Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#15282 closed defect (fixed)

Reliable crash of Ubuntu's Pidgin build

Reported by: ioerror Owned by:
Milestone: 2.10.7 Component: pidgin (gtk)
Version: 2.7.11 Keywords:
Cc:

Description

During my attempts to triage ( #14571 and #15281 ) and reproduce some libpng/zlib/gtk bugs, I found a reliable crash in the Pidgin shipping with Ubuntu's Natty release. Please see bug #14571 for the malformed png files I'm using to crash Pidgin.

It also appears that those pngs trigger some bugs (likely GTK again) with Ubuntu's pidgin on Natty (Pidgin 2.7.11 (libpurple 2.7.11)).

When trying to set my Ubuntu client's buddy icon (in accounts, settings, xmpp account, use this buddy icon) to png-1-width-800-height-2.png, my entire pidgin crashes:

[New Thread 0x7f469effd700 (LWP 11116)]
[Thread 0x7f469cc22700 (LWP 11115) exited]
The program 'Pidgin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 91875 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
[Thread 0x7f46a814d700 (LWP 10426) exited]
[Thread 0x7f469effd700 (LWP 11116) exited]

Here's another run:

The program 'Pidgin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 9969573 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

This is a reliable crash using png-1-width-800-height-2.png - I have a bunch of other malformed pngs in the same directory and the directory actually _re-arranges_ itself while waiting for me to select a file:

The program 'Pidgin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 135898 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

Once I even triggered what might just be an epic AppArmor? kernel message log before it crashed out. Note the value after "name=" and well, what just happened?

[194563.072597] type=1400 audit(1345771956.934:381): apparmor="DENIED" operation="open" parent=16943 profile="/usr/bin/pidgin" name=2F686F6D652F696F2F4465736B746F702F436C65616E207570202F pid=16964 comm="pidgin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Change History (26)

comment:1 Changed 5 years ago by ioerror

This is for Pidgin 2.7.11 (libpurple 2.7.11); the package is 'pidgin' version '1:2.7.11-1ubuntu2.2' on Ubuntu Natty.

comment:2 Changed 5 years ago by ioerror

comment:3 Changed 5 years ago by bleeter

  • Resolution set to invalid
  • Status changed from new to closed

This is the Pidgin bug and feature request tracker, not an Ubuntu support forum. Please take another look at Ubuntu's support resources (here for IRC channels or here for other methods of communication) and contact them instead.

comment:4 Changed 5 years ago by ioerror

I realize that isn't an Ubuntu support forum. I opened a bug with them as well.

On the pidgin website ( http://pidgin.im/download/linux/ ) it says:

We do not provide pre-built packages for most Linux and Unix distributions. '''We recommend installing Pidgin using your operating system's standard package management tool'''.

I followed the instructions on the website and I found this bug. Pidgin suggests people take this route; it is currently susceptible to the issue described.

comment:5 Changed 5 years ago by ioerror

I build pidgin from the current tip of hg and attempted to load the icon - as expected it crashed:

The program 'Pidgin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 6300 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

comment:6 Changed 5 years ago by ioerror

As this bug is now closed, I've opened a new bug (#15288) that deals with this being built from source.

comment:7 Changed 5 years ago by datallah

Ticket #15288 has been marked as a duplicate of this ticket.

comment:8 Changed 5 years ago by datallah

  • Resolution invalid deleted
  • Status changed from closed to new

comment:9 follow-up: Changed 5 years ago by datallah

  • Status changed from new to pending

Please follow the instructions to get a backtrace and attach it to this ticket.

comment:10 in reply to: ↑ 9 Changed 5 years ago by bleeter

Replying to datallah:

Please follow the instructions to get a backtrace and attach it to this ticket.

Beat me to it.

comment:11 Changed 5 years ago by amieiro

I reproduced this bug in a debian wheezy install, but it crashed my entire gnome session. I get a black screen with the message "Oh no! something has gone wrong. A problem has occurred and the system can't recover. Please log out and try again.".

This was using the same png-1-width-800-height-2.png from bug #14571

comment:12 Changed 5 years ago by ioerror

  • Status changed from pending to new

The basic GetABacktrace didn't work on the first iteration because of the depth of the bug; otherwise, I would have included it straight away.

Here's the backtrace from Pidgin built from source (the last change set is 33351:bd15903d0d89):

GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/pidgin...done.
(gdb) run
Starting program: /usr/local/bin/pidgin 
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffde5da700 (LWP 16761)]
[New Thread 0x7fffdce65700 (LWP 16763)]
[New Thread 0x7fffd7fff700 (LWP 16764)]
[New Thread 0x7fffd77fe700 (LWP 16765)]
[New Thread 0x7fffd6ffd700 (LWP 16766)]
[New Thread 0x7fffcf570700 (LWP 16848)]
The program 'Pidgin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 3762 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
[Thread 0x7fffcf570700 (LWP 16848) exited]
[Thread 0x7fffd6ffd700 (LWP 16766) exited]
[Thread 0x7fffd77fe700 (LWP 16765) exited]
[Thread 0x7fffd7fff700 (LWP 16764) exited]
[Thread 0x7fffdce65700 (LWP 16763) exited]
[Thread 0x7fffde5da700 (LWP 16761) exited]

