Bug 71539 - segfault in tp_debug_sender_add_message_vprintf()
Summary: segfault in tp_debug_sender_add_message_vprintf()
Status: RESOLVED FIXED
Alias: None
Product: Telepathy
Classification: Unclassified
Component: mission-control (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Telepathy bugs list
QA Contact: Telepathy bugs list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-12 17:00 UTC by Sebastien Bacher
Modified: 2013-11-18 13:21 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
backport to stable serie (3.79 KB, patch)
2013-11-18 12:45 UTC, Sebastien Bacher 		Details | Splinter Review
View All

Description Sebastien Bacher 2013-11-12 17:00:32 UTC 
That's an issue frequently reported in Ubuntu 13.10 (using 5.14.1)

Stacktrace

"#0  0x00007f2b3ca15f90 in _IO_vfprintf_internal (s=s@entry=0x7fff0444f9d0, format=<optimized out>, format@entry=0x448aa8 "%s: Migrated %s to new location: deleting old copy", ap=ap@entry=0x7fff0444fb88) at vfprintf.c:1655
        len = <optimized out>
        string_malloced = <optimized out>
        step0_jumps = {0, -11263, -4214, -4124, -4027, -3937, -3826, -3532, -3116, -2815, -2692, -1937, -2239, -2139, -1766, -16687, 265, 280, 47, 2130, -15904, -28, 883, -5283, -5210, -17380, 567, -2039, -2139, -3638}
        space = 0
        is_short = 0
        use_outdigits = 0
        step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, -2815, -2692, -1937, -2239, -2139, -1766, -16687, 265, 280, 47, 2130, -15904, -28, 883, -5283, -5210, -17380, 567, -2039, -2139, 0}
        group = 0
        prec = -1
        step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -2692, -1937, -2239, -2139, -1766, -16687, 265, 280, 47, 2130, -15904, -28, 883, -5283, -5210, -17380, 567, -2039, -2139, 0}
        string = <optimized out>
        left = 0
        is_long_double = 0
        width = 0
        step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -2037, 0, 0, 0, -1766, -16687, 265, 280, 47, 0, 0, 0, 0, -5283, 0, 0, 0, 0, 0, 0}
        alt = 0
        showsign = 0
        is_long = 0
        is_char = 0
        pad = 32 ' '
        step3b_jumps = {0 <repeats 11 times>, -2239, 0, 0, -1766, -16687, 265, 280, 47, 2130, -15904, -28, 883, -5283, -5210, -17380, 567, 0, 0, 0}
        step4_jumps = {0 <repeats 14 times>, -1766, -16687, 265, 280, 47, 2130, -15904, -28, 883, -5283, -5210, -17380, 567, 0, 0, 0}
        is_negative = <optimized out>
        number = <optimized out>
        base = <optimized out>
        the_arg = {pa_wchar = 0 L'\000', pa_int = 0, pa_long_int = 0, pa_long_long_int = 0, pa_u_int = 0, pa_u_long_int = 0, pa_u_long_long_int = 0, pa_double = 0, pa_long_double = 0, pa_string = 0x0, pa_wstring = 0x0, pa_pointer = 0x0, pa_user = 0x0}
        spec = 115 's'
        _buffer = {__routine = 0x0, __arg = 0x0, __canceltype = 0, __prev = 0x0}
        _avail = <optimized out>
        thousands_sep = 0x0
        grouping = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>
        done = 16
        f = 0x448ab6 "s to new location: deleting old copy"
        lead_str_end = 0x448aa8 "%s: Migrated %s to new location: deleting old copy"
        end_of_spec = <optimized out>
        work_buffer = '\000' <repeats 568 times>"\246, \265\230>+\177\000\000\000\000\000\000\000\000\000\000\006\000\000\000\000\000\000\000\220\371D\004\377\177\000\000\246\265\230>+\177\000\000\236\203\323\220\000\000\000\000\n\000\000\000\000\000\000\000\260\371D\004\377\177\000\000@\227\330<+\177\000\000-\000\000\000\000\000\000\000\270\371D\004\377\177\000\000,\000\000\000\000\000\000\000,\000\000\000\000\000\000\000-\000\000\000\000\000\000\000\270\371D\004\377\177\000\000,\000\000\000\000\000\000\000\260'\b\002\000\000\000\000;\000\000\000\000\000\000\000\f\237\255<+\177\000\000\000\200\255\373+\177\000\000\260'\b\002\000\000\000\000\260'\b\002\000\000\000\000\260'\b\002\000\000\000\000\260'\b\002\000\000\000\000\334'\b\002\000\000\000\000\024(\b\002\000\000\000\000\260'\b\002\000\000\000\000\024(\b\002", '\000' <repeats 44 times>...
