Description of problem: Filed a bug upstream http://bugzilla.gnome.org/show_bug.cgi?id=351027 The summary is that evolution has crashed on me several times today and yesterday when doing different tasks in the mailer. It looks like it's crashing in gdk_window_get_pointer() so it might be a problem in gtk+. The reason I think this is the case is that I have two backtraces with different entry points from gtkhtml to gdk_window_get_pointer() Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Thanks for the bug report. Could you please provide the versions of evolution, evolution-data-server, and gtkhtml3 that you're using, as well as any hints or steps you may know of that may help us reproduce the crash. $ rpm -q evolution evolution-data-server gtkhtml3
[kmaraas@rivendell rh]$ rpm -q evolution-data-server gtkhtml3 evolution-data-server-1.7.91-1 gtkhtml3-3.11.91-1 There's no three step way to reproduce this, but it usually crashes when I switch folders or when I switch back to evolution from some other app. The problem seems to be in camel-folder-search.c::search_match_all() so maybe it's got something to do with my latest searches? It is set like this "Show: [All messages] Search: [] in [Current folder]
Got another crash now with the following stacktrace: Could it be related to executable stack prevention etc? I have booted with selinux=off if that matter. Memory status: size: 393371648 vsize: 0 resident: 393371648 share: 0 rss: 196747264 rss_rlim: 0 CPU usage: start_time: 1155482228 rtime: 0 utime: 11395 stime: 0 cutime:8628 cstime: 0 timeout: 2767 it_real_value: 0 frequency: 0 Backtrace was generated from '/usr/bin/evolution-2.8' Using host libthread_db library "/lib/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1209088304 (LWP 9574)] [New Thread -1391461472 (LWP 24818)] [New Thread -1368097888 (LWP 26665)] [New Thread -1357055072 (LWP 26478)] [New Thread -1345131616 (LWP 12613)] [New Thread -1272566880 (LWP 12465)] [New Thread -1283056736 (LWP 12460)] [New Thread -1262077024 (LWP 12438)] 0xb7f1f402 in __kernel_vsyscall () #0 0xb7f1f402 in __kernel_vsyscall () #1 0x00f353b0 in *__GI___poll (fds=0xfa4ff4, nfds=12, timeout=580785) at ../sysdeps/unix/sysv/linux/poll.c:87 #2 0x0087d353 in g_main_context_iterate (context=0x9b73e10, block=1, dispatch=1, self=0x9b56930) at gmain.c:2977 #3 0x0087d6c9 in IA__g_main_loop_run (loop=0x9bc2970) at gmain.c:2879 #4 0x00d34a23 in bonobo_main () at bonobo-main.c:311 #5 0x0805db96 in main (argc=1, argv=0xbfe33614) at main.c:614 #6 0x00e8b214 in __libc_start_main (main=0x805d780 <main>, argc=1, ubp_av=0xbfe33614, init=0x805e7d4 <__libc_csu_init>, fini=0x805e7cc <__libc_csu_fini>, rtld_fini=0x44c0e0 <_dl_fini>, stack_end=0xbfe3360c) at libc-start.c:231 #7 0x0804f451 in _start () Thread 8 (Thread -1262077024 (LWP 12438)): #0 0xb7f1f402 in __kernel_vsyscall () No symbol table info available. #1 0x006f4d3b in ?? () from /lib/libpthread.so.0 No symbol table info available. #2 0x007c1d66 in libgnomeui_segv_handle (signum=5) at gnome-ui-init.c:867 estatus = 4096 sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {15567660, 15569969, 2903585808, 0, 2938110280, 1, 2097224, 6, 4222451712, 1, 0, 0, 57744617, 2903585836, 120, 0, 15567660, 4294967295, 48, 3032888316, 57764461, 770, 0, 0, 162127, 33188, 1, 15569969, 0, 0, 0, 0}}, sa_flags = 806, sa_restorer = 0} pid = 0 in_segv = 1 #3 <signal handler called> No symbol table info available. #4 0x006ed615 in *__GI___nptl_create_event () at events.c:26 No locals. #5 0x006edef1 in __make_stacks_executable (stack_endp=<value optimized out>) at allocatestack.c:720 err = -1391463216 runp = (list_t *) 0xad0ffba0 Thread 7 (Thread -1283056736 (LWP 12460)): #0 0xb7f1f402 in __kernel_vsyscall () No symbol table info available. #1 0x00f353b0 in *__GI___poll (fds=0xfa4ff4, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 resultvar = <value optimized out> oldtype = 0 result = <value optimized out> #2 0x0087d353 in g_main_context_iterate (context=0xa1fe928, block=1, dispatch=1, self=0xa1fcb38) at gmain.c:2977 got_ownership = <value optimized out> max_priority = 2147483647 timeout = -1 some_ready = <value optimized out> nfds = 2 allocated_nfds = <value optimized out> fds = (GPollFD *) 0xa1fd2c0 __PRETTY_FUNCTION__ = "g_main_context_iterate" #3 0x0087d6c9 in IA__g_main_loop_run (loop=0xa1f55f0) at gmain.c:2879 got_ownership = 7273408 self = (GThread *) 0xa1fcb38 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #4 0x00c16624 in libnm_glib_init () from /usr/lib/libnm_glib.so.0 No symbol table info available. #5 0x00897fef in g_thread_create_proxy (data=0xa1fcb38) at gthread.c:553 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x006edf9a in start_thread (arg=0xb3861ba0) at pthread_create.c:274 __res = <value optimized out> __ignore1 = <value optimized out> __ignore2 = <value optimized out> pd = (struct pthread *) 0xb3861ba0 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {7315444, 0, 4001536, -1283058504, 1149362058, -144108416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 robust = <value optimized out> #7 0x00f3e9ae in ?? () from /lib/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0xf7a301 Thread 6 (Thread -1272566880 (LWP 12465)): #0 0xb7f1f402 in __kernel_vsyscall () No symbol table info available. #1 0x00f37c71 in ?? () from /lib/libc.so.6 No locals. #2 0x06b69eb4 in e_msgport_wait (mp=0x9c1efd8) at e-msgport.c:643 rfds = {__fds_bits = {0, 128, 0 <repeats 30 times>}} #3 0x06b6a119 in thread_dispatch (din=0x9c1ef78) at e-msgport.c:1035 e = <value optimized out> m = (EMsg *) 0x0 info = <value optimized out> self = 3022400416 #4 0x006edf9a in start_thread (arg=0xb4262ba0) at pthread_create.c:274 __res = <value optimized out> __ignore1 = <value optimized out> __ignore2 = <value optimized out> pd = (struct pthread *) 0xb4262ba0 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {7315444, 0, 4001536, -1272568648, 1126297482, -144108416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 robust = <value optimized out> #5 0x00f3e9ae in ?? () from /lib/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0xf7a301 Thread 5 (Thread -1345131616 (LWP 12613)): #0 0xb7f1f402 in __kernel_vsyscall () No symbol table info available. #1 0x00f37c71 in ?? () from /lib/libc.so.6 No locals. #2 0x06b69eb4 in e_msgport_wait (mp=0x9c1efd8) at e-msgport.c:643 rfds = {__fds_bits = {0, 128, 0 <repeats 30 times>}} #3 0x06b6a119 in thread_dispatch (din=0x9c1ef78) at e-msgport.c:1035 e = <value optimized out> m = (EMsg *) 0x0 info = <value optimized out> self = 2949835680 #4 0x006edf9a in start_thread (arg=0xafd2eba0) at pthread_create.c:274 __res = <value optimized out> __ignore1 = <value optimized out> __ignore2 = <value optimized out> pd = (struct pthread *) 0xafd2eba0 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {7315444, 0, 4001536, -1345133384, 1490366346, -144108416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 robust = <value optimized out> #5 0x00f3e9ae in ?? () from /lib/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0xf7a301 Thread 4 (Thread -1357055072 (LWP 26478)): #0 0xb7f1f402 in __kernel_vsyscall () No symbol table info available. #1 0x00f37c71 in ?? () from /lib/libc.so.6 No locals. #2 0x06b69eb4 in