Program exited with code 01.
(gdb) quit
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/pidgin...done.
(gdb) run
Starting program: /usr/local/bin/pidgin 
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffde5da700 (LWP 16869)]
[New Thread 0x7fffdce65700 (LWP 16870)]
[New Thread 0x7fffd7fff700 (LWP 16871)]
[New Thread 0x7fffd77fe700 (LWP 16872)]
[New Thread 0x7fffd6ffd700 (LWP 16873)]
[New Thread 0x7fffcf570700 (LWP 16960)]
The program 'Pidgin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 4375 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
[Thread 0x7fffcf570700 (LWP 16960) exited]
[Thread 0x7fffd6ffd700 (LWP 16873) exited]
[Thread 0x7fffd77fe700 (LWP 16872) exited]
[Thread 0x7fffd7fff700 (LWP 16871) exited]
[Thread 0x7fffdce65700 (LWP 16870) exited]
[Thread 0x7fffde5da700 (LWP 16869) exited]

Program exited with code 01.
(gdb)

Obviously, that isn't very useful. I have no crash logged in my kernel messages. I also attached with gdb to my metacity window manager and had this output:

GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 16432
Reading symbols from /usr/bin/metacity...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libcanberra-gtk.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcanberra-gtk.so.0
Reading symbols from /usr/lib/libcanberra.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcanberra.so.0
Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0
Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0
Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0
Reading symbols from /usr/lib/libcairo.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcairo.so.2
Reading symbols from /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0
Reading symbols from /usr/lib/libgconf-2.so.4...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgconf-2.so.4
Reading symbols from /lib/x86_64-linux-gnu/libglib-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libglib-2.0.so.0
Reading symbols from /usr/lib/libstartup-notification-1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libstartup-notification-1.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libXcomposite.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXcomposite.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXrender.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXrender.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXdamage.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXdamage.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXfixes.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXfixes.so.3
Reading symbols from /usr/lib/x86_64-linux-gnu/libXcursor.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXcursor.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXrandr.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXrandr.so.2
Reading symbols from /usr/lib/x86_64-linux-gnu/libSM.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libSM.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libICE.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libICE.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libX11.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libX11.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libXext.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXext.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libXinerama.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXinerama.so.1
Reading symbols from /lib/x86_64-linux-gnu/libm.so.6...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libm-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libm.so.6
Reading symbols from /lib/x86_64-linux-gnu/libpthread.so.0...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libpthread-2.13.so...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x7f3d36a03700 (LWP 16435)]
done.
Loaded symbols for /lib/x86_64-linux-gnu/libpthread.so.0
Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libc.so.6
Reading symbols from /usr/lib/libvorbisfile.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libvorbisfile.so.3
Reading symbols from /usr/lib/libtdb.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libtdb.so.1
Reading symbols from /usr/lib/libltdl.so.7...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libltdl.so.7
Reading symbols from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libfreetype.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libfreetype.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libfontconfig.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libfontconfig.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0
Reading symbols from /lib/x86_64-linux-gnu/librt.so.1...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/librt-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/librt.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXi.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXi.so.6
Reading symbols from /usr/lib/libpixman-1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpixman-1.so.0
Reading symbols from /lib/x86_64-linux-gnu/libpng12.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libpng12.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libxcb-shm.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libxcb-shm.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libxcb-render.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libxcb-render.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libxcb.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libxcb.so.1
Reading symbols from /lib/x86_64-linux-gnu/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libz.so.1
Reading symbols from /lib/x86_64-linux-gnu/libpcre.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libpcre.so.3
Reading symbols from /usr/lib/libORBit-2.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libORBit-2.so.0
Reading symbols from /usr/lib/libxcb-aux.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxcb-aux.so.0
Reading symbols from /usr/lib/libxcb-event.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxcb-event.so.1
Reading symbols from /usr/lib/libxcb-atom.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxcb-atom.so.1
Reading symbols from /lib/x86_64-linux-gnu/libuuid.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libuuid.so.1
Reading symbols from /lib/x86_64-linux-gnu/libdl.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libdl-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libdl.so.2
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib/libvorbis.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libvorbis.so.0
Reading symbols from /usr/lib/libogg.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libogg.so.0
Reading symbols from /lib/x86_64-linux-gnu/libresolv.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libresolv-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libresolv.so.2
Reading symbols from /lib/x86_64-linux-gnu/libselinux.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libselinux.so.1
Reading symbols from /lib/x86_64-linux-gnu/libexpat.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libexpat.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXau.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXau.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libXdmcp.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXdmcp.so.6
Reading symbols from /lib/x86_64-linux-gnu/libnss_compat.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libnss_compat-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libnss_compat.so.2
Reading symbols from /lib/x86_64-linux-gnu/libnsl.so.1...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libnsl-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libnsl.so.1
Reading symbols from /lib/x86_64-linux-gnu/libnss_nis.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libnss_nis-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libnss_nis.so.2
Reading symbols from /lib/x86_64-linux-gnu/libnss_files.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libnss_files-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libnss_files.so.2
Reading symbols from /usr/lib/liboverlay-scrollbar-0.1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/liboverlay-scrollbar-0.1.so.0
Reading symbols from /usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so
Reading symbols from /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so
Reading symbols from /usr/lib/gtk-2.0/2.10.0/engines/libpixmap.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gtk-2.0/2.10.0/engines/libpixmap.so
Reading symbols from /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so
Reading symbols from /usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so...Reading symbols from /usr/lib/debug/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so...done.
done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so
Reading symbols from /usr/lib/x86_64-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so
Reading symbols from /usr/lib/gio/modules/libgvfsdbus.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gio/modules/libgvfsdbus.so
Reading symbols from /usr/lib/libgvfscommon.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgvfscommon.so.0
Reading symbols from /lib/x86_64-linux-gnu/libdbus-1.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libdbus-1.so.3
Reading symbols from /lib/x86_64-linux-gnu/libudev.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libudev.so.0
Reading symbols from /lib/x86_64-linux-gnu/libutil.so.1...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libutil-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libutil.so.1
Reading symbols from /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so
Reading symbols from /usr/lib/librsvg-2.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/librsvg-2.so.2
Reading symbols from /usr/lib/libcroco-0.6.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcroco-0.6.so.3
Reading symbols from /usr/lib/libxml2.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxml2.so.2
0x00007f3d3c006ae3 in __poll (fds=<value optimized out>, 
    nfds=<value optimized out>, timeout=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/poll.c:87
87	../sysdeps/unix/sysv/linux/poll.c: No such file or directory.
	in ../sysdeps/unix/sysv/linux/poll.c
(gdb) continue
Continuing.

