Description of problem: Ever since (I think that's when it started) the whole of rawhide was rebuilt just prior to FC5T3 abiword has been crashing on exit. It improved when abiword was rebuilt as well but still crashes regularly. Also it has all the grammat spew when run from the command line. Let me know if you need more info. Version-Release number of selected component (if applicable): abiword-2.4.2-6.fc5 How reproducible: Everytime Steps to Reproduce: 1. Run abiword from command line 2. Exit 3. Get debug dump on terminal window [peterr@localhost ecash]$ abiword 71384011.doc (AbiWord-2.4:11646): libgsf:msole-CRITICAL **: ole_get_block: assertion `block < ole->info->max_block' failed Wrong Grammar|Mr.| LowOff 0 HighOff 2 Wrong Grammar| Peter Robinson | LowOff 3 HighOff 18 Wrong Grammar|Mr.| LowOff 0 HighOff 2 Wrong Grammar| Peter Robinson | LowOff 3 HighOff 18 *** glibc detected *** abiword: free(): invalid next size (normal): 0x08a22d18 *** ======= Backtrace: ========= /lib/libc.so.6[0xc60de8] /lib/libc.so.6(__libc_free+0x79)[0xc642ed] /usr/lib/libfontconfig.so.1(FcStrFree+0x3d)[0x49067cd] /usr/lib/libfontconfig.so.1(FcValueListDestroy+0x337)[0x49010c7] /usr/lib/libfontconfig.so.1(FcPatternDestroy+0xeb)[0x49013eb] /usr/lib/libXft.so.2[0xa7c7af] /usr/lib/libXft.so.2(XftFontManageMemory+0x104)[0xa7c9a4] /usr/lib/libXft.so.2(XftFontClose+0x4f)[0xa7ca5f] abiword(_ZN12XAP_UnixFontD1Ev+0xb0)[0x824b930] abiword(_ZN19XAP_UnixFontManagerD1Ev+0x4b)[0x823d74b] abiword(_ZN11XAP_UnixAppD2Ev+0x44)[0x82392b4] abiword(_ZN10AP_UnixAppD0Ev+0x64)[0x813e5d4] abiword(_ZN10AP_UnixApp4mainEPKciPS1_+0x3bf)[0x814005f] abiword(main+0x2a)[0x813bcca] /lib/libc.so.6(__libc_start_main+0xdc)[0xc127a4] abiword(__gxx_personality_v0+0x34d)[0x813bc11] ======= Memory map: ======== 00101000-001fa000 r-xp 00000000 03:05 370930 /usr/lib/libX11.so.6.2.0 001fa000-001fe000 rwxp 000f9000 03:05 370930 /usr/lib/libX11.so.6.2.0 00200000-00291000 r-xp 00000000 03:05 366055 /usr/lib/libglib-2.0.so.0.902.4 00291000-00292000 rwxp 00091000 03:05 366055 /usr/lib/libglib-2.0.so.0.902.4 00292000-002f7000 r-xp 00000000 03:05 1811766 /usr/lib/libbonoboui-2.so.0.0.0 002f7000-002fa000 rwxp 00064000 03:05 1811766 /usr/lib/libbonoboui-2.so.0.0.0 002fa000-00301000 r-xp 00000000 03:05 1811714 /usr/lib/libXi.so.6.0.0 00301000-00302000 rwxp 00007000 03:05 1811714 /usr/lib/libXi.so.6.0.0 00302000-00305000 r-xp 00000000 03:05 1811715 /usr/lib/libXrandr.so.2.0.0 00305000-00306000 rwxp 00002000 03:05 1811715 /usr/lib/libXrandr.so.2.0.0 00306000-0030f000 r-xp 00000000 03:05 1811717 /usr/lib/libXcursor.so.1.0.2 0030f000-00310000 rwxp 00008000 03:05 1811717 /usr/lib/libXcursor.so.1.0.2 00310000-0031f000 r-xp 00000000 03:05 1456536 /lib/libresolv-2.3.90.so 0031f000-00320000 r-xp 0000e000 03:05 1456536 /lib/libresolv-2.3.90.so 00320000-00321000 rwxp 0000f000 03:05 1456536 /lib/libresolv-2.3.90.so 00321000-00323000 rwxp 00321000 00:00 0 00323000-00325000 r-xp 00000000 03:05 1456537 /lib/libcom_err.so.2.1 00325000-00326000 rwxp 00001000 03:05 1456537 /lib/libcom_err.so.2.1 00327000-0034e000 r-xp 00000000 03:05 1811706 /usr/lib/libpng12.so.0.1.2.8 0034e000-0034f000 rwxp 00026000 03:05 1811706 /usr/lib/libpng12.so.0.1.2.8 0034f000-003ba000 r-xp 00000000 03:05 1811707 /usr/lib/libfreetype.so.6.3.8 003ba000-003bd000 rwxp 0006a000 03:05 1811707 /usr/lib/libfreetype.so.6.3.8 003bd000-004dc000 r-xp 00000000 03:05 1456538 /lib/libcrypto.so.0.9.8a 004dc000-004ef000 rwxp 0011e000 03:05 1456538 /lib/libcrypto.so.0.9.8a 004ef000-004f2000 rwxp 004ef000 00:00 0 004f2000-00511000 r-xp 00000000 03:05 1456541 /lib/libexpat.so.0.5.0 00511000-00513000 rwxp 0001e000 03:05 1456541 /lib/libexpat.so.0.5.0 00513000-0052b000 r-xp 00000000 03:05 374956 /usr/lib/libgssapi_krb5.so.2.2 0052b000-0052c000 rwxp 00017000 03:05 374956 /usr/lib/libgssapi_krb5.so.2.2 0052c000-00550000 r-xp 00000000 03:05 373716 /usr/lib/libk5crypto.so.3.0 00550000-00551000 rwxp 00024000 03:05 373716 /usr/lib/libk5crypto.so.3.0 00551000-00554000 r-xp 00000000 03:05 373500 /usr/lib/libkrb5support.so.0.0 00554000-00555000 rwxp 00002000 03:05 373500 /usr/lib/libkrb5support.so.0.0 00555000-00566000 r-xp 00000000 03:05 1452842 /lib/libnsl-2.3.90.so 00566000-00567000 r-xp 00010000 03:05 1452842 /lib/libnsl-2.3.90.so 00567000-00568000 rwxp 00011000 03:05 1452842 /lib/libnsl-2.3.90.so 00568000-0056a000 rwxp 00568000 00:00 0 0056a000-00573000 r-xp 00000000 03:05 1456638 /lib/libnss_files-2.3.90.so 00573000-00574000 r-xp 00008000 03:05 1456638 /lib/libnss_files-2.3.90.so 00574000-00575000 rwxp 00009000 03:05 1456638 /lib/libnss_files-2.3.90.so 00575000-00577000 r-xp 00000000 03:05 397750 /usr/lib/gconv/CP1252.so 00577000-00579000 rwxp 00001000 03:05 397750 /usr/lib/gconv/CP1252.so 00594000-005d5000 r-xp 00000000 03:05 1456539 /lib/libssl.so.0.9.8a 005d5000-005d9000 rwxp 00040000 03:05 1456539 /lib/libssl.so.0.9.8a 005db000-005e2000 r-xp 00000000 03:05 369387 /usr/lib/libpopt.so.0.0.0 005e2000-005e3000 rwxp 00006000 03:05 369387
Created attachment 125018 [details] Another debug output
Reporter: could you install the abiword-debug rpm as well, to get a more interesting stack trace?
