GNOME Bugzilla – Bug 534125
Evolution-exchange crashed on startup
Last modified: 2008-10-20 12:52:07 UTC
Steps to reproduce: I wasn't able to reproduce it; it worked next time. What I did was start evolution. I was running evo-exchange under valgrind looking for a problem with LDAP. I saw a number of error messages on the lower message bar about not being able to connect to the exchange server. After a minute or two evolution-exchange took a SEGV. Stack trace: Since I was running under valgrind I don't have a core dump. However, I do have the valgrind output, as follows: ==00:00:01:03.401 9849== ==00:00:01:03.401 9849== Invalid read of size 4 ==00:00:01:03.402 9849== at 0x4354159: icalproperty_new_clone (icalproperty.c:140) ==00:00:01:03.402 9849== by 0x434AC6A: icalcomponent_new_clone (icalcomponent.c:199) ==00:00:01:03.402 9849== by 0x807DAA9: save_object (e-cal-backend-exchange.c:256) ==00:00:01:03.402 9849== by 0x501A632: g_hash_table_foreach (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.402 9849== by 0x807DB78: timeout_save_cache (e-cal-backend-exchange.c:279) ==00:00:01:03.402 9849== by 0x5028335: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.402 9849== by 0x5027BF7: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.402 9849== by 0x502AE5D: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.402 9849== by 0x502B1E6: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.402 9849== by 0x4E19A92: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0) ==00:00:01:03.402 9849== by 0x805BC6E: main (main.c:238) ==00:00:01:03.402 9849== Address 0xa1e1d28 is 24 bytes inside a block of size 32 free'd ==00:00:01:03.402 9849== at 0x402265C: free (vg_replace_malloc.c:323) ==00:00:01:03.402 9849== by 0x43544B1: icalproperty_free (icalproperty.c:254) ==00:00:01:03.402 9849== by 0x434AD8A: icalcomponent_free (icalcomponent.c:240) ==00:00:01:03.402 9849== by 0x8081676: free_exchange_comp (e-cal-backend-exchange.c:1966) ==00:00:01:03.402 9849== by 0x501ABD3: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.402 9849== by 0x501B2F7: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.402 9849== by 0x807E6A2: e_cal_backend_exchange_in_cache (e-cal-backend-exchange.c:546) ==00:00:01:03.402 9849== by 0x8073D0F: get_changed_events (e-cal-backend-exchange-calendar.c:396) ==00:00:01:03.402 9849== by 0x504FA6E: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.402 9849== by 0x50A64FA: start_thread (in /lib/tls/i686/cmov/libpthread-2.7.so) ==00:00:01:03.402 9849== by 0x518FE5D: clone (in /lib/tls/i686/cmov/libc-2.7.so) ==00:00:01:03.428 9849== ==00:00:01:03.428 9849== Invalid read of size 4 ==00:00:01:03.428 9849== at 0x4354163: icalproperty_new_clone (icalproperty.c:141) ==00:00:01:03.428 9849== by 0x434AC6A: icalcomponent_new_clone (icalcomponent.c:199) ==00:00:01:03.428 9849== by 0x807DAA9: save_object (e-cal-backend-exchange.c:256) ==00:00:01:03.428 9849== by 0x501A632: g_hash_table_foreach (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x807DB78: timeout_save_cache (e-cal-backend-exchange.c:279) ==00:00:01:03.429 9849== by 0x5028335: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x5027BF7: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x502AE5D: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x502B1E6: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x4E19A92: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0) ==00:00:01:03.429 9849== by 0x805BC6E: main (main.c:238) ==00:00:01:03.429 9849== Address 0xa1e1d28 is 24 bytes inside a block of size 32 free'd ==00:00:01:03.429 9849== at 0x402265C: free (vg_replace_malloc.c:323) ==00:00:01:03.429 9849== by 0x43544B1: icalproperty_free (icalproperty.c:254) ==00:00:01:03.429 9849== by 0x434AD8A: icalcomponent_free (icalcomponent.c:240) ==00:00:01:03.429 9849== by 0x8081676: free_exchange_comp (e-cal-backend-exchange.c:1966) ==00:00:01:03.429 9849== by 0x501ABD3: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x501B2F7: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x807E6A2: e_cal_backend_exchange_in_cache (e-cal-backend-exchange.c:546) ==00:00:01:03.429 9849== by 0x8073D0F: get_changed_events (e-cal-backend-exchange-calendar.c:396) ==00:00:01:03.429 9849== by 0x504FA6E: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x50A64FA: start_thread (in /lib/tls/i686/cmov/libpthread-2.7.so) ==00:00:01:03.429 9849== by 0x518FE5D: clone (in /lib/tls/i686/cmov/libc-2.7.so) ==00:00:01:03.491 9849== ==00:00:01:03.428 9849== Invalid read of size 4 ==00:00:01:03.428 9849== at 0x4354163: icalproperty_new_clone (icalproperty.c:141) ==00:00:01:03.428 9849== by 0x434AC6A: icalcomponent_new_clone (icalcomponent.c:199) ==00:00:01:03.428 9849== by 0x807DAA9: save_object (e-cal-backend-exchange.c:256) ==00:00:01:03.428 9849== by 0x501A632: g_hash_table_foreach (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x807DB78: timeout_save_cache (e-cal-backend-exchange.c:279) ==00:00:01:03.429 9849== by 0x5028335: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x5027BF7: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x502AE5D: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x502B1E6: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x4E19A92: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0) ==00:00:01:03.429 9849== by 0x805BC6E: main (main.c:238) ==00:00:01:03.429 9849== Address 0xa1e1d28 is 24 bytes inside a block of size 32 free'd ==00:00:01:03.429 9849== at 0x402265C: free (vg_replace_malloc.c:323) ==00:00:01:03.429 9849== by 0x43544B1: icalproperty_free (icalproperty.c:254) ==00:00:01:03.429 9849== by 0x434AD8A: icalcomponent_free (icalcomponent.c:240) ==00:00:01:03.429 9849== by 0x8081676: free_exchange_comp (e-cal-backend-exchange.c:1966) ==00:00:01:03.429 9849== by 0x501ABD3: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x501B2F7: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x807E6A2: e_cal_backend_exchange_in_cache (e-cal-backend-exchange.c:546) ==00:00:01:03.429 9849== by 0x8073D0F: get_changed_events (e-cal-backend-exchange-calendar.c:396) ==00:00:01:03.429 9849== by 0x504FA6E: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.429 9849== by 0x50A64FA: start_thread (in /lib/tls/i686/cmov/libpthread-2.7.so) ==00:00:01:03.429 9849== by 0x518FE5D: clone (in /lib/tls/i686/cmov/libc-2.7.so) ==00:00:01:03.491 9849== ==00:00:01:03.491 9849== Invalid read of size 4 ==00:00:01:03.491 9849== at 0x4362F0E: icalvalue_new_clone (icalvalue.c:104) ==00:00:01:03.492 9849== by 0x435416D: icalproperty_new_clone (icalproperty.c:141) ==00:00:01:03.492 9849== by 0x434AC6A: icalcomponent_new_clone (icalcomponent.c:199) ==00:00:01:03.492 9849== by 0x807DAA9: save_object (e-cal-backend-exchange.c:256) ==00:00:01:03.492 9849== by 0x501A632: g_hash_table_foreach (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.492 9849== by 0x807DB78: timeout_save_cache (e-cal-backend-exchange.c:279) ==00:00:01:03.492 9849== by 0x5028335: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.492 9849== by 0x5027BF7: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.492 9849== by 0x502AE5D: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.492 9849== by 0x502B1E6: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.492 9849== by 0x4E19A92: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0) ==00:00:01:03.492 9849== by 0x805BC6E: main (main.c:238) ==00:00:01:03.492 9849== Address 0xbabababa is not stack'd, malloc'd or (recently) free'd ==00:00:01:03.492 9849== ==00:00:01:03.492 9849== Process terminating with default action of signal 11 (SIGSEGV) ==00:00:01:03.492 9849== Access not within mapped region at address 0xBABABABA ==00:00:01:03.492 9849== at 0x4362F0E: icalvalue_new_clone (icalvalue.c:104) ==00:00:01:03.492 9849== by 0x435416D: icalproperty_new_clone (icalproperty.c:141) ==00:00:01:03.492 9849== by 0x434AC6A: icalcomponent_new_clone (icalcomponent.c:199) ==00:00:01:03.492 9849== by 0x807DAA9: save_object (e-cal-backend-exchange.c:256) ==00:00:01:03.492 9849== by 0x501A632: g_hash_table_foreach (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.492 