IOT instruction (core dumped)
Closed this issue ยท 14 comments
Hello,
I finally was able to test your latest work in the master branch, and am experiencing a crash.
You can find my config here.
So far I am seeing two different errors printed, free(): invalid pointer or free(): invalid next size (fast) followed by IOT instruction (core dumped) skippy-xd --config /home/clu/.config/skippy-xd/skippy-xd.rc --start-daemon -S
EDIT: Another error... double free or corruption (out), and important, this crash occurred while the firefox homepage was closed, so that theory is wrong or at least not the entire picture.
Oddly, I am fairly confident the crash only occurs when firefox is open and on my "homepage". wmctrl shows the homepage title as clu // โ Firefox Developer Edition. EDIT: More specifically, I am only able to reproduce the issue while on my firefox homepage.
Here is complete output from a crash while using awesome wm:
init_xexts(): Xinerama extension: yes
config_load(): config file found. using "/home/clu/.config/skippy-xd/skippy-xd.rc"
main(): after 2nd pass: ps->o.focus_initial = 0
wm_check(): Your WM looks EWMH compliant.
keysyms_arr_keycodes(): i=0, keysym=65362, keycode=(0x111)
keysyms_arr_keycodes(): i=1, keysym=119, keycode=(0x25)
keysyms_arr_keycodes(): i=0, keysym=65364, keycode=(0x116)
keysyms_arr_keycodes(): i=1, keysym=115, keycode=(0x39)
keysyms_arr_keycodes(): i=0, keysym=65361, keycode=(0x113)
keysyms_arr_keycodes(): i=1, keysym=97, keycode=(0x38)
keysyms_arr_keycodes(): i=0, keysym=65363, keycode=(0x114)
keysyms_arr_keycodes(): i=1, keysym=100, keycode=(0x40)
keysyms_arr_keycodes(): i=0, keysym=112, keycode=(0x33)
keysyms_arr_keycodes(): i=1, keysym=98, keycode=(0x56)
keysyms_arr_keycodes(): i=0, keysym=110, keycode=(0x57)
keysyms_arr_keycodes(): i=1, keysym=102, keycode=(0x41)
keysyms_arr_keycodes(): i=0, keysym=65307, keycode=(0x09)
keysyms_arr_keycodes(): i=1, keysym=65288, keycode=(0x22)
keysyms_arr_keycodes(): i=2, keysym=120, keycode=(0x53)
keysyms_arr_keycodes(): i=3, keysym=113, keycode=(0x24)
keysyms_arr_keycodes(): i=0, keysym=65293, keycode=(0x36)
keysyms_arr_keycodes(): i=1, keysym=32, keycode=(0x65)
keysyms_arr_keycodes(): i=0, keysym=49, keycode=(0x10)
keysyms_arr_keycodes(): i=0, keysym=50, keycode=(0x11)
keysyms_arr_keycodes(): i=0, keysym=51, keycode=(0x12)
keysyms_arr_keycodes(): i=0, keysym=65513, keycode=(0x64)
main(): Running as daemon...
main(): Finished flushing pipe "/tmp/skippy-xd-fifo-3".
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x03200002): 5
clientwin_update(): (0x02000008): 2
clientwin_update(): (0x00c0002c): 5
clientwin_update(): (0x03400004): 5
clientwin_update(): (0x02800003): 5
clientwin_update(): (0x01a00003): 2
mainloop(): else if (ev.type == MapNotify || ev.type == UnmapNotify) {
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x00c0002c): 3
mainloop(): else if (ev.type == MapNotify || ev.type == UnmapNotify) {
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x03400004): 3
mainloop(): else if (ev.type == MapNotify || ev.type == UnmapNotify) {
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x02800003): 3
mainloop(): else if (ev.type == MapNotify || ev.type == UnmapNotify) {
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x02000008): 5
mainloop(): else if (ev.type == MapNotify || ev.type == UnmapNotify) {
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x02800003): 5
mainloop(): else if (ev.type == MapNotify || ev.type == UnmapNotify) {
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x00c0002c): 5
mainloop(): else if (ev.type == MapNotify || ev.type == UnmapNotify) {
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x03400004): 5
mainloop(): else if (ev.type == MapNotify || ev.type == UnmapNotify) {
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x02000008): 3
mainloop(): Received pipe command: 2
mainloop(): skippy activating, mode=1
mainloop(): PIPEHUP on pipe "/tmp/skippy-xd-fifo-3".
