Bug 19327

Summary: gabble crashes when trying to make a call
Product: Telepathy Reporter: Olivier Crête <olivier.crete>
Component: gabbleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: critical    
Priority: medium CC: freedesktop-bugs
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Olivier Crête 2008-12-29 13:45:53 UTC 
Can reproduce with 0.7.17 or with HEAD as of today (dec 29 2008) aka commit db01f9c9c3f16adb4c9ab85e051cbc424862d2d0

I believe this is the relevant part of the log:

(telepathy-gabble:12381): tp-glib-DEBUG: channel_request_new: New channel request at 0x82a9438: ctype=org.freedesktop.Telepathy.Channel.Type.StreamedMedia htype=0 handle=0 suppress=1
tp_properties_mixin_emit_changed: emitting properties changed for property:
  nat-traversal
tp_properties_mixin_emit_flags: emitting properties flags changed for property:
  nat-traversal's flags now: [READ]
tp_group_mixin_change_members: emitting members changed
  message       : ""
  added         : [1 (tester.colltest3@gmail.com)]
  removed       : []
  local_pending : []
  remote_pending: []
  actor         : 0
  reason        : 0: unspecified reason
tp_group_mixin_change_flags: emitting group flags changed
  added    : [CAN_ADD]
  removed  : []
  flags now: [CAN_ADD]
tp_properties_mixin_emit_changed: emitting properties changed for property:
  stun-server
tp_properties_mixin_emit_flags: emitting properties flags changed for property:
  stun-server's flags now: [READ]
tp_properties_mixin_emit_changed: emitting properties changed for property:
  stun-port
tp_properties_mixin_emit_flags: emitting properties flags changed for property:
  stun-port's flags now: [READ]
tp_properties_mixin_emit_changed: emitting properties changed for property:
  gtalk-p2p-relay-token
tp_properties_mixin_emit_flags: emitting properties flags changed for property:
  gtalk-p2p-relay-token's flags now: [READ]
** (telepathy-gabble:12381): DEBUG: new_media_channel: object path /org/freedesktop/Telepathy/Connection/gabble/jabber/tester_2ecolltest3_40gmail_2ecom_2fTelepathy/MediaChannel0
(telepathy-gabble:12381): tp-glib-DEBUG: satisfy_request: completing queued request 0x82a9438 with success, channel_type=org.freedesktop.Telepathy.Channel.Type.StreamedMedia, handle_type=0, handle=0, suppress_handler=1
(telepathy-gabble:12381): tp-glib-DEBUG: channel_request_free: Freeing channel request at 0x82a9438: ctype=org.freedesktop.Telepathy.Channel.Type.StreamedMedia htype=0 handle=0 suppress=1
** (telepathy-gabble:12381): DEBUG: _caps_disco_cb: setting caps for 2 (thanks to 2 tester.colltest5@gmail.com/Telepathy5FBA976F) to 2085 (save_caps 26)
** (telepathy-gabble:12381): DEBUG: gabble_presence_set_capabilities: about to add caps 2085 to resource Telepathy5FBA976F with serial 1
** (telepathy-gabble:12381): DEBUG: gabble_presence_set_capabilities: found resource Telepathy5FBA976F
** (telepathy-gabble:12381): DEBUG: gabble_presence_set_capabilities: adding caps 2085 to resource Telepathy5FBA976F
** (telepathy-gabble:12381): DEBUG: gabble_presence_set_capabilities: resource Telepathy5FBA976F caps now 2111
** (telepathy-gabble:12381): DEBUG: gabble_presence_set_capabilities: total caps now 2111
** (telepathy-gabble:12381): DEBUG: _caps_disco_cb: caps for 2 (thanks to 2 tester.colltest5@gmail.com/Telepathy5FBA976F) now 2111
** (telepathy-gabble:12381): DEBUG: disco_waiter_free: freeing waiter 0x8422ba0 for handle 2 with serial 1
tp_group_mixin_change_members: emitting members changed
  message       : ""
  added         : []
  removed       : []
  local_pending : []
  remote_pending: [2 (tester.colltest5@gmail.com)]
  actor         : 0
  reason        : 0: unspecified reason
tp_group_mixin_change_flags: emitting group flags changed
  added    : [CAN_REMOVE|CAN_RESCIND]
  removed  : [CAN_ADD]
  flags now: [CAN_REMOVE|CAN_RESCIND]
** (telepathy-gabble:12381): DEBUG: create_session: 0x8428ed8: Creating new outgoing session
** (telepathy-gabble:12381): DEBUG: create_session: new session 1591039327 @ 0x82aaca0 created
** (telepathy-gabble:12381): DEBUG: _latch_to_session: 0x8428ed8: Latching onto session 0x82aaca0
** (telepathy-gabble:12381): DEBUG: _gabble_media_channel_request_streams: called
** (telepathy-gabble:12381): DEBUG: _gabble_media_channel_request_streams: picking the best resource (want audio: 1, want video: 1
** (telepathy-gabble:12381): DEBUG: _gabble_media_channel_request_streams: Picking resource 'Telepathy5FBA976F' (transport: http://www.google.com/transport/p2p, dialect: 3)
** (telepathy-gabble:12381): DEBUG: _gabble_media_channel_request_streams: Creating new jingle content with ns http://jabber.org/protocol/jingle/description/audio : http://www.google.com/transport/p2p
** (telepathy-gabble:12381): DEBUG: create_content: session creating new content type, conn == 0x82b01e8, jf == 0x82b4240

GLib-GObject-CRITICAL **: g_value_get_object: assertion `G_VALUE_HOLDS_OBJECT (value)' failed
aborting...

