From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041228 Firefox/1.0 Fedora/1.0-8 Description of problem: gaim segfaults on startup, after doing its 'login' stuff. Gaim has segfaulted and attempted to dump a core file. This is a bug in the software and has happened through no fault of your own. It is possible that this bug is already fixed in CVS. If you can reproduce the crash, please notify the gaim maintainers by reporting a bug at http://gaim.sourceforge.net/bug.php Please make sure to specify what you were doing at the time, and post the backtrace from the core file. If you do not know how to get the backtrace, please get instructions at http://gaim.sourceforge.net/gdb.php. If you need further assistance, please IM either RobFlynn or SeanEgn and they can help you. Aborted Version-Release number of selected component (if applicable): gaim-1.1.3-2 on startup How reproducible: Always Steps to Reproduce: 1. start gaim 2. 3. Additional info:
Following the instructions in the message above (i.e., running gaim under gdb) produced the following: gdb /usr/bin/gaim <<<SNIP>>> Detaching after fork from child process 10439. (no debugging symbols found) Detaching after fork from child process 10440. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208564032 (LWP 10436)] 0x008e401e in gaim_blist_sync () from /usr/bin/gaim (gdb) bt #0 0x008e401e in gaim_blist_sync () from /usr/bin/gaim #1 0x00f24946 in g_main_context_wakeup () from /usr/lib/libglib-2.0.so.0 #2 0x00f221e8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #3 0x00f23a08 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0 #4 0x00f23d2f in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #5 0x00bab2de in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #6 0x009737cd in main () from /usr/bin/gaim Hope this helps....
what protocols do you use? if you run gaim with the -a flag, can you isolate a specific problematic account?
uhhh.... 'gaim -a' displays the account menu for about 1 seconds before segfaulting. I believe I have two accounts/protocols active, one is AIM/AOL, the other is yahoo. Running 'gaim' as 'root' (yeah, I know its not a very smart idea) produces the same result, even though 'root' has not protocols/accounts set up. I also did 'mv ~/.gaim ~/o.gaim', and ran 'gaim -a'. Same result. I had the same behavior with the previous build (1.1.3-1), but OK before then. Would a core dump be useful? tom
Is it crashing about 5 seconds after you start Gaim? Or is it instant? If you run with "gaim -d" does it print any messages about saving your buddy list or accounts or preferences? Are you using glib 2.6? We're thinking this might be caused by our change from using things like unlink to using g_unlink, etc. Also, farther does in the stack trace, does it say anything similar to "previous from inner to this one, possible stack corruption"?
OK. Running 'gaim -d' produces quite a bit of output. First of all 'rpm -q glib' -> glib-1.2.10-15, 'rpm -q glibc' -> glibc-2.3.4-10. It is crashing about 5 seconds after it starts. Output from 'gaim -d' indicates that it reads and imports stuff from ~/.gaim/blist.xml, prefs.xml. Complains about reading pounces (I guess I don't have any). Appears to connect to AOL/AIM service. I copy output below (I just obscured the name of my accounts ....) I don't remember seeing anything about stack corruption when I ran the 'gdb gaim'. How far down in the stack would I need to go? tom [tbl@tlondon ~]$ gaim -d sound: Initializing sound output drivers. plugins: registering plugin-load signal plugins: registering plugin-unload signal plugins: probing /usr/lib/gaim/ssl-gnutls.so plugins: probing /usr/lib/gaim/iconaway.so plugins: probing /usr/lib/gaim/perl.so plugins: probing /usr/lib/gaim/idle.so plugins: probing /usr/lib/gaim/libsilcgaim.so plugins: probing /usr/lib/gaim/libmsn.so plugins: probing /usr/lib/gaim/ticker.so plugins: probing /usr/lib/gaim/docklet.so plugins: probing /usr/lib/gaim/libirc.so plugins: probing /usr/lib/gaim/libgg.so plugins: