:1043
#17 0x004c1c30 in _editor_pointer_button (active=0x24d27d0, t=18, ev=0x23fd350) at ../src/bin/e_gadget.c:2696
#18 0xb7c825b1 in _ecore_event_message_handler_efl_loop_message_handler_message_call (obj=0x800002b4, pd=0x133eb00, message=0x8002772a) at lib/ecore/ecore_event_message_handler.c:359
#19 0xb7c89a47 in efl_loop_message_handler_message_call (obj=0x800002b4, message=0x8002772a) at lib/ecore/efl_loop_message_handler.eo.c:14
#20 0xb7c855fd in _efl_loop_message_process (obj=0x8000002f, pd=0x1339f18) at lib/ecore/efl_loop.c:633
#21 0xb7c84099 in efl_loop_message_process (obj=0x8000002f) at lib/ecore/efl_loop.c:663
#22 0xb7c7ed8d in _ecore_main_loop_iterate_internal (obj=obj@entry=0x8000002f, pd=pd@entry=0x1339f18, once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2432
#23 0xb7c7f67b in _ecore_main_loop_begin (obj=0x8000002f, pd=0x1339f18) at lib/ecore/ecore_main.c:1175
#24 0xb7c8552d in _efl_loop_begin (obj=0x8000002f, pd=0x1339f18) at lib/ecore/efl_loop.c:83
#25 0xb7c84376 in efl_loop_begin (obj=0x8000002f) at lib/ecore/efl_loop.eo.c:28
#26 0xb7c7f77a in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1248
#27 0x00436b73 in main (argc=, argv=) at ../src/bin/e_main.c:1090
ApB created this task.Jun 6 2018, 2:34 AM
zmike added a subscriber: bu5hm4n.Jun 6 2018, 7:21 AM

To elaborate, this happens only when dragging a gadget from a bar to the desktop.

@bu5hm4n I think this is valid use of API in the application side, can you check it out?

ApB added a comment.Jun 6 2018, 7:24 AM
In T6987#115381, @zmike wrote:

To elaborate, this happens only when dragging a gadget from a bar to the desktop.

@bu5hm4n I think this is valid use of API in the application side, can you check it out?

happens without the gadget leaving the luncer area.

zmike edited projects, added efl; removed Restricted Project.Jun 6 2018, 7:26 AM
zmike triaged this task as Showstopper Issues priority.
zmike edited projects, added Restricted Project; removed efl.Jun 11 2018, 6:50 AM
zmike edited projects, added efl: data types, efl: rendering; removed Restricted Project.Jun 11 2018, 7:06 AM
In T6987#115381, @zmike wrote:

To elaborate, this happens only when dragging a gadget from a bar to the desktop.

@bu5hm4n I think this is valid use of API in the application side, can you check it out?

Not true. It happens for me on any drag.. even just dragging the gadget within the bar.

stephenmhouston added a comment.EditedJun 13 2018, 12:36 PM

More detail:

