On Tue, Mar 30, 2010 at 01:18:18PM +0200, Julien Danjou wrote:
> I'd suggest to grab awesome source, and build them. You can install
> build-deps with: apt-get build-dep awesome on Debian.
>
> Then launch a X server:
> X :1
> export DISPLAY=:1
> ulimit -c unlimited
> /path/to/your/compiled/awesome
After doing this and running awesome for a while, I started to think
that the recompilation somehow fixed the bug. But today, I actually got
a crash again, and captured the core file.
(The version used is v3.4.4, ie. git commit 33fae259)
First, because I started awesome from a terminal, I noticed the
following debugging output:
*** glibc detected *** /home/jan/downloads/awesome/awesome/awesome: double free
or corruption (out): 0x0000000000d31f50 ***
======= Backtrace: =========
/lib/libc.so.6[0x7fadf6d58d16]
/lib/libc.so.6(cfree+0x6c)[0x7fadf6d5d9bc]
/home/jan/downloads/awesome/awesome/awesome[0x4117df]
/usr/lib/liblua5.1.so.0[0x7fadf792ea56]
/usr/lib/liblua5.1.so.0[0x7fadf792ef69]
/usr/lib/liblua5.1.so.0[0x7fadf793078f]
/usr/lib/liblua5.1.so.0[0x7fadf7930e18]
/usr/lib/liblua5.1.so.0[0x7fadf792e647]
/usr/lib/liblua5.1.so.0(lua_close+0x60)[0x7fadf7935ac0]
/home/jan/downloads/awesome/awesome/awesome(awesome_atexit+0x136)[0x40fe86]
/home/jan/downloads/awesome/awesome/awesome(awesome_restart+0x9)[0x410719]
/home/jan/downloads/awesome/awesome/awesome[0x419b9e]
/home/jan/downloads/awesome/awesome/awesome[0x40fb4d]
/usr/lib/libev.so.3(ev_invoke_pending+0x61)[0x7fadf7b504d1]
/usr/lib/libev.so.3(ev_loop+0x66d)[0x7fadf7b5508d]
/home/jan/downloads/awesome/awesome/awesome(main+0x7b4)[0x410664]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fadf6d06abd]
/home/jan/downloads/awesome/awesome/awesome[0x40f3f9]
======= Memory map: ========
00400000-00454000 r-xp 00000000 fe:06 1074829
/home/jan/downloads/awesome/awesome/.build-x61s-x86_64-linux-gnu-4.4.3/awesome
00653000-00655000 rw-p 00053000 fe:06 1074829
/home/jan/downloads/awesome/awesome/.build-x61s-x86_64-linux-gnu-4.4.3/awesome
00655000-01072000 rw-p 00000000 00:00 0 [heap]
7fadec000000-7fadec021000 rw-p 00000000 00:00 0
7fadec021000-7fadf0000000 ---p 00000000 00:00 0
7fadf1401000-7fadf1417000 r-xp 00000000 fe:04 394
/lib/libgcc_s.so.1
7fadf1417000-7fadf1616000 ---p 00016000 fe:04 394
/lib/libgcc_s.so.1
7fadf1616000-7fadf1617000 rw-p 00015000 fe:04 394
/lib/libgcc_s.so.1
7fadf1617000-7fadf1618000 r-xp 00000000 fe:04 400292
/usr/lib/imlib2/loaders/argb.so
7fadf1618000-7fadf1818000 ---p 00001000 fe:04 400292
/usr/lib/imlib2/loaders/argb.so
7fadf1818000-7fadf1819000 rw-p 00001000 fe:04 400292
/usr/lib/imlib2/loaders/argb.so
7fadf1819000-7fadf181c000 r-xp 00000000 fe:04 400293
/usr/lib/imlib2/loaders/bmp.so
7fadf181c000-7fadf1a1b000 ---p 00003000 fe:04 400293
/usr/lib/imlib2/loaders/bmp.so
7fadf1a1b000-7fadf1a1c000 rw-p 00002000 fe:04 400293
/usr/lib/imlib2/loaders/bmp.so
7fadf1a1c000-7fadf1a2b000 r-xp 00000000 fe:04 1147
/lib/libbz2.so.1.0.4
7fadf1a2b000-7fadf1c2a000 ---p 0000f000 fe:04 1147