Program received signal SIGABRT, Aborted.
0x00007f3d3bf60d05 in raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
	in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) 
Continuing.
[Thread 0x7f3d36a03700 (LWP 16435) exited]

Program terminated with signal SIGABRT, Aborted.
The program no longer exists.
(gdb) quit
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 16849
Reading symbols from /usr/bin/metacity...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libcanberra-gtk.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcanberra-gtk.so.0
Reading symbols from /usr/lib/libcanberra.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcanberra.so.0
Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0
Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0
Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0
Reading symbols from /usr/lib/libcairo.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcairo.so.2
Reading symbols from /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0
Reading symbols from /usr/lib/libgconf-2.so.4...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgconf-2.so.4
Reading symbols from /lib/x86_64-linux-gnu/libglib-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libglib-2.0.so.0
Reading symbols from /usr/lib/libstartup-notification-1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libstartup-notification-1.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libXcomposite.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXcomposite.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXrender.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXrender.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXdamage.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXdamage.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXfixes.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXfixes.so.3
Reading symbols from /usr/lib/x86_64-linux-gnu/libXcursor.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXcursor.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXrandr.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXrandr.so.2
Reading symbols from /usr/lib/x86_64-linux-gnu/libSM.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libSM.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libICE.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libICE.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libX11.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libX11.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libXext.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXext.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libXinerama.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXinerama.so.1
Reading symbols from /lib/x86_64-linux-gnu/libm.so.6...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libm-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libm.so.6
Reading symbols from /lib/x86_64-linux-gnu/libpthread.so.0...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libpthread-2.13.so...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x7fb22638e700 (LWP 16850)]
done.
Loaded symbols for /lib/x86_64-linux-gnu/libpthread.so.0
Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libc.so.6
Reading symbols from /usr/lib/libvorbisfile.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libvorbisfile.so.3
Reading symbols from /usr/lib/libtdb.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libtdb.so.1
Reading symbols from /usr/lib/libltdl.so.7...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libltdl.so.7
Reading symbols from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libfreetype.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libfreetype.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libfontconfig.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libfontconfig.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0
Reading symbols from /lib/x86_64-linux-gnu/librt.so.1...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/librt-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/librt.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXi.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXi.so.6
Reading symbols from /usr/lib/libpixman-1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpixman-1.so.0
Reading symbols from /lib/x86_64-linux-gnu/libpng12.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libpng12.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libxcb-shm.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libxcb-shm.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libxcb-render.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libxcb-render.so.0
Reading symbols from /usr/lib/x86_64-linux-gnu/libxcb.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libxcb.so.1
Reading symbols from /lib/x86_64-linux-gnu/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libz.so.1
Reading symbols from /lib/x86_64-linux-gnu/libpcre.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libpcre.so.3
Reading symbols from /usr/lib/libORBit-2.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libORBit-2.so.0
Reading symbols from /usr/lib/libxcb-aux.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxcb-aux.so.0
Reading symbols from /usr/lib/libxcb-event.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxcb-event.so.1
Reading symbols from /usr/lib/libxcb-atom.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxcb-atom.so.1
Reading symbols from /lib/x86_64-linux-gnu/libuuid.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libuuid.so.1
Reading symbols from /lib/x86_64-linux-gnu/libdl.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libdl-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libdl.so.2
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib/libvorbis.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libvorbis.so.0
Reading symbols from /usr/lib/libogg.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libogg.so.0
Reading symbols from /lib/x86_64-linux-gnu/libresolv.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libresolv-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libresolv.so.2
Reading symbols from /lib/x86_64-linux-gnu/libselinux.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libselinux.so.1
Reading symbols from /lib/x86_64-linux-gnu/libexpat.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libexpat.so.1
Reading symbols from /usr/lib/x86_64-linux-gnu/libXau.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXau.so.6
Reading symbols from /usr/lib/x86_64-linux-gnu/libXdmcp.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/libXdmcp.so.6
Reading symbols from /lib/x86_64-linux-gnu/libnss_compat.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libnss_compat-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libnss_compat.so.2
Reading symbols from /lib/x86_64-linux-gnu/libnsl.so.1...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libnsl-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libnsl.so.1
Reading symbols from /lib/x86_64-linux-gnu/libnss_nis.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libnss_nis-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libnss_nis.so.2
Reading symbols from /lib/x86_64-linux-gnu/libnss_files.so.2...Reading symbols from /usr/lib/debug/lib/x86_64-linux-gnu/libnss_files-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libnss_files.so.2
Reading symbols from /usr/lib/liboverlay-scrollbar-0.1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/liboverlay-scrollbar-0.1.so.0
Reading symbols from /usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so
Reading symbols from /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so
Reading symbols from /usr/lib/gtk-2.0/2.10.0/engines/libpixmap.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gtk-2.0/2.10.0/engines/libpixmap.so
Reading symbols from /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so
Reading symbols from /usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so...Reading symbols from /usr/lib/debug/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so...done.
done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so
Reading symbols from /usr/lib/x86_64-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/x86_64-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so
0x00007fb22b991ae3 in __poll (fds=<value optimized out>, 
    nfds=<value optimized out>, timeout=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/poll.c:87
87	../sysdeps/unix/sysv/linux/poll.c: No such file or directory.
	in ../sysdeps/unix/sysv/linux/poll.c
(gdb) continue
Continuing.

