Bug 570008 – Segmentation fault on exit (kickstart changes)

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 570008 - Segmentation fault on exit (kickstart changes)


Summary:	Segmentation fault on exit (kickstart changes)


Status:	RESOLVED DUPLICATE of bug 576226

Product:	ekiga
Classification:	Applications
Component:	general
Version:	GIT master
Hardware:	Other All

Importance:	Urgent normal
Target Milestone:	---
Assigned To:	Snark
QA Contact:	Ekiga maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-01-31 19:02 UTC by Eugen Dedu
Modified:	2009-04-01 19:39 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Stack trace (14.78 KB, text/plain) 2009-01-31 19:03 UTC, Eugen Dedu	Details
Stack bt with additional debugging code (17.92 KB, text/plain) 2009-01-31 20:16 UTC, Eugen Dedu	Details
New stack bt, 04 02 2009 (15.30 KB, text/plain) 2009-02-04 21:55 UTC, Eugen Dedu	Details
Valgrind output (8.25 KB, application/postscript) 2009-02-05 20:32 UTC, Eugen Dedu	Details
Valgrind output (uncompressed) (313.74 KB, text/plain) 2009-02-05 20:33 UTC, Eugen Dedu	Details
Backtrace of src/ekiga --kickstart-disabled=AVAHI,AVAHIPUB,LDAP,GNOMESESSION (16.49 KB, text/plain) 2009-02-17 09:48 UTC, Eugen Dedu	Details
As of 23 02 2009 (19.30 KB, text/plain) 2009-02-23 14:28 UTC, Eugen Dedu	Details
gdb trace (31.49 KB, text/plain) 2009-03-22 09:30 UTC, Howard Chu	Details
new gdb output from execution without any argument (16.55 KB, text/plain) 2009-03-31 19:02 UTC, Eugen Dedu	Details
new gdb output from execution without any argument (another one) (14.24 KB, text/plain) 2009-03-31 19:04 UTC, Eugen Dedu	Details
new gdb output from execution with argument: --kickstart-disabled=EVOLUTION (13.13 KB, text/plain) 2009-03-31 19:05 UTC, Eugen Dedu	Details
gdb avec G_SLICE=always-malloc (21.43 KB, text/plain) 2009-03-31 21:16 UTC, Eugen Dedu	Details
gdb with history list empty (13.99 KB, text/plain) 2009-04-01 15:13 UTC, Eugen Dedu	Details

Description Eugen Dedu 2009-01-31 19:02:58 UTC

Since about one week, on trunk, ekiga seg faults on exit.  Stack trace below for version 26 january 2009 trunk.

Comment 1 Eugen Dedu 2009-01-31 19:03:50 UTC

Created attachment 127645 [details]
Stack trace

Comment 2 Damien Sandras 2009-01-31 19:21:01 UTC

The backtrace is corrupt:

+ Trace 212072

Thread 14 (Thread 0x4301d950 (LWP 7865))

#0 ??
from /lib/libc.so.6
#1 ??
from /lib/libc.so.6
#2 calloc
from /lib/libc.so.6
#3 g_malloc0
from /usr/lib/libglib-2.0.so.0
#4 g_slice_free1
from /usr/lib/libglib-2.0.so.0
#5 g_queue_pop_tail
from /usr/lib/libglib-2.0.so.0
#6 ??
from /usr/lib/libglib-2.0.so.0
#7 ??
from /usr/lib/libglib-2.0.so.0
#8 ??
from /usr/lib/libglib-2.0.so.0
#9 start_thread
from /lib/libpthread.so.0
#10 clone
from /lib/libc.so.6
#11 ??


Is that possible to have debug symbols ?
It happens in glib, but no idea why...

Comment 3 Eugen Dedu 2009-01-31 20:16:19 UTC

Created attachment 127650 [details]
Stack bt with additional debugging code

Comment 4 Damien Sandras 2009-01-31 20:26:09 UTC

Julien, any idea?

It happens when creating a glib thread.

Comment 5 Snark 2009-02-01 14:09:45 UTC

There are several striking things :
- I don't think we create any glib thread explicitly -- that means a lib we depend on does it (what are your compile options?) ;
- especially so on shutdown!
- your debug output for the kickstart is wrong : since 20090126, that isn't what ekiga spits out.

Notice that I have regular assertion failed crashes since months in opal (reported upstream), but no other crashes on exit.