/lib/libbz2.so.1.0.4
7fadf1c2a000-7fadf1c2c000 rw-p 0000e000 fe:04 1147
/lib/libbz2.so.1.0.4
7fadf1c2c000-7fadf1c2d000 r-xp 00000000 fe:04 400294
/usr/lib/imlib2/loaders/bz2.so
7fadf1c2d000-7fadf1e2d000 ---p 00001000 fe:04 400294
/usr/lib/imlib2/loaders/bz2.so
7fadf1e2d000-7fadf1e2e000 rw-p 00001000 fe:04 400294
/usr/lib/imlib2/loaders/bz2.so
7fadf1e2e000-7fadf1e36000 r-xp 00000000 fe:04 162116
/usr/lib/libgif.so.4.1.6
7fadf1e36000-7fadf2035000 ---p 00008000 fe:04 162116
/usr/lib/libgif.so.4.1.6
7fadf2035000-7fadf2036000 rw-p 00007000 fe:04 162116
/usr/lib/libgif.so.4.1.6
7fadf2036000-7fadf2038000 r-xp 00000000 fe:04 400295
/usr/lib/imlib2/loaders/gif.so
7fadf2038000-7fadf2237000 ---p 00002000 fe:04 400295
/usr/lib/imlib2/loaders/gif.so
7fadf2237000-7fadf2238000 rw-p 00001000 fe:04 400295
/usr/lib/imlib2/loaders/gif.so
7fadf2238000-7fadf224c000 r-xp 00000000 fe:04 218684
/usr/lib/libid3tag.so.0.3.0
7fadf224c000-7fadf234b000 ---p 00014000 fe:04 218684
/usr/lib/libid3tag.so.0.3.0
7fadf234b000-7fadf234e000 rw-p 00013000 fe:04 218684
/usr/lib/libid3tag.so.0.3.0
7fadf234e000-7fadf2351000 r-xp 00000000 fe:04 400296
/usr/lib/imlib2/loaders/id3.so
7fadf2351000-7fadf2550000 ---p 00003000 fe:04 400296
/usr/lib/imlib2/loaders/id3.so
7fadf2550000-7fadf2551000 rw-p 00002000 fe:04 400296
/usr/lib/imlib2/loaders/id3.so
7fadf2551000-7fadf2553000 r-xp 00000000 fe:04 400297
/usr/lib/imlib2/loaders/jpeg.so
7fadf2553000-7fadf2752000 ---p 00002000 fe:04 400297
/usr/lib/imlib2/loaders/jpeg.so
7fadf2752000-7fadf2753000 rw-p 00001000 fe:04 400297
/usr/lib/imlib2/loaders/jpeg.so
7fadf2753000-7fadf2756000 r-xp 00000000 fe:04 400298
/usr/lib/imlib2/loaders/lbm.so
7fadf2756000-7fadf2955000 ---p 00003000 fe:04 400298
/usr/lib/imlib2/loaders/lbm.so
7fadf2955000-7fadf2956000 rw-p 00002000 fe:04 400298
/usr/lib/imlib2/loaders/lbm.so
7fadf2956000-7fadf2959000 r-xp 00000000 fe:04 400299
/usr/lib/imlib2/loaders/png.so
7fadf2959000-7fadf2b58000 ---p 00003000 fe:04 400299
/usr/lib/imlib2/loaders/png.so
7fadf2b58000-7fadf2b59000 rw-p 00002000 fe:04 400299
/usr/lib/imlib2/loaders/png.so
7fadf2b59000-7fadf2b5c000 r-xp 00000000 fe:04 400300
/usr/lib/imlib2/loaders/pnm.so
7fadf2b5c000-7fadf2d5b000 ---p 00003000 fe:04 400300
/usr/lib/imlib2/loaders/pnm.so
7fadf2d5b000-7fadf2d5c000 rw-p 00002000 fe:04 400300
/usr/lib/imlib2/loaders/pnm.so
7fadf2d5c000-7fadf2d5e000 r-xp 00000000 fe:04 400301
/usr/lib/imlib2/loaders/tga.so
7fadf2d5e000-7fadf2f5d000 ---p 00002000 fe:04 400301
/usr/lib/imlib2/loaders/tga.so
7fadf2f5d000-7fadf2f5e000 rw-p 00001000 fe:04 400301
/usr/lib/imlib2/loaders/tga.so
7fadf2f5e000-7fadf2f81000 r-xp 00000000 fe:04 164632
/usr/lib/libjpeg.so.62.0.0
7fadf2f81000-7fadf3180000 ---p 00023000 fe:04 164632
/usr/lib/libjpeg.so.62.0.0
7fadf3180000-7fadf3181000 rw-p 00022000 fe:04 164632
/usr/lib/libjpeg.so.62.0.0
7fadf3181000-7fadf31e1000 r-xp 00000000 fe:04 138380
/usr/lib/libtiff.so.4.3.2
7fadf31e1000-7fadf33e1000 ---p 00060000 fe:04 138380
/usr/lib/libtiff.so.4.3.2