Program received signal SIGABRT, Aborted.
0x00007fb22b8ebd05 in raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
	in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb)

That is also not a very useful backtrace as i couldn't actually get gdb to produce one when all of my xsessions were locked up. The good news is that I managed to get two other useful logs that I believe are correlated with the above crashes. It should be possible to run gdb in screen and actually get a useful backtrace now that I know where to look.

This is from my .xsession-errors file:

Bug in window manager: Unexpected X error: BadAlloc (insufficient resources for operation) serial 14253 error_code 11 request_code 53 minor_code 0)
Window manager warning: Received a _NET_WM_MOVERESIZE message for 0x3a0009e (Buddy List); these messages lack timestamps and therefore suck.
Bug in window manager: Unexpected X error: BadAlloc (insufficient resources for operation) serial 5945 error_code 11 request_code 53 minor_code 0)

I'm sorry to say that it gets much worse. Unless I'm totally off the mark, I've managed to break out of my apparmor jail and crash a process running as root. That is really something... Which is... well, hooray for that png!

The relevant log files from my GDM session manager:

gdm/:0-greeter.log.1
gdm/:0.log.2
gdm/:0-slave.log.2

The :0-greeter.log.1 contents:

** (process:16310): DEBUG: Greeter session pid=16310 display=:0 xauthority=/var/run/gdm/auth-for-gdm-AfVSf3/database
gdm-simple-greeter[16310]: Gtk-WARNING: /build/buildd/gtk+2.0-2.24.4/gtk/gtkwidget.c:5687: widget not within a GtkWindow
Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0xc00034 (Login Wind)
Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed.
gdm-simple-greeter[16310]: WARNING: Unable to load CK history: no seat-id found
Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0xc00034 (Login Wind)
Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed.
Window manager warning: CurrentTime used to choose focus window; focus window may not be correct.
Window manager warning: Got a request to focus the no_focus_window with a timestamp of 0.  This shouldn't happen!

(gnome-settings-daemon:16300): libappindicator-WARNING **: Unable to send signal for NewStatus: The connection is closed

The :0.log.2 file contents the most important information, I think:

Backtrace:
0: /usr/bin/X (xorg_backtrace+0x26) [0x45cef6]
1: /usr/bin/X (0x400000+0x5ad2a) [0x45ad2a]
2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f8c2ab68000+0xfc60) [0x7f8c2ab77c60]
3: /usr/bin/X (0x400000+0x34d25) [0x434d25]
4: /usr/bin/X (0x400000+0x35b7f) [0x435b7f]
5: /usr/bin/X (0x400000+0xf3641) [0x4f3641]
6: /usr/bin/X (0x400000+0xfa6c0) [0x4fa6c0]
7: /usr/bin/X (0x400000+0x34df6) [0x434df6]
8: /usr/bin/X (0x400000+0x35b7f) [0x435b7f]
9: /usr/bin/X (0x400000+0x2d883) [0x42d883]
10: /usr/bin/X (CloseDownClient+0x125) [0x440725]
11: /usr/bin/X (0x400000+0x411d6) [0x4411d6]
12: /usr/bin/X (0x400000+0x21a7e) [0x421a7e]
13: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xff) [0x7f8c29ab0eff]
14: /usr/bin/X (0x400000+0x21629) [0x421629]
Segmentation fault at address 0x3991

Caught signal 11 (Segmentation fault). Server aborting

Please consult the The X.Org Foundation support 
	 at http://wiki.x.org
 for help. 
Please also check the log file at "/var/log/Xorg.0.log" for additional information.

