|
Hi, While working to improve my reports on https://gitlab.gnome.org/GNOME/mutter/issues/18,
19 and 31, I've tried to run gnome-shell under valgrind. Jonas Ådahl's suggestion in https://gitlab.gnome.org/GNOME/mutter/issues/31#note_56382 was good, and I've successfully reached a (quick but permanent) crash situation, even when running in non-hybrid GPU mode. I've written a rather liberal suppressions file in order to
ignore every writes made to memory mapped from the i965 GPU
(attached here, fwiw) The crash location is very reliably in "st_theme_get_custom_stylesheets (st-theme.c:311)" as called from _javascript_ code — unfortunately dump_gjs_stack_on_signal_handler() dies trying to report the JS stack. It seems that st_theme_get_custom_stylesheets() at
https://gitlab.gnome.org/GNOME/gnome-shell/blob/master/src/st/st-theme.c#L311
is attempting to check the type of an object which has already
been allocated and de-allocated (the actual place of
allocation/deallocation varies from run to run, but here are a few
samples). Upon closer inspection, it actually looks like the
themes->stylesheets g_hash_table's nodes got overwritten at
some point. My question is, what is the best course of action here?
(my goal is to attempt to get meaningful clues to #18, #19 and possibly #31 in order to help with the search for a solution) Thanks in advance! -- Cyrille ——————————— ==6345== Invalid read of size 8 ==6345== at 0x5662C07: g_type_check_instance_is_fundamentally_a (gtype.c:4023) ==6345== by 0x5641A7D: g_object_ref (gobject.c:3204) ==6345== by 0x7ED7EFC: st_theme_get_custom_stylesheets (st-theme.c:311) ==6345== by 0xB62FFCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==6345== by 0xB62F93E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==6345== by 0x6917ED7: ??? (in /usr/lib/libgjs.so.0.0.0) ==6345== by 0x69197B3: ??? (in /usr/lib/libgjs.so.0.0.0) ==6345== by 0xEB8AFDB: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==6345== by 0xEB7E086: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==6345== by 0xEB8A845: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==6345== by 0xEB8AE1E: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==6345== by 0xEB8B0F8: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==6345== Address 0x2215f0a0 is 0 bytes inside a block of size 32 free'd ==6345== at 0x4C2E2BB: operator delete(void*) (vg_replace_malloc.c:576) ==6345== by 0x6926891: ??? (in /usr/lib/libgjs.so.0.0.0) ==6345== by 0x566577F: g_value_unset (gvalue.c:275) ==6345== by 0x56441FB: g_object_new_valist (gobject.c:2123) ==6345== by 0x5644798: g_object_new (gobject.c:1640) ==6345== by 0x6C3C120: create_child_meta (clutter-container.c:933) ==6345== by 0x6C22D64: clutter_actor_add_child_internal (clutter-actor.c:12889) ==6345== by 0x6C22D64: clutter_actor_add_child (clutter-actor.c:13024) ==6345== by 0xB62FFCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==6345== by 0xB62F93E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==6345== by 0x6917ED7: ??? (in /usr/lib/libgjs.so.0.0.0) ==6345== by 0x69197B3: ??? (in /usr/lib/libgjs.so.0.0.0) ==6345== by 0xEB8AFDB: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==6345== Block was alloc'd at ==6345== at 0x4C2D1FF: operator new(unsigned long) (vg_replace_malloc.c:334) ==6345== by 0x6926D90: ??? (in /usr/lib/libgjs.so.0.0.0) ==6345== by 0x5641AF6: g_object_ref (gobject.c:3210) ==6345== by 0x5641BA7: g_value_object_collect_value (gobject.c:3832) ==6345== by 0x56443CA: g_object_new_valist (gobject.c:2106) ==6345== by 0x5644798: g_object_new (gobject.c:1640) ==6345== by 0x6C3C120: create_child_meta (clutter-container.c:933) ==6345== by 0x6C22D64: clutter_actor_add_child_internal (clutter-actor.c:12889) ==6345== by 0x6C22D64: clutter_actor_add_child (clutter-actor.c:13024) ==6345== by 0xB62FFCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==6345== by 0xB62F93E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==6345== by 0x6917ED7: ??? (in /usr/lib/libgjs.so.0.0.0) ==6345== by 0x69197B3: ??? (in /usr/lib/libgjs.so.0.0.0) Another run: ==7769== Invalid read of size 8 ==7769== at 0x5662C0F: g_type_check_instance_is_fundamentally_a (gtype.c:4025) ==7769== by 0x5641A7D: g_object_ref (gobject.c:3204) ==7769== by 0x7ED7EFC: st_theme_get_custom_stylesheets (st-theme.c:311) ==7769== by 0xB62FFCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==7769== by 0xB62F93E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==7769== by 0x6917ED7: ??? (in /usr/lib/libgjs.so.0.0.0) ==7769== by 0x69197B3: ??? (in /usr/lib/libgjs.so.0.0.0) ==7769== by 0xEB8AFDB: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==7769== by 0xEB7E086: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==7769== by 0xEB8A845: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==7769== by 0xEB8AE1E: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==7769== by 0xEB8B0F8: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==7769== Address 0x21627490 is 0 bytes inside a block of size 8 free'd ==7769== at 0x4C2DDBB: free (vg_replace_malloc.c:530) ==7769== by 0x58EE8C9: g_string_free (gstring.c:219) ==7769== by 0x13D97F8A: cr_string_destroy (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D88DB8: cr_parser_parse_ruleset (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D89F42: cr_parser_parse (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D904FC: cr_om_parser_parse_buf (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D90BE6: cr_om_parser_simply_parse_buf (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x7ED724C: parse_stylesheet (st-theme.c:193) ==7769== by 0x7ED7DF4: st_theme_load_stylesheet (st-theme.c:259) ==7769== by 