7fadf33e1000-7fadf33e4000 rw-p 00060000 fe:04 138380
/usr/lib/libtiff.so.4.3.2Aborted (core dumped)
> Make it crash. You'll have a core file. Do:
> gdb /path/to/your/compiled/awesome /path/to/core/file
> (gdb) bt full
Here it is:
#0 0x00007fadf6d19f45 in *__GI_raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
pid = <value optimized out>
selftid = <value optimized out>
#1 0x00007fadf6d1cd80 in *__GI_abort () at abort.c:88
act = {__sigaction_handler = {sa_handler = 0xa00000012, sa_sigaction =
0xa00000012}, sa_mask = {__val = {140733528566000, 140733528565856,
140733528566048, 140733528577810, 43, 140385147952808, 3, 140733528566058, 6,
140385147952812, 2, 140733528566046, 2,
140385147943916, 1, 140385147952808}}, sa_flags = 3, sa_restorer
= 0x7fff13fa6924}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fadf6d4f54d in __libc_message (do_abort=2,
fmt=0x7fff13fa6b50 ' ' <repeats 16 times>,
"/usr/lib/libtiff.so.4.3.2\n7fadf31e1000-7fadf33e1000 ---p 00060000 fe:04
138380", ' ' <repeats 21 times>,
"/usr/lib/libtiff.so.4.3.2\n7fadf33e1000-7fadf33e4000 rw-p 00060000 fe:04
138380 "...)
at ../sysdeps/unix/sysv/linux/libc_fatal.c:173
ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fff13fa7280, reg_save_area = 0x7fff13fa7190}}
ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area =
0x7fff13fa7280, reg_save_area = 0x7fff13fa7190}}
fd = 10
on_2 = <value optimized out>
list = <value optimized out>
nlist = <value optimized out>
cp = <value optimized out>
written = 6
#3 0x00007fadf6d58d16 in malloc_printerr (action=3, str=0x7fadf6e03898 "double
free or corruption (out)", ptr=<value optimized out>) at malloc.c:6239
buf = "0000000000d31f50"
cp = 0x7fadf6df9a40 "0123456789abcdefghijklmnopqrstuvwxyz"
#4 0x00007fadf6d5d9bc in *__GI___libc_free (mem=<value optimized out>) at
malloc.c:3738
ar_ptr = 0x7fadf7037e60
p = 0x6
#5 0x00000000004117df in luaA_client_gc (L=0x657240) at
/home/jan/downloads/awesome/awesome/client.c:55
No locals.
#6 0x00007fadf792ea56 in luaD_precall (L=0x657240, func=0xe9b2d0, nresults=0)
at ldo.c:319
ci = 0x6
n = <value optimized out>
funcr = 16
#7 0x00007fadf792ef69 in luaD_call (L=0x657240, func=0xe9b2d0, nResults=0) at
ldo.c:376
No locals.
#8 0x00007fadf793078f in GCTM (L=0x657240) at lgc.c:467
oldah = 1 '\001'
oldt = 4955200
g = 0x6572f8
o = 0xcf6980
tm = <value optimized out>
#9 0x00007fadf7930e18 in luaC_callGCTM (L=0x657240) at lgc.c:479
No locals.
#10 0x00007fadf792e647 in luaD_rawrunprotected (L=0x657240, f=0x7fadf7935e10
<callallgcTM>, ud=0x0) at ldo.c:116
lj = {previous = 0x0, b = {{__jmpbuf = {6648384, 462179596762484692,
16, 140385164040448, 0, 140385164040064, -461660674124017708,
-490308788434759724}, __mask_was_saved = 0, __saved_mask = {__val = {0,
140385164040064, 6637136, 140385220620044, 140381006069761, 0,
140385164040064, 140385159705611, 0, 6668464, 17055024,
140385159675269, 2, 6648384, 2, 16}}}}, status = 0}
#11 0x00007fadf7935ac0 in lua_close (L=0x657240) at lstate.c:209
No locals.
