Bug 29952

Summary: telepathy-idle crash in g_realloc_n() called from tp_debug_sender_constructor()
Product: Telepathy Reporter: Milan Bouchet-Valat <nalimilan>
Component: idleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: major    
Priority: medium    
Version: 0.10   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Milan Bouchet-Valat 2010-09-01 15:08:45 UTC 
This crash is occurring regularly while using IRC with Empathy on Ubuntu 10.04. telepathy-idle is version 0.1.6-1, telepathy 0.10.1-1ubuntu2. Several users are experiencing it, see https://bugs.launchpad.net/ubuntu/+source/telepathy-idle/+bug/546246

I hope the trace is good enough, and the crash isn't already fixed!

#0  0x007e1422 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00314641 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
	resultvar = <value optimized out>
	pid = 4456436
	selftid = 3103
#2  0x00317a72 in *__GI_abort () at abort.c:92
	act = {__sigaction_handler = {
    sa_handler = 0xa124e4 <_rtld_local+1220>, 
    sa_sigaction = 0xa124e4 <_rtld_local+1220>}, sa_mask = {__val = {917504, 
      134583744, 134520168, 3215586392, 7175, 3215586360, 134515384, 
      134515324, 3, 10561784, 3865137, 3, 134583744, 3215586288, 4456436, 25, 
      3215587748, 3215586408, 3984180, 2, 3215586288, 4, 0, 3215586384, 
      3215586396, 2, 4312327, 4312323, 4307873, 4307899, 230, 3215586288}}, 
  sa_flags = -1079380936, sa_restorer = 0x41e0a3}
	sigs = {__val = {32, 0 <repeats 31 times>}}
#3  0x0034b48d in __libc_message (do_abort=2, 
    fmt=0x41fef8 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
	ap = <value optimized out>
	fd = -1079380576
	on_2 = <value optimized out>
	list = <value optimized out>
	nlist = <value optimized out>
	cp = <value optimized out>
	written = false
#4  0x00355581 in malloc_printerr (action=<value optimized out>, 
    str=0x6 <Address 0x6 out of bounds>, ptr=0x90db480) at malloc.c:6264
	buf = "090db480"
	cp = <value optimized out>
#5  0x00356dd8 in _int_free (av=<value optimized out>, 
    p=<value optimized out>) at malloc.c:4792
	size = 0
	nextchunk = (mchunkptr) 0xc1f
	nextsize = 12093416
	prevsize = <value optimized out>
	bck = <value optimized out>
	fwd = <value optimized out>
	errstr = 0x6 <Address 0x6 out of bounds>
	__func__ = "_int_free"
#6  0x00359ebd in *__GI___libc_free (mem=0x90db480) at malloc.c:3738
	ar_ptr = (mstate) 0x4413c0
	p = (mchunkptr) 0x6
#7  0x00b03086 in g_realloc_n () from /lib/libglib-2.0.so.0
No symbol table info available.
#8  0x00224e45 in tp_debug_sender_constructor (type=151893216, 
    n_construct_params=3215588520, construct_params=0x3736b6)
    at debug-sender.c:207
	retval = <value optimized out>
#9  0x00224f76 in tp_debug_sender_set_property (object=0x90bc030, 
    property_id=3215588408, value=0x90c7ca8, pspec=0x80) at debug-sender.c:175
No locals.
#10 0x0804decd in idle_debug (flag=IDLE_DEBUG_PARSER, 
    format=0x8063123 "%s: set handle %u") at idle-debug.c:97
	message = (gchar *) 0x9109920 "_parse_atom: set handle 63"
#11 0x0805502e in _parse_atom (parser=<value optimized out>, 
    arr=<value optimized out>, atom=99 'c', token=<value optimized out>, 
    contact_reffed=0x911dc28, room_reffed=0x90f06c8) at idle-parser.c:493
	id = <value optimized out>
	modechar = 0 '\0'
	priv = (IdleParserPrivate *) 0x90cc028
	handle = 6
	val = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, 
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, 
      v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, 
      v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
	contact_repo = (TpHandleRepoIface *) 0x90bcd80
	room_repo = (TpHandleRepoIface *) 0x90bce30
	__PRETTY_FUNCTION__ = "_parse_atom"
#12 0x080551eb in _parse_and_forward_one (parser=<value optimized out>, 
    tokens=<value optimized out>, code=IDLE_PARSER_PREFIXCMD_PRIVMSG_USER, 
    format=0x8063252 "cIc:") at idle-parser.c:385
	val = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, 
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, 
      v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, 
      v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
	priv = (IdleParserPrivate *) 0x90cc028
	args = (GValueArray *) 0x90efc70
	link = <value optimized out>
	result = <value optimized out>
	iter = (gchar **) 0x912b3a8
	contact_reffed = (TpHandleSet *) 0x911dc28
	room_reffed = (TpHandleSet *) 0x90f06c8
	__PRETTY_FUNCTION__ = "_parse_and_forward_one"
#13 0x08055843 in idle_parser_receive (parser=0x90cc018, 
    msg=0x90dfce8 ":slangasek!vorlon@canonical-cloaked-3BF2D1B4.dodds.net PRIVMSG #distro :smoser: due to http://package-import.ubuntu.com/failures/libvirt, I guess\r\n") at idle-parser.c:333
	i = <value optimized out>
	lasti = <value optimized out>
	tmp = <value optimized out>
	line_ends = <value optimized out>
	len = 147
	concat_buf = '\0' <repeats 1025 times>
	__PRETTY_FUNCTION__ = "idle_parser_receive"
#14 0x0805067d in sconn_received_cb (sconn=0x90cf010, 
    raw_msg=0x9103750 ":slangasek!vorlon@canonical-cloaked-3BF2D1B4.dodds.net PRIVMSG #distro :smoser: due to http://package-import.ubuntu.com/failures/libvirt, I guess\r\n", conn=0x90ca810) at idle-connection.c:635
	converted = <value optimized out>
#15 0x00129c4c in g_signal_handler_block () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#16 0x0011b252 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#17 0x0013297d in g_signal_connect_data () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#18 0x00133fe4 in g_type_class_get_private ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#19 0x001342d5 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#20 0x08059052 in ssl_io_func (src=0x90c4880, cond=G_IO_IN, data=0x90cf010)
    at idle-ssl-server-connection.c:341
	conn = (IdleSSLServerConnection *) 0x90cf010
	priv = (IdleSSLServerConnectionPrivate *) 0x16
	buf = ":slangasek!vorlon@canonical-cloaked-3BF2D1B4.dodds.net PRIVMSG #distro :smoser: due to http://package-import.ubuntu.com/failures/libvirt, I guess\r\n", '\0' <repeats 365 times>
	err = 5198848
	__PRETTY_FUNCTION__ = "ssl_io_func"
#21 0x00b3f17b in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#22 0x00afa645 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
No symbol table info available.
#23 0x00afe338 in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#24 0x00afe877 in g_main_loop_run () from /lib/libglib-2.0.so.0
No symbol table info available.
#25 0x0024599f in tp_text_mixin_get_message_types (obj=0x8061edb, 
    ret=0x8061ed5, error=0x804d940) at text-mixin.c:565
	mixin = <value optimized out>
	i = <value optimized out>
#26 0x0804d92a in main (argc=1, argv=0xbfaa0b04) at idle.c:47
	debug_sender = (TpDebugSender *) 0x90bc030
	result = <value optimized out>
Comment 1 Will Thompson 2010-10-01 05:48:06 UTC 
This backtrace doesn't make much sense: for instance, the frame above main() is tp_text_mixin_get_message_types(), which cannot be the case. And skimming the code, I can't see why a debug sender would be constructed in response to an incoming message — I don't see mismatched ref/unrefs or anything.

