Dear Maintainer,
I use Pidgin's IRC feature. Occasionally when the network disconnects, Pidgin
crashes. This bug can be easily reproduced by running Pidgin, signing in an IRC
account, and send the computer to sleep. Pidgin is guaranteed to crash upon
resuming.
I have produced a backtrace, the problem seems to be related an excess free()
call. Below is the backtrace:
*** Error in `/usr/bin/pidgin': free(): invalid pointer: 0x0000555555a0a0e0 ***
Program received signal SIGABRT, Aborted.
0x00007ffff4955107 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff4955107 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff49564e8 in __GI_abort () at abort.c:89
#2 0x00007ffff4993204 in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7ffff4a85fe0 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff49989de in malloc_printerr (action=1, str=0x7ffff4a8209e
"free(): invalid pointer",
ptr=<optimized out>) at malloc.c:4996
#4 0x00007ffff49996e6 in _int_free (av=<optimized out>, p=<optimized out>,
have_lock=0) at malloc.c:3840
#5 0x00007ffff558c86b in g_string_free () from /lib/x86_64-linux-
gnu/libglib-2.0.so.0
#6 0x00007fffe6a4cda9 in ?? () from /usr/lib/purple-2/libirc.so
#7 0x00007ffff5240ec6 in _purple_connection_destroy () from
/usr/lib/libpurple.so.0
#8 0x00007ffff522c99b in purple_account_disconnect () from
/usr/lib/libpurple.so.0
#9 0x00005555555ad673 in ?? ()
#10 0x00007ffff050670c in ?? () from /usr/lib/x86_64-linux-gnu/libdbus-
glib-1.so.2
#11 0x00007ffff58412d5 in g_closure_invoke () from /usr/lib/x86_64-linux-
gnu/libgobject-2.0.so.0
#12 0x00007ffff585303c in ?? () from /usr/lib/x86_64-linux-
gnu/libgobject-2.0.so.0
#13 0x00007ffff585b698 in g_signal_emit_valist () from /usr/lib/x86_64-linux-
gnu/libgobject-2.0.so.0
#14 0x00007ffff585b8ff in g_signal_emit () from /usr/lib/x86_64-linux-
gnu/libgobject-2.0.so.0
#15 0x00007ffff0507052 in ?? () from /usr/lib/x86_64-linux-gnu/libdbus-
glib-1.so.2
#16 0x00007ffff7ba31d1 in dbus_connection_dispatch () from /lib/x86_64-linux-
gnu/libdbus-1.so.3
#17 0x00007ffff0500db5 in ?? () from /usr/lib/x86_64-linux-gnu/libdbus-
glib-1.so.2
#18 0x00007ffff556bc3d in g_main_context_dispatch () from /lib/x86_64-linux-
gnu/libglib-2.0.so.0
#19 0x00007ffff556bf20 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007ffff556c242 in g_main_loop_run () from /lib/x86_64-linux-
gnu/libglib-2.0.so.0
#21 0x00007ffff68165d7 in IA__gtk_main () at
/tmp/buildd/gtk+2.0-2.24.28/gtk/gtkmain.c:1268
#22 0x000055555558f557 in main ()
(gdb)
Thanks,
Fufu
Would you mind sending a new backtrace after installing the pidgin-dbg package?
