Bug 612363 – empathy crashed with SIGSEGV in g_closure_invoke()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 612363 - empathy crashed with SIGSEGV in g_closure_invoke()


Summary:	empathy crashed with SIGSEGV in g_closure_invoke()


Status:	RESOLVED FIXED

Product:	empathy
Classification:	Core
Component:	Chat
Version:	2.29.x
Hardware:	Other Linux

Importance:	High critical
Target Milestone:	---
Assigned To:	empathy-maint
QA Contact:

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-03-10 00:31 UTC by Joe Barnett
Modified:	2011-08-29 10:12 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
http://git.collabora.co.uk/?p=user/cassidy/empathy;a=shortlog;h=refs/heads/paste-crash-612363 (1.04 KB, patch) 2010-03-22 07:42 UTC, Guillaume Desmottes	none	Details \| Review

Description Joe Barnett 2010-03-10 00:31:15 UTC

Originally reported at:
  https://bugs.launchpad.net/bugs/527296

Binary package hint: empathy

received a message from a contact and viewed in through the message indicator applet.

shortly afterwards, empathy froze for a second or two and then crashed.  looks like a bunch of karmic bugs w/ similar crash, but this is w/ latest lucid package, so filing new bug.

ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Wed Feb 24 11:45:30 2010
DistroRelease: Ubuntu 10.04
ExecutablePath: /usr/bin/empathy
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha amd64 (20100113)
NonfreeKernelModules: nvidia
Package: empathy 2.29.91-1ubuntu1
ProcCmdline: empathy
ProcEnviron:
 LANG=en_US.utf8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-14.20-generic
SegvAnalysis:
 Segfault happened at: 0x45254c:	mov    0x68(%rbx),%edi
 PC (0x0045254c) ok
 source "0x68(%rbx)" (0x00000068) not located in a known VMA region (needed readable region)!
 destination "%edi" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: empathy
StacktraceTop:
 ?? ()
 g_closure_invoke ()
 ?? () from /usr/lib/libgobject-2.0.so.0
 g_signal_emit_valist ()
 g_signal_emit () from /usr/lib/libgobject-2.0.so.0
Title: empathy crashed with SIGSEGV in g_closure_invoke()
Uname: Linux 2.6.32-14-generic x86_64
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Comment 1 Joe Barnett 2010-03-10 00:31:48 UTC

the following sequence of events seems to trigger this crash very often:

0) double click a contact to open a new chat window
1) try to paste a url by middle clicking, where the selection is actually on another machine sharing mouse/keyboard through synergy
2) nothing shows up in chat window, so middle click again and see the url show up, and press enter to send msg w/ url in it
3) close chat window
4) wait some time, get the crash

not sure how synergy-specific the paste issue is, or if its even related? but seems to trigger it quite effectively.

Comment 2 Guillaume Desmottes 2010-03-10 14:06:27 UTC

Could you please build empathy master and try to get a better trace?

Thanks for taking the time to report this bug.
Unfortunately, that stack trace is missing some elements that will help a lot to solve the problem, so it will be hard for the developers to fix that crash. Can you get us a stack trace with debugging symbols? Please see http://live.gnome.org/GettingTraces for more information on how to do so and reopen this bug or report a new one. Thanks in advance!

Comment 3 Joe Barnett 2010-03-10 15:12:20 UTC

does the trace in the linked launcpad bug help, or do you still need a new trace?

http://launchpadlibrarian.net/39790683/Stacktrace.txt
http://launchpadlibrarian.net/39790684/ThreadStacktrace.txt

+ Trace 220908

#0 chat_input_text_buffer_changed_cb
at empathy-chat.c line 311
#1 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#2 ??
from /usr/lib/libgobject-2.0.so.0
#3 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#4 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#5 gtk_text_buffer_real_insert_text
at /build/buildd/gtk+2.0-2.19.5/gtk/gtktextbuffer.c line 870
#6 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#7 ??
from /usr/lib/libgobject-2.0.so.0
#8 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#9 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#10 IA__gtk_text_buffer_insert_interactive
at /build/buildd/gtk+2.0-2.19.5/gtk/gtktextbuffer.c line 983
#11 clipboard_text_received
at /build/buildd/gtk+2.0-2.19.5/gtk/gtktextbuffer.c line 3360
#12 request_text_received_func
at /build/buildd/gtk+2.0-2.19.5/gtk/gtkclipboard.c line 953
#13 selection_received
at /build/buildd/gtk+2.0-2.19.5/gtk/gtkclipboard.c line 865
#14 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#15 ??
from /usr/lib/libgobject-2.0.so.0
#16 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#17 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#18 gtk_selection_retrieval_report
at /build/buildd/gtk+2.0-2.19.5/gtk/gtkselection.c line 2938
#19 _gtk_selection_notify
at /build/buildd/gtk+2.0-2.19.5/gtk/gtkselection.c line 2744
#20 _gtk_marshal_BOOLEAN__BOXED
at /build/buildd/gtk+2.0-2.19.5/gtk/gtkmarshalers.c line 84
#21 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#22 ??
from /usr/lib/libgobject-2.0.so.0
#23 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#24 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#25 gtk_widget_event_internal
at /build/buildd/gtk+2.0-2.19.5/gtk/gtkwidget.c line 4949
#26 IA__gtk_main_do_event
at /build/buildd/gtk+2.0-2.19.5/gtk/gtkmain.c line 1601
#27 gdk_event_dispatch
at /build/buildd/gtk+2.0-2.19.5/gdk/x11/gdkevents-x11.c line 2372
#28 g_main_context_dispatch
from /lib/libglib-2.0.so.0
#29 ??
from /lib/libglib-2.0.so.0
#30 g_main_loop_run
from /lib/libglib-2.0.so.0
#31 IA__gtk_main
at /build/buildd/gtk+2.0-2.19.5/gtk/gtkmain.c line 1219
#32 main
at empathy.c line 690

Comment 4 Guillaume Desmottes 2010-03-17 15:20:35 UTC

Stack trace seems wrong.

