GNOME Bugzilla – Bug 330728
Crash in ETable a11y code
Last modified: 2013-09-13 12:25:17 UTC
Enable a11y; am getting failry regular crashes, I believe in the message list view: 0x00a54ffe in ect_check (a11y=Variable "a11y" is not available. ) at gal-a11y-e-cell-text.c:69 69 if (!E_IS_CELL_TEXT (gaec->cell_view->ecell)) (gdb) bt
+ Trace 66077
p *((GalA11yECell*)a11y) {object = {parent = {g_type_instance = {g_class = 0xb854c48}, ref_count = 6, qdata = 0xa558da00}, description = 0x0, name = 0xb8c0970 "(a valid looking string)", accessible_parent = 0x0, role = ATK_ROLE_TABLE_CELL, relation_set = 0xa558db20, layer = ATK_LAYER_INVALID}, item = 0xa158008, cell_view = 0xb8e3d00, parent = 0xa1988c8, model_col = 5, view_col = 4, row = 94, state_set = 0xbbc6b38, action_list = 0xa558db00, action_idle_handler = 0, action_func = 0} p *((GalA11yECell*)a11y)->cell_view $9 = {ecell = 0x225d91f, e_table_model = 0x2f214288, e_table_item_view = 0x73a1, focus_x1 = 809029591, focus_y1 = 0, focus_x2 = 25, focus_y2 = 121, focus_col = 4, focus_row = 198124192 p *((GalA11yECell*)a11y)->cell_view->ecell Cannot access memory at address 0x225d91f So cell_view->ecell looks like a junk value. This is on Fedora Core (rawhide, pre FC5): evolution-2.5.90-1.1
Seeing this here too.
Could bug 332727 be related?
Created attachment 63282 [details] [review] Attached patch with changes.
Patch reviewed and committed to HEAD and the gnome-2-14 branches. Thanks for the patch.
The patch seems can not fix the bug in the right way. Dave: I cannot reproduce this bug on my machine, how can you reproduce it?
Rajeev : any comments on this ?
Li : Rajeev's s/E_IS_CELL_TEXT/GAL_A11Y_IS_E_CELL_TEXT/ looks to be a valid change though it does not seem to fix reference corruption. Please re-open the bug if necessary - I cannot reproduce the bug.
Harish: but I think gaec->cell_view->ecell is actually an ECellText, not an a11y object.
You are right. Per discussion on IRC, re-opening the bug.
Dave: I cannot reproduce this bug? Can you help me?
*** Bug 349493 has been marked as a duplicate of this bug. ***
still in 2.6, reopening as per duplicate.
Update GNOME target which is already past anyway.
*** Bug 356028 has been marked as a duplicate of this bug. ***
Bug 356028 looks like a simple dup in evolution-2.8: occurred whilst clicking on the mailer list view, selecting an email. So still present in 2.8, alas.
*** Bug 356158 has been marked as a duplicate of this bug. ***
*** Bug 333934 has been marked as a duplicate of this bug. ***
half a dozen duplicates in bug report 333934, therefore targetting to 2.8. uptodate stacktrace available at bug 356158.
*** Bug 355966 has been marked as a duplicate of this bug. ***
*** Bug 356713 has been marked as a duplicate of this bug. ***
*** Bug 358909 has been marked as a duplicate of this bug. ***
huge number of dups, can this please be addressed? thanks.
*** Bug 360179 has been marked as a duplicate of this bug. ***
*** Bug 360872 has been marked as a duplicate of this bug. ***
*** Bug 362753 has been marked as a duplicate of this bug. ***
*PING*.
*** Bug 363391 has been marked as a duplicate of this bug. ***
*** Bug 364484 has been marked as a duplicate of this bug. ***
*** Bug 364599 has been marked as a duplicate of this bug. ***
*** Bug 364985 has been marked as a duplicate of this bug. ***
*** Bug 369980 has been marked as a duplicate of this bug. ***
*** Bug 365275 has been marked as a duplicate of this bug. ***
*** Bug 369465 has been marked as a duplicate of this bug. ***
*** Bug 371580 has been marked as a duplicate of this bug. ***
*** Bug 371963 has been marked as a duplicate of this bug. ***
*** Bug 373014 has been marked as a duplicate of this bug. ***
*** Bug 378496 has been marked as a duplicate of this bug. ***
*** Bug 379859 has been marked as a duplicate of this bug. ***
Sorry for the bug spam, but this issue has accumulated about 25 duplicates so far, and I personally experience a crash (that I believe is related to this bug) several times a day - many people have asked my why don't I simply ditch evo in favor of something a bit more stable. I would appreciate it if a developer working on this bug can let us know if this bug is being actively investigated. I would love to help in solving this bug, but while I have some expertise in C unfortunately I cannot currently invest the time required to learn the evo code base. None the less, I'm willing to help in any other way - I can reproduce this crash at will, can supply stack traces, and if we can find some way to do it - even let someone else run a debugging session on my system.
