235096 – evolution crashes when poping up 90% quota message

Bug 235096 - evolution crashes when poping up 90% quota message

Summary: evolution crashes when poping up 90% quota message

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	evolution
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Matthew Barnes
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FC7Blocker
TreeView+	depends on / blocked

Reported:	2007-04-03 19:08 UTC by Ray Strode [halfline]
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:	evolution-2.10.1-2.fc7
Clone Of:
Environment:
Last Closed:	2007-04-11 03:26:34 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNOME Bugzilla	362638	0	None	None	None	Never

Description Ray Strode [halfline] 2007-04-03 19:08:39 UTC

Since this morning, every time I start evolution I get an empty dialog that pops
up and after that evolution just hangs.

Matt and I did some debugging and found out the dialog was a quota message from
the imap server telling me my mailbox is 90% full.

Running things under valgrind reveals:

==15385== 
==15385== Invalid read of size 4
==15385==    at 0x653C951: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385==  Address 0x6076848 is 16 bytes inside a block of size 56 free'd
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x653C605: mail_msg_free (mail-mt.c:222)
==15385==    by 0x65441DF: do_user_message (mail-session.c:349)
==15385==    by 0x653C950: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385== 
==15385== Invalid read of size 4
==15385==    at 0x653C547: mail_msg_free (mail-mt.c:187)
==15385==    by 0x653C967: periodic_processing (mail-mt.c:458)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385==  Address 0x6076848 is 16 bytes inside a block of size 56 free'd
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x653C605: mail_msg_free (mail-mt.c:222)
==15385==    by 0x65441DF: do_user_message (mail-session.c:349)
==15385==    by 0x653C950: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385== 
==15385== Invalid read of size 4
==15385==    at 0x6543B75: free_user_message (mail-session.c:358)
==15385==    by 0x653C555: mail_msg_free (mail-mt.c:188)
==15385==    by 0x653C967: periodic_processing (mail-mt.c:458)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385==  Address 0x6076868 is 48 bytes inside a block of size 56 free'd
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x653C605: mail_msg_free (mail-mt.c:222)
==15385==    by 0x65441DF: do_user_message (mail-session.c:349)
==15385==    by 0x653C950: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385== 
==15385== Invalid free() / delete / delete[]
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x6543B7F: free_user_message (mail-session.c:358)
==15385==    by 0x653C555: mail_msg_free (mail-mt.c:188)
==15385==    by 0x653C967: periodic_processing (mail-mt.c:458)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)
==15385==  Address 0x6016168 is 0 bytes inside a block of size 83 free'd
==15385==    at 0x40220FF: free (vg_replace_malloc.c:233)
==15385==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x6543B7F: free_user_message (mail-session.c:358)
==15385==    by 0x653C555: mail_msg_free (mail-mt.c:188)
==15385==    by 0x65441DF: do_user_message (mail-session.c:349)
==15385==    by 0x653C950: periodic_processing (mail-mt.c:455)
==15385==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==15385==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==15385==    by 0x805EB5F: main (main.c:586)

over and over again, so it looks like messages are getting freed but not being
removed from a message queue somewhere.

Comment 1 Ray Strode [halfline] 2007-04-03 19:33:14 UTC

Possibly unrelated but after clicking the close button on the evolution window I
went back to the valgrind terminal and noticed this additional output:

(evolution:15385): GLib-CRITICAL **: g_async_queue_lock: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_try_pop_unlocked: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_unlock: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_unref: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_lock: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_try_pop_unlocked: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_unlock: assertion
`g_atomic_int_get (&queue->ref_count) > 0' failed

(evolution:15385): GLib-CRITICAL **: g_async_queue_unref: assertion
`g_atomic_int_get (&queue->ref_count) > 0'

Comment 2 Matthew Barnes 2007-04-03 21:07:33 UTC

Ray was using evolution-2.10.0-5.fc7.i386.

The latest round of threading code revisions was introduced in -6.

Comment 3 Ray Strode [halfline] 2007-04-03 21:39:20 UTC

I upgraded to -8.fc7.i386 and here is the updated valgrind output

==16690== Invalid read of size 4
==16690==    at 0x652F641: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690==  Address 0x10C4C6EC is 4 bytes inside a block of size 44 free'd
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x652F2F5: mail_msg_free (mail-mt.c:221)
==16690==    by 0x6536ECF: do_user_message (mail-session.c:349)
==16690==    by 0x652F640: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690== 
==16690== Invalid read of size 4
==16690==    at 0x652F237: mail_msg_free (mail-mt.c:186)
==16690==    by 0x652F657: periodic_processing (mail-mt.c:457)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690==  Address 0x10C4C6EC is 4 bytes inside a block of size 44 free'd
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x652F2F5: mail_msg_free (mail-mt.c:221)
==16690==    by 0x6536ECF: do_user_message (mail-session.c:349)
==16690==    by 0x652F640: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690== 
==16690== Invalid read of size 4
==16690==    at 0x6536865: free_user_message (mail-session.c:358)
==16690==    by 0x652F245: mail_msg_free (mail-mt.c:187)
==16690==    by 0x652F657: periodic_processing (mail-mt.c:457)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690==  Address 0x10C4C70C is 36 bytes inside a block of size 44 free'd
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x652F2F5: mail_msg_free (mail-mt.c:221)
==16690==    by 0x6536ECF: do_user_message (mail-session.c:349)
==16690==    by 0x652F640: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690== 
==16690== Invalid free() / delete / delete[]
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x653686F: free_user_message (mail-session.c:358)
==16690==    by 0x652F245: mail_msg_free (mail-mt.c:187)
==16690==    by 0x652F657: periodic_processing (mail-mt.c:457)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)
==16690==  Address 0x6B3B3C0 is 0 bytes inside a block of size 83 free'd
==16690==    at 0x40220FF: free (vg_replace_malloc.c:233)
==16690==    by 0x50968C0: g_free (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x653686F: free_user_message (mail-session.c:358)
==16690==    by 0x652F245: mail_msg_free (mail-mt.c:187)
==16690==    by 0x6536ECF: do_user_message (mail-session.c:349)
==16690==    by 0x652F640: periodic_processing (mail-mt.c:454)
==16690==    by 0x508FBF5: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x508F621: g_main_context_dispatch (in
/lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50925FE: (within /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x50929A8: g_main_loop_run (in /lib/libglib-2.0.so.0.1200.11)
==16690==    by 0x47D67E2: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==16690==    by 0x805EB5F: main (main.c:586)

Comment 4 Matthew Barnes 2007-04-03 21:41:50 UTC

No GAsyncQueue warnings this time due to the EMsgPort -> EFlag transition in -6.

That narrows down which messages it could be...

Comment 5 Matthew Barnes 2007-04-10 14:59:46 UTC

Ray, I'm still figuring out a good way to reproduce this for myself.

In the meantime, can I have you try setting a breakpoint at a function called
'alert_user' and posting another traceback from that point?  That function
creates and pushes the message that's getting free'd twice, so it would be
helpful to know what's calling it and what code path it takes from there.

Comment 6 Ray Strode [halfline] 2007-04-10 15:04:29 UTC

ahhh, I just deleted a metric tonne of my mail.  I'm not where near the quota
anymore.

You could recreate it pretty easily by just taking a mail folder and copying it
to a new folder a few times until your quota fills up.

Comment 7 Matthew Barnes 2007-04-11 03:26:34 UTC

Fixed in evolution-2.10.1-2.fc7.

Note You need to log in before you can comment on or make changes to this bug.