Comment 6 Eugen Dedu 2009-02-04 21:53:34 UTC

With today trunk I still have the segm fault and is reproducible every time.

./autogen.sh $(confflags) --prefix=/usr --disable-dbus --sysconfdir=/etc --disable-schemas-install --disable-scrollkeeper #--enable-gstreamer

(last time it was WITH -enable-gstreamer I think).

I think glib appears because of build dependency libdbus-glib-1-dev or libavahi-glib-dev, most probably the former.

Attached, a new bt for today trunk.  Does the crash appear in malloc_consolidate, i.e. in glibc?

Comment 7 Eugen Dedu 2009-02-04 21:55:00 UTC

Created attachment 127959 [details]
New stack bt, 04 02 2009

Comment 8 Snark 2009-02-05 12:21:00 UTC

Could you try to compile with less --disable switches ?

I compile with generally only --prefix=/usr, and never saw that :-/

Comment 9 Eugen Dedu 2009-02-05 20:30:43 UTC

It crashes even with "./autogen.sh" and executing src/ekiga!  (Anyway, my previous switches were not harmful, and were used mainly during make install.)

I attach a valgrind output with information about the crash.  It shows many other errors, are they really errors?

Comment 10 Eugen Dedu 2009-02-05 20:32:02 UTC

Created attachment 128038 [details]
Valgrind output

Comment 11 Eugen Dedu 2009-02-05 20:33:32 UTC

Created attachment 128039 [details]
Valgrind output (uncompressed)

Comment 12 Snark 2009-02-06 09:03:46 UTC

I don't understand the backtraces and the valgrind output doesn't look like a startup crash at all!? It looks like ekiga is shutting down instead...

What glib version are you running?

Comment 13 Eugen Dedu 2009-02-07 16:25:36 UTC

ii  libglib2.0-0       2.18.4-1           The GLib library of C routines

The crash appears in engine.cpp, function engine_stop(), lines:
  if (service_core)
    delete service_core;

It seems service_core is deleted twice, but I do not know where it is deleted the second time.

Comment 14 Snark 2009-02-16 16:44:28 UTC

Uh... that looks even more like a shutdown!

Comment 15 Eugen Dedu 2009-02-16 18:05:20 UTC

Deleting twice a pointer is "more like a shutdown"?!

Comment 16 Snark 2009-02-16 20:47:27 UTC

Calling "engine_stop" definitely doesn't look like a startup!

Comment 17 Eugen Dedu 2009-02-16 20:56:08 UTC

Oh!, I have just understand your comment, Julien!

In fact, the title should be "on exit", not "on startup"!!!  I change this right now!

Comment 18 Snark 2009-02-17 08:13:16 UTC

Sigh... reading your comments again, you've been pretty clear it was on exit since the beginning -- except in the title, and that's part of what was causing the incomprehension : that's ok now.

The other reason for my incomprehension is that the stack trace shows a *starting* thread! And that is definitely not ok! What is starting a thread on shutdown!?

I would like to have a backtrace of a smaller ekiga with parts forcibly shut down, like :
./src/ekiga --kickstart-disabled=AVAHI,AVAHIPUB,LDAP,GNOMESESSION

Can you provide one?

Comment 19 Eugen Dedu 2009-02-17 09:48:54 UTC

Created attachment 128893 [details]
Backtrace of src/ekiga --kickstart-disabled=AVAHI,AVAHIPUB,LDAP,GNOMESESSION

Comment 20 Eugen Dedu 2009-02-23 14:27:27 UTC

I attach another stack backtrace with the trunk as of today.

With your previous patch, service_core is not deleted twice anymore, but the crash appears in another place.  I suppose kickstart change is buggy (but it is just a supposition).

Also, isn't valgrind output interesting to you?

Comment 21 Eugen Dedu 2009-02-23 14:28:21 UTC

Created attachment 129330 [details]
As of 23 02 2009

Comment 22 Snark 2009-02-23 20:40:06 UTC

That double deletion wasn't normal : I added things on what are essentially _error_ code paths! Could you test which of them was taken?

Comment 23 Eugen Dedu 2009-02-24 18:43:47 UTC

For info, svn 7603 is ok, 7614 has the bug.

Comment 24 Snark 2009-02-24 19:19:34 UTC

I committed your s/pop_back/pop_first -- from the look of it, I would say the GUI doesn't take&release references to its deps correctly.

