Bug 532307 - [abrt] pulseaudio looks to be crashing empathy (ptrhead_setspecific() fails with EINVAL)
[abrt] pulseaudio looks to be crashing empathy (ptrhead_setspecific() fails w...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: empathy (Show other bugs)
12
i686 Linux
high Severity high
: ---
: ---
Assigned To: Peter Gordon
Fedora Extras Quality Assurance
abrt_hash:6d89414b430cfc21f4e09e554ed...
: Triaged
: 524506 532106 532484 533435 533576 533923 538140 538474 539726 539838 539854 540880 541498 541945 542448 543089 543881 543988 544015 544101 544365 544457 544621 544690 544814 545370 545455 546112 546820 546857 546926 547038 547452 547841 548631 548931 549214 549361 549392 549693 550125 551036 551281 551298 551633 551745 552116 552597 552740 553025 (view as bug list)
Depends On:
Blocks: 554899
  Show dependency treegraph
 
Reported: 2009-11-01 08:14 EST by Karel Klíč
Modified: 2013-03-03 17:59 EST (History)
72 users (show)

See Also:
Fixed In Version: 2.28.2-2.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 554899 (view as bug list)
Environment:
Last Closed: 2010-01-25 19:56:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (23.53 KB, text/plain)
2009-11-01 08:14 EST, Karel Klíč
no flags Details
Another backtrace (20.54 KB, text/plain)
2009-11-17 14:38 EST, Brian Pepple
no flags Details
Patch to collect requested debug information when pthread_setspecific() fails (830 bytes, patch)
2009-12-11 07:03 EST, Matthew Booth
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 600693 None None None Never

  None (edit)
Description Karel Klíč 2009-11-01 08:14:49 EST
abrt detected a crash.


How to reproduce
-----
1.
2.
3.


Comment
-----
I was not working with Empathy when this crash happened, it ran on background.

Additional information
======


Attached files
----
backtrace

cmdline
-----
empathy 


component
-----
empathy


executable
-----
/usr/bin/empathy


kernel
-----
2.6.31.5-96.fc12.i686.PAE


package
-----
empathy-2.28.1.1-3.fc12


reason
-----
Process was terminated by signal 6
Comment 1 Karel Klíč 2009-11-01 08:14:52 EST
Created attachment 367009 [details]
File: backtrace
Comment 2 Karel Klíč 2009-11-04 08:24:14 EST
Again the same crash today.
Comment 3 Brian Pepple 2009-11-04 13:24:45 EST
Looking at the backtrace it looks like this crash is caused by pulseaudio.  Reassigning bug.
Comment 4 Lennart Poettering 2009-11-04 20:49:33 EST
Hmm, that's pthread_setspecific() failing. I don't see how that could ever fail, especially since we call pthread_getspecific() right before.

Is there any reliable way to reproduce this? I'd be very interested in the exact return value if pthread_setspecific() there.
Comment 5 Karel Klíč 2009-11-05 01:27:51 EST
It crashes about once a day. I'll try get the return value.
Comment 6 Brian Pepple 2009-11-08 15:39:43 EST
*** Bug 533726 has been marked as a duplicate of this bug. ***
Comment 7 Brian Pepple 2009-11-08 15:44:31 EST
*** Bug 533576 has been marked as a duplicate of this bug. ***
Comment 8 Brian Pepple 2009-11-09 14:55:44 EST
*** Bug 533923 has been marked as a duplicate of this bug. ***
Comment 9 Lennart Poettering 2009-11-09 21:41:15 EST
Any luck so far?
Comment 10 Karel Klíč 2009-11-10 03:58:10 EST
It seems this bug is triggered much less when Empathy runs within gdb.
It crashed on Friday, but I failed to get the pthread_setspecific() return value (gdb crashed when I tried to reload debug infos).

I still run Empathy with gdb. 

