GNOME Bugzilla – Bug 351814
GtkTreeModelFilter: row-deleted should probably emit signal first, then decrease visible nodes
Last modified: 2011-05-22 15:48:18 UTC
What were you doing when the application crashed? If you delete more then one bookmark (mass selection) at the time it leads to a crash. Distribution: Ubuntu 6.10 (edgy) Gnome Release: 2.15.91 2006-08-08 (Ubuntu) BugBuddy Version: 2.15.90 Memory status: size: 185040896 vsize: 0 resident: 185040896 share: 0 rss: 59150336 rss_rlim: 0 CPU usage: start_time: 1155840498 rtime: 0 utime: 1375 stime: 0 cutime:1266 cstime: 0 timeout: 109 it_real_value: 0 frequency: 0 Backtrace was generated from '/usr/bin/epiphany' (no debugging symbols found) Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1228343632 (LWP 13793)] [New Thread -1354761312 (LWP 13811)] [New Thread -1310872672 (LWP 13810)] [New Thread -1319265376 (LWP 13808)] [New Thread -1327658080 (LWP 13807)] [New Thread -1344443488 (LWP 13806)] [New Thread -1336050784 (LWP 13802)] [New Thread -1293980768 (LWP 13797)] [New Thread -1253815392 (LWP 13795)] 0xffffe410 in __kernel_vsyscall ()
+ Trace 70617
Thread 1 (Thread -1228343632 (LWP 13793))
I have tried to reproduce the problem (mandriva cooker, epiphany 2.15.91) but it worked for me.
I can confirm the problem here, using Dapper and JHBuild (epipihany 2.15.91) Generated stack-trace (as it contains a little more information): The terminal produces the following: (epiphany:7606): Gtk-CRITICAL **: gtk_tree_model_filter_convert_iter_to_child_iter: assertion `filter_iter->stamp == filter->priv->stamp' failed as it dies. The crash happens with 2 or more bookmarks selected, and using the delete button or the menu entry. Distribution: Ubuntu 6.06 (dapper) Gnome Release: 2.15.4 2006-07-23 (JHBuild) BugBuddy Version: 2.15.0 Memory status: size: 126644224 vsize: 0 resident: 126644224 share: 0 rss: 35336192 rss_rlim: 0 CPU usage: start_time: 1155900994 rtime: 0 utime: 252 stime: 0 cutime:228 cstime: 0 timeout: 24 it_real_value: 0 frequency: 0 Backtrace was generated from '/opt/gnome2/bin/epiphany' Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1227118912 (LWP 7497)] [New Thread -1314444368 (LWP 7511)] [New Thread -1306051664 (LWP 7510)] [New Thread -1294746704 (LWP 7507)] [New Thread -1286354000 (LWP 7506)] [New Thread -1277961296 (LWP 7505)] [New Thread -1269568592 (LWP 7504)] [New Thread -1260766288 (LWP 7503)] [New Thread -1251476560 (LWP 7500)] [New Thread -1232852048 (LWP 7499)] 0xffffe410 in __kernel_vsyscall ()
+ Trace 70659
Thread 1 (Thread -1227118912 (LWP 7497))
*** Bug 352309 has been marked as a duplicate of this bug. ***
*** Bug 352152 has been marked as a duplicate of this bug. ***
Yes this happens in 2.15.91 in edgy.
*** Bug 353261 has been marked as a duplicate of this bug. ***
*** Bug 354312 has been marked as a duplicate of this bug. ***
*** Bug 354595 has been marked as a duplicate of this bug. ***
*** Bug 355012 has been marked as a duplicate of this bug. ***
*** Bug 355296 has been marked as a duplicate of this bug. ***
*** Bug 356320 has been marked as a duplicate of this bug. ***
*** Bug 356406 has been marked as a duplicate of this bug. ***
*** Bug 356418 has been marked as a duplicate of this bug. ***
*** Bug 357062 has been marked as a duplicate of this bug. ***
*** Bug 357990 has been marked as a duplicate of this bug. ***
*** Bug 358220 has been marked as a duplicate of this bug. ***
*** Bug 358222 has been marked as a duplicate of this bug. ***
*** Bug 358380 has been marked as a duplicate of this bug. ***
Can somebody please help the developers to fix this bug by trying to reproduce this crash with debugging packages of at least epiphany installed? See http://live.gnome.org/GettingTraces/DistroSpecificInstructions for more information. Thanks a lot in advance, your help is appreciated!
