Version: 0.6.2 (using KDE KDE 3.1) Installed from: Mandrake RPMs OS: Linux Kopete randomly crashes (SIGSEGV). This both occurs while I use it or not. I don't know how to reproduce the problem. My loaded plugins are : ICQ, MSN, WinPopup. I use KDE 3.1.0 and Kopete 0.6.2 on a Mandrake 9.1. Backtraces : (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...[New Thread 16384 (LWP 15052)] [New Thread 32769 (LWP 15058)] (no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... 0x412f56ba in waitpid () from /lib/i686/libpthread.so.0 #0 0x412f56ba in waitpid () from /lib/i686/libpthread.so.0 #1 0x40a25e7b in KCrash::defaultCrashHandler(int) () from /usr/lib/libkdecore.so.4
Unfortunately without more information this bug will be closed soon, the backtrace tells nothing except the already known fact: "it is crashing somewhere".
How can I do the gather more information ?
run Kopete in gdb: gdb kopete from the gdb prompt type: run --nofork when it crashes you get back to the gdb command prompt, there you can type: bt post the output of this bt (backtrace) command.
Stefan: That would be a great advice if Kopete was built with debug symbolsk, but alas, it is not. Renaud: If you want to help out we need either of the following from you: 1. A way for us to (reliably) reproduce the problem. As you stated in your initial report you don't know how to get it, but maybe you'll find it out later. Some ideas to check for: disable some plugins to see which plugin is the likely culprit. Enable or disable autoconnect to see if it helps. What plugins do you use? Does Kopete crash while you are online? Are you chatting when Kopete crashes? Do you use the away plugins? Etc. -- I hope you get the idea. 2. A backtrace generated from a Kopete that has debug information. To get that you need to recompile Kopete with debug information turned on. Most precompiled RPMs are not suitable for debugging, so I'm afraid you have to build your own Kopete for a working debug build. Failing the above two points we'll probably close the bug report as Stefan already said. Hope this helps, Martijn
Here is the output from gdb. I hope this helps. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 13592)] 0x40d4d56f in QApplication::internalNotify(QObject*, QEvent*) () from /usr/lib/qt3/lib/libqt-mt.so.3 (gdb) bt #0 0x40d4d56f in QApplication::internalNotify(QObject*, QEvent*) () from /usr/lib/qt3/lib/libqt-mt.so.3 #1 0x08381e50 in ?? () (gdb)
I have this problem too. I also use Mandrake 9.1, probably they've messed up something in the distribution. Seems that it crashes when it's receiving a message from MSN network. And it's not random, it happens just every time for me. (and I get the same stack trace ;-( ) So if you have an access to a MDK 9.1, you can actually try to reproduce. Alex gsasha@cs.technion.ac.il
I've compiled kopete from source, and it falls the same... the KDE crash handler doesn't show much info - seems like the problem is in some other thread. And I cannot run it from gdb - it has some DCOP problems this way ;-( Here's valgrind output. Hope it helps. It seems like a classic null-pointer access. Alex kopete: MSNSocket::slotReadyWrite: Sending command MSG 3 U 98 MIME-Version: 1.0 Content-Type: text/x-msmsgscontrol TypingUser: alex_gontmakher@hotmail.com kopete: ==3098== valgrind's libpthread.so: IGNORED call to: pthread_attr_setinheritsched ==3098== valgrind's libpthread.so: IGNORED call to: pthread_attr_destroy ==3098== ==3098== Thread 2: ==3098== Invalid read of size 4 ==3098== at 0x40F291B3: QProcess::isRunning() const (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3098== Address 0x0 is not stack'd, malloc'd or free'd ==3098== Warning: client attempted to close Valgrind's logfile fd (2). ==3098== Use --logfile-fd=<number> to select an alternative logfile fd. KCrash: Application 'lt-kopete' crashing... Loading required GL library /usr/X11R6/lib/libGL.so.1.2 ==3098== Warning: invalid file descriptor 9 in syscall write() ==3098== ==3098== Invalid read of size 4 ==3098== at 0x4160BCDE: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4168A936: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==3098== Address 0x448B1050 is 8 bytes inside a block of size 60 free'd ==3098== at 0x4015E05C: free (vg_clientfuncs.c:182) ==3098== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0D82: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0B86: tdestroy (in /lib/i686/libc-2.3.1.so) ==3098== ==3098== Invalid write of size 4 ==3098== at 0x4160BCEF: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4168A936: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==3098== Address 0x448B1050 is 8 bytes inside a block of size 60 free'd ==3098== at 0x4015E05C: free (vg_clientfuncs.c:182) ==3098== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0D82: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0B86: tdestroy (in /lib/i686/libc-2.3.1.so) ==3098== ==3098== Invalid read of size 4 ==3098== at 0x4160BCF4: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4168A936: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==3098== Address 0x448B1068 is 32 bytes inside a block of size 60 free'd ==3098== at 0x4015E05C: free (vg_clientfuncs.c:182) ==3098== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0D82: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0B86: tdestroy (in /lib/i686/libc-2.3.1.so) ==3098== ==3098== Invalid read of size 4 ==3098== at 0x4160BCFB: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4168A936: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==3098== Address 0x448B1048 is 0 bytes inside a block of size 60 free'd ==3098== at 0x4015E05C: free (vg_clientfuncs.c:182) ==3098== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0D82: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0B86: tdestroy (in /lib/i686/libc-2.3.1.so) ==3098== ==3098== Invalid read of size 4 ==3098== at 0x4160BCDE: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4168A940: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==3098== Address 0x448B0F28 is 8 bytes inside a block of size 60 free'd ==3098== at 0x4015E05C: free (vg_clientfuncs.c:182) ==3098== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0B58: tdestroy (in /lib/i686/libc-2.3.1.so) ==3098== by 0x417073A3: (within /lib/i686/libc-2.3.1.so) ==3098== ==3098== Invalid write of size 4 ==3098== at 0x4160BCEF: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4168A940: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==3098== Address 0x448B0F28 is 8 bytes inside a block of size 60 free'd ==3098== at 0x4015E05C: free (vg_clientfuncs.c:182) ==3098== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0B58: tdestroy (in /lib/i686/libc-2.3.1.so) ==3098== by 0x417073A3: (within /lib/i686/libc-2.3.1.so) ==3098== ==3098== Invalid read of size 4 ==3098== at 0x4160BCF4: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4168A940: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==3098== Address 0x448B0F40 is 32 bytes inside a block of size 60 free'd ==3098== at 0x4015E05C: free (vg_clientfuncs.c:182) ==3098== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0B58: tdestroy (in /lib/i686/libc-2.3.1.so) ==3098== by 0x417073A3: (within /lib/i686/libc-2.3.1.so) ==3098== ==3098== Invalid read of size 4 ==3098== at 0x4160BCFB: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x4168A940: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==3098== Address 0x448B0F20 is 0 bytes inside a block of size 60 free'd ==3098== at 0x4015E05C: free (vg_clientfuncs.c:182) ==3098== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==3098== by 0x416D0B58: tdestroy (in /lib/i686/libc-2.3.1.so) ==3098== by 0x417073A3: (within /lib/i686/libc-2.3.1.so) ==3098== discard syms in /lib/libnss_nisplus-2.3.1.so due to munmap() ==3098== discard syms in /lib/libnss_nis-2.3.1.so due to munmap() ==3098== discard syms in /lib/libnsl-2.3.1.so due to munmap() ==3098== discard syms in /lib/libnss_files-2.3.1.so due to munmap() ==3098== discard syms in /lib/libnss_dns-2.3.1.so due to munmap() ==3098== ==3098== ERROR SUMMARY: 554 errors from 22 contexts (suppressed: 167 from 4) ==3098== malloc/free: in use at exit: 2815645 bytes in 75553 blocks. ==3098== malloc/free: 667140 allocs, 591587 frees, 34552600 bytes allocated. ==3098== For a detailed leak analysis, rerun with: --leak-check=yes ==3098== For counts of detected errors, rerun with: -v
Subject: Re: [Kopete-devel] Kopete randomly crashes (SIGSEGV) On Friday 16 May 2003 20:16, gsasha@cs.technion.ac.il wrote: > Here's valgrind output. Hope it helps. It seems like a classic null-pointer > access. Yup: > ==3098== Invalid read of size 4 and > ==3098== Invalid write of size 4 (which is even worse, since writes corrupt memory.) The bad thing is the backtrace: > ==3098== at 0x4160BCEF: (within /lib/i686/libc-2.3.1.so) > ==3098== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) You are experiencing bugs in libc itself! No wonder there are problems with MDK 9.1... Could you recompile Kopete with debug symbols (configure --enable-debug=full) and see if that results in better valgrind output? If you want to take the risk you could rebuild libc with debug too, but I doubt most people do that. I for one won't ;-)