probing /usr/lib/gaim/extplacement.so plugins: probing /usr/lib/gaim/notify.so plugins: probing /usr/lib/gaim/ssl-nss.so plugins: probing /usr/lib/gaim/libnovell.so plugins: probing /usr/lib/gaim/libzephyr.so plugins: probing /usr/lib/gaim/liboscar.so plugins: probing /usr/lib/gaim/libyahoo.so plugins: probing /usr/lib/gaim/statenotify.so plugins: probing /usr/lib/gaim/libnapster.so plugins: probing /usr/lib/gaim/gestures.so plugins: probing /usr/lib/gaim/ssl.so plugins: probing /usr/lib/gaim/timestamp.so plugins: probing /usr/lib/gaim/gaim-remote.so plugins: probing /usr/lib/gaim/autorecon.so plugins: probing /usr/lib/gaim/libjabber.so plugins: probing /usr/lib/gaim/spellchk.so plugins: probing /usr/lib/gaim/history.so plugins: probing /home/tbl/.gaim/smileys plugins: probing /home/tbl/.gaim/dict plugins: probing /home/tbl/.gaim/blist.xml plugins: probing /home/tbl/.gaim/logs plugins: probing /home/tbl/.gaim/prefs.xml plugins: probing /home/tbl/.gaim/icons plugins: probing /home/tbl/.gaim/accels plugins: probing /home/tbl/.gaim/accounts.xml plugins: probing /home/tbl/.gaim/status.xml plugins: registering plugin-load signal plugins: registering plugin-unload signal blist import: Reading /home/tbl/.gaim/blist.xml blist import: Finished reading /home/tbl/.gaim/blist.xml prefs: Reading /home/tbl/.gaim/prefs.xml prefs: Finished reading /home/tbl/.gaim/prefs.xml plugins: Loading saved plugin extplacement.so prefs: /gaim/gtk/conversations/placement changed, scheduling save. plugins: Loading saved plugin history.so plugins: Loading saved plugin docklet.so tray icon: plugin loaded tray icon: created plugins: Loading saved plugin spellchk.so pounces: Error reading pounces: Failed to open file '/home/tbl/.gaim/pounces.xml': No such file or directory Session Management: ICE initialized. Session Management: Connecting with no previous ID Session Management: Handling new ICE connection... done. Session Management: Connected to manager (GnomeSM) with client ID 117f000001000110893315100000035380015 Session Management: Using gaim as command account: Connecting to account 0x9083d68. gc = 0x909bac0 connection: Connecting. gc = 0x909bac0 connection: Calling serv_login server: gaim 1.1.3-2 logging in OBSCURE ACCOUNT using AIM/ICQ oscar: oscar_login: gc = 0x909bac0 dns: Created new DNS child 10643, there are now 1 children. account: Connecting to account 0x90840f8. gc = 0x8fd9c68 connection: Connecting. gc = 0x8fd9c68 connection: Calling serv_login server: gaim 1.1.3-2 logging in OBSCURE ACCOUNT2 using Yahoo dns: Created new DNS child 10644, there are now 2 children. Session Management: Received first save_yourself dns: Host 'login.oscar.aol.com' resolved proxy: Connecting to login.oscar.aol.com:5190 with no proxy proxy: Connect would have blocked. Session Management: Received save_complete tray icon: embedded proxy: Connected. oscar: Screen name sent, waiting for response oscar: inside auth_resp (Screen name: OBSCURE ACCOUNT) oscar: Reg status: 1 oscar: Email: OBSCURE EMAIL oscar: BOSIP: 205.188.10.36:5190 oscar: Closing auth connection... dns: Successfully sent DNS request to child 10643 dns: Host '205.188.10.36' resolved proxy: Connecting to 205.188.10.36:5190 with no proxy proxy: Connect would have blocked. proxy: Connected. Gaim has segfaulted and attempted to dump a core file. This is a bug in the software and has happened through no fault of your own. It is possible that this bug is already fixed in CVS. If you can reproduce the crash, please notify the gaim maintainers by reporting a bug at http://gaim.sourceforge.net/bug.php Please make sure to specify what you were doing at the time, and post the backtrace from the core file. If you do not know how to get the backtrace, please get instructions at http://gaim.sourceforge.net/gdb.php. If you need further assistance, please IM either RobFlynn or SeanEgn and they can help you. Aborted [tbl@tlondon ~]$ dns[10644]: Oops, father has gone, wait for me, wait...! dns[10643]: Oops, father has gone, wait for me, wait...!
