Bug#968756: Further Info
Hello Jason,
thanks for the information, just some notes before.
You might want to use reply all, otherwise the answer
might get through unnoticed.
And for some reason your email did not convert sufficiently
to plain text for some reason, so it appears kind of
short at https://bugs.debian.org/968756 .
On Sun, 23 Aug 2020 01:31:46 +0200 pub1336@gmx.com wrote:
>
> Dear Maintainers,
>
> @Mattia:
>
> > Since you tried the AppImage and reproduced with that as well, could you
> > consider filing a bug report upstream directly at
> > https://gitlab.com/inkscape/inbox ?
>
> Will do.
>
> > Also, I'm uploading now 1.0-5 to backports, if you could see whether
> > that also triggers this crash it would be useful (1.0-2 disable a bunch
> > of asserts that might or might not be relevant)
>
> Have just upgraded it now. I'll do my best at triggering the error again and
> keep you posted with strace info.
>
> Regards,
> Jason
>
>
>
> @Bernhard:
>
> > one small additional note. The dmesg lines you provided would have been
> > followed by lines "Code:". With that line it would be possible to
> > find at least the current instruction and source code line when the
> > executables are from the debian archive and the package version is
> > known. So please do not strip these lines away.
>
> Sorry, I didn't strip them on purpose, I just grep'd for 'inkscape'. My bad.
> Anyway, I dug into the dmesg log and isolated the info you requested:
>
> e9 c3 fc ff ff e8 05 45 5a ff 48 89 c3 e9 99 0a 69 ff 48 89 c3 e9 87 0a 69 ff
> 90 0f 1f 40 00 53 48 8d 87 48 01 00 00 48 89 fb <48> 39 87 48 01 00 00 74 3c
> 80 bb 39 01 00 00 00 74 0b 31 c0 5b c3
>
> Regards,
> Jason
>
This line points to function below.
But proper backtraces might still be needed to be able to find the reason.
You probably could install systemd-coredump - then minimal backtrace
should be visible in 'journalctl -e' after a chrash.
Plus a core would be generated for later inspection.
And if Thunar crashes too, are there also a segfault line?
Kind regards,
Bernhard
(gdb) info b
Num Type Disp Enb Address What
2 breakpoint keep y 0x00007ffff78e55db in Avoid::Router::processTransaction() at /usr/include/c++/8/bits/stl_list.h:1063
(gdb) disassemble Avoid::Router::processTransaction
Dump of assembler code for function Avoid::Router::processTransaction():
0x00007ffff78e55d0 <+0>: push %rbx
0x00007ffff78e55d1 <+1>: lea 0x148(%rdi),%rax
0x00007ffff78e55d8 <+8>: mov %rdi,%rbx
--> 0x00007ffff78e55db <+11>: cmp %rax,0x148(%rdi)
0x00007ffff78e55e2 <+18>: je 0x7ffff78e5620 <Avoid::Router::processTransaction()+80>
0x00007ffff78e55e4 <+20>: cmpb $0x0,0x139(%rbx)
...
benutzer@debian:~$ cat -n /usr/include/c++/8/bits/stl_list.h | grep 1063 -B7 -A2
1056
1057 // [23.2.2.2] capacity
1058 /**
1059 * Returns true if the %list is empty. (Thus begin() would equal
1060 * end().)
1061 */
1062 bool
1063 empty() const _GLIBCXX_NOEXCEPT
1064 { return this->_M_impl._M_node._M_next == &this->_M_impl._M_node; }
1065
640 bool Router::processTransaction(void)
641 {
642 // If SimpleRouting, then don't update here.
643 if ((actionList.empty() && (m_hyperedge_rerouter.count() == 0) &&
644 (m_settings_changes == false)) || SimpleRouting)
645 {
https://gitlab.com/inkscape/inkscape/-/blob/INKSCAPE_1_0/src/3rdparty/adaptagrams/libavoid/router.cpp#L643
# Buster amd64 qemu VM 2020-08-24
apt update
apt dist-upgrade
# add backports and debug symbols from local approx cache:
deb http://192.168.178.25:9999/debian-10-buster-security.debian.org/ buster/updates main
deb-src http://192.168.178.25:9999/debian-10-buster-security.debian.org/ buster/updates main
deb http://192.168.178.25:9999/debian-10-buster-debug.deb.debian.org/ buster-debug main contrib non-free
deb http://192.168.178.25:9999/debian-10-buster-debug.deb.debian.org/ buster-proposed-updates-debug main contrib non-free
deb http://192.168.178.25:9999/debian-10-buster-debug.deb.debian.org/ buster-backports-debug main contrib non-free
