Bug 313703 – Evolution crash - When running LDTP automation script continously

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 313703 - Evolution crash - When running LDTP automation script continously


Summary:	Evolution crash - When running LDTP automation script continously


Status:	RESOLVED FIXED

Product:	atk
Classification:	Platform
Component:	gail
Version:	1.8.x
Hardware:	Other Linux

Importance:	High normal
Target Milestone:	---
Assigned To:	bill.haneman
QA Contact:	bill.haneman

URL:
Whiteboard:

Duplicates:	348225 356130 (view as bug list)
Depends on:
Blocks:

Reported:	2005-08-17 09:39 UTC by Nagappan Alagappan
Modified:	2006-09-15 14:23 UTC

See Also:
GNOME target:	---
GNOME version:	2.9/2.10

Attachments
Proposed patch (2.87 KB, patch) 2005-08-18 15:19 UTC, Rodrigo Moya	none	Details \| Review
With proposed patch evolution crashes, but little later (65.10 KB, text/plain) 2005-08-18 15:22 UTC, Nagappan Alagappan		Details
Patch fixes the gailbutton crash (721 bytes, patch) 2005-08-22 15:05 UTC, Nagappan Alagappan	none	Details \| Review
Patch fixes the gailmenuitem crash (781 bytes, patch) 2005-08-22 15:08 UTC, Nagappan Alagappan	none	Details \| Review
gailbutton patch, diff with -Nup option (1.27 KB, patch) 2005-08-22 15:21 UTC, Nagappan Alagappan	none	Details \| Review
gailmenuitem patch, diff with -Nup option (1.47 KB, patch) 2005-08-22 15:23 UTC, Nagappan Alagappan	none	Details \| Review
Random crash in gail after applying the patch. Unable to reproduce the crash, with the same steps (115.97 KB, text/plain) 2005-08-23 13:43 UTC, Nagappan Alagappan		Details
Proposed patch that takes care of both the scenarios (gailbutton before and after initial patch) (2.43 KB, patch) 2005-08-23 18:49 UTC, Veerapuram Varadhan	none	Details \| Review
Gedit crashed (117.69 KB, text/plain) 2005-09-26 08:11 UTC, Nagappan Alagappan		Details
Gail button crash (117.33 KB, text/plain) 2005-10-19 09:46 UTC, Nagappan Alagappan		Details
updated gailbutton patch based on latest gail (2.39 KB, patch) 2006-04-07 10:10 UTC, Nagappan Alagappan	none	Details \| Review
updated gailmenuitem patch based on latest gail (1.11 KB, patch) 2006-04-07 10:11 UTC, Nagappan Alagappan	committed	Details \| Review
patch to fix this bug (2.35 KB, patch) 2006-05-19 10:04 UTC, Li Yuan	committed	Details \| Review

Description Nagappan Alagappan 2005-08-17 09:39:36 UTC

Distribution/Version: SuSE 9.3

1. When running evolution automation script using LDTP, evolution crash.

Additional info:
When checking the stack trace it happens because of gail library. I checked with
evolution accessibility developers, and they have also confirmed the same.

Crash 1:
Backtrace was generated from '/opt/gnome/bin/evolution-2.4'

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 1098144576 (LWP 12294)]
[New Thread 1123031984 (LWP 12343)]
[Thread debugging using libthread_db enabled]
[New Thread 1098144576 (LWP 12294)]
[New Thread 1123031984 (LWP 12343)]
[New Thread 1120574384 (LWP 12318)]
[New Thread 1118473136 (LWP 12316)]
[New Thread 1115777968 (LWP 12314)]
[New Thread 1113676720 (LWP 12313)]
[New Thread 1110825904 (LWP 12305)]
[New Thread 1108638640 (LWP 12304)]
[Thread debugging using libthread_db enabled]
[New Thread 1098144576 (LWP 12294)]
[New Thread 1123031984 (LWP 12343)]
0xffffe410 in ?? ()

+ Trace 62487

Thread 1 (Thread 1098144576 (LWP 12294))

