Bug 1320076

Summary: [abrt] evolution-data-server: magazine_chain_pop_head(): evolution-calendar-factory-subprocess killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Andrew Cook <ariscop>
Component: evolution-data-serverAssignee: Milan Crha <mcrha>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: ariscop, danloomis47, jbirch, jfrieben, jrimpo, mbarnes, mcrha, mustafamahmood1991, normrossiter, r, waterforce1205
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/79db823a004746d8d0c02a51a06e3117238cc80b
Whiteboard: abrt_hash:7bc92b5897237abcfdd4dad53c58ac51d18b34df;VARIANT_ID=workstation;
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-08 14:01:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: mountinfo
none
File: namespaces
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Andrew Cook 2016-03-22 09:37:06 UTC 
Version-Release number of selected component:
evolution-data-server-3.19.91-1.fc24

Additional info:
reporter:       libreport-2.6.4
backtrace_rating: 4
cmdline:        /usr/libexec/evolution-calendar-factory-subprocess --factory contacts --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.Calendarx2537x3 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/2537/3
crash_function: magazine_chain_pop_head
executable:     /usr/libexec/evolution-calendar-factory-subprocess
global_pid:     2856
kernel:         4.5.0-0.rc7.git0.2.fc24.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 magazine_chain_pop_head at gslice.c:539
 #1 thread_memory_magazine1_alloc at gslice.c:842
 #2 g_slice_alloc at gslice.c:1016
 #3 string_parse at gvariant-parser.c:1644
 #4 parse at gvariant-parser.c:2295
 #5 array_parse at gvariant-parser.c:962
 #6 parse at gvariant-parser.c:2260
 #7 g_variant_parse at gvariant-parser.c:2378
 #8 book_client_process_properties at e-book-client.c:811
 #9 book_client_retrieve_properties_sync at e-book-client.c:1021

Potential duplicate: bug 769523
Comment 1 Andrew Cook 2016-03-22 09:37:12 UTC 
Created attachment 1138953 [details]
File: backtrace
Comment 2 Andrew Cook 2016-03-22 09:37:14 UTC 
Created attachment 1138954 [details]
File: cgroup
Comment 3 Andrew Cook 2016-03-22 09:37:16 UTC 
Created attachment 1138955 [details]
File: core_backtrace
Comment 4 Andrew Cook 2016-03-22 09:37:19 UTC 
Created attachment 1138956 [details]
File: dso_list
Comment 5 Andrew Cook 2016-03-22 09:37:20 UTC 
Created attachment 1138957 [details]
File: environ
Comment 6 Andrew Cook 2016-03-22 09:37:22 UTC 
Created attachment 1138958 [details]
File: exploitable
Comment 7 Andrew Cook 2016-03-22 09:37:24 UTC 
Created attachment 1138959 [details]
File: limits
Comment 8 Andrew Cook 2016-03-22 09:37:27 UTC 
Created attachment 1138960 [details]
File: maps
Comment 9 Andrew Cook 2016-03-22 09:37:29 UTC 
Created attachment 1138961 [details]
File: mountinfo
Comment 10 Andrew Cook 2016-03-22 09:37:31 UTC 
Created attachment 1138962 [details]
File: namespaces
Comment 11 Andrew Cook 2016-03-22 09:37:32 UTC 
Created attachment 1138963 [details]
File: open_fds
Comment 12 Andrew Cook 2016-03-22 09:37:34 UTC 
Created attachment 1138964 [details]
File: proc_pid_status
Comment 13 Andrew Cook 2016-03-22 09:37:36 UTC 
Created attachment 1138965 [details]
File: var_log_messages
Comment 14 Milan Crha 2016-03-30 11:43:59 UTC 
Thanks for a bug report. I see this crashed in a Birthdays & Anniversaries calendar, but I do not see a cause from the backtrace. By any chance, do you know how to reproduce the crash, please?
Comment 15 Andrew Cook 2016-03-30 12:18:02 UTC 
Not a clue; I do keep seeing errors for the "Birthdays & Anniversaries" calendar, but the crash itself is random. Network failure maybe?
Comment 16 Andrew Cook 2016-03-30 12:22:31 UTC 
There's a lot of bugs open for magazine_chain_pop_head, gslice bug?

will try with gslice set to always malloc if i find a way to reproduce it
Comment 17 Milan Crha 2016-03-30 13:13:55 UTC 
It looks, according to the backtrace, like one of the address books was just opened. I cannot tell from the backtrace whether it was due to network disconnect/reconnect.

This is not a GSlice bug, it's only a place where the crash was spot. I guess it's due to some memory corruption, like some part of the code writes to a memory which it shouldn't access, effectively overwriting data which doesn't belong to it. Once the overwritten memory is accessed (which can happen anytime later after the faulty write) the issue is recognized. Another option is a use-after-free, where one part of the code frees something and another part tries to read the already freed bits. The valgrind sometimes helps to detect such memory issues, but as it makes the application significantly slower, then it's common that the error doesn't trigger, because of a different thread interleaving or similar change of the execution path caused by the memory checking (slowness).
Comment 18 Andrew Cook 2016-03-30 13:45:47 UTC 
I Guarantee it's GSlice; search for bug reports containing "magazine_chain_pop_head"

https://goo.gl/lZrGTr (excludes duplicates)

None of these have been fixed, One of them even has someone making the same argument you are, that it must be memory corruption; It's happened in too many places too unreliably to be memory corruption
Comment 19 Jeremy Rimpo 2016-05-16 14:49:07 UTC 
*** Bug 1336471 has been marked as a duplicate of this bug. ***
Comment 20 Dan Loomis 2016-06-04 01:37:48 UTC 
Similar problem has been detected:

ABRT reported at system boot.   

reporter:       libreport-2.7.1
backtrace_rating: 4
cmdline:        /usr/libexec/evolution-calendar-factory-subprocess --factory contacts --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.Calendarx2159x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/2159/2
crash_function: magazine_chain_pop_head
executable:     /usr/libexec/evolution-calendar-factory-subprocess
global_pid:     2205
kernel:         4.5.5-300.fc24.x86_64
package:        evolution-data-server-3.20.2-1.fc24
pkg_fingerprint: 73BD E983 81B4 6521
pkg_vendor:     Fedora Project
reason:         evolution-calendar-factory-subprocess killed by SIGSEGV
reproducible:   Not sure how to reproduce the problem
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 21 Water Force 2016-07-16 22:36:58 UTC 
*** Bug 1357230 has been marked as a duplicate of this bug. ***
Comment 22 Milan Crha 2016-07-18 15:50:29 UTC 
*** Bug 1355815 has been marked as a duplicate of this bug. ***
Comment 23 Jason Birch 2016-09-04 22:21:56 UTC 
*** Bug 1373028 has been marked as a duplicate of this bug. ***
Comment 24 Fedora End Of Life 2017-07-25 20:23:07 UTC 
This message is a reminder that Fedora 24 is nearing its end of life.
Approximately 2 (two) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 24. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '24'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 24 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
Comment 25 Fedora End Of Life 2017-08-08 14:01:09 UTC 
Fedora 24 changed to end-of-life (EOL) status on 2017-08-08. Fedora 24 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.