Bug #546246 “telepathy-idle assert failure: *** glibc detected *...” : Bugs : telepathy-idle package : Ubuntu

Revision history for this message

John Pugh (jpugh) wrote on 2010-03-24:

#1

Dependencies.txt Edit (666 bytes, text/plain; charset="utf-8")
Disassembly.txt Edit (433 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (6.5 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (785 bytes, text/plain; charset="utf-8")
Registers.txt Edit (443 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (2.4 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (2.5 KiB, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2010-03-31:

#2

StacktraceTop:
__kernel_vsyscall ()
*__GI_raise (sig=6)
*__GI_abort () at abort.c:92
__libc_message (do_abort=2,
malloc_printerr (action=<value optimized out>,

Revision history for this message

Apport retracing service (apport) wrote on 2010-03-31: Stacktrace.txt

#3

Stacktrace.txt Edit (6.2 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2010-03-31: ThreadStacktrace.txt

#4

ThreadStacktrace.txt Edit (6.2 KiB, text/plain)

Changed in telepathy-idle (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-i386-retrace

Revision history for this message

Milan Bouchet-Valat (nalimilan) wrote on 2010-04-15:

#5

Thanks for the report. I've made the bug public, but I have to let you know there's a part of conversation with vorlon in the stacktrace (just once sentence, nothing really personal!).

I can confirm this bug occurs quite often in version 0.1.6-1, causing a reconnection to IRC.

visibility:	private → public
Changed in telepathy-idle (Ubuntu):
importance:	Medium → High
status:	New → Triaged

Revision history for this message

Omer Akram (om26er) wrote on 2010-08-31:

#6

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please try to obtain a backtrace following the instructions at http://wiki.ubuntu.com/DebuggingProgramCrash and upload the backtrace (as an attachment) to the bug report. This will greatly help us in tracking down your problem.

Changed in telepathy-idle (Ubuntu):
importance:	High → Medium
status:	Triaged → Incomplete

Revision history for this message

Omer Akram (om26er) wrote on 2010-08-31:

#7

actually you could use this method for already running programs to get the logs.

https://wiki.ubuntu.com/Backtrace#Already running programs

Revision history for this message

Milan Bouchet-Valat (nalimilan) wrote on 2010-08-31:

#8

Omer: the Apport trace is already present and very rich. Somebody should just report this upstream.

Changed in telepathy-idle (Ubuntu):
status:	Incomplete → Triaged

Revision history for this message

Omer Akram (om26er) wrote on 2010-08-31:

#9

these logs dont have anything useful. if its still an issue please get a backtrace and send the bug upstream

Revision history for this message

John Pugh (jpugh) wrote on 2010-08-31:

#10

I get so many crashes in empathy it is largely unusable. If others would like to backtrace it, please do. I've moved on.

Revision history for this message

Milan Bouchet-Valat (nalimilan) wrote on 2010-08-31:

#11

#7 0x00b03086 in g_realloc_n () from /lib/libglib-2.0.so.0
No symbol table info available.
#8 0x00224e45 in tp_debug_sender_constructor (type=151893216,
    n_construct_params=3215588520, construct_params=0x3736b6)
    at debug-sender.c:207
retval = <value optimized out>
#9 0x00224f76 in tp_debug_sender_set_property (object=0x90bc030,
    property_id=3215588408, value=0x90c7ca8, pspec=0x80) at debug-sender.c:175

Looks like this could enough for the developers: it seems that the crash comes from a call to g_realloc_n() at debug-sender.c:207. What other information do you expect? Of course, the crash could come from memory corruption elsewhere, and which is only unveiled while constructing this GObject, but, well, another trace won't help AFAICS.

Revision history for this message

In freedesktop.org Bugzilla #29952, Milan Bouchet-Valat (nalimilan) wrote on 2010-09-01:

#12

Download full text (6.5 KiB)

This crash is occurring regularly while using IRC with Empathy on Ubuntu 10.04. telepathy-idle is version 0.1.6-1, telepathy 0.10.1-1ubuntu2. Several users are experiencing it, see https://bugs.launchpad.net/ubuntu/+source/telepathy-idle/+bug/546246

I hope the trace is good enough, and the crash isn't already fixed!