Comment 25 Eugen Dedu 2009-02-24 21:09:46 UTC

s/pop_first/pop_front !!!

Now, the crash has moved forward:

eugen3 deleting local-roster-bridge
eugen3 refcount= 2
eugen3 deleted
eugen3 deleting local-cluster
eugen3 refcount= 9
eugen3 deleted
eugen3 deleting gtk-frontend
eugen3 refcount= 1
eugen8 ~gtk-frontend0x224e000
eugen8-- ~gtk-frontend0x224e000
eugen82 ~gtk-frontend
eugen83 ~gtk-frontend
eugen3 deleted
eugen3 deleting gtk-core
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting call-history-store
eugen3 refcount= 8
eugen3 deleted
eugen3 deleting ldap-source
eugen3 refcount= 8
eugen3 deleted
eugen3 deleting evolution-source
eugen3 refcount= 8
eugen3 deleted
eugen3 deleting avahi-presence-publisher
eugen3 refcount= 2
eugen3 deleted
eugen3 deleting avahi-core
eugen3 refcount= 8
eugen3 deleted
eugen3 deleting opal-component
eugen3 refcount= 3
eugen3 deleted
eugen3 deleting opal-account-store
eugen3 refcount= 2
eugen3 deleted
eugen3 deleting ptlib-audio-output
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting ptlib-audio-input
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting ptlib-video-input
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting null-audio-input
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting presence-core
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting personal-details
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting call-core
eugen3 refcount= 3
eugen3 deleted
eugen3 deleting hal-core
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting audiooutput-core
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting audioinput-core
eugen3 refcount= 1
eugen3 deleted
eugen3 deleting videooutput-core
eugen3 refcount= 1
eugen ~videooutputcore
eugen ~videooutputcore2
eugen ~videooutputcore3
*** glibc detected *** src/ekiga: corrupted double-linked list: 0x0000000001f60520 ***

So now, the crash is in videooutput-core.cpp:
VideoOutputCore ()
{
  std::cout << "eugen ~videooutputcore" << std::endl;
  PWaitAndSignal m(core_mutex);

  std::cout << "eugen ~videooutputcore2" << std::endl;
  if (videooutput_core_conf_bridge)
    delete videooutput_core_conf_bridge;

  std::cout << "eugen ~videooutputcore3" << std::endl;
  for (std::set<VideoOutputManager *>::iterator iter = managers.begin ();
       iter != managers.end ();
       iter++)
    delete (*iter);

  std::cout << "eugen ~videooutputcore4" << std::endl;
  managers.clear();
  std::cout << "eugen ~videooutputcore5" << std::endl;
}

Why all these crashes?!  (Why do they appear now, i.e. revision 7614?)

Do you know how to remove this one?  I will continue tomorrow the investigation.

Comment 26 Snark 2009-02-25 07:16:55 UTC

Sigh... I'll try to have a look. :-(

Could you print something in the "delete (*iter);" loop so we know for which one the crash occurs?

Comment 27 Eugen Dedu 2009-02-25 08:42:13 UTC

Pfff, I think the memory deallocation should be revisited as a whole.

With the patch pop_front, and with the patch below, I made several tests by stopping ekiga once the ekiga.net account is registered.

  for (std::set<VideoOutputManager *>::iterator iter = managers.begin ();
       iter != managers.end ();
       iter++){
    std::cout << "eugen ~videooutputcore3x" << std::endl;
    delete (*iter);
  }


Sometimes it stops ok.

Sometimes it prints:
eugen ~videooutputcore3
eugen ~videooutputcore3x
Segmentation fault

(or, instead of Segmentation fault:
*** glibc detected *** src/ekiga: corrupted double-linked list: 0x000000000168f800 ***
)

Sometimes it stops at:
eugen3 deleting contact-core
eugen3 refcount= 1
*** glibc detected *** src/ekiga: corrupted double-linked list: 0x0000000001312840 ***
so there is a problem in contact-core destructor (contact-core comes after videooutput-core).

I give up, hoping that someone who knows how memory is managed in ekiga will have a closer look.

What I still do not understand is the link between all these destructors and changes made one month ago, when no crash appeared, as shown in comment #23.

Comment 28 Snark 2009-02-25 15:59:16 UTC

The memory deallocation should be  : do nothing, let gmref_ptr do everything.