e_msgport_wait (mp=0x9c1ed78) at e-msgport.c:643 rfds = {__fds_bits = {-2147483648, 0 <repeats 31 times>}} #3 0x06b6a119 in thread_dispatch (din=0x9c1ed18) at e-msgport.c:1035 e = <value optimized out> m = (EMsg *) 0x0 info = <value optimized out> self = 2937912224 #4 0x006edf9a in start_thread (arg=0xaf1cfba0) at pthread_create.c:274 __res = <value optimized out> __ignore1 = <value optimized out> __ignore2 = <value optimized out> pd = (struct pthread *) 0xaf1cfba0 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {7315444, 0, 4001536, -1357056840, 1478180746, -144108416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 robust = <value optimized out> #5 0x00f3e9ae in ?? () from /lib/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0xf7a301 Thread 3 (Thread -1368097888 (LWP 26665)): #0 0xb7f1f402 in __kernel_vsyscall () No symbol table info available. #1 0x00f37c71 in ?? () from /lib/libc.so.6 No locals. #2 0x06b69eb4 in e_msgport_wait (mp=0x9c1eea8) at e-msgport.c:643 rfds = {__fds_bits = {0, 8, 0 <repeats 30 times>}} #3 0x06b6a119 in thread_dispatch (din=0x9c1ee48) at e-msgport.c:1035 e = <value optimized out> m = (EMsg *) 0x0 info = <value optimized out> self = 2926869408 #4 0x006edf9a in start_thread (arg=0xae747ba0) at pthread_create.c:274 __res = <value optimized out> __ignore1 = <value optimized out> __ignore2 = <value optimized out> pd = (struct pthread *) 0xae747ba0 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {7315444, 0, 4001536, -1368099656, 1500757898, -144108416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 robust = <value optimized out> #5 0x00f3e9ae in ?? () from /lib/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0xf7a301 Thread 2 (Thread -1391461472 (LWP 24818)): #0 0xb7f1f402 in __kernel_vsyscall () No symbol table info available. #1 0x006f3aae in ?? () from /lib/libpthread.so.0 No symbol table info available. #2 0x006eed3a in ?? () from /lib/libpthread.so.0 No symbol table info available. Thread 1 (Thread -1209088304 (LWP 9574)): #0 0xb7f1f402 in __kernel_vsyscall () No symbol table info available. #1 0x00f353b0 in *__GI___poll (fds=0xfa4ff4, nfds=12, timeout=580785) at ../sysdeps/unix/sysv/linux/poll.c:87 resultvar = <value optimized out> oldtype = 0 result = <value optimized out> #2 0x0087d353 in g_main_context_iterate (context=0x9b73e10, block=1, dispatch=1, self=0x9b56930) at gmain.c:2977 got_ownership = <value optimized out> max_priority = 2147483647 timeout = 580785 some_ready = <value optimized out> nfds = 12 allocated_nfds = <value optimized out> fds = (GPollFD *) 0x101a3c10 __PRETTY_FUNCTION__ = "g_main_context_iterate" #3 0x0087d6c9 in IA__g_main_loop_run (loop=0x9bc2970) at gmain.c:2879 got_ownership = 7273408 self = (GThread *) 0x9b56930 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #4 0x00d34a23 in bonobo_main () at bonobo-main.c:311 loop = (GMainLoop *) 0x9bc2970 #5 0x0805db96 in main (argc=1, argv=0xbfe33614) at main.c:614 fd = <value optimized out> client = (GConfClient *) 0x9b7bcb8 skip_warning_dialog = 1 uri_list = (GSList *) 0x0 program = (GnomeProgram *) 0x9b57428 context = <value optimized out> icon_list = <value optimized out> #6 0x00e8b214 in __libc_start_main (main=0x805d780 <main>, argc=1, ubp_av=0xbfe33614, init=0x805e7d4 <__libc_csu_init>, fini=0x805e7cc <__libc_csu_fini>, rtld_fini=0x44c0e0 <_dl_fini>, stack_end=0xbfe3360c) at libc-start.c:231 result = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {16404468, 4553888, 0, -1075628568, 1222966906, -135300557}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x450be0, 0x44c0e0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 4525024}}} not_first_call = <value optimized out> #7 0x0804f451 in _start () No symbol table info available. #0 0xb7f1f402 in __kernel_vsyscall ()
I wonder what would make gmem.c: error out with this message: GLib-ERROR **: gmem.c:172: failed to allocate 1048576 bytes aborting... Program received signal SIGABRT, Aborted. [Switching to Thread -1356977248 (LWP 3859)] 0xb7f12402 in __kernel_vsyscall () (gdb) bt #0 0xb7f12402 in __kernel_vsyscall () #1 0x00486cd9 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0x00488321 in *__GI_abort () at abort.c:88 #3 0x00882c92 in IA__g_logv (log_domain=<value optimized out>, log_level=G_LOG_LEVEL_ERROR, format=0x8acf4c "%s: failed to allocate %lu bytes", args1=0xaf1e200c "��\212") at gmessages.c:497 #4 0x00882cc9 in IA__g_log (log_domain=0x8a6446 "GLib", log_level=G_LOG_LEVEL_ERROR, format=0x8acf4c "%s: failed to allocate %lu bytes") at gmessages.c:517 #5 0x0088168e in IA__g_realloc (mem=0x0, n_bytes=1048576) at gmem.c:172 #6 0x0085c2e8 in g_ptr_array_maybe_expand (array=0xac92c2d0, len=<value optimized out>) at garray.c:414 #7 0x0085c34a in IA__g_ptr_array_add (farray=0xac92c2d0, data=0xc162d18) at garray.c:576 #8 0x056204e7 in search_match_all (f=0xb2213188, argc=1, argv=0xb2202930, search=0xa507840) at camel-folder-search.c:705 #9 0x05364649 in e_sexp_term_eval (f=0xb2213188, t=0xb2202858) at e-sexp.c:700 #10 0x053651b3 in term_eval_or (f=0xb2213188, argc=2, argv=0xb22029c0, data=0x537618c) at e-sexp.c:313 #11 0x05364649 in e_sexp_term_eval (f=0xb2213188, t=0xb2202868) at e-sexp.c:700 #12 0x05365397 in term_eval_and (f=0xb2213188, argc=2, argv=0xb22029d0, ---Type <return> to continue, or q <return> to quit--- data=0x5376180) at e-sexp.c:255 #13 0x05364649 in e_sexp_term_eval (f=0xb2213188, t=0xb22027b8) at e-sexp.c:700 #14 0x053646d0 in e_sexp_eval (f=0xb2213188) at e-sexp.c:1304 #15 0x0561e602 in camel_folder_search_search (search=0xa507840, expr=0xaf1e22f0 "(and (match-all (not (system-flag \"junk\")))\n (or\n \n\t(match-all (header-contains \"Subject\" \"\"))\n \n (match-all (header-contains \"From\" \"\"))\n )\n)", uids=0x0, ex=0xab4fbd8) at camel-folder-search.c:486 #16 0x07830f19 in local_search_by_expression (folder=0x9f4b5a8, expression=0xaf1e22f0 "(and (match-all (not (system-flag \"junk\")))\n (or\n \n\t(match-all (header-contains \"Subject\" \"\"))\n \n (match-all (header-contains \"From\" \"\"))\n )\n)", ex=0xab4fbd8) at camel-local-folder.c:571 #17 0x0562873a in camel_folder_search_by_expression (folder=0x9f4b5a8, expression=0xaf1e22f0 "(and (match-all (not (system-flag \"junk\")))\n (or\n \n\t(match-all (header-contains \"Subject\" \"\"))\n \n (match-all (header-contains \"From\" \"\"))\n )\n)", ex=0xab4fbd8) at camel-folder.c:1269 #18 0x00fde649 in regen_list_regen (mm=0xab4fbc0) at message-list.c:3675 #19 0x00fcfee5 in mail_msg_received (e=0x9f2bd10, msg=0xab4fbc0, data=0x0) at mail-mt.c:570 #20 0x053630c4 in thread_dispatch (din=0x9f2bd10) at e-msgport.c:987 #21 0x006edf9a in start_thread (arg=0xaf1e2ba0) at pthread_create.c:274 #22 0x005279ae in ?? () from /lib/libc.so.6 (gdb) up #1 0x00486cd9 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) up #2 0x00488321 in *__GI_abort () at abort.c:88 88 raise (SIGABRT); (gdb) up #3 0x00882c92 in IA__g_logv (log_domain=<value optimized out>, log_level=G_LOG_LEVEL_ERROR, format=0x8acf4c "%s: failed to allocate %lu bytes", args1=0xaf1e200c "��\212") at gmessages.c:497 497 abort (); (gdb) up #4 0x00882cc9 in IA__g_log (log_domain=0x8a6446 "GLib", log_level=G_LOG_LEVEL_ERROR, format=0x8acf4c "%s: failed to allocate %lu bytes") at gmessages.c:517 517 g_logv (log_domain, log_level, format, args); (gdb) up #5 0x0088168e in IA__g_realloc (mem=0x0, n_bytes=1048576) at gmem.c:172 172 g_error ("%s: failed to allocate %lu bytes", G_STRLOC, n_bytes); (gdb) up #6 0x0085c2e8 in g_ptr_array_maybe_expand (array=0xac92c2d0, len=<value optimized out>) at garray.c:414 414 array->pdata = g_realloc (array->pdata, sizeof (gpointer) * array->alloc); (gdb) up #7 0x0085c34a in IA__g_ptr_array_add (farray=0xac92c2d0, data=0xc162d18) at garray.c:576 576 g_ptr_array_maybe_expand (array, 1); (gdb) p farray $1 = (GPtrArray *) 0xac92c2d0 (gdb) p array $2 = (GRealPtrArray *) 0x0 (gdb) So farray is passed to g_ptr_array_add() which assigns it to a local array variable and suddenly it's NULL? Help?