+ Trace 220996

#0 chat_input_text_buffer_changed_cb
at empathy-chat.c line 311


This function is not localised at line 311.

I'd be intersted in having a proper trace from master (Ubuntu used to introduce weird crashes because of their patch and I'm a bit tired of wasting time tracking them).

Comment 5 Joe Barnett 2010-03-17 15:53:22 UTC

ok, reproduced on master, hopefully with all the information you need:

on paste, i get a few thousand lines of:

error: line 53473: bad flag alias index: 0
error: line 53473: bad flag vector alias
error: line 53474: bad flag alias index: 0
error: line 53474: bad flag vector alias
error: line 53475: bad flag alias index: 0
error: line 53475: bad flag vector alias
error: line 53476: bad flag alias index: 0
error: line 53476: bad flag vector alias

in the console, followed by:

** Message: console message: undefined @1: ReferenceError: Can't find variable: scrollToBottom

[New Thread 0x7fffdb5d1710 (LWP 13491)]
[Thread 0x7fffdb5d1710 (LWP 13491) exited]

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: 1447906560

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: 2737

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: 2130896645

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: 1447906628

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: 134217728

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: -1274884859

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: 1447906628

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: 134217728

(empathy:13457): Gdk-WARNING **: /build/buildd/gtk+2.0-2.19.7/gdk/x11/gdkproperty-x11.c:325 invalid X atom: -368921851

Program received signal SIGSEGV, Segmentation fault.
chat_composing_start (buffer=0xb151b0, chat=0xc170c0) at empathy-chat.c:343
343		if (priv->composing_stop_timeout_id) {
(gdb) bt

+ Trace 220997

Thread 1 (Thread 0x7ffff7fb3820 (LWP 13457))

#0 chat_composing_start
at empathy-chat.c line 343
#1 chat_input_text_buffer_changed_cb
at empathy-chat.c line 1257
#2 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#3 ??
from /usr/lib/libgobject-2.0.so.0
#4 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#5 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#6 ??
from /usr/lib/libgtk-x11-2.0.so.0
#7 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#8 ??
from /usr/lib/libgobject-2.0.so.0
#9 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#10 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#11 gtk_text_buffer_insert_interactive
from /usr/lib/libgtk-x11-2.0.so.0
#12 ??
from /usr/lib/libgtk-x11-2.0.so.0
#13 ??
from /usr/lib/libgtk-x11-2.0.so.0
#14 ??
from /usr/lib/libgtk-x11-2.0.so.0
#15 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#16 ??
from /usr/lib/libgobject-2.0.so.0
#17 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#18 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#19 ??
from /usr/lib/libgtk-x11-2.0.so.0
#20 ??
from /usr/lib/libgtk-x11-2.0.so.0
#21 ??
from /usr/lib/libgtk-x11-2.0.so.0
#22 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#23 ??
from /usr/lib/libgobject-2.0.so.0
#24 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#25 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#26 ??
from /usr/lib/libgtk-x11-2.0.so.0
#27 gtk_main_do_event
from /usr/lib/libgtk-x11-2.0.so.0
#28 ??
from /usr/lib/libgdk-x11-2.0.so.0
#29 g_main_context_dispatch
from /lib/libglib-2.0.so.0
#30 ??
from /lib/libglib-2.0.so.0
#31 g_main_loop_run
from /lib/libglib-2.0.so.0
#32 gtk_main
from /usr/lib/libgtk-x11-2.0.so.0
#33 main
at empathy.c line 721

Comment 6 Guillaume Desmottes 2010-03-18 14:53:01 UTC

Great thanks!
Could you test with this branch and see if that help:
http://git.collabora.co.uk/?p=user/cassidy/empathy;a=shortlog;h=refs/heads/paste-crash-612363

Comment 7 Joe Barnett 2010-03-19 15:49:36 UTC

applied the latest diff to master, and don't get the crash anymore.

still get a little bit of a freeze while the few thousand lines of:

error: line 53473: bad flag alias index: 0
error: line 53473: bad flag vector alias

are being output, and still the weird first-paste doesn't work issue (though now i've noticed that the paste does eventually happen if the chat window is left open...)

Comment 8 Guillaume Desmottes 2010-03-22 07:41:32 UTC

I doubt those are related.

Comment 9 Guillaume Desmottes 2010-03-22 07:42:13 UTC

Created attachment 156719 [details] [review]
http://git.collabora.co.uk/?p=user/cassidy/empathy;a=shortlog;h=refs/heads/paste-crash-612363

 libempathy-gtk/empathy-chat.c |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

Comment 10 Guillaume Desmottes 2010-03-22 08:53:58 UTC

Reviewed by Danielle. Let's merge it after the hard code freeze or before if accepted by the RT.

Comment 11 Joe Barnett 2010-03-22 21:44:23 UTC

(In reply to comment #8)
> I doubt those are related.

seems to be related in that I believe (from behavior, not from understanding the code) that it's the first page that is causing the callback to fire after the chat window is closed:

-first-paste doesn't paste right away, but if i leave the chat window open long enough, it does eventually show up

-if i close the chat window before it shows up, i get the crash (pre-patch).  if i leave the chat window open until the paste shows up, i can close it later, and get no crash.

Comment 12 Guillaume Desmottes 2010-03-29 15:39:44 UTC

Merged; will be in 2.30.1

This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.