I'll try to add some debugging output to PulseAudio and recompile it. Then I can run it without gdb.
Comment 11 Karel Klíč 2009-11-11 15:20:46 EST
When I download pulseaudio fedora CVS repository, run "make local" in F-12 and install the result (all rpms, or just the pulseaudio-0.9.19-2 rpm, or just libpulsecore-*.so), the pulseaudio daemon cannot start.

Nov 11 21:03:33 localhost pulseaudio[2718]: fdsem.c: Assertion 'pa_atomic_dec(&f
->data->waiting) >= 1' failed at pulsecore/fdsem.c:283, function pa_fdsem_before
_poll(). Aborting.

Is there some other way to run the patched version?
Comment 12 Bug Zapper 2009-11-16 09:49:16 EST
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 13 Brian Pepple 2009-11-16 10:36:26 EST
*** Bug 537831 has been marked as a duplicate of this bug. ***
Comment 14 Brian Pepple 2009-11-17 14:37:26 EST
*** Bug 538140 has been marked as a duplicate of this bug. ***
Comment 15 Brian Pepple 2009-11-17 14:38:40 EST
Created attachment 369945 [details]
Another backtrace
Comment 16 Brian Pepple 2009-11-20 12:11:51 EST
*** Bug 539588 has been marked as a duplicate of this bug. ***
Comment 17 Brian Pepple 2009-11-21 15:19:33 EST
*** Bug 539979 has been marked as a duplicate of this bug. ***
Comment 18 Brian Pepple 2009-11-24 09:00:42 EST
*** Bug 540880 has been marked as a duplicate of this bug. ***
Comment 19 Brian Pepple 2009-11-24 19:05:07 EST
*** Bug 541066 has been marked as a duplicate of this bug. ***
Comment 20 Brian Pepple 2009-11-25 16:13:24 EST
*** Bug 541403 has been marked as a duplicate of this bug. ***
Comment 21 Brian Pepple 2009-11-26 08:37:10 EST
*** Bug 541498 has been marked as a duplicate of this bug. ***
Comment 22 Brian Pepple 2009-11-27 11:55:57 EST
*** Bug 541945 has been marked as a duplicate of this bug. ***
Comment 23 Brian Pepple 2009-11-29 15:12:19 EST
*** Bug 542448 has been marked as a duplicate of this bug. ***
Comment 24 Brian Pepple 2009-12-01 12:13:01 EST
*** Bug 543089 has been marked as a duplicate of this bug. ***
Comment 25 Brian Pepple 2009-12-03 09:32:54 EST
*** Bug 543881 has been marked as a duplicate of this bug. ***
Comment 26 Brian Pepple 2009-12-03 13:11:19 EST
*** Bug 544015 has been marked as a duplicate of this bug. ***
Comment 27 Brian Pepple 2009-12-03 18:11:04 EST
*** Bug 544101 has been marked as a duplicate of this bug. ***
Comment 28 Brian Pepple 2009-12-04 17:54:59 EST
*** Bug 544457 has been marked as a duplicate of this bug. ***
Comment 29 Brian Pepple 2009-12-04 18:11:26 EST
*** Bug 544462 has been marked as a duplicate of this bug. ***
Comment 30 Brian Pepple 2009-12-06 09:27:32 EST
*** Bug 544757 has been marked as a duplicate of this bug. ***
Comment 31 Brian Pepple 2009-12-06 14:20:58 EST
*** Bug 544846 has been marked as a duplicate of this bug. ***
Comment 32 Brian Pepple 2009-12-07 17:47:30 EST
*** Bug 545240 has been marked as a duplicate of this bug. ***
Comment 33 Brian Pepple 2009-12-08 10:07:07 EST
*** Bug 545421 has been marked as a duplicate of this bug. ***
Comment 34 Brian Pepple 2009-12-08 11:13:07 EST
*** Bug 545455 has been marked as a duplicate of this bug. ***
Comment 35 Brian Pepple 2009-12-08 18:33:22 EST
*** Bug 545616 has been marked as a duplicate of this bug. ***
Comment 36 Brian Pepple 2009-12-09 10:55:25 EST
*** Bug 545885 has been marked as a duplicate of this bug. ***
Comment 37 Brian Pepple 2009-12-09 18:06:11 EST
*** Bug 546076 has been marked as a duplicate of this bug. ***
Comment 38 Brian Pepple 2009-12-09 22:15:41 EST
*** Bug 546112 has been marked as a duplicate of this bug. ***
Comment 39 Brian Pepple 2009-12-10 12:19:21 EST
*** Bug 546335 has been marked as a duplicate of this bug. ***
Comment 40 Matthew Booth 2009-12-10 12:28:51 EST
(In reply to comment #9)
> Any luck so far?  

