#615 Segfault in gtk/fm-thumbnail.c

1.1
closed-fixed
libfm (303)
7
2012-10-20
2012-09-26
dforsi
No

Sometimes the pcman's windows disappears.

I've seen segfaults reported in dmesg
[96394.067053] pcmanfm[19076]: segfault at 0 ip 09181100 sp bfc865fc error 4
[96630.704359] pcmanfm[22437]: segfault at 1 ip 08d2b340 sp bf814c5c error 6

and running under gdb I got this:

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0 0x00000000 in ?? ()
#1 0xb7e78a12 in on_ready_idle (user_data=0x0) at gtk/fm-thumbnail.c:170
#2 0xb73ce0f0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#3 0xb73d0633 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#4 0xb73d09d0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5 0xb73d0e2b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
#6 0xb7b04ad0 in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#7 0x08052b8e in main (argc=1, argv=0xbffff584) at pcmanfm.c:232

I'm using the GIT version with HEAD of September 24th 5ec1fbf4a73cc2e6565ffc198c17250d541f164a

Discussion

  • Lonely Stranger

    Lonely Stranger - 2012-09-26

    Thank you very much for testing!
    This is very strange since that code pointer should be never NULL as it is (0x00000000).
    It would be very good if you could reproduce the bug and tell us how it could be reproduced.
    Thanks again.

     
  • Lonely Stranger

    Lonely Stranger - 2012-09-26
    • priority: 5 --> 7
    • assigned_to: nobody --> lstranger
     
  • Lonely Stranger

    Lonely Stranger - 2012-09-27

    I've added gdk_threads_enter/gdk_threads_leave into code. It may fix it somehow. Not likely though but possibility still exists as it was the only weak place in there which I've found.

     
  • dforsi

    dforsi - 2012-09-27

    It still segfaults in the same function:
    Program received signal SIGSEGV, Segmentation fault.
    0x00000000 in ?? ()
    (gdb) bt
    #0 0x00000000 in ?? ()
    #1 0xb7e78a32 in on_ready_idle (user_data=0x0) at gtk/fm-thumbnail.c:171
    #2 0xb73ce0f0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #3 0xb73d0633 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #4 0xb73d09d0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #5 0xb73d0e2b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #6 0xb7b04ad0 in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
    #7 0x08052b8e in main (argc=1, argv=0xbffff584) at pcmanfm.c:232

    I found a way to reproduce the crash most of the time but not always:

    in one terminal:
    killall pcmanfm
    gdb --args pcmanfm --desktop --profile LXDE

    in another terminal:
    mkdir -p /tmp/test
    rm -f /tmp/test/* && for f in $(seq 1 15); do cp myfile.pdf /tmp/test/$f; done
    pcmanfm /tmp/test/

    Contents of PDF file don't matter and sometimes just 5 files are eonugh to get a segfault.

    Sometimes I get other crashes, possibly unrelated:

    Program received signal SIGSEGV, Segmentation fault.
    0xb5b12426 in ?? ()
    (gdb) bt
    #0 0xb5b12426 in ?? ()
    #1 0x00000000 in ?? ()

    And:

    Program received signal SIGSEGV, Segmentation fault.
    0xb73eba72 in g_slice_alloc () from /lib/i386-linux-gnu/libglib-2.0.so.0
    (gdb) bt
    #0 0xb73eba72 in g_slice_alloc () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #1 0xb77238d6 in pango_font_description_copy_static () from /usr/lib/i386-linux-gnu/libpango-1.0.so.0
    #2 0xb77299ad in ?? () from /usr/lib/i386-linux-gnu/libpango-1.0.so.0
    #3 0xb7729cf5 in ?? () from /usr/lib/i386-linux-gnu/libpango-1.0.so.0
    #4 0xb772ba92 in pango_itemize_with_base_dir () from /usr/lib/i386-linux-gnu/libpango-1.0.so.0
    #5 0xb7733ab6 in ?? () from /usr/lib/i386-linux-gnu/libpango-1.0.so.0
    #6 0xb7734c74 in ?? () from /usr/lib/i386-linux-gnu/libpango-1.0.so.0
    #7 0xb77351c8 in pango_layout_get_pixel_extents () from /usr/lib/i386-linux-gnu/libpango-1.0.so.0
    #8 0xb773522e in pango_layout_get_pixel_size () from /usr/lib/i386-linux-gnu/libpango-1.0.so.0
    #9 0xb7e7278b in fm_cell_renderer_text_render (cell=0x8099270, window=0x81c72c8, widget=0x81de0e0, background_area=0xbfffeab0, cell_area=0xbfffeab0,
    expose_area=0xbfffeb60, flags=0) at gtk/fm-cell-renderer-text.c:167
    #10 0xb7a5356d in gtk_cell_renderer_render () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
    #11 0xb7e52637 in exo_icon_view_paint_item (icon_view=icon_view@entry=0x81de0e0, item=item@entry=0x8201058, area=area@entry=0xbfffeb60, drawable=0x81c72c8,
    x=7, y=7, draw_focus=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at gtk/exo/exo-icon-view.c:4029
    #12 0xb7e59bb5 in exo_icon_view_expose_event (widget=0x81de0e0, event=0xbffff08c) at gtk/exo/exo-icon-view.c:1920
    #13 0xb7b078a2 in ?? () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
    #14 0xb7491ced in ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
    #15 0xb7492e56 in g_closure_invoke () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
    #16 0xb74a45f0 in ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
    #17 0xb74ac861 in g_signal_emit_valist () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
    #18 0xb74acca3 in g_signal_emit () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
    #19 0xb7c3edab in ?? () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
    #20 0xb7b0603c in gtk_main_do_event () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
    #21 0xb792c647 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
    #22 0xb792c6a7 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
    #23 0xb792c6a7 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
    #24 0xb795ea43 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
    #25 0xb79270dd in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
    #26 0xb792946f in gdk_window_process_all_updates () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
    #27 0xb79294e8 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
    #28 0xb7904584 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
    #29 0xb73ce0f0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #30 0xb73d0633 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #31 0xb73d09d0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #32 0xb73d0e2b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #33 0xb7b04ad0 in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
    #34 0x08052b8e in main (argc=1, argv=0xbffff5a4) at pcmanfm.c:232