#0 ??
#1 ??
#2 ??
#3 ??
#4 __waitpid_nocancel
from /lib/tls/libpthread.so.0
#5 gnome_init_with_popt_table
from /opt/gnome/lib/libgnomeui-2.so.0
#6 segv_redirect
at main.c line 424
#7 <signal handler called>
#8 g_type_check_instance_cast
from /opt/gnome/lib/libgobject-2.0.so.0
#9 gail_button_notify_label_gtk
at gailbutton.c line 382
#10 g_cclosure_marshal_VOID__PARAM
from /opt/gnome/lib/libgobject-2.0.so.0
#11 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#12 g_signal_chain_from_overridden
from /opt/gnome/lib/libgobject-2.0.so.0
#13 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#14 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#15 g_object_class_override_property
from /opt/gnome/lib/libgobject-2.0.so.0
#16 g_enum_register_static
from /opt/gnome/lib/libgobject-2.0.so.0
#17 g_object_notify
from /opt/gnome/lib/libgobject-2.0.so.0
#18 gtk_widget_hide
at gtkwidget.c line 2099
#19 gtk_widget_dispose
at gtkwidget.c line 6487
#20 g_object_unref
from /opt/gnome/lib/libgobject-2.0.so.0
#21 gtk_tool_button_finalize
at gtktoolbutton.c line 485
#22 g_object_unref
from /opt/gnome/lib/libgobject-2.0.so.0
#23 g_object_run_dispose
from /opt/gnome/lib/libgobject-2.0.so.0
#24 gtk_object_destroy
at gtkobject.c line 362
#25 gtk_widget_destroy
at gtkwidget.c line 1958
#26 gtk_toolbar_forall
at gtktoolbar.c line 2437
#27 gtk_container_foreach
at gtkcontainer.c line 1292
#28 gtk_container_destroy
at gtkcontainer.c line 829
#29 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#30 g_closure_ref
from /opt/gnome/lib/libgobject-2.0.so.0
#31 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#32 g_signal_chain_from_overridden
from /opt/gnome/lib/libgobject-2.0.so.0
#33 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#34 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#35 gtk_object_dispose
at gtkobject.c line 377
#36 gtk_widget_dispose
at gtkwidget.c line 6493
#37 g_object_run_dispose
from /opt/gnome/lib/libgobject-2.0.so.0
#38 gtk_object_destroy
at gtkobject.c line 362
#39 gtk_widget_destroy
at gtkwidget.c line 1958
#40 bonobo_dock_new
from /opt/gnome/lib/libbonoboui-2.so.0
#41 gtk_container_foreach
at gtkcontainer.c line 1292
#42 gtk_container_destroy
at gtkcontainer.c line 829
#43 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#44 g_closure_ref
from /opt/gnome/lib/libgobject-2.0.so.0
#45 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#46 g_signal_chain_from_overridden
from /opt/gnome/lib/libgobject-2.0.so.0
#47 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#48 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#49 gtk_object_dispose
at gtkobject.c line 377
#50 gtk_widget_dispose
at gtkwidget.c line 6493
#51 g_object_run_dispose
from /opt/gnome/lib/libgobject-2.0.so.0
#52 gtk_object_destroy
at gtkobject.c line 362
#53 gtk_widget_destroy
at gtkwidget.c line 1958
#54 bonobo_dock_band_new
from /opt/gnome/lib/libbonoboui-2.so.0
#55 gtk_container_foreach
at gtkcontainer.c line 1292
#56 gtk_container_destroy
at gtkcontainer.c line 829
#57 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#58 g_closure_ref
from /opt/gnome/lib/libgobject-2.0.so.0
#59 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#60 g_signal_chain_from_overridden
from /opt/gnome/lib/libgobject-2.0.so.0
#61 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#62 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#63 gtk_object_dispose
at gtkobject.c line 377
#64 gtk_widget_dispose
at gtkwidget.c line 6493
#65 g_object_run_dispose
from /opt/gnome/lib/libgobject-2.0.so.0
#66 gtk_object_destroy
at gtkobject.c line 362
#67 gtk_widget_destroy
at gtkwidget.c line 1958
#68 bonobo_dock_get_client_area
from /opt/gnome/lib/libbonoboui-2.so.0
#69 bonobo_dock_new
from /opt/gnome/lib/libbonoboui-2.so.0
#70 gtk_container_foreach
at gtkcontainer.c line 1292
#71 gtk_container_destroy
at gtkcontainer.c line 829
#72 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#73 g_closure_ref
from /opt/gnome/lib/libgobject-2.0.so.0
#74 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#75 g_signal_chain_from_overridden
from /opt/gnome/lib/libgobject-2.0.so.0
#76 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#77 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#78 gtk_object_dispose
at gtkobject.c line 377
#79 gtk_widget_dispose
at gtkwidget.c line 6493
#80 g_object_run_dispose
from /opt/gnome/lib/libgobject-2.0.so.0
#81 gtk_object_destroy
at gtkobject.c line 362
#82 gtk_widget_destroy
at gtkwidget.c line 1958
#83 gtk_box_forall
at gtkbox.c line 702
#84 gtk_container_foreach
at gtkcontainer.c line 1292
#85 gtk_container_destroy
at gtkcontainer.c line 829
#86 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#87 g_closure_ref
from /opt/gnome/lib/libgobject-2.0.so.0
#88 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#89 g_signal_chain_from_overridden
from /opt/gnome/lib/libgobject-2.0.so.0
#90 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#91 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#92 gtk_object_dispose
at gtkobject.c line 377
#93 gtk_widget_dispose
at gtkwidget.c line 6493
#94 g_object_run_dispose
from /opt/gnome/lib/libgobject-2.0.so.0
#95 gtk_object_destroy
at gtkobject.c line 362
#96 gtk_widget_destroy
at gtkwidget.c line 1958
#97 gtk_bin_forall
at gtkbin.c line 166
#98 gtk_container_foreach
at gtkcontainer.c line 1292
#99 gtk_container_destroy
at gtkcontainer.c line 829
#100 gtk_window_destroy
at gtkwindow.c line 3754
#101 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#102 g_closure_ref
from /opt/gnome/lib/libgobject-2.0.so.0
#103 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#104 g_signal_chain_from_overridden
from /opt/gnome/lib/libgobject-2.0.so.0
#105 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#106 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#107 gtk_object_dispose
at gtkobject.c line 377
#108 gtk_widget_dispose
at gtkwidget.c line 6493
#109 gtk_window_dispose
at gtkwindow.c line 1742
#110 bonobo_window_remove_popup
from /opt/gnome/lib/libbonoboui-2.so.0
#111 impl_dispose
at e-shell-window.c line 773
#112 g_object_run_dispose
from /opt/gnome/lib/libgobject-2.0.so.0
#113 gtk_object_destroy
at gtkobject.c line 362
#114 gtk_widget_destroy
at gtkwidget.c line 1958
#115 e_shell_close_all_windows
at e-shell.c line 1050
#116 es_run_quit
at e-shell.c line 1329
#117 g_source_get_current_time
from /opt/gnome/lib/libglib-2.0.so.0
#118 g_main_context_dispatch
from /opt/gnome/lib/libglib-2.0.so.0
#119 g_main_context_acquire
from /opt/gnome/lib/libglib-2.0.so.0
#120 g_main_loop_run
from /opt/gnome/lib/libglib-2.0.so.0
#121 bonobo_main
from /opt/gnome/lib/libbonobo-2.so.0
#122 main
at main.c line 602
#0 ??