        workstart = 0x0
        workend = 0x7fff0444f988 "\320\371D\004\377\177"
        ap_save = {{gp_offset = 8, fp_offset = 48, overflow_arg_area = 0x7fff0444fc70, reg_save_area = 0x7fff0444fba0}}
        nspecs_done = 1
        save_errno = 11
        readonly_format = 0
        args_malloced = 0x0
        specs = 0x0
        specs_malloced = false
        jump_table = "\001\000\000\004\000\016\000\006\000\000\a\002\000\003\t\000\005\b\b\b\b\b\b\b\b\b\000\000\000\000\000\000\000\032\000\031\000\023\023\023\000\035\000\000\f\000\000\000\000\000\000\025\000\000\000\000\022\000\r\000\000\000\000\000\000\032\000\024\017\023\023\023\n\017\034\000\v\030\027\021\026\f\000\025\033\020\000\000\022\000\r"
        __PRETTY_FUNCTION__ = "_IO_vfprintf_internal"
#1  0x00007f2b3cad9e61 in __GI___vasprintf_chk (result_ptr=result_ptr@entry=0x7fff0444fb18, flags=flags@entry=1, format=0x448aa8 "%s: Migrated %s to new location: deleting old copy", args=0x7fff0444fb88) at vasprintf_chk.c:66
        string = 0x20827b0 "_list: Migrated t have group 'Desktop Entry'"
        sf = {_sbf = {_f = {_flags = -72515584, _IO_read_ptr = 0x20827b0 "_list: Migrated t have group 'Desktop Entry'", _IO_read_end = 0x20827b0 "_list: Migrated t have group 'Desktop Entry'", _IO_read_base = 0x20827b0 "_list: Migrated t have group 'Desktop Entry'", _IO_write_base = 0x20827b0 "_list: Migrated t have group 'Desktop Entry'", _IO_write_ptr = 0x20827c0 "t have group 'Desktop Entry'", _IO_write_end = 0x2082814 "", _IO_buf_base = 0x20827b0 "_list: Migrated t have group 'Desktop Entry'", _IO_buf_end = 0x2082814 "", _IO_save_base = 0x0, _IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0x0, _fileno = 1023667551, _flags2 = 4, _old_offset = 34018112, _cur_column = 0, _vtable_offset = 10 '\n', _shortbuf = "\002", _lock = 0x0, _offset = 34271376, _codecvt = 0x4489f8, _wide_data = 0x0, _freeres_list = 0x0, _freeres_buf = 0x0, _freeres_size = 139823683620729, _mode = -1, _unused2 = "\000\000\000\000\200\360\003=+\177\000\000@\255\n\002\000\000\000"}, vtable = 0x7f2b3cd88760 <_IO_str_jumps>}, _s = {_allocate_buffer = 0x7f2b3ca4c470 <__GI___libc_malloc>, _free_buffer = 0x7f2b3ca4c900 <__GI___libc_free>}}
        ret = <optimized out>
        needed = <optimized out>
        allocated = <optimized out>
#2  0x00007f2b3d034cdc in vasprintf (__ap=<optimized out>, __fmt=<optimized out>, __ptr=0x7fff0444fb18) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:210
No locals.
#3  g_vasprintf (string=string@entry=0x7fff0444fb18, format=<optimized out>, args=args@entry=0x7fff0444fb88) at /build/buildd/glib2.0-2.37.6/./glib/gprintf.c:314
        __PRETTY_FUNCTION__ = "g_vasprintf"
#4  0x00007f2b3d0123b0 in g_strdup_vprintf (format=<optimized out>, args=args@entry=0x7fff0444fb88) at /build/buildd/glib2.0-2.37.6/./glib/gstrfuncs.c:517
        string = 0x0
#5  0x00007f2b3e45e89a in tp_debug_sender_add_message_vprintf (self=0x206e330, timestamp=0x0, formatted=0x0, domain=0x43a3ae "mcd", level=G_LOG_LEVEL_DEBUG, format=<optimized out>, args=0x7fff0444fb88) at debug-sender.c:452
        message = 0x0
#6  0x000000000040ebc4 in mcd_debug (format=format@entry=0x448aa8 "%s: Migrated %s to new location: deleting old copy") at mcd-debug.c:189