Same issue here: $ rpm -q evolution-data-server gtkhtml3 evolution-data-server-1.7.91-1 gtkhtml3-3.11.91-1 Memory status: size: 680914944 vsize: 680914944 resident: 75616256 share: 23437312 rss: 75616256 rss_rlim: -1 CPU usage: start_time: 1155608505 rtime: 1989 utime: 1330 stime: 659 cutime:0 cstime: 6 timeout: 0 it_real_value: 0 frequency: 100 Backtrace was generated from '/usr/bin/evolution-2.8' (no debugging symbols found) Using host libthread_db library "/lib64/libthread_db.so.1". (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 46912498999376 (LWP 23926)] [New Thread 1168415040 (LWP 23961)] [New Thread 1126189376 (LWP 23959)] [New Thread 1168148800 (LWP 23958)] [New Thread 1157658944 (LWP 23957)] [New Thread 1147169088 (LWP 23956)] [New Thread 1136679232 (LWP 23955)] [New Thread 1115699520 (LWP 23949)] [New Thread 1105209664 (LWP 23948)] [New Thread 1094719808 (LWP 23946)] [New Thread 1084229952 (LWP 23945)] (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) 0x0000003ef940dfbf in waitpid () from /lib64/libpthread.so.0 #0 0x0000003ef940dfbf in waitpid () from /lib64/libpthread.so.0 #1 0x0000003f07a56d87 in gnome_gtk_module_info_get () from /usr/lib64/libgnomeui-2.so.0 #2 <signal handler called> #3 0x0000003efce0f630 in cairo_font_face_destroy () from /usr/lib64/libcairo.so.2 #4 0x0000003efce0f815 in cairo_font_options_copy () from /usr/lib64/libcairo.so.2 #5 0x0000003efde0445d in pango_cairo_context_set_font_options () from /usr/lib64/libpangocairo-1.0.so.0 #6 0x0000003f0fa1fd4f in e_cell_text_new () from /usr/lib64/evolution/2.8/libetable.so.0 #7 0x0000003f0fa20f64 in e_cell_text_get_text_by_view () from /usr/lib64/evolution/2.8/libetable.so.0 #8 0x0000003f0fa239da in e_cell_text_get_text_by_view () from /usr/lib64/evolution/2.8/libetable.so.0 #9 0x0000003f0fa3f0fd in e_table_item_set_cursor () from /usr/lib64/evolution/2.8/libetable.so.0 #10 0x0000003f07220c95 in gnome_canvas_root () from /usr/lib64/libgnomecanvas-2.so.0 #11 0x0000003f072253f6 in gnome_canvas_item_new () from /usr/lib64/libgnomecanvas-2.so.0 #12 0x0000003efc5315ad in gtk_marshal_BOOLEAN__VOID () from /usr/lib64/libgtk-x11-2.0.so.0 #13 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #14 0x0000003ef881b8cd in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 #15 0x0000003ef881c4df in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #16 0x0000003ef881c8f3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 #17 0x0000003efc62de7e in gtk_widget_get_default_style () from /usr/lib64/libgtk-x11-2.0.so.0 #18 0x0000003f0721f604 in gnome_canvas_window_to_world () from /usr/lib64/libgnomecanvas-2.so.0 #19 0x0000003f07220366 in gnome_canvas_set_scroll_region () from /usr/lib64/libgnomecanvas-2.so.0 #20 0x0000003ef802cf34 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #21 0x0000003ef802fd6d in g_main_context_check () from /lib64/libglib-2.0.so.0 #22 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 #23 0x0000003f06e2d0e6 in bonobo_main () from /usr/lib64/libbonobo-2.so.0 #24 0x0000000000415cd2 in POA_GNOME_Evolution_DataServer_InterfaceCheck__fini () #25 0x0000003ef6820aa4 in __libc_start_main () from /lib64/libc.so.6 #26 0x0000000000409ea9 in ?? () #27 0x00007fffcba9d448 in ?? () #28 0x0000000000000000 in ?? () Thread 11 (Thread 1084229952 (LWP 23945)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003f0ce14f30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x0000003f0ce1514c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 10 (Thread 1094719808 (LWP 23946)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003f0ce14f30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x0000003f0ce1514c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 9 (Thread 1105209664 (LWP 23948)): #0 0x0000003ef68c7456 in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003ef802fbbe in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #2 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #3 0x0000003f10603413 in libnm_glib_init () from /usr/lib64/libnm_glib.so.0 No symbol table info available. #4 0x0000003ef8048f14 in g_thread_create_full () from /lib64/libglib-2.0.so.0 No symbol table info available. #5 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #6 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #7 0x0000000000000000 in ?? () No symbol table info available. Thread 8 (Thread 1115699520 (LWP 23949)): #0 0x0000003ef940d977 in __fsync_nocancel () from /lib64/libpthread.so.0 No symbol table info available. #1 0x00002aaab3d9d724 in camel_imap_message_cache_get () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamelimap.so No symbol table info available. #2 0x00002aaab3d9daa6 in camel_imap_message_cache_insert () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamelimap.so No symbol table info available. #3 0x00002aaab3d97099 in camel_imap_command () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamelimap.so No symbol table info available. #4 0x00002aaab3d978b2 in camel_imap_folder_fetch_data () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamelimap.so No symbol table info available. #5 0x00002aaab3d98ba3 in camel_imap_folder_changed () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamelimap.so No symbol table info available. #6 0x0000003f0e218236 in camel_disco_folder_expunge_uids () from /usr/lib64/libcamel-provider-1.2.so.8 No symbol table info available. #7 0x0000003f0e2364db in camel_session_get_service_connected () from /usr/lib64/libcamel-provider-1.2.so.8 No symbol table info available. #8 0x0000003f0ce15102 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #9 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #10 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #11 0x0000000000000000 in ?? () No symbol table info available. Thread 7 (Thread 1136679232 (LWP 23955)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003f0ce14f30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x0000003f0ce1514c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 6 (Thread 1147169088 (LWP 23956)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003f0ce14f30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x0000003f0ce1514c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 5 (Thread 1157658944 (LWP 23957)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003f0ce14f30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x0000003f0ce1514c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 4 (Thread 1168148800 (LWP 23958)): #0 0x0000003ef940d24b