Comment 1 Nagappan Alagappan 2005-08-17 09:41:11 UTC

Crash 2:

Backtrace was generated from '/opt/gnome/bin/evolution-2.4'

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 1098144576 (LWP 8371)]
[New Thread 1127631792 (LWP 8422)]
[Thread debugging using libthread_db enabled]
[New Thread 1098144576 (LWP 8371)]
[New Thread 1127631792 (LWP 8422)]
[New Thread 1125530544 (LWP 8420)]
[New Thread 1123031984 (LWP 8401)]
[New Thread 1120930736 (LWP 8400)]
[New Thread 1118829488 (LWP 8386)]
[New Thread 1115421616 (LWP 8385)]
[New Thread 1113320368 (LWP 8383)]
[New Thread 1110825904 (LWP 8382)]
[New Thread 1108638640 (LWP 8381)]
[Thread debugging using libthread_db enabled]
[New Thread 1098144576 (LWP 8371)]
[New Thread 1127631792 (LWP 8422)]
0xffffe410 in ?? ()

+ Trace 62488

Thread 4 (Thread 1123031984 (LWP 8401))

#0 ??
#1 ??
#2 ??
#3 ??
#4 __lll_mutex_lock_wait
from /lib/tls/libpthread.so.0
#5 _L_mutex_lock_33
from /lib/tls/libpthread.so.0
#6 ??
#7 ??
#8 ??
from /opt/gnome/lib/evolution-data-server-1.2/camel-providers/libcamelgroupwise.so
#9 ??
#10 ??
#11 ??
#12 segv_redirect
at main.c line 433
#13 segv_redirect
at main.c line 433
#14 <signal handler called>
#15 camel_message_info_uint32
at camel-folder-summary.c line 2862
#16 groupwise_sync
at camel-groupwise-folder.c line 573
#17 groupwise_refresh_folder
at camel-groupwise-folder.c line 790
#18 groupwise_refresh_info
at camel-groupwise-folder.c line 749
#19 camel_folder_refresh_info
at camel-folder.c line 299
#20 refresh_folders_get
at mail-send-recv.c line 712
#21 mail_msg_received
at mail-mt.c line 556
#22 thread_received_msg
at e-msgport.c line 826
#23 thread_dispatch
at e-msgport.c line 907
#24 start_thread
from /lib/tls/libpthread.so.0
#25 clone
from /lib/tls/libc.so.6

Comment 2 bill.haneman 2005-08-17 09:56:28 UTC

Second trace looks like a different bug. (evolution bug).

Don't know about the first, could be in atk or evo.

Comment 3 jpremkumar 2005-08-17 11:16:43 UTC

When executing the Evolution automation scripts using LDTP, evolution crashes.
When the events performed in the script are performed manually, evolution does
not crash. Following is the trace got using gdb.

+ Trace 62491

Thread 3 (Thread 1114348464 (LWP 26127))

#0 ??
#1 ??
#2 ??
#3 ??
#4 pthread_cond_timedwait
from /lib/tls/libpthread.so.0
#5 _wapi_handle_check_share
from /usr/lib/libmono.so.0
#6 _wapi_handle_timedwait_signal_handle
from /usr/lib/libmono.so.0
#7 _wapi_handle_wait_signal_handle
from /usr/lib/libmono.so.0
#8 WaitForSingleObjectEx
from /usr/lib/libmono.so.0
#9 ves_icall_System_GC_WaitForPendingFinalizers
from /usr/lib/libmono.so.0
#10 ves_icall_System_Threading_Thread_Thread_internal
from /usr/lib/libmono.so.0
#11 _wapi_timed_thread_exit
from /usr/lib/libmono.so.0
#12 GC_start_routine
from /usr/lib/libmono.so.0
#13 start_thread
from /lib/tls/libpthread.so.0
#14 clone
from /lib/tls/libc.so.6

