Bug 508460

Summary: Evolution segfault using maildir format
Product: [Fedora] Fedora Reporter: Jens Falsmar Oechsler <joe>
Component: evolutionAssignee: Matthew Barnes <mbarnes>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: mbarnes, mcrha
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-28 15:04:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
valgrind --leak-check=full none

Description Jens Falsmar Oechsler 2009-06-27 12:11:09 UTC 
Description of problem:
After running Evolution for some time with local maildir format, it segfaults:

From dmesg:
evolution[31674]: segfault at 0 ip 00000035b1a7ee72 sp 00007f7b12a28d28 error 4 in libc-2.10.1.so[35b1a00000+164000]

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffc75fe910 (LWP 26885)]
strcmp () at ../sysdeps/x86_64/strcmp.S:30
30		cmpb	(%rsi), %al
Current language:  auto; currently asm
(gdb) thread apply all bt

Thread 146 (Thread 0x7fffc63b1910 (LWP 26890)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220
#1  0x00000035b5a02382 in g_cond_timed_wait_posix_impl (cond=0x7fffb80023c4, entered_mutex=0x80, abs_time=<value optimized out>) at gthread-posix.c:242
#2  0x00000035b3e1419f in g_async_queue_pop_intern_unlocked (queue=0xcf8620, try=0, end_time=0x7fffc63b0f90) at gasyncqueue.c:365
#3  0x00000035b3e61d50 in g_thread_pool_wait_for_new_task (pool=<value optimized out>) at gthreadpool.c:220
#4  g_thread_pool_thread_proxy (pool=<value optimized out>) at gthreadpool.c:254
#5  0x00000035b3e608b4 in g_thread_create_proxy (data=0xf79400) at gthread.c:635
#6  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#7  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#8  0x0000000000000000 in ?? ()

Thread 141 (Thread 0x7fffc75fe910 (LWP 26885)):
#0  strcmp () at ../sysdeps/x86_64/strcmp.S:30
#1  0x00007fffeac1baa7 in maildir_summary_sync (cls=0x78cb40, expunge=0, changes=<value optimized out>, ex=<value optimized out>) at camel-maildir-summary.c:771
#2  0x00007fffeac0faf7 in local_sync (folder=0xa8a4d0, expunge=0, ex=0x7fffc75fdf10) at camel-local-folder.c:517
#3  0x00007ffff65ffee1 in camel_folder_sync (folder=0xa8a4d0, expunge=0, ex=0x7fffc75fdf10) at camel-folder.c:324
#4  0x00007ffff6622356 in vee_sync (folder=0x7db200, expunge=0, ex=0x7fffc75fdf10) at camel-vee-folder.c:577
#5  0x00007ffff65ffee1 in camel_folder_sync (folder=0x7db200, expunge=0, ex=0x7fffc75fdf10) at camel-folder.c:324
#6  0x00007fffeea76c1d in refresh_folders_exec (m=0x7fffe0090ea0) at mail-send-recv.c:821
#7  0x00007fffeea710ef in mail_msg_proxy (msg=0x7fffe0090ea0) at mail-mt.c:520
#8  0x00000035b3e61eb2 in g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:265
#9  0x00000035b3e608b4 in g_thread_create_proxy (data=0x1370590) at gthread.c:635
#10 0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#11 0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#12 0x0000000000000000 in ?? ()

Thread 9 (Thread 0x7fffd8e0b910 (LWP 26085)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x8e7b60, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x8e7b60) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x8e9488) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x8e6c50) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 8 (Thread 0x7fffdb5fe910 (LWP 26084)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x753240, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x753240) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x8d6ee8) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x8d69c0) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 6 (Thread 0x7fffdbfff910 (LWP 26082)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x7fffe0002ca0, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x7fffe0002ca0) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x7fffe0024338) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x7fffe0012c00) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 5 (Thread 0x7fffe8bf8910 (LWP 26081)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x7fffe00040a0, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x7fffe00040a0) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x7fffe00045b8) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x7fffe0004100) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7fffea205910 (LWP 26079)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x6dfa40, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x6dfa40) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x6df908) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x702400) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fffeac06910 (LWP 26078)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x6e64d0, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x6e64d0) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x6ad348) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x6bb380) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7ffff4d547f0 (LWP 26073)):
#0  0x00000035b1ad4f73 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=86) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00000035b3e3afbc in g_main_context_poll (n_fds=<value optimized out>, fds=<value optimized out>, priority=<value optimized out>, timeout=<value optimized out>, context=<value optimized out>) at gmain.c:2758
#2  g_main_context_iterate (n_fds=<value optimized out>, fds=<value optimized out>, priority=<value optimized out>, timeout=<value optimized out>, context=<value optimized out>) at gmain.c:2440
#3  0x00000035b3e3b635 in IA__g_main_loop_run (loop=0x6a05f0) at gmain.c:2653
#4  0x00000035c5c2d026 in bonobo_main () at bonobo-main.c:311
#5  0x00000000004162ba in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:704


Up to the segfault everything works fine, receiving several mails etc.