Sorry, could you do "rpm -q glib2"? I don't know how far down in the stack trace you would need to go. Probably not more than line #20.
Bug confirmed. I have this glib: glib2-2.6.2-1 The problematic account appears to be AIM.
OK. 'rpm -q glib2' -> glib2-2.6.2-1 Sorry to be dense, but here is the 'bt': Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1209071936 (LWP 10835)] 0x0072801e in gaim_blist_sync () from /usr/bin/gaim (gdb) bt #0 0x0072801e in gaim_blist_sync () from /usr/bin/gaim #1 0x0027b946 in g_main_context_wakeup () from /usr/lib/libglib-2.0.so.0 #2 0x002791e8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #3 0x0027aa08 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0 #4 0x0027ad2f in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #5 0x00ca52de in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #6 0x007b77cd in main () from /usr/bin/gaim I can 'up' all the way to main() (#6) without complaints. Need core?
Here's my debug output: Relevant output: oscar... connecting... Closing auth connection.... yahoo... connecting Then: oscar: ssi: requesting rights and list oscar: locate rights: max sig len = 1024 oscar: buddy list rights: Max buddies = 220 / Max watchers = 2000 oscar: BOS rights: Max permit = 220 / Max deny = 220 server: allowing NOP oscar: buddy list loaded oscar: ssi rights: max type 0x0000=400, max type 0x0001=61, max type 0x0002=200, max type 0x0003=200, max type 0x0004=1, max type 0x0005=1, max type 0x0006=150, max type 0x0007=12, max type 0x0008=12, max type 0x0009=0, max type 0x000a=50, max type 0x000b=50, max type 0x000c=0, max type 0x000d=0, max type 0x000e=0, max type 0x000f=0, max type 0x0010=0, max type 0x0011=1, max type 0x0012=0, max typ e 0x0013=0, max type 0x0014=15, max type 0x0015=1, max type 0x0016=40, max type 0x0017=1, max type 0x0018=10, max type 0x0019=200, oscar: ssi: syncing local list and server list oscar: ssi: activating server-stored buddy list dns: Successfully sent DNS request to child 13704 dns: Successfully sent DNS request to child 13703 dns: Host '205.188.248.161' resolved proxy: Connecting to 205.188.248.161:5190 with no proxy proxy: Connect would have blocked. dns: Host '64.12.201.34' resolved proxy: Connecting to 64.12.201.34:5190 with no proxy proxy: Connect would have blocked. proxy: Connected. oscar: email: connected proxy: Connected. oscar: chatnav: connected oscar: chat info: Chat Rights: oscar: chat info: Max Concurrent Rooms: 3 oscar: chat info: Exchange List: (16 total) oscar: chat info: 20 oscar: chat info: 16 oscar: chat info: 15 oscar: chat info: 14 oscar: chat info: 13 oscar: chat info: 12 oscar: chat info: 11 oscar: chat info: 10 oscar: chat info: 9 oscar: chat info: 8 oscar: chat info: 7 oscar: chat info: 6 oscar: chat info: 5 oscar: chat info: 4 oscar: chat info: 2 oscar: chat info: 1 Gaim has segfaulted and attempted to dump a core file. This is a bug in the software and has happened through no fault of your own.
Tom London and Ivan Gyurdiev, are you both running full rawhide in all packages, or a weird mix of FC3 + rawhide? gaim-1.1.3 built against glib2-2.4.8-1.fc3 is working fine for me with a pure FC3 + updates system. I have not yet tested gaim-1.1.3 built against rawhide myself though. http://people.redhat.com/wtogami/temp/ Try running these FC3 packages on rawhide, do they exhibit the same problem? (They may not even install due to library changes, but worth trying.)
I am running full rawhide. The gaim-1.1.3-1 for FC3 will not install due to the evolution integration. However if it build it from SRPM it works fine, while the SRPM from rawhide does not work.
