GNOME Bugzilla – Bug 627058
evolution-2.31.90 crashes when using evolution-mapi-0.31.90
Last modified: 2010-10-19 06:50:04 UTC
I'm using evolution/evolution-mapi-0.31.90 and evolution is crashing when checking for new email. gdb backtraces: [New Thread 0x7fffbffff710 (LWP 14381)] [Thread 0x7fffbffff710 (LWP 14381) exited] *** glibc detected *** /usr/bin/evolution: malloc(): smallbin double linked list corrupted: 0x000000000142a970 *** ======= Backtrace: ========= /lib/libc.so.6(+0x72d36)[0x7ffff5e1fd36] /lib/libc.so.6(+0x76655)[0x7ffff5e23655] /lib/libc.so.6(__libc_malloc+0x70)[0x7ffff5e24bb0] /usr/lib64/libtalloc.so.2(_talloc_array+0x1a1)[0x7fffcfe73631] /usr/lib64/libmapi.so.0(Release+0x105)[0x7fffd0bb83e5] /usr/lib64/libmapi.so.0(mapi_object_release+0x14)[0x7fffd0bbc814] /usr/lib64/libexchangemapi-1.0.so.0(exchange_mapi_connection_fetch_items+0xf7c)[0x7fffd119a8c8] /usr/lib64/evolution-data-server-1.2/camel-providers/libcamelmapi.so(+0xa593)[0x7fffcced9593] /usr/lib64/libcamel-provider-1.2.so.19(+0x59bf0)[0x7ffff49b0bf0] /usr/lib64/libglib-2.0.so.0(+0x6a1df)[0x7ffff617d1df] /usr/lib64/libglib-2.0.so.0(+0x68316)[0x7ffff617b316] /lib/libpthread.so.0(+0x6c1a)[0x7ffff6416c1a] /lib/libc.so.6(clone+0x6d)[0x7ffff5e7ea9d] ======= Memory map: ======== 00400000-00404000 r-xp 00000000 08:03 297815 /usr/bin/evolution 00604000-00605000 r--p 00004000 08:03 297815 /usr/bin/evolution 00605000-00606000 rw-p 00005000 08:03 297815 /usr/bin/evolution 00606000-01813000 rw-p 00000000 00:00 0 [heap] 7fffb8000000-7fffb8fa4000 rw-p 00000000 00:00 0 7fffb8fa4000-7fffbc000000 ---p 00000000 00:00 0 7fffbdcfb000-7fffbdffc000 rw-p 00000000 00:00 0 7fffbdffc000-7fffbdffd000 ---p 00000000 00:00 0 7fffbdffd000-7fffbe7fd000 rwxp 00000000 00:00 0 7fffbeffe000-7fffbefff000 ---p 00000000 00:00 0 7fffbefff000-7fffbf7ff000 rwxp 00000000 00:00 0 7fffbf7ff000-7fffbf800000 ---p 00000000 00:00 0 7fffbf800000-7fffc0000000 rwxp 00000000 00:00 0 7fffc0000000-7fffc0ec2000 rw-p 00000000 00:00 0 7fffc0ec2000-7fffc4000000 ---p 00000000 00:00 0 7fffc4478000-7fffc44d9000 rw-p 00000000 00:00 0 7fffc453a000-7fffc453b000 ---p 00000000 00:00 0 7fffc453b000-7fffc4d3b000 rwxp 00000000 00:00 0 7fffc4d3b000-7fffc4d3d000 r-xp 00000000 08:03 5835749 /usr/lib64/gconv/IBM850.so 7fffc4d3d000-7fffc4f3c000 ---p 00002000 08:03 5835749 /usr/lib64/gconv/IBM850.so 7fffc4f3c000-7fffc4f3d000 r--p 00001000 08:03 5835749 /usr/lib64/gconv/IBM850.so 7fffc4f3d000-7fffc4f3e000 rw-p 00002000 08:03 5835749 /usr/lib64/gconv/IBM850.so 7fffc4f3e000-7fffc4f42000 r-xp 00000000 08:03 213749 /usr/lib64/sasl2/libcrammd5.so.2.0.23 7fffc4f42000-7fffc5142000 ---p 00004000 08:03 213749 /usr/lib64/sasl2/libcrammd5.so.2.0.23 7fffc5142000-7fffc5143000 r--p 00004000 08:03 213749 /usr/lib64/sasl2/libcrammd5.so.2.0.23 7fffc5143000-7fffc5144000 rw-p 00005000 08:03 213749 /usr/lib64/sasl2/libcrammd5.so.2.0.23 7fffc5144000-7fffc5148000 r-xp 00000000 08:03 213785 /usr/lib64/sasl2/libldapdb.so.2.0.23 7fffc5148000-7fffc5347000 ---p 00004000 08:03 213785 /usr/lib64/sasl2/libldapdb.so.2.0.23 7fffc5347000-7fffc5348000 r--p 00003000 08:03 213785 /usr/lib64/sasl2/libldapdb.so.2.0.23 7fffc5348000-7fffc5349000 rw-p 00004000 08:03 213785 /usr/lib64/sasl2/libldapdb.so.2.0.23 7fffc5349000-7fffc5350000 r-xp 00000000 08:03 213761 /usr/lib64/sasl2/libgssapiv2.so.2.0.23 7fffc5350000-7fffc554f000 ---p 00007000 08:03 213761 /usr/lib64/sasl2/libgssapiv2.so.2.0.23 7fffc554f000-7fffc5550000 r--p 00006000 08:03 213761 /usr/lib64/sasl2/libgssapiv2.so.2.0.23 7fffc5550000-7fffc5551000 rw-p 00007000 08:03 213761 /usr/lib64/sasl2/libgssapiv2.so.2.0.23 7fffc5551000-7fffc555c000 r-xp 00000000 08:03 213757 /usr/lib64/sasl2/libsrp.so.2.0.23 7fffc555c000-7fffc575b000 ---p 0000b000 08:03 213757 /usr/lib64/sasl2/libsrp.so.2.0.23 7fffc575b000-7fffc575c000 r--p 0000a000 08:03 213757 /usr/lib64/sasl2/libsrp.so.2.0.23 7fffc575c000-7fffc575d000 rw-p 0000b000 08:03 213757 /usr/lib64/sasl2/libsrp.so.2.0.23 7fffc575d000-7fffc57a3000 r-xp 00000000 08:03 107477 /usr/lib64/libldap_r-2.4.so.2.5.4 7fffc57a3000-7fffc59a3000 ---p 00046000 08:03 107477 /usr/lib64/libldap_r-2.4.so.2.5.4 7fffc59a3000-7fffc59a4000 r--p 00046000 08:03 107477 /usr/lib64/libldap_r-2.4.so.2.5.4 7fffc59a4000-7fffc59a6000 rw-p 00047000 08:03 107477 /usr/lib64/libldap_r-2.4.so.2.5.4 7fffc59a6000-7fffc59a8000 rw-p 00000000 00:00 0 7fffc59a8000-7fffc59cd000 r-xp 00000000 08:03 222695 /usr/lib64/postgresql-8.4/lib64/libpq.so.5.2 7fffc59cd000-7fffc5bcc000 ---p 00025000 08:03 222695 /usr/lib64/postgresql-8.4/lib64/libpq.so.5.2 7fffc5bcc000-7fffc5bcd000 r--p 00024000 08:03 222695 /usr/lib64/postgresql-8.4/lib64/libpq.so.5.2 7fffc5bcd000-7fffc5bcf000 rw-p 00025000 08:03 222695 /usr/lib64/postgresql-8.4/lib64/libpq.so.5.2 7fffc5bcf000-7fffc5c27000 r-xp 00000000 08:03 813182 /usr/lib64/libssl.so.1.0.0 7fffc5c27000-7fffc5e27000 ---p 00058000 08:03 813182 /usr/lib64/libssl.so.1.0.0 7fffc5e27000-7fffc5e2a000 r--p 00058000 08:03 813182 /usr/lib64/libssl.so.1.0.0 7fffc5e2a000-7fffc5e30000 rw-p 0005b000 08:03 813182 /usr/lib64/libssl.so.1.0.0 7fffc5e30000-7fffc5f66000 r-xp 00000000 08:03 124219 /usr/lib64/mysql/libmysqlclient.so.16.0.0 7fffc5f66000-7fffc6165000 ---p 00136000 08:03 124219 /usr/lib64/mysql/libmysqlclient.so.16.0.0 7fffc6165000-7fffc6168000 r--p 00135000 08:03 124219 /usr/lib64/mysql/libmysqlclient.so.16.0.0 7fffc6168000-7fffc61b2000 rw-p 00138000 08:03 124219 /usr/lib64/mysql/libmysqlclient.so.16.0.0 7fffc61b2000-7fffc61b4000 rw-p 00000000 