Thread 1 (Thread 1097948832 (LWP 26120))

#0 g_type_check_instance_cast
at gtype.c line 318
#1 gail_button_notify_label_gtk
at gailbutton.c line 382
#2 g_cclosure_marshal_VOID__PARAM
at gmarshal.c line 531
#3 g_closure_invoke
at gclosure.c line 437
#4 signal_emit_unlocked_R
at gsignal.c line 2488
#5 g_signal_emit_valist
at gsignal.c line 2247
#6 g_signal_emit
at gsignal.c line 2291
#7 g_object_dispatch_properties_changed
at gobject.c line 600
#8 g_object_notify_dispatcher
at gobject.c line 240
#9 g_object_notify
at gobjectnotifyqueue.c line 123
#10 gtk_widget_hide
at gtkwidget.c line 2099
#11 gtk_widget_dispose
at gtkwidget.c line 6487
#12 g_object_unref
at gobject.c line 565
#13 gtk_tool_button_finalize
at gtktoolbutton.c line 485
#14 g_object_unref
at gobject.c line 578
#15 g_object_run_dispose
at gobject.c line 611
#16 gtk_object_destroy
at gtkobject.c line 362
#17 gtk_widget_destroy
at gtkwidget.c line 1958
#18 gtk_toolbar_forall
at gtktoolbar.c line 2437
#19 gtk_container_foreach
at gtkcontainer.c line 1292
#20 gtk_container_destroy
at gtkcontainer.c line 829
#21 g_cclosure_marshal_VOID__VOID
at gmarshal.c line 77
#22 g_type_class_meta_marshal
at gclosure.c line 514
#23 g_closure_invoke
at gclosure.c line 437
#24 signal_emit_unlocked_R
at gsignal.c line 2604
#25 g_signal_emit_valist
#26 g_signal_emit
at gsignal.c line 2291
#27 gtk_object_dispose
at gtkobject.c line 377
#28 gtk_widget_dispose
at gtkwidget.c line 6493
#29 g_object_run_dispose
at gobject.c line 610
#30 gtk_object_destroy
at gtkobject.c line 362
#31 gtk_widget_destroy
at gtkwidget.c line 1958
#32 bonobo_dock_new
from /opt/gnome/lib/libbonoboui-2.so.0
#33 gtk_container_foreach
at gtkcontainer.c line 1292
#34 gtk_container_destroy
at gtkcontainer.c line 829
#35 g_cclosure_marshal_VOID__VOID
at gmarshal.c line 77
#36 g_type_class_meta_marshal
at gclosure.c line 514
#37 g_closure_invoke
at gclosure.c line 437
#38 signal_emit_unlocked_R
at gsignal.c line 2604
#39 g_signal_emit_valist
at gsignal.c line 2247
#40 g_signal_emit
at gsignal.c line 2291
#41 gtk_object_dispose
at gtkobject.c line 377
#42 gtk_widget_dispose
at gtkwidget.c line 6493
#43 g_object_run_dispose
at gobject.c line 610
#44 gtk_object_destroy
at gtkobject.c line 362
#45 gtk_widget_destroy
at gtkwidget.c line 1958
#46 bonobo_dock_band_new
from /opt/gnome/lib/libbonoboui-2.so.0
#47 gtk_container_foreach
at gtkcontainer.c line 1292
#48 gtk_container_destroy
at gtkcontainer.c line 829
#49 g_cclosure_marshal_VOID__VOID
at gmarshal.c line 77
#50 g_type_class_meta_marshal
at gclosure.c line 514
#51 g_closure_invoke
at gclosure.c line 437
#52 signal_emit_unlocked_R
at gsignal.c line 2604
#53 g_signal_emit_valist
at gsignal.c line 2247
#54 g_signal_emit
at gsignal.c line 2291
#55 gtk_object_dispose
at gtkobject.c line 377
#56 gtk_widget_dispose
at gtkwidget.c line 6493
#57 g_object_run_dispose
at gobject.c line 610
#58 gtk_object_destroy
at gtkobject.c line 362
#59 gtk_widget_destroy
at gtkwidget.c line 1958
#60 bonobo_dock_get_client_area
from /opt/gnome/lib/libbonoboui-2.so.0
#61 bonobo_dock_new
from /opt/gnome/lib/libbonoboui-2.so.0
#62 gtk_container_foreach
at gtkcontainer.c line 1292
#63 gtk_container_destroy
at gtkcontainer.c line 829
#64 g_cclosure_marshal_VOID__VOID
at gmarshal.c line 77
#65 g_type_class_meta_marshal
at gclosure.c line 514
#66 g_closure_invoke
at gclosure.c line 437
#67 signal_emit_unlocked_R
at gsignal.c line 2604
#68 g_signal_emit_valist
#69 g_signal_emit
at gsignal.c line 2291
#70 gtk_object_dispose
at gtkobject.c line 377
#71 gtk_widget_dispose
at gtkwidget.c line 6493
#72 g_object_run_dispose
at gobject.c line 610
#73 gtk_object_destroy
at gtkobject.c line 362
#74 gtk_widget_destroy
at gtkwidget.c line 1958
#75 gtk_box_forall
at gtkbox.c line 702
#76 gtk_container_foreach
at gtkcontainer.c line 1292
#77 gtk_container_destroy
at gtkcontainer.c line 829
#78 g_cclosure_marshal_VOID__VOID
at gmarshal.c line 77
#79 g_type_class_meta_marshal
at gclosure.c line 514
#80 g_closure_invoke
at gclosure.c line 437
#81 signal_emit_unlocked_R
at gsignal.c line 2604
#82 g_signal_emit_valist
at gsignal.c line 2247
#83 g_signal_emit
at gsignal.c line 2291
#84 gtk_object_dispose
at gtkobject.c line 377
#85 gtk_widget_dispose
at gtkwidget.c line 6493
#86 g_object_run_dispose
at gobject.c line 610
#87 gtk_object_destroy
at gtkobject.c line 362
#88 gtk_widget_destroy
at gtkwidget.c line 1958
#89 gtk_bin_forall
at gtkbin.c line 166
#90 gtk_container_foreach
at gtkcontainer.c line 1292
#91 gtk_container_destroy
at gtkcontainer.c line 829
#92 gtk_window_destroy
at gtkwindow.c line 3754
#93 destroy
at e-msg-composer.c line 2638
#94 g_cclosure_marshal_VOID__VOID
at gmarshal.c line 77
#95 g_type_class_meta_marshal
at gclosure.c line 514
#96 g_closure_invoke
at gclosure.c line 437
#97 signal_emit_unlocked_R
at gsignal.c line 2604
#98 g_signal_emit_valist
at gsignal.c line 2247
#99 g_signal_emit
at gsignal.c line 2291
#100 gtk_object_dispose
at gtkobject.c line 377
#101 gtk_widget_dispose
at gtkwidget.c line 6493
#102 gtk_window_dispose
at gtkwindow.c line 1742
#103 bonobo_window_remove_popup
from /opt/gnome/lib/libbonoboui-2.so.0
#104 composer_dispose
at e-msg-composer.c line 2537
#105 g_object_run_dispose
at gobject.c line 610
#106 gtk_object_destroy
at gtkobject.c line 362
#107 gtk_widget_destroy
at gtkwidget.c line 1958
#108 composer_send_queued_cb
at em-composer-utils.c line 203
#109 append_mail_appended
at mail-ops.c line 877
#110 mail_msgport_replied
at mail-mt.c line 447
#111 g_io_unix_dispatch
at giounix.c line 162
#112 g_main_context_dispatch
at gmain.c line 1934
#113 g_main_context_iterate
at gmain.c line 2565
#114 g_main_loop_run
at gmain.c line 2769
#115 bonobo_main
from /opt/gnome/lib/libbonobo-2.so.0
#116 main
at main.c line 602