Created attachment 74060 [details] Stack trace as > 65k chars Very similar to trace given in comment #2 above but as requested, 1 stacktrace from epiphany 2.16.1 recompiled with debug symbols. In addition to firefox-dbg, gtk-dbg, glib-gdb etc. Added as attachment due to 65k limit for comments
don, thanks a lot for your efforts! marking this bug as a Gnome 2.16.x target as we have many duplicates. chpe, can i ask you to take a look at this as this bites many users? stacktrace with symbols and line numbers attached. thanks in advance!
*** Bug 359949 has been marked as a duplicate of this bug. ***
*** Bug 360082 has been marked as a duplicate of this bug. ***
*** Bug 360690 has been marked as a duplicate of this bug. ***
Ok, I have been trying to find reasons why this happens. Some info I have gathered: 1. In lib/widgets/ephy-node-view.c: ephy_node_view_remove() and get_node_from_path() call gtk_tree_model_filter_convert_iter_to_child_iter() giving an already inited GtkTreeIter (documentation says this is not good). Changing this doesn't solve the problem. 2. History window had a similar problem that was workaround'd in bug #346662. 3. ephy_node_view_remove() calls ephy_node_view_get_selection() to get the selected items and then does: for (l = list; l; l = l->next) { ephy_node_unref (l->data); } BUT!, ephy_node_unref() is called only _once_ no matter how many elements you have selected. I understand/guess that this is wrong and that since it's a for over a list it should go again and again until "l" is NULL. Instead there's a lot of calls to get_selection() (I see one call for each element selected, I guess that's not ok :/), this buddy calls get_node_from_path(). 4. The real crash seems to be in get_node_from_path(). I'm stuck there, I hope someone can give me some ideas to resolve this or, even better, resolve this using this info.
*** Bug 360840 has been marked as a duplicate of this bug. ***
*** Bug 361207 has been marked as a duplicate of this bug. ***
*** Bug 361595 has been marked as a duplicate of this bug. ***
*** Bug 361775 has been marked as a duplicate of this bug. ***
*** Bug 362298 has been marked as a duplicate of this bug. ***
*** Bug 362473 has been marked as a duplicate of this bug. ***
*** Bug 362548 has been marked as a duplicate of this bug. ***
*** Bug 363159 has been marked as a duplicate of this bug. ***
*** Bug 363360 has been marked as a duplicate of this bug. ***
*** Bug 363541 has been marked as a duplicate of this bug. ***
*** Bug 363676 has been marked as a duplicate of this bug. ***
*** Bug 363896 has been marked as a duplicate of this bug. ***
*** Bug 364444 has been marked as a duplicate of this bug. ***
*** Bug 365127 has been marked as a duplicate of this bug. ***
*** Bug 365205 has been marked as a duplicate of this bug. ***
Ubuntu bug about that: https://launchpad.net/distros/ubuntu/+source/epiphany-browser/+bug/68420
*** Bug 365796 has been marked as a duplicate of this bug. ***
*** Bug 366385 has been marked as a duplicate of this bug. ***
*** Bug 366571 has been marked as a duplicate of this bug. ***
*** Bug 366766 has been marked as a duplicate of this bug. ***
*** Bug 366853 has been marked as a duplicate of this bug. ***
LOL, this bug has a very huge amount of duplicates. Bug buddy really needs some simple dupfinder or at least some "intelligent" users.
Pavel, I produced one of these duplicates. I am reluctant to take the blame though: an application crashed, a nice bug reporting tool showed up, I used it. If bug-buddy is broken, then that's another matter. (Feel free to correct me if there's something I'm missing here.) Blame issues aside, this really doesn't look good and produces a lot of extra work for people who might as well be fixing the bug.