00:00 0 7fffc61b4000-7fffc61b9000 r-xp 00000000 08:03 213781 /usr/lib64/sasl2/libsql.so.2.0.23 7fffc61b9000-7fffc63b8000 ---p 00005000 08:03 213781 /usr/lib64/sasl2/libsql.so.2.0.23 7fffc63b8000-7fffc63b9000 r--p 00004000 08:03 213781 /usr/lib64/sasl2/libsql.so.2.0.23 7fffc63b9000-7fffc63ba000 rw-p 00005000 08:03 213781 /usr/lib64/sasl2/libsql.so.2.0.23 7fffc63ba000-7fffc63be000 r-xp 00000000 08:03 213765 /usr/lib64/sasl2/libplain.so.2.0.23 7fffc63be000-7fffc65bd000 ---p 00004000 08:03 213765 /usr/lib64/sasl2/libplain.so.2.0.23 7fffc65bd000-7fffc65be000 r--p 00003000 08:03 213765 /usr/lib64/sasl2/libplain.so.2.0.23 Program received signal SIGABRT, Aborted.
+ Trace 223258
compiled using: gcc version 4.4.4 (Gentoo 4.4.4-r1 p1.0, pie-0.4.5) CFLAGS="-march=native -O0 -pipe -ggdb"
hmmm could be a memory problem?
Hi, I don't think so, as evolution is the only application which is currently crashing. I've got one other thing to check. Just reminded myself that I had similar problem last year when libmapi was compiled with -O2 (recompiling with -O0 was fixing it). Let me check it tomorrow morning and I will update this ticket. Regards, Rob
Robert, if you can reproduce the crash easily, would you mind running evolution under valgrind. Please make sure you have debuinfo packages of samba, openchange, glib2 and glib2 installed. Please refer https://wiki.ubuntu.com/Valgrind for more info. Btw, what is the openchange version ? Could be related to bug 612261
Hi Akhil, I'll recompile everything with debugging and post new backtraces. It seems it's recompiling libmapi (openchange) with -O0 doesn't change anything this time round. Versions I'm using: samba [4.0.0_alpha11] glib [2.25.12] libmapi [0.31.90] evolution [2.31.90]
It seems I can't force it to crash under valgrind. Maybe there is a race condition somewhere and because everything is so slow under valgrind I can't reproduce it. I've tried send/receive over 30 times (each one is generating "(evolution:5293): camel-mapi-provider-WARNING **: camel_mapi_folder_new: cannot find 'Favourites' in known folders" in logs). Under gdb (or without any debugging), pressing send/receive 5 times is enough to reproduce the crash. Program received signal SIGABRT, Aborted.
+ Trace 223271
Thread 140736578901776 (LWP 10459)
Thanks for a bug report. I see this is all about talloc errors, and you say it's when clicking send&receive in a mailer? I see yu've 0.301.90 of ema. What is your openchange/libmapi version, please?
I meant 0.31.90 of ema, of course. I tried with openchange svn revision 2064 and it didn't crash to me when clicking Send&Receive periodically, but it crashed with "Bad talloc magic value - double free" at the end of evolution, when I was closing it.