Thread 1 (Thread 0x7f4920b5c940 (LWP 1877)):
#0  0x00007f491ff907f2 in pause () at /lib64/libpthread.so.0
#1  0x00000000005f179d in e_alert_show () at ../src/bin/e_alert.c:43
#2  0x000000000057f76c in _e_crash () at ../src/bin/e_signals.c:81
#3  0x000000000057f817 in e_sigabrt_act (x=6, info=0x7ffede470270, data=0x7ffede470140) at ../src/bin/e_signals.c:127
#4  0x00007f491ff911b0 in <signal handler called> () at /lib64/libpthread.so.0
#5  0x00007f491bf1b660 in raise () at /lib64/libc.so.6
#6  0x00007f491bf1cc41 in abort () at /lib64/libc.so.6
#7  0x00007f49201c7fc5 in eina_log_print_unlocked (domain=<optimized out>, level=EINA_LOG_LEVEL_CRITICAL, file=0x7f4919c6edfa "lib/eo/eo.c", fnc=0x7f4919c70258 <__FUNCTION__.15043> "efl_unref", line=<optimized out>, fmt=0x7f4919c6fb28 "Obj:%s@%p. User refcount (%d) < 0. Too many unrefs.", args=0x7ffede471198) at lib/eina/eina_log.c:1420
        name = <optimized out>
        d = <optimized out>
#8  0x00007f49201c925f in eina_log_print (domain=33, level=level@entry=EINA_LOG_LEVEL_CRITICAL, file=file@entry=0x7f4919c6edfa "lib/eo/eo.c", fnc=fnc@entry=0x7f4919c70258 <__FUNCTION__.15043> "efl_unref", line=line@entry=1920, fmt=fmt@entry=0x7f4919c6fb28 "Obj:%s@%p. User refcount (%d) < 0. Too many unrefs.") at lib/eina/eina_log.c:2259
        args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffede4712b8, reg_save_area = 0x7ffede4711b0}}
#9  0x00007f4919c62bfc in efl_unref (obj_id=obj_id@entry=0x4000001ab411) at lib/eo/eo.c:1919
        obj = 0x19d3010
        __FUNCTION__ = "efl_unref"
#10 0x00007f4919c6dd74 in _efl_object_parent_set (obj=0x4000001ab411, pd=0x19d3050, parent_id=<optimized out>) at lib/eo/eo_base_class.c:780
        prev_parent = 0x4000001ac014
        bad_parent = <optimized out>
        __FUNCTION__ = "_efl_object_parent_set"
        eo_obj = 0x19d3010
#11 0x00007f4919c673af in efl_parent_set (obj=obj@entry=0x4000001ab411, parent=parent@entry=0x0) at lib/eo/efl_object.eo.c:12
        ___op = 2
        ___generation = 1
        ___call = {eo_id = 0x4000001ab411, obj = 0x19d3010, func = 0x7f4919c6da30 <_efl_object_parent_set>, data = 0x19d3050, extn1 = 0x4000001ab411, extn2 = 0x1499090, extn3 = 0x4000001ab411, extn4 = 0x14b1fb0}
        _func_ = <optimized out>
#12 0x00007f4919c6de56 in efl_del (obj=0x4000001ab411) at lib/eo/eo_base_class.c:687
        oid = 0x19d3010
        __FUNCTION__ = "efl_del"
#13 0x00000000005047e3 in _site_drop (data=0x148af00, obj=0x40000006ccdb, event_info=0x40000010b7de) at ../src/bin/e_gadget.c:1483
        ll = 0x14dab50
        pre = 1 '\001'
        zgs = 0x148af00
        drop = 0x196c860
        l = 0x1365c00
        zgc = 0x148d700
        dzgc = 0x148d000
        mx = 1787
        my = 1067
        x = 1782
        y = 1044
        w = 36
        h = 36
#14 0x00007f4919c6c297 in _event_callback_call (legacy_compare=1 '\001', event_info=<optimized out>, desc=<optimized out>, pd=0x14ce470, obj_id=<optimized out>) at lib/eo/eo_base_class.c:1694
        ev = {object = 0x40000006ccdb, desc = 0x1499090, info = 0x40000010b7de}
        ret = 1 '\001'
        frame = {next = 0x0, idx = 10, inserted_before = 0, generation = 1}
        cb = <optimized out>
        lookup = 0x0
        saved = {__in_list = {next = 0x4000001ac014, prev = 0x40000006ccdb, last = 0x40000006ccdb}, desc = 0x7ffede471610, current = 35}
        idx = 10
        callback_already_stopped = 0 '\000'
#15 0x00007f4919c6c297 in _efl_object_event_callback_legacy_call (obj_id=<optimized out>, pd=0x14ce470, desc=<optimized out>, event_info=<optimized out>) at lib/eo/eo_base_class.c:1767
#16 0x00007f4919c672e7 in efl_event_callback_legacy_call (obj=0x40000006ccdb, desc=0x1499090, event_info=0x40000010b7de) at lib/eo/eo_base_class.c:1770
        _r = <optimized out>
        ___op = 35
        ___generation = 1
        ___call = {eo_id = 0x40000006ccdb, obj = 0x14ce430, func = 0x7f4919c6bf10 <_efl_object_event_callback_legacy_call>, data = 0x14ce470, extn1 = 0x40000006ccdb, extn2 = 0x40000010b7de, extn3 = 0x14ce4c0, extn4 = 0x7f491e9eaf87 <_efl_canvas_object_efl_object_event_callback_legacy_call+247>}
        _func_ = <optimized out>
#17 0x00007f4919c672e7 in efl_event_callback_legacy_call (obj=0x40000006ccdb, desc=0x1499090, event_info=0x40000010b7de) at lib/eo/eo_base_class.c:1770
        _r = <optimized out>
        ___op = 35
        ___generation = 1
        ___call = {eo_id = 0x40000006ccdb, obj = 0x14ce430, func = 0x7f491e9eae90 <_efl_canvas_object_efl_object_event_callback_legacy_call>, data = 0x14ce4c0, extn1 = 0x9, extn2 = 0x7f4919c6c38d <efl_object_legacy_only_event_description_get+45>, extn3 = 0x14dab50, extn4 = 0x40000006ccdb}
        _func_ = <optimized out>
#18 0x000000000050a192 in _editor_pointer_button (active=0x12f8940, t=18, ev=0x194e9a0) at ../src/bin/e_gadget.c:2696
        zgc = 0x16443f0
        z = 0x148d000
        l = 0x0
        x = 1770
        y = 1050
        w = 1906
        h = 36
        zgs = 0x196c860
        zzgs = 0x148af00
#19 0x00007f491f8e8169 in _ecore_event_message_handler_efl_loop_message_handler_message_call (obj=0x40000000172c, pd=0xfae070, message=0x400000177167) at lib/ecore/ecore_event_message_handler.c:359
        h = 0x17f1280
        type = 18
        data = 0x194e9a0
        free_func = 0x0
        free_data = 0x0
        fn_free = 0x0
        l = <optimized out>
        l2 = <optimized out>
        handled = 9
#20 0x00007f491f8ee80f in efl_loop_message_handler_message_call (obj=0x40000000172c, message=0x400000177167) at lib/ecore/efl_loop_message_handler.eo.c:14
        ___op = 135
        ___generation = 1
        ___call = {eo_id = 0x40000000172c, obj = 0xfadfd0, func = 0x7f491f8e80b0 <_ecore_event_message_handler_efl_loop_message_handler_message_call>, data = 0xfae070, extn1 = 0xfa6f10, extn2 = 0x7f491f8e7fd7 <_ecore_event_filters_call+71>, extn3 = 0x0, extn4 = 0x7ffede471800}
        _func_ = <optimized out>
#21 0x00007f491f8eadb9 in _efl_loop_message_process (obj=<optimized out>, pd=0xfa6f10) at lib/ecore/efl_loop.c:633
        msg = 0x1510f90
        pd = 0xfa6f10
        obj = <optimized out>
#22 0x00007f491f8e9c97 in efl_loop_message_process (obj=obj@entry=0x400000000327) at lib/ecore/efl_loop.c:663
        _r = <optimized out>
        ___op = 103
        ___generation = 1
        ___call = {eo_id = 0x400000000327, obj = 0xfa6e50, func = 0x7f491f8ead20 <_efl_loop_message_process>, data = 0xfa6f10, extn1 = 0x10000240400, extn2 = 0xfa6f10, extn3 = 0x400000000327, extn4 = 0x7f491fb2fd20 <_mainloop_singleton>}
        _func_ = <optimized out>
#23 0x00007f491f8e4d1f in _ecore_main_loop_iterate_internal (obj=obj@entry=0x400000000327, pd=pd@entry=0xfa6f10, once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2432
        next_time = <optimized out>
#24 0x00007f491f8e558d in _ecore_main_loop_begin (obj=0x400000000327, pd=pd@entry=0xfa6f10) at lib/ecore/ecore_main.c:1175
#25 0x00007f491f8eace9 in _efl_loop_begin (obj=<optimized out>, pd=0xfa6f10) at lib/ecore/efl_loop.c:83
#26 0x00007f491f8e9ec7 in efl_loop_begin (obj=0x400000000327) at lib/ecore/efl_loop.eo.c:28
        _r = <optimized out>
        ___op = 92
        ___generation = 1
        ___call = {eo_id = 0x400000000327, obj = 0xfa6e50, func = 0x7f491f8eace0 <_efl_loop_begin>, data = 0xfa6f10, extn1 = 0x0, extn2 = 0x0, extn3 = 0x7ffede4a9a70, extn4 = 0x43d690 <_start>}
        _func_ = <optimized out>
#27 0x00007f491f8e5657 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1248
        __FUNCTION__ = "ecore_main_loop_begin"
#28 0x00000000005485a0 in main (argc=1, argv=0x7ffede4a9b58) at ../src/bin/e_main.c:1090
        nostartup = 0 '\000'
        safe_mode = 0 '\000'
        waslocked = 0 '\000'
        strshare = 0xf7896c "/usr\334h\334\nI\177"
        t = 1528918392.985498
        tstart = 1528918392.985498
        s = 0x0
        buff = "1528918393.0\000\000\000\000\001\000\000\000\000\000\000\000\255\060_\000\000\000\000"
        action = {__sigaction_handler = {sa_handler = 0x57f7ff <e_sigabrt_act>, sa_sigaction = 0x57f7ff <e_sigabrt_act>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = -1073741820, sa_restorer = 0x11c30}
        __FUNCTION__ = "main"