in __read_nocancel () from /lib64/libpthread.so.0 No symbol table info available. #1 0x0000003f0d6266b8 in camel_mime_parser_seek () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #2 0x0000003f0d627080 in camel_mime_parser_drop_step () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #3 0x0000003f0d6277dd in camel_mime_parser_step () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #4 0x0000003f0e22205c in camel_folder_summary_info_new_from_parser () from /usr/lib64/libcamel-provider-1.2.so.8 No symbol table info available. #5 0x0000003f0e2222e6 in camel_folder_summary_add_from_parser () from /usr/lib64/libcamel-provider-1.2.so.8 No symbol table info available. #6 0x00002aaab3b7b662 in camel_mbox_summary_new () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamellocal.so No symbol table info available. #7 0x00002aaab3b7bf51 in camel_mbox_summary_new () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamellocal.so No symbol table info available. #8 0x00002aaab3b74f9a in camel_local_folder_construct () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamellocal.so No symbol table info available. #9 0x00002aaab3308b71 in mail_enable_stop () from /usr/lib64/evolution/2.8/components/libevolution-mail.so No symbol table info available. #10 0x0000003f0ce15102 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #11 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #12 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #13 0x0000000000000000 in ?? () No symbol table info available. Thread 3 (Thread 1126189376 (LWP 23959)): #0 0x0000003ef68c7456 in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003ef802fbbe in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #2 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #3 0x0000003f0d2180bd in e_book_get_type () from /usr/lib64/libebook-1.2.so.9 No symbol table info available. #4 0x0000003ef8048f14 in g_thread_create_full () from /lib64/libglib-2.0.so.0 No symbol table info available. #5 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #6 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #7 0x0000000000000000 in ?? () No symbol table info available. Thread 2 (Thread 1168415040 (LWP 23961)): #0 0x0000003ef68c7456 in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003ef802fbbe in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #2 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #3 0x0000003f03645860 in link_set_io_thread () from /usr/lib64/libORBit-2.so.0 No symbol table info available. #4 0x0000003ef8048f14 in g_thread_create_full () from /lib64/libglib-2.0.so.0 No symbol table info available. #5 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #6 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #7 0x0000000000000000 in ?? () No symbol table info available. Thread 1 (Thread 46912498999376 (LWP 23926)): #0 0x0000003ef940dfbf in waitpid () from /lib64/libpthread.so.0 No symbol table info available. #1 0x0000003f07a56d87 in gnome_gtk_module_info_get () from /usr/lib64/libgnomeui-2.so.0 No symbol table info available. #2 <signal handler called> No symbol table info available. #3 0x0000003efce0f630 in cairo_font_face_destroy () from /usr/lib64/libcairo.so.2 No symbol table info available. #4 0x0000003efce0f815 in cairo_font_options_copy () from /usr/lib64/libcairo.so.2 No symbol table info available. #5 0x0000003efde0445d in pango_cairo_context_set_font_options () from /usr/lib64/libpangocairo-1.0.so.0 No symbol table info available. #6 0x0000003f0fa1fd4f in e_cell_text_new () from /usr/lib64/evolution/2.8/libetable.so.0 No symbol table info available. #7 0x0000003f0fa20f64 in e_cell_text_get_text_by_view () from /usr/lib64/evolution/2.8/libetable.so.0 No symbol table info available. #8 0x0000003f0fa239da in e_cell_text_get_text_by_view () from /usr/lib64/evolution/2.8/libetable.so.0 No symbol table info available. #9 0x0000003f0fa3f0fd in e_table_item_set_cursor () from /usr/lib64/evolution/2.8/libetable.so.0 No symbol table info available. #10 0x0000003f07220c95 in gnome_canvas_root () from /usr/lib64/libgnomecanvas-2.so.0 No symbol table info available. #11 0x0000003f072253f6 in gnome_canvas_item_new () from /usr/lib64/libgnomecanvas-2.so.0 No symbol table info available. #12 0x0000003efc5315ad in gtk_marshal_BOOLEAN__VOID () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #13 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 No symbol table info available. #14 0x0000003ef881b8cd in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 No symbol table info available. #15 0x0000003ef881c4df in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 No symbol table info available. #16 0x0000003ef881c8f3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 No symbol table info available. #17 0x0000003efc62de7e in gtk_widget_get_default_style () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #18 0x0000003f0721f604 in gnome_canvas_window_to_world () from /usr/lib64/libgnomecanvas-2.so.0 No symbol table info available. #19 0x0000003f07220366 in gnome_canvas_set_scroll_region () from /usr/lib64/libgnomecanvas-2.so.0 No symbol table info available. #20 0x0000003ef802cf34 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 No symbol table info available. #21 0x0000003ef802fd6d in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #22 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #23 0x0000003f06e2d0e6 in bonobo_main () from /usr/lib64/libbonobo-2.so.0 No symbol table info available. #24 0x0000000000415cd2 in POA_GNOME_Evolution_DataServer_InterfaceCheck__fini () No symbol table info available. #25 0x0000003ef6820aa4 in __libc_start_main () from /lib64/libc.so.6 No symbol table info available. #26 0x0000000000409ea9 in ?? () No symbol table info available. #27 0x00007fffcba9d448 in ?? () No symbol table info available. #28 0x0000000000000000 in ?? () No symbol table info available. #0 0x0000003ef940dfbf in waitpid () from /lib64/libpthread.so.0
From today : $ rpm -qa | grep evol evolution-data-server-1.7.91-2 evolution-sharp-0.11.1-7 evolution-2.7.91-4 evolution-connector-2.7.91-2 (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) 0x0000003ef940dfbf in waitpid () from /lib64/libpthread.so.0 #0 0x0000003ef940dfbf in waitpid () from /lib64/libpthread.so.0 #1 0x0000003a7f856d87 in gnome_gtk_module_info_get () from /usr/lib64/libgnomeui-2.so.0 #2 <signal handler called> #3 0x0000003ef687188b in free () from /lib64/libc.so.6 #4 0x00002aaab9b205e8 in editor_control_factory () from /usr/lib64/gtkhtml/libgnome-gtkhtml-editor-3.8.so #5 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #6 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 #7 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #8 0x0000003ef881c8f3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 #9 0x0000003a8283731b in gtk_html_get_url_at () from /usr/lib64/libgtkhtml-3.8.so.15 #10 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #11 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 #12 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #13 0x0000003ef881e2c0 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0 #14 0x0000003a82867f48 in html_image_factory_register () from /usr/lib64/libgtkhtml-3.8.so.15 #15 