Closed Bug 418073 Opened 16 years ago Closed 16 years ago

Crash at startup Linux build with jemalloc if GTK_IM_MODULE=uim

Categories

(Core :: Widget: Gtk, defect, P2)

x86
Linux
defect

Tracking

()

VERIFIED INVALID

People

(Reporter: masayuki, Assigned: jasone)

References

Details

(Keywords: crash)

If the user uses UIM, Linux build with jemalloc cannot start. It's crashed at starting up. But with SCIM, it's not happen.

Irie-san succeeded to trace the stack, thank you!

Breakpoint 2, 0x07a04456 in fputs () from /lib/libc.so.6
(gdb) bt
#0  0x07a04456 in fputs () from /lib/libc.so.6
#1  0x07ea5a37 in ?? () from /usr/lib/libuim.so.5
#2  0x07e9d1eb in ?? () from /usr/lib/libuim.so.5
#3  0x07e9fcce in ?? () from /usr/lib/libuim.so.5
#4  0x07ea6a61 in ?? () from /usr/lib/libuim.so.5
#5  0x07ea6b59 in ?? () from /usr/lib/libuim.so.5
#6  0x07ea6c6b in ?? () from /usr/lib/libuim.so.5
#7  0x07ea7e8b in ?? () from /usr/lib/libuim.so.5
#8  0x07e9f460 in ?? () from /usr/lib/libuim.so.5
#9  0x07e9f47d in ?? () from /usr/lib/libuim.so.5
#10 0x07e9f496 in ?? () from /usr/lib/libuim.so.5
#11 0x07ea31a9 in ?? () from /usr/lib/libuim.so.5
#12 0x07ea3741 in ?? () from /usr/lib/libuim.so.5
#13 0x07ea3c57 in ?? () from /usr/lib/libuim.so.5
#14 0x07ea419c in ?? () from /usr/lib/libuim.so.5
#15 0x07ea3251 in ?? () from /usr/lib/libuim.so.5
#16 0x07ea520a in ?? () from /usr/lib/libuim.so.5
#17 0x07ea5aa2 in ?? () from /usr/lib/libuim.so.5
#18 0x07ea6c48 in ?? () from /usr/lib/libuim.so.5
#19 0x07ea7e8b in ?? () from /usr/lib/libuim.so.5
#20 0x07e9f460 in ?? () from /usr/lib/libuim.so.5
#21 0x07e9f47d in ?? () from /usr/lib/libuim.so.5
#22 0x07e9f496 in ?? () from /usr/lib/libuim.so.5
#23 0x07ea18ef in ?? () from /usr/lib/libuim.so.5
#24 0x07ea376c in ?? () from /usr/lib/libuim.so.5
#25 0x07ea317a in ?? () from /usr/lib/libuim.so.5
#26 0x07ea3741 in ?? () from /usr/lib/libuim.so.5
#27 0x07cb06b9 in GCROOTS_call_with_gc_ready_stack ()
   from /usr/lib/libgcroots.so.0
#28 0x07ea8068 in ?? () from /usr/lib/libuim.so.5
#29 0x07ea85aa in uim_scm_eval_c_string () from /usr/lib/libuim.so.5
#30 0x07eab265 in uim_symbol_value_str () from /usr/lib/libuim.so.5
#31 0x045656d8 in uim_cand_win_gtk_get_window_pos_type ()
   from /usr/lib/gtk-2.0/2.10.0/immodules/im-uim.so
#32 0x04565ce4 in ?? () from /usr/lib/gtk-2.0/2.10.0/immodules/im-uim.so
#33 0x0073e7ac in g_type_create_instance () from /lib/libgobject-2.0.so.0
#34 0x00725f72 in ?? () from /lib/libgobject-2.0.so.0
#35 0x00723bbb in g_object_newv () from /lib/libgobject-2.0.so.0
#36 0x007247d8 in g_object_new_valist () from /lib/libgobject-2.0.so.0
#37 0x007248e0 in g_object_new () from /lib/libgobject-2.0.so.0
#38 0x04566f7e in uim_cand_win_gtk_new ()
   from /usr/lib/gtk-2.0/2.10.0/immodules/im-uim.so
#39 0x04561f67 in ?? () from /usr/lib/gtk-2.0/2.10.0/immodules/im-uim.so
#40 0x0073e7ac in g_type_create_instance () from /lib/libgobject-2.0.so.0
#41 0x00725f72 in ?? () from /lib/libgobject-2.0.so.0
#42 0x00723bbb in g_object_newv () from /lib/libgobject-2.0.so.0
#43 0x0072472e in g_object_new_valist () from /lib/libgobject-2.0.so.0
#44 0x007248e0 in g_object_new () from /lib/libgobject-2.0.so.0
#45 0x045641bb in im_module_create ()
   from /usr/lib/gtk-2.0/2.10.0/immodules/im-uim.so
#46 0x002f7c19 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#47 0x002f883b in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#48 0x002f8a39 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#49 0x002f5dee in gtk_im_context_set_client_window ()
   from /usr/lib/libgtk-x11-2.0.so.0
#50 0x011c71df in ?? () from ./libxul.so
#51 0x08c7eaf0 in ?? ()
#52 0x08a5c068 in ?? ()
#53 0x00000000 in ?? ()
(gdb) 

