Bug 1319510

Summary: [abrt] evolution: sort_thread(): evolution killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Niki Guldbrand <niki.guldbrand>
Component: evolution-data-serverAssignee: Milan Crha <mcrha>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: lucilanga, mbarnes, mcrha, niki.guldbrand, tpopela
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/effe938175a4a90078ddf7cf026ea25fece481a8
Whiteboard: abrt_hash:f4ebcc53b04f10fd55c8f478bd72367b7e98cb55;VARIANT_ID=workstation;
Fixed In Version: evolution-data-server-3.22.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-24 19:37:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: mountinfo
none
File: namespaces
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages
none
File: backtrace none

Description Niki Guldbrand 2016-03-20 20:04:54 UTC 
Version-Release number of selected component:
evolution-3.18.5.1-1.fc23

Additional info:
reporter:       libreport-2.6.4
backtrace_rating: 3
cmdline:        /usr/bin/evolution
crash_function: sort_thread
executable:     /usr/bin/evolution
global_pid:     30174
kernel:         4.4.3-300.fc23.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (8 frames)
 #0 sort_thread at camel-folder-thread.c:448
 #2 thread_summary at camel-folder-thread.c:579
 #3 camel_folder_thread_messages_new at camel-folder-thread.c:694
 #4 message_list_regen_thread
 #5 run_in_thread at gsimpleasyncresult.c:898
 #6 io_job_thread at gioscheduler.c:85
 #7 g_task_thread_pool_thread at gtask.c:1287
 #9 g_thread_proxy at gthread.c:778
Comment 1 Niki Guldbrand 2016-03-20 20:04:59 UTC 
Created attachment 1138360 [details]
File: backtrace
Comment 2 Niki Guldbrand 2016-03-20 20:05:00 UTC 
Created attachment 1138361 [details]
File: cgroup
Comment 3 Niki Guldbrand 2016-03-20 20:05:02 UTC 
Created attachment 1138362 [details]
File: core_backtrace
Comment 4 Niki Guldbrand 2016-03-20 20:05:04 UTC 
Created attachment 1138363 [details]
File: dso_list
Comment 5 Niki Guldbrand 2016-03-20 20:05:05 UTC 
Created attachment 1138364 [details]
File: environ
Comment 6 Niki Guldbrand 2016-03-20 20:05:06 UTC 
Created attachment 1138365 [details]
File: exploitable
Comment 7 Niki Guldbrand 2016-03-20 20:05:07 UTC 
Created attachment 1138366 [details]
File: limits
Comment 8 Niki Guldbrand 2016-03-20 20:05:10 UTC 
Created attachment 1138367 [details]
File: maps
Comment 9 Niki Guldbrand 2016-03-20 20:05:11 UTC 
Created attachment 1138368 [details]
File: mountinfo
Comment 10 Niki Guldbrand 2016-03-20 20:05:12 UTC 
Created attachment 1138369 [details]
File: namespaces
Comment 11 Niki Guldbrand 2016-03-20 20:05:14 UTC 
Created attachment 1138370 [details]
File: open_fds
Comment 12 Niki Guldbrand 2016-03-20 20:05:15 UTC 
Created attachment 1138371 [details]
File: proc_pid_status
Comment 13 Niki Guldbrand 2016-03-20 20:05:16 UTC 
Created attachment 1138372 [details]
File: var_log_messages
Comment 14 Milan Crha 2016-03-30 11:26:30 UTC 
Thanks for a bug report. I see from the backtrace where the crash happened, but I do not know why. By any chance, do you have any reproducer for the crash, please?
Comment 15 Niki Guldbrand 2016-04-17 14:30:41 UTC 
Similar problem has been detected:

Happened when opening a mail folder

reporter:       libreport-2.6.4
backtrace_rating: 4
cmdline:        evolution
crash_function: sort_thread
executable:     /usr/bin/evolution
global_pid:     31061
kernel:         4.4.6-300.fc23.x86_64
package:        evolution-3.18.5.2-1.fc23
reason:         evolution killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 16 Niki Guldbrand 2016-04-17 14:30:44 UTC 
Created attachment 1148071 [details]
File: backtrace
Comment 17 Milan Crha 2016-06-13 10:57:29 UTC 
I looked into the code briefly and I see that the code near the crash is allocation memory on the stack, instead of the heap (it uses alloca()). Looking into the sizes of your threads I'd guess the stack overflow happened somewhere there. Could you tell me how many messages you've stored in that particular folder, please? The latest backtrace shows 1.566.509 messages at the level 0 and 236.556 messages at one of its children. The previous backtraces shows smaller numbers, 18.011 messages at level 0 and 222.754 messages at one of its children. I do not know whether I aim in the right direction, though.
Comment 18 Milan Crha 2016-06-13 10:59:30 UTC 
*** Bug 1344905 has been marked as a duplicate of this bug. ***
Comment 19 Niki Guldbrand 2016-06-21 19:22:21 UTC 
Hi Milan.

The folder that was causing this had 7.000.000+ messages in it, and I had a folders.db 4GB+ in size, so it took a long time to load.

Not sure what You mean by level 0, is that a reference to the folder structure, with INBOX being level 0 ?
Comment 20 Milan Crha 2016-06-27 07:12:49 UTC 
Thanks for the update. 7 million messages is quite many. Maybe it's the reason for the stack overflow. I built a test package for you [1], which contains a possible fix, the alloca() is replaced with g_malloc(). Could you install it and give it a try, please?

With respect of the "level 0", I meant with that the root nodes in the message list tree, basically the first messages in a conversation, which have no parent.

[1] http://koji.fedoraproject.org/koji/taskinfo?taskID=14670273
Comment 21 Milan Crha 2016-10-24 19:37:07 UTC 
This had been addressed upstream at [1]. The change will be avialable with 3.23.2+ and 3.22.2+.

[1] https://bugzilla.gnome.org/show_bug.cgi?id=773363