I believe that this bug has been accidentally fixed in Evolution 2.8. I have been running 2.8 on GTK+ 2.10.6 for several weeks without getting this crash. It used to crash several times a day.
I'm running 2.8.1.1 and I still get crashes several times a day.
It's still crashing for me on Ubuntu Edgy. Have any developers been able to reproduce this bug?
*** Bug 380563 has been marked as a duplicate of this bug. ***
*** Bug 380717 has been marked as a duplicate of this bug. ***
Created attachment 77409 [details] Another detailed back-trace, I think its the same bug. I added glibc debuginfo, but it still has some "no symbols"
Created attachment 77621 [details] Two additional stack traces Here's one
Created attachment 77622 [details] And here is the other stack trace
*** Bug 382242 has been marked as a duplicate of this bug. ***
*** Bug 379799 has been marked as a duplicate of this bug. ***
*** Bug 387829 has been marked as a duplicate of this bug. ***
*** Bug 388555 has been marked as a duplicate of this bug. ***
*** Bug 392164 has been marked as a duplicate of this bug. ***
*** Bug 387543 has been marked as a duplicate of this bug. ***
*** Bug 381378 has been marked as a duplicate of this bug. ***
Srini : Since Rajeev is not working on it anymore, is anybody else looking into this now ? Please re-assign this to the right person. (Kindly request you to direct NOSIP interns to assign the bugs to themselves when they are working on it instead of leaving it under the defaults/my name. TIA)
*** Bug 395032 has been marked as a duplicate of this bug. ***
*** Bug 397281 has been marked as a duplicate of this bug. ***
*** Bug 399718 has been marked as a duplicate of this bug. ***
*** Bug 400932 has been marked as a duplicate of this bug. ***
ok, I too get the original crash quite a lot in evo with a11y enabled, i.e.
+ Trace 106773
I attach here a (hacky) workaround patch which shows where the crash comes from and detects that an ecell_view is deleter which the a11y object keeps a reference to and attempt to reuse post-destruction. The patch prevents the crash, and logs the problem. Hopefully someone familiar with the a11y code can see from this as to what the lifecycle issues should have been.
Created attachment 81572 [details] [review] workaround patch
(In reply to comment #61) > Created an attachment (id=81572) [edit] > workaround patch > w00t! This is awesome! After, let me count, 35 dupes we're finally getting somewhere! It's just a shame that precisely 26 hours ago I got converted to Thunderbird after holding out for so long already.
Created attachment 81686 [details] Stack traces from Bug Buddy. Hi. I have been seeing regular predictable voluminous crashes from Evo too; and I've been trying to effectively reproduce bug 366448 (and also bug 376826). The dupfinder says my trace matches this bug so I'll attach it here in case it's helpful. Thanks.
*** Bug 402009 has been marked as a duplicate of this bug. ***
*** Bug 403720 has been marked as a duplicate of this bug. ***
Srini: poke.
I just went through the patch. It just avoids a crash with a NULL replacement. Given the issue and the number of duplicates, I would prefer to get this in and leave the bug still open to make sure that it gets addressed in a proper way.
*** Bug 405110 has been marked as a duplicate of this bug. ***
*** Bug 406455 has been marked as a duplicate of this bug. ***
*** Bug 407914 has been marked as a duplicate of this bug. ***
*** Bug 407823 has been marked as a duplicate of this bug. ***
*** Bug 408060 has been marked as a duplicate of this bug. ***
*** Bug 410952 has been marked as a duplicate of this bug. ***
*** Bug 411541 has been marked as a duplicate of this bug. ***
Ubuntu bug about that (evolution 2.9.91 package): https://launchpad.net/bugs/88086
*** Bug 412076 has been marked as a duplicate of this bug. ***
SRINI: POKE.
Let us commit this and leave this bug open.
I commited this. Leaving the bug open so we can find a correct solution for the problem later.
