After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 507900 - crash in Evolution Mail and Calendar: Tried to send a mail inc...
crash in Evolution Mail and Calendar: Tried to send a mail inc...
Status: RESOLVED DUPLICATE of bug 505819
Product: evolution
Classification: Applications
Component: Mailer
2.22.x (obsolete)
Other All
: High critical
: ---
Assigned To: Matthew Barnes
Evolution QA team
: 505821 507055 507259 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-01-07 18:59 UTC by Kjartan Maraas
Modified: 2013-09-13 00:57 UTC
See Also:
GNOME target: ---
GNOME version: 2.21/2.22



Description Kjartan Maraas 2008-01-07 18:59:14 UTC
Version: 2.22.x

What were you doing when the application crashed?
Tried to send a mail including some links to bugzilla reports.


Distribution: Fedora release 8.90 (Rawhide)
Gnome Release: 2.21.4 2007-12-21 (Red Hat, Inc)
BugBuddy Version: 2.20.1

System: Linux 2.6.24-0.136.rc6.git12.fc9 #1 SMP Sat Jan 5 12:46:45 EST 2008 i686
X Vendor: The X.Org Foundation
X Vendor Release: 10499001
Selinux: No
Accessibility: Enabled
GTK+ Theme: Nodoka
Icon Theme: Fedora

Memory status: size: 306827264 vsize: 306827264 resident: 223371264 share: 22269952 rss: 223371264 rss_rlim: 4294967295
CPU usage: start_time: 1199729066 rtime: 9510 utime: 4118 stime: 5392 cutime:79 cstime: 345 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evolution'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0xb7fbf920 (LWP 6477)]
[New Thread 0xb31ffb90 (LWP 28561)]
[New Thread 0xb431bb90 (LWP 28559)]
[New Thread 0xb6e88b90 (LWP 6487)]
0x00130402 in __kernel_vsyscall ()

Thread 1 (Thread 0xb7fbf920 (LWP 6477))

  • #0 __kernel_vsyscall
  • #1 waitpid
    from /lib/libpthread.so.0
  • #2 IA__g_spawn_sync
    at gspawn.c line 374
  • #3 IA__g_spawn_command_line_sync
    at gspawn.c line 682
  • #4 ??
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #5 ??
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #6 google_breakpad::ExceptionHandler::InternalWriteMinidump
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #7 google_breakpad::ExceptionHandler::HandleException
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #8 segv_redirect
    at main.c line 511
  • #9 <signal handler called>
  • #10 IA__g_datalist_id_set_data_full
    at gdataset.c line 216
  • #11 g_object_real_dispose
    at gobject.c line 533
  • #12 gtk_object_dispose
    at gtkobject.c line 423
  • #13 gtk_widget_dispose
    at gtkwidget.c line 7851
  • #14 IA__g_object_unref
    at gobject.c line 1765
  • #15 gtk_container_real_set_focus_child
    at gtkcontainer.c line 1657
  • #16 IA__g_cclosure_marshal_VOID__OBJECT
    at gmarshal.c line 636
  • #17 g_type_class_meta_marshal
    at gclosure.c line 567
  • #18 IA__g_closure_invoke
    at gclosure.c line 490
  • #19 signal_emit_unlocked_R
    at gsignal.c line 2370
  • #20 IA__g_signal_emit_valist
    at gsignal.c line 2199
  • #21 IA__g_signal_emit
    at gsignal.c line 2243
  • #22 IA__gtk_container_set_focus_child
    at gtkcontainer.c line 1548
  • #23 IA__gtk_window_set_focus
    at gtkwindow.c line 1432
  • #24 gtk_window_dispose
    at gtkwindow.c line 1965
  • #25 bonobo_window_dispose
    at bonobo-window.c line 141
  • #26 composer_dispose
    at e-msg-composer.c line 2726
  • #27 IA__g_object_run_dispose
    at gobject.c line 573
  • #28 IA__gtk_object_destroy
    at gtkobject.c line 403
  • #29 IA__gtk_widget_destroy
    at gtkwidget.c line 2886
  • #30 composer_send_queued_cb
    at em-composer-utils.c line 218
  • #31 append_mail_done
    at mail-ops.c line 883
  • #32 mail_msg_idle_cb
    at mail-mt.c line 504
  • #33 g_idle_dispatch
    at gmain.c line 4142
  • #34 IA__g_main_context_dispatch
    at gmain.c line 2064
  • #35 g_main_context_iterate
    at gmain.c line 2697
  • #36 IA__g_main_loop_run
    at gmain.c line 2905
  • #37 bonobo_main
    at bonobo-main.c line 311
  • #38 main
    at main.c line 700
  • #39 __libc_start_main
    from /lib/libc.so.6
  • #40 _start
  • #0 __kernel_vsyscall