Comment 4 Harry Lu 2005-08-18 06:37:13 UTC

I can reproduce the crash using LDTP's testcase. The trace is the same as the 
first one.

The third trace is amlost the same as the first one. The second trace looks 
like a evoluton internal bug not related to a11y.

The first one looks like a gailbutton's problem. In gail_button_init_textutil() 
of gailbutton.c, it connects to "notify" signal without g_object_ref the 
gailbutton. 
In gtkwidget.c's gtk_widget_dispose(), it calles gtk_widget_hide() which will 
send out the "notify" signal.
In gail_button_notify_label_gtk() of gailbutton.c, the data(button) might 
already be disposed and is a invalid pointer. So comes the crash.

I added g_object_ref (button) before connect to the signal in 
gail_button_init_textutil(). The testcase won't crash here anymore. But surely 
my fix is not the proper one. Gail maintainers should have a more clean and 
better way.

Comment 5 Harry Lu 2005-08-18 06:40:10 UTC

Now sometimes it crashes here:

+ Trace 62513

#0 ??
#1 ??
#2 ??
#3 ??
#4 __waitpid_nocancel
from /lib/tls/libpthread.so.0
#5 libgnomeui_segv_handle
from /home/garnome/gnome210/lib/libgnomeui-2.so.0
#6 segv_redirect
at main.c line 424
#7 <signal handler called>
#8 g_type_check_instance_is_a
from /home/garnome/gnome210/lib/libgobject-2.0.so.0
#9 atk_object_get_parent
from /home/garnome/gnome210/lib/libatk-1.0.so.0
#10 ensure_menus_unposted
at gailmenuitem.c line 326
#11 idle_do_action
at gailmenuitem.c line 371
#12 g_idle_dispatch
from /home/garnome/gnome210/lib/libglib-2.0.so.0
#13 g_main_context_dispatch
from /home/garnome/gnome210/lib/libglib-2.0.so.0
#14 g_main_context_iterate
from /home/garnome/gnome210/lib/libglib-2.0.so.0
#15 g_main_loop_run
from /home/garnome/gnome210/lib/libglib-2.0.so.0
#16 bonobo_main
from /home/garnome/gnome210/lib/libbonobo-2.so.0
#17 main
at main.c line 602


looks like a gailmenuitem problem.