@bu5hm4n can you switch gears and make this a top priority? I think this is likely to be causing some other regressions...

Okay, so i am dropping my work on the scroller popup thing for now

Yes, I think scroller popup should be a "nice to have fixed by 1.21 but not by alpha" item.

bu5hm4n claimed this task.Jun 23 2018, 3:51 AM

Okay, so what is happening here is:

evas_object_del gets called on the gadgets of the bar (we are in dnd mode, so |gadgets| == 1)
while this call, _gadget_del is getting executed, (Which is correct IMO)
Which calls e_obj_del, which executes _gadget_object_free.
_gadget_object_free then deletes all displays which is the same object than the gadget itself ... and thus we are having too many unrefs.

Are you actaully sure this ever worked like this? Remeber, before this message was a error not a crit, so wasnt resulting in a raise() but rather just in a error...

Adding a evas_object_ref to the line where both fields are assigned to the same field works fine here, (and shows other errors)

zmike added a comment.Jun 23 2018, 7:39 AM

Yes, I'm 100% sure it worked for a couple of years without issue. Historically, evas_object_del has been able to be called multiple times on an object in quick succession without issues or errors--that's just how the API worked. Elementary internals relied heavily on this behavior.

Well it still works, its just that now a error message is raised, which is fine i think, the matter that this is a critical error might be discussed. But the base behaviour is complete fine IMO.

zmike closed this task as Resolved.Jun 25 2018, 9:38 AM