0x0000003a828683e5 in html_image_init () from /usr/lib64/libgtkhtml-3.8.so.15 #16 0x0000003a8286850d in html_image_new () from /usr/lib64/libgtkhtml-3.8.so.15 #17 0x0000003a8284ed5d in html_engine_insert_text_with_extra_attributes () from /usr/lib64/libgtkhtml-3.8.so.15 #18 0x0000003a8284ee3a in html_engine_paste_text_with_extra_attributes () from /usr/lib64/libgtkhtml-3.8.so.15 #19 0x0000003a82830e62 in gtk_html_im_reset () from /usr/lib64/libgtkhtml-3.8.so.15 #20 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #21 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 #22 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #23 0x0000003ef881e2c0 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0 #24 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #25 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 #26 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #27 0x0000003ef881e2c0 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0 #28 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #29 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 #30 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #31 0x0000003ef881e2c0 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0 #32 0x00002aaaacfe5314 in gtk_im_context_simple_new () from /usr/lib64/libgtk-x11-2.0.so.0 #33 0x00002aaaacfe5a8e in gtk_im_context_simple_new () from /usr/lib64/libgtk-x11-2.0.so.0 #34 0x00002aaab8324c5b in gtk_im_context_scim_new () from /usr/lib64/gtk-2.0/immodules/im-scim.so #35 0x0000003a82838b08 in gtk_html_set_editable () from /usr/lib64/libgtkhtml-3.8.so.15 #36 0x00002aaaad0045ad in gtk_marshal_BOOLEAN__VOID () from /usr/lib64/libgtk-x11-2.0.so.0 #37 0x0000003ef880b220 in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #38 0x0000003ef881b8cd in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 #39 0x0000003ef881c4df in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #40 0x0000003ef881c8f3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 #41 0x00002aaaad100e8e in gtk_widget_get_default_style () from /usr/lib64/libgtk-x11-2.0.so.0 #42 0x00002aaaad10eedb in gtk_window_propagate_key_event () from /usr/lib64/libgtk-x11-2.0.so.0 #43 0x00002aaaad111c5b in gtk_window_activate_key () from /usr/lib64/libgtk-x11-2.0.so.0 #44 0x0000003a7f44fecc in bonobo_window_remove_popup () from /usr/lib64/libbonoboui-2.so.0 #45 0x00002aaaad0045ad in gtk_marshal_BOOLEAN__VOID () from /usr/lib64/libgtk-x11-2.0.so.0 #46 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #47 0x0000003ef881b8cd in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 #48 0x0000003ef881c4df in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #49 0x0000003ef881c8f3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 #50 0x00002aaaad100e8e in gtk_widget_get_default_style () from /usr/lib64/libgtk-x11-2.0.so.0 #51 0x00002aaaacffdd75 in gtk_propagate_event () from /usr/lib64/libgtk-x11-2.0.so.0 #52 0x00002aaaacffecc1 in gtk_main_do_event () from /usr/lib64/libgtk-x11-2.0.so.0 #53 0x00002aaaad49879c in gdk_add_client_message_filter () from /usr/lib64/libgdk-x11-2.0.so.0 #54 0x0000003ef802cf34 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #55 0x0000003ef802fd6d in g_main_context_check () from /lib64/libglib-2.0.so.0 #56 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 #57 0x00002aaaaca6f0e6 in bonobo_main () from /usr/lib64/libbonobo-2.so.0 #58 0x0000000000415cd2 in POA_GNOME_Evolution_DataServer_InterfaceCheck__fini () #59 0x0000003ef6820aa4 in __libc_start_main () from /lib64/libc.so.6 #60 0x0000000000409ea9 in ?? () #61 0x00007fff35a9d448 in ?? () #62 0x0000000000000000 in ?? () Thread 11 (Thread 1084229952 (LWP 2906)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x00002aaaac82bf30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x00002aaaac82c14c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 10 (Thread 1094719808 (LWP 2907)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x00002aaaac82bf30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x00002aaaac82c14c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 9 (Thread 1105209664 (LWP 2909)): #0 0x0000003ef68c7456 in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003ef802fbbe in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #2 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #3 0x0000003f10603413 in libnm_glib_init () from /usr/lib64/libnm_glib.so.0 No symbol table info available. #4 0x0000003ef8048f14 in g_thread_create_full () from /lib64/libglib-2.0.so.0 No symbol table info available. #5 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #6 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #7 0x0000000000000000 in ?? () No symbol table info available. Thread 8 (Thread 1115699520 (LWP 2910)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x00002aaaac82bf30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x00002aaaac82c14c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 7 (Thread 1126189376 (LWP 2914)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x00002aaaac82bf30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x00002aaaac82c14c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 6 (Thread 1136679232 (LWP 2917)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x00002aaaac82bf30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x00002aaaac82c14c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 5 (Thread 1147169088 (LWP 2918)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x00002aaaac82bf30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x00002aaaac82c14c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 4 (Thread 1157658944 (LWP 2920)): #0 0x0000003ef68c94d2 in __select_nocancel () from /lib64/libc.so.6 No symbol table info available. #1 0x00002aaaac82bf30 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #2 0x00002aaaac82c14c in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #3 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #5 0x0000000000000000 in ?? () No symbol table info available. Thread 3 (Thread 1168148800 (LWP 2921)): #0 0x0000003ef68c7456 in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003ef802fbbe in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #2 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #3 0x00002aaaac3310bd in e_book_get_type () from /usr/lib64/libebook-1.2.so.9 No symbol table info available. #4 0x0000003ef8048f14 in g_thread_create_full () from /lib64/libglib-2.0.so.0 No symbol table info available. #5 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #6 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #7 0x0000000000000000 in ?? () No symbol table info available. Thread 2 (Thread 1168415040 (LWP 2923)): #0 0x0000003ef68c7456 in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003ef802fbbe in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #2 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #3 0x0000003f03645860 in link_set_io_thread () from /usr/lib64/libORBit-2.so.0 No symbol table info available. #4 0x0000003ef8048f14 in g_thread_create_full () from /lib64/libglib-2.0.so.0 No symbol table info available. #5 0x0000003ef9406f67 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #6 0x0000003ef68cff1d in clone () from /lib64/libc.so.6 No symbol table info available. #7 0x0000000000000000 in ?? () No symbol table info available. Thread 1 (Thread 46912544795904 (LWP 2888)): #0 0x0000003ef940dfbf in waitpid () from /lib64/libpthread.so.0 No symbol table info available. #1 0x0000003a7f856d87 in gnome_gtk_module_info_get () from /usr/lib64/libgnomeui-2.so.0 No symbol table info available. #2 <signal handler called> No symbol table info available. #3 0x0000003ef687188b in free () from /lib64/libc.so.6 No symbol table info available. #4 0x00002aaab9b205e8 in editor_control_factory () from /usr/lib64/gtkhtml/libgnome-gtkhtml-editor-3.8.so No symbol table info available. #5 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 No symbol table info available. #6 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 No symbol table info available. #7 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 No symbol table info available. #8 0x0000003ef881c8f3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 No symbol table info available. #9 0x0000003a8283731b in gtk_html_get_url_at () from /usr/lib64/libgtkhtml-3.8.so.15 No symbol table info available. #10 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 No symbol table info available. #11 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 No symbol table info available. #12 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 No symbol table info available. #13 0x0000003ef881e2c0 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0 No symbol table info available. #14 0x0000003a82867f48 in html_image_factory_register () from /usr/lib64/libgtkhtml-3.8.so.15 No symbol table info available. #15 0x0000003a828683e5 in html_image_init () from /usr/lib64/libgtkhtml-3.8.so.15 No symbol table info available. #16 0x0000003a8286850d in html_image_new () from /usr/lib64/libgtkhtml-3.8.so.15 No symbol table info available. #17 0x0000003a8284ed5d in html_engine_insert_text_with_extra_attributes () from /usr/lib64/libgtkhtml-3.8.so.15 No symbol table info available. #18 0x0000003a8284ee3a in html_engine_paste_text_with_extra_attributes () from /usr/lib64/libgtkhtml-3.8.so.15 No symbol table info available. #19 0x0000003a82830e62 in gtk_html_im_reset () from /usr/lib64/libgtkhtml-3.8.so.15 No symbol table info available. #20 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 No symbol table info available. #21 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 No symbol table info available. #22 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 No symbol table info available. #23 0x0000003ef881e2c0 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0 No symbol table info available. #24 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 No symbol table info available. #25 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 No symbol table info available. #26 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 No symbol table info available. #27 0x0000003ef881e2c0 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0 No symbol table info available. #28 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 No symbol table info available. #29 0x0000003ef881b2ad in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 No symbol table info available. #30 0x0000003ef881c716 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 No symbol table info available. #31 0x0000003ef881e2c0 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0 No symbol table info available. #32 0x00002aaaacfe5314 in gtk_im_context_simple_new () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #33 0x00002aaaacfe5a8e in gtk_im_context_simple_new () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #34 0x00002aaab8324c5b in gtk_im_context_scim_new () from /usr/lib64/gtk-2.0/immodules/im-scim.so No symbol table info available. #35 0x0000003a82838b08 in gtk_html_set_editable () from /usr/lib64/libgtkhtml-3.8.so.15 No symbol table info available. #36 0x00002aaaad0045ad in gtk_marshal_BOOLEAN__VOID () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #37 0x0000003ef880b220 in g_closure_invoke () from /lib64/libgobject-2.0.so.0 No symbol table info available. #38 0x0000003ef881b8cd in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 No symbol table info available. #39 0x0000003ef881c4df in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 No symbol table info available. #40 0x0000003ef881c8f3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 No symbol table info available. #41 0x00002aaaad100e8e in gtk_widget_get_default_style () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #42 0x00002aaaad10eedb in gtk_window_propagate_key_event () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #43 0x00002aaaad111c5b in gtk_window_activate_key () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #44 0x0000003a7f44fecc in bonobo_window_remove_popup () from /usr/lib64/libbonoboui-2.so.0 No symbol table info available. #45 0x00002aaaad0045ad in gtk_marshal_BOOLEAN__VOID () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #46 0x0000003ef880b16a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 No symbol table info available. #47 0x0000003ef881b8cd in g_signal_override_class_closure () from /lib64/libgobject-2.0.so.0 No symbol table info available. #48 0x0000003ef881c4df in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 No symbol table info available. #49 0x0000003ef881c8f3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 No symbol table info available. #50 0x00002aaaad100e8e in gtk_widget_get_default_style () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #51 0x00002aaaacffdd75 in gtk_propagate_event () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #52 0x00002aaaacffecc1 in gtk_main_do_event () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #53 0x00002aaaad49879c in gdk_add_client_message_filter () from /usr/lib64/libgdk-x11-2.0.so.0 No symbol table info available. #54 0x0000003ef802cf34 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 No symbol table info available. #55 0x0000003ef802fd6d in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #56 0x0000003ef803007a in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #57 0x00002aaaaca6f0e6 in bonobo_main () from /usr/lib64/libbonobo-2.so.0 No symbol table info available. #58 0x0000000000415cd2 in POA_GNOME_Evolution_DataServer_InterfaceCheck__fini () No symbol table info available. #59 0x0000003ef6820aa4 in __libc_start_main () from /lib64/libc.so.6 No symbol table info available. #60 0x0000000000409ea9 in ?? () No symbol table info available. #61 0x00007fff35a9d448 in ?? () No symbol table info available. #62 0x0000000000000000 in ?? () No symbol table info available. #0 0x0000003ef940dfbf in waitpid () from /lib64/libpthread.so.0
The crashes here tend to be when I look at an email *after* some goon or other decides to send me an HTML email which contains pictures or other such garbage.
Could someone perhaps try downgrading to evolution 2.7.90 and evolution-data-server 1.7.90 and see if the crashes persist? Or for the more ambitious, try compiling the latest releases from Gnome.org sources and see if the crashes persist? Still trying to determine whether this is a Fedora thing or whether upstream introduced it in the latest releases. I still can't reproduce this on my own machine, so I'm kind of at the mercy of people willing to help.