Comment 6 Nagappan Alagappan 2005-08-18 07:13:08 UTC

Confirming the bug.

Comment 7 Harry Lu 2005-08-18 10:25:08 UTC

I added  g_object_ref (gail_menu_item) in gail_menu_item_do_action() before the 
line:
gail_menu_item->action_idle_handler = g_idle_add (idle_do_action, 
gail_menu_item);

Now evolution won't crash anymore. So this is the same reason as the first 
crash, the invalid pointer of a gobject.

Comment 8 bill.haneman 2005-08-18 11:40:57 UTC

I think the fix for the menu action problem may be straightforward.  Not so sure
about the first problem (in gailbutton).

Comment 9 Rodrigo Moya 2005-08-18 15:19:10 UTC

Created attachment 50918 [details] [review]
Proposed patch

Comment 10 Nagappan Alagappan 2005-08-18 15:22:35 UTC

Created attachment 50919 [details]
With proposed patch evolution crashes, but little later

I tried pasting the crash in comments, but it doesn't allow me, because the
total text size is more than the max allowed size. So attaching the crash.

Comment 11 Nagappan Alagappan 2005-08-22 15:05:59 UTC

Created attachment 51125 [details] [review]
Patch fixes the gailbutton crash

Patch from Varadhan <vvaradhan@novell.com>. Verified with LDTP.

Bill: weak_unref has to be called.

Comment 12 Nagappan Alagappan 2005-08-22 15:08:11 UTC

Created attachment 51126 [details] [review]
Patch fixes the gailmenuitem crash

Patch from Rodrigo <rodrigo@novell.com>.

Comment 13 bill.haneman 2005-08-22 15:12:08 UTC

Nagappan: what did your comment about weak_unref mean in #11 above?  I see that
the patch inserts a call to weak_ref, are you saying that the patch is
incomplete, i.e. that weak_unref needs to be called at the appropriate part of
the lifecycle?

Comment 14 Veerapuram Varadhan 2005-08-22 15:16:05 UTC

Bill: I think he meant w.r.t rodrigo's patch that uses g_object_ref, that, doing
g_object_ref actually doesn't solve the first crash. 

Anyway leaving it to Nags to explain it further.

Nags: Also, can you repost the patch in unified diff format. Use -Nup switch
while generating patches.

Comment 15 Nagappan Alagappan 2005-08-22 15:18:40 UTC

Bill: Yes we need to call weak_unref at the appropriate part :)

Varadhan: Thanks for giving me a hint. I will attach the patch.

Comment 16 Nagappan Alagappan 2005-08-22 15:21:53 UTC

Created attachment 51127 [details] [review]
gailbutton patch, diff with -Nup option

Comment 17 Nagappan Alagappan 2005-08-22 15:23:00 UTC

Created attachment 51128 [details] [review]
gailmenuitem patch, diff with -Nup option

Comment 18 Veerapuram Varadhan 2005-08-22 15:25:20 UTC

Nags, Bill: The patch doesn't call weak_unref as the intention of the fix is to
"disconnect" the notify signal callback whenever, the associated gailbutton
object gets finalized.  So, in this scenario, I don't think we would need to
call weak_unref, ever. Correct me if I am wrong? :)

Comment 19 bill.haneman 2005-08-22 19:16:41 UTC

Veerapuram: I think you are right, there is no need to call weak_unref.

Comment 20 Nagappan Alagappan 2005-08-23 05:43:35 UTC

Bill: So both these patches are fine ? Or anything needs to be modified ?

Comment 21 Nagappan Alagappan 2005-08-23 13:43:28 UTC

Created attachment 51189 [details]
Random crash in gail after applying the patch. Unable to reproduce the crash, with the same steps

Comment 22 bill.haneman 2005-08-23 14:21:48 UTC

Looks like patch is not ready yet.

Comment 23 Veerapuram Varadhan 2005-08-23 16:15:25 UTC

Nags, Bill: As per the log, the crash occurs in "GTK_IS_WIDGET (data)", which
means that the "data" pointer (which is a GtkLabel in our case) has been
disposed off, before the GailButton object, which to me appears to be a memory
corruption.  This can easily be worked-around by getting a weak_ref on that
label object and handling it appropriately in the weak_ref_notify of that label.
 I have a patch for it, however, not sure whether we in gail are suppose to
handle it.

If its ok, will attach the patch shortly.

Comment 24 Veerapuram Varadhan 2005-08-23 18:49:06 UTC

Created attachment 51213 [details] [review]
Proposed patch that takes care of both the scenarios (gailbutton before and after initial patch)

Ok, this is what it does.  The *new* crash happened because of the arugment
"data" carried a pointer to a "disposed" GtkLabel object.  So, this patch will
define a weak_ref to the label widget as well as the gailbutton object.  When
any of the weak_ref is called, the other weak_ref is weak_unreffed, thereby
avoiding the other weak_ref to be called.

Well, though this patch works fine, I see a very nasty work-around being done
here.  Or, is this the way it should be handled?

Though I could think off another fix that would be lot cleaner than this. 
Like, if GailButton structure has a member that has an active reference of the
GtkLabel, that we use in gail_button_init_textutil() and in the finalize()
function of GailButton, just do a g_signal_handlers_disconnect_by_func() on
that label and unref it.  Will test this tmrw and post a patch, if this is
okay.