Hi Milan, This problem appeared with Evolution-2.31.x evolution-mapi-0.31.x I was using 2.30 previously and it didn't crash (it had other problems mainly with UTF and not checking emails in all folders - which were already fixed). I'm using openchange 0.9 release. I'll test with svn 2064 and current trunk (r2137) and let you know.
Hi Milan, I've tried to find some same revision so I can compile samba4/openchange and evolution-mapi, but after spending few hours on it, I can't find any. Which samba4 commit are you using?
I'm using 'make samba-git' in openchange checkout. I was told that here should be a release of OpenChange on September 9th or so, thus if you wish you can wait, as if I recall properly the OpenChange release depends on the samba4 tarball release, so the samba4 should be ready in that time too, hopefully. (I do not expect openchange release depending on samba4 git checkout.)
Hi Milan, I've decided to give it a try. It seems when you build openchange rev 2064 it's using this, quite old samba4 commit: SAMBA VERSION: 4.0.0alpha12-GIT-9cddf89 BUILD COMMIT REVISION: 9cddf891ad2a09ed1de83f3b51b4f2fc3e6855e8 BUILD COMMIT DATE: "Wed May 12 19:30:56 2010 +0200" even before they moved to waf build system. I must be doing something wrong, because I can't compile evolution-mapi (0.31.90 not current HEAD) with neither openchange rev 2064 not current HEAD. exchange-mapi-connection.c: In function 'exchange_mapi_util_get_attachments': exchange-mapi-connection.c:1001: warning: passing argument 2 of 'cast_SPropValue' from incompatible pointer type /usr/local/include/libmapi/proto.h:257: note: expected 'struct mapi_SPropValue *' but argument is of type 'struct SPropValue *' exchange-mapi-connection.c:1001: error: too few arguments to function 'cast_SPropValue' exchange-mapi-connection.c: In function 'exchange_mapi_connection_fetch_items': exchange-mapi-connection.c:1633: warning: passing argument 2 of 'cast_mapi_SPropValue' from incompatible pointer type /usr/local/include/libmapi/proto.h:255: note: expected 'struct mapi_SPropValue *' but argument is of type 'struct SPropValue *' exchange-mapi-connection.c:1633: error: too few arguments to function 'cast_mapi_SPropValue' exchange-mapi-connection.c: In function 'exchange_mapi_connection_fetch_object_props': exchange-mapi-connection.c:1778: warning: passing argument 2 of 'cast_mapi_SPropValue' from incompatible pointer type /usr/local/include/libmapi/proto.h:255: note: expected 'struct mapi_SPropValue *' but argument is of type 'struct SPropValue *' exchange-mapi-connection.c:1778: error: too few arguments to function 'cast_mapi_SPropValue' make[3]: *** [exchange-mapi-connection.lo] Error 1 How did you get it to work?
I suppose you've too old evolution-mapi. The 0.31.6 contains a change for this: http://git.gnome.org/browse/evolution-mapi/commit/?id=58c6252a3c3622a2ac1d870ae27812c719af2f17 and another one: http://git.gnome.org/browse/evolution-mapi/commit/?id=7ac51f481dd1c6968d889c424bea183068c073ae with which the compilation of evolution-mapi against svn trunk of openchange works as expected. Only make sure you configured evolution-mapi against the right openchange.
I just realized, while looking on bug #627999, that the openchange/samba thread unsafety is very crucial here, with recent evolution-mapi changes more visible. Changes from the mentioned bug should fix this and similar talloc issues. Please apply patch from there too. When I was looking whether your backtraces are of the same issue I realized you used only "bt" there. Please use "t a a bt" (aka "thread apply all bt") gdb command, to see what all threads are doing. (no need to resend traces right now, only if the patch from bug #627999 will not help). Thanks for testing.
Closing this bug report as no further information has been provided. Please feel free to reopen the bug if the problem still occurs with a newer version of Evolution 2.32.0 / evolution-mapi 0.32.0 or later, thanks.