Created attachment 134339 [details] a patch Here is a patch which may fix some of the uninitialized access warnings I have seen in valgrind. Unlikely to fix the crashes though.
Tried unpatched e-d-s and evolution from the rawhide srpms but that didn't help. Going to test the new e-d-s package from today's rawhide now: No change... Here's a bunch of stuff I found in my logs after running evolution+daemons in valgrind today: From evolution-alarm-notify: ==16988== Thread 5: ==16988== Invalid read of size 4 ==16988== at 0xB74679: open_async (e-cal.c:1878) ==16988== by 0x897FEE: g_thread_create_proxy (gthread.c:553) ==16988== by 0x6EDF99: start_thread (pthread_create.c:274) ==16988== by 0x5279AD: clone (in /lib/libc-2.4.90.so) ==16988== Address 0x4F13C40 is 8 bytes inside a block of size 28 free'd ==16988== at 0x4004FEA: free (vg_replace_malloc.c:233) ==16988== by 0x8815F0: g_free (gmem.c:187) ==16988== by 0xB6A6D7: async_signal_idle_cb (e-cal.c:1867) ==16988== by 0x8785E0: g_idle_dispatch (gmain.c:3924) ==16988== by 0x87A341: g_main_context_dispatch (gmain.c:2043) ==16988== by 0x87D31E: g_main_context_iterate (gmain.c:2675) ==16988== by 0x87D6C8: g_main_loop_run (gmain.c:2879) ==16988== by 0x4C616A22: bonobo_main (bonobo-main.c:311) ==16988== by 0x805C490: main (notify-main.c:162) From evolution: ==17013== Invalid write of size 4 ==17013== at 0x4D294CCA: gtk_widget_destroyed (gtkwidget.c:2184) ==17013== by 0x923138: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==17013== by 0x915F0A: g_closure_invoke (gclosure.c:490) ==17013== by 0x926D72: signal_emit_unlocked_R (gsignal.c:2438) ==17013== by 0x92826E: g_signal_emit_valist (gsignal.c:2197) ==17013== by 0x928428: g_signal_emit (gsignal.c:2241) ==17013== by 0x4D1A30E0: gtk_object_dispose (gtkobject.c:418) ==17013== by 0x4D29D250: gtk_widget_dispose (gtkwidget.c:6873) ==17013== by 0x91858F: g_object_run_dispose (gobject.c:571) ==17013== by 0x4D1A2DED: gtk_object_destroy (gtkobject.c:403) ==17013== by 0x4D29D434: gtk_widget_destroy (gtkwidget.c:2158) ==17013== by 0x4D19AA9B: gtk_notebook_forall (gtknotebook.c:3810) ==17013== by 0x4D0ED57A: gtk_container_foreach (gtkcontainer.c:1288) ==17013== by 0x4D0EDEAF: gtk_container_destroy (gtkcontainer.c:825) ==17013== by 0x4D1A1256: gtk_notebook_destroy (gtknotebook.c:1327) ==17013== by 0x923138: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==17013== by 0x9146F8: g_type_class_meta_marshal (gclosure.c:567) ==17013== by 0x915FEC: g_closure_invoke (gclosure.c:490) ==17013== by 0x92752E: signal_emit_unlocked_R (gsignal.c:2554) ==17013== by 0x92826E: g_signal_emit_valist (gsignal.c:2197) ==17013== by 0x928428: g_signal_emit (gsignal.c:2241) ==17013== by 0x4D1A30E0: gtk_object_dispose (gtkobject.c:418) ==17013== by 0x4D29D250: gtk_widget_dispose (gtkwidget.c:6873) ==17013== by 0x91858F: g_object_run_dispose (gobject.c:571) ==17013== by 0x4D1A2DED: gtk_object_destroy (gtkobject.c:403) ==17013== by 0x4D29D434: gtk_widget_destroy (gtkwidget.c:2158) ==17013== by 0x4D0B21FF: gtk_box_forall (gtkbox.c:670) ==17013== by 0x4D0ED57A: gtk_container_foreach (gtkcontainer.c:1288) ==17013== by 0x4D0EDEAF: gtk_container_destroy (gtkcontainer.c:825) ==17013== by 0x923138: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==17013== Address 0x178FDDBC is 20 bytes inside a block of size 32 free'd ==17013== at 0x4004FEA: free (vg_replace_malloc.c:233) ==17013== by 0x8815F0: g_free (gmem.c:187) ==17013== by 0xA89937: ep_finalise (e-config.c:135) ==17013== by 0x5634740: emp_finalise (em-config.c:91) ==17013== by 0x91824B: g_object_unref (gobject.c:1762) ==17013== by 0xA896EB: ec_widget_destroy (e-config.c:797) ==17013== by 0x923138: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==17013== by 0x915F0A: g_closure_invoke (gclosure.c:490) ==17013== by 0x926D72: signal_emit_unlocked_R (gsignal.c:2438) ==17013== by 0x92826E: g_signal_emit_valist (gsignal.c:2197) ==17013== by 0x928428: g_signal_emit (gsignal.c:2241) ==17013== by 0x4D1A30E0: gtk_object_dispose (gtkobject.c:418) ==17013== by 0x4D29D250: gtk_widget_dispose (gtkwidget.c:6873) ==17013== by 0x91858F: g_object_run_dispose (gobject.c:571) ==17013== by 0x4D1A2DED: gtk_object_destroy (gtkobject.c:403) ==17013== by 0x4D29D434: gtk_widget_destroy (gtkwidget.c:2158) ==17013== by 0x4D0B21FF: gtk_box_forall (gtkbox.c:670) ==17013== by 0x4D0ED57A: gtk_container_foreach (gtkcontainer.c:1288) ==17013== by 0x4D0EDEAF: gtk_container_destroy (gtkcontainer.c:825) ==17013== by 0x923138: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==17013== by 0x9146F8: g_type_class_meta_marshal (gclosure.c:567) ==17013== by 0x915FEC: g_closure_invoke (gclosure.c:490) ==17013== by 0x92752E: signal_emit_unlocked_R (gsignal.c:2554) ==17013== by 0x92826E: g_signal_emit_valist (gsignal.c:2197) ==17013== by 0x928428: g_signal_emit (gsignal.c:2241) ==17013== by 0x4D1A30E0: gtk_object_dispose (gtkobject.c:418) ==17013== by 0x4D29D250: gtk_widget_dispose (gtkwidget.c:6873) ==17013== by 0x91858F: g_object_run_dispose (gobject.c:571) ==17013== by 0x4D1A2DED: gtk_object_destroy (gtkobject.c:403) ==17013== by 0x4D29D434: gtk_widget_destroy (gtkwidget.c:2158) I've put the valgrind logs here: http://www.gnome.org/~kmaraas/evolution-alarm-notify-log.16988 http://www.gnome.org/~kmaraas/evolution-data-server-log.16984 http://www.gnome.org/~kmaraas/evolution-log.17013
Created attachment 134380 [details] Crash data from todays update I'm seeing the same from todays rawhide. Bug report attached. I'm using the exchange connector but it seems that its not at fault this time. Versions are: [root@localhost ~]# rpm -q gtkhtml3 libsoup gtkhtml3-3.11.91-1 libsoup-2.2.96-2.fc6 [root@localhost ~]# rpm -qa| grep evolution evolution-connector-2.7.91-2 evolution-data-server-1.7.91-3.fc6 evolution-sharp-0.11.1-7 evolution-2.7.91-5.fc6 evolution-debuginfo-2.7.91-5.fc6 evolution-data-server-debuginfo-1.7.91-2 evolution-data-server-devel-1.7.91-3.fc6 evolution-connector-debuginfo-2.7.91-2
Matthias Clasen agreed to host some evolution RPMs of the previous point-release. It would be _very_ helpful to me if a few people could try downgrading to these packages and see if they still experience the crashes. http://people.redhat.com/mclasen/evolution/
That's nice... Unfortunately when I do rpm -Uhv --oldpackage evolution* I get error: Failed dependencies: libgpilotd.so.2 is needed by evolution-2.7.90-6.i386 libgpilotdcm.so.2 is needed by evolution-2.7.90-6.i386 libgpilotdconduit.so.2 is needed by evolution-2.7.90-6.i386 libgtkhtml-3.8.so.15 is needed by evolution-2.7.90-6.i386 libnm_glib.so.0 is needed by evolution-2.7.90-6.i386 libnotify.so.1 is needed by evolution-2.7.90-6.i386 libpisock.so.8 is needed by evolution-2.7.90-6.i386 libpisync.so.0 is needed by evolution-2.7.90-6.i386 libsoup-2.2.so.8 is needed by evolution-2.7.90-6.i386 libsoup-2.2.so.8 is needed by evolution-connector-2.7.90-3.i386 libsoup-2.2.so.8 is needed by evolution-data-server-1.7.90.1-5.i386 libsoup-devel >= 2.2.2 is needed by evolution-devel-2.7.90-6.i386 Any chance of Matthias hosting the previous version of the x86_64 version as well?