One of the problems is that a few of the stacks still don't use it... another problem is that we still have mindless threads in some places -- and those can also explain some of the crashes (though perhaps not that one).

The fact that I don't get crashes on exit also doesn't help :-(

Comment 29 Eugen Dedu 2009-02-26 16:23:13 UTC

If I shut down ekiga at 7-10 seconds after having registered to ekiga.net, then sometimes it does not crashes.

Comment 30 Snark 2009-02-26 16:41:25 UTC

There's something definitely fishy there. A simple memory management bug would give a very reproducible crash, both for you and everyone else.

I really think something happens in threads.

Comment 31 Snark 2009-03-03 21:22:38 UTC

Does having video preview on or off change anything?

Comment 32 Eugen Dedu 2009-03-04 21:23:21 UTC

No.

Let's wait until someone else has this problem.

Comment 33 Howard Chu 2009-03-22 09:30:59 UTC

Created attachment 131116 [details]
gdb trace

I'm seeing the same crash every time I quit on a freshly built ekiga 3.2.0 (from tarballs) on Ubuntu 8.10 x86_64.

Comment 34 Snark 2009-03-22 20:01:25 UTC

I reviewed all the backtraces, and I think I saw a pattern.

I'm not 100% sure Howard really has the same problem as Eugen.

Eugen's problem is that when some Evolution::Book is destroyed, something is done *by bonobo* in another thread, and we get the crash in that thread.

Howard's problem is when some History::Contact is destroyed, but the crash is still in another thread where the trace looks similar ; it's less clear because we don't have as much debug symbols.

Eugen, could you try to see if you get the same crash with :
ekiga --kickstart-disabled=EVOLUTION
my hope is that it will magically disappear.

Howard, can you reproduce the problem easily? If so, could you also try the kickstart-disabled trick? If you could get me more debug symbols, that would be nice too.

Comment 35 Snark 2009-03-25 21:06:35 UTC

Uh, I forgot to mark the bug as NEEDINFO, although I asked for more.

Comment 36 Eugen Dedu 2009-03-26 18:06:23 UTC

The crash still appears with the --kickstart-disabled trick :o(

Comment 37 Snark 2009-03-26 21:16:53 UTC

With the same gdb trace?!

Comment 38 Eugen Dedu 2009-03-28 09:41:45 UTC

With --kickstart-disabled and the version from 26 03 2009:

+ Trace 213928

#1 *__GI_abort
at abort.c line 88
#2 __libc_message
at ../sysdeps/unix/sysv/linux/libc_fatal.c line 170
#3 malloc_printerr
at malloc.c line 5994
#4 malloc_consolidate
at malloc.c line 4897
#5 _int_malloc
at malloc.c line 4229
#6 __libc_calloc
at malloc.c line 3946
#7 IA__g_malloc0
at /tmp/buildd/glib2.0-2.20.0/glib/gmem.c line 151
#8 IA__g_slice_alloc
at /tmp/buildd/glib2.0-2.20.0/glib/gslice.c line 444
#9 IA__g_list_prepend
at /tmp/buildd/glib2.0-2.20.0/glib/glist.c line 169
#10 IA__g_queue_push_head
at /tmp/buildd/glib2.0-2.20.0/glib/gqueue.c line 295
#11 IA__g_async_queue_push_unlocked
at /tmp/buildd/glib2.0-2.20.0/glib/gasyncqueue.c line 245
#12 IA__g_async_queue_push
at /tmp/buildd/glib2.0-2.20.0/glib/gasyncqueue.c line 226
#13 Ekiga::Runtime::run_in_main
at ../../../lib/engine/framework/runtime-glib.cpp line 161
#14 GMVideoOutputManager_x::close_frame_display
at ../../../../lib/engine/components/x-videooutput/videooutput-manager-x.cpp line 434
#15 GMVideoOutputManager::Main
at ../../../../lib/engine/components/common-videooutput/videooutput-manager-common.cpp line 119


After putting cout instructions in VideoInputCore::~VideoInputCore and VideoOutputCore::~VideoOutputCore () like this:

VideoInputCore::~VideoInputCore ()
{
  PWaitAndSignal m(core_mutex);

  if (videoinput_core_conf_bridge)
    delete videoinput_core_conf_bridge;
std::cout << "eugen ~videoinputcore" << std::endl;

  for (std::set<VideoInputManager *>::iterator iter = managers.begin ();
       iter != managers.end ();
       iter++) {
std::cout << "eugen ~videoinputcore1" << std::endl;
    delete (*iter);
  }
std::cout << "eugen ~videoinputcore2" << std::endl;
  managers.clear();
std::cout << "eugen ~videoinputcore3" << std::endl;
}