*** Bug 364684 has been marked as a duplicate of this bug. ***
Please refrain from posting comments that do not directly assist in solving the problem. Thank you!
*** Bug 368892 has been marked as a duplicate of this bug. ***
*** Bug 369737 has been marked as a duplicate of this bug. ***
*** Bug 370531 has been marked as a duplicate of this bug. ***
*** Bug 371114 has been marked as a duplicate of this bug. ***
From last duplicate: also happens when renaming from context menu in the bme.
*** Bug 371452 has been marked as a duplicate of this bug. ***
*** Bug 371521 has been marked as a duplicate of this bug. ***
*** Bug 372302 has been marked as a duplicate of this bug. ***
*** Bug 372320 has been marked as a duplicate of this bug. ***
*** Bug 372695 has been marked as a duplicate of this bug. ***
*** Bug 372784 has been marked as a duplicate of this bug. ***
*** Bug 374416 has been marked as a duplicate of this bug. ***
*** Bug 374806 has been marked as a duplicate of this bug. ***
*** Bug 374920 has been marked as a duplicate of this bug. ***
*** Bug 374852 has been marked as a duplicate of this bug. ***
bug #374852 produces this exact trace when moving bookmarks massively.
*** Bug 374844 has been marked as a duplicate of this bug. ***
*** Bug 375113 has been marked as a duplicate of this bug. ***
Created attachment 76604 [details] [review] Sadly not a fix A diff of some changes I made to try to debug the problem, I thought it might be useful. Sadly it's not a fix. :(
*** Bug 376033 has been marked as a duplicate of this bug. ***
*** Bug 378653 has been marked as a duplicate of this bug. ***
*** Bug 379598 has been marked as a duplicate of this bug. ***
*** Bug 379701 has been marked as a duplicate of this bug. ***
*** Bug 380135 has been marked as a duplicate of this bug. ***
*** Bug 381168 has been marked as a duplicate of this bug. ***
*** Bug 381573 has been marked as a duplicate of this bug. ***
*** Bug 381853 has been marked as a duplicate of this bug. ***
*** Bug 382439 has been marked as a duplicate of this bug. ***
*** Bug 382910 has been marked as a duplicate of this bug. ***
*** Bug 383005 has been marked as a duplicate of this bug. ***
*** Bug 383412 has been marked as a duplicate of this bug. ***
*** Bug 384128 has been marked as a duplicate of this bug. ***
*** Bug 385232 has been marked as a duplicate of this bug. ***
*** Bug 388849 has been marked as a duplicate of this bug. ***
*** Bug 389275 has been marked as a duplicate of this bug. ***
*** Bug 390653 has been marked as a duplicate of this bug. ***
*** Bug 390908 has been marked as a duplicate of this bug. ***
*** Bug 390962 has been marked as a duplicate of this bug. ***
*** Bug 391567 has been marked as a duplicate of this bug. ***
*** Bug 392778 has been marked as a duplicate of this bug. ***
*** Bug 392968 has been marked as a duplicate of this bug. ***
*** Bug 393988 has been marked as a duplicate of this bug. ***
Created attachment 79733 [details] [review] Workarounds/Fixes the problem (seriously!) Well, I decided to not let me tackle by this bug. The problem arises when (according to what I believe) the following takes place in lib/widgets/ephy-tree-model-node.c: static gboolean ephy_tree_model_node_get_iter (GtkTreeModel *tree_model, GtkTreeIter *iter, GtkTreePath *path) { EphyTreeModelNode *model = EPHY_TREE_MODEL_NODE (tree_model); int i; g_return_val_if_fail (EPHY_IS_TREE_MODEL_NODE (model), FALSE); g_return_val_if_fail (gtk_tree_path_get_depth (path) > 0, FALSE); if (model->priv->root == NULL) return FALSE; i = gtk_tree_path_get_indices (path)[0]; iter->stamp = model->priv->stamp; iter->user_data = ephy_node_get_nth_child (model->priv->root, i); if (iter->user_data == NULL) { iter->stamp = 0; return FALSE; } return TRUE; } stamp is set