Ubuntu
gnome-terminal package

gnome-terminal crashed with SIGSEGV in g_object_notify()

Bug #867565 reported by Douglas Ward
116
This bug affects 23 people
Affects Status Importance Assigned to Milestone
GNOME Terminal
Expired
Medium
gnome-terminal (Debian)
Confirmed
Unknown
gnome-terminal (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

I had four tabs open in Terminal. Go to the Tabs menu and choose Detach Tab. Start working in the newly detached tab and Terminal will crash.

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: gnome-terminal 3.0.1-0ubuntu3
ProcVersionSignature: Ubuntu 3.0.0-12.19-generic 3.0.4
Uname: Linux 3.0.0-12-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 1.23-0ubuntu2
Architecture: i386
Date: Tue Oct 4 10:10:16 2011
ExecutablePath: /usr/bin/gnome-terminal
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta i386 (20110920.5)
ProcCmdline: gnome-terminal
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x2e0aca <g_object_notify+42>: cmpl $0x50,(%eax)
 PC (0x002e0aca) ok
 source "$0x50" ok
 destination "(%eax)" (0x00000020) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: gnome-terminal
StacktraceTop:
 g_object_notify () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
 ?? () from /usr/lib/libgtk-3.so.0
 g_object_ref () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
 g_closure_invoke () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
 ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
Title: gnome-terminal crashed with SIGSEGV in g_object_notify()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Revision history for this message
Douglas Ward (douglas-nc-deactivatedaccount) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 g_object_notify (object=0x9c68280, property_name=0x1094722 "ab-label") at /build/buildd/glib2.0-2.30.0/./gobject/gobject.c:1003
 gtk_range_accessible_finalize (object=0x2) at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtkrangeaccessible.c:73
 g_object_ref (_object=0x9abcba0) at /build/buildd/glib2.0-2.30.0/./gobject/gobject.c:2648
 g_closure_invoke (closure=0x9abcba0, return_value=0x0, n_param_values=1, param_values=0x9c00e00, invocation_hint=0xbfe18f60) at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
 signal_emit_unlocked_R (node=0x99499e0, detail=0, instance=0x9a016d0, emission_return=0x0, instance_and_params=0x9c00e00) at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3272

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in gnome-terminal (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Jeremy Bícha (jbicha)
visibility: private → public
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-terminal (Ubuntu):
status: New → Confirmed
Revision history for this message
Benjamin (nailartcenter) wrote :

crahed too for me now. System is up to date. Ubuntu 12.04 Unity 3d 32bit.

Revision history for this message
Nicholas Skaggs (nskaggs) wrote :

Confirming bug still exists as describe on saucy.

Revision history for this message
Margarita Manterola (marga-9) wrote :

Hi,

This is a recent crash in gnome-terminal in g_object_notify. It happens reliably when moving a tab from one window to another.