VideoOutputCore::~VideoOutputCore ()
{
  PWaitAndSignal m(core_mutex);

  if (videooutput_core_conf_bridge)
    delete videooutput_core_conf_bridge;
std::cout << "eugen ~videooutputcore" << std::endl;

  for (std::set<VideoOutputManager *>::iterator iter = managers.begin ();
       iter != managers.end ();
       iter++) {
std::cout << "eugen ~videooutputcore1" << std::endl;
    delete (*iter);
  }
std::cout << "eugen ~videooutputcore2" << std::endl;

  managers.clear();
std::cout << "eugen ~videooutputcore3" << std::endl;
}

it prints:
eugen3 deleting videooutput-core
eugen3 deleted
eugen3 deleting videoinput-core
eugen ~videoinputcore
eugen ~videoinputcore1
eugen ~videoinputcore1
eugen ~videoinputcore2
eugen ~videoinputcore3
eugen ~videooutputcore
eugen ~videooutputcore1
*** glibc detected *** src/ekiga: corrupted double-linked list: 0x00000000019d98e0 ***

It's 100% reproducible.  In all the cases, the video preview is off.

Comment 39 Snark 2009-03-28 11:20:38 UTC

Could you had g_print messages in runtime-glib.cpp (and more precisely in the Ekiga::Runtime::quit function) so we see whether we're not doing things after it's been shut down?

Comment 40 Eugen Dedu 2009-03-28 13:44:32 UTC

I put printf/g_print at beginning and end of functions init, finalize and quit.  init is calles and finished.  finalize and quit are *not* called when quitting ekiga.

I put also g_print in run_in_main:
void
Ekiga::Runtime::run_in_main (sigc::slot0<void> action,
			     unsigned int seconds)
{
  g_print ("eugen runinmain1\n");
  g_async_queue_push (queue, (gpointer)(new struct message (action, seconds)));
  g_print ("eugen runinmain2\n");
}
and they are not shown upon quitting ekiga => run_in_main is not called either.  Still, the gdb shows that this function is called upon quitting, I do not understand...

+ Trace 213937

Thread 4 (Thread 0x7fc503cae950 (LWP 29045))

#0 *__GI_raise
at ../nptl/sysdeps/unix/sysv/linux/raise.c line 64
#1 *__GI_abort
at abort.c line 88
#2 __libc_message
at ../sysdeps/unix/sysv/linux/libc_fatal.c line 170
#3 malloc_printerr
at malloc.c line 5994
#4 malloc_consolidate
at malloc.c line 4897
#5 _int_malloc
at malloc.c line 4229
#6 __libc_calloc
at malloc.c line 3946
#7 IA__g_malloc0
at /tmp/buildd/glib2.0-2.20.0/glib/gmem.c line 151
#8 IA__g_slice_alloc
at /tmp/buildd/glib2.0-2.20.0/glib/gslice.c line 444
#9 IA__g_array_sized_new
at /tmp/buildd/glib2.0-2.20.0/glib/garray.c line 86
#10 IA__g_static_private_set
at /tmp/buildd/glib2.0-2.20.0/glib/gthread.c line 451
#11 IA__g_get_charset
at /tmp/buildd/glib2.0-2.20.0/glib/gutf8.c line 545
#12 IA__g_print
at /tmp/buildd/glib2.0-2.20.0/glib/gmessages.c line 991
#13 Ekiga::Runtime::run_in_main
at ../../../lib/engine/framework/runtime-glib.cpp line 183
#14 GMVideoOutputManager_x::close_frame_display

Comment 41 Eugen Dedu 2009-03-28 14:43:53 UTC

I have had a revelation and compiled ekiga with -O0 -g.  Here is a new bt with --kickstart-disabled=EVOLUTION, there is a problem in Contact (same as Howard it seems):

+ Trace 213939

Thread 1 (Thread 0x7faf1810c7b0 (LWP 24686))