to 0 (making the GtkTreeIter invalid) if there's no user_data set. A printing of the iters in get_node_from_path would reveal an output like this: iter2->stamp: 1253014665; iter3->stamp: -1224161903; iter->stamp: -1047029049; iter2->stamp: 1253014666; iter3->stamp: -1224161903; iter->stamp: -1047029049; iter2->stamp: 0; iter3->stamp: -1224161903; iter->stamp: -1047029049; saliendo con NULL <practical spanish on dvd>"saliendo con" means "goint out with"</practical spanish on dvd> Being iter2 the faulty one: gtk_tree_model_sort_convert_iter_to_child_iter (GTK_TREE_MODEL_SORT (view->priv->sortmodel), &iter2, &iter); So, if you check for the iter2 stamp: if (iter2.stamp == 0) You can now if it was marked as invalid on purpose, thus saving yourself from using an empty iter->user_data. With the attached patch the crash no longer occurs but you get a warning on ephy_bookmarks_editor_update_menu about node being NULL. I changed the g_return_if_fail just for testing. Conclusion: 1. You can use a modified version of this patch (without the comments and maybe with some little correction) to avoid this bug totally. 2. You could use the patch to find out what the hell happens when user_data is set to NULL and thus the stamp is "tainted". BTW: I don't get the idea of -> and ., I will investigate! Muahaha! thou shall not beat me C! ~ /me dances the "I fixed (or at least workaround'd) THE bug" dance. \o> <o/ \o/ \o~ ~o/
Many thanks for the patch! So even if this only a workaround, let's use it, I'm tired of all those dups :) Can you produce a patch that removes all the g_print:s and only keeps the minimally needed changes? Then commit that one to HEAD please, wait a few days for regressions and then commit to gnome-2-16 too.
Committed to trunk.
*** Bug 394717 has been marked as a duplicate of this bug. ***
*** Bug 395011 has been marked as a duplicate of this bug. ***
*** Bug 395258 has been marked as a duplicate of this bug. ***
*** Bug 395401 has been marked as a duplicate of this bug. ***
*** Bug 395981 has been marked as a duplicate of this bug. ***
Any Ubuntu Feisty Users in here that have installed the latest updates (means: GNOME 2.17.5) and could report whether they can still reproduce this crash? Thanks in advance for helping!
With a fresh feisty install, gnome 2.17.5, using an old home partition, I had no problems deleting several epiphany 2.17.5 bookmarks at the same time, either with the delete key, the right click menu, or the "delete" option from the main menu. The terminal did not show any errors either. It looks like this bug is solved, right? Linux ubuntu 2.6.20-5-generic #2 SMP Sat Jan 6 14:50:47 UTC 2007 i686 GNU/Linux
Thanks Michael, I think that it's safe to apply it to 2.16. However I'm not sure if this can be considered a fix or just a workaround. What do you think chpe?
Please commit to gnome-2-16 and resolve this as FIXED. Thanks again for the patch!
Committed as revision 6827. Closing the bug :).
*** Bug 398056 has been marked as a duplicate of this bug. ***
*** Bug 398543 has been marked as a duplicate of this bug. ***
*** Bug 399820 has been marked as a duplicate of this bug. ***
*** Bug 399977 has been marked as a duplicate of this bug. ***
*** Bug 400615 has been marked as a duplicate of this bug. ***
*** Bug 401607 has been marked as a duplicate of this bug. ***
Created attachment 81392 [details] [review] gtk+ patch This patch against gtk+ trunk (should apply cleanly to gtk-2-10) makes the asserts go away for me with the workaround in this bug and in #346662 reverted. Some testing might be nice ;)
*** Bug 402254 has been marked as a duplicate of this bug. ***
*** Bug 402295 has been marked as a duplicate of this bug. ***
Kris: should we move this bug to gtk+ (or create a clone), so it doesn't get lost?