        message = 0x0
        formatted = <optimized out>
        dbg = 0x206e330
        args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff0444fc70, reg_save_area = 0x7fff0444fba0}}
#7  0x00000000004394e6 in _list (self=0x2087b20, am=0x20af090) at mcd-account-manager-default.c:780
        i = <optimized out>
        n = 139823710566149
        accounts = <optimized out>
        rval = 0x0
        amd = 0x2087b20
        __FUNCTION__ = "_list"
#8  0x0000000000435532 in mcd_storage_load (self=<optimized out>) at mcd-storage.c:371
        account = <optimized out>
        pname = <optimized out>
        prio = <optimized out>
        plugin = 0x2087b20
        stored = <optimized out>
        ma = 0x20af090
        store = 0x207e160
        __PRETTY_FUNCTION__ = "mcd_storage_load"
        __FUNCTION__ = "mcd_storage_load"
#9  0x000000000042858a in _mcd_account_manager_constructed (obj=<optimized out>) at mcd-account-manager.c:1648
        account_manager = 0x2087a60
        priv = <optimized out>
        i = 0
        sig = {{name = 0x43afe5 "created", handler = 0x4286b0 <created_cb>}, {name = 0x4425dd "altered", handler = 0x429c20 <altered_cb>}, {name = 0x4425e5 "toggled", handler = 0x429af0 <toggled_cb>}, {name = 0x4425ed "deleted", handler = 0x4285d0 <deleted_cb>}, {name = 0x4425f5 "altered-one", handler = 0x429a00 <altered_one_cb>}, {name = 0x442601 "reconnect", handler = 0x429940 <reconnect_cb>}, {name = 0x0, handler = 0x0}}
        __FUNCTION__ = "_mcd_account_manager_constructed"
#10 0x00007f2b3d4e84aa in g_object_new_internal (class=class@entry=0x207bf90, params=params@entry=0x7fff0444ff50, n_params=1) at /build/buildd/glib2.0-2.37.6/./gobject/gobject.c:1785
        nqueue = 0x207a850
        object = 0x2087a60
        __FUNCTION__ = "g_object_new_internal"
#11 0x00007f2b3d4ea634 in g_object_new_valist (object_type=object_type@entry=34060608, first_property_name=first_property_name@entry=0x43a90d "dbus-daemon", var_args=var_args@entry=0x7fff044500a8) at /build/buildd/glib2.0-2.37.6/./gobject/gobject.c:2002
        stack_params = {{pspec = 0x20b1190, value = 0x7fff0444fea0}, {pspec = 0x7f2b3c9d9cf0, value = 0x4034b0}, {pspec = 0x500000000, value = 0x1000004a2}, {pspec = 0x7f2b3d4d5858, value = 0x7fff04450128}, {pspec = 0x7fff04450100, value = 0x7f2b3eb7fb30}, {pspec = 0x7f2b3eba65c0, value = 0x7f2b3eba6268}, {pspec = 0x5, value = 0x7f2b3e98c1a9}, {pspec = 0x0, value = 0x7f2b3eb7fb30}, {pspec = 0x5, value = 0x0}, {pspec = 0x1, value = 0x7f2b3eba6268}, {pspec = 0x2077550, value = 0x6598d8 <g_value_dup_object@got.plt>}, {pspec = 0x0, value = 0x2073b50}, {pspec = 0x0, value = 0x7f2b3eba65c0}, {pspec = 0x7fff04450060, value = 0x7fff04450050}, {pspec = 0x1081a446, value = 0x102078310}, {pspec = 0x2077fc0, value = 0x407989}}
        params = 0x7fff0444ff50
        name = <optimized out>
        n_params = 1
        class = <optimized out>
        unref_class = <optimized out>
        object = <optimized out>
        __PRETTY_FUNCTION__ = "g_object_new_valist"
        __FUNCTION__ = "g_object_new_valist"
#12 0x00007f2b3d4eaa14 in g_object_new (object_type=34060608, first_property_name=first_property_name@entry=0x43a90d "dbus-daemon") at /build/buildd/glib2.0-2.37.6/./gobject/gobject.c:1559
        var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fff04450190, reg_save_area = 0x7fff044500c0}}
        __PRETTY_FUNCTION__ = "g_object_new"
#13 0x000000000042963f in mcd_account_manager_new (dbus_daemon=0x2078250) at mcd-account-manager.c:1666
        obj = <optimized out>