wm_get_focused(): Parent window of 0x02800004 is 0x02800003.
mainwin_update(): Xinerama is enabled (2 screens).
mainwin_update(): XINERAMA --> querying pointer...
mainwin_update(): XINERAMA +1439+265
mainwin_update(): XINERAMA --> figuring out which screen we're on...
mainwin_update(): XINERAMA screen 0 1920x1080+0+0
wm_get_stack_sub(): Retrieved window stack by querying all children.
clientwin_update(): (0x03200002): 5
clientwin_update(): (0x02000008): 3
clientwin_update(): (0x00c0002c): 5
clientwin_update(): (0x03400004): 5
clientwin_update(): (0x02800003): 5
clientwin_update(): (0x01a00003): 2
free(): invalid pointer
zsh: IOT instruction (core dumped) skippy-xd --config /home/clu/.config/skippy-xd/skippy-xd.rc --start-daemon -S
If their is anything else I can do that would be helpful in narrowing this down let me know. Thanks.
I have my suspicion about where the segfault is occurring, but cannot be sure...
Can you please describe how to reproduce the segfault, and also share the backtrace?
To share the backtrace, first compile skippy-xd with debug flag. Change from:
CFLAGS += -std=c99 -Wall
LDFLAGS ?= -Wl,-O1 -Wl,--as-needed
To
CFLAGS += -std=c99 -Wall -g
LDFLAGS ?= -Wl,-O1 -Wl,--as-needed -g
Run in terminal
gdb skippy-xd --config /home/clu/.config/skippy-xd/skippy-xd.rc --start-daemon
Reproduce the crash, and in gdb, do
bt
And post the output here.
Depending on where it is crashing, X11 may be completely frozen. In that case, do Ctrl + Alt + F1 to switch to terminal, then do killall gdb, then Ctrl + Alt + F7 to switch back to X11. We would have to locate the segfault by some other means.
Thanks!
P.S. I have suspicion if you try clientList = _NET_CLIENT_LIST or clientList = _WIN_CLIENT_LIST it might fix the problem.
Thank you for the detailed instructions. I had to add --args
gdb -ex=r --args skippy-xd --config /home/clu/.config/skippy-xd/skippy-xd.rc --start-daemon
to get gdb to work properly. But as you thought might be the case X11 freezes and I had to switch tty's to kill gdb...bummer.
Skippy crashes with XQueryTree and _NET_CLIENT_LIST. There is no crash with _WIN_CLIENT_LIST, but windows/thumbnails are not visible in the expose.
I can only reproduce the crash with firefox open and with --expose, so:
- Firefox (open) + expose = crash
- Firefox (closed) + expose = no crash
- Firefox (open) + pager = no crash
I have tested in both awesomewm and 2bwm.
And I hate to be the bearer of bad news, but I should probably make a separate issue regarding the pager mode :( The below screenshot shows its pretty borked on my system. If you have any ideas on tracking down the crash I am all ears.
Screenshot Note: There are 3 workspaces on my main display - main, foto, code. 2 workspaces on external display - main, photo
- Firefox (open) + expose = crash
- Firefox (closed) + expose = no crash
- Firefox (open) + pager = no crash
That's strange... I have to think a bit more on this...
And I hate to be the bearer of bad news, but I should probably make a separate issue regarding the pager mode :( The below screenshot shows its pretty borked on my system. If you have any ideas on tracking down the crash I am all ears.
No on the contrary I appreciate bug reports. Thank you!
I thought so far that there is a constant number of monitors per workspaces/virtual desktops, and skippy-xd's implementation is based on this erroneous assumption. It will take me some time to work on this... @ArijanJ it is the same bug you have on i3?
