GNOME Bugzilla – Bug 507900
crash in Evolution Mail and Calendar: Tried to send a mail inc...
Last modified: 2013-09-13 00:57:59 UTC
Version: 2.22.x What were you doing when the application crashed? Tried to send a mail including some links to bugzilla reports. Distribution: Fedora release 8.90 (Rawhide) Gnome Release: 2.21.4 2007-12-21 (Red Hat, Inc) BugBuddy Version: 2.20.1 System: Linux 2.6.24-0.136.rc6.git12.fc9 #1 SMP Sat Jan 5 12:46:45 EST 2008 i686 X Vendor: The X.Org Foundation X Vendor Release: 10499001 Selinux: No Accessibility: Enabled GTK+ Theme: Nodoka Icon Theme: Fedora Memory status: size: 306827264 vsize: 306827264 resident: 223371264 share: 22269952 rss: 223371264 rss_rlim: 4294967295 CPU usage: start_time: 1199729066 rtime: 9510 utime: 4118 stime: 5392 cutime:79 cstime: 345 timeout: 0 it_real_value: 0 frequency: 100 Backtrace was generated from '/usr/bin/evolution' Using host libthread_db library "/lib/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 0xb7fbf920 (LWP 6477)] [New Thread 0xb31ffb90 (LWP 28561)] [New Thread 0xb431bb90 (LWP 28559)] [New Thread 0xb6e88b90 (LWP 6487)] 0x00130402 in __kernel_vsyscall ()
+ Trace 184430
Thread 1 (Thread 0xb7fbf920 (LWP 6477))
----------- .xsession-errors --------------------- warning: Missing the separate debug info file: /usr/lib/debug/.build-id/f1/915e01185019c55bd9e7915525b83eed6a5dc2.debug warning: Missing the separate debug info file: /usr/lib/debug/.build-id/13/43098bfb6c33ba11392b8cc202272de5e7e7cb.debug warning: Missing the separate debug info file: /usr/lib/debug/.build-id/e8/22c1d4f385fca025c250ce39994f59a3017a83.debug warning: Missing the separate debug info file: /usr/lib/debug/.build-id/4f/4cec1c0b5412b20d8eb5942723fe24dec5425a.debug warning: Missing the separate debug info file: /usr/lib/debug/.build-id/43/ceaa2daa36275f4b1b761917e9f345a52e7a80.debug warning: Missing the separate debug info file: /usr/lib/debug/.build-id/4f/3b6d7793407555f5a646cdffff64b1c30bb50c.debug warning: Missing the separate debug info file: /usr/lib/debug/.build-id/6b/0dbb086f0f33fd11688b95e3ac40895e02a060.debug warning: Missing the separate debug info file: /usr/lib/debug/.build-id/f2/c84de6d2d698f91d8c0b41a34a9ed17c2195b2.debug --------------------------------------------------
*** Bug 507055 has been marked as a duplicate of this bug. ***
*** Bug 507259 has been marked as a duplicate of this bug. ***
*** Bug 505821 has been marked as a duplicate of this bug. ***
Also seen on Ubuntu: https://bugs.edge.launchpad.net/evolution/+bug/182766
Most of the stacktraces include these warnings: (evolution:7384): GLib-GObject-WARNING **: IA__g_object_weak_unref: couldn't find weak ref 0xb6315240(0x88ab7b8) (evolution:7384): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (evolution:7384): GLib-GObject-WARNING **: instance of invalid non-instantiatable type `(null)' (evolution:7384): GLib-GObject-CRITICAL **: g_signal_emit_valist: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed (evolution:7384): GLib-GObject-WARNING **: instance of invalid non-instantiatable type `(null)' (evolution:7384): GLib-GObject-CRITICAL **: g_signal_handlers_destroy: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed GObject then crashes while trying to free the closure array on an object contained within the composer window. (GQuark key_id 49 == "GObject-closure-array") The warning about the weak reference is the biggest clue. Could be that the weak reference callback is trying to unref the already-destroyed object.
Near as I can tell, we're unref'ing a child widget within the composer window someplace where we shouldn't be, such that when the window itself is disposed the GtkContainer's "focus_child" is a dangling pointer. Things start to go horribly wrong in gtk_container_set_focus_child() when it tries to unref the previous "focus_child" widget. The g_signal_handlers_destroy() warning is coming from g_object_real_dispose() just prior to the crash. I've yet to pin down where the g_signal_emit_valist() and g_object_weak_unref() warnings are coming from. We _are_ using a weak reference on the composer window in em-composer-utils.c, but I don't yet see how that could be contributing to the crash. Another clue: The only place in GObject that calls g_object_weak_unref() is g_object_remove_weak_pointer(), and nothing in GObject calls that. GtkHTML does not use weak references at all. That means Evolution is explicitly calling g_object_weak_unref() or g_object_remove_weak_pointer() somewhere close to the cause of the crash. Follow the breadcrumbs...
Another data point: There is actually one weak reference in GtkHTML. It's in the accessibility code for hyperlink widgets. Kjartan mentioned he was sending a message with links, so that got me curious. However none of the stack traces reference anything accessibility related and half the dupes show accessibility disabled, so for now I'm ruling out that particular weak reference.
Looks like Milan found it. Pasting from the clipboard was the culprit. *** This bug has been marked as a duplicate of 505819 ***