I will move it over. Could you also verify whether the gtk+ fix works for you?
I was unable to reproduce the bug with the patch applied. (However I couldn't consistently reproduce it even without the patch, so further confirmation would be good.)
*** Bug 403350 has been marked as a duplicate of this bug. ***
no dups for 17 days, seems to be fixed (and updated). removing gnome target milestone and blocker state.
*cough* well, no dups because this was added to the auto-reject list. +21 dups so far.
Andre: so shouldn't the status change you made be reverted to blocker?
Created attachment 83376 [details] [review] Workaround committed to trunk
Created attachment 83377 [details] [review] GNOME 2.14 backport
Loïc: feel free to commit that to epiphany's gnome-2-14 branch, if you want.
*** Bug 417657 has been marked as a duplicate of this bug. ***
(In reply to comment #124) > Loïc: feel free to commit that to epiphany's gnome-2-14 branch, if you want. Committed in gnome-2-14 as r6970. 2007-01-08 Diego Escalante Urrelo <diegoe@svn.gnome.org> * src/bookmarks/ephy-bookmarks-editor.c: * lib/widgets/ephy-node-view.c: Workaround/semi-fix for bug #351814. The real cause of the problem is the user_data that is never set on a GtkTreeIter, so the Ephy implementation of the tree makes it to have a stamp of 0 being that way an invalid iter. Patch by Diego Escalante Urrelo.
*** Bug 422586 has been marked as a duplicate of this bug. ***
*** Bug 424669 has been marked as a duplicate of this bug. ***
*** Bug 425282 has been marked as a duplicate of this bug. ***
*** Bug 434338 has been marked as a duplicate of this bug. ***
46 rejected dup reports so far. can this bug be closed now?
Comment on attachment 81392 [details] [review] gtk+ patch Kris, was this gtk+ patch committed?
No, please leave the bug open.
About the workaround used in Epiphany, Rob Bradford commented this on a similar fix on o-hand's bugzilla: Yo. The correct fix is to check the return value of gtk_combo_box_get_active_iter (...) it returns a gboolean if the iter has been set. Failure to check this means that the iter can be invalid. Which is what was giving this crash. This is a much nicer solution than checking the stamp and so i'd recommend fixing Epiphany in a similar way. Cheerio. And we are actually not doing that: Index: lib/widgets/ephy-node-view.c =================================================================== --- lib/widgets/ephy-node-view.c (révision 6795) +++ lib/widgets/ephy-node-view.c (révision 6796) @@ -160,16 +160,21 @@ static EphyNode * get_node_from_path (EphyNodeView *view, GtkTreePath *path) { EphyNode *node; - GtkTreeIter iter, iter2; + GtkTreeIter iter, iter2, iter3; if (path == NULL) return NULL; gtk_tree_model_get_iter (view->priv->sortmodel, &iter, path); chpe?
Not sure what exactly you're proposing; could you attach the patch?
It's just: get_node_from_path (EphyNodeView *view, GtkTreePath *path) { (...) gboolean ret; (...) ret = gtk_tree_model_get_iter (view->priv->sortmodel, &iter, path); if (ret == FALSE) return NULL (...)
removing from auto-reject list
There have been no more duplicates since it was removed from the auto-reject list. Is this still a problem?
I just tried it under 2.22.2 and had no trouble deleting an entire category or a multiple selection of bookmarks.
(In reply to comment #112) > Created an attachment (id=81392) [details] [review] > gtk+ patch > > This patch against gtk+ trunk (should apply cleanly to gtk-2-10) makes the > asserts go away for me with the workaround in this bug and in #346662 reverted. > Some testing might be nice ;) I just spent a couple of days fixing up GtkTreeModelFilter's row-deleted handling. I can now say for sure that this patch is clearly broken, so it's good that I never committed this. Unfortunately, I can no longer recall the exact causes of this bug... I do get the impression that maybe the problems arose because the code was trying to access already invalid nodes. I will close the bug for now, if any problem shows up in the future we will take it from there.