----------- .xsession-errors ---------------------
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/f1/915e01185019c55bd9e7915525b83eed6a5dc2.debug
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/13/43098bfb6c33ba11392b8cc202272de5e7e7cb.debug
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/e8/22c1d4f385fca025c250ce39994f59a3017a83.debug
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/4f/4cec1c0b5412b20d8eb5942723fe24dec5425a.debug
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/43/ceaa2daa36275f4b1b761917e9f345a52e7a80.debug
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/4f/3b6d7793407555f5a646cdffff64b1c30bb50c.debug
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/6b/0dbb086f0f33fd11688b95e3ac40895e02a060.debug
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/f2/c84de6d2d698f91d8c0b41a34a9ed17c2195b2.debug
--------------------------------------------------
Comment 1 Srinivasa Ragavan 2008-01-11 17:13:42 UTC
*** Bug 507055 has been marked as a duplicate of this bug. ***
Comment 2 Srinivasa Ragavan 2008-01-11 17:13:45 UTC
*** Bug 507259 has been marked as a duplicate of this bug. ***
Comment 3 Srinivasa Ragavan 2008-01-11 17:14:08 UTC
*** Bug 505821 has been marked as a duplicate of this bug. ***
Comment 4 C de-Avillez 2008-01-14 14:35:23 UTC
Also seen on Ubuntu: https://bugs.edge.launchpad.net/evolution/+bug/182766
Comment 5 Matthew Barnes 2008-01-22 15:38:53 UTC
Most of the stacktraces include these warnings:

(evolution:7384): GLib-GObject-WARNING **: IA__g_object_weak_unref: couldn't
find weak ref 0xb6315240(0x88ab7b8)
(evolution:7384): GLib-GObject-CRITICAL **: g_object_unref: assertion
`G_IS_OBJECT (object)' failed
(evolution:7384): GLib-GObject-WARNING **: instance of invalid
non-instantiatable type `(null)'
(evolution:7384): GLib-GObject-CRITICAL **: g_signal_emit_valist: assertion
`G_TYPE_CHECK_INSTANCE (instance)' failed
(evolution:7384): GLib-GObject-WARNING **: instance of invalid
non-instantiatable type `(null)'
(evolution:7384): GLib-GObject-CRITICAL **: g_signal_handlers_destroy:
assertion `G_TYPE_CHECK_INSTANCE (instance)' failed

GObject then crashes while trying to free the closure array on an object contained within the composer window.  (GQuark key_id 49 == "GObject-closure-array")

The warning about the weak reference is the biggest clue.  Could be that the weak reference callback is trying to unref the already-destroyed object.
Comment 6 Matthew Barnes 2008-01-22 17:41:06 UTC
Near as I can tell, we're unref'ing a child widget within the composer window someplace where we shouldn't be, such that when the window itself is disposed the GtkContainer's "focus_child" is a dangling pointer.  Things start to go horribly wrong in gtk_container_set_focus_child() when it tries to unref the previous "focus_child" widget.

The g_signal_handlers_destroy() warning is coming from g_object_real_dispose() just prior to the crash.  I've yet to pin down where the g_signal_emit_valist() and g_object_weak_unref() warnings are coming from.

We _are_ using a weak reference on the composer window in em-composer-utils.c, but I don't yet see how that could be contributing to the crash.

Another clue: The only place in GObject that calls g_object_weak_unref() is g_object_remove_weak_pointer(), and nothing in GObject calls that.  GtkHTML does not use weak references at all.  That means Evolution is explicitly calling g_object_weak_unref() or g_object_remove_weak_pointer() somewhere close to the cause of the crash.  Follow the breadcrumbs...
Comment 7 Matthew Barnes 2008-01-22 18:21:48 UTC
Another data point:

There is actually one weak reference in GtkHTML.  It's in the accessibility code for hyperlink widgets.  Kjartan mentioned he was sending a message with links, so that got me curious.  However none of the stack traces reference anything accessibility related and half the dupes show accessibility disabled, so for now I'm ruling out that particular weak reference.
Comment 8 Matthew Barnes 2008-01-22 22:12:23 UTC
Looks like Milan found it.  Pasting from the clipboard was the culprit.

*** This bug has been marked as a duplicate of 505819 ***