apt update
apt install systemd-coredump mc libstdc++-8-dev gdb inkscape/buster-backports
# Installs 1.0-5~bpo10+1 from two days ago ...
wget https://snapshot.debian.org/archive/debian/20200527T144641Z/pool/main/i/inkscape/inkscape_1.0-1%7Ebpo10%2B1_amd64.deb
wget https://snapshot.debian.org/archive/debian-debug/20200527T144324Z/pool/main/i/inkscape/inkscape-dbgsym_1.0-1%7Ebpo10%2B1_amd64.deb
dpkg -i inkscape_1.0-1~bpo10+1_amd64.deb inkscape-dbgsym_1.0-1~bpo10+1_amd64.deb
# https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
echo -n "find /b ..., ..., 0x" && \
echo "e9 c3 fc ff ff e8 05 45 5a ff 48 89 c3 e9 99 0a 69 ff 48 89 c3 e9 87 0a 69 ff 90 0f 1f 40 00 53 48 8d 87 48 01 00 00 48 89 fb <48> 39 87 48 01 00 00 74 3c 80 bb 39 01 00 00 00 74 0b 31 c0 5b c3" \
| sed 's/[<>]//g' | sed 's/ /, 0x/g'
find /b ..., ..., 0xe9, 0xc3, 0xfc, 0xff, 0xff, 0xe8, 0x05, 0x45, 0x5a, 0xff, 0x48, 0x89, 0xc3, 0xe9, 0x99, 0x0a, 0x69, 0xff, 0x48, 0x89, 0xc3, 0xe9, 0x87, 0x0a, 0x69, 0xff, 0x90, 0x0f, 0x1f, 0x40, 0x00, 0x53, 0x48, 0x8d, 0x87, 0x48, 0x01, 0x00, 0x00, 0x48, 0x89, 0xfb, 0x48, 0x39, 0x87, 0x48, 0x01, 0x00, 0x00, 0x74, 0x3c, 0x80, 0xbb, 0x39, 0x01, 0x00, 0x00, 0x00, 0x74, 0x0b, 0x31, 0xc0, 0x5b, 0xc3
gdb -q
set width 0
set pagination off
file /usr/bin/inkscape
tb main
run
info share
(gdb) info share
From To Syms Read Shared Object Library
0x00007ffff7fd6090 0x00007ffff7ff3b20 Yes /lib64/ld-linux-x86-64.so.2
0x00007ffff6ebc570 0x00007ffff7a3278e Yes /usr/bin/../lib/x86_64-linux-gnu/inkscape/libinkscape_base.so
...
find /b 0x00007ffff6ebc570, 0x00007ffff7a3278e, 0xe9, 0xc3, 0xfc, 0xff, 0xff, 0xe8, 0x05, 0x45, 0x5a, 0xff, 0x48, 0x89, 0xc3, 0xe9, 0x99, 0x0a, 0x69, 0xff, 0x48, 0x89, 0xc3, 0xe9, 0x87, 0x0a, 0x69, 0xff, 0x90, 0x0f, 0x1f, 0x40, 0x00, 0x53, 0x48, 0x8d, 0x87, 0x48, 0x01, 0x00, 0x00, 0x48, 0x89, 0xfb, 0x48, 0x39, 0x87, 0x48, 0x01, 0x00, 0x00, 0x74, 0x3c, 0x80, 0xbb, 0x39, 0x01, 0x00, 0x00, 0x00, 0x74, 0x0b, 0x31, 0xc0, 0x5b, 0xc3
(gdb) find /b 0x00007ffff6ebc570, 0x00007ffff7a3278e, 0xe9, 0xc3, 0xfc, 0xff, 0xff, 0xe8, 0x05, 0x45, 0x5a, 0xff, 0x48, 0x89, 0xc3, 0xe9, 0x99, 0x0a, 0x69, 0xff, 0x48, 0x89, 0xc3, 0xe9, 0x87, 0x0a, 0x69, 0xff, 0x90, 0x0f, 0x1f, 0x40, 0x00, 0x53, 0x48, 0x8d, 0x87, 0x48, 0x01, 0x00, 0x00, 0x48, 0x89, 0xfb, 0x48, 0x39, 0x87, 0x48, 0x01, 0x00, 0x00, 0x74, 0x3c, 0x80, 0xbb, 0x39, 0x01, 0x00, 0x00, 0x00, 0x74, 0x0b, 0x31, 0xc0, 0x5b, 0xc3
0x7ffff78e55b1 <Avoid::Router::processActions()+1313>
1 pattern found.
b * (0x7ffff78e55b1 + 42)
(gdb) b * (0x7ffff78e55b1 + 42)
Breakpoint 2 at 0x7ffff78e55db: file /usr/include/c++/8/bits/stl_list.h, line 1063.