I don't suppose you could reproduce the issue, and get an idle debug log (see <http://telepathy.freedesktop.org/wiki/Debugging>)?
Comment 2 Milan Bouchet-Valat 2010-10-01 13:42:56 UTC 
I ran telepathy-idle in Valgrind with IDLE_PERSIST=1 IDLE_DEBUG=all. But I forgot to run valgrind with GSLICE=malloc, my bad! So the memory check is not interesting at all... I'll do it again, but for now here's the end of the log, if that can help:

** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: message code 10
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "andreasma!~andi@p4FE34B02.dip.t-dialin.net" as c
** (telepathy-idle:5611): DEBUG: idle_nickname_is_valid: Validating nickname 'andreasma' with strict mode 0
** (telepathy-idle:5611): DEBUG: _parse_atom: set handle 252
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "PRIVMSG" as I
** (telepathy-idle:5611): DEBUG: _parse_atom: ignored token
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "#libreoffice" as r
** (telepathy-idle:5611): DEBUG: _parse_atom: set handle 3
** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: set string "I get an issue with tabs inside the source code. I have only translated the comments. How can I fix the problem with the tabs?"
** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: succesfully parsed
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_receive_with_flags: queued message 147
** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: message code 11
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "andreasma!~andi@p4FE34B02.dip.t-dialin.net" as c
** (telepathy-idle:5611): DEBUG: idle_nickname_is_valid: Validating nickname 'andreasma' with strict mode 0
** (telepathy-idle:5611): DEBUG: _parse_atom: set handle 252
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "PRIVMSG" as I
** (telepathy-idle:5611): DEBUG: _parse_atom: ignored token
** (telepathy-idle:5611): DEBUG: _parse_atom: parsing atom "#libreoffice" as c
** (telepathy-idle:5611): DEBUG: idle_nickname_is_valid: Validating nickname '#libreoffice' with strict mode 0
** (telepathy-idle:5611): DEBUG: idle_nickname_is_valid: invalid character 35
** (telepathy-idle:5611): DEBUG: _parse_and_forward_one: failed to parse ":andreasma!~andi@p4FE34B02.dip.t-dialin.net PRIVMSG #libreoffice :I get an issue with tabs inside the source code. I have only translated the comments. How can I fix the problem with the tabs?"
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 0
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 1
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 2
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 3
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 4
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 5
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 6
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 7
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 8
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 9
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 10
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 11
(telepathy-idle:5611): tp-glib/im-DEBUG: tp_text_mixin_acknowledge_pending_messages: acknowleding message id 12

***MEMORY-ERROR***: telepathy-idle[5611]: GSlice: assertion failed: sinfo->n_allocated > 0
Comment 3 Milan Bouchet-Valat 2012-01-06 06:21:30 UTC 
Doesn't seem to happen anymore in Fedora 16.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.