Just barfed. Had been ok for a few hours, then I clicked on a new (Bold) email that had just come in and pop. The email in question was a discraceful 1170KB email all in HTML : "This is a multi-part message in MIME format. ------_=_NextPart_001_01C6C27B.4F0D3CEE Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:v =3D=20 "urn:schemas-microsoft-com:vml" xmlns:o =3D=20 "urn:schemas-microsoft-com:office:office" xmlns:w =3D=20 "urn:schemas-microsoft-com:office:word" xmlns:st1 =3D=20 "urn:schemas-microsoft-com:office:smarttags"><HEAD><TITLE>Message</TITLE>= <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR><!--[if !mso]> <STYLE> v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} </STYLE> <![endif]--><o:SmartTagType name=3D"PersonName"=20 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagT= ype><!--[if !mso]> <STYLE> st1\:*{behavior:url(#default#ieooui) } </STYLE> <![endif]--> <STYLE> <!--" <big snip> "------_=_NextPart_001_01C6C27B.4F0D3CEE Content-Type: image/bmp; name="Outlook.bmp" Content-Transfer-Encoding: base64 Content-ID: <048345703@18082006-10A1> Content-Description: Outlook.bmp Content-Location: Outlook.bmp" <big snip> eek. No wonder evo is barfing :) Seems I can reproduce the crash by just looking at this email though. Memory status: size: 929701888 vsize: 929701888 resident: 274796544 share: 26066944 rss: 274796544 rss_rlim: -1 CPU usage: start_time: 1155863320 rtime: 4951 utime: 4124 stime: 827 cutime:38 cstime: 33 timeout: 0 it_real_value: 0 frequency: 100 <snip> 0x000000387a0c7816 in poll () from /lib64/libc.so.6 #0 0x000000387a0c7816 in poll () from /lib64/libc.so.6 #1 0x000000387b02fbee in g_main_context_check () from /lib64/libglib-2.0.so.0 #2 0x000000387b0300aa in g_main_loop_run () from /lib64/libglib-2.0.so.0 #3 0x000000388a62d0e6 in bonobo_main () from /usr/lib64/libbonobo-2.so.0 #4 0x0000000000415cd2 in POA_GNOME_Evolution_DataServer_InterfaceCheck__fini () #5 0x000000387a020aa4 in __libc_start_main () from /lib64/libc.so.6 #6 0x0000000000409ea9 in ?? () #7 0x00007fff8af598f8 in ?? () #8 0x0000000000000000 in ?? () <snip> Thread 7 (Thread 1126189376 (LWP 16544)): #0 0x000000387d40e66f in waitpid () from /lib64/libpthread.so.0 No symbol table info available. #1 0x000000388ba56d87 in gnome_gtk_module_info_get () from /usr/lib64/libgnomeui-2.so.0 No symbol table info available. #2 <signal handler called> No symbol table info available. #3 0x000000387a033205 in raise () from /lib64/libc.so.6 No symbol table info available. #4 0x000000387a034b70 in abort () from /lib64/libc.so.6 No symbol table info available. #5 0x000000387b035070 in g_logv () from /lib64/libglib-2.0.so.0 No symbol table info available. #6 0x000000387b0350f3 in g_log () from /lib64/libglib-2.0.so.0 No symbol table info available. #7 0x000000387b033cdf in g_realloc () from /lib64/libglib-2.0.so.0 No symbol table info available. #8 0x000000387b0107ea in g_ptr_array_new () from /lib64/libglib-2.0.so.0 No symbol table info available. #9 0x000000387b010d92 in g_array_append_vals () from /lib64/libglib-2.0.so.0 No symbol table info available. #10 0x000000387b010df9 in g_byte_array_append () from /lib64/libglib-2.0.so.0 No symbol table info available. #11 0x00002aaaaaae8cd5 in camel_mime_part_construct_content_from_parser () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #12 0x00002aaaaaaea30b in camel_mime_part_construct_from_parser () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #13 0x00002aaaaaaf264b in camel_multipart_new () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #14 0x00002aaaaaae8ca3 in camel_mime_part_construct_content_from_parser () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #15 0x00002aaaaaaea30b in camel_mime_part_construct_from_parser () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #16 0x00002aaaaaae6c56 in camel_mime_message_new () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #17 0x00002aaaaaae991e in camel_mime_part_construct_from_parser () from /usr/lib64/libcamel-1.2.so.0 No symbol table info available. #18 0x00002aaab493cebb in camel_imap_folder_fetch_data () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamelimap.so No symbol table info available. #19 0x00002aaab4941bd4 in camel_imap_folder_selected () from /usr/lib64/evolution-data-server-1.2/camel-providers/libcamelimap.so No symbol table info available. #20 0x00002aaaaad3f5d2 in camel_folder_get_message () from /usr/lib64/libcamel-provider-1.2.so.8 No symbol table info available. #21 0x00002aaab3eb0245 in mail_get_folderinfo () from /usr/lib64/evolution/2.8/components/libevolution-mail.so No symbol table info available. #22 0x00002aaab3eadb61 in mail_enable_stop () from /usr/lib64/evolution/2.8/components/libevolution-mail.so No symbol table info available. #23 0x00002aaaab6af102 in e_msgport_wait () from /usr/lib64/libedataserver-1.2.so.7 No symbol table info available. #24 0x000000387d407097 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #25 0x000000387a0d02ed in clone () from /lib64/libc.so.6 No symbol table info available. #26 0x0000000000000000 in ?? () No symbol table info available. <snip> Thread 1 (Thread 46912511031792 (LWP 16519)): #0 0x000000387a0c7816 in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x000000387b02fbee in g_main_context_check () from /lib64/libglib-2.0.so.0 No symbol table info available. #2 0x000000387b0300aa in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #3 0x000000388a62d0e6 in bonobo_main () from /usr/lib64/libbonobo-2.so.0 No symbol table info available. #4 0x0000000000415cd2 in POA_GNOME_Evolution_DataServer_InterfaceCheck__fini () No symbol table info available. #5 0x000000387a020aa4 in __libc_start_main () from /lib64/libc.so.6 No symbol table info available. #6 0x0000000000409ea9 in ?? () No symbol table info available. #7 0x00007fff8af598f8 in ?? () No symbol table info available. #8 0x0000000000000000 in ?? () No symbol table info available. #0 0x000000387a0c7816 in poll () from /lib64/libc.so.6
(In reply to comment #16) > Seems I can reproduce the crash by just looking at this email though. Can you please post the email in its entirety then (as an attachment!) so that others can try to reproduce? It would be very helpful to have a reliable reproducer.
*** Bug 203102 has been marked as a duplicate of this bug. ***
Attachment #134444 [details] has the stack trace from bug #203102. Looks like Thread 8 is the culprit.
I have put a few more rpms on my people.redhat.com page, which allowed me to cleanly downgrade a current rahwide system.
Created attachment 134465 [details] stacktrace
(In reply to comment #21) Looks like search_match_all() in Thread 3 is the culprit again. #12 0x002484e7 in search_match_all (f=0x9cb1758, argc=1, argv=0xb3201650, search=0x9cb13f0) at camel-folder-search.c:705
FWIW, one thing that I see common to almost all the stack traces -- both here and in the upstream bug -- is that the crash is triggered by a g_realloc() call from a GPtrArray or GByteArray operation, and the operation always comes from Camel. Compiler optimizations are probably preventing me from seeing a more consistent pattern in the stack traces. One popular crash point is search_match_all() in camel-folder-search.c:705. Another is somewhere in camel_mime_part_construct_content_from_parser().
This seems to be caused by a change to the malloc implementation in glibc that was committed on August 9: http://sources.redhat.com/ml/glibc-cvs/2006-q3/msg00188.html I have reverted that patch in a locally built glibc, and have not seen evo crash since then. Doing some more tests before moving the bug to glibc.
My evolution has not aborted once since I reverted the above glibc patch. Moving this bug to glibc. glibc maintainers, what kind of information do you need ?
I cannot imagine the glibc patch itself can cause any problems. But certainly the behavior of the program might change. If evolution frees big blocks of memory which used to be allocated by mmap, it now uses for some or all of them the heap. The result is that buffer overwrites are much more critical. With mmap'ed blocks the allocated size is rounded up to the next page size. I.e., there is on average 2kB of unused memory after the block. Buffer overwrites might go unnoticed. When suddenly the heap is used there are no such gaps anymore and buffer overruns become fatal. So, before spending anymore time on this, use valgrind on the program even if it takes days to run.
What is happening is that a realloc call returns NULL, causing the upper layers to abort. I have stepped through the critical realloc call in gdb. It gets valid parameters, and eventually gets to sYSMALLOc, where it creates a new heap (around line 2894 in malloc.c), but it still fails the size >= nb + MINSIZE check in line 3189 and falls through to the MALLOC_FAILURE_ACTION. Several people have tried to valgrind this, and have not found any suspicious memory overwrites.
If comment #27 is true, then this would be a long-standing problem. The patch just makes it more likely to hit. A programmer could raise the mmap_threshold using mallopt to get the same effect. Anyway, what is the requested size and what is the mp_.mmap_threshold value?
I've found one problem. Any allocation of a new heap would fail if the mmap_threshold is larger than 1MB. This is the HEAP_MAX_SIZE value which isn't adjusted for the new mmap_threshold. I checked in a patch which should correct this. The patch limits the mmap_threshold on 32bit machines to 1MB. Any larger value would mean too much address space is wasterd aligning new heaps. On 64-bit machines I went with the 32MB limit. Additionally I've added code to always fall back on using mmap if the allocation of a new heap fails. Jakub will hopefully be able to build a new glibc soon.
Thanks! I'll test it as soon as 2.4.90-23 falls out of brew
2.4.90-23 fixes the evolution crash
Fixed in the version which will be in tomorrow's rawhide.