We might need to contact to UIM developers.
Flags: blocking1.9?
we had problems similar to this before (search for glibc5/glibc6?). iirc they manage to statically link in a different runtime.
Additional information:
With GTK_IM_MODULE=xim, Firefox does start without problem
but doesn't with GTK_IM_MODULE=uim.
There are many possible explanations for this crash.  Some likely explanations are:

* If libuim statically links to libc, this causes some allocations via glibc's malloc, and others via jemalloc.  Mixing allocators will result in crashes.

* libuim includes an embedded scheme interpreter, and this crash occurs during garbage collection.  It may be that the garbage collector is trying to read from memory that is already deallocated.

* A buffer overflow may cause different behavior (crash for jemalloc) due to differences in how objects are laid out in memory.

This is most likely a problem in libuim.  If there are no libuim developers that will look at this problem, please provide information on what version of libuim to use, which operating system to use, etc., so that I can reproduce the crash.
Assignee: nobody → jasone
Status: NEW → ASSIGNED
I've rebuilt the uim with debuginfo, and got a detailed stacktrace.

In fact, this is not a *real* crash. The SigScheme interpreter that embedded in uim calls exit() libc function, then exits abnormally.
It seems that the SigScheme or uim code doesn't work properly with jemalloc, it results internal fatal error and exits. But I can't tell why...

The stacktrace follows:

(gdb) b exit
	*snip*
(gdb) run
	*snip*
Breakpoint 1, 0x05e9db76 in exit () from /lib/libc.so.6
(gdb) bt
#0  0x05e9db76 in exit () from /lib/libc.so.6
#1  0x0321dc62 in scm_fatal_error (msg=0x32314f9 "looped fatal error") at ../sigscheme/src/error.c:245
#2  0x03226b60 in scm_p_fatal_error (err_obj=150818768) at ../sigscheme/src/error.c:271
#3  0x03226c6b in scm_p_srfi34_raise (obj=150818768) at ../sigscheme/src/module-srfi34.c:307
#4  0x03227e8b in scm_raise_error (err_obj=150818768) at ../sigscheme/src/error.c:225
#5  0x0321f460 in scm_error_internal (func_name=0x0, obj=150790144, msg=<value optimized out>, args=0xbfad6044 "\f��\bh`��K\230\"\003p�#\003\f��\b\230`��nb\"\003\f��\b,��\b\230`��\231�!\003���\b\001")
    at ../sigscheme/src/error.c:369
#6  0x0322577b in scm_plain_error (msg=0x32313ac "invalid misc object: ptr = ~P") at ../sigscheme/src/error.c:379
#7  0x0322601a in scm_type (obj=100413628) at ../sigscheme/src/storage.c:610
#8  0x0322626e in write_obj (port=150794284, obj=150790924, otype=AS_WRITE) at ../sigscheme/src/write.c:223
#9  0x032268e7 in write_internal (port=150794284, obj=150790924, otype=AS_WRITE) at ../sigscheme/src/write.c:199
#10 0x032264e6 in write_obj (port=150794284, obj=<value optimized out>, otype=AS_DISPLAY) at ../sigscheme/src/write.c:598
#11 0x032268e7 in write_internal (port=150794284, obj=150818720, otype=AS_DISPLAY) at ../sigscheme/src/write.c:199
#12 0x032269a7 in write_ss_internal (port=150794284, obj=150818720, otype=AS_DISPLAY) at ../sigscheme/src/write.c:811
#13 0x03226a80 in scm_p_inspect_error (err_obj=150818720) at ../sigscheme/src/write.c:827
#14 0x03226b59 in scm_p_fatal_error (err_obj=150818720) at ../sigscheme/src/error.c:267
#15 0x03226c6b in scm_p_srfi34_raise (obj=150818720) at ../sigscheme/src/module-srfi34.c:307
#16 0x03227e8b in scm_raise_error (err_obj=150818720) at ../sigscheme/src/error.c:225
#17 0x0321f460 in scm_error_internal (func_name=0x3231157 "(function call)", obj=150790924, msg=<value optimized out>, args=0xbfad623c "p�#\003\f��\b\230��\b�b���1\"\003'")
    at ../sigscheme/src/error.c:369
#18 0x0321f47d in scm_error_obj_internal (func_name=0x3231157 "(function call)", msg=0x322fab0 "procedure or syntax required but got", obj=150790924) at ../sigscheme/src/error.c:420
#19 0x0321f496 in scm_error_obj (func_name=0x321d880 "轿��\201���\001", msg=0x5fc30bc "", obj=52669296) at ../sigscheme/src/error.c:411
#20 0x032231a9 in call (proc=150790924, args=<value optimized out>, eval_state=0xbfad62f4, need_eval=SCM_VALTYPE_NEED_EVAL) at ../sigscheme/src/eval.c:284
#21 0x03223741 in scm_eval (obj=150794656, env=<value optimized out>) at ../sigscheme/src/eval.c:463
#22 0x03223c57 in scm_s_begin (args=150818456, eval_state=0xbfad63fc) at ../sigscheme/src/syntax.c:830
#23 0x0322419c in scm_s_body (body=150818480, eval_state=0xbfad63fc) at ../sigscheme/src/syntax.c:799
#24 0x03223251 in call (proc=<value optimized out>, args=<value optimized out>, eval_state=0xbfad63fc, need_eval=SCM_VALTYPE_AS_IS) at ../sigscheme/src/eval.c:216
#25 0x0322520a in scm_call (proc=52549760, args=100413628) at ../sigscheme/src/eval.c:93
#26 0x03225aa2 in scm_dynamic_wind (before=150818538, thunk=150818498, after=150818578) at ../sigscheme/src/continuation.c:205
#27 0x03226c48 in scm_p_srfi34_raise (obj=150818416) at ../sigscheme/src/module-srfi34.c:320
#28 0x03227e8b in scm_raise_error (err_obj=150818400) at ../sigscheme/src/error.c:225
#29 0x0321f460 in scm_error_internal (func_name=0x3230f07 "scm_symbol_value", obj=150818276, msg=<value optimized out>, 
    args=0xbfad64dc "��!\003�$�\b�M�\b�d���\030\"\003p�#\003�M�\b(e��l7\"\003���\bp�#\003�e��/\237\"\003\2006�\b\036") at ../sigscheme/src/error.c:369
#30 0x0321f47d in scm_error_obj_internal (func_name=0x3230f07 "scm_symbol_value", msg=0x3230ef6 "unbound variable", obj=150818276) at ../sigscheme/src/error.c:420
#31 0x0321f496 in scm_error_obj (func_name=0x321d880 "轿��\201���\001", msg=0x5fc30bc "", obj=52669296) at ../sigscheme/src/error.c:411
#32 0x032218ef in scm_symbol_value (var=150818276, env=<value optimized out>) at ../sigscheme/src/env.c:419
#33 0x0322376c in scm_eval (obj=52549760, env=<value optimized out>) at ../sigscheme/src/eval.c:461
#34 0x0322317a in call (proc=150818276, args=<value optimized out>, eval_state=0xbfad65d4, need_eval=SCM_VALTYPE_NEED_EVAL) at ../sigscheme/src/eval.c:245
#35 0x03223741 in scm_eval (obj=150818288, env=<value optimized out>) at ../sigscheme/src/eval.c:463
#36 0x054296b9 in GCROOTS_call_with_gc_ready_stack (ctx=0x8faca60, proc=0x322a8a0 <scm_eval_c_string_internal>, arg=0x8fc3680) at gcroots.c:104
#37 0x03228068 in scm_call_with_gc_ready_stack (func=<value optimized out>, arg=0x5fc30bc) at ../sigscheme/src/storage-gc.c:263
#38 0x032285aa in uim_scm_eval_c_string (str=0x8fc3680 "(uim-symbol-value-str 'candidate-window-position)") at uim-scm.c:458
#39 0x0322b265 in uim_symbol_value_str (symbol_str=0x311b116 "candidate-window-position") at uim-compat-scm.c:146
#40 0x031156d8 in uim_cand_win_gtk_get_window_pos_type (cwin=0x8d43020) at uim-cand-win-gtk.c:144
#41 0x03115ce4 in uim_cand_win_gtk_init (cwin=0x8d43020) at uim-cand-win-gtk.c:176
#42 0x0073e7ac in g_type_create_instance () from /lib/libgobject-2.0.so.0
#43 0x00725f72 in ?? () from /lib/libgobject-2.0.so.0
#44 0x00723bbb in g_object_newv () from /lib/libgobject-2.0.so.0
#45 0x007247d8 in g_object_new_valist () from /lib/libgobject-2.0.so.0
#46 0x007248e0 in g_object_new () from /lib/libgobject-2.0.so.0
#47 0x03116f7e in uim_cand_win_gtk_new () at uim-cand-win-gtk.c:309
#48 0x03111f67 in im_uim_init (uic=0x8a2e800) at gtk-im-uim.c:1297
#49 0x0073e7ac in g_type_create_instance () from /lib/libgobject-2.0.so.0
#50 0x00725f72 in ?? () from /lib/libgobject-2.0.so.0
#51 0x00723bbb in g_object_newv () from /lib/libgobject-2.0.so.0
#52 0x0072472e in g_object_new_valist () from /lib/libgobject-2.0.so.0
#53 0x007248e0 in g_object_new () from /lib/libgobject-2.0.so.0
#54 0x031141bb in im_module_create (context_id=0x5fc30bc "") at gtk-im-uim.c:1393
#55 0x002f7c19 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#56 0x002f883b in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#57 0x002f8a39 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#58 0x002f5dee in gtk_im_context_set_client_window () from /usr/lib/libgtk-x11-2.0.so.0
#59 0x011c71df in ?? () from ./libxul.so
#60 0x08c7eaf0 in ?? ()
#61 0x08a5c068 in ?? ()
#62 0x00000000 in ?? ()
(gdb) 