#0 malloc_consolidate
at malloc.c line 4889
#1 _int_free
at malloc.c line 4782
#2 *__GI___libc_free
at malloc.c line 3625
#3 std::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string
from /usr/lib/libstdc++.so.6
#4 ~Contact
at ../../../../lib/engine/components/call-history/history-contact.cpp line 140
#5 GmRefCounted::unreference
at ../../../../lib/engine/framework/gmref.h line 114
#6 gmref_ptr<History::Contact>::reset
at ../../../../lib/engine/framework/gmref.h line 206
#7 ~gmref_ptr
at ../../../../lib/engine/framework/gmref.h line 130
#8 ~pair
at /usr/include/c++/4.3/bits/stl_pair.h line 73
#9 __gnu_cxx::new_allocator<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >::destroy
at /usr/include/c++/4.3/ext/new_allocator.h line 118
#10 std::_Rb_tree<gmref_ptr<History::Contact>, std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > >, std::_Select1st<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >, std::less<gmref_ptr<History::Contact> >, std::allocator<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > > >::_M_destroy_node
at /usr/include/c++/4.3/bits/stl_tree.h line 390
#11 std::_Rb_tree<gmref_ptr<History::Contact>, std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > >, std::_Select1st<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc---Type <return> to continue, or q <return> to quit--- ::connection> > > >, std::less<gmref_ptr<History::Contact> >, std::allocator<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > > >::_M_erase
at /usr/include/c++/4.3/bits/stl_tree.h line 943
#12 std::_Rb_tree<gmref_ptr<History::Contact>, std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > >, std::_Select1st<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >, std::less<gmref_ptr<History::Contact> >, std::allocator<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > > >::_M_erase
at /usr/include/c++/4.3/bits/stl_tree.h line 941
#13 std::_Rb_tree<gmref_ptr<History::Contact>, std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > >, std::_Select1st<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >, std::less<gmref_ptr<History::Contact> >, std::allocator<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > > >::_M_erase
at /usr/include/c++/4.3/bits/stl_tree.h line 941
#14 std::_Rb_tree<gmref_ptr<History::Contact>, std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > >, std::_Select1st<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >, std::less<gmref_ptr<History::Contact> >, std::allocator<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > > >::_M_erase
at /usr/include/c++/4.3/bits/stl_tree.h line 941
#15 std::_Rb_tree<gmref_ptr<History::Contact>, std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > >, std::_Select1st<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >, std::less<gmref_ptr<History::Contact> >, std::allocator<std::pair<gmref_ptr<History::Contact> const, std::list<sigc::connection, std::allocator<sigc::connection> > > > >::_M_erase
at /usr/include/c++/4.3/bits/stl_tree.h line 941
#16 ~_Rb_tree
at /usr/include/c++/4.3/bits/stl_tree.h line 585
#17 ~map
at /usr/include/c++/4.3/bits/stl_map.h line 92
#18 ~RefLister
at ../../../../lib/engine/framework/reflister.h line 98
#19 ~BookImpl
#20 ~Book
at ../../../../lib/engine/components/call-history/history-book.cpp line 96
#21 GmRefCounted::unreference
at ../../../../lib/engine/framework/gmref.h line 114
#22 gmref_ptr<History::Book>::reset
at ../../../../lib/engine/framework/gmref.h line 206
#23 ~gmref_ptr
at ../../../../lib/engine/framework/gmref.h line 130
#24 ~pair
at /usr/include/c++/4.3/bits/stl_pair.h line 73
