GlibC "fix" broke Evolution 1.4.6 on FC2

Temlakos temlakos at comcast.net
Fri Nov 12 13:21:56 UTC 2004 

The problem is that Ximian refuses even to consider the problem. Why 
should I have to trace a bug in someone else's code? More to the point, 
how do I solve the problem? As matters now stand, Evolution is unusable. 
When it sends and receives mail, it has a fifty percent chance of crashing.

Here is the output of BugBuddy on my system:

Distribution: Fedora Core release 2 (Tettnang)
Package: Evolution
Priority: Normal
Version: GNOME2.6. unspecified
Gnome-Distributor: Red Hat, Inc
Synopsis: Crash on Send/Receive Mail
Bugzilla-Product: Evolution
Bugzilla-Component: Mailer
Bugzilla-Version: unspecified
BugBuddy-GnomeVersion: 2.0 (2.6.0)
Description:
Description of the crash:

Whenever I do a Send/Receive, especially if there's any mail in the box,
the program crashes.

Steps to reproduce the crash:
1. Start Evolution.
2. Click Send/Receive.
3. [It doesn't get that far]

Expected Results:

Download mail.

How often does this happen?

Has happened three times in thirty seconds. My e-mail client is
unusable.

Additional Information:



Debugging Information:

Backtrace was generated from '/usr/bin/evolution'

(no debugging symbols found)...Using host libthread_db library
"/lib/tls/libthread_db.so.1".
(no debugging symbols found)...(no debugging symbols found)...(no
debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...[Thread debugging using
libthread_db enabled]
[New Thread -151129440 (LWP 2399)]
[New Thread 93531056 (LWP 2422)]
[Thread debugging using libthread_db enabled]
[New Thread -151129440 (LWP 2399)]
[New Thread 93531056 (LWP 2422)]
[Thread debugging using libthread_db enabled]
[New Thread -151129440 (LWP 2399)]
[New Thread 93531056 (LWP 2422)]
[New Thread 68639664 (LWP 2421)]
[New Thread 58149808 (LWP 2420)]
[New Thread 39386032 (LWP 2419)]
[New Thread 28896176 (LWP 2418)]
(no debugging symbols found)...(no debugging symbols found)...(no
debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols
found)...0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00f460db in __waitpid_nocancel () from /lib/tls/libpthread.so.0
#2  0x02ad5442 in libgnomeui_module_info_get ()
   from /usr/lib/libgnomeui-2.so.0
#3  0x0809c8f1 in evolution_storage_set_view_factory_new_view ()
#4  <signal handler called>
#5  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#6  0x00471057 in poll () from /lib/tls/libc.so.6
#7  0x00a49156 in g_main_loop_get_context () from
/usr/lib/libglib-2.0.so.0
#8  0x00a48590 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#9  0x00a48c53 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#10 0x006550a8 in bonobo_main () from /usr/lib/libbonobo-2.so.0
#11 0x0809ccf4 in main ()

Thread 6 (Thread 28896176 (LWP 2418)):
#0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
No symbol table info available.
#1  0x00473491 in ___newselect_nocancel () from /lib/tls/libc.so.6
No symbol table info available.
#2  0x04f0c2de in camel_service_gethost ()
   from /usr/lib/evolution/1.4/libcamel.so.0
No symbol table info available.
#3  0x04f0bea8 in camel_service_gethost ()
   from /usr/lib/evolution/1.4/libcamel.so.0
No symbol table info available.
#4  0x0070c354 in camel_pop3_store_get_type ()
   from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
No symbol table info available.
#5  0x0070c8e0 in camel_pop3_store_get_type ()
   from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
No symbol table info available.
#6  0x0070d43d in camel_pop3_store_expunge ()
   from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
No symbol table info available.
#7  0x04f0b6c5 in camel_service_connect ()
   from /usr/lib/evolution/1.4/libcamel.so.0
No symbol table info available.
#8  0x04f0d634 in camel_session_get_service_connected ()
   from /usr/lib/evolution/1.4/libcamel.so.0
No symbol table info available.
#9  0x010902fe in mail_tool_get_inbox ()
   from /usr/lib/evolution/1.4/components/libevolution-mail.so
No symbol table info available.
#10 0x01086882 in mail_filter_on_demand ()
   from /usr/lib/evolution/1.4/components/libevolution-mail.so
No symbol table info available.
#11 0x010846fe in mail_msg_wait_all ()
   from /usr/lib/evolution/1.4/components/libevolution-mail.so
No symbol table info available.
#12 0x02c1c5b7 in e_thread_busy () from
/usr/lib/evolution/1.4/libeutil.so.0
No symbol table info available.
#13 0x02c1c6e7 in e_thread_busy () from
/usr/lib/evolution/1.4/libeutil.so.0
No symbol table info available.
#14 0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#15 0x0047a7da in clone () from /lib/tls/libc.so.6
No symbol table info available.

Thread 5 (Thread 39386032 (LWP 2419)):
#0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
No symbol table info available.
#1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/libpthread.so.0
No symbol table info available.
#2  0x02c1bf65 in e_msgport_wait () from
/usr/lib/evolution/1.4/libeutil.so.0
No symbol table info available.
#3  0x02c1c77d in e_thread_busy () from
/usr/lib/evolution/1.4/libeutil.so.0
No symbol table info available.
#4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#5  0x0047a7da in clone () from /lib/tls/libc.so.6
No symbol table info available.