I'm also running full rawhide and have the same problem. Same stuff in backtrace, same gaim version using ICQ, MSN, Yahoo and Gadu-Gadu accounts. glib version glib-1.2.10-15 Above suggested package is not installable: Retrieving http://people.redhat.com/wtogami/temp/gaim-1.1.3-1.FC3.i386.rpm error: Failed dependencies: libebook.so.8 is needed by gaim-1.1.3-1.FC3.i386 libedata-book.so.1 is needed by gaim-1.1.3-1.FC3.i386 libedataserver.so.3 is needed by gaim-1.1.3-1.FC3.i386
Running full rawhide ... removed all $HOME/.gaim* configuration files ... gaim segfaults about 5 seconds after start of app (I happened to be looking at the new account dialog). [ gdb output (similar to above) ] (gdb) r Starting program: /usr/bin/gaim [Thread debugging using libthread_db enabled] [New Thread -1208781120 (LWP 5020)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208781120 (LWP 5020)] prefs_save_callback (who_cares=0x0) at prefs.c:76 76 prefs_save_timer = 0; (gdb) bt #0 prefs_save_callback (who_cares=0x0) at prefs.c:76 #1 0x00301946 in g_main_context_wakeup () from /usr/lib/libglib-2.0.so.0 #2 0x002ff1e8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #3 0x00300a08 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0 #4 0x00300d2f in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #5 0x00f242de in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #6 0x004147cd in main (argc=1, argv=0xbfef8904) at main.c:961 [ strace output shows ... ] 5103 open("/home/jlaska/.gaim", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) 5103 mkdir("/home/jlaska/.gaim", 0700) = 0 5103 open("/home/jlaska/.gaim/prefs.xml.save", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 5 5103 fstat64(5, {st_mode=S_IFREG|0664, st_size=0, ...}) = 0 5103 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7c70000 5103 write(5, "<?xml version=\'1.0\' encoding=\'UT"..., 4096) = 4096 5103 write(5, "ef name=\'notify_switch\' type=\'bo"..., 4096) = 4096 5103 write(5, "l_enter_sends\' type=\'bool\' value"..., 2637) = 2637 5103 close(5) = 0 5103 munmap(0xb7c70000, 4096) = 0 5103 chmod("/home/jlaska/.gaim/prefs.xml.save", 0600) = 0 5103 stat64("/home/jlaska/.gaim/prefs.xml.save", {st_mode=S_IFREG|0600, st_size=10829, ...}) = 0 5103 rename("/home/jlaska/.gaim/prefs.xml.save", "/home/jlaska/.gaim/prefs.xml") = 0 5103 --- SIGSEGV (Segmentation fault) @ 0 (0) --- 5103 write(2, "Gaim has segfaulted and attempte"..., 618) = 618 5103 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 5103 tgkill(5103, 5103, SIGABRT) = 0 5103 --- SIGABRT (Aborted) @ 0 (0) --- 5103 +++ killed by SIGABRT (core dumped) +++
I'm running full rawhide, not FC3 + updates.....
Same here, though i've had this for a long time beginning with FC3 I believe. Usually happens right after I've checked the "Connect" checkbox in the Accounts dialog, but buddies window pops up for a brief second and then gaim segfaults. I'm pulling down gaim debuginfo so should have more detailed backtrace soon. Currently using: gaim-1.1.3-1 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1209051456 (LWP 25639)] 0x00746743 in gaim_accounts_sync () from /usr/bin/gaim (gdb) bt #0 0x00746743 in gaim_accounts_sync () from /usr/bin/gaim #1 0x00403946 in g_main_context_wakeup () from /usr/lib/libglib-2.0.so.0 #2 0x004011e8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #3 0x00402a08 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0 #4 0x00402d2f in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #5 0x00a222ae in IA__gtk_main () at gtkmain.c:963 #6 0x007db7cd in main () from /usr/bin/gaim (gdb)
Hmm, actually happens no matter what I do, even if I don't touch the app. I just launch it and wait a second or two and bam.
Something in gaim_accounts_sync(), prefs_save_callback(), and gaim_blist_sync() is going wrong which causes a segfault right after returning from these functions. They are all quite similar, so its likely that the bug is present in all 3 functions. Continuing to debug.
okay, all of which end up calling much the same set of functions to write a temorary file in ~/.gaim and then move it to the real file name if successful. Mark (kingant) may be able to shed some light on this when he gets home.