info b
(gdb) info b
Num Type Disp Enb Address What
2 breakpoint keep y 0x00007ffff78e55db in Avoid::Router::processTransaction() at /usr/include/c++/8/bits/stl_list.h:1063
disassemble Avoid::Router::processTransaction
(gdb) disassemble Avoid::Router::processTransaction
Dump of assembler code for function Avoid::Router::processTransaction():
0x00007ffff78e55d0 <+0>: push %rbx
0x00007ffff78e55d1 <+1>: lea 0x148(%rdi),%rax
0x00007ffff78e55d8 <+8>: mov %rdi,%rbx
--> 0x00007ffff78e55db <+11>: cmp %rax,0x148(%rdi)
0x00007ffff78e55e2 <+18>: je 0x7ffff78e5620 <Avoid::Router::processTransaction()+80>
0x00007ffff78e55e4 <+20>: cmpb $0x0,0x139(%rbx)
0x00007ffff78e55eb <+27>: je 0x7ffff78e55f8 <Avoid::Router::processTransaction()+40>
0x00007ffff78e55ed <+29>: xor %eax,%eax
0x00007ffff78e55ef <+31>: pop %rbx
0x00007ffff78e55f0 <+32>: retq
0x00007ffff78e55f1 <+33>: nopl 0x0(%rax)
0x00007ffff78e55f8 <+40>: movb $0x0,0x2b4(%rbx)
0x00007ffff78e55ff <+47>: mov %rbx,%rdi
0x00007ffff78e5602 <+50>: callq 0x7ffff6e89a30 <_ZN5Avoid6Router14processActionsEv@plt>
0x00007ffff78e5607 <+55>: movb $0x1,0x2b2(%rbx)
0x00007ffff78e560e <+62>: mov %rbx,%rdi
0x00007ffff78e5611 <+65>: callq 0x7ffff6eb32e0 <_ZN5Avoid6Router28rerouteAndCallbackConnectorsEv@plt>
0x00007ffff78e5616 <+70>: mov $0x1,%eax
0x00007ffff78e561b <+75>: pop %rbx
0x00007ffff78e561c <+76>: retq
0x00007ffff78e561d <+77>: nopl (%rax)
0x00007ffff78e5620 <+80>: lea 0x1d0(%rdi),%rdi
0x00007ffff78e5627 <+87>: callq 0x7ffff6e91fa0 <_ZNK5Avoid17HyperedgeRerouter5countEv@plt>
0x00007ffff78e562c <+92>: test %rax,%rax
0x00007ffff78e562f <+95>: jne 0x7ffff78e55e4 <Avoid::Router::processTransaction()+20>
0x00007ffff78e5631 <+97>: cmpb $0x0,0x2b4(%rbx)
0x00007ffff78e5638 <+104>: jne 0x7ffff78e55e4 <Avoid::Router::processTransaction()+20>
0x00007ffff78e563a <+106>: xor %eax,%eax
0x00007ffff78e563c <+108>: jmp 0x7ffff78e55ef <Avoid::Router::processTransaction()+31>
End of assembler dump.
(gdb) b *0x00007ffff78e55d8
Breakpoint 3 at 0x7ffff78e55d8: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55d1
Breakpoint 4 at 0x7ffff78e55d1: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55d0
Breakpoint 5 at 0x7ffff78e55d0: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55e2
Breakpoint 6 at 0x7ffff78e55e2: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55e4
Breakpoint 7 at 0x7ffff78e55e4: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55eb
Breakpoint 8 at 0x7ffff78e55eb: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55ed
Breakpoint 9 at 0x7ffff78e55ed: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55ef
Breakpoint 10 at 0x7ffff78e55ef: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55f0
Breakpoint 11 at 0x7ffff78e55f0: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55f1
Breakpoint 12 at 0x7ffff78e55f1: file /usr/include/c++/8/bits/stl_list.h, line 1063.
(gdb) b *0x00007ffff78e55f8
Breakpoint 13 at 0x7ffff78e55f8: file ./src/3rdparty/adaptagrams/libavoid/router.cpp, line 648.
benutzer@debian:~$ cat -n /usr/include/c++/8/bits/stl_list.h | grep 1063 -B7 -A2
1056
1057 // [23.2.2.2] capacity
1058 /**
1059 * Returns true if the %list is empty. (Thus begin() would equal
1060 * end().)
1061 */
1062 bool
1063 empty() const _GLIBCXX_NOEXCEPT
1064 { return this->_M_impl._M_node._M_next == &this->_M_impl._M_node; }
1065
https://gitlab.com/inkscape/inkscape/-/blob/INKSCAPE_1_0/src/3rdparty/adaptagrams/libavoid/router.cpp#L643
bool Router::processTransaction(void)
{
// If SimpleRouting, then don't update here.
if ((actionList.empty() && (m_hyperedge_rerouter.count() == 0) &&
(m_settings_changes == false)) || SimpleRouting)
{
Reply to: