GNOME Bugzilla – Bug 348149
Random evolution crashes around camel-partition-table.c:870
Last modified: 2009-08-21 18:35:51 UTC
Distribution: Debian testing/unstable Package: Evolution Severity: Normal Version: GNOME2.14.2 unspecified Gnome-Distributor: Debian Synopsis: Random evolution crashes (with maildir) Bugzilla-Product: Evolution Bugzilla-Component: Mailer Bugzilla-Version: unspecified BugBuddy-GnomeVersion: 2.0 (2.14.1) Description: Description of the crash: I believe this is a duplicate of #308074 Steps to reproduce the crash: 1. Start evolution 2. Do something else 3. An dialog pops up that evolution has crashed; while the evolution UI is still partially responsive. Expected Results: No crashes... How often does this happen? A couple of times each day. Not necessarily while using evolution. Sometimes as early as when the first message is displayed, sometimes after hours of working. Additional Information: Console output: (spamassassin is disabled.) CalDAV Eplugin starting up ... (evolution-2.6:23811): evolution-mail-WARNING **: ignored this junk plugin: not enabled or we have already loaded one (evolution-2.6:23811): e-utils-WARNING **: Plugin 'Spamassassin-Plugin' failed to load hook 'org.gnome.evolution.mail.junk:1.0' (evolution-2.6:23811): camel-WARNING **: camel_exception_get_id called with NULL parameter. camel-ERROR **: file camel-partition-table.c: line 872 (camel_key_table_lookup): assertion failed: (index < kb->used) aborting... The problem first appeared like two months ago I guess. It never occured with evolution 2.4 I'm using Maildir folders, synced via offlineimap. (the .#evolution folder is annoying, btw! as well as the extra magic "Inbox" folder which actually doesn't exist... but I bet there is an old bug open for this...) Filesystem is ext3, on Debian unstable (evolution 2.6.2-4, since that doesn't seem to be in the bugbuddy report). I think I already tried removing the ibex files, and it didn't help. Debugging Information: Backtrace was generated from '/usr/bin/evolution-2.6' (no debugging symbols found) Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1232197952 (LWP 23811)] [New Thread -1282778192 (LWP 23820)] [New Thread -1273812048 (LWP 23817)] [New Thread -1264591952 (LWP 23816)] [New Thread -1256199248 (LWP 23815)] [New Thread -1247413328 (LWP 23814)] [New Thread -1239020624 (LWP 23812)] (no debugging symbols found) 0xffffe410 in __kernel_vsyscall ()
+ Trace 69473
Thread 7 (Thread -1239020624 (LWP 23812))
------- Bug created by bug-buddy at 2006-07-20 15:28 -------
yes, very likely a duplicate of bug 308074 - however, the stacktraces are not the same.
*** Bug 353549 has been marked as a duplicate of this bug. ***
confirming as per duplicate.
*** Bug 355147 has been marked as a duplicate of this bug. ***
Adjusting Summary, bug 355147 got the same stacktrace using mbox.
*** Bug 365199 has been marked as a duplicate of this bug. ***
*** Bug 366524 has been marked as a duplicate of this bug. ***
*** Bug 367206 has been marked as a duplicate of this bug. ***
*** Bug 369744 has been marked as a duplicate of this bug. ***
*** Bug 371936 has been marked as a duplicate of this bug. ***
*** Bug 378239 has been marked as a duplicate of this bug. ***
*** Bug 378076 has been marked as a duplicate of this bug. ***
*** Bug 378071 has been marked as a duplicate of this bug. ***
*** Bug 377559 has been marked as a duplicate of this bug. ***
*** Bug 379107 has been marked as a duplicate of this bug. ***
*** Bug 383431 has been marked as a duplicate of this bug. ***
*** Bug 383421 has been marked as a duplicate of this bug. ***
*** Bug 383415 has been marked as a duplicate of this bug. ***
*** Bug 378566 has been marked as a duplicate of this bug. ***
*** Bug 383636 has been marked as a duplicate of this bug. ***
*** Bug 383714 has been marked as a duplicate of this bug. ***
*** Bug 383591 has been marked as a duplicate of this bug. ***
*** Bug 383640 has been marked as a duplicate of this bug. ***
*** Bug 383734 has been marked as a duplicate of this bug. ***
*** Bug 383779 has been marked as a duplicate of this bug. ***
*** Bug 383892 has been marked as a duplicate of this bug. ***
Thanks for taking the time to report this bug. Unfortunately, that stack trace is missing some elements that will help a lot to solve the problem, so it will be hard for the developers to fix that crash. Can you get us a stack trace with debugging symbols? Please see http://live.gnome.org/GettingTraces for more information on how to do so. Thanks in advance! please install the glib and libcamel packages
*** Bug 384320 has been marked as a duplicate of this bug. ***
*** Bug 384126 has been marked as a duplicate of this bug. ***
*** Bug 384127 has been marked as a duplicate of this bug. ***
*** Bug 384163 has been marked as a duplicate of this bug. ***
*** Bug 384186 has been marked as a duplicate of this bug. ***
*** Bug 384228 has been marked as a duplicate of this bug. ***
*** Bug 384291 has been marked as a duplicate of this bug. ***
Dear bug reporters Thanks for taking the time to report this bug. Unfortunately, that stack traces are missing some elements that will help a lot to solve the problem, so it will be hard for the developers to fix that crash. Can you get us a stack trace with debugging symbols? Please see http://live.gnome.org/GettingTraces for more information on how to do so. Thanks in advance! please install the glib and libcamel debug packages
*** Bug 384368 has been marked as a duplicate of this bug. ***
*** Bug 384632 has been marked as a duplicate of this bug. ***
*** Bug 384812 has been marked as a duplicate of this bug. ***
*** Bug 384885 has been marked as a duplicate of this bug. ***
*** Bug 385963 has been marked as a duplicate of this bug. ***
*** Bug 385832 has been marked as a duplicate of this bug. ***
*** Bug 386886 has been marked as a duplicate of this bug. ***
*** Bug 392316 has been marked as a duplicate of this bug. ***
*** Bug 387010 has been marked as a duplicate of this bug. ***
*** Bug 387901 has been marked as a duplicate of this bug. ***
*** Bug 388312 has been marked as a duplicate of this bug. ***
*** Bug 389756 has been marked as a duplicate of this bug. ***
*** Bug 392348 has been marked as a duplicate of this bug. ***
*** Bug 392389 has been marked as a duplicate of this bug. ***
*** Bug 391515 has been marked as a duplicate of this bug. ***
*** Bug 393311 has been marked as a duplicate of this bug. ***
*** Bug 394261 has been marked as a duplicate of this bug. ***
*** Bug 395415 has been marked as a duplicate of this bug. ***
*** Bug 395334 has been marked as a duplicate of this bug. ***
*** Bug 396015 has been marked as a duplicate of this bug. ***
*** Bug 395815 has been marked as a duplicate of this bug. ***
*** Bug 396390 has been marked as a duplicate of this bug. ***
*** Bug 397482 has been marked as a duplicate of this bug. ***
*** Bug 375065 has been marked as a duplicate of this bug. ***
*** Bug 396797 has been marked as a duplicate of this bug. ***
*** Bug 397179 has been marked as a duplicate of this bug. ***
*** Bug 397533 has been marked as a duplicate of this bug. ***
*** Bug 383747 has been marked as a duplicate of this bug. ***
*** Bug 397782 has been marked as a duplicate of this bug. ***
*** Bug 397992 has been marked as a duplicate of this bug. ***
*** Bug 398077 has been marked as a duplicate of this bug. ***
*** Bug 398130 has been marked as a duplicate of this bug. ***
*** Bug 398375 has been marked as a duplicate of this bug. ***
*** Bug 399385 has been marked as a duplicate of this bug. ***
*** Bug 399631 has been marked as a duplicate of this bug. ***
*** Bug 400330 has been marked as a duplicate of this bug. ***
*** Bug 400263 has been marked as a duplicate of this bug. ***
*** Bug 400647 has been marked as a duplicate of this bug. ***
*** Bug 396847 has been marked as a duplicate of this bug. ***
*** Bug 400981 has been marked as a duplicate of this bug. ***
*** Bug 403318 has been marked as a duplicate of this bug. ***
*** Bug 403551 has been marked as a duplicate of this bug. ***
*** Bug 403816 has been marked as a duplicate of this bug. ***
Looks like these are related to this code at camel-partition-table.c:870 #if 1 g_assert(kb->used < 127); /* this should be more accurate */ g_assert(index < kb->used); #else if (kb->used >=127 || index >= kb->used) { g_warning("Block %x: Invalid index or content: index %d used %d\n", blockid, index, kb->used); return 0; } #endif The code has been there since the beginning, but from the comments it looks like it could be improved. Do we really need to assert here or could we use the conditional warning instead?
*** Bug 404686 has been marked as a duplicate of this bug. ***
*** Bug 405155 has been marked as a duplicate of this bug. ***
*** Bug 405490 has been marked as a duplicate of this bug. ***
*** Bug 408708 has been marked as a duplicate of this bug. ***
*** Bug 408747 has been marked as a duplicate of this bug. ***
*** Bug 414382 has been marked as a duplicate of this bug. ***
*** Bug 413527 has been marked as a duplicate of this bug. ***
*** Bug 414945 has been marked as a duplicate of this bug. ***
*** Bug 416134 has been marked as a duplicate of this bug. ***
*** Bug 420414 has been marked as a duplicate of this bug. ***
*** Bug 424171 has been marked as a duplicate of this bug. ***
from bug 375065:
+ Trace 126921
*** Bug 430524 has been marked as a duplicate of this bug. ***
*** Bug 434413 has been marked as a duplicate of this bug. ***
*** Bug 435056 has been marked as a duplicate of this bug. ***
*** Bug 445124 has been marked as a duplicate of this bug. ***
*** Bug 454923 has been marked as a duplicate of this bug. ***
Looks same as 351208 to me.
The same problem of kb->used for me atleast this value is not going beyond 76. does that you mean as improvement Kjartan Maraas.
According to me its happening because of the function call : camel_block_file_get_block (). Some memory corruption happens in bs->fd and it leads to read wrong data. and wrong kb->used resulting in triggering that g_assert for either index < kb->used / kb->used < 127. Disclaimer : This is on my own analysis of code what I found out when I gone through the code, if any body want to help me please do it fast.
this is the evolution crasher bug with the highest number of duplicates currently && a useful trace. setting gnome 2.20 target milestone.
lucky, can we get a patch submitted for the next release?
*** Bug 387646 has been marked as a duplicate of this bug. ***
*** Bug 365323 has been marked as a duplicate of this bug. ***
Should we replace the occurence of 127 with KEY_SIZE ? Like: Index: camel-partition-table.c =================================================================== --- camel-partition-table.c (revision 8009) +++ camel-partition-table.c (working copy) @@ -868,10 +868,10 @@ kb = (CamelKeyBlock *)&bl->data; #if 1 - g_assert(kb->used < 127); /* this should be more accurate */ + g_assert(kb->used < KEY_SIZE); /* this should be more accurate */ g_assert(index < kb->used); #else - if (kb->used >=127 || index >= kb->used) { + if (kb->used >= KEY_SIZE || index >= kb->used) { g_warning("Block %x: Invalid index or content: index %d used %d\n", blockid, index, kb->used); return 0; }
Is there any guaranteed set of operations that will bork the partition table ?
(In reply to comment #104) > Should we replace the occurence of 127 with KEY_SIZE ? Like: > > #if 1 > - g_assert(kb->used < 127); /* this should be more accurate */ > + g_assert(kb->used < KEY_SIZE); /* this should be more accurate */ > g_assert(index < kb->used); > #else > - if (kb->used >=127 || index >= kb->used) { > + if (kb->used >= KEY_SIZE || index >= kb->used) { > g_warning("Block %x: Invalid index or content: index %d used > Ignore this.
*** Bug 474151 has been marked as a duplicate of this bug. ***
*** Bug 476380 has been marked as a duplicate of this bug. ***
*** Bug 478508 has been marked as a duplicate of this bug. ***
*** Bug 478561 has been marked as a duplicate of this bug. ***
*** Bug 486761 has been marked as a duplicate of this bug. ***
*** Bug 489694 has been marked as a duplicate of this bug. ***
*** Bug 485465 has been marked as a duplicate of this bug. ***
*** Bug 478781 has been marked as a duplicate of this bug. ***
*** Bug 492414 has been marked as a duplicate of this bug. ***
*** Bug 499812 has been marked as a duplicate of this bug. ***
bug 351208, bug 378166 and bug 482287 look related to me. haven't seen any duplicates from GNOME 2.20/Evolution 2.12 yet.
from bug 365323 (thanks lucky for not copying my complete trace without any optimizations here):
+ Trace 180579
removing gnome-target milestone.
*** Bug 502007 has been marked as a duplicate of this bug. ***
Sankar, didn't you add a hack for not-to-crash? (Is it seen on 2.12?)
I have changed the g_assert to g_warning as the docs says that the number 127 may be inaccurate. I committed for one case alone earlier. Today, I committed the change in other places as well. Trunk: http://svn.gnome.org/viewvc/evolution-data-server?view=revision&revision=8340 2.12 Branch: http://svn.gnome.org/viewvc/evolution-data-server?view=revision&revision=8341 Reducing the bug priority. Bug stands open.
workaround committed, lowering severity.
*** Bug 504366 has been marked as a duplicate of this bug. ***
*** Bug 505963 has been marked as a duplicate of this bug. ***
*** Bug 506655 has been marked as a duplicate of this bug. ***
*** Bug 351208 has been marked as a duplicate of this bug. ***
*** Bug 378166 has been marked as a duplicate of this bug. ***
*** Bug 484614 has been marked as a duplicate of this bug. ***
*** Bug 482287 has been marked as a duplicate of this bug. ***
We haven't got any dupe in past one and half year. Is it worth to keep bug open or shall we close the bug ?
Closing as per last comment.