*** Bug 413391 has been marked as a duplicate of this bug. ***
*** Bug 416965 has been marked as a duplicate of this bug. ***
*** Bug 417407 has been marked as a duplicate of this bug. ***
*** Bug 415795 has been marked as a duplicate of this bug. ***
*** Bug 418503 has been marked as a duplicate of this bug. ***
*** Bug 420307 has been marked as a duplicate of this bug. ***
*** Bug 420338 has been marked as a duplicate of this bug. ***
*** Bug 420484 has been marked as a duplicate of this bug. ***
*** Bug 420740 has been marked as a duplicate of this bug. ***
*** Bug 420754 has been marked as a duplicate of this bug. ***
*** Bug 421565 has been marked as a duplicate of this bug. ***
*** Bug 421694 has been marked as a duplicate of this bug. ***
*** Bug 421952 has been marked as a duplicate of this bug. ***
*** Bug 423431 has been marked as a duplicate of this bug. ***
*** Bug 427583 has been marked as a duplicate of this bug. ***
*** Bug 423734 has been marked as a duplicate of this bug. ***
*** Bug 428120 has been marked as a duplicate of this bug. ***
*** Bug 423476 has been marked as a duplicate of this bug. ***
*** Bug 422642 has been marked as a duplicate of this bug. ***
*** Bug 423365 has been marked as a duplicate of this bug. ***
*** Bug 426236 has been marked as a duplicate of this bug. ***
*** Bug 429216 has been marked as a duplicate of this bug. ***
*** Bug 430285 has been marked as a duplicate of this bug. ***
*** Bug 430877 has been marked as a duplicate of this bug. ***
*** Bug 429399 has been marked as a duplicate of this bug. ***
*** Bug 431251 has been marked as a duplicate of this bug. ***
*** Bug 432110 has been marked as a duplicate of this bug. ***
*** Bug 440296 has been marked as a duplicate of this bug. ***
lowering severity as per comment 79.
*** Bug 511560 has been marked as a duplicate of this bug. ***
I got this crash with Evolution 2.21.5 running on Fedora 8. Realistically, I think the only way Evolution will ever become stable with accessibility enabled is by eradicating the remains of GAL.
Bumping version to a stable release.
*** Bug 532404 has been marked as a duplicate of this bug. ***
*** Bug 534745 has been marked as a duplicate of this bug. ***
last dup against 2.22.x in Debian distro
*** Bug 593218 has been marked as a duplicate of this bug. ***
*** Bug 555852 has been marked as a duplicate of this bug. ***
*** Bug 614934 has been marked as a duplicate of this bug. ***
*** Bug 619688 has been marked as a duplicate of this bug. ***
I'm getting this crash constantly in 2.30.1.2. Usually when opening attachments on an IMAP folder.
It also happens quite a lot when sending email (again from an IMAP account, but I only have IMAP on evolution).
*** Bug 622495 has been marked as a duplicate of this bug. ***
*** Bug 622607 has been marked as a duplicate of this bug. ***
*** Bug 623544 has been marked as a duplicate of this bug. ***
*** Bug 623752 has been marked as a duplicate of this bug. ***
If I understand correctly, the last trace dates back to 2007 and in the meanwhile the problem has been at least partially targeted. So in case it is useful, here is an up-to-date (2.30) trace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6921d88 in ect_check (a11y=<value optimized out>) at gal-a11y-e-cell-text.c:83 83 gal-a11y-e-cell-text.c: No such file or directory. in gal-a11y-e-cell-text.c (gdb) backtrace
+ Trace 222844
The problem happens periodically (though not very frequently, approx. once a day), so if some more debug information can be useful, just ask.
*** Bug 624769 has been marked as a duplicate of this bug. ***
*** Bug 624764 has been marked as a duplicate of this bug. ***
*** Bug 624756 has been marked as a duplicate of this bug. ***
*** Bug 624854 has been marked as a duplicate of this bug. ***
Downstream bug report about the same with 2.30.2: https://bugzilla.redhat.com/show_bug.cgi?id=616931
*** Bug 626371 has been marked as a duplicate of this bug. ***
*** Bug 514263 has been marked as a duplicate of this bug. ***
*** Bug 628301 has been marked as a duplicate of this bug. ***
*** Bug 628390 has been marked as a duplicate of this bug. ***
A slightly different backtrace (please let me know if that's useless):
+ Trace 223517
*** Bug 629673 has been marked as a duplicate of this bug. ***
*** Bug 629724 has been marked as a duplicate of this bug. ***
Created attachment 170429 [details] backtrace on ubuntu maverick This is happening to me a lot on Ubuntu 10.10 beta. It seems random. elopio@elopio-laptop:~$ aptitude show evolution Package: evolution State: installed Automatically installed: no Version: 2.30.3-1ubuntu1
Leo, please disable accessibility to avoid this crash.
