gnome-terminal crashed with SIGSEGV in g_object_notify()
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | GNOME Terminal |
Expired
|
Medium
|
||
| | gnome-terminal (Debian) |
Confirmed
|
Unknown
|
||
| | gnome-terminal (Ubuntu) |
Medium
|
Unassigned | ||
Bug Description
I had four tabs open in Terminal. Go to the Tabs menu and choose Detach Tab. Start working in the newly detached tab and Terminal will crash.
ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: gnome-terminal 3.0.1-0ubuntu3
ProcVersionSign
Uname: Linux 3.0.0-12-generic i686
NonfreeKernelMo
ApportVersion: 1.23-0ubuntu2
Architecture: i386
Date: Tue Oct 4 10:10:16 2011
ExecutablePath: /usr/bin/
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta i386 (20110920.5)
ProcCmdline: gnome-terminal
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SegvAnalysis:
Segfault happened at: 0x2e0aca <g_object_
PC (0x002e0aca) ok
source "$0x50" ok
destination "(%eax)" (0x00000020) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: gnome-terminal
StacktraceTop:
g_object_notify () from /usr/lib/
?? () from /usr/lib/
g_object_ref () from /usr/lib/
g_closure_invoke () from /usr/lib/
?? () from /usr/lib/
Title: gnome-terminal crashed with SIGSEGV in g_object_notify()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
| Apport retracing service (apport) wrote : | #2 |
| Changed in gnome-terminal (Ubuntu): | |
| importance: | Undecided → Medium |
| tags: | removed: need-i386-retrace |
| visibility: | private → public |
| Launchpad Janitor (janitor) wrote : | #5 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in gnome-terminal (Ubuntu): | |
| status: | New → Confirmed |
| Benjamin (nailartcenter) wrote : | #6 |
crahed too for me now. System is up to date. Ubuntu 12.04 Unity 3d 32bit.
| Nicholas Skaggs (nskaggs) wrote : | #7 |
Confirming bug still exists as describe on saucy.
| Margarita Manterola (marga-9) wrote : | #8 |
Hi,
This is a recent crash in gnome-terminal in g_object_notify. It happens reliably when moving a tab from one window to another.
#0 0x00007fb60eca80d6 in g_object_notify (object=<optimized out>, property_
at /tmp/buildd/
#1 0x00007fb60eca1ca2 in g_closure_invoke (closure=0x17042d0, return_value=0x0, n_param_values=1, param_values=
invocation_
#2 0x00007fb60ecb2d71 in signal_
instance_
#3 0x00007fb60ecbb069 in g_signal_
var_
#4 0x00007fb60ecbb212 in g_signal_emit (instance=
at /tmp/buildd/
#5 0x00007fb60fbd40fa in gtk_adjustment_
#6 0x00007fb61082643e in ?? () from /usr/lib/
#7 0x00007fb60e9e58db in g_timeout_dispatch (source=0x17fc330, callback=<optimized out>, user_data=
at /tmp/buildd/
#8 0x00007fb60e9e4d13 in g_main_dispatch (context=0x1160e40) at /tmp/buildd/
#9 g_main_
#10 0x00007fb60e9e5060 in g_main_
at /tmp/buildd/
#11 g_main_
at /tmp/buildd/
#12 0x00007fb60e9e545a in g_main_loop_run (loop=0x114faf0) at /tmp/buildd/
#13 0x00007fb60fcb342d in gtk_main () from /usr/lib/
#14 0x00000000004135e1 in ?? ()
#15 0x00007fb60dc8b76d in __libc_start_main (main=0x413320, argc=1, ubp_av=
fini=<optimized out>, rtld_fini=
| Changed in gnome-terminal (Debian): | |
| status: | Unknown → Confirmed |
| Changed in gnome-terminal: | |
| importance: | Unknown → Medium |
| status: | Unknown → New |
| Margarita Manterola (marga-9) wrote : | #9 |
I searched a bit and found several duplicates of this bug (now merged). The ways of reproducing are many, but are always related to working with tabs. Detaching a tab, dragging and dropping a tab between two windows, etc. In my case, one time it happened when closing a window with no tabs while keeping two other windows with tabs.
The GNOME upstream bug says it's related to accessibility, which I guess it's due to the "accessible-value" property that we see in the backtrace.
The line that is segfaulting is 1154 from this function:
1148: void
1149: g_object_notify (GObject *object,
1150: const gchar *property_name)
1151: {
1152: GParamSpec *pspec;
1153:
1154: g_return_if_fail (G_IS_OBJECT (object));
1155: g_return_if_fail (property_name != NULL);
The macros expand to:
#define G_IS_OBJECT(object) (G_TYPE_
#define G_TYPE_
# define _G_TYPE_CIT(ip, gt) (G_GNUC_EXTENSION ({ \
GTypeInstance *__inst = (GTypeInstance*) ip; GType __t = gt; gboolean __r; \
if (!__inst) \
__r = FALSE; \
else if (__inst->g_class && __inst-
__r = TRUE; \
else \
__r = g_type_
__r; \
}))
In this last macro, the first thing that's checked is that the object passed is not NULL. Thus, this is pointing to some piece of memory, different than NULL, but on which it's not valid to access it's ->g_class member.
In my stack trace, the object is "optimized out", but in the one provided in the Debian bug report, it says: object@
| Changed in gnome-terminal: | |
| status: | New → Confirmed |
| Changed in gnome-terminal: | |
| status: | Confirmed → Incomplete |
| Changed in gnome-terminal: | |
| status: | Incomplete → Expired |
StacktraceTop:
g_object_notify (object=0x9c68280, property_
gtk_range_
g_object_ref (_object=0x9abcba0) at /build/
g_closure_invoke (closure=0x9abcba0, return_value=0x0, n_param_values=1, param_values=
signal_