#0 0x007e1422 in __kernel_vsyscall ()
No symbol table info available.
#1 0x00314641 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = <value optimized out>
pid = 4456436
selftid = 3103
#2 0x00317a72 in *__GI_abort () at abort.c:92
act = {__sigaction_handler = {
    sa_handler = 0xa124e4 <_rtld_local+1220>,
    sa_sigaction = 0xa124e4 <_rtld_local+1220>}, sa_mask = {__val = {917504,
      134583744, 134520168, 3215586392, 7175, 3215586360, 134515384,
      134515324, 3, 10561784, 3865137, 3, 134583744, 3215586288, 4456436, 25,
      3215587748, 3215586408, 3984180, 2, 3215586288, 4, 0, 3215586384,
      3215586396, 2, 4312327, 4312323, 4307873, 4307899, 230, 3215586288}},
  sa_flags = -1079380936, sa_restorer = 0x41e0a3}
sigs = {__val = {32, 0 <repeats 31 times>}}
#3 0x0034b48d in __libc_message (do_abort=2,
    fmt=0x41fef8 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
ap = <value optimized out>
fd = -1079380576
on_2 = <value optimized out>
list = <value optimized out>
nlist = <value optimized out>
cp = <value optimized out>
written = false
#4 0x00355581 in malloc_printerr (action=<value optimized out>,
    str=0x6 <Address 0x6 out of bounds>, ptr=0x90db480) at malloc.c:6264
buf = "090db480"
cp = <value optimized out>
#5 0x00356dd8 in _int_free (av=<value optimized out>,
    p=<value optimized out>) at malloc.c:4792
size = 0
nextchunk = (mchunkptr) 0xc1f
nextsize = 12093416
prevsize = <value optimized out>
bck = <value optimized out>
fwd = <value optimized out>
errstr = 0x6 <Address 0x6 out of bounds>
__func__ = "_int_free"
#6 0x00359ebd in *__GI___libc_free (mem=0x90db480) at malloc.c:3738
ar_ptr = (mstate) 0x4413c0
p = (mchunkptr) 0x6
#7 0x00b03086 in g_realloc_n () from /lib/libglib-2.0.so.0
No symbol table info available.
#8 0x00224e45 in tp_debug_sender_constructor (type=151893216,
    n_construct_params=3215588520, construct_params=0x3736b6)
    at debug-sender.c:207
retval = <value optimized out>
#9 0x00224f76 in tp_debug_sender_set_property (object=0x90bc030,
    property_id=3215588408, value=0x90c7ca8, pspec=0x80) at debug-sender.c:175
No locals.
#10 0x0804decd in idle_debug (flag=IDLE_DEBUG_PARSER,
    format=0x8063123 "%s: set handle %u") at idle-debug.c:97
message = (gchar *) 0x9109920 "_parse_atom: set handle 63"
#11 0x0805502e in _parse_atom (parser=<value optimized out>,
    arr=<value optimized out>, atom=99 'c', token=<value optimized out>,
    contact_reffed=0x911dc28, room_reffed=0x90f06c8) at idle-parser.c:493
id = <value optimized out>
modechar = 0 '\0'
priv = (IdleParserPrivate *) 0x90cc028
handle = 6
val = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0,
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0,
      v_pointer = 0x0}, {v_int = ...

This crash is occurring regularly while using IRC with Empathy on Ubuntu 10.04. telepathy-idle is version 0.1.6-1, telepathy 0.10.1-1ubuntu2. Several users are experiencing it, see https://bugs.launchpad.net/ubuntu/+source/telepathy-idle/+bug/546246

I hope the trace is good enough, and the crash isn't already fixed!