OK, so I recompiled it with debugging (I'm indeed afraid to recompile libc - I use this machine for, er, work ;-). Below is the output of valgrind after the recompilation. As you can see, there are some failures in libc, but note that the first really bad thing is QProcess::is_running on NULL pointer. The first several warnings of valgrind, connected with the deletion of sockets did not cause the program to crash immediately (though they could possibly be the ultimate reason). Ah, and one more thought: I'm running the program on a dual-CPU machine. Since the program is multi-threaded, this could be very well the reason of why there are problems repeating this problem on other machines. ------------------------------------------------------------ ------------------------------------------------------------ ------------------------------------------------------------ kopete: MSNProtocol::slotOnlineStatusChanged: Leaving public name as alex_gontmakher@hotmail.com kopete: MSN Plugin: My Status Changed to 0 (NLN) kopete: MSNSocket::slotReadLine: ILN 5 IDL mike_plavnik@hotmail.com mike_plavnik@hotmail.com ==2785== valgrind's libpthread.so: IGNORED call to: pthread_attr_setinheritsched ==2785== valgrind's libpthread.so: IGNORED call to: pthread_attr_destroy ==2785== ==2785== Invalid read of size 4 ==2785== at 0x40F0FAC0: QEventLoop::setSocketNotifierPending(QSocketNotifier*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== Address 0x457B03D0 is 4 bytes inside a block of size 12 free'd ==2785== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==2785== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==2785== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x40F0FAC3: QEventLoop::setSocketNotifierPending(QSocketNotifier*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== Address 0x457B03D4 is 8 bytes inside a block of size 12 free'd ==2785== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==2785== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==2785== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x40F0FF0E: QEventLoop::activateSocketNotifiers() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== Address 0x457B03D4 is 8 bytes inside a block of size 12 free'd ==2785== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==2785== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==2785== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x40F0FF11: QEventLoop::activateSocketNotifiers() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== Address 0x457B03D0 is 4 bytes inside a block of size 12 free'd ==2785== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==2785== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==2785== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x40F0FF2D: QEventLoop::activateSocketNotifiers() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== Address 0x457B03CC is 0 bytes inside a block of size 12 free'd ==2785== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==2785== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==2785== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) kopete: MSNSocket::slotReadLine: CHL 0 11993174379422151531 kopete: Sending final Authentication kopete: MSNSocket::slotReadyWrite: Sending command QRY 6 msmsgs@msnmsgr.com 32 a63112d8d7bf138dda4eaa5d0507c565 kopete: MSNSocket::slotReadLine: QRY 6 ==2785== valgrind's libpthread.so: IGNORED call to: pthread_attr_setinheritsched ==2785== valgrind's libpthread.so: IGNORED call to: pthread_attr_destroy kopete: WARNING: KDE detected X Error: BadDrawable (invalid Pixmap or Window parameter) \x09 Major opcode: H kopete: WARNING: KDE detected X Error: BadDrawable (invalid Pixmap or Window parameter) \x09 Major opcode: > kopete: MSNSocket::slotReadyWrite: Sending command PNG kopete: kopete: MSNSocket::slotReadLine: QNG ==2785== valgrind's libpthread.so: IGNORED call to: pthread_attr_setinheritsched ==2785== valgrind's libpthread.so: IGNORED call to: pthread_attr_destroy ==2785== ==2785== Thread 2: ==2785== Invalid read of size 4 ==2785== at 0x40F291A3: QProcess::isRunning() const (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==2785== Address 0x0 is not stack'd, malloc'd or free'd ==2785== Warning: client attempted to close Valgrind's logfile fd (2). ==2785== Use --logfile-fd=<number> to select an alternative logfile fd. KCrash: Application 'kopete' crashing... Loading required GL library /usr/X11R6/lib/libGL.so.1.2 ==2785== Warning: invalid file descriptor 21 in syscall write() ==2785== ==2785== Invalid read of size 4 ==2785== at 0x4160BCDE: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4168A936: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==2785== Address 0x4417B5D4 is 8 bytes inside a block of size 60 free'd ==2785== at 0x4015E05C: free (vg_clientfuncs.c:182) ==2785== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0D82: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0B86: tdestroy (in /lib/i686/libc-2.3.1.so) ==2785== ==2785== Invalid write of size 4 ==2785== at 0x4160BCEF: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4168A936: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==2785== Address 0x4417B5D4 is 8 bytes inside a block of size 60 free'd ==2785== at 0x4015E05C: free (vg_clientfuncs.c:182) ==2785== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0D82: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0B86: tdestroy (in /lib/i686/libc-2.3.1.so) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x4160BCF4: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4168A936: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==2785== Address 0x4417B5EC is 32 bytes inside a block of size 60 free'd ==2785== at 0x4015E05C: free (vg_clientfuncs.c:182) ==2785== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0D82: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0B86: tdestroy (in /lib/i686/libc-2.3.1.so) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x4160BCFB: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4168A936: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==2785== Address 0x4417B5CC is 0 bytes inside a block of size 60 free'd ==2785== at 0x4015E05C: free (vg_clientfuncs.c:182) ==2785== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0D82: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0B86: tdestroy (in /lib/i686/libc-2.3.1.so) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x4160BCDE: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4168A940: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==2785== Address 0x4417B4AC is 8 bytes inside a block of size 60 free'd ==2785== at 0x4015E05C: free (vg_clientfuncs.c:182) ==2785== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0B58: tdestroy (in /lib/i686/libc-2.3.1.so) ==2785== by 0x417073A3: (within /lib/i686/libc-2.3.1.so) ==2785== ==2785== Invalid write of size 4 ==2785== at 0x4160BCEF: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4168A940: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==2785== Address 0x4417B4AC is 8 bytes inside a block of size 60 free'd ==2785== at 0x4015E05C: free (vg_clientfuncs.c:182) ==2785== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0B58: tdestroy (in /lib/i686/libc-2.3.1.so) ==2785== by 0x417073A3: (within /lib/i686/libc-2.3.1.so) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x4160BCF4: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4168A940: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==2785== Address 0x4417B4C4 is 32 bytes inside a block of size 60 free'd ==2785== at 0x4015E05C: free (vg_clientfuncs.c:182) ==2785== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0B58: tdestroy (in /lib/i686/libc-2.3.1.so) ==2785== by 0x417073A3: (within /lib/i686/libc-2.3.1.so) ==2785== ==2785== Invalid read of size 4 ==2785== at 0x4160BCFB: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4160C0EC: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x4168A940: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x41614945: (within /lib/i686/libc-2.3.1.so) ==2785== Address 0x4417B4A4 is 0 bytes inside a block of size 60 free'd ==2785== at 0x4015E05C: free (vg_clientfuncs.c:182) ==2785== by 0x4160C8F0: (within /lib/i686/libc-2.3.1.so) ==2785== by 0x416D0B58: tdestroy (in /lib/i686/libc-2.3.1.so) ==2785== by 0x417073A3: (within /lib/i686/libc-2.3.1.so) ==2785== discard syms in /lib/libnss_nisplus-2.3.1.so due to munmap() ==2785== discard syms in /lib/libnss_nis-2.3.1.so due to munmap() ==2785== discard syms in /lib/libnsl-2.3.1.so due to munmap() ==2785== discard syms in /lib/libnss_files-2.3.1.so due to munmap() ==2785== discard syms in /lib/libnss_dns-2.3.1.so due to munmap() ==2785== ==2785== ERROR SUMMARY: 1703 errors from 26 contexts (suppressed: 113 from 4) ==2785== malloc/free: in use at exit: 2682444 bytes in 70892 blocks. ==2785== malloc/free: 636499 allocs, 565607 frees, 36979683 bytes allocated. ==2785== For a detailed leak analysis, rerun with: --leak-check=yes ==2785== For counts of detected errors, rerun with: -v
One more thought: I'm pretty sure that the last valgrind warnings happen during the process cleanup, when the memory is already a mess. The real problem is most certainly the NULL pointer access. Alex
