GNOME Bugzilla – Bug 257930
Evolution 1.5.7 crash in libgtkhtml-3 fuction consumes all swap space
Last modified: 2009-11-27 05:03:53 UTC
Description of Problem: Evolution mail stops responding to input while writing a new email and then consumes all available swap space (~2Gb on this system) until the process is killed. Everything operates fine the next time it is started (including the saved copy of the email I was writing). Crash occurs with no apparent trigger from me, I am typing in a new email body (no html or links in the body area I am typing). Each time I can remember no special keystrokes or commands being used near when the crash symptoms start. Automatic mail retrieval could be occuring at the time. Steps to reproduce the problem: -- Cannot be reproduced on demand -- 1. Open mailer, create new mail on pop3 account 2. Write email body Actual Results: Evolution is incapable of shutting down on its own, all windows stop responding and refreshing. How often does this happen? Frequently, it has been 3 times in 8 days of running this version. Additional Information: This is the first time I have captured any info about the problem. If additional info is needed I can run ev on top of gdb until it occurs again, but I do not know what other output from gdb would be beneficial (make requests). - lmorgul on irc.freenode.net gdb attached to the process after the crash began, bt below. (gdb) bt
+ Trace 46555
8 Thread 38087600 (LWP 1071) 0x0047041a in ?? () 7 Thread 57920432 (LWP 1072) 0x0047041a in ?? () 6 Thread 85064624 (LWP 1074) 0x0047041a in ?? () 5 Thread 123546544 (LWP 1075) 0x0047041a in ?? () 4 Thread 1436294064 (LWP 1077) 0x0047041a in ?? () 3 Thread 1446783920 (LWP 1243) 0x0047041a in ?? () 2 Thread 1457273776 (LWP 1247) 0x0047041a in ?? () 1 Thread -150813056 (LWP 1067) 0x00381b22 in html_link_dup () from /usr/lib/libgtkhtml-3.1.so.7 (gdb) info frame Stack level 0, frame at 0xfeef19a0: eip = 0x381b22 in html_link_dup; saved eip 0x36da98 called by frame at 0xfeef19b0 Arglist at 0xfeef1998, args: Locals at 0xfeef1998, Previous frame's sp is 0xfeef19a0 Saved registers: ebp at 0xfeef1998, eip at 0xfeef199c
I suggest trying the newer snapshots. The backtrace unfortunatelly doesn't say much. It looks like it crashed there only because the system run out of memory and there's memory allocated in html_link_dup (g_strdup) :(
*** bug 267970 has been marked as a duplicate of this bug. ***
I am able to reproduce this bug about twice a day in the latest evolution snapshot from SuSE Linux 10.0 Preview 3 (evolution-2.3.3, ) and AMD64 processor. Note that I am not able to provide backtrace due to bug-buddy problem - it has no limit for backtrace size and is not able to complete backtrace in a reasonable time (one hour).
If you could provide some steps or actions which were done, just before the hang occurs, it would be really useful.
There are more backtraces in Novel Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=100135
It seems that this problem was fixed as a side effect of UI redesign: https://bugzilla.novell.com/show_bug.cgi?id=127570
*** Bug 492748 has been marked as a duplicate of this bug. ***
Re-opening the bug because of duplicate. I also agree with Stanislav that this is still no fixed, though the frequency has reduced much. However, it appears in 2.12.x as well.
It just happend again. Below seemingly useless backtraces for Ubuntu 7.10. Should see if I can get more debug symbols: (gdb) thread 1 [Switching to thread 1 (Thread -1233316176 (LWP 7034))]#0 0xffffe410 in __kernel_vsyscall () (gdb) backtrace
+ Trace 174787
Guess I've got something more meaningfull this time, indicating a problem in html_object_dup or the undo manager:
+ Trace 175051
I haven't used Evolution in over 2 years, but when this was originally reported this error could regularly be backtraced with the hardlockup happening in or near html_object_dup or html_link_dup. It happened whether editing html mail or not (I usually worked in only text mail without typing links, but the app may really be treating that as an html document internally anyway I'm not sure). Anyway, I just wanted to say it was normal for those two functions to show up in the last frames of the backtrace, when the machine was graphically locked up but could still be accessed through ssh.
Ok, there is only one instance of g_list_copy in the copy method of HtmlText: dest->spell_errors = g_list_copy (src->spell_errors); Yes, I had and have unrecognized words in my mail, so for my case the source of pain seems to be a corrupted list of spelling errors? How does spell checking work in Evolution? Per idle handler or per thread? Sure spell checking cannot interrupt any editing operations meant to be atomic? Disabling spell checking for now to see if this has an effect.
I don't know, how it happens in Evolution. But from user perspective, this bug occurs probably only if two threads are running at once. I am nearly sure, that it happens if "checking new mail while typing" and maybe also "still checking spelling of previous word while next word is complete".
Possibly fixed in bug #495073.
(In reply to comment #14) > Possibly fixed in bug #495073. > Can you please check again whether this issue still happens in Evolution 2.24 or 2.26 and update this report by adding a comment and changing the "Version" field? Thanks a lot. Again thank you for reporting this bug and we are sorry it could not be fixed for the version you originally used here.
It seems that it was fixed sometimes in GNOME 2.22 release cycle and backported to GNOME 2.20. Please follow: bug 495073 http://bugzilla.redhat.com/show_bug.cgi?id=353121 https://bugzilla.novell.com/show_bug.cgi?id=100135 (Novell internal)
Thanks for taking the time to report this bug; however, closing due to lack of response of the reporter, sorry. if you still see this issue with a current release of evolution (2.26.3 or 2.28.x or later), please reopen. thanks in advance.