Thanks for the report.  Sounds like bug 7784 apart from the reproducibility. 
Do you also have multiple SIP accounts enabled?

(In reply to comment #1)

> Do you also have multiple SIP accounts enabled?
> 

Nope, only 1 SIP account is enabled on my device.

I noticed it's more reproducible if I have other applications open such as Web,
Settings, Phone and Conversation

I have been sending a lot of crash reports generated when this occurred.
Please check them for details

One would be osso-addressbook-51FD-11-2486.rcore.lzo

2 consecutive crashes..

Crash Reporter:
'osso-addressbook' PID 2792 died to signal 11.
osso-addressbook-51FD-11-2792.rcore.lzo

Comment 6 Andre Klapper 2010-01-19 19:16:28 UTC

Did you mention this bug number / bug ID when reporting the crashes?

Comment 7 Andre Klapper 2010-01-19 19:16:43 UTC

Also, syslog is welcome.

I managed to also reproduce this with a single SIP account after a few tries
with the following test routine:

1. Open addressbook.
2. Tap a contact.
3. Tap a "SIP audio" button.
4. End call or let it be terminated by the remote end (eg busy).
5. Goto 2.

A difference from comment 0 is that in my case the call succeeded, but this may
just be a race thing.

Additionally, I had addressbook segmentation faults after step 2 (not the first
time) and (much more frequently) step 4.

Syslog only shows:

Jan 24 13:40:50 Nokia-N900-51-1 maemo-launcher[961]: child (pid=9752)
terminated
 due to signal=11 

(where the pid is an osso-addressbook process) in all cases.

A few stack traces:

Program terminated with signal 11, Segmentation fault.
#0  0x4109957c in memset () from /lib/libc.so.6
0x4109957c <memset+44>:    strcs    r1, [r3], #4
(gdb) bt
#0  0x4109957c in memset () from /lib/libc.so.6
#1  0x411fefe8 in g_slice_alloc0 () from /usr/lib/libglib-2.0.so.0
#2  0x411dcb6c in g_list_alloc () from /usr/lib/libglib-2.0.so.0
#3  0x412e7014 in g_object_notify () from /usr/lib/libgobject-2.0.so.0
#4  0x421dfc48 in ?? () from /usr/lib/libhildon-1.so.0
#5  0x421dfc48 in ?? () from /usr/lib/libhildon-1.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Program terminated with signal 11, Segmentation fault.
#0  0x411fe75c in g_slice_alloc () from /usr/lib/libglib-2.0.so.0
0x411fe75c <g_slice_alloc+144>:    ldrne    r3, [r0]
(gdb) bt
#0  0x411fe75c in g_slice_alloc () from /usr/lib/libglib-2.0.so.0
#1  0x412f1ffc in ?? () from /usr/lib/libgobject-2.0.so.0
#2  0x412f1ffc in ?? () from /usr/lib/libgobject-2.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Program terminated with signal 11, Segmentation fault.
#0  0x411ff220 in g_slice_free_chain_with_offset ()
   from /usr/lib/libglib-2.0.so.0
0x411ff220 <g_slice_free_chain_with_offset+232>:    ldr    r9, [r1, r9]
(gdb) bt
#0  0x411ff220 in g_slice_free_chain_with_offset ()
   from /usr/lib/libglib-2.0.so.0
#1  0x41200518 in g_slist_free () from /usr/lib/libglib-2.0.so.0
#2  0x41dee068 in IA__gtk_widget_unparent (widget=<value optimized out>)
    at /usr/include/glib-2.0/gobject/gobjectnotifyqueue.c:135
#3  0x421e02c8 in ?? () from /usr/lib/libhildon-1.so.0
#4  0x421e02c8 in ?? () from /usr/lib/libhildon-1.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Andre: I think bug 7784 is a special case of this and we should close it as a
duplicate since there is more information here already, but as it already has
an int- alias I'll leave it up to you.