Subject: Re: [Kopete-devel] Kopete randomly crashes (SIGSEGV) On Saturday 17 May 2003 15:30, gsasha@cs.technion.ac.il wrote: > Below is the output of valgrind after the recompilation. As you can see, > there are some failures in libc, but note that the first really bad thing > is QProcess::is_running on NULL pointer. The first several warnings of > valgrind, connected with the deletion of sockets did not cause the program > to crash immediately (though they could possibly be the ultimate reason). All very weird stuff. Even more so because all backtraces only have Qt and libc functions, but there's not a trace of Kopete code in the BTs. Oh, wait, you're using very short backtraces. Could you 'export VALGRIND_OPTS="--num-callers=8"' before running valgrind? That gives 8-level backtraces, which are more useful usually. > Ah, and one more thought: I'm running the program on a dual-CPU machine. > Since the program is multi-threaded, this could be very well the reason of > why there are problems repeating this problem on other machines. Unlikely. kdelibs supports threaded apps and as such links against the threaded Qt, but I don't think either Kopete or kdelibs actually use threaded code themselves. > One more thought: I'm pretty sure that the last valgrind warnings happen > during the process cleanup, when the memory is already a mess. The real > problem is most certainly the NULL pointer access. Correct. Everything after the 'KCrash:' is 99% of the times rubbish and can be safely ignored when analyzing valgrind output.
OK, here's the output with the full stack on. It's the only warning I got before the crash - and I was able to send and receive some good 10 messages before it went belly up (which was again QProcess::is_running - and there was no stack trace for it...). Notice that the last several warnings are different. ---------------------------------------------------------- ---------------------------------------------------------- ---------------------------------------------------------- ==3355== valgrind's libpthread.so: IGNORED call to: pthread_attr_setinheritsched ==3355== valgrind's libpthread.so: IGNORED call to: pthread_attr_destroy ==3355== ==3355== Invalid read of size 4 ==3355== at 0x40F0FAC0: QEventLoop::setSocketNotifierPending(QSocketNotifier*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D4B5FC is 4 bytes inside a block of size 12 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== ==3355== Invalid read of size 4 ==3355== at 0x40F0FAC3: QEventLoop::setSocketNotifierPending(QSocketNotifier*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D4B600 is 8 bytes inside a block of size 12 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== ==3355== Invalid read of size 4 ==3355== at 0x40F0FF0E: QEventLoop::activateSocketNotifiers() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D4B600 is 8 bytes inside a block of size 12 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== ==3355== Invalid read of size 4 ==3355== at 0x40F0FF11: QEventLoop::activateSocketNotifiers() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D4B5FC is 4 bytes inside a block of size 12 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== ==3355== Invalid read of size 4 ==3355== at 0x40F0FF2D: QEventLoop::activateSocketNotifiers() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D4B5F8 is 0 bytes inside a block of size 12 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40F102CF: QPtrList<QSockNot>::deleteItem(void*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== ==3355== Invalid read of size 1 ==3355== at 0x40F34CA9: QApplication::notify(QObject*, QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D3F1C8 is 4 bytes inside a block of size 52 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40FB36C4: QSocketNotifier::~QSocketNotifier() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x48555848: KWinPopup::doUpdate() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485555B8: KWinPopup::update(bool) (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485545D0: UpdateThread::run() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x40F29FF9: (within /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x40161C5C: do__quit (vg_scheduler.c:2119) ==3355== ==3355== Invalid read of size 1 ==3355== at 0x410B6598: QTipManager::eventFilter(QObject*, QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x31: ??? ==3355== Address 0x47D3F1C8 is 4 bytes inside a block of size 52 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40FB36C4: QSocketNotifier::~QSocketNotifier() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x48555848: KWinPopup::doUpdate() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485555B8: KWinPopup::update(bool) (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485545D0: UpdateThread::run() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x40F29FF9: (within /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x40161C5C: do__quit (vg_scheduler.c:2119) ==3355== ==3355== Invalid read of size 1 ==3355== at 0x40F354EE: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D3F1C8 is 4 bytes inside a