Bug 828736
| Summary: | evolution: segfault in magazine_chain_pop_head | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | David Jaša <djasa> | ||||
| Component: | evolution | Assignee: | Matthew Barnes <mbarnes> | ||||
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Desktop QE <desktop-qa-list> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.3 | CC: | mcrha, tpelka | ||||
| Target Milestone: | beta | ||||||
| Target Release: | 6.4 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | abrt_hash:a08c1fe02e5ad7a51ede6e0fa9752598b28e1e22 | ||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-06-05 15:42:01 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Thanks for a bug report. It's a memory corruption bug, and the backtrace doesn't give any clue where it could happen, because the error is detected only when doing clean-up of a thread. I would try things like: $ export G_SLICE=always-malloc,debug-blocks possibly also environment variables described in this [1] thread (though I'm not sure whether it's supported in el6 versions of glibc), which should help to identify what caused the issue. Of course, being able to reproduce the issue under valgrind should also provide helpful information, say when you run evolution like this: $ G_SLICE=always-malloc valgrind --num-callers=50 evolution &>log.txt Note valgrind can avoid certain types of crashes and log about them only. Please be sure you have installed debuginfo packages for gtkhtml3, evolution-data-server, evolution and any other evolution related package you have installed, and that these debuginfo packages are of the same version as your binary packages. [1] http://lists.fedoraproject.org/pipermail/devel/2012-June/168162.html I modified my environment to have these variables set. I think we can safely close this bug and file it again when I hit it again... |
Created attachment 589453 [details] full backtrace Description of problem: Evolution crashed with this error after I used ctrl+l "reply list" keyboard shortcut Version-Release number of selected component (if applicable): evolution-2.28.3-25.2.el6.x86_64 glib2-2.22.5-7.el6.x86_64 How reproducible: random Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: relevant part of backtrace: Program terminated with signal 11, Segmentation fault. #0 magazine_chain_pop_head (ix=0, magazine_chunks=<value optimized out>, count=4) at gslice.c:474 474 (*magazine_chunks)->data = chunk->next; Thread 1 (Thread 0x7f8953fff700 (LWP 7531)): #0 magazine_chain_pop_head (ix=0, magazine_chunks=<value optimized out>, count=4) at gslice.c:474 chunk = 0x1 #1 magazine_chain_prepare_fields (ix=0, magazine_chunks=<value optimized out>, count=4) at gslice.c:555 chunk1 = 0x2928d30 chunk2 = 0x2928d90 chunk3 = 0x2a1fc40 chunk4 = <value optimized out> #2 magazine_cache_push_magazine (ix=0, magazine_chunks=<value optimized out>, count=4) at gslice.c:626 current = <value optimized out> next = <value optimized out> prev = <value optimized out> #3 0x000000363ca56d43 in private_thread_memory_cleanup (data=0x7f89400008c0) at gslice.c:712 mag = 0x7f89400008d0 mags = {0x7f89400008d0, 0x7f8940000cc0} j = <value optimized out> tmem = 0x7f89400008c0 n_magazines = 63 ix = <value optimized out> #4 0x000000363ba078e9 in __nptl_deallocate_tsd (arg=0x7f8953fff700) at pthread_create.c:154 data = <value optimized out> level2 = 0x7f8953fffa10 idx = <value optimized out> cnt = <value optimized out>