FYI I managed to reproduce it everytime if it is logged out of the SIP account
(no green circle)

(In reply to comment #9)
> FYI I managed to reproduce it everytime if it is logged out of the SIP account
> (no green circle)

True, and that's probably worthy of another bug (it shouldn't offer "SIP audio"
buttons with no SIP accounts active).

(In reply to comment #10)

> True, and that's probably worthy of another bug (it shouldn't offer "SIP audio"
> buttons with no SIP accounts active). 
> 

Done
Bug 8495

Comment 12 Andre Klapper 2010-01-25 18:22:46 UTC

*** Bug 7784 has been marked as a duplicate of this bug. ***

Comment 13 Andre Klapper 2010-01-25 18:28:41 UTC

(In reply to comment #8)
> Andre: I think bug 7784 is a special case of this and we should close it as a
> duplicate since there is more information here already, but as it already has
> an int- alias I'll leave it up to you.

Just realized that Alias is from the "Data loss weekend", hence meaningless.
:-(
Imported, now for real.

Comment 14 Andre Klapper 2010-01-29 13:34:05 UTC

Can you provide a full syslog and/or backtrace?

Created an attachment (id=2162) [details]
stack traces

(In reply to comment #14)
> Can you provide a full syslog

Nothing special to see there, osso-addressbook just logs:

Jan 29 11:53:35 Nokia-N900-51-1 osso-addressbook[19271]: GLIB MESSAGE default -
Plugin registered: CALL.
Jan 29 11:53:35 Nokia-N900-51-1 osso-addressbook[19271]: GLIB MESSAGE default -
Plugin registered: CHAT.
Jan 29 11:53:35 Nokia-N900-51-1 osso-addressbook[19271]: GLIB MESSAGE default -
Plugin registered: SMS.
Jan 29 11:53:37 Nokia-N900-51-1 e-addressbook-factory[1092]: GLIB WARNING **
eds/sim - unsupported_method at e-book-backend-sim.c:1814: unsupported method:
set_view_sort_order

when it starts and nothing more until it crashes and is restarted (when it just
logs the above again).

> and/or backtrace?

Hm, various dbpg packages (libhildon1, libglib2, libdbus-glib etc) are not
found by apt get but available in the repository.  Someone should probably file
a bug about that, but anyway...  Downloaded and installed manually what I
could, though important stuff is still missing (eg libmcclient6 and
osso-addressbook itself).  Attaching a few stack traces, as complete as I could
make them with the above.

The core files themselves contain a ton of private date (the entire
addressbook, account passwords etc) so I wouldn't want to send even privately.

Is this not reproducible internally?

I also managed to get it into an infinite loop (haven't seen that before, may
be triggered by debug libs being installed).

strace and ltrace show absolutely nothing, and gdb the following stack:

0x411dc76c in IA__g_list_last (list=<value optimized out>)
    at
/home/bifh6/fremantle-arm-prereleased.cs2007q3/work/glib2.0-2.20.3/glib/glist.c:717
717   
/home/bifh6/fremantle-arm-prereleased.cs2007q3/work/glib2.0-2.20.3/glib/glist.c:
No such file or directory.
    in
/home/bifh6/fremantle-arm-prereleased.cs2007q3/work/glib2.0-2.20.3/glib/glist.c
(gdb) bt
#0  0x411dc76c in IA__g_list_last (list=<value optimized out>)
    at
/home/bifh6/fremantle-arm-prereleased.cs2007q3/work/glib2.0-2.20.3/glib/glist.c:717
#1  0x411dcd7c in IA__g_list_append (list=<value optimized out>, 
    data=<value optimized out>)
    at
/home/bifh6/fremantle-arm-prereleased.cs2007q3/work/glib2.0-2.20.3/glib/glist.c:128
#2  0x40344e4c in ?? () from /usr/lib/gtk-2.0/2.10.0/engines/libsapwood.so
#3  0x40344e4c in ?? () from /usr/lib/gtk-2.0/2.10.0/engines/libsapwood.so
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

*** Bug 8691 has been marked as a duplicate of this bug. ***

Reverting (presumably accidental) summary change, the no active accounts is bug
8495 and step 2 in comment 0 as well as the duplicate bug 7784 confirm that
this happens with one or more active SIP accounts.

