GNOME Bugzilla – Bug 621514
talloc: double free error - first free may be at librpc/rpc/dcerpc_util.c:312
Last modified: 2011-08-05 17:20:08 UTC
evolution-mapi 0.31.4 *** glibc detected *** /home/lakhil/opt/gnome3/bin/evolution: corrupted double-linked list: 0x0874f408 *** talloc: double free error - first free may be at librpc/rpc/dcerpc_util.c:312 Bad talloc magic value - double free ======= Backtrace: ========= /lib/libc.so.6(+0x6e00b)[0xb663e00b] /lib/libc.so.6(+0x6eec0)[0xb663eec0] /lib/libc.so.6(cfree+0x6d)[0xb6642aed] /usr/local/samba/lib/libdcerpc.so.0(+0x67674f)[0xb1b0174f] /usr/local/samba/lib/libdcerpc.so.0(+0x67665e)[0xb1b0165e] /usr/local/samba/lib/libdcerpc.so.0(+0x67665e)[0xb1b0165e] /usr/local/samba/lib/libdcerpc.so.0(_talloc_free+0xe5)[0xb1b023ca] /usr/local/samba/lib/libmapi.so.0(GetProps+0x371)[0xb1edfca1] /usr/local/samba/lib/libmapi.so.0(+0x4c722)[0xb1efc722] /usr/local/samba/lib/libmapi.so.0(IsMailboxFolder+0x3b0)[0xb1efcf30] /home/lakhil/opt/gnome3/lib/libexchangemapi-1.0.so.0(+0x1331a)[0xb281131a] /home/lakhil/opt/gnome3/lib/libexchangemapi-1.0.so.0(exchange_mapi_connection_get_folders_list+0x462)[0xb28117f1] /home/lakhil/opt/gnome3/lib/evolution-data-server-1.2/camel-providers/libcamelmapi.so(+0xe16a)[0xb5d2e16a] /home/lakhil/opt/gnome3/lib/evolution-data-server-1.2/camel-providers/libcamelmapi.so(+0xe898)[0xb5d2e898] /home/lakhil/opt/gnome3/lib/libcamel-provider-1.2.so.17(camel_store_get_folder_info+0xd2)[0xb7be105a] /home/lakhil/opt/gnome3/lib/evolution/3.0/libevolution-mail.so.0(+0x7b2c7)[0xb5b532c7] /home/lakhil/opt/gnome3/lib/evolution/3.0/libevolution-mail.so.0(+0x77e3b)[0xb5b4fe3b] /usr/lib/libglib-2.0.so.0(+0x6981f)[0xb67a481f] /usr/lib/libglib-2.0.so.0(+0x67844)[0xb67a2844] /lib/libpthread.so.0(+0x5b25)[0xb738ab25] /lib/libc.so.6(clone+0x5e)[0xb66a347e] ======= Memory map: ======== 08048000-0804c000 r-xp 00000000 08:06 321771 /home/lakhil/opt/gnome3/bin/evolution 0804c000-0804d000 r--p 00004000 08:06 321771 /home/lakhil/opt/gnome3/bin/evolution 0804d000-0804e000 rw-p 00005000 08:06 321771 /home/lakhil/opt/gnome3/bin/evolution 0804e000-0880f000 rw-p 00000000 00:00 0 [heap] a27fb000-a27fc000 ---p 00000000 00:00 0 a27fc000-a2ffc000 rwxp 00000000 00:00 0 a2ffc000-a30ab000 r-xp 00000000 08:02 1085975 /usr/lib/libaspell.so.15.1.4 a30ab000-a30ac000 ---p 000af000 08:02 1085975 /usr/lib/libaspell.so.15.1.4 a30ac000-a30af000 r--p 000af000 08:02 1085975 /usr/lib/libaspell.so.15.1.4 a30af000-a30b0000 rw-p 000b2000 08:02 1085975 /usr/lib/libaspell.so.15.1.4 a30b0000-a30b5000 rw-p 00000000 00:00 0 a30fa000-a30fb000 ---p 00000000 00:00 0 a30fb000-a38fb000 rwxp 00000000 00:00 0 a38fb000-a66e1000 r--p 