Bug 508460 - Evolution segfault using maildir format
Evolution segfault using maildir format
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: evolution (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Matthew Barnes
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-27 08:11 EDT by Jens Falsmar Oechsler
Modified: 2009-07-22 07:08 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-28 11:04:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
valgrind --leak-check=full (102.82 KB, text/plain)
2009-07-21 17:01 EDT, Jens Falsmar Oechsler
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 587206 None None None Never

  None (edit)
Description Jens Falsmar Oechsler 2009-06-27 08:11:09 EDT
Description of problem:
After running Evolution for some time with local maildir format, it segfaults:

From dmesg:
evolution[31674]: segfault at 0 ip 00000035b1a7ee72 sp 00007f7b12a28d28 error 4 in libc-2.10.1.so[35b1a00000+164000]

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffc75fe910 (LWP 26885)]
strcmp () at ../sysdeps/x86_64/strcmp.S:30
30		cmpb	(%rsi), %al
Current language:  auto; currently asm
(gdb) thread apply all bt

Thread 146 (Thread 0x7fffc63b1910 (LWP 26890)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220
#1  0x00000035b5a02382 in g_cond_timed_wait_posix_impl (cond=0x7fffb80023c4, entered_mutex=0x80, abs_time=<value optimized out>) at gthread-posix.c:242
#2  0x00000035b3e1419f in g_async_queue_pop_intern_unlocked (queue=0xcf8620, try=0, end_time=0x7fffc63b0f90) at gasyncqueue.c:365
#3  0x00000035b3e61d50 in g_thread_pool_wait_for_new_task (pool=<value optimized out>) at gthreadpool.c:220
#4  g_thread_pool_thread_proxy (pool=<value optimized out>) at gthreadpool.c:254
#5  0x00000035b3e608b4 in g_thread_create_proxy (data=0xf79400) at gthread.c:635
#6  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#7  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#8  0x0000000000000000 in ?? ()

Thread 141 (Thread 0x7fffc75fe910 (LWP 26885)):
#0  strcmp () at ../sysdeps/x86_64/strcmp.S:30
#1  0x00007fffeac1baa7 in maildir_summary_sync (cls=0x78cb40, expunge=0, changes=<value optimized out>, ex=<value optimized out>) at camel-maildir-summary.c:771
#2  0x00007fffeac0faf7 in local_sync (folder=0xa8a4d0, expunge=0, ex=0x7fffc75fdf10) at camel-local-folder.c:517
#3  0x00007ffff65ffee1 in camel_folder_sync (folder=0xa8a4d0, expunge=0, ex=0x7fffc75fdf10) at camel-folder.c:324
#4  0x00007ffff6622356 in vee_sync (folder=0x7db200, expunge=0, ex=0x7fffc75fdf10) at camel-vee-folder.c:577
#5  0x00007ffff65ffee1 in camel_folder_sync (folder=0x7db200, expunge=0, ex=0x7fffc75fdf10) at camel-folder.c:324
#6  0x00007fffeea76c1d in refresh_folders_exec (m=0x7fffe0090ea0) at mail-send-recv.c:821
#7  0x00007fffeea710ef in mail_msg_proxy (msg=0x7fffe0090ea0) at mail-mt.c:520
#8  0x00000035b3e61eb2 in g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:265
#9  0x00000035b3e608b4 in g_thread_create_proxy (data=0x1370590) at gthread.c:635
#10 0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#11 0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#12 0x0000000000000000 in ?? ()

Thread 9 (Thread 0x7fffd8e0b910 (LWP 26085)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x8e7b60, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x8e7b60) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x8e9488) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x8e6c50) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 8 (Thread 0x7fffdb5fe910 (LWP 26084)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x753240, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x753240) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x8d6ee8) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x8d69c0) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 6 (Thread 0x7fffdbfff910 (LWP 26082)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x7fffe0002ca0, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x7fffe0002ca0) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x7fffe0024338) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x7fffe0012c00) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 5 (Thread 0x7fffe8bf8910 (LWP 26081)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x7fffe00040a0, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x7fffe00040a0) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x7fffe00045b8) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x7fffe0004100) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7fffea205910 (LWP 26079)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x6dfa40, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x6dfa40) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x6df908) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x702400) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fffeac06910 (LWP 26078)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00000035b3e14160 in g_async_queue_pop_intern_unlocked (queue=0x6e64d0, try=0, end_time=0x0) at gasyncqueue.c:358
#2  0x00000035b3e14514 in IA__g_async_queue_pop (queue=0x6e64d0) at gasyncqueue.c:398
#3  0x00007ffff5f02231 in sync_request_thread_cb (cFile=0x6ad348) at camel-db.c:78
#4  0x00000035b3e608b4 in g_thread_create_proxy (data=0x6bb380) at gthread.c:635
#5  0x00000035b260686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00000035b1ade25d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7ffff4d547f0 (LWP 26073)):
#0  0x00000035b1ad4f73 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=86) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00000035b3e3afbc in g_main_context_poll (n_fds=<value optimized out>, fds=<value optimized out>, priority=<value optimized out>, timeout=<value optimized out>, context=<value optimized out>) at gmain.c:2758
#2  g_main_context_iterate (n_fds=<value optimized out>, fds=<value optimized out>, priority=<value optimized out>, timeout=<value optimized out>, context=<value optimized out>) at gmain.c:2440
#3  0x00000035b3e3b635 in IA__g_main_loop_run (loop=0x6a05f0) at gmain.c:2653
#4  0x00000035c5c2d026 in bonobo_main () at bonobo-main.c:311
#5  0x00000000004162ba in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:704


Up to the segfault everything works fine, receiving several mails etc.