The :0-slave.log.2 file contents:

gdm-simple-slave[1578]: WARNING: Unable to load file '/etc/gdm/custom.conf': No such file or directory
gdm-session-worker[1673]: WARNING: Unable to load file '/etc/gdm/custom.conf': No such file or directory
gdm-session-worker[1673]: GLib-GObject-CRITICAL: g_value_get_boolean: assertion `G_VALUE_HOLDS_BOOLEAN (value)' failed
gdm-session-worker[1673]: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "x"
gdm-session-worker[1673]: pam_unix(gdm:session): session opened for user x by (uid=0)
gdm-session-worker[1673]: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0
gdm-session-worker[1673]: pam_unix(gdm:session): session closed for user x

The relevant entries in /var/log/Xorg.0.log are missing.

In my /var/log/syslog I see some gtk errors - I crashed metacity a few times, X only crashed one time. This error is from one of those crashes:

Aug 26 18:51:38 x gdm-simple-greeter[16310]: Gtk-WARNING: /build/buildd/gtk+2.0-2.24.4/gtk/gtkwidget.c:5687: widget not within a GtkWindow
Aug 26 18:51:39 x gdm-simple-greeter[16310]: WARNING: Unable to load CK history: no seat-id found
Aug 26 18:51:40 x gdm-session-worker[16315]: GLib-GObject-CRITICAL: g_value_get_boolean: assertion `G_VALUE_HOLDS_BOOLEAN (value)' failed

comment:13 Changed 5 years ago by amieiro

I've managed to get a backtrace from my build (hg tip)

#0  pidgin_convert_buddy_icon (plugin=0x0, path=path@entry=0x1efcd10 "/home/amieiro/png-1-width-800-height-2.png", len=len@entry=0x7fff61992818) at gtkutils.c:2288
        prpl_info = <optimized out>
        spec = <optimized out>
        orig_width = <optimized out>
        orig_height = <optimized out>
        new_width = <optimized out>
        new_height = <optimized out>
        format = <optimized out>
        pixbuf_formats = <optimized out>
        prpl_formats = <optimized out>
        error = 0x7f5ac0fa9514 <g_timeout_add_seconds_full+100>
        contents = <optimized out>
        length = <optimized out>
        pixbuf = <optimized out>
        original = <optimized out>
        scale_factor = <optimized out>
        i = <optimized out>
        tmp = <optimized out>
        __PRETTY_FUNCTION__ = "pidgin_convert_buddy_icon"
#1  0x000000000043acdf in icon_filesel_choose_cb (filename=0x1efcd10 "/home/amieiro/png-1-width-800-height-2.png", data=0x1d28320) at gtkaccount.c:387
        len = 32492816
        data = <optimized out>
        dialog = 0x1d28320
#2  0x00000000004b61e0 in icon_filesel_choose_cb (dialog=0x1dde2e0, widget=<optimized out>, response=<optimized out>) at gtkutils.c:2155
        filename = 0x1efcd10 "/home/amieiro/png-1-width-800-height-2.png"
        current_folder = 0x1ebb990 "\220\306\360\001"
#3  icon_filesel_choose_cb (widget=<optimized out>, response=<optimized out>, dialog=0x1dde2e0) at gtkutils.c:2131
No locals.
#4  0x00007f5ac1bceec0 in g_closure_invoke () from /lib/libgobject-2.0.so.0
No symbol table info available.
#5  0x00007f5ac1bdff40 in ?? () from /lib/libgobject-2.0.so.0
No symbol table info available.
#6  0x00007f5ac1be7ebc in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
No symbol table info available.
#7  0x00007f5ac1be8052 in g_signal_emit () from /lib/libgobject-2.0.so.0
No symbol table info available.
#8  0x00007f5ac1bcf187 in ?? () from /lib/libgobject-2.0.so.0
No symbol table info available.
#9  0x00007f5ac1be7806 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
No symbol table info available.
#10 0x00007f5ac1be8052 in g_signal_emit () from /lib/libgobject-2.0.so.0
No symbol table info available.
#11 0x00007f5ac3c65ac8 in ?? () from /lib/libgtk-3.so.0
No symbol table info available.
#12 0x00007f5ac1bcf187 in ?? () from /lib/libgobject-2.0.so.0
No symbol table info available.
#13 0x00007f5ac1be7806 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
No symbol table info available.
#14 0x00007f5ac1be8052 in g_signal_emit () from /lib/libgobject-2.0.so.0
No symbol table info available.
#15 0x00007f5ac3c63de3 in ?? () from /lib/libgtk-3.so.0
No symbol table info available.
#16 0x00007f5ac3d2515f in ?? () from /lib/libgtk-3.so.0
No symbol table info available.
#17 0x00007f5ac1bcf187 in ?? () from /lib/libgobject-2.0.so.0
No symbol table info available.
#18 0x00007f5ac1be7806 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
No symbol table info available.
#19 0x00007f5ac1be8052 in g_signal_emit () from /lib/libgobject-2.0.so.0
No symbol table info available.
#20 0x00007f5ac3e4d3de in ?? () from /lib/libgtk-3.so.0
No symbol table info available.
#21 0x00007f5ac3d23125 in ?? () from /lib/libgtk-3.so.0
No symbol table info available.
#22 0x00007f5ac3d24d33 in gtk_main_do_event () from /lib/libgtk-3.so.0
No symbol table info available.
#23 0x00007f5ac3975ef2 in ?? () from /lib/libgdk-3.so.0
No symbol table info available.
#24 0x00007f5ac0fa8475 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
No symbol table info available.
#25 0x00007f5ac0fa87a8 in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#26 0x00007f5ac0fa8ba2 in g_main_loop_run () from /lib/libglib-2.0.so.0
No symbol table info available.
#27 0x00007f5ac3d240f5 in gtk_main () from /lib/libgtk-3.so.0
No symbol table info available.
#28 0x0000000000437443 in main (argc=3, argv=0x7fff61995f48) at gtkmain.c:901
        opt_force_online = 0
        opt_help = <optimized out>
        opt_login = 0
        opt_nologin = 0
        opt_version = <optimized out>
        opt_si = <optimized out>
        opt_config_dir_arg = <optimized out>
                opt_login_arg = <optimized out>
        opt_session_arg = <optimized out>
        search_path = <optimized out>
        accounts = <optimized out>
        sig_indx = 1
        sigset = {__val = {82950, 0 <repeats 15 times>}}
        prev_sig_disp = <optimized out>
        errmsg =
    '\000' <repeats 392 times>, "R(\365\306Z\177", '\000' <repeats 67 times>"\200, \002\000\000\000\000\000\004p\002\000\000\000\000\000\004p\002", '\000' <repeats 13 times>, "\005\000\000\000\000\000\000\000\000p\"\000\000\000\000\000\000\240\"\000\000\000\000\000\300\220\"\000\000\000\000\000\"\000\000\000\000\000\000p\002\000\000\000\000\000\003", '\000' <repeats 16 times>"\360, \000\000\000\000\000\000\335\026\365\306Z\177\000\000\204\347", '\000' <repeats 14 times>, "\005\000\000\000\000\000\000\000\000\340 \000\000\000\000\000\340@\231a\377\177\000\000\300\367 \000\000\000\000\000\310\367 \000\000\000\000\000`P\021\307Z\177\000\000/\000\000\000\000\000\000\000]q\365\306Z\177\000\000\016\000\000\000\000\000\000\000\022\000\000\000\000\000\000\000\023\000\000\000\000\000\000\000"...
        signal_channel = <optimized out>
        signal_status = <optimized out>
        signal_channel_watcher = 1
        error = 0x0
        opt = <optimized out>
        gui_check = <optimized out>
        active_accounts = <optimized out>
        st = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {
            tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0}, __unused = {0, 0, 0}}
        long_options = {{name = 0x4de01c "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x4c6dd4 "debug", has_arg = 0, flag = 0x0, val = 100}, {name =
    0x4d94f4 "force-online", has_arg = 0, flag = 0x0, val = 102}, {name = 0x4ca386 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x4d93d4 "login", has_arg = 2,
            flag = 0x0, val = 108}, {name = 0x4d9501 "multiple", has_arg = 0, flag = 0x0, val = 109}, {name = 0x4d950a "nologin", has_arg = 0, flag = 0x0, val = 110}, {
            name = 0x4de012 "session", has_arg = 1, flag = 0x0, val = 115}, {name = 0x4cf52f "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x4de025 "display",
            has_arg = 1, flag = 0x0, val = 68}, {name = 0x4d9512 "sync", has_arg = 0, flag = 0x0, val = 83}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}