Comment 25 Veerapuram Varadhan 2005-08-24 17:56:58 UTC

I don't think the other solution mentioned in the later part of #24 will be a
good idea as the whole purpose of maintaining an extra reference to keep that
GtkLabel object live is to disconnect its notify handler in the finalize method
of GailButton.

@Bill: Any suggestions/comments?

Comment 26 Nagappan Alagappan 2005-09-20 09:41:10 UTC

Without installing the patch in this bug: I'm getting this crash... Trace looks
better. So adding to the bug.

Backtrace was generated from '/opt/gnome/bin/evolution'

Using host libthread_db library "/lib/tls/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread 1096982240 (LWP 14353)]
[New Thread 1241340848 (LWP 14948)]
[Thread debugging using libthread_db enabled]
[New Thread 1096982240 (LWP 14353)]
[New Thread 1241340848 (LWP 14948)]
[Thread debugging using libthread_db enabled]
[New Thread 1096982240 (LWP 14353)]
[New Thread 1241340848 (LWP 14948)]
[New Thread 1241074608 (LWP 14947)]
[New Thread 1200626608 (LWP 14373)]
[New Thread 1198525360 (LWP 14369)]
[New Thread 1194191792 (LWP 14368)]
[New Thread 1192090544 (LWP 14366)]
[New Thread 1189989296 (LWP 14365)]
[New Thread 1187888048 (LWP 14363)]
[New Thread 1147308976 (LWP 14359)]
[New Thread 1144814512 (LWP 14358)]
0xffffe410 in __kernel_vsyscall ()

+ Trace 63102

Thread 1 (Thread 1096982240 (LWP 14353))

#0 __kernel_vsyscall
#1 __waitpid_nocancel
from /lib/tls/libpthread.so.0
#2 libgnomeui_module_info_get
from /opt/gnome/lib/libgnomeui-2.so.0
#3 segv_redirect
at main.c line 424
#4 <signal handler called>
#5 g_type_check_instance_cast
from /opt/gnome/lib/libgobject-2.0.so.0
#6 gail_button_new
from /opt/gnome/lib/gtk-2.0/modules/libgail.so
#7 g_cclosure_marshal_VOID__PARAM
from /opt/gnome/lib/libgobject-2.0.so.0
#8 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#9 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#10 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#11 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#12 g_object_interface_list_properties
from /opt/gnome/lib/libgobject-2.0.so.0
#13 g_object_type_init
from /opt/gnome/lib/libgobject-2.0.so.0
#14 g_object_notify
from /opt/gnome/lib/libgobject-2.0.so.0
#15 gtk_widget_hide
at gtkwidget.c line 2136
#16 gtk_widget_dispose
at gtkwidget.c line 6650
#17 g_object_unref
from /opt/gnome/lib/libgobject-2.0.so.0
#18 gtk_tool_button_finalize
at gtktoolbutton.c line 517
#19 g_object_unref
from /opt/gnome/lib/libgobject-2.0.so.0
#20 gtk_widget_unref
at gtkwidget.c line 7105
#21 bonobo_ui_container_get_engine
from /opt/gnome/lib/libbonoboui-2.so.0
#22 bonobo_ui_engine_prune_widget_info
from /opt/gnome/lib/libbonoboui-2.so.0
#23 g_cclosure_marshal_VOID__POINTER
from /opt/gnome/lib/libgobject-2.0.so.0
#24 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#25 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#26 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#27 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#28 bonobo_ui_xml_set_watch_fn
from /opt/gnome/lib/libbonoboui-2.so.0
#29 bonobo_ui_xml_set_watch_fn
from /opt/gnome/lib/libbonoboui-2.so.0
#30 bonobo_ui_xml_set_watch_fn
from /opt/gnome/lib/libbonoboui-2.so.0
#31 bonobo_ui_xml_rm
from /opt/gnome/lib/libbonoboui-2.so.0
#32 bonobo_ui_engine_xml_rm
from /opt/gnome/lib/libbonoboui-2.so.0
#33 bonobo_ui_engine_deregister_component
from /opt/gnome/lib/libbonoboui-2.so.0
#34 bonobo_ui_container_get_type
from /opt/gnome/lib/libbonoboui-2.so.0
#35 _ORBIT_skel_small_Bonobo_UIContainer_deregisterComponent
from /opt/gnome/lib/libbonobo-2.so.0
#36 ORBit_c_stub_invoke
from /opt/gnome/lib/libORBit-2.so.0
#37 Bonobo_UIContainer_deregisterComponent
from /opt/gnome/lib/libbonobo-2.so.0
#38 bonobo_ui_component_unset_container
from /opt/gnome/lib/libbonoboui-2.so.0
#39 control_activate_cb
at addressbook-view.c line 486
#40 g_cclosure_marshal_VOID__BOOLEAN
from /opt/gnome/lib/libgobject-2.0.so.0
#41 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#42 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#43 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#44 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#45 bonobo_control_get_remote_ui_container
from /opt/gnome/lib/libbonoboui-2.so.0
#46 _ORBIT_skel_small_Bonobo_Control_activate
from /opt/gnome/lib/libbonobo-2.so.0
#47 ORBit_c_stub_invoke
from /opt/gnome/lib/libORBit-2.so.0
#48 Bonobo_Control_activate
from /opt/gnome/lib/libbonobo-2.so.0
#49 bonobo_control_frame_control_deactivate
from /opt/gnome/lib/libbonoboui-2.so.0
#50 component_view_deactivate
at e-shell-window.c line 167
#51 sidebar_button_selected_callback
at e-shell-window.c line 295
#52 g_cclosure_marshal_VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#53 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#54 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#55 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#56 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#57 button_toggled_callback
at e-sidebar.c line 159
#58 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#59 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#60 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#61 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#62 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#63 gtk_toggle_button_toggled
at gtktogglebutton.c line 342
#64 gtk_toggle_button_clicked
at gtktogglebutton.c line 475
#65 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#66 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#67 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#68 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#69 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#70 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#71 gtk_button_clicked
at gtkbutton.c line 834
#72 gtk_toggle_button_released
at gtktogglebutton.c line 462
#73 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#74 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#75 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#76 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#77 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#78 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#79 gtk_button_released
at gtkbutton.c line 826
#80 gtk_button_button_release
at gtkbutton.c line 1262
#81 _gtk_marshal_BOOLEAN__BOXED
at gtkmarshalers.c line 83
#82 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#83 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#84 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#85 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#86 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#87 gtk_widget_event_internal
at gtkwidget.c line 3735
#88 gtk_propagate_event
at gtkmain.c line 2161
#89 gtk_main_do_event
at gtkmain.c line 1398
#90 gdk_event_dispatch
at gdkevents-x11.c line 2292
#91 g_main_context_dispatch
from /opt/gnome/lib/libglib-2.0.so.0
#92 g_main_context_check
from /opt/gnome/lib/libglib-2.0.so.0
#93 g_main_loop_run
from /opt/gnome/lib/libglib-2.0.so.0
#94 bonobo_main
from /opt/gnome/lib/libbonobo-2.so.0
#95 main
at main.c line 602
#0 __kernel_vsyscall