#0  0x007e1422 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00314641 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
	resultvar = <value optimized out>
	pid = 4456436
	selftid = 3103
#2  0x00317a72 in *__GI_abort () at abort.c:92
	act = {__sigaction_handler = {
    sa_handler = 0xa124e4 <_rtld_local+1220>, 
    sa_sigaction = 0xa124e4 <_rtld_local+1220>}, sa_mask = {__val = {917504, 
      134583744, 134520168, 3215586392, 7175, 3215586360, 134515384, 
      134515324, 3, 10561784, 3865137, 3, 134583744, 3215586288, 4456436, 25, 
      3215587748, 3215586408, 3984180, 2, 3215586288, 4, 0, 3215586384, 
      3215586396, 2, 4312327, 4312323, 4307873, 4307899, 230, 3215586288}}, 
  sa_flags = -1079380936, sa_restorer = 0x41e0a3}
	sigs = {__val = {32, 0 <repeats 31 times>}}
#3  0x0034b48d in __libc_message (do_abort=2, 
    fmt=0x41fef8 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
	ap = <value optimized out>
	fd = -1079380576
	on_2 = <value optimized out>
	list = <value optimized out>
	nlist = <value optimized out>
	cp = <value optimized out>
	written = false
#4  0x00355581 in malloc_printerr (action=<value optimized out>, 
    str=0x6 <Address 0x6 out of bounds>, ptr=0x90db480) at malloc.c:6264
	buf = "090db480"
	cp = <value optimized out>
#5  0x00356dd8 in _int_free (av=<value optimized out>, 
    p=<value optimized out>) at malloc.c:4792
	size = 0
	nextchunk = (mchunkptr) 0xc1f
	nextsize = 12093416
	prevsize = <value optimized out>
	bck = <value optimized out>
	fwd = <value optimized out>
	errstr = 0x6 <Address 0x6 out of bounds>
	__func__ = "_int_free"
#6  0x00359ebd in *__GI___libc_free (mem=0x90db480) at malloc.c:3738
	ar_ptr = (mstate) 0x4413c0
	p = (mchunkptr) 0x6
#7  0x00b03086 in g_realloc_n () from /lib/libglib-2.0.so.0
No symbol table info available.
#8  0x00224e45 in tp_debug_sender_constructor (type=151893216, 
    n_construct_params=3215588520, construct_params=0x3736b6)
    at debug-sender.c:207
	retval = <value optimized out>
#9  0x00224f76 in tp_debug_sender_set_property (object=0x90bc030, 
    property_id=3215588408, value=0x90c7ca8, pspec=0x80) at debug-sender.c:175
No locals.
#10 0x0804decd in idle_debug (flag=IDLE_DEBUG_PARSER, 
    format=0x8063123 "%s: set handle %u") at idle-debug.c:97
	message = (gchar *) 0x9109920 "_parse_atom: set handle 63"
#11 0x0805502e in _parse_atom (parser=<value optimized out>, 
    arr=<value optimized out>, atom=99 'c', token=<value optimized out>, 
    contact_reffed=0x911dc28, room_reffed=0x90f06c8) at idle-parser.c:493
	id = <value optimized out>
	modechar = 0 '\0'
	priv = (IdleParserPrivate *) 0x90cc028
	handle = 6
	val = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, 
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, 
      v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, 
      v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
	contact_repo = (TpHandleRepoIface *) 0x90bcd80
	room_repo = (TpHandleRepoIface *) 0x90bce30
	__PRETTY_FUNCTION__ = "_parse_atom"
#12 0x080551eb in _parse_and_forward_one (parser=<value optimized out>, 
    tokens=<value optimized out>, code=IDLE_PARSER_PREFIXCMD_PRIVMSG_USER, 
    format=0x8063252 "cIc:") at idle-parser.c:385
	val = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, 
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, 
      v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, 
      v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
	priv = (IdleParserPrivate *) 0x90cc028
	args = (GValueArray *) 0x90efc70
	link = <value optimized out>
	result = <value optimized out>
	iter = (gchar **) 0x912b3a8
	contact_reffed = (TpHandleSet *) 0x911dc28
	room_reffed = (TpHandleSet *) 0x90f06c8
	__PRETTY_FUNCTION__ = "_parse_and_forward_one"
#13 0x08055843 in idle_parser_receive (parser=0x90cc018, 
    msg=0x90dfce8 ":slangasek!vorlon@canonical-cloaked-3BF2D1B4.dodds.net PRIVMSG #distro :smoser: due to http://package-import.ubuntu.com/failures/libvirt, I guess\r\n") at idle-parser.c:333
	i = <value optimized out>
	lasti = <value optimized out>
	tmp = <value optimized out>
	line_ends = <value optimized out>
	len = 147
	concat_buf = '\0' <repeats 1025 times>
	__PRETTY_FUNCTION__ = "idle_parser_receive"
#14 0x0805067d in sconn_received_cb (sconn=0x90cf010, 
    raw_msg=0x9103750 ":slangasek!vorlon@canonical-cloaked-3BF2D1B4.dodds.net PRIVMSG #distro :smoser: due to http://package-import.ubuntu.com/failures/libvirt, I guess\r\n", conn=0x90ca810) at idle-connection.c:635
	converted = <value optimized out>
#15 0x00129c4c in g_signal_handler_block () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#16 0x0011b252 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#17 0x0013297d in g_signal_connect_data () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#18 0x00133fe4 in g_type_class_get_private ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#19 0x001342d5 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#20 0x08059052 in ssl_io_func (src=0x90c4880, cond=G_IO_IN, data=0x90cf010)
    at idle-ssl-server-connection.c:341
	conn = (IdleSSLServerConnection *) 0x90cf010
	priv = (IdleSSLServerConnectionPrivate *) 0x16
	buf = ":slangasek!vorlon@canonical-cloaked-3BF2D1B4.dodds.net PRIVMSG #distro :smoser: due to http://package-import.ubuntu.com/failures/libvirt, I guess\r\n", '\0' <repeats 365 times>
	err = 5198848
	__PRETTY_FUNCTION__ = "ssl_io_func"
#21 0x00b3f17b in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#22 0x00afa645 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
No symbol table info available.
#23 0x00afe338 in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#24 0x00afe877 in g_main_loop_run () from /lib/libglib-2.0.so.0
No symbol table info available.
#25 0x0024599f in tp_text_mixin_get_message_types (obj=0x8061edb, 
    ret=0x8061ed5, error=0x804d940) at text-mixin.c:565
	mixin = <value optimized out>
	i = <value optimized out>
#26 0x0804d92a in main (argc=1, argv=0xbfaa0b04) at idle.c:47
	debug_sender = (TpDebugSender *) 0x90bc030
	result = <value optimized out>