#25 __gnu_cxx::new_allocator<std::pair<gmref_ptr<History::Book> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >::destroy
at /usr/include/c++/4.3/ext/new_allocator.h line 118
#26 std::_Rb_tree<gmref_ptr<History::Book>, std::pair<gmref_ptr<History::Book> const, std::list<sigc::connection, std::allocator<sigc::connection> > >, std::_Select1st<std::pair<gmref_ptr<History::Book> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >, std::less<gmref_ptr<History::Book> >, std::allocator<std::pair<gmref_ptr<History::Book> const, std::list<sigc::connection, std::allocator<sigc::connection> > > > >::_M_destroy_node
at /usr/include/c++/4.3/bits/stl_tree.h line 390
#27 std::_Rb_tree<gmref_ptr<History::Book>, std::pair<gmref_ptr<History::Book> const, std::list<sigc::connection, std::allocator<sigc::connection> > >, std::_Select1st<std::pair<gmref_ptr<History::Book> const, std::list<sigc::connection, std::allocator<sigc::connection> > > >, std::less<gmref_ptr<History::Book> >, std::allocator<std::pair<gmref_ptr<History::Book> const, std::list<sigc::connection, std::allocator<sigc::connection> > > > >::_M_erase
at /usr/include/c++/4.3/bits/stl_tree.h line 943
#28 ~_Rb_tree
at /usr/include/c++/4.3/bits/stl_tree.h line 585
#29 ~map
at /usr/include/c++/4.3/bits/stl_map.h line 92
#30 ~RefLister
at ../../../../lib/engine/framework/reflister.h line 98
#31 ~SourceImpl
at ../../../../lib/engine/addressbook/source-impl.h line 193
#32 ~Source
at ../../../../lib/engine/components/call-history/history-source.cpp line 49
#33 GmRefCounted::unreference
at ../../../../lib/engine/framework/gmref.h line 114
#34 gmref_ptr<Ekiga::Source>::reset
at ../../../../lib/engine/framework/gmref.h line 206
#35 ~gmref_ptr
at ../../../../lib/engine/framework/gmref.h line 130
#36 ~bound_argument
at /usr/include/sigc++-2.0/sigc++/adaptors/bound_argument.h line 51
#37 ~bind_functor
at /usr/include/sigc++-2.0/sigc++/adaptors/bind.h line 136
#38 sigc::internal::typed_slot_rep<sigc::bind_functor<0, sigc::bound_const_mem_functor2<void, sigc::signal2<void, gmref_ptr<Ekiga::Source>, gmref_ptr<Ekiga::Book>, sigc::nil>, gmref_ptr<Ekiga::Source> const&, gmref_ptr<Ekiga::Book> const&>, gmref_ptr<Ekiga::Source>, sigc::nil, sigc::nil, sigc::nil, sigc::nil, sigc::nil, sigc::nil> >::destroy
at /usr/include/sigc++-2.0/sigc++/functors/slot.h line 61
#39 sigc::internal::slot_rep::notify
from /usr/lib/libsigc-2.0.so.0
#40 sigc::internal::trackable_callback_list::~trackable_callback_list
from /usr/lib/libsigc-2.0.so.0
#41 sigc::trackable::notify_callbacks
from /usr/lib/libsigc-2.0.so.0
#42 ~signal2
at /usr/include/sigc++-2.0/sigc++/signal.h line 1883
#43 ~ContactCore
at ../../../lib/engine/addressbook/contact-core.cpp line 51
#44 GmRefCounted::unreference
at ../../../../lib/engine/framework/gmref.h line 114
#45 gmref_ptr<Ekiga::Service>::reset
at ../../../../lib/engine/framework/gmref.h line 206
#46 ~gmref_ptr
at ../../../../lib/engine/framework/gmref.h line 130
#47 __gnu_cxx::new_allocator<gmref_ptr<Ekiga::Service> >::destroy
at /usr/include/c++/4.3/ext/new_allocator.h line 118
#48 std::list<gmref_ptr<Ekiga::Service>, std::allocator<gmref_ptr<Ekiga::Service> > >::_M_erase
at /usr/include/c++/4.3/bits/stl_list.h line 1360
#49 std::list<gmref_ptr<Ekiga::Service>, std::allocator<gmref_ptr<Ekiga::Service> > >::pop_front
at /usr/include/c++/4.3/bits/stl_list.h line 861
#50 ~ServiceCore
at ../../../lib/engine/framework/services.cpp line 46
#51 engine_stop
at engine.cpp line 314
#52 GnomeMeeting::StopEngine
at ekiga.cpp line 248
#53 main
at gui/main.cpp line 4575