block of size 52 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40FB36C4: QSocketNotifier::~QSocketNotifier() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x48555848: KWinPopup::doUpdate() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485555B8: KWinPopup::update(bool) (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485545D0: UpdateThread::run() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x40F29FF9: (within /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x40161C5C: do__quit (vg_scheduler.c:2119) ==3355== ==3355== Invalid read of size 4 ==3355== at 0x40F35565: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D3F1C4 is 0 bytes inside a block of size 52 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40FB36C4: QSocketNotifier::~QSocketNotifier() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x48555848: KWinPopup::doUpdate() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485555B8: KWinPopup::update(bool) (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485545D0: UpdateThread::run() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x40F29FF9: (within /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x40161C5C: do__quit (vg_scheduler.c:2119) ==3355== ==3355== Invalid read of size 4 ==3355== at 0x40F93D5A: QObject::event(QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== Address 0x47D3F1E0 is 28 bytes inside a block of size 52 free'd ==3355== at 0x4015E0E8: __builtin_delete (vg_clientfuncs.c:196) ==3355== by 0x4015E108: operator delete(void*) (vg_clientfuncs.c:205) ==3355== by 0x40FB36C4: QSocketNotifier::~QSocketNotifier() (in /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x48555848: KWinPopup::doUpdate() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485555B8: KWinPopup::update(bool) (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x485545D0: UpdateThread::run() (in /usr/lib/kde3/kopete_wp.so) ==3355== by 0x40F29FF9: (within /usr/lib/qt3/lib/libqt-mt.so.3.1.1) ==3355== by 0x40161C5C: do__quit (vg_scheduler.c:2119)
Martijn, Have any idea on why it wouldn't run from the debugger? I'd debug it - I have chased down a few nasty bugs in my life, but it just wouldn't start... Alex Below's the output from the debugger: ------------------------------------- [sasha@remoi kopete-0.6.2]$ gdb kopete/kopete/.libs/kopete GNU gdb 5.3-22mdk (Mandrake Linux) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i586-mandrake-linux-gnu"... (gdb) run Starting program: /home/sasha/download/kopete-0.6.2/kopete/kopete/.libs/kopete [New Thread 16384 (LWP 3434)] ERROR: KUniqueApplication: DCOP communication error! Program exited with code 0377.
Tough luck. I've succeeded to run it under the debugger (with --no-fork option), but upon the failure, the stack is completely trashed. I'll probably get to it when I have time... pretty busy right now.
Sorry for not following up on this bug sooner, but I still have no clue why all your backtraces show just Qt/kdelibs/libc functions and not a sign of Kopete-specifics. :( That said, your last comment (with the longer valgrind backtraces) doesn't show invalid _writes_, just reads. As such it can't have corrupted memory, which means some pointer is wrong because of other reasons. Does this bug also appear with KDE != 3.1.0 (3.1.1, 3.1.2, ...) ? Martijn
Don't know. I'm running this on the Mandrake distribution (which is my production system), and I'm afraid to install a newer KDE unless Mandrake issue official RPMs. Maybe, in a couple of days, I'll have less problems on my head and some more time to try 3.1.2. Or even try to debug it...
This also happens in SuSE 8.1, with KDE 3.1.2 and Kopete 0.6.2. It crashes apparently randomly. I only use the ICQ plugin, and with Kopete 0.6.1a it worked without crashing at all.
This has been happening on my system as well. Kopete will crash at completely random intervals, with or without any messages coming in. Sometimes it will happen right after I start it up, sometimes two or three days later I'll come home to a crashed Kopete. I'm running on SuSE 8.1, KDE 3.1.1, and Kopete 0.6.1a. Am using AIM/Oscar, MSN, and ICQ. This also used to happen a few months ago when I was running SuSE 8.0 with a custom compiled Kopete and KDE. Right now am using the Kopete that comes in RPM form with SuSE.
Do any of you still experience this crash with the lastest CVS? Olivier has committed a whole bunch of valgrind-related fixes before he went on holidays and I think most of the crashes should be gone now. I'm inclined to close this bug as 'fixed'. Martijn
Feel free to close, IMO. I don't experience any crashes with the latest round of valgrind fixes that Olivier made.
Almost certainly fixed in the latest round of valgrind fixes.