Comment 27 Nagappan Alagappan 2005-09-26 08:11:59 UTC

Created attachment 52660 [details]
Gedit crashed

Unable to paste the crash log in bugzilla due to size limit, so attaching the
stack trace.

Comment 28 Nagappan Alagappan 2005-10-19 09:46:02 UTC

Created attachment 53645 [details]
Gail button crash

Comment 29 Nagappan Alagappan 2005-12-02 14:25:04 UTC

Bill: Based on the new comits done by Michael Meeks on 2005-11-22 in
gailmenuitem.c, do I need to take the propose gailmenuitem patch from this bug ?

Comment 30 bill.haneman 2005-12-02 15:26:38 UTC

Hi Nags,

I really don't know; this bug has gotten too messy to make much sense of.  Can
you go through the patches and mark the obsolete ones, etc.?  Not sure if I
should be looking at more than the last one.  I suppose you should re-gen the
patch against HEAD as well, if the changes haven't made it in via Michael's commit.

Comment 31 Karsten Bräckelmann 2006-03-18 02:08:01 UTC

Bug 319299 and bug 327159 do look like duplicates of this one, especially matching the last stacktrace. Can you please have a closer look at them?

Comment 32 Nagappan Alagappan 2006-04-07 10:10:50 UTC

Created attachment 62902 [details] [review]
updated gailbutton patch based on latest gail

Comment 33 Nagappan Alagappan 2006-04-07 10:11:58 UTC

Created attachment 62903 [details] [review]
updated gailmenuitem patch based on latest gail

Comment 34 padraig.obriain 2006-05-17 09:45:45 UTC

The only comment I have on the gailbutton patch is that 
GAIL_BUTTON (ATK_OBJECT (data)) should be GAIL_BUTTON (data) and
G_OBJECT (ATK_OBJECT (data)) should be G_OBJECT (data)

Why is the gailmenuitem patch necessary?

Comment 35 Li Yuan 2006-05-17 10:15:15 UTC

Please take a look at backtrace on comments #5, it may crash in gailmenuitem.

Comment 36 Li Yuan 2006-05-19 10:04:38 UTC

Created attachment 65813 [details] [review]
patch to fix this bug

Comment 37 Nagappan Alagappan 2006-07-25 10:54:56 UTC

*** Bug 348225 has been marked as a duplicate of this bug. ***

Comment 38 André Klapper 2006-08-28 22:29:44 UTC

patch committed
( http://cvs.gnome.org/viewcvs/gail/gail/gailbutton.c?r1=1.76&r2=1.77 ),
can we close this? nags, sun folks?

Comment 39 Nagappan Alagappan 2006-08-29 06:01:34 UTC

Andre: gailmenuitem patch is pending. Once that is fixed, then we can close this bug.

Comment 40 Karsten Bräckelmann 2006-09-15 14:23:58 UTC

*** Bug 356130 has been marked as a duplicate of this bug. ***