It seems that this line does the memory and/or stack corruption in each of those 3 functions above: if (g_stat(filename, &st) || (st.st_size == 0)) { while this works perfectly fine: if (stat (filename, &st) || (st.st_size == 0)) { Even copying g_stat() into the file, renaming it, and using the local copy works as well. Some odd interaction between glib and gaim, or perhaps some gcc/ld issue?
this or an incredibly similar bug is being hit on debian and gentoo, both for ppc users. I have set up a bug in the gaim tracker at http://sourceforge.net/tracker/?func=detail&aid=1145742&group_id=235&atid=100235
Working around this bug by replacing g_stat() calls in these 3 functions with simply stat(). gaim-1.1.3-3 should be out in tomorrow's rawhide.
Comment #21's workaround allows us to ship a working gaim in FC4test1 (currently frozen), but we still need to find the cause of this problem. FC4's gaim.spec hardcodes the use of gcc4 to build gaim, which was working fine until gaim-1.1.3. Stu explains: <nosnilmot> warren: I managed to "resolve" that crash by compiling Gaim with gcc3.4 instead of gcc4 (that being the only change from a build that caused gaim to crash) <nosnilmot> warren: there was a change from gaim 1.1.2 -> 1.1.3 where we use glib's stdio functions on glib >= 2.6, which is probably why we haven't seen this before, but does not pin down what the root cause of the problem is Adding glib and gcc maintainers to CC.
Hrmm, this doesn't quite seem like enough for me. I'm still getting crashes with 1.1.3-3. MALLOC_CHECK_=2 starts to make things crash more reliably (gdb) bt #0 0x74ffffd7 in ?? () #1 0x0047ecef in buddy_node (buddy=0x97feb28, iter=0xbff76cec, node=Variable "node" is not available. ) at gtkblist.c:2755 #2 0x00482a4c in gaim_gtk_blist_update_contact (list=0x97e6e68, node=0x97fea60) at gtkblist.c:3789 #3 0x004821e2 in gaim_gtk_blist_update (list=0x97e6e68, node=0x97feb28) at gtkblist.c:3809 #4 0x0043863e in gaim_blist_update_buddy_presence (buddy=0x97feb28, online=1) at blist.c:324 #5 0x0045b5d0 in serv_got_update (gc=0x9805570, name=0x9930a00 "sacc0d3r", loggedin=1, evil=0, signon=1109038583, idle=0, type=16) at server.c:1327 #6 0x00e41d77 in gaim_parse_oncoming (sess=0x9933fb8, fr=0x9930a48) at oscar.c:3044 #7 0x00e2606f in snachandler (sess=0x9805760, mod=0x9805a30, rx=0x9930a48, snac=0xbff76f5c, bs=0x9930a54) at buddylist.c:253 #8 0x00e35673 in aim_rxdispatch (sess=0x9805760) at rxhandlers.c:138 #9 0x00e3f4ad in oscar_callback (data=0x9933fb8, source=12, condition=Variable "condition" is not available. ) at oscar.c:1572 #10 0x0049c38a in gaim_gtk_io_invoke (source=0x9933fb8, condition=G_IO_IN, data=0x98e0e28) at gtkeventloop.c:61 #11 0x0023c75d in g_vasprintf () from /usr/lib/libglib-2.0.so.0 #12 0x002181e8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #13 0x00219a08 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0 A quick run under valgrind definitely shows there to be some stack corruption going on.
http://bugzilla.gnome.org/show_bug.cgi?id=167942 This is the actual issue, gaim is not built to match glib's large file support, so passing the wrong stat struct causes it to explode. Upstream glib can help this situation, but meanwhile the proper workaround is to build our gaim to match glib. gaim-1.1.3-4 coming soon with this fix, a MSN crash fix, and yet another security hole patched.
which will make it largely identical with the 1.1.4 release coming on thursday.
Yeah, we need something ASAP for the already frozen FC4test1. Thursday might be too late for that.
Resolved in gaim-1.1.4.