I still can't reproduce... would be interesting to see if you are able to
reproduce if you run osso-addressbook with G_SLICE=always-malloc

I found a potential reason for this crash. Can you please confirm your are in
this situation:

You have 2 SIP accounts: One supports calling phone numbers (that's an option
in account settings) and is enabled. A 2nd SIP account is disabled and does not
support calling phone numbers.

(In reply to comment #20)
> I found a potential reason for this crash. Can you please confirm your are in
> this situation:
> 
> You have 2 SIP accounts: One supports calling phone numbers (that's an option
> in account settings) and is enabled. A 2nd SIP account is disabled and does not
> support calling phone numbers.
> 

I only have 1 SIP account and that SIP account has that option calling phone
numbers checked/enabled.

No other IM/SIP accounts were enabled.

Yes, i have second (disabled) SIP account.

(In reply to comment #20)
> I found a potential reason for this crash. Can you please confirm your are in
> this situation:
> 
> You have 2 SIP accounts: One supports calling phone numbers (that's an option
> in account settings) and is enabled. A 2nd SIP account is disabled and does not
> support calling phone numbers.

Yes: 4 accounts, 2 disabled, one of the disabled ones (ekiga.net) does not have
the "Use for telephone numbers" option enabled.  Re-enabling the ekiga.net
account makes the problem go away.

(In reply to comment #21)
> I only have 1 SIP account and that SIP account has that option calling phone
> numbers checked/enabled.
> 
> No other IM/SIP accounts were enabled.

But are any configured (even if disabled)?

The fix for this bug will be available in the next firmware update.

Thanks!  Setting resolution and TM.

Comment 26 Andre Klapper 2010-02-03 13:04:24 UTC

This has been fixed in package
libosso-abook 4.20091127.1.0rtc+0m5
which is part of the internal build version
2009.50-5
This is not included in 2.2009.51-1

A future public update released with the year/week later than this internal
build version will include the fix. (This is not always already the next public
update.)
Please verify that this new version fixes the bug by marking this bug report as
VERIFIED after the public update has been released and if you have some time.


To answer popular followup questions:
 * Nokia does not announce release dates of public updates in advance.
 * There is currently no access to these internal, non-public build versions.
   A Brainstorm proposal to change this exists at
http://maemo.org/community/brainstorm/view/undelayed_bugfix_releases_for_nokia_open_source_packages-002/

Verified FIXED in 3.2010.02-8.

Comment 28 Andre Klapper 2010-02-16 15:36:14 UTC

Surprising, as it should not have been included. :-P
Thanks for retesting.

Hm, this is strange, libosso-abook was not included in PR1.1.1 but the crashes
have definitely gone here.  Perhaps {lib,}rtcom-call-ui was also at least
partially responsible?

This bug can't have been fixed with PR1.1.1, no update of Contacts was made.
The fix will be available in a next public release.

As the bug happens in a really specific case, and makes a memory corruption, it
might not be 100% reproductible, and could appear a bit randomly.

I'll take your word for it, though I've been trying without success to make it
crash for the past half hour or so.  Does the same apply to bug 8495?

(Sorry for the noise).

make sure to be in the situation described in comment #20, you should get a
crash ;-)

(In reply to comment #32)
> make sure to be in the situation described in comment #20, you should get a
> crash ;-)

Yes, *exactly* that situation still crashes it.  While I was testing earlier I
had an additional, disabled, "use for telephone numbers" account (though this
was still triggering the bug in comment 23, as you say it's a bit random). 
Again, sorry for the noise.

*** Bug 9253 has been marked as a duplicate of this bug. ***

Comment 35 Andre Klapper 2010-03-15 20:53:18 UTC

Setting explicit PR1.2 milestone (so it's clearer in which public release the
fix will be available to users).

Sorry for the bugmail noise (you can filter on this message).