Thread 4 (Thread 58149808 (LWP 2420)):
#0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
No symbol table info available.
#1  0x00f44eee in __lll_mutex_lock_wait () from
/lib/tls/libpthread.so.0
No symbol table info available.
#2  0x00f41df4 in _L_mutex_lock_29 () from /lib/tls/libpthread.so.0
No symbol table info available.
#3  0x00f6a860 in _dl_runtime_resolve () from /lib/ld-linux.so.2
No symbol table info available.
#4  0x0809c8c3 in evolution_storage_set_view_factory_new_view ()
No symbol table info available.
#5  0x0809c8c3 in evolution_storage_set_view_factory_new_view ()
No symbol table info available.
#6  <signal handler called>
No symbol table info available.
#7  0x00425a33 in strlen () from /lib/tls/libc.so.6
No symbol table info available.
#8  0x02c17804 in e_gethostbyname_r ()
   from /usr/lib/evolution/1.4/libeutil.so.0
No symbol table info available.
#9  0x04f0bf77 in camel_service_gethost ()
   from /usr/lib/evolution/1.4/libcamel.so.0
No symbol table info available.
#10 0x04f0bff8 in camel_service_gethost ()
   from /usr/lib/evolution/1.4/libcamel.so.0
No symbol table info available.
#11 0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#12 0x0047a7da in clone () from /lib/tls/libc.so.6
No symbol table info available.

Thread 3 (Thread 68639664 (LWP 2421)):
#0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
No symbol table info available.
#1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/libpthread.so.0
No symbol table info available.
#2  0x02c1bf65 in e_msgport_wait () from
/usr/lib/evolution/1.4/libeutil.so.0
No symbol table info available.
#3  0x04f0bfae in camel_service_gethost ()
   from /usr/lib/evolution/1.4/libcamel.so.0
No symbol table info available.
#4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#5  0x0047a7da in clone () from /lib/tls/libc.so.6
No symbol table info available.

Thread 2 (Thread 93531056 (LWP 2422)):
#0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
No symbol table info available.
#1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/libpthread.so.0
No symbol table info available.
#2  0x02c1bf65 in e_msgport_wait () from
/usr/lib/evolution/1.4/libeutil.so.0
No symbol table info available.
#3  0x04f0bfae in camel_service_gethost ()
   from /usr/lib/evolution/1.4/libcamel.so.0
No symbol table info available.
#4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#5  0x0047a7da in clone () from /lib/tls/libc.so.6
No symbol table info available.

Thread 1 (Thread -151129440 (LWP 2399)):
#0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
No symbol table info available.
#1  0x00f460db in __waitpid_nocancel () from /lib/tls/libpthread.so.0
No symbol table info available.
#2  0x02ad5442 in libgnomeui_module_info_get ()
   from /usr/lib/libgnomeui-2.so.0
No symbol table info available.
#3  0x0809c8f1 in evolution_storage_set_view_factory_new_view ()
No symbol table info available.
#4  <signal handler called>
No symbol table info available.
#5  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
No symbol table info available.
#6  0x00471057 in poll () from /lib/tls/libc.so.6
No symbol table info available.
#7  0x00a49156 in g_main_loop_get_context () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#8  0x00a48590 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#9  0x00a48c53 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#10 0x006550a8 in bonobo_main () from /usr/lib/libbonobo-2.so.0
No symbol table info available.
#11 0x0809ccf4 in main ()
No symbol table info available.
#0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2

And here is what Ximian said about it:

/------- Additional Comments From Gerardo Marin <mailto:gerardo at novell.com> 2004-11-11 18:00 -------/

*** This bug has been marked as a duplicate of 43160

And here are the relevant comments from some of Ximian's people, when this issue evidently came up *a year and a half ago*:


I can't find anything wrong with our code. I think there is just
random memory corruption happening somewhere, except I can't find it.
Also, mail_importer_init() is called fairly early in owner_set_cb() so
the memory corruption has to happen before then.

if all the crashes were in g_module_open(), I'd be blaming libc right
about now, but unfortunately there are even a few crashes in
mail_importer_module_init() which is a symbol loaded from each
importer module.

As far as I can tell, there is definetely no memory corruption
happening within mail_importer_init(). looking at some of the
backtraces, you can tell the correct (strdup'd) string is making it to
 g_module_open(), but the string passed to dlopen() by g_module_open
is *not* the same pointer, so I wonder if glib is doing something
fucked? Somehow I doubt this, but...*shrug*

for all I know, this memory corruption could be in the shell or
calendar or addressbook or summary...or... anywhere.

#14 0x40ec9ce4 in _g_module_open (
    file_name=0xfffffe00 <Address 0xfffffe00 out of bounds>,
bind_lazy=0)
    at gmodule-dl.c:93
#15 0x40eca090 in g_module_open (
    file_name=0x8218cc8
"/usr/lib/evolution/1.2/evolution-mail-importers/libmbox.so", flags=0)
at gmodule.c:231

gmodule.c from glib 1.2 (which is where all the reports are afaict)
doesn't do anything with the filename, it just passes the same pointer
that we pass to it. but from the bt, those 2 pointers differ. I have
no idea how. "Not Possible"




/------- Additional Comments From Jeff Stedfast <mailto:fejj at ximian.com> 2003-05-19 14:42 -------/

hmmm, as far as the second type of trace, where the crasher is in
mail_importer_module_init(), this bt seems the most complete:

http://bugzilla.ximian.com/show_bug.cgi?id=41495

if one looks at that bt, one has to wonder if the
corruption/bug/whatever is within gconf?




/------- Additional Comments From Jeff Stedfast <mailto:fejj at ximian.com> 2003-05-19 14:48 -------/

nah, on closer inspection it doesn