Lennart,

I'm also getting this crash daily, and by the looks of it, so are a bunch of other people.

I've just installed a patched version of pulseaudio which should give the return value of pthread_setspecific when it inevitably crashes tomorrow. However, I'm going to go out on a limb and say that from the 2 possibilities (ENOMEM and EINVAL), it's going to be EINVAL. Looking at the code in thread.h, the most obvious reason for this would be use of the thread local object after its destructor had been called. Not being familiar at all with this codebase myself, does that sound right? What additional debug info would you want?

Matt
Comment 41 Matthew Booth 2009-12-11 07:03:31 EST
Created attachment 377717 [details]
Patch to collect requested debug information when pthread_setspecific() fails
Comment 42 Matthew Booth 2009-12-11 07:06:33 EST
Right on cue, it crashed again this morning. This time I'd applied the patch from Comment #41 and rebuild pulseaudio. As expected, output was:

22: Invalid argument
Comment 43 Brian Pepple 2009-12-12 13:04:05 EST
*** Bug 546926 has been marked as a duplicate of this bug. ***
Comment 44 Brian Pepple 2009-12-13 08:21:16 EST
*** Bug 547038 has been marked as a duplicate of this bug. ***
Comment 45 Karel Klíč 2009-12-14 13:01:34 EST
*** Bug 538474 has been marked as a duplicate of this bug. ***
Comment 46 Karel Klíč 2009-12-14 13:05:13 EST
*** Bug 546857 has been marked as a duplicate of this bug. ***
Comment 47 Karel Klíč 2009-12-14 13:08:20 EST
*** Bug 539726 has been marked as a duplicate of this bug. ***
Comment 48 Karel Klíč 2009-12-14 13:14:33 EST
*** Bug 533435 has been marked as a duplicate of this bug. ***
Comment 49 Brian Pepple 2009-12-14 13:16:12 EST
*** Bug 547452 has been marked as a duplicate of this bug. ***
Comment 50 Karel Klíč 2009-12-14 13:16:25 EST
*** Bug 539838 has been marked as a duplicate of this bug. ***
Comment 51 Karel Klíč 2009-12-14 13:18:27 EST
*** Bug 539854 has been marked as a duplicate of this bug. ***
Comment 52 Karel Klíč 2009-12-14 13:19:41 EST
*** Bug 544621 has been marked as a duplicate of this bug. ***
Comment 53 Karel Klíč 2009-12-14 13:22:10 EST
*** Bug 543988 has been marked as a duplicate of this bug. ***
Comment 54 Karel Klíč 2009-12-14 13:28:18 EST
*** Bug 532484 has been marked as a duplicate of this bug. ***
Comment 55 Brian Pepple 2009-12-14 16:42:35 EST
*** Bug 547537 has been marked as a duplicate of this bug. ***
Comment 56 Brian Pepple 2009-12-15 14:56:56 EST
*** Bug 547841 has been marked as a duplicate of this bug. ***
Comment 57 Brian Pepple 2009-12-15 18:01:53 EST
*** Bug 547885 has been marked as a duplicate of this bug. ***
Comment 58 Brian Pepple 2009-12-16 06:32:36 EST
*** Bug 547995 has been marked as a duplicate of this bug. ***
Comment 59 Lennart Poettering 2009-12-17 09:19:10 EST
(In reply to comment #40)
> (In reply to comment #9)
> > Any luck so far?  
> 
> Lennart,
> 
> I'm also getting this crash daily, and by the looks of it, so are a bunch of
> other people.
> 
> I've just installed a patched version of pulseaudio which should give the
> return value of pthread_setspecific when it inevitably crashes tomorrow.
> However, I'm going to go out on a limb and say that from the 2 possibilities
> (ENOMEM and EINVAL), it's going to be EINVAL. Looking at the code in thread.h,
> the most obvious reason for this would be use of the thread local object after
> its destructor had been called. 