Version-Release number of selected component (if applicable):
evolution-2.26.2-1.fc11.x86_64

How reproducible:
Always happens after different amount of time

Steps to Reproduce:
1. Run Evolution with local maildir, receiving mails from postfix smtp.
  
Actual results:
Segfault in Evolution

Expected results:
No segfault in Evolution

Additional info:
Linux devzero0.devzero.loc 2.6.29.5-191.fc11.x86_64 #1 SMP Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Comment 1 Matthew Barnes 2009-06-28 11:04:54 EDT
Moving this upstream for better visibility.
Please see [1] for further updates.

[1] http://bugzilla.gnome.org/show_bug.cgi?id=587206
Comment 2 Jens Falsmar Oechsler 2009-07-15 17:00:52 EDT
Anything I can test or do to help solve this in Fedora? Or ask upstream? 

Lots of duplicates filed on the gnome bug report but no comments.
Comment 3 Milan Crha 2009-07-16 04:55:11 EDT
Hi Jens, if you can reproduce reliably, then it would be great to help. The best might be some steps and/or data to reproduce it, as it would help much with the debugging and finding proper fix, though I'm not sure whether this is possible here.

With a bit of luck we may try valgrind, whether it'll show us what's happening with a memory. Could you try this, please:
a) close evolution
b) on console run:
   $ valgrind --leak-check=full evolution &>v.log
c) when it crashes or something, and valgrind will stop, attach here the v.log
   file, it might contain some information we are looking for.

Just note that running evolution under valgrind is significantly slower.
Comment 4 Jens Falsmar Oechsler 2009-07-21 17:01:31 EDT
Created attachment 354581 [details]
valgrind --leak-check=full

When running Evolution under Valgrind I didn't see any crashes. Still happens when running Evolution normally.
Comment 5 Milan Crha 2009-07-22 07:08:00 EDT
Thanks for the update, I see nothing unusual in the valgrind output you uploaded here, maybe only except of the below. The reason for not crashing under valgrind I believe is the slowness, it doesn't have time to overlap in the "correct order".

> (evolution:6906): camel-CRITICAL **: camel_message_info_free: assertion
>   `mi != NULL' failed
> Thread 10:
> Invalid write of size 8
>    at 0xE30C608: (within /usr/lib64/gtk-2.0/modules/libgnomebreakpad.so)
>    by 0x3528641A18: g_logv (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0x3528641DB2: g_log (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0x13D5BA3D: maildir_summary_sync (camel-maildir-summary.c:809)
>    by 0x13D4FAF6: local_sync (camel-local-folder.c:517)
>    by 0x63F4FB0: camel_folder_sync (camel-folder.c:324)
>    by 0xF73EC6C: refresh_folders_exec (mail-send-recv.c:828)
>    by 0xF7390EE: mail_msg_proxy (mail-mt.c:520)
>    by 0x3528661F31: (within /lib64/libglib-2.0.so.0.2000.4)
>    by 0x3528660933: (within /lib64/libglib-2.0.so.0.2000.4)
>    by 0x35B2606869: start_thread (in /lib64/libpthread-2.10.1.so)
>    by 0x35B1ADE25C: clone (in /lib64/libc-2.10.1.so)
>  Address 0x1b7147c8 is 0 bytes after a block of size 128 alloc'd
>    at 0x4A05414: calloc (vg_replace_malloc.c:397)
>    by 0x3528640297: g_malloc0 (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0xE30C5F9: (within /usr/lib64/gtk-2.0/modules/libgnomebreakpad.so)
>    by 0x3528641A18: g_logv (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0x3528641DB2: g_log (in /lib64/libglib-2.0.so.0.2000.4)
>    by 0x13D5BA3D: maildir_summary_sync (camel-maildir-summary.c:809)
>    by 0x13D4FAF6: local_sync (camel-local-folder.c:517)
>    by 0x63F4FB0: camel_folder_sync (camel-folder.c:324)
>    by 0xF73EC6C: refresh_folders_exec (mail-send-recv.c:828)
>    by 0xF7390EE: mail_msg_proxy (mail-mt.c:520)
>    by 0x3528661F31: (within /lib64/libglib-2.0.so.0.2000.4)
>    by 0x3528660933: (within /lib64/libglib-2.0.so.0.2000.4)

Note You need to log in before you can comment on or make changes to this bug.