Program received signal SIGTRAP, Trace/breakpoint trap.
IA__g_logv (log_domain=<value optimized out>, log_level=G_LOG_LEVEL_CRITICAL, format=0xb7c267ea "%s: assertion `%s' failed", 
    args1=0xbfb65aec "�|ɷ\034qɷ") at gmessages.c:502
502		  depth--;
(gdb) 
(gdb) 
(gdb) 
(gdb) bt
#0  IA__g_logv (log_domain=<value optimized out>, log_level=G_LOG_LEVEL_CRITICAL, format=0xb7c267ea "%s: assertion `%s' failed", 
    args1=0xbfb65aec "�|ɷ\034qɷ") at gmessages.c:502
#1  0xb7bd7d04 in IA__g_log (log_domain=0xb7c9645c "GLib-GObject", log_level=G_LOG_LEVEL_CRITICAL, format=0xb7c267ea "%s: assertion `%s' failed")
    at gmessages.c:517
#2  0xb7bd7f30 in IA__g_return_if_fail_warning (log_domain=0xb7c9645c "GLib-GObject", pretty_function=0xb7c97c9e "IA__g_value_get_object", 
    expression=0xb7c9711c "G_VALUE_HOLDS_OBJECT (value)") at gmessages.c:532
#3  0xb7c70f58 in IA__g_value_get_object (value=0xbfb65dc0) at gobject.c:2050
#4  0xb7c7c512 in IA__g_cclosure_marshal_VOID__OBJECT (closure=0x833e478, return_value=0x0, n_param_values=2, param_values=0xbfb65dac, 
    invocation_hint=0xbfb65c8c, marshal_data=0x80a8690) at gmarshal.c:636
#5  0xb7c6f654 in IA__g_closure_invoke (closure=0x833e478, return_value=0x0, n_param_values=2, param_values=0xbfb65dac, invocation_hint=0xbfb65c8c)
    at gclosure.c:490
#6  0xb7c80820 in signal_emit_unlocked_R (node=0x8422348, detail=0, instance=0x82aaca0, emission_return=0x0, instance_and_params=0xbfb65dac)
    at gsignal.c:2440
#7  0xb7c81bda in IA__g_signal_emit_valist (instance=0x82aaca0, signal_id=56, detail=0, var_args=0xbfb65ff0 "") at gsignal.c:2199
#8  0xb7c81e82 in IA__g_signal_emit (instance=0x82aaca0, signal_id=56, detail=0) at gsignal.c:2243
#9  0x080609b0 in create_content (sess=0x82aaca0, content_type=137051904, type=<value optimized out>, 
    content_ns=0x80ba3d0 "http://jabber.org/protocol/jingle/description/audio", transport_ns=0x80bb530 "http://www.google.com/transport/p2p", 
    name=0x833fd98 "stream1", content_node=0x0, error=0x0) at jingle-session.c:590
#10 0x08060ac6 in gabble_jingle_session_add_content (sess=0x82aaca0, mtype=JINGLE_MEDIA_TYPE_AUDIO, 
    content_ns=0x80ba3d0 "http://jabber.org/protocol/jingle/description/audio", transport_ns=0x80bb530 "http://www.google.com/transport/p2p")
    at jingle-session.c:1605
#11 0x080a94b6 in gabble_media_channel_request_streams (iface=0x8428ed8, contact_handle=2, types=0x82a9408, context=0x8333f30)
    at media-channel.c:1453
#12 0xb7d8c4a1 in tp_svc_channel_type_streamed_media_request_streams (self=0x8428ed8, in_Contact_Handle=2, in_Types=0x82a9408, context=0x8333f30)
    at _gen/tp-svc-channel.c:2814
#13 0xb7d878d6 in _tp_marshal_VOID__UINT_BOXED_POINTER (closure=0xbfb66400, return_value=0x0, n_param_values=4, param_values=0x8333e20, 
    invocation_hint=0x0, marshal_data=0xb7d8c450) at _gen/signals-marshal.c:1193
#14 0xb7cf8646 in ?? () from /usr/lib/libdbus-glib-1.so.2
#15 0xbfb66400 in ?? ()
#16 0x00000000 in ?? ()
(gdb)
Comment 1 Senko Rasic 2009-01-20 03:50:30 UTC 
This is a bug in gabble jingle session handling code.

The bug is triggered by Tp client removing one of the streams while
the call was being established. On stream removal by the client,
Gabble marked the streams as removed and signalled the peer, but
in the meantime it got session-accept by the peer which included
the zombie stream. Instead of ignoring it, gabble resurrected the
stream and crashed shortly after.

Fix merged to git, will be in the next gabble release.
Comment 2 Senko Rasic 2009-01-20 03:56:01 UTC 
(In reply to comment #1)
> the call was being established. On stream removal by the client,
> Gabble marked the streams as removed and signalled the peer, but

Ooops, my error, this is a different crash in jingle code. This
crash was caused by having wrong signature for "new-content" signal.
Fix for this is also already merged in git master and will be included
in the next release.
Comment 3 Simon McVittie 2009-02-08 05:17:25 UTC 
Fixed in 0.7.19.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.