     
  • Lonely Stranger

    Lonely Stranger - 2012-09-27

    Thank you very much for steps to reproduce. Unfortunately I still cannot reproduce crash, I've tried may be ten times at least. Running under valgrind gave me no errors either (to be correct, there were 2 memory errors - one inside of gdk_pixbuf_new_from_file() and other inside of gdk_cairo_set_source_pixbuf(), those should be gixed by GDK people but at the worst we can get some garbage on image from those errors anyway). I'll try to reproduce it on other machine yet. It may be glib specific error and I've got here glib 2.30 with gtk 2.24.6. What versions of glib and gtk do you use?

     
  • dforsi

    dforsi - 2012-09-28

    I'm using
    libglib2.0-0:i386 2.32.3-1
    libgtk2.0-0:i386 2.24.10-2

     
  • Lonely Stranger

    Lonely Stranger - 2012-09-28

    Isn't it debian testing? I've got the same versions on debian testing. :)
    Unfortunately I could not catch any crash on debian testing too. :(
    I'm afraid I need your help in debug by running it under valgrind then letting me to see its log. I'm using it such way:

    G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v -v -v -v --partial-loads-ok=yes --track-origins=yes --trace-children=yes --read-var-info=yes --smc-check=all --log-file=.vglog ./pcmanfm --desktop

    It will generate log file .vglog of size few tens of kB. Thank you very much.

     
  • dforsi

    dforsi - 2012-10-02

    Output of valgrind at time of segfault

     
  • dforsi

    dforsi - 2012-10-02

    Yes, Debian testing.

    Valgrind showed some use after free; see attached file.

     
  • Lonely Stranger

    Lonely Stranger - 2012-10-03

    Thank you for the log! The logic is such that should never happen. Since that happens - the logic fails. I've updated two places where it might fail, change is in the Git now. Check if that fixed the problem, please! Thank you very much!

     
  • Lonely Stranger

    Lonely Stranger - 2012-10-13

    Please, let me know whether it's fixed or not. Thank you very much.

     
  • dforsi

    dforsi - 2012-10-13

    Memcheck assertion failed

     
  • dforsi

    dforsi - 2012-10-13

    Uninitialised values

     
  • dforsi

    dforsi - 2012-10-13

    It still segfaults as of today with revision a840fc6268f464259fa1dc19795646f73382bd32 of libfm but I can't get useful output from valgrind.

    From gdb I get:
    Program received signal SIGSEGV, Segmentation fault.
    fm_file_info_unref (fi=0x2) at base/fm-file-info.c:562
    562 if (g_atomic_int_dec_and_test(&fi->n_ref))
    (gdb) bt
    #0 fm_file_info_unref (fi=0x2) at base/fm-file-info.c:562
    #1 0xb7e78122 in fm_thumbnail_request_free (req=0x81e6200) at gtk/fm-thumbnail.c:155
    #2 0xb7e78185 in on_ready_idle (user_data=0x0) at gtk/fm-thumbnail.c:174
    #3 0xb73cc0f0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #4 0xb73ce633 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #5 0xb73ce9d0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #6 0xb73cee2b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
    #7 0xb7b02ad0 in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
    #8 0x08052bdb in main (argc=1, argv=0xbffff554) at pcmanfm.c:234

    Sometimes I get an error from valgrind itself (see "valgrind error.txt" attached) and sometimes I get nothing; if I Ctrl-C the program I get erorrs about uninitialised values (see "uninitialised values.txt" attached).

    I tried with

    G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v -v -v -v --partial-loads-ok=yes --track-origins=yes --trace-children=yes --read-var-info=yes --smc-check=all --log-file=.vglog ../pcmanfm/src/pcmanfm --desktop

    and then running pcmanfm /tmp/test/ from another terminal.

     
  • Lonely Stranger

    Lonely Stranger - 2012-10-13

    I've made some changes in requests processing again. Test it, please. I hope it's fixed at last.
    Thank you very much!

     
  • Sérgio Cipolla

    Sérgio Cipolla - 2012-10-14

    I was having this crash too when loading many thumbnails but with latest libfm it's working (no crashes so far).

     
  • dforsi

    dforsi - 2012-10-20

    Work for me too since commit 7610233825d2bf2db4deacfc49c6388abc50b040 of Oct 14th, so closing this bug report.

     
  • dforsi

    dforsi - 2012-10-20
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks