Bug 182399

Summary: Abiword crashes on exit on rawhide (FC5t3 and later)
Product: [Fedora] Fedora Reporter: Peter Robinson <pbrobinson>
Component: abiwordAssignee: Marc Maurer <uwog>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: extras-qa, kmaraas, michal, scottt.tw
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.4.4-4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-12 21:01:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 187071    
Attachments:
Description Flags
Another debug output none

Description Peter Robinson 2006-02-22 11:36:43 UTC 
Description of problem:
Ever since (I think that's when it started) the whole of rawhide was rebuilt
just prior to FC5T3 abiword has been crashing on exit. It improved when abiword
was rebuilt as well but still crashes regularly. Also it has all the grammat
spew when run from the command line. Let me know if you need more info.

Version-Release number of selected component (if applicable):
abiword-2.4.2-6.fc5

How reproducible:
Everytime

Steps to Reproduce:
1. Run abiword from command line
2. Exit
3. Get debug dump on terminal window
  
[peterr@localhost ecash]$ abiword 71384011.doc

(AbiWord-2.4:11646): libgsf:msole-CRITICAL **: ole_get_block: assertion `block <
ole->info->max_block' failed
Wrong Grammar|Mr.|
 LowOff 0 HighOff 2
Wrong Grammar| Peter Robinson |
 LowOff 3 HighOff 18
Wrong Grammar|Mr.|
 LowOff 0 HighOff 2
Wrong Grammar| Peter Robinson |
 LowOff 3 HighOff 18
*** glibc detected *** abiword: free(): invalid next size (normal): 0x08a22d18 ***
======= Backtrace: =========
/lib/libc.so.6[0xc60de8]
/lib/libc.so.6(__libc_free+0x79)[0xc642ed]
/usr/lib/libfontconfig.so.1(FcStrFree+0x3d)[0x49067cd]
/usr/lib/libfontconfig.so.1(FcValueListDestroy+0x337)[0x49010c7]
/usr/lib/libfontconfig.so.1(FcPatternDestroy+0xeb)[0x49013eb]
/usr/lib/libXft.so.2[0xa7c7af]
/usr/lib/libXft.so.2(XftFontManageMemory+0x104)[0xa7c9a4]
/usr/lib/libXft.so.2(XftFontClose+0x4f)[0xa7ca5f]
abiword(_ZN12XAP_UnixFontD1Ev+0xb0)[0x824b930]
abiword(_ZN19XAP_UnixFontManagerD1Ev+0x4b)[0x823d74b]
abiword(_ZN11XAP_UnixAppD2Ev+0x44)[0x82392b4]
abiword(_ZN10AP_UnixAppD0Ev+0x64)[0x813e5d4]
abiword(_ZN10AP_UnixApp4mainEPKciPS1_+0x3bf)[0x814005f]
abiword(main+0x2a)[0x813bcca]
/lib/libc.so.6(__libc_start_main+0xdc)[0xc127a4]
abiword(__gxx_personality_v0+0x34d)[0x813bc11]
======= Memory map: ========
00101000-001fa000 r-xp 00000000 03:05 370930     /usr/lib/libX11.so.6.2.0
001fa000-001fe000 rwxp 000f9000 03:05 370930     /usr/lib/libX11.so.6.2.0
00200000-00291000 r-xp 00000000 03:05 366055     /usr/lib/libglib-2.0.so.0.902.4
00291000-00292000 rwxp 00091000 03:05 366055     /usr/lib/libglib-2.0.so.0.902.4
00292000-002f7000 r-xp 00000000 03:05 1811766    /usr/lib/libbonoboui-2.so.0.0.0
002f7000-002fa000 rwxp 00064000 03:05 1811766    /usr/lib/libbonoboui-2.so.0.0.0
002fa000-00301000 r-xp 00000000 03:05 1811714    /usr/lib/libXi.so.6.0.0
00301000-00302000 rwxp 00007000 03:05 1811714    /usr/lib/libXi.so.6.0.0
00302000-00305000 r-xp 00000000 03:05 1811715    /usr/lib/libXrandr.so.2.0.0
00305000-00306000 rwxp 00002000 03:05 1811715    /usr/lib/libXrandr.so.2.0.0
00306000-0030f000 r-xp 00000000 03:05 1811717    /usr/lib/libXcursor.so.1.0.2
0030f000-00310000 rwxp 00008000 03:05 1811717    /usr/lib/libXcursor.so.1.0.2
00310000-0031f000 r-xp 00000000 03:05 1456536    /lib/libresolv-2.3.90.so
0031f000-00320000 r-xp 0000e000 03:05 1456536    /lib/libresolv-2.3.90.so
00320000-00321000 rwxp 0000f000 03:05 1456536    /lib/libresolv-2.3.90.so
00321000-00323000 rwxp 00321000 00:00 0
00323000-00325000 r-xp 00000000 03:05 1456537    /lib/libcom_err.so.2.1
00325000-00326000 rwxp 00001000 03:05 1456537    /lib/libcom_err.so.2.1
00327000-0034e000 r-xp 00000000 03:05 1811706    /usr/lib/libpng12.so.0.1.2.8
0034e000-0034f000 rwxp 00026000 03:05 1811706    /usr/lib/libpng12.so.0.1.2.8
0034f000-003ba000 r-xp 00000000 03:05 1811707    /usr/lib/libfreetype.so.6.3.8
003ba000-003bd000 rwxp 0006a000 03:05 1811707    /usr/lib/libfreetype.so.6.3.8
003bd000-004dc000 r-xp 00000000 03:05 1456538    /lib/libcrypto.so.0.9.8a
004dc000-004ef000 rwxp 0011e000 03:05 1456538    /lib/libcrypto.so.0.9.8a
004ef000-004f2000 rwxp 004ef000 00:00 0
004f2000-00511000 r-xp 00000000 03:05 1456541    /lib/libexpat.so.0.5.0
00511000-00513000 rwxp 0001e000 03:05 1456541    /lib/libexpat.so.0.5.0
00513000-0052b000 r-xp 00000000 03:05 374956     /usr/lib/libgssapi_krb5.so.2.2
0052b000-0052c000 rwxp 00017000 03:05 374956     /usr/lib/libgssapi_krb5.so.2.2
0052c000-00550000 r-xp 00000000 03:05 373716     /usr/lib/libk5crypto.so.3.0
00550000-00551000 rwxp 00024000 03:05 373716     /usr/lib/libk5crypto.so.3.0
00551000-00554000 r-xp 00000000 03:05 373500     /usr/lib/libkrb5support.so.0.0
00554000-00555000 rwxp 00002000 03:05 373500     /usr/lib/libkrb5support.so.0.0
00555000-00566000 r-xp 00000000 03:05 1452842    /lib/libnsl-2.3.90.so
00566000-00567000 r-xp 00010000 03:05 1452842    /lib/libnsl-2.3.90.so
00567000-00568000 rwxp 00011000 03:05 1452842    /lib/libnsl-2.3.90.so
00568000-0056a000 rwxp 00568000 00:00 0
0056a000-00573000 r-xp 00000000 03:05 1456638    /lib/libnss_files-2.3.90.so
00573000-00574000 r-xp 00008000 03:05 1456638    /lib/libnss_files-2.3.90.so
00574000-00575000 rwxp 00009000 03:05 1456638    /lib/libnss_files-2.3.90.so
00575000-00577000 r-xp 00000000 03:05 397750     /usr/lib/gconv/CP1252.so
00577000-00579000 rwxp 00001000 03:05 397750     /usr/lib/gconv/CP1252.so
00594000-005d5000 r-xp 00000000 03:05 1456539    /lib/libssl.so.0.9.8a
005d5000-005d9000 rwxp 00040000 03:05 1456539    /lib/libssl.so.0.9.8a
005db000-005e2000 r-xp 00000000 03:05 369387     /usr/lib/libpopt.so.0.0.0
005e2000-005e3000 rwxp 00006000 03:05 369387
Comment 1 Peter Robinson 2006-02-22 11:49:07 UTC 
Created attachment 125018 [details]
Another debug output
Comment 2 Marc Maurer 2006-03-03 14:54:37 UTC 
Reporter: could you install the abiword-debug rpm as well, to get a more
interesting stack trace?
Comment 3 Peter Robinson 2006-03-03 15:27:39 UTC 
I would if yum could find one in fedora-extras :-)