(In reply to comment #139) > Leo, please disable accessibility to avoid this crash. I'm not Leo, but I experience those crashes since months. Could I disable accessibility too, please? And most importantly: how? thanks a lot Pietro
Pietro: Depends on your distro, hard to generalize. Normally go to your systemwide GNOME Settings and there is a section for that.
(for anybody reading: in Debian/Ubuntu, System -> Preferences -> Assistive Technologies) thanks
*** Bug 631928 has been marked as a duplicate of this bug. ***
Seeing these too: (evolution:6045): e-table-CRITICAL **: ect_check: assertion `(gaec->cell_view != NULL)' failed
Accessibility is disabled (Preferences -> Assistive Technologies and the 'Enable assistive technologies' checkbox is not checked).
*** Bug 632451 has been marked as a duplicate of this bug. ***
*** Bug 632462 has been marked as a duplicate of this bug. ***
*** Bug 632635 has been marked as a duplicate of this bug. ***
*** Bug 632836 has been marked as a duplicate of this bug. ***
Downstream bug report about the same in 2.32.0: https://bugzilla.redhat.com/show_bug.cgi?id=649400
*** Bug 634220 has been marked as a duplicate of this bug. ***
*** Bug 634384 has been marked as a duplicate of this bug. ***
*** Bug 634533 has been marked as a duplicate of this bug. ***
After seeing no less than five crash reports about this in one week, I have fixed the crash by removing accessibility support for the ECellText class in 2.32 and 2.91. If ever we get someone to update our accessibility code then we can bring this back and let him/her try and debug the crash. But until then, whatever accessibility features the code was providing is not worth having to tell everyone to turn off GNOME's accessibility support in order to use Evolution. http://git.gnome.org/browse/evolution/commit/?id=abd2711b00f0c036d5a60e8a38bbdc83384f8822 http://git.gnome.org/browse/evolution/commit/?h=gnome-2-32&id=4c6b254770446028968620adbec0b4e04f23f541
*** Bug 634527 has been marked as a duplicate of this bug. ***
*** Bug 634108 has been marked as a duplicate of this bug. ***
*** Bug 634694 has been marked as a duplicate of this bug. ***
*** Bug 634739 has been marked as a duplicate of this bug. ***
*** Bug 635732 has been marked as a duplicate of this bug. ***
*** Bug 636816 has been marked as a duplicate of this bug. ***
*** Bug 637173 has been marked as a duplicate of this bug. ***
*** Bug 639593 has been marked as a duplicate of this bug. ***
*** Bug 639957 has been marked as a duplicate of this bug. ***
*** Bug 640312 has been marked as a duplicate of this bug. ***
*** Bug 641578 has been marked as a duplicate of this bug. ***
*** Bug 641695 has been marked as a duplicate of this bug. ***
*** Bug 642435 has been marked as a duplicate of this bug. ***
*** Bug 643827 has been marked as a duplicate of this bug. ***
*** Bug 643825 has been marked as a duplicate of this bug. ***
*** Bug 644434 has been marked as a duplicate of this bug. ***
*** Bug 644649 has been marked as a duplicate of this bug. ***
*** Bug 644692 has been marked as a duplicate of this bug. ***
*** Bug 645495 has been marked as a duplicate of this bug. ***
*** Bug 649029 has been marked as a duplicate of this bug. ***
*** Bug 650155 has been marked as a duplicate of this bug. ***
(In reply to comment #175) > *** Bug 650155 has been marked as a duplicate of this bug. *** (In reply to comment #175) > *** Bug 650155 has been marked as a duplicate of this bug. *** This bug is resolved/fixed. Great but where do I get the fix? As previously mentioned, I'm new to using LINUX.
(In reply to comment #176) > This bug is resolved/fixed. Great but where do I get the fix? > As previously mentioned, I'm new to using LINUX. Most likely you will need to upgrade your Linux distro to a newer release.
(In reply to comment #60) > ok, I too get the original crash quite a lot in evo with a11y enabled, i.e. > > You provided a work around for Evolution 2.9.5. Is there one of 2.30.3?
(In reply to comment #178) > You provided a work around for Evolution 2.9.5. No, for 2.91. 91 is not 9. > Is there one of 2.30.3? See comment 177. You could ask your distribution in their bug tracker to backport the fix in comment 154 and ship it.
*** Bug 651090 has been marked as a duplicate of this bug. ***