#12 0x000000000040fe86 in awesome_atexit () at
/home/jan/downloads/awesome/awesome/awesome.c:96
screen_nbr = 10031480
nscreens = <value optimized out>
setup = 0x0
#13 0x0000000000410719 in awesome_restart () at
/home/jan/downloads/awesome/awesome/awesome.c:276
No locals.
#14 0x0000000000419b9e in event_handle_configurenotify (data=<value optimized
out>, connection=0x668d80, ev=0xff6d20) at
/home/jan/downloads/awesome/awesome/event.c:314
screen_nbr = 0
screen = 0x0
#15 0x000000000040fb4d in a_xcb_check_cb (loop=<value optimized out>, w=<value
optimized out>, revents=<value optimized out>) at
/home/jan/downloads/awesome/awesome/awesome.c:223
mouse = 0xff6d20
#16 0x00007fadf7b504d1 in ev_invoke_pending () from /usr/lib/libev.so.3
No symbol table info available.
#17 0x00007fadf7b5508d in ev_loop () from /usr/lib/libev.so.3
No symbol table info available.
#18 0x0000000000410664 in main (argc=<value optimized out>, argv=<value
optimized out>) at /home/jan/downloads/awesome/awesome/awesome.c:572
confpath = 0x0
xfd = <value optimized out>
i = <value optimized out>
screen_nbr = 1
opt = <value optimized out>
colors_reqs = {{{cookie_hexa = {sequence = 73}, cookie_named =
{sequence = 73}}, alpha = 65535, color = 0x656818, is_hexa = false, has_error =
false, colstr = 0x43e737 "black"}, {{cookie_hexa = {sequence = 74},
cookie_named = {sequence = 74}}, alpha = 65535,
color = 0x656828, is_hexa = false, has_error = false, colstr =
0x43e73d "white"}}
cmdlen = <value optimized out>
xdg = {reserved = 0x657050}
long_options = {{name = 0x43e764 "help", has_arg = 0, flag = 0x0, val =
104}, {name = 0x43e769 "version", has_arg = 0, flag = 0x0, val = 118}, {name =
0x43e771 "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x43e778
"check", has_arg = 0, flag = 0x0, val = 107}, {
name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
xio = {active = 1, pending = 1, priority = 0, data = 0x0, cb = 0x40f4f0
<a_xcb_io_cb>, next = 0x0, fd = 6, events = 1}
xcheck = {active = 1, pending = 0, priority = 0, data = 0xa, cb =
0x40fb30 <a_xcb_check_cb>}
a_refresh = {active = 1, pending = 0, priority = 0, data = 0x100000000,
cb = 0x40fb20 <a_refresh_cb>}
sigint = {active = 1, pending = 0, priority = 0, data = 0x7fad00000001,
cb = 0x40fbf0 <exit_on_signal>, next = 0x0, signum = 2}
sigterm = {active = 1, pending = 0, priority = 0, data = 0x0, cb =
0x40fbf0 <exit_on_signal>, next = 0x0, signum = 15}
sighup = {active = 1, pending = 0, priority = 0, data = 0x100000000, cb
= 0x410730 <restart_on_signal>, next = 0x0, signum = 1}
__FUNCTION__ = "main"
sa = {__sigaction_handler = {sa_handler = 0x40fbc0 <signal_fatal>,
sa_sigaction = 0x40fbc0 <signal_fatal>}, sa_mask = {__val = {0 <repeats 16
times>}}, sa_flags = 0, sa_restorer = 0}
xtest_query = <value optimized out>
xmapping_cookie = <value optimized out>
>From this, it looks like the unconditional call to
xcb_get_wm_protocols_reply_wipe(&c->protocols) in client.c, line 55, is
the problem. This gets expanded to just a free(&c->protocols->_reply). So
if _reply is not initialized or already freed, this call is not correct.
I don't know awesome or xcb well enough to see how to fix this. But
hopefully this is enough information for one of you to spot and squash the
bug.
Regards,
Jan
--
To unsubscribe, send mail to [email protected].