Thanks a lot to look at this problem, jason.
This is my environment:

  OS: Fedora 7
  uim version: uim-1.4.1

BTW, another user reproduces this on debian-sid.

The uim package is originally packaged by Fedora 7 distributer.
I've rebuilt it with tweaking SPEC to include the debuginfo.
(just added --with-debug to %configure section.)

Related packages:
[uimtest@localhost firefox]$ rpm -qa | grep -i uim
uim-gnome-1.4.1-3.fc7g
uim-anthy-1.4.1-3.fc7g
uim-debuginfo-1.4.1-3.fc7g
uim-1.4.1-3.fc7g
uim-gtk2-1.4.1-3.fc7g
uim-m17n-1.4.1-3.fc7g
As a developer of uim, this seems to be caused from a memory alignment issue in sigscheme, embedded scheme interpreter of uim, which was already fixed sometimes ago in our repository but not released yet.  I'm going to release fixed version of uim later this week.

Cheers,
hurray.  When you put out a new version can you make a note in here?  I'll ping people I know at the distros to update their versions.
Hi,

The fixed version is now released.  See http://groups.google.com/group/uim-en/browse_thread/thread/c2331f7608efa345

Nightly version of Firefox 3 (firefox-3.0b4pre.en-US.linux-i686.tar.bz2) on Fedora 8 now works using uim 1.4.2 (GTK_IM_MODULE=uim).

Cheers,
Flags: blocking1.9?
Flags: blocking1.9+
Flags: blocking1.8.1.13?
Priority: -- → P2
Fixed upstream, so this -> INVALID
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
clearing nomination on "invalid" bug. Or was the intent to make sure the branch incorporates the upstream changes? If so please re-request with some clarification.
Flags: blocking1.8.1.13?
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.