00000000 08:02 1192792 /usr/share/icons/gnome/icon-theme.cache a66e1000-a66e6000 r-xp 00000000 08:02 1084218 /usr/lib/libmodman.so.0 a66e6000-a66e7000 r--p 00005000 08:02 1084218 /usr/lib/libmodman.so.0 a66e7000-a66e8000 rw-p 00006000 08:02 1084218 /usr/lib/libmodman.so.0 a66e8000-a762e000 r--p 00000000 08:02 1084200 /usr/lib/libicudata.so.42.0 a762e000-a762f000 r--p 00f45000 08:02 1084200 /usr/lib/libicudata.so.42.0 a762f000-a7644000 r-xp 00000000 08:02 1084272 /usr/lib/libproxy.so.1.0.0 a7644000-a7645000 r--p 00014000 08:02 1084272 /usr/lib/libproxy.so.1.0.0 a7645000-a7646000 rw-p 00015000 08:02 1084272 /usr/lib/libproxy.so.1.0.0 a7646000-a769d000 r-xp 00000000 08:02 1085713 /usr/lib/libXt.so.6.0.0 a769d000-a769e000 ---p 00057000 08:02 1085713 /usr/lib/libXt.so.6.0.0 a769e000-a769f000 r--p 00057000 08:02 1085713 /usr/lib/libXt.so.6.0.0 a769f000-a76a2000 rw-p 00058000 08:02 1085713 /usr/lib/libXt.so.6.0.0 a76a2000-a77e6000 r-xp 00000000 08:02 1084213 /usr/lib/libicuuc.so.42.0 a77e6000-a77ee000 r--p 00144000 08:02 1084213 /usr/lib/libicuuc.so.42.0 a77ee000-a77f0000 rw-p 0014c000 08:02 1084213 /usr/lib/libicuuc.so.42.0 a77f0000-a77f2000 rw-p 00000000 00:00 0 a77f2000-a79a4000 r-xp 00000000 08:02 1084203 /usr/lib/libicui18n.so.42.0 a79a4000-a79a9000 r--p 001b2000 08:02 1084203 /usr/lib/libicui18n.so.42.0 a79a9000-a79ab000 rw-p 001b7000 08:02 1084203 /usr/lib/libicui18n.so.42.0 a79ab000-a79e4000 r-xp 00000000 08:02 1085926 /usr/lib/libxslt.so.1.1.24 a79e4000-a79e5000 r--p 00038000 08:02 1085926 /usr/lib/libxslt.so.1.1.24 a79e5000-a79e6000 rw-p 00039000 08:02 1085926 /usr/lib/libxslt.so.1.1.24 a79e6000-a7a08000 r-xp 00000000 08:02 1083888 /usr/lib/libjpeg.so.62.0.0 a7a08000-a7a09000 r--p 00021000 08:02 1083888 /usr/lib/libjpeg.so.62.0.0 a7a09000-a7a0a000 rw-p 00022000 08:02 1083888 /usr/lib/libjpeg.so.62.0.0 a7a0a000-a7ade000 r-xp 00000000 08:02 1084482 /usr/lib/libgstreamer-0.10.so.0.24.1 a7ade000-a7ae1000 r--p 000d3000 08:02 1084482 /usr/lib/libgstreamer-0.10.so.0.24.1 a7ae1000-a7ae3000 rw-p 000d6000 08:02 1084482 /usr/lib/libgstreamer-0.10.so.0.24.1 a7ae3000-a7ae4000 rw-p 00000000 00:00 0 a7ae4000-a7b26000 r-xp 00000000 08:02 1084471 /usr/lib/libgstbase-0.10.so.0.24.1 a7b26000-a7b27000 r--p 00041000 08:02 1084471 /usr/lib/libgstbase-0.10.so.0.24.1 a7b27000-a7b28000 rw-p 00042000 08:02 1084471 /usr/lib/libgstbase-0.10.so.0.24.1 a7b28000-a7b2f000 r-xp 00000000 08:02 1086031 /usr/lib/libgstvideo-0.10.so.0.19.2 a7b2f000-a7b30000 r--p 00006000 08:02 1086031 /usr/lib/libgstvideo-0.10.so.0.19.2 a7b30000-a7b31000 rw-p 00007000 08:02 1086031 /usr/lib/libgstvideo-0.10.so.0.19.2 a7b31000-a7b3c000 r-xp 00000000 08:02 1085938 /usr/lib/libgstpbutils-0.10.so.0.19.2 a7b3c000-a7b3d000 ---p 0000b000 08:02 1085938 /usr/lib/libgstpbutils-0.10.so.0.19.2 a7b3d000-a7b3e000 r--p 0000b000 08:02 1085938 /usr/lib/libgstpbutils-0.10.so.0.19.2 a7b3e000-a7b3f000 rw-p 0000c000 08:02 1085938 /usr/lib/libgstpbutils-0.10.so.0.19.2 a7b3f000-a7b4b000 r-xp 00000000 08:02 1084655 /usr/lib/libgstapp-0.10.so.0.19.2 a7b4b000-a7b4c000 r--p 0000b000 08:02 1084655 /usr/lib/libgstapp-0.10.so.0.19.2 a7b4c000-a7b4d000 rw-p 0000c000 08:02 1084655 /usr/lib/libgstapp-0.10.so.0.19.2 a7b4d000-a7b5b000 r-xp 00000000 08:02 1086367 /usr/lib/libgeoclue.so.0.0.0 a7b5b000-a7b5c000 r--p 0000d000 08:02 1086367 /usr/lib/libgeoclue.so.0.0.0 a7b5c000-a7b5d000 rw-p 0000e000 08:02 1086367 /usr/lib/libgeoclue.so.0.0.0 a7b5d000-a8acf000 r-xp 00000000 08:02 1085700 /usr/lib/libwebkit-1.0.so.2.17.2 a8acf000-a8b74000 r--p 00f71000 08:02 1085700 /usr/lib/libwebkit-1.0.so.2.17.2 a8b74000-a8b7b000 rw-p 01016000 08:02 1085700 /usr/lib/libwebkit-1.0.so.2.17.2 a8b7b000-a8b8f000 rw-p 00000000 00:00 0 a8bae000-a8be7000 r-xp 00000000 08:06 690372 /home/lakhil/opt/gnome3/lib/evolution/3.0/plugins/liborg-gnome-evolution-rss.so a8be7000-a8be8000 r--p 00038000 08:06 690372 /home/lakhil/opt/gnome3/lib/evolution/3.0/plugins/liborg-gnome-evolution-rss.so a8be8000-a8be9000 rw-p 00039000 08:06 690372 /home/lakhil/opt/gnome3/lib/evolution/3.0/plugins/liborg-gnome-evolution-rss.so Program received signal SIGABRT, Aborted. [Switching to Thread 0xaf3edb70 (LWP 23840)] 0xffffe430 in __kernel_vsyscall () (gdb) t a a bt
+ Trace 222394
Julien, do you have any idea what this could cause? See Thread 14 and Thread 7 in the above backtrace, both are crashing on double free in talloc. I do not suppose the locking patch could help here, as this is for different session, right? Akhil, what is your openchange version/svn revision, please?
(In reply to comment #1) > Akhil, what is your openchange version/svn revision, please? Openchange rev 1889
Milan, I'm very sceptical about the bug origin/cause. talloc double_free error in libmapi/IMAPIProp.c:160 really makes no sense to me. mem_ctx is local to the function and can't be free'd before. I would need further information on the code context
Similar downstream bug report from 2.32.2: https://bugzilla.redhat.com/show_bug.cgi?id=687854 The latest openchange, with certain changes in evo-mapi (which are only about to happen once we'll depend on that openchange version) may fix this. I suppose this is because talloc is not thread safe.
I'm closing this in favour of evolution-mapi 3.1.4, which depends on OpenChange 0.11. Please reopen, if you'll see this in that version. Thanks in advance.