comment:14 Changed 5 years ago by ioerror

This appears to impact Arch, Debian Wheezy and Ubuntu Natty - I emailed the Debian and Ubuntu security team. If anyone wants to alert Arch, feel free.

comment:15 Changed 5 years ago by ioerror

I should also mention that I haven't found a way to trigger this bug remotely - though it does seem to reason that there is a way to do so - probably with how I was sending them in #14571 - it would be nice to know. If this is remote, it's pretty much game over.

It would be nice to know that it wasn't vulnerable remotely by way of a buddy icon or some other angle.

comment:16 follow-up: Changed 5 years ago by mbaudier

For the record, the bug does NOT seem to occur on up-to-date CentOS 6.3 x86_64.

When setting buddy icon with the "bad" PNG (png-1-width-800-height-2.png MD5 4a29eed06512cddccf6d48b19d6f92e7), it is displayed (thus making the preference window unusable but that another matter) and Pidgin does NOT crash.

Please note that the PNG is properly displayed in (stock) Firefox and image viewer. Please note that SELinux is activated but the test does not cause anything to be logged into the audit log.

Versions: Pidgin 2.7.9 Pidgin-OTR 3.2.1 XOrg 1.10 GNOME 2.28 (all CentOS/RHEL base distribution)

comment:17 Changed 5 years ago by amieiro

I should also point out that the crash does not happen for me using the official Archlinux package for Pidgin.

comment:18 in reply to: ↑ 16 ; follow-up: Changed 5 years ago by bleeter

Replying to mbaudier:

For the record, the bug does NOT seem to occur on up-to-date CentOS 6.3 x86_64.

