Bug 235096 - evolution crashes when poping up 90% quota message
evolution crashes when poping up 90% quota message
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: evolution (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthew Barnes
:
Depends On:
Blocks: FC7Blocker
  Show dependency treegraph
 
Reported: 2007-04-03 15:08 EDT by Ray Strode [halfline]
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: evolution-2.10.1-2.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-10 23:26:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 362638 None None None Never

  None (edit)
Description Ray Strode [halfline] 2007-04-03 15:08:39 EDT
Since this morning, every time I start evolution I get an empty dialog that pops
up and after that evolution just hangs.

Matt and I did some debugging and found out the dialog was a quota message from
the imap server telling me my mailbox is 90% full.

Running things under valgrind reveals:

==15385== 
==15385== Invalid read of size 4
==15385==    at 0x653C951: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385==  Address 0x6076848 is 16 bytes inside a block of size 56 free'd
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x653C605: mail_msg_free (mail-mt.c:222)
==15385==    by 0x65441DF: do_user_message (mail-session.c:349)
==15385==    by 0x653C950: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385== 
==15385== Invalid read of size 4
==15385==    at 0x653C547: mail_msg_free (mail-mt.c:187)
==15385==    by 0x653C967: periodic_processing (mail-mt.c:458)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385==  Address 0x6076848 is 16 bytes inside a block of size 56 free'd
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x653C605: mail_msg_free (mail-mt.c:222)
==15385==    by 0x65441DF: do_user_message (mail-session.c:349)
==15385==    by 0x653C950: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385== 
==15385== Invalid read of size 4
==15385==    at 0x6543B75: free_user_message (mail-session.c:358)
==15385==    by 0x653C555: mail_msg_free (mail-mt.c:188)
==15385==    by 0x653C967: periodic_processing (mail-mt.c:458)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385==  Address 0x6076868 is 48 bytes inside a block of size 56 free'd
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x653C605: mail_msg_free (mail-mt.c:222)
==15385==    by 0x65441DF: do_user_message (mail-session.c:349)
==15385==    by 0x653C950: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385== 
==15385== Invalid free() / delete / delete[]
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x6543B7F: free_user_message (mail-session.c:358)
==15385==    by 0x653C555: mail_msg_free (mail-mt.c:188)
==15385==    by 0x653C967: periodic_processing (mail-mt.c:458)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385==  Address 0x6016168 is 0 bytes inside a block of size 83 free'd
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x6543B7F: free_user_message (mail-session.c:358)
==15385==    by 0x653C555: mail_msg_free (mail-mt.c:188)
==15385==    by 0x65441DF: do_user_message (mail-session.c:349)
==15385==    by 0x653C950: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)

over and over again, so it looks like messages are getting freed but not being
removed from a message queue somewhere.
Comment 1 Ray Strode [halfline] 2007-04-03 15:33:14 EDT
Possibly unrelated but after clicking the close button on the evolution window I
went back to the valgrind terminal and noticed this additional output:

(evolution:15385): GLib-CRITICAL **: g_async_queue_lock: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_try_pop_unlocked: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_unlock: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_unref: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_lock: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_try_pop_unlocked: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_unlock: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_unref: assertion
`g_atomic_int_get (&queue->ref_count) > 0' 
Comment 2 Matthew Barnes 2007-04-03 17:07:33 EDT
Ray was using evolution-2.10.0-5.fc7.i386.

The latest round of threading code revisions was introduced in -6.
Comment 3 Ray Strode [halfline] 2007-04-03 17:39:20 EDT
I upgraded to -8.fc7.i386 and here is the updated valgrind output

==16690== Invalid read of size 4
==16690==    at 0x652F641: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690==  Address 0x10C4C6EC is 4 bytes inside a block of size 44 free'd
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x652F2F5: mail_msg_free (mail-mt.c:221)
==16690==    by 0x6536ECF: do_user_message (mail-session.c:349)
==16690==    by 0x652F640: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690== 
==16690== Invalid read of size 4
==16690==    at 0x652F237: mail_msg_free (mail-mt.c:186)
==16690==    by 0x652F657: periodic_processing (mail-mt.c:457)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690==  Address 0x10C4C6EC is 4 bytes inside a block of size 44 free'd
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x652F2F5: mail_msg_free (mail-mt.c:221)
==16690==    by 0x6536ECF: do_user_message (mail-session.c:349)
==16690==    by 0x652F640: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690== 
==16690== Invalid read of size 4
==16690==    at 0x6536865: free_user_message (mail-session.c:358)
==16690==    by 0x652F245: mail_msg_free (mail-mt.c:187)
==16690==    by 0x652F657: periodic_processing (mail-mt.c:457)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690==  Address 0x10C4C70C is 36 bytes inside a block of size 44 free'd
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x652F2F5: mail_msg_free (mail-mt.c:221)
==16690==    by 0x6536ECF: do_user_message (mail-session.c:349)
==16690==    by 0x652F640: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690== 
==16690== Invalid free() / delete / delete[]
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x653686F: free_user_message (mail-session.c:358)
==16690==    by 0x652F245: mail_msg_free (mail-mt.c:187)
==16690==    by 0x652F657: periodic_processing (mail-mt.c:457)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690==  Address 0x6B3B3C0 is 0 bytes inside a block of size 83 free'd
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x653686F: free_user_message (mail-session.c:358)
==16690==    by 0x652F245: mail_msg_free (mail-mt.c:187)
==16690==    by 0x6536ECF: do_user_message (mail-session.c:349)
==16690==    by 0x652F640: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
Comment 4 Matthew Barnes 2007-04-03 17:41:50 EDT
No GAsyncQueue warnings this time due to the EMsgPort -> EFlag transition in -6.

That narrows down which messages it could be...
Comment 5 Matthew Barnes 2007-04-10 10:59:46 EDT
Ray, I'm still figuring out a good way to reproduce this for myself.

In the meantime, can I have you try setting a breakpoint at a function called
'alert_user' and posting another traceback from that point?  That function
creates and pushes the message that's getting free'd twice, so it would be
helpful to know what's calling it and what code path it takes from there.
Comment 6 Ray Strode [halfline] 2007-04-10 11:04:29 EDT
ahhh, I just deleted a metric tonne of my mail.  I'm not where near the quota
anymore.

You could recreate it pretty easily by just taking a mail folder and copying it
to a new folder a few times until your quota fills up.
Comment 7 Matthew Barnes 2007-04-10 23:26:34 EDT
Fixed in evolution-2.10.1-2.fc7.

Note You need to log in before you can comment on or make changes to this bug.