Comment 42 Snark 2009-03-28 19:14:42 UTC

Sigh... you seem to have the same as Howard, indeed :-/

Comment 43 Snark 2009-03-29 08:39:07 UTC

I just committed a bunch of things which may help ; can you confirm?

Comment 44 Eugen Dedu 2009-03-29 18:21:44 UTC

I have just made svn up.  Still crashes:

+ Trace 213977

#1 _int_malloc
at malloc.c line 4229
#2 __libc_calloc
at malloc.c line 3946
#3 IA__g_malloc0
at /tmp/buildd/glib2.0-2.20.0/glib/gmem.c line 151
#4 IA__g_slice_alloc
at /tmp/buildd/glib2.0-2.20.0/glib/gslice.c line 444
#5 IA__g_list_prepend
at /tmp/buildd/glib2.0-2.20.0/glib/glist.c line 169
#6 IA__g_queue_push_head
at /tmp/buildd/glib2.0-2.20.0/glib/gqueue.c line 295
#7 IA__g_async_queue_push_unlocked
at /tmp/buildd/glib2.0-2.20.0/glib/gasyncqueue.c line 245
#8 IA__g_async_queue_push
at /tmp/buildd/glib2.0-2.20.0/glib/gasyncqueue.c line 226
#9 Ekiga::Runtime::run_in_main
at ../../../lib/engine/framework/runtime-glib.cpp line 161
#10 GMVideoOutputManager_x::close_frame_display
at ../../../../lib/engine/components/x-videooutput/videooutput-manager-x.cpp line 434
#11 GMVideoOutputManager::Main
at ../../../../lib/engine/components/common-videooutput/videooutput-manager-common.cpp line 119

Comment 45 Snark 2009-03-30 18:52:16 UTC

1. Could you get me the full backtrace?
2. Are you sure this isn't another crash?

Comment 46 Eugen Dedu 2009-03-31 18:59:14 UTC

2. I do not know.
1. See below.

Comment 47 Eugen Dedu 2009-03-31 19:02:29 UTC

Created attachment 131804 [details]
new gdb output from execution without any argument

Comment 48 Eugen Dedu 2009-03-31 19:04:21 UTC

Created attachment 131805 [details]
new gdb output from execution without any argument (another one)

Comment 49 Eugen Dedu 2009-03-31 19:05:12 UTC

Created attachment 131806 [details]
new gdb output from execution with argument: --kickstart-disabled=EVOLUTION

Comment 50 Snark 2009-03-31 20:39:57 UTC

What glib version do you have? I'm not convinced the problem is with us :-/

Perhaps you could try running ekiga with G_SLICE=always-malloc and get me yet-another backtrace ?

Comment 51 Eugen Dedu 2009-03-31 21:15:28 UTC

snoopy:~$ dpkg -l libglib\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name               Version            Description
+++-==================-==================-====================================================
ii  libglib-perl       1:1.221-1          Perl interface to the GLib and GObject libraries
un  libglib1.2         <none>             (no description available)
ii  libglib1.2ldbl     1.2.10-19          The GLib library of C routines
un  libglib1.3-dev     <none>             (no description available)
ii  libglib2.0-0       2.20.0-2           The GLib library of C routines
ii  libglib2.0-0-dbg   2.20.0-2           The GLib libraries and debugging symbols
un  libglib2.0-data    <none>             (no description available)
un  libglib2.0-dbg     <none>             (no description available)
ii  libglib2.0-dev     2.20.0-2           Development files for the GLib library
un  libglib2.0-doc     <none>             (no description available)
un  libglibmm-2.4-1    <none>             (no description available)
un  libglibmm-2.4-1c2  <none>             (no description available)
ii  libglibmm-2.4-1c2a 2.20.0-1           C++ wrapper for the GLib toolkit (shared libraries)
ii  libglibmm-2.4-dev  2.20.0-1           C++ wrapper for the GLib toolkit (development files)
un  libglibmm-2.4-doc  <none>             (no description available)
un  libglibmm2.3-dev   <none>             (no description available)

Comment 52 Eugen Dedu 2009-03-31 21:16:55 UTC

Created attachment 131809 [details]
gdb avec G_SLICE=always-malloc

Comment 53 Snark 2009-04-01 10:41:09 UTC

Sigh... I studied all the backtraces attached to this bug :
- most of them are about a crash in glib's queue code (including Howard's) ;
- and then there is (lately) a crash in History::Contact's destruction.

So I'm pretty sure we have several issues all mixed in this bug report.

The fact that I don't get that crash at all is very annoying : if we could pinpoint exactly what triggers the problem, that could help.

Eugen, does the History::Contact crash happen even if your history is empty?

Comment 54 Eugen Dedu 2009-04-01 15:13:45 UTC

Created attachment 131845 [details]
gdb with history list empty

Yes, it crashes too.

Comment 55 Snark 2009-04-01 16:13:04 UTC

And this is the glib queue crash again...

Comment 56 Snark 2009-04-01 19:39:40 UTC

Let me split that bug report : the GAsyncQueue problem is now bug #577640 ; and I'm closing that bug as a duplicate of bug #576226, because the crash in the C++ code looks similar (RefLister issue?).

*** This bug has been marked as a duplicate of 576226 ***