[root@localhost ~]# yum install abiword-debuginfo
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
development                                                          [1/2]
development               100% |=========================| 1.1 kB    00:00
extras-development                                                   [2/2]
extras-development        100% |=========================| 1.1 kB    00:00
Reading repository metadata in from local files
Parsing package install arguments
No Match for argument: abiword-debuginfo
Nothing to do
[root@localhost ~]# yum install abiword-debug
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
development                                                          [1/2]
extras-development                                                   [2/2]
Reading repository metadata in from local files
Parsing package install arguments
No Match for argument: abiword-debug
Nothing to do
Comment 4 Peter Robinson 2006-03-03 15:32:10 UTC 
Oops ignore that last comment.... found them :-)
Comment 5 Peter Robinson 2006-03-03 15:44:14 UTC 
OK here you go... let me know if you need any more debuginfo packages installed.

Backtrace was generated from '/usr/bin/AbiWord-2.4'

Using host libthread_db library "/lib/libthread_db.so.1".
`shared object read from target memory' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread -1209067856 (LWP 18301)]
0x002fe402 in __kernel_vsyscall ()
#0  0x002fe402 in __kernel_vsyscall ()
#1  0x002c2a13 in ?? () from /lib/libpthread.so.0
#2  0x04af2086 in libgnomeui_segv_handle (signum=6) at gnome-ui-init.c:792
#3  <signal handler called>
#4  0x002fe402 in __kernel_vsyscall ()
#5  0x00b36159 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00b376e3 in *__GI_abort () at abort.c:88
#7  0x00b6aa1b in __libc_message (do_abort=2, 
    fmt=0xc27c74 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#8  0x00b7551f in *__GI___libc_free (mem=0xa38b748) at malloc.c:5608
#9  0x057ca9ad in FcStrFree () from /usr/lib/libfontconfig.so.1
#10 0x057c52a7 in FcValueListDestroy () from /usr/lib/libfontconfig.so.1
#11 0x057c55cb in FcPatternDestroy () from /usr/lib/libfontconfig.so.1
#12 0x00a7c7af in XftInitFtLibrary () from /usr/lib/libXft.so.2
#13 0x00a7c9a4 in XftFontManageMemory () from /usr/lib/libXft.so.2
#14 0x00a7ca5f in XftFontClose () from /usr/lib/libXft.so.2
#15 0x0824b930 in ~XAP_UnixFont (this=0xa21feb8) at xap_UnixFont.cpp:272
#16 0x0823d74b in ~XAP_UnixFontManager (this=0xa21e070)
    at ../../../../src/af/util/xp/ut_hash.h:145
#17 0x082392b4 in ~XAP_UnixApp (this=0xa190148) at xap_UnixApp.cpp:140
#18 0x0813e5d4 in ~AP_UnixApp (this=0xa190148) at ap_UnixApp.cpp:184
#19 0x0814005f in AP_UnixApp::main (szAppName=0x83ec743 "AbiWord", argc=1, 
    argv=0xbfd18e04) at ap_UnixApp.cpp:1545
#20 0x0813bcca in main (argc=) at UnixMain.cpp:26

Thread 1 (Thread -1209067856 (LWP 18301)):
#0  0x002fe402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x002c2a13 in ?? () from /lib/libpthread.so.0
No symbol table info available.
#2  0x04af2086 in libgnomeui_segv_handle (signum=6) at gnome-ui-init.c:792
	estatus = 84
	sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, 
  sa_mask = {__val = {0, 170428032, 77201410, 0, 77256380, 11637252, 5906392, 
      3085945192, 3218178036, 3218178056, 5838185, 3218178036, 5908496, 46, 
      3085906080, 1, 0, 1, 0, 0, 0, 4294967292, 1, 5837431, 2859049, 
      77213710, 77246900, 3218178040, 77211540, 16825381, 77213710, 0}}, 
  sa_flags = 5908496, sa_restorer = 0}
	pid =
Comment 6 Marc Maurer 2006-05-07 23:20:03 UTC 
*** Bug 190695 has been marked as a duplicate of this bug. ***
Comment 7 Michal Jaegermann 2006-05-10 16:43:11 UTC 
I am seeing this bug with abiword-2.4.4-2.fc5 (line offsets on a backtrace
are slightly different).  It looks like that a reliable way to reproduce it
is to open two (existing?) files and then to quit the application.

Besides the following complaints show often in the situation described above:

(AbiWord-2.4:1877): GModule-CRITICAL **: g_module_close: assertion `module !=
NULL' failed
(AbiWord-2.4:1877): libgsf:msole-CRITICAL **: ole_get_block: assertion `block <
ole->info->max_block' failed

A complaint from glibc is slightly different that the one quoted in the
original report:

*** glibc detected *** abiword: munmap_chunk(): invalid pointer:
0x0000000001084b60 ***

but maybe this is x86_64 specific?
Comment 8 Marc Maurer 2006-05-12 20:35:00 UTC 
*** Bug 189317 has been marked as a duplicate of this bug. ***
Comment 9 Marc Maurer 2006-05-12 21:01:49 UTC 
Nope, it's not x86_64 specific. 

FIXED in abiword-2_4_4-4_fc5, which is being built at this very moment.
Comment 10 Michal Jaegermann 2006-05-14 02:39:55 UTC 
While I still see in abiword-2.4.4-4.fc5 messages like:

(AbiWord-2.4:1877): GModule-CRITICAL **: g_module_close: assertion
`module != NULL' failed
(AbiWord-2.4:1877): libgsf:msole-CRITICAL **: ole_get_block: assertion 
`block < ole->info->max_block' failed

a crash reported in the original report indeed looks like gone.  Thanks!

Should these "CRITICAL" get their own bugzilla entry or there is no point?
Comment 11 Marc Maurer 2006-05-14 11:08:37 UTC 
The first is bug 190579.

The second is the wordperfect importer, where we 'abuse' libgsf to scan for WP
documents in a partial OLE stream. You can ignore that one.