0xB62FFCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==7769== by 0xB62F93E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==7769== by 0x6917ED7: ??? (in /usr/lib/libgjs.so.0.0.0) ==7769== Block was alloc'd at ==7769== at 0x4C2EDAF: realloc (vg_replace_malloc.c:785) ==7769== by 0x58D23BF: g_realloc (gmem.c:159) ==7769== by 0x58EE7E6: g_string_maybe_expand (gstring.c:102) ==7769== by 0x58EF22C: g_string_insert_unichar (gstring.c:852) ==7769== by 0x13D7F9BC: ??? (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D800A1: cr_tknzr_get_next_token (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D820E5: cr_tknzr_parse_token (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D854DA: ??? (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D8763A: cr_parser_parse_declaration (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D88D6A: cr_parser_parse_ruleset (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D89F42: cr_parser_parse (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) ==7769== by 0x13D904FC: cr_om_parser_parse_buf (in /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3.0.1) and another: ==8043== Invalid read of size 1 ==8043== at 0x5662C31: g_type_check_instance_is_fundamentally_a (gtype.c:4026) ==8043== by 0x5641A7D: g_object_ref (gobject.c:3204) ==8043== by 0x7ED7EFC: st_theme_get_custom_stylesheets (st-theme.c:311) ==8043== by 0xB62FFCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==8043== by 0xB62F93E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==8043== by 0x6917ED7: ??? (in /usr/lib/libgjs.so.0.0.0) ==8043== by 0x69197B3: ??? (in /usr/lib/libgjs.so.0.0.0) ==8043== by 0xEB8AFDB: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8043== by 0xEB7E086: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8043== by 0xEB8A845: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8043== by 0xEB8AE1E: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8043== by 0xEB8B0F8: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8043== Address 0x69642d6c61646f80 is not stack'd, malloc'd or (recently) free'd ==8437== Invalid read of size 8 ==8437== at 0x5662C07: g_type_check_instance_is_fundamentally_a (gtype.c:4023) ==8437== by 0x5641A7D: g_object_ref (gobject.c:3204) ==8437== by 0x7ED7EFC: st_theme_get_custom_stylesheets (st-theme.c:311) ==8437== by 0xB62FFCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==8437== by 0xB62F93E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==8437== by 0x6917ED7: ??? (in /usr/lib/libgjs.so.0.0.0) ==8437== by 0x69197B3: ??? (in /usr/lib/libgjs.so.0.0.0) ==8437== by 0xEB8AFDB: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8437== by 0xEB7E086: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8437== by 0xEB8A845: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8437== by 0xEB8AE1E: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8437== by 0xEB8B0F8: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==8437== Address 0x3f3ec300 is 480 bytes inside an unallocated block of size 512 in arena "client" ==9324== Invalid read of size 8 ==9324== at 0x5662C07: g_type_check_instance_is_fundamentally_a (gtype.c:4023) ==9324== by 0x5641A7D: g_object_ref (gobject.c:3204) ==9324== by 0x7ED7EFC: st_theme_get_custom_stylesheets (st-theme.c:311) ==9324== by 0xB62FFCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==9324== by 0xB62F93E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==9324== by 0x6917ED7: ??? (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0x69197B3: ??? (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0xEB8AFDB: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB7E086: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB8A845: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB8AE1E: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB8B0F8: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== Address 0x22c3b400 is 0 bytes inside a block of size 32 free'd ==9324== at 0x4C2DDBB: free (vg_replace_malloc.c:530) ==9324== by 0x691EA84: ??? (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0x6927807: ??? (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0xEB8AECC: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB8B0F8: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEA1F553: JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0x69411E5: gjs_call_function_value (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0x69262F5: ??? (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0xEB9082F: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB86031: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB8A845: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB8AE1E: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== Block was alloc'd at ==9324== at 0x4C2CABF: malloc (vg_replace_malloc.c:298) ==9324== by 0x4C2EE04: realloc (vg_replace_malloc.c:785) ==9324== by 0x58D23BF: g_realloc (gmem.c:159) ==9324== by 0x58EE7E6: g_string_maybe_expand (gstring.c:102) ==9324== by 0x58EE841: g_string_sized_new (gstring.c:127) ==9324== by 0x692AE54: gjs_hyphen_from_camel (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0x691EA4B: ??? (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0x6927807: ??? (in /usr/lib/libgjs.so.0.0.0) ==9324== by 0xEB8AECC: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEB8B0F8: ??? (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0xEA1F553: JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (in /usr/lib/x86_64-linux-gnu/libmozjs-52.so.0.0.0) ==9324== by 0x69411E5: gjs_call_function_value (in /usr/lib/libgjs.so.0.0.0) ==9324== |
Attachment:
gnome-shell.supp
Description: Text document