I would if yum could find one in fedora-extras :-) [root@localhost ~]# yum install abiword-debuginfo Loading "installonlyn" plugin Setting up Install Process Setting up repositories development [1/2] development 100% |=========================| 1.1 kB 00:00 extras-development [2/2] extras-development 100% |=========================| 1.1 kB 00:00 Reading repository metadata in from local files Parsing package install arguments No Match for argument: abiword-debuginfo Nothing to do [root@localhost ~]# yum install abiword-debug Loading "installonlyn" plugin Setting up Install Process Setting up repositories development [1/2] extras-development [2/2] Reading repository metadata in from local files Parsing package install arguments No Match for argument: abiword-debug Nothing to do
Oops ignore that last comment.... found them :-)
OK here you go... let me know if you need any more debuginfo packages installed. Backtrace was generated from '/usr/bin/AbiWord-2.4' Using host libthread_db library "/lib/libthread_db.so.1". `shared object read from target memory' has disappeared; keeping its symbols. [Thread debugging using libthread_db enabled] [New Thread -1209067856 (LWP 18301)] 0x002fe402 in __kernel_vsyscall () #0 0x002fe402 in __kernel_vsyscall () #1 0x002c2a13 in ?? () from /lib/libpthread.so.0 #2 0x04af2086 in libgnomeui_segv_handle (signum=6) at gnome-ui-init.c:792 #3 <signal handler called> #4 0x002fe402 in __kernel_vsyscall () #5 0x00b36159 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #6 0x00b376e3 in *__GI_abort () at abort.c:88 #7 0x00b6aa1b in __libc_message (do_abort=2, fmt=0xc27c74 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #8 0x00b7551f in *__GI___libc_free (mem=0xa38b748) at malloc.c:5608 #9 0x057ca9ad in FcStrFree () from /usr/lib/libfontconfig.so.1 #10 0x057c52a7 in FcValueListDestroy () from /usr/lib/libfontconfig.so.1 #11 0x057c55cb in FcPatternDestroy () from /usr/lib/libfontconfig.so.1 #12 0x00a7c7af in XftInitFtLibrary () from /usr/lib/libXft.so.2 #13 0x00a7c9a4 in XftFontManageMemory () from /usr/lib/libXft.so.2 #14 0x00a7ca5f in XftFontClose () from /usr/lib/libXft.so.2 #15 0x0824b930 in ~XAP_UnixFont (this=0xa21feb8) at xap_UnixFont.cpp:272 #16 0x0823d74b in ~XAP_UnixFontManager (this=0xa21e070) at ../../../../src/af/util/xp/ut_hash.h:145 #17 0x082392b4 in ~XAP_UnixApp (this=0xa190148) at xap_UnixApp.cpp:140 #18 0x0813e5d4 in ~AP_UnixApp (this=0xa190148) at ap_UnixApp.cpp:184 #19 0x0814005f in AP_UnixApp::main (szAppName=0x83ec743 "AbiWord", argc=1, argv=0xbfd18e04) at ap_UnixApp.cpp:1545 #20 0x0813bcca in main (argc=) at UnixMain.cpp:26 Thread 1 (Thread -1209067856 (LWP 18301)): #0 0x002fe402 in __kernel_vsyscall () No symbol table info available. #1 0x002c2a13 in ?? () from /lib/libpthread.so.0 No symbol table info available. #2 0x04af2086 in libgnomeui_segv_handle (signum=6) at gnome-ui-init.c:792 estatus = 84 sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {0, 170428032, 77201410, 0, 77256380, 11637252, 5906392, 3085945192, 3218178036, 3218178056, 5838185, 3218178036, 5908496, 46, 3085906080, 1, 0, 1, 0, 0, 0, 4294967292, 1, 5837431, 2859049, 77213710, 77246900, 3218178040, 77211540, 16825381, 77213710, 0}}, sa_flags = 5908496, sa_restorer = 0} pid =
*** Bug 190695 has been marked as a duplicate of this bug. ***
I am seeing this bug with abiword-2.4.4-2.fc5 (line offsets on a backtrace are slightly different). It looks like that a reliable way to reproduce it is to open two (existing?) files and then to quit the application. Besides the following complaints show often in the situation described above: (AbiWord-2.4:1877): GModule-CRITICAL **: g_module_close: assertion `module != NULL' failed (AbiWord-2.4:1877): libgsf:msole-CRITICAL **: ole_get_block: assertion `block < ole->info->max_block' failed A complaint from glibc is slightly different that the one quoted in the original report: *** glibc detected *** abiword: munmap_chunk(): invalid pointer: 0x0000000001084b60 *** but maybe this is x86_64 specific?
*** Bug 189317 has been marked as a duplicate of this bug. ***
Nope, it's not x86_64 specific. FIXED in abiword-2_4_4-4_fc5, which is being built at this very moment.
While I still see in abiword-2.4.4-4.fc5 messages like: (AbiWord-2.4:1877): GModule-CRITICAL **: g_module_close: assertion `module != NULL' failed (AbiWord-2.4:1877): libgsf:msole-CRITICAL **: ole_get_block: assertion `block < ole->info->max_block' failed a crash reported in the original report indeed looks like gone. Thanks! Should these "CRITICAL" get their own bugzilla entry or there is no point?
The first is bug 190579. The second is the wordperfect importer, where we 'abuse' libgsf to scan for WP documents in a partial OLE stream. You can ignore that one.