#14 0x0000000000410ad2 in mcd_master_constructor (type=34056960, n_params=2, params=<optimized out>) at mcd-master.c:383
        object_class = 0x207aed0
        master = 0x2078310
        priv = <optimized out>
        __PRETTY_FUNCTION__ = "mcd_master_constructor"
        __FUNCTION__ = "mcd_master_constructor"
#15 0x00007f2b3d4e8404 in g_object_new_with_custom_constructor (n_params=1, params=0x7fff044503a0, class=0x207bce0) at /build/buildd/glib2.0-2.37.6/./gobject/gobject.c:1665
        cparams = 0x2078da0
        cvalues = <optimized out>
        node = 0x0
        i = <optimized out>
        nqueue = 0x0
        object = <optimized out>
        n_cparams = 2
        cvals_used = 1
#16 g_object_new_internal (class=class@entry=0x207bce0, params=params@entry=0x7fff044503a0, n_params=1) at /build/buildd/glib2.0-2.37.6/./gobject/gobject.c:1744
        nqueue = 0x0
        object = <optimized out>
        __FUNCTION__ = "g_object_new_internal"
#17 0x00007f2b3d4ea634 in g_object_new_valist (object_type=object_type@entry=34056960, first_property_name=first_property_name@entry=0x43a90d "dbus-daemon", var_args=var_args@entry=0x7fff044504f8) at /build/buildd/glib2.0-2.37.6/./gobject/gobject.c:2002
        stack_params = {{pspec = 0x2073b50, value = 0x7fff044502f0}, {pspec = 0x100000000, value = 0x10000025d}, {pspec = 0x80, value = 0x7fff04450568}, {pspec = 0x7fff04450540, value = 0x0}, {pspec = 0x7f2b3eba65c0, value = 0x7f2b3eba6268}, {pspec = 0x1, value = 0x7f2b3e98c1a9}, {pspec = 0x0, value = 0x0}, {pspec = 0x1, value = 0x0}, {pspec = 0x1, value = 0x7f2b3eba6268}, {pspec = 0x3100000006, value = 0x6e0000005b}, {pspec = 0x7c00000077, value = 0x7fff04450460}, {pspec = 0x0, value = 0x7f2b3eba65c0}, {pspec = 0x7fff044504a0, value = 0x7fff04450490}, {pspec = 0x180b0cb, value = 0x13cd89740}, {pspec = 0x2066510, value = 0x404a8d}, {pspec = 0xffffffff, value = 0x207abd0}}
        params = 0x7fff044503a0
        name = <optimized out>
        n_params = 1
        class = <optimized out>
        unref_class = <optimized out>
        object = <optimized out>
        __PRETTY_FUNCTION__ = "g_object_new_valist"
        __FUNCTION__ = "g_object_new_valist"
#18 0x00007f2b3d4eaa14 in g_object_new (object_type=34056960, first_property_name=first_property_name@entry=0x43a90d "dbus-daemon") at /build/buildd/glib2.0-2.37.6/./gobject/gobject.c:1559
        var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fff044505e0, reg_save_area = 0x7fff04450510}}
        __PRETTY_FUNCTION__ = "g_object_new"
#19 0x000000000041026c in mcd_service_new () at mcd-service.c:180
        obj = <optimized out>
        dbus_daemon = 0x2078250
        error = 0x0
#20 0x000000000040e340 in main (argc=<optimized out>, argv=<optimized out>) at mc-server.c:174
        act = {__sigaction_handler = {sa_handler = 0xf63d4e2e, sa_sigaction = 0xf63d4e2e}, sa_mask = {__val = {5318445309, 33964032, 4225460, 4294967295, 166027348, 139823677280544, 139823712591872, 33964416, 0, 33983104, 1, 1, 4432397, 0, 0, 4432304}}, sa_flags = 4253175, sa_restorer = 0x7fff04450810}
        empty_mask = {__val = {1, 139823710519721, 0, 139823712566064, 1, 0, 1, 139823712723560, 80, 33973520, 0, 140733265020672, 0, 139823712724416, 140733265020608, 140733265020592}}"
Comment 1 Simon McVittie 2013-11-12 17:05:00 UTC 
I think you might need commit cc2af09f60851 (or part of) from Bug #69542.
Comment 2 Simon McVittie 2013-11-12 17:39:59 UTC 
If my guess is right, then this is probably reproducible by installing MC 5.12 (e.g. Ubuntu precise), setting up Telepathy accounts for a disposable user account, and upgrading.