Bug Watch Updater (bug-watch-updater) on 2010-09-13

Changed in telepathy-idle:
importance:	Unknown → High
status:	Unknown → Confirmed

Revision history for this message

In freedesktop.org Bugzilla #29952, Will Thompson (wjt) wrote on 2010-10-01:

#13

This backtrace doesn't make much sense: for instance, the frame above main() is tp_text_mixin_get_message_types(), which cannot be the case. And skimming the code, I can't see why a debug sender would be constructed in response to an incoming message — I don't see mismatched ref/unrefs or anything.

I don't suppose you could reproduce the issue, and get an idle debug log (see <http://telepathy.freedesktop.org/wiki/Debugging>)?

Revision history for this message

In freedesktop.org Bugzilla #29952, Milan Bouchet-Valat (nalimilan) wrote on 2010-10-01:

#14

Download full text (3.7 KiB)

I ran telepathy-idle in Valgrind with IDLE_PERSIST=1 IDLE_DEBUG=all. But I forgot to run valgrind with GSLICE=malloc, my bad! So the memory check is not interesting at all... I'll do it again, but for now here's the end of the log, if that can help:

** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: message code 10
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "andreasma!~<email address hidden>" as c
** (telepathy-idle:5611): DEBUG: idle_nickname_is_valid: Validating nickname 'andreasma' with strict mode 0
** (telepathy-idle:5611): DEBUG: _parse_atom: set handle 252
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "PRIVMSG" as I
** (telepathy-idle:5611): DEBUG: _parse_atom: ignored token
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "#libreoffice" as r
** (telepathy-idle:5611): DEBUG: _parse_atom: set handle 3
** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: set string "I get an issue with tabs inside the source code. I have only translated the comments. How can I fix the problem with the tabs?"
** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: succesfully parsed
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_receive_with_flags: queued message 147
** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: message code 11
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "andreasma!~<email address hidden>" as c
** (telepathy-idle:5611): DEBUG: idle_nickname_is_valid: Validating nickname 'andreasma' with strict mode 0
** (telepathy-idle:5611): DEBUG: _parse_atom: set handle 252
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "PRIVMSG" as I
** (telepathy-idle:5611): DEBUG: _parse_atom: ignored token
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "#libreoffice" as c
** (telepathy-idle:5611): DEBUG: idle_nickname_is_valid: Validating nickname '#libreoffice' with strict mode 0
** (telepathy-idle:5611): DEBUG: idle_nickname_is_valid: invalid character 35
** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: failed to parse ":andreasma!~<email address hidden> PRIVMSG #libreoffice :I get an issue with tabs inside the source code. I have only translated the comments. How can I fix the problem with the tabs?"
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 0
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 1
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 2
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 3
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 4
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 5
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 6
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 7
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_m...

Affects		Status	Importance	Assigned to	Milestone
	telepathy-idle	Fix Released	High	freedesktop-bugs #29952
	telepathy-idle (Ubuntu)	Triaged	Medium	Unassigned

Ubuntu
telepathy-idle package

telepathy-idle assert failure: * glibc detected * /usr/lib/telepathy/telepathy-idle: free(): invalid pointer: 0x090db480 ***

Bug Description

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Changed in telepathy-idle:
status:	Confirmed → Fix Released

Ubuntutelepathy-idle package

telepathy-idle assert failure: *** glibc detected *** /usr/lib/telepathy/telepathy-idle: free(): invalid pointer: 0x090db480 ***

Bug Description

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
telepathy-idle package

telepathy-idle assert failure: * glibc detected * /usr/lib/telepathy/telepathy-idle: free(): invalid pointer: 0x090db480 ***