That is unlikely. We actually build the library with -z nodelete precisely to avoid issues like that. 

Thanks for figuring out that EINVAL is the error cause, unfortunately this still is not precise enough to figure out fully what is going on here...
Comment 60 Brian Pepple 2009-12-17 19:35:21 EST
*** Bug 548631 has been marked as a duplicate of this bug. ***
Comment 61 Brian Pepple 2009-12-19 11:20:12 EST
*** Bug 548931 has been marked as a duplicate of this bug. ***
Comment 62 Brian Pepple 2009-12-19 11:22:43 EST
*** Bug 548937 has been marked as a duplicate of this bug. ***
Comment 63 Brian Pepple 2009-12-20 09:46:24 EST
*** Bug 549117 has been marked as a duplicate of this bug. ***
Comment 64 Brian Pepple 2009-12-20 10:54:43 EST
*** Bug 549131 has been marked as a duplicate of this bug. ***
Comment 65 Brian Pepple 2009-12-20 20:53:08 EST
*** Bug 549203 has been marked as a duplicate of this bug. ***
Comment 66 Brian Pepple 2009-12-20 20:53:47 EST
*** Bug 549214 has been marked as a duplicate of this bug. ***
Comment 67 Brian Pepple 2009-12-20 20:54:20 EST
*** Bug 549215 has been marked as a duplicate of this bug. ***
Comment 68 Brian Pepple 2009-12-21 23:53:17 EST
*** Bug 549591 has been marked as a duplicate of this bug. ***
Comment 69 Brian Pepple 2009-12-22 09:42:17 EST
*** Bug 549712 has been marked as a duplicate of this bug. ***
Comment 70 Brian Pepple 2009-12-22 09:44:03 EST
*** Bug 549693 has been marked as a duplicate of this bug. ***
Comment 71 Brian Pepple 2009-12-22 21:46:09 EST
*** Bug 549950 has been marked as a duplicate of this bug. ***
Comment 72 Brian Pepple 2009-12-23 12:41:36 EST
*** Bug 550125 has been marked as a duplicate of this bug. ***
Comment 73 Stephen Haffly 2009-12-23 20:46:05 EST
I found something that may be of interest.  I have had Abiword crash and the traceback always referred to Pulse Audio.  My bug report got marked as a duplicate of this bug, so I am providing input here.

On a whim, I selected Preferences/Sound.  On the Sound Effects tab, I had previously selected the checkbox for Enable window and button sounds.  I decided to uncheck the box and try the same operation (paste text into Abiword, then select it and attempt to resize it) that would previously cause Abiword to abend immediately.  This time, however, Abiword completed the operations without fault.