#0 0x00007fb60eca80d6 in g_object_notify (object=<optimized out>, property_name=0x7fb60ff18d02 "accessible-value")
    at /tmp/buildd/glib2.0-2.32.4/./gobject/gobject.c:1154
#1 0x00007fb60eca1ca2 in g_closure_invoke (closure=0x17042d0, return_value=0x0, n_param_values=1, param_values=0x7fffb087d3c0,
    invocation_hint=<optimized out>) at /tmp/buildd/glib2.0-2.32.4/./gobject/gclosure.c:777
#2 0x00007fb60ecb2d71 in signal_emit_unlocked_R (node=<optimized out>, detail=0, instance=<optimized out>, emission_return=0x0,
    instance_and_params=0x7fffb087d3c0) at /tmp/buildd/glib2.0-2.32.4/./gobject/gsignal.c:3551
#3 0x00007fb60ecbb069 in g_signal_emit_valist (instance=0x27378a0, signal_id=<optimized out>, detail=0,
    var_args=<optimized out>) at /tmp/buildd/glib2.0-2.32.4/./gobject/gsignal.c:3300
#4 0x00007fb60ecbb212 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>)
    at /tmp/buildd/glib2.0-2.32.4/./gobject/gsignal.c:3356
#5 0x00007fb60fbd40fa in gtk_adjustment_value_changed () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#6 0x00007fb61082643e in ?? () from /usr/lib/libvte2_90.so.9
#7 0x00007fb60e9e58db in g_timeout_dispatch (source=0x17fc330, callback=<optimized out>, user_data=<optimized out>)
    at /tmp/buildd/glib2.0-2.32.4/./glib/gmain.c:3882
#8 0x00007fb60e9e4d13 in g_main_dispatch (context=0x1160e40) at /tmp/buildd/glib2.0-2.32.4/./glib/gmain.c:2539
#9 g_main_context_dispatch (context=0x1160e40) at /tmp/buildd/glib2.0-2.32.4/./glib/gmain.c:3075
#10 0x00007fb60e9e5060 in g_main_context_iterate (dispatch=1, block=<optimized out>, context=0x1160e40, self=<optimized out>)
    at /tmp/buildd/glib2.0-2.32.4/./glib/gmain.c:3146
#11 g_main_context_iterate (context=0x1160e40, block=<optimized out>, dispatch=1, self=<optimized out>)
    at /tmp/buildd/glib2.0-2.32.4/./glib/gmain.c:3083
#12 0x00007fb60e9e545a in g_main_loop_run (loop=0x114faf0) at /tmp/buildd/glib2.0-2.32.4/./glib/gmain.c:3340
#13 0x00007fb60fcb342d in gtk_main () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#14 0x00000000004135e1 in ?? ()
#15 0x00007fb60dc8b76d in __libc_start_main (main=0x413320, argc=1, ubp_av=0x7fffb087d988, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb087d978) at libc-start.c:226

Bug Watch Updater (bug-watch-updater)
Changed in gnome-terminal (Debian):
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gnome-terminal:
importance: Unknown → Medium
status: Unknown → New
Revision history for this message
Margarita Manterola (marga-9) wrote :

I searched a bit and found several duplicates of this bug (now merged). The ways of reproducing are many, but are always related to working with tabs. Detaching a tab, dragging and dropping a tab between two windows, etc. In my case, one time it happened when closing a window with no tabs while keeping two other windows with tabs.

The GNOME upstream bug says it's related to accessibility, which I guess it's due to the "accessible-value" property that we see in the backtrace.

The line that is segfaulting is 1154 from this function:

1148: void
1149: g_object_notify (GObject *object,
1150: const gchar *property_name)
1151: {
1152: GParamSpec *pspec;
1153:
1154: g_return_if_fail (G_IS_OBJECT (object));
1155: g_return_if_fail (property_name != NULL);

The macros expand to:
#define G_IS_OBJECT(object) (G_TYPE_CHECK_INSTANCE_TYPE ((object), G_TYPE_OBJECT))
#define G_TYPE_CHECK_INSTANCE_TYPE(instance, g_type) (_G_TYPE_CIT ((instance), (g_type)))
# define _G_TYPE_CIT(ip, gt) (G_GNUC_EXTENSION ({ \
  GTypeInstance *__inst = (GTypeInstance*) ip; GType __t = gt; gboolean __r; \
  if (!__inst) \
    __r = FALSE; \
  else if (__inst->g_class && __inst->g_class->g_type == __t) \
    __r = TRUE; \
  else \
    __r = g_type_check_instance_is_a (__inst, __t); \
  __r; \
}))

In this last macro, the first thing that's checked is that the object passed is not NULL. Thus, this is pointing to some piece of memory, different than NULL, but on which it's not valid to access it's ->g_class member.

In my stack trace, the object is "optimized out", but in the one provided in the Debian bug report, it says: object@entry=0x8469a38.

Bug Watch Updater (bug-watch-updater)
Changed in gnome-terminal:
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gnome-terminal:
status: Confirmed → Incomplete
Bug Watch Updater (bug-watch-updater)
Changed in gnome-terminal:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.