Nor for me on F17 using their build Pidgin 2.10.5-1.fc17 (libpurple 2.10.5) d8e716bfd316e584f9d68582b08b5a05e2d54c88

ioerror, do the three test distros you've tried this on all have AppArmor? enabled?

comment:19 in reply to: ↑ 18 Changed 5 years ago by amieiro

Replying to bleeter:

Replying to mbaudier:

For the record, the bug does NOT seem to occur on up-to-date CentOS 6.3 x86_64.

Nor for me on F17 using their build Pidgin 2.10.5-1.fc17 (libpurple 2.10.5) d8e716bfd316e584f9d68582b08b5a05e2d54c88

ioerror, do the three test distros you've tried this on all have AppArmor? enabled?

I don't know about him, but both my crashes (on Debian with the official package and on Archlinux with my own build) happened without apparmor enabled.

comment:20 Changed 5 years ago by QuLogic

  • Keywords security removed

This is not a security issue; there is not even anything wrong with the image. There is a bug in the preview of the image. And a bug in gnome-shell where it crashes with a very-large window.

comment:21 Changed 5 years ago by Elliott Sales de Andrade <qulogic@…>

  • Milestone set to 2.10.7
  • Resolution set to fixed
  • Status changed from new to closed

(In [aba982dbb801]):
Fix sizing for the file-chooser image preview.

Fixes #15282.

comment:22 follow-up: Changed 5 years ago by amieiro

I've built pidgin again from release-2.x.y (that includes this fix) and it still crashes. I think this was probably one of the issues, but it didn't seem to resolve the entire bug. This is the backtrace I got from the crash:

#0  pidgin_convert_buddy_icon (plugin=0x0, path=path@entry=0x1ac2380 "/home/amieiro/png-1-width-800-height-2.png", len=len@entry=0x7fff0fef4db8) at gtkutils.c:2378
        prpl_info = <optimized out>
        spec = <optimized out>
        orig_width = <optimized out>
        orig_height = <optimized out>
        new_width = <optimized out>
        new_height = <optimized out>
        format = <optimized out>
        pixbuf_formats = <optimized out>
        prpl_formats = <optimized out>
        error = 0x7fd0a10d4514 <g_timeout_add_seconds_full+100>
        contents = <optimized out>
        length = <optimized out>
        pixbuf = <optimized out>
        original = <optimized out>
        scale_factor = <optimized out>
        i = <optimized out>
        tmp = <optimized out>
        __PRETTY_FUNCTION__ = "pidgin_convert_buddy_icon"
#1  0x00000000004344ff in icon_filesel_choose_cb (filename=0x1ac2380 "/home/amieiro/png-1-width-800-height-2.png", data=0x1a425c0) at gtkaccount.c:334
        len = 28058496
        data = <optimized out>
        dialog = 0x1a425c0
#2  0x00000000004afe50 in icon_filesel_choose_cb (dialog=0x1a37d90, widget=<optimized out>, response=<optimized out>) at gtkutils.c:2249
        filename = 0x1ac2380 "/home/amieiro/png-1-width-800-height-2.png"
        current_folder = 0x1ac63b0 ""
#3  icon_filesel_choose_cb (widget=<optimized out>, response=<optimized out>, dialog=0x1a37d90) at gtkutils.c:2225
No locals.
#4  0x00007fd0a1cf9ec0 in g_closure_invoke () from /lib/libgobject-2.0.so.0
No symbol table info available.
#5  0x00007fd0a1d0af40 in ?? () from /lib/libgobject-2.0.so.0
No symbol table info available.
#6  0x00007fd0a1d12ebc in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
No symbol table info available.
#7  0x00007fd0a1d13052 in g_signal_emit () from /lib/libgobject-2.0.so.0
No symbol table info available.
#8  0x00007fd0a1cfa187 in ?? () from /lib/libgobject-2.0.so.0
No symbol table info available.
#9  0x00007fd0a1d12806 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
No symbol table info available.
#10 0x00007fd0a1d13052 in g_signal_emit () from /lib/libgobject-2.0.so.0
No symbol table info available.
#11 0x00007fd0a44974f5 in ?? () from /lib/libgtk-x11-2.0.so.0
No symbol table info available.
#12 0x00007fd0a1cfa187 in ?? () from /lib/libgobject-2.0.so.0
No symbol table info available.
#13 0x00007fd0a1d12806 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
No symbol table info available.
#14 0x00007fd0a1d13052 in g_signal_emit () from /lib/libgobject-2.0.so.0
No symbol table info available.
#15 0x00007fd0a44962f9 in ?? () from /lib/libgtk-x11-2.0.so.0
No symbol table info available.
#16 0x00007fd0a453ed79 in ?? () from /lib/libgtk-x11-2.0.so.0
No symbol table info available.
#17 0x00007fd0a1cf9ec0 in g_closure_invoke () from /lib/libgobject-2.0.so.0
No symbol table info available.
#18 0x00007fd0a1d0acc0 in ?? () from /lib/libgobject-2.0.so.0
No symbol table info available.
#19 0x00007fd0a1d12adb in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
No symbol table info available.
#20 0x00007fd0a1d13052 in g_signal_emit () from /lib/libgobject-2.0.so.0
No symbol table info available.
#21 0x00007fd0a465675e in ?? () from /lib/libgtk-x11-2.0.so.0
No symbol table info available.
#22 0x00007fd0a453d114 in gtk_propagate_event () from /lib/libgtk-x11-2.0.so.0
No symbol table info available.
#23 0x00007fd0a453d46b in gtk_main_do_event () from /lib/libgtk-x11-2.0.so.0
No symbol table info available.
#24 0x00007fd0a41b453c in ?? () from /lib/libgdk-x11-2.0.so.0
No symbol table info available.
#25 0x00007fd0a10d3475 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
No symbol table info available.
#26 0x00007fd0a10d37a8 in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#27 0x00007fd0a10d3ba2 in g_main_loop_run () from /lib/libglib-2.0.so.0
No symbol table info available.
#28 0x00007fd0a453c477 in gtk_main () from /lib/libgtk-x11-2.0.so.0
No symbol table info available.
#29 0x0000000000431161 in main (argc=3, argv=0x7fff0fef8608) at gtkmain.c:934
        opt_force_online = 0
        opt_help = <optimized out>
        opt_login = 0
        opt_nologin = 0
        opt_version = <optimized out>
        opt_si = 17382864
        opt_config_dir_arg = <optimized out>
        opt_login_arg = <optimized out>
        opt_session_arg = <optimized out>
        search_path = <optimized out>
        accounts = <optimized out>
        sig_indx = 1
        sigset = {__val = {82950, 0 <repeats 15 times>}}
        prev_sig_disp = <optimized out>
        errmsg = 
    '\000' <repeats 1624 times>, "Rx{\245\320\177", '\000' <repeats 42 times>, "Rx{\245\320\177", '\000' <repeats 19 times>, "P\000\000\000\000\000\000dF\000\000\000\000\000\000dF", '\000' <repeats 14 times>, "\005\000\000\000\000\000\000\000\000@ \000\000\000\000\000\000` \000\000\000\000\000\330P \000\000\000\000\000\350P \000\000\000\000\000\000@\000\000\000\000\000\000\003\000\000\000\000\000\000\000\000  \000\000\000\000\000\000@ \000\000\000\000\000\335f{\245\320\177\000\000\030\061 \000\000\000\000\000\000 \000\000\000\000\000\000\003", '\000' <repeats 15 times>, "pl\357\017\377\177\000\000\301h|\245\320\177\000\000\264\v\002\000\000\000\000\000\000\340\230\245\320\177\000\000/\000\000\000\000\000\000\000]\301{\245\320\177"...
        signal_channel = <optimized out>
        signal_status = <optimized out>
        signal_channel_watcher = 1
        segfault_message_tmp = <optimized out>
        error = 0x0
        opt = <optimized out>
        gui_check = <optimized out>
        debug_enabled = <optimized out>
        migration_failed = <optimized out>
        active_accounts = <optimized out>
        st = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {
            tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0}, __unused = {0, 0, 0}}
        long_options = {{name = 0x4ce57c "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x4b8eb4 "debug", has_arg = 0, flag = 0x0, val = 100}, {name = 
    0x4c99b7 "force-online", has_arg = 0, flag = 0x0, val = 102}, {name = 0x4bc57f "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x4c9890 "login", has_arg = 2, 
            flag = 0x0, val = 108}, {name = 0x4c99c4 "multiple", has_arg = 0, flag = 0x0, val = 109}, {name = 0x4c99cd "nologin", has_arg = 0, flag = 0x0, val = 110}, {
            name = 0x4ce572 "session", has_arg = 1, flag = 0x0, val = 115}, {name = 0x4c027b "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x4ce585 "display", 
            has_arg = 1, flag = 0x0, val = 68}, {name = 0x4c99d5 "sync", has_arg = 0, flag = 0x0, val = 83}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}