To summarize:
Sound Preferences "Enable window and button sounds enabled--Abiword crashes
Sound Preferences "Enable window and button sounds disabled--Abiword works.
Comment 74 Brian Pepple 2009-12-25 17:30:43 EST
*** Bug 550518 has been marked as a duplicate of this bug. ***
Comment 75 Brian Pepple 2009-12-28 12:00:56 EST
*** Bug 551036 has been marked as a duplicate of this bug. ***
Comment 76 Brian Pepple 2009-12-28 12:02:20 EST
*** Bug 551041 has been marked as a duplicate of this bug. ***
Comment 77 Brian Pepple 2009-12-29 15:25:28 EST
*** Bug 551281 has been marked as a duplicate of this bug. ***
Comment 78 Brian Pepple 2009-12-29 17:18:38 EST
*** Bug 551298 has been marked as a duplicate of this bug. ***
Comment 79 Brian Pepple 2009-12-31 17:02:55 EST
*** Bug 551633 has been marked as a duplicate of this bug. ***
Comment 80 Brian Pepple 2009-12-31 23:28:56 EST
*** Bug 551659 has been marked as a duplicate of this bug. ***
Comment 81 Brian Pepple 2009-12-31 23:32:13 EST
*** Bug 551663 has been marked as a duplicate of this bug. ***
Comment 82 Brian Pepple 2009-12-31 23:32:20 EST
*** Bug 551662 has been marked as a duplicate of this bug. ***
Comment 83 Brian Pepple 2010-01-01 12:36:53 EST
*** Bug 551745 has been marked as a duplicate of this bug. ***
Comment 84 Brian Pepple 2010-01-02 00:38:12 EST
*** Bug 551799 has been marked as a duplicate of this bug. ***
Comment 85 Todd Zullinger 2010-01-02 16:37:59 EST
*** Bug 541398 has been marked as a duplicate of this bug. ***
Comment 86 Todd Zullinger 2010-01-02 16:41:00 EST
*** Bug 543630 has been marked as a duplicate of this bug. ***
Comment 87 Todd Zullinger 2010-01-02 16:42:43 EST
*** Bug 544365 has been marked as a duplicate of this bug. ***
Comment 88 Todd Zullinger 2010-01-02 16:45:19 EST
*** Bug 544690 has been marked as a duplicate of this bug. ***
Comment 89 Todd Zullinger 2010-01-02 16:57:13 EST
*** Bug 550365 has been marked as a duplicate of this bug. ***
Comment 90 Todd Zullinger 2010-01-02 16:58:40 EST
*** Bug 550490 has been marked as a duplicate of this bug. ***
Comment 91 Brian Pepple 2010-01-03 17:27:23 EST
*** Bug 552064 has been marked as a duplicate of this bug. ***
Comment 92 Brian Pepple 2010-01-04 09:33:10 EST
*** Bug 552116 has been marked as a duplicate of this bug. ***
Comment 93 Michal Schmidt 2010-01-04 11:30:13 EST
I can confirm Stephen Haffly's steps to reproduce and make them more specific.
This is 100% reproducible for me:
1. Make sure you have "Enable window and button sounds" enabled in gnome-volume-control.
2. Run "abiword".
3. Paste a text into Abiword from Firefox or OpenOffice.org Writer.
   (Use one of these two applications in order to have the text copied as rich text with formatting. Pasting simple text from gedit or gnome-terminal won't reproduce the bug. It does not matter whether you use select and middle-click or CTRL+C, CTRL+V.)
4. Now almost any action (resize text, clicking in menus, ...) in Abiword will crash it with:

Assertion 'pthread_setspecific(t->key, userdata) == 0' failed at pulsecore/thread-posix.c:200, function pa_tls_set(). Aborting.
Comment 94 Brian Pepple 2010-01-04 15:36:02 EST
*** Bug 552369 has been marked as a duplicate of this bug. ***
Comment 95 Brian Pepple 2010-01-04 17:56:41 EST
*** Bug 552413 has been marked as a duplicate of this bug. ***
Comment 96 Susi Lehtola 2010-01-05 09:10:34 EST
*** Bug 552544 has been marked as a duplicate of this bug. ***
Comment 97 Brian Pepple 2010-01-05 11:21:52 EST
*** Bug 552597 has been marked as a duplicate of this bug. ***
Comment 98 Brian Pepple 2010-01-05 20:13:24 EST
*** Bug 552740 has been marked as a duplicate of this bug. ***
Comment 99 Brian Pepple 2010-01-06 10:25:07 EST
*** Bug 552927 has been marked as a duplicate of this bug. ***
Comment 100 Brian Pepple 2010-01-06 16:07:05 EST
*** Bug 553025 has been marked as a duplicate of this bug. ***
Comment 101 Brian Pepple 2010-01-06 22:49:37 EST
*** Bug 553095 has been marked as a duplicate of this bug. ***
Comment 102 Brian Pepple 2010-01-07 08:37:27 EST
*** Bug 553183 has been marked as a duplicate of this bug. ***
Comment 103 Brian Pepple 2010-01-07 08:59:52 EST
*** Bug 553235 has been marked as a duplicate of this bug. ***
Comment 104 Brian Pepple 2010-01-07 13:28:27 EST
*** Bug 553362 has been marked as a duplicate of this bug. ***
Comment 105 Lennart Poettering 2010-01-11 18:13:53 EST
*** Bug 544457 has been marked as a duplicate of this bug. ***
Comment 106 Lennart Poettering 2010-01-11 18:26:46 EST
Oh man this is so stupid. I just dropped the majority of the duplicates from this bug again because they have NOTHING to do with PA. Guys, this is not a dumpster for your bugs you don't have any use for anymore.

Please, from now on this bug should be only about PA related crashes, more specifically about pthread_setspecific() failing in pa_tls_set(), nothing else. If you get an abort() in the pa_tls_set() stack frame this is where to duplicate it to, but please, don't dup any other bugs on this, I have a hard time reading through all the noise here. Thanks.
Comment 107 Lennart Poettering 2010-01-11 18:28:46 EST
*** Bug 545370 has been marked as a duplicate of this bug. ***
Comment 108 Lennart Poettering 2010-01-11 18:29:19 EST
*** Bug 546820 has been marked as a duplicate of this bug. ***
Comment 109 Lennart Poettering 2010-01-11 21:34:04 EST
Hmm, I have not been able to reproduce this unfortunately. Not sure where to begin debugging. The hints in #93 did not cause this issue to be hit for me. Michal, is that on 32bit or 64bit?

Anyone else has a good idea how I could reproduce this issue?
Comment 110 Michal Schmidt 2010-01-12 09:10:23 EST
(In reply to comment #109)
> Hmm, I have not been able to reproduce this unfortunately. Not sure where to
> begin debugging. The hints in #93 did not cause this issue to be hit for me.
> Michal, is that on 32bit or 64bit?

I'm using x86_64. F12 with updates-testing enabled.
Comment 111 Michal Schmidt 2010-01-12 16:58:03 EST
I added a few debug prints in src/pulsecore/thread-posix.c to debug PA's TLS usage.
When running the steps to reproduce using abiword, the results was this:

pa_tls_new, pthread=0x7fb5dde4d710, tid=3045: created key 4
pa_tls_set, pthread=0x7fb5dde4d710, tid=3045: replacing value for key 4. previous=(nil) new=0x1d29fb0
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's (nil)
pa_tls_set, pthread=0x7fb5f33867c0, tid=3044: replacing value for key 4. previous=(nil) new=0x1d36c80
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's 0x1d36c80
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's 0x1d36c80
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's 0x1d36c80
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's 0x1d36c80
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's 0x1d36c80
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's 0x1d36c80
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's 0x1d36c80
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's 0x1d36c80
### this is when I pasted some text from OOo ###
pa_tls_get, pthread=0x7fb5f33867c0, tid=3044: got value for key 4, it's (nil)
pa_tls_set, pthread=0x7fb5f33867c0, tid=3044: replacing value for key 4. previous=(nil) new=0x1d463f0
Assertion 'pthread_setspecific(t->key, userdata) == 0' failed at pulsecore/thread-posix.c:216, function pa_tls_set(). Aborting.

Notice how the value for key 4 got erased suddenly without any pa_tls_*() calls in between the two consecutive calls to pa_tls_get(). This tells me that something else than PA fiddles with thread-specific data. A possible explanation could be that something called pthread_key_delete() in between and destroyed key 4.