There you go, the new backtrace: Program received signal SIGSEGV, Segmentation fault. __GI___libc_free (mem=0x80000006f) at malloc.c:2929 2929 malloc.c: No such file or directory. (gdb) bt #0 __GI___libc_free (mem=0x80000006f) at malloc.c:2929 #1 0x00007ffff558c86b in g_string_free () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #2 0x00007fffe6a4cda9 in irc_close (gc=0x5555563d1520) at /tmp/buildd/pidgin-2.10.11/./libpurple/protocols/irc/irc.c:529 #3 0x00007ffff5240ec6 in _purple_connection_destroy (gc=0x5555563d1520) at /tmp/buildd/pidgin-2.10.11/./libpurple/connection.c:275 #4 0x00007ffff522c99b in purple_account_disconnect (account=0x55555595f970) at /tmp/buildd/pidgin-2.10.11/./libpurple/account.c:1343 #5 0x00005555555ad673 in pidgin_connection_network_disconnected () at /tmp/buildd/pidgin-2.10.11/./pidgin/gtkconn.c:200 #6 0x00007ffff050670c in ?? () from /usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.2 #7 0x00007ffff58412d5 in g_closure_invoke () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #8 0x00007ffff585303c in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #9 0x00007ffff585b698 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #10 0x00007ffff585b8ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #11 0x00007ffff0507052 in ?? () from /usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.2 #12 0x00007ffff7ba31d1 in dbus_connection_dispatch () from /lib/x86_64-linux-gnu/libdbus-1.so.3 #13 0x00007ffff0500db5 in ?? () from /usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.2 #14 0x00007ffff556bc3d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #15 0x00007ffff556bf20 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #16 0x00007ffff556c242 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #17 0x00007ffff68165d7 in IA__gtk_main () at /tmp/buildd/gtk+2.0-2.24.28/gtk/gtkmain.c:1268 #18 0x000055555558f557 in main (argc=1, argv=0x7fffffffdf98) at /tmp/buildd/pidgin-2.10.11/./pidgin/gtkmain.c:937 (gdb)
Thanks. One other thing - would you mind running "pidgin -d > pidginlog.txt", reproducing the bug, and attaching the log file? You might want to look through the file first to see if there's any personal information that shouldn't be exposed.
This is what happened when I ran the command:
Could you try disabling all the plugins from Pidgin and try reproducing the bug again?
Sorry for the late reply, I had been away. Anyway, I have disabled all plugins, here is the backtrace: *** Error in `/usr/bin/pidgin': free(): invalid pointer: 0x00005555566a3300 *** Program received signal SIGABRT, Aborted. 0x00007ffff4956107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff4956107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff49574e8 in __GI_abort () at abort.c:89 #2 0x00007ffff4994204 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff4a86fe0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff49999de in malloc_printerr (action=1, str=0x7ffff4a8309e "free(): invalid pointer", ptr=<optimized out>) at malloc.c:4996 #4 0x00007ffff499a6e6 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840 #5 0x00007ffff558d86b in g_string_free () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #6 0x00007fffe6a4eda9 in irc_close (gc=0x5555564ea490) at /tmp/buildd/pidgin-2.10.11/./libpurple/protocols/irc/irc.c:529 #7 0x00007ffff5241ec6 in _purple_connection_destroy (gc=0x5555564ea490) at /tmp/buildd/pidgin-2.10.11/./libpurple/connection.c:275 #8 0x00007ffff522d99b in purple_account_disconnect (account=0x5555563be740) at /tmp/buildd/pidgin-2.10.11/./libpurple/account.c:1343 #9 0x0000555555593135 in enabled_cb (renderer=<optimized out>, path_str=0x5555566d8a50 "0", data=<optimized out>) at /tmp/buildd/pidgin-2.10.11/./pidgin/gtkaccount.c:2002 #10 0x00007ffff5844f3a in g_cclosure_marshal_VOID__STRINGv () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #11 0x00007ffff5842504 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #12 0x00007ffff585bfa7 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #13 0x00007ffff585c8ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #14 0x00007ffff67846c1 in gtk_cell_renderer_toggle_activate (cell=<optimized out>, event=<optimized out>, widget=<optimized out>, path=<optimized out>, background_area=<optimized out>, cell_area=<optimized out>, flags=(unknown: 0)) at /tmp/buildd/gtk+2.0-2.24.28/gtk/gtkcellrenderertoggle.c:407 #15 0x00007ffff6922867 in gtk_tree_view_column_cell_process_action (tree_column=0x35, window=0x7ca3, window@entry=0x0, background_area=0x6, background_area@entry=0x7fffffffb450, cell_area=0xffffffffffffffff, cell_area@entry=0x7fffffffb460, flags=0, action=0, action@entry=2, focus_rectangle=0x0, editable_widget=0x7fffffffb448, event=0x7fffb80031d0, path_string=0x555555db9c50 "0", expose_area=<optimized out>) at /tmp/buildd/gtk+2.0-2.24.28/gtk/gtktreeviewcolumn.c:2913 #16 0x00007ffff6922a9b in _gtk_tree_view_column_cell_event (tree_column=0x555555de4600, editable_widget=0x7fffffffb448, event=0x7fffb80031d0, path_string=0x555555db9c50 "0", background_area=0x7fffffffb450, cell_area=0x7fffffffb460, flags=0)