The segfault still happens in this call prpl_info = PURPLE_PLUGIN_PROTOCOL_INFO(plugin); (gtkutils.c:2378).

I should note that I'm not using Gnome (I'm using Openbox), and that's probably why I was able to get a backtrace before this patch (since my window manager didn't crash).

comment:23 in reply to: ↑ 22 ; follow-up: Changed 5 years ago by datallah

Replying to amieiro:

I've built pidgin again from release-2.x.y (that includes this fix) and it still crashes. I think this was probably one of the issues, but it didn't seem to resolve the entire bug. This is the backtrace I got from the crash:

Are you sure you're using the built version and not an old binary somewhere in your PATH? The Help->About dialog will show the hg revision that was used to build the binary.

comment:24 in reply to: ↑ 23 Changed 5 years ago by amieiro

Replying to datallah:

Replying to amieiro:

I've built pidgin again from release-2.x.y (that includes this fix) and it still crashes. I think this was probably one of the issues, but it didn't seem to resolve the entire bug. This is the backtrace I got from the crash:

Are you sure you're using the built version and not an old binary somewhere in your PATH? The Help->About dialog will show the hg revision that was used to build the binary.

It shows me aba982dbb801.

comment:25 follow-up: Changed 5 years ago by QuLogic

Did you make install? What prpl is this account supposed to be using?

comment:26 in reply to: ↑ 25 Changed 5 years ago by amieiro

Replying to QuLogic:

Did you make install? What prpl is this account supposed to be using?

I'm sorry. I hadn't make install. Now that I did, it does not crash anymore. Again, I'm sorry, but I didn't know it would make a difference.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!