Version-Release number of selected component (if applicable):
evolution-2.26.2-1.fc11.x86_64

How reproducible:
Always happens after different amount of time

Steps to Reproduce:
1. Run Evolution with local maildir, receiving mails from postfix smtp.
  
Actual results:
Segfault in Evolution

Expected results:
No segfault in Evolution

Additional info:
Linux devzero0.devzero.loc 2.6.29.5-191.fc11.x86_64 #1 SMP Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Comment 1 Matthew Barnes 2009-06-28 15:04:54 UTC 
Moving this upstream for better visibility.
Please see [1] for further updates.

[1] http://bugzilla.gnome.org/show_bug.cgi?id=587206
Comment 2 Jens Falsmar Oechsler 2009-07-15 21:00:52 UTC 
Anything I can test or do to help solve this in Fedora? Or ask upstream? 

Lots of duplicates filed on the gnome bug report but no comments.
Comment 3 Milan Crha 2009-07-16 08:55:11 UTC 
Hi Jens, if you can reproduce reliably, then it would be great to help. The best might be some steps and/or data to reproduce it, as it would help much with the debugging and finding proper fix, though I'm not sure whether this is possible here.

With a bit of luck we may try valgrind, whether it'll show us what's happening with a memory. Could you try this, please:
a) close evolution
b) on console run:
   $ valgrind --leak-check=full evolution &>v.log
c) when it crashes or something, and valgrind will stop, attach here the v.log
   file, it might contain some information we are looking for.

Just note that running evolution under valgrind is significantly slower.
Comment 4 Jens Falsmar Oechsler 2009-07-21 21:01:31 UTC 
Created attachment 354581 [details]
valgrind --leak-check=full

When running Evolution under Valgrind I didn't see any crashes. Still happens when running Evolution normally.
Comment 5 Milan Crha 2009-07-22 11:08:00 UTC 
Thanks for the update, I see nothing unusual in the valgrind output you uploaded here, maybe only except of the below. The reason for not crashing under valgrind I believe is the slowness, it doesn't have time to overlap in the "correct order".

> (evolution:6906): camel-CRITICAL **: camel_message_info_free: assertion
>   `mi != NULL' failed
> Thread 10:
> Invalid write of size 8
>    at 0xE30C608: (within /usr/lib64/gtk-2.0/modules/libgnomebreakpad.so)
>    by 0x3528641A18: g_logv (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0x3528641DB2: g_log (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0x13D5BA3D: maildir_summary_sync (camel-maildir-summary.c:809)
>    by 0x13D4FAF6: local_sync (camel-local-folder.c:517)
>    by 0x63F4FB0: camel_folder_sync (camel-folder.c:324)
>    by 0xF73EC6C: refresh_folders_exec (mail-send-recv.c:828)
>    by 0xF7390EE: mail_msg_proxy (mail-mt.c:520)
>    by 0x3528661F31: (within /lib64/libglib-2.0.so.0.2000.4)
>    by 0x3528660933: (within /lib64/libglib-2.0.so.0.2000.4)
>    by 0x35B2606869: start_thread (in /lib64/libpthread-2.10.1.so)
>    by 0x35B1ADE25C: clone (in /lib64/libc-2.10.1.so)
>  Address 0x1b7147c8 is 0 bytes after a block of size 128 alloc'd
>    at 0x4A05414: calloc (vg_replace_malloc.c:397)
>    by 0x3528640297: g_malloc0 (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0xE30C5F9: (within /usr/lib64/gtk-2.0/modules/libgnomebreakpad.so)
>    by 0x3528641A18: g_logv (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0x3528641DB2: g_log (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0x13D5BA3D: maildir_summary_sync (camel-maildir-summary.c:809)
>    by 0x13D4FAF6: local_sync (camel-local-folder.c:517)
>    by 0x63F4FB0: camel_folder_sync (camel-folder.c:324)
>    by 0xF73EC6C: refresh_folders_exec (mail-send-recv.c:828)
>    by 0xF7390EE: mail_msg_proxy (mail-mt.c:520)
>    by 0x3528661F31: (within /lib64/libglib-2.0.so.0.2000.4)
>    by 0x3528660933: (within /lib64/libglib-2.0.so.0.2000.4)