@ArijanJ it is the same bug you have on i3?
Yes, that's what it looks like for me too - by the way, @vredesbyyrd could you try setting these two options to false and see if it still crashes?
showDesktop = true
showMonitor = true
It sometimes crashes for me when it tries to render the new tooltips for Firefox specifically, I tried debugging it but it dies in a random XGetWindowProperty call in wm_wid_get_prop_rstr, and I didn't get anywhere.
Also, if you're having trouble with crashes, I recently discovered https://rr-project.org/ which lets you record execution once and replay it as many times as you want in gdb, it also lets you do things like run until the program crashes, then set a breakpoint at a function and do reverse-continue.
No on the contrary I appreciate bug reports. Thank you!
I thought so far that there is a constant number of monitors per workspaces/virtual desktops, and skippy-xd's implementation is based on this erroneous assumption. It will take me some time to work on this...
Okay cool :) Yeah, like i3 (or as far as I understand similar in practice) awesome allows for per-monitor workspaces.
could you try setting these two options to false and see if it still crashes?
@felixfung @ArijanJ With showDesktop = false and showMonitor = false I can no longer reproduce the crash. Hmmm, I wonder what firefox is doing compared to other programs...
One interesting bit, with:
- the above tooltip settings set to true
- firefox open and focused tab = homepage
The crash is reproducible on the first skippy invocation 90%+ of the time.
In my limited testing the crash is much more intermittent when the focused tab != homepage. My homepage is just a firefox extension that I wrote years ago, in what's probably incorrect & messy javascript. I'll take a look at how the extension set's its title and if it's doing anything funny.
Also, if you're having trouble with crashes, I recently discovered https://rr-project.org/ which lets you record execution once and replay it as many times as you want in gdb, it also lets you do things like run until the program crashes, then set a breakpoint at a function and do reverse-continue.
I'll look into that, appreciate the tip!
If I'm to make a guess it would be showMonitor... since it is also based on the fixed number of monitors per virtual desktop assumption.
Can you please try
showDesktop = true
showMonitor = false
Can you please try
showDesktop = true
showMonitor = false
So I did some more testing this morning, and if I disable my homepage extension I cannot reproduce the crash, even with both the above set to true. With the extension enabled and showDesktop = true , showMonitor = false did not make a difference, crash still occurs immediately.
I know ArijanJ still experiences the crash intermittently with showDesktop/showMonitor, but I have not been able to reproduce a crash with the extension disabled. I assume with enough time and firefox open I could. I'm digging into this extension to try and see why skippy and it do not play nice together.
I discovered something useful.
In the firefox extension, changing the tab title from:
clu // to clu
the crash no longer occurs. Although I can't say why that prevents the crash. Maybe something with how characters are escaped in skippy? A single / does not result in a crash, only //.
Maybe something with how characters are escaped in skippy? A single / does not result in a crash, only //.
It sometimes crashes for me when it tries to render the new tooltips for Firefox specifically, I tried debugging it but it dies in a random XGetWindowProperty call in wm_wid_get_prop_rstr, and I didn't get anywhere.
Perhaps it's a bug in X11 related with escape character...
Also setting expectation I happen to be a bit busy in the next 1-2 months, may not be too responsive...
Perhaps it's a bug in X11 related with escape character...
Also setting expectation I happen to be a bit busy in the next 1-2 months, may not be too responsive...
That would not be surprising.
Regarding your next couple months, I appreciate the heads up. And I just want to say - all your work on skippy-xd is massively appreciated! It's come a long way.
Since this is more than likely a bug in x11, I'll close this. If I learn anything relevant I may re-open.
I am back from time off, and is able to reproduce the bug ,by setting showDesktop = true and firefox title to "clu // โ Firefox Developer Edition", "clu /\ โ Firefox Developer Edition", "clu /A โ Firefox Developer Edition", "clu AA โ Firefox Developer Edition".
However, when I set to "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", or "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ", which has the same length as above, there is no crash.
So it seems it is a bug on X.