9849== by 0x807DB78: timeout_save_cache (e-cal-backend-exchange.c:279) ==00:00:01:03.492 9849== by 0x5028335: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.493 9849== by 0x5027BF7: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.493 9849== by 0x502AE5D: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.493 9849== by 0x502B1E6: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.493 9849== by 0x4E19A92: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0) ==00:00:01:03.493 9849== by 0x805BC6E: main (main.c:238) ==00:00:01:03.728 9849== ==00:00:01:03.728 9849== Thread 4: ==00:00:01:03.728 9849== Invalid free() / delete / delete[] ==00:00:01:03.728 9849== at 0x402265C: free (vg_replace_malloc.c:323) ==00:00:01:03.728 9849== by 0x51D0D7B: (within /lib/tls/i686/cmov/libc-2.7.so) ==00:00:01:03.728 9849== by 0x51D08A3: __libc_freeres (in /lib/tls/i686/cmov/libc-2.7.so) ==00:00:01:03.728 9849== by 0x401E216: _vgnU_freeres (vg_preloaded.c:60) ==00:00:01:03.728 9849== by 0xA2AC26F: ??? ==00:00:01:03.728 9849== by 0x4364456: icalvalue_free (icalvalue.c:727) ==00:00:01:03.729 9849== by 0x4354424: icalproperty_free (icalproperty.c:234) ==00:00:01:03.729 9849== by 0x434AD8A: icalcomponent_free (icalcomponent.c:240) ==00:00:01:03.729 9849== by 0x8081676: free_exchange_comp (e-cal-backend-exchange.c:1966) ==00:00:01:03.729 9849== by 0x501ABD3: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.729 9849== by 0x501B2F7: (within /usr/lib/libglib-2.0.so.0.1600.3) ==00:00:01:03.729 9849== by 0x807E6A2: e_cal_backend_exchange_in_cache (e-cal-backend-exchange.c:546) ==00:00:01:03.729 9849== Address 0x4feb8c0 is not stack'd, malloc'd or (recently) free'd ==00:00:01:03.732 9849== ==00:00:01:03.732 9849== ERROR SUMMARY: 22 errors from 15 contexts (suppressed: 251 from 2) ==00:00:01:03.757 9849== malloc/free: in use at exit: 8,244,373 bytes in 194,527 blocks. ==00:00:01:03.757 9849== malloc/free: 639,644 allocs, 445,118 frees, 41,595,618 bytes allocated. ==00:00:01:03.757 9849== For counts of detected errors, rerun with: -v ==00:00:01:04.841 9849== searching for pointers to 194,527 not-freed blocks. ==00:00:01:06.736 9849== checked 17,674,844 bytes. ==00:00:01:06.748 9849== ==00:00:01:06.748 9849== LEAK SUMMARY: ==00:00:01:06.748 9849== definitely lost: 3,813 bytes in 72 blocks. ==00:00:01:06.748 9849== possibly lost: 74,243 bytes in 172 blocks. ==00:00:01:06.748 9849== still reachable: 8,166,317 bytes in 194,283 blocks. ==00:00:01:06.748 9849== suppressed: 0 bytes in 0 blocks. Other information: When I started valgrind I ran it with --free-fill=0xBA, which is why you see the 0xBABABABA pattern in the addresses: it means that this memory has already been freed before it was accessed. However, since valgrind didn't realize it was free that means it was freed long enough ago (in valgring/malloc terms) that valgrind stopped tracking it... which is why, unfortunately, we don't have a stack trace of where it was freed :-/.
This just happened to me again: however this time Evolution had been running for about 5 hours (although I wasn't using it actively for a few of those hours). I came back after a few hours away and, after reading a few mail messages, clicked the Calendar button. I got a dialog saying Tasks had gone way, then another saying Calendar had gone away, then evolution-exchange-server dumped core with a valgrind output identical to the one above. This time, evolution also dumped core with this stack trace: Core was generated by `/opt/evo/bin/evolution'. Program terminated with signal 11, Segmentation fault. [New process 11387] [New process 14348] [New process 14346] [New process 11420]
+ Trace 198273
Thread 1 (process 11387)
I'm not convinced the evolution core is related directly but there it is.
Paul, glib/orbit/bonobo libc debug symbols missing. Can you have them installed and retry?
Closing this bug report as no further information has been provided. Please feel free to reopen this bug if you can provide the information asked for. Thanks!