As a short cut: install precise, set up the accounts, save the user's home directory in a tarball or something, discard the rest of the OS, install 13.10, replace the 13.10 user's home directory with the one you saved.

The version of MC in raring appears to be from the middle of a development branch, so I'm not going to support that version: you're on your own with that one. Depending when the faulty debug message was introduced, it might need a similar patch, or not. We do not recommend using development versions in a stable OS release. If you need features from a development branch, please ask for a stable branch sometime around your freeze time.
Comment 3 Sebastien Bacher 2013-11-12 18:43:10 UTC 
> I think you might need commit cc2af09f60851 (or part of) from Bug #69542.

Thanks Simon, that seems likely indeed


> The version of MC in raring appears to be from the middle of a development 
> branch, so I'm not going to support that version: you're on your own with that 
> one. 

https://launchpad.net/ubuntu/+source/telepathy-mission-control-5 ... you mean quantal I guess? Don't worry about that one, in practice most users stick to the current stable or current LTS, quantal is current_stable-2 which probably has a very limited set of users

I'm going to upload that fix and comment again in a few days to let you know what impact it has on reports!
Comment 4 Simon McVittie 2013-11-12 19:49:32 UTC 
(In reply to comment #3)
> > The version of MC in raring appears to be from the middle of a development 
> > branch
>
> you mean quantal I guess?

Sorry, yes, I meant MC 5.13 (or any future x.odd.z version).
Comment 5 Sebastien Bacher 2013-11-18 10:32:21 UTC 
We got no report on the package version which has cc2af09f60851 backport, I think you can consider that to be indeed the fix for that issue, thanks!
Comment 6 Simon McVittie 2013-11-18 12:39:48 UTC 
Probably worth backporting to 5.12, could you attach the exact patch you applied please?
Comment 7 Sebastien Bacher 2013-11-18 12:45:38 UTC 
Created attachment 89405 [details] [review]
backport to stable serie

> Probably worth backporting to 5.12, could you attach the exact patch you applied please?

Sure, I guess you meant 5.14 there? That's the patch we have been using (basically the git commit, refreshed, without the hunk which applied to code not present in that serie)
Comment 8 Simon McVittie 2013-11-18 13:20:51 UTC 
(In reply to comment #7)
> Sure, I guess you meant 5.14 there?

Yes. Pushed to telepathy-mission-control-5.14 branch for the benefit of anyone else still on that version. Thanks!

Regression somewhere in the 5.13/5.14 cycle, fixed in 5.14.2 in the unlikely event that that version is ever released. Also fixed in 5.15.1 and all subsequent versions.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.