So I ran abiword under gdb, placing breakpoints at pthread_key_create() and pthread_key_delete(). And really, this revealed about 80 calls to pthread_key_delete(), all with a backtrace like this:

Breakpoint 2, pthread_key_delete (key=4) at pthread_key_delete.c:31
31	  if (__builtin_expect (key < PTHREAD_KEYS_MAX, 1))
#0  pthread_key_delete (key=4) at pthread_key_delete.c:31
#1  0x0000003d24038085 in xmlCleanupParser__internal_alias () at parser.c:14044
#2  0x0000003d2363da57 in UT_XML::~UT_XML() () from /usr/lib64/libabiword-2.8.so
#3  0x0000003d2363de0a in UT_XML_Decode(char const*) () from /usr/lib64/libabiword-2.8.so
#4  0x0000003d235370b7 in AP_Prefs::loadBuiltinPrefs() () from /usr/lib64/libabiword-2.8.so
#5  0x0000003d23537172 in AP_Prefs::fullInit() () from /usr/lib64/libabiword-2.8.so
#6  0x0000003d23497ae7 in AP_UnixApp::initialize(bool) () from /usr/lib64/libabiword-2.8.so
#7  0x0000003d23498169 in AP_UnixApp::main(char const*, int, char**) () from /usr/lib64/libabiword-2.8.so
#8  0x0000003d1841eb1d in __libc_start_main (main=<value optimized out>, argc=<value optimized out>, ubp_av=<value optimized out>, 
    init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=<value optimized out>) at libc-start.c:226
#9  0x0000000000400889 in _start ()

Deleting an already deleted key is clearly a bug. I believe this specific case is a bug in abiword - it should not call libxml2's xmlCleanupParser() unless it's going to exit really soon (a source comment in libxml2 has a big WARNING about it).

What does anything from what I wrote to do with empathy? I don't know. Maybe empathy misuses libxml2 in a similar way. I don't use empathy. And right now I'm on an extremely crippled Internet connection to even download it.
Comment 112 Lennart Poettering 2010-01-12 17:50:39 EST
Ah, wonderful. That could be it. Empathy in fact *does* call that function quite often, judging by the code:

http://git.gnome.org/browse/gossip/tree/src/gossip-contact-groups.c#n224

Will reassign to empathy again.
Comment 113 Lennart Poettering 2010-01-12 17:52:58 EST
Hmm, and a google code search kinda suggests that everyone and his dog is calling that function where he shouldn't.
Comment 114 Lennart Poettering 2010-01-12 17:58:56 EST
I have also duplicated this now for abiword as bug 554899.
Comment 115 Lennart Poettering 2010-01-12 18:05:37 EST
(In reply to comment #113)
> Hmm, and a google code search kinda suggests that everyone and his dog is
> calling that function where he shouldn't.    

I will now blog about this, in a attempt to make people aware of that misuse.
Comment 117 Paul W. Frields 2010-01-13 09:41:40 EST
Michal and Lennart -- thank you both for running this to ground. Another pernicious problem of abusing PulseAudio can now be solved! :-)

(And apologies for not having anything substantive to add to this bug other than a thank-you.  I'll help publicize Lennart's blog entry though.)
Comment 118 Fedora Update System 2010-01-13 10:37:05 EST
empathy-2.28.2-2.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/empathy-2.28.2-2.fc12
Comment 119 Fedora Update System 2010-01-15 17:06:06 EST
empathy-2.28.2-2.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update empathy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-0581
Comment 120 Michal Schmidt 2010-01-18 07:56:46 EST
*** Bug 532106 has been marked as a duplicate of this bug. ***
Comment 121 Michal Schmidt 2010-01-18 08:43:04 EST
*** Bug 549392 has been marked as a duplicate of this bug. ***
Comment 122 Michal Schmidt 2010-01-18 08:43:25 EST
*** Bug 549361 has been marked as a duplicate of this bug. ***
Comment 123 Michal Schmidt 2010-01-18 08:46:47 EST
*** Bug 544814 has been marked as a duplicate of this bug. ***
Comment 124 Michal Schmidt 2010-01-18 09:03:57 EST
*** Bug 524506 has been marked as a duplicate of this bug. ***
Comment 125 Fedora Update System 2010-01-25 19:56:09 EST
empathy-2.28.2-2.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 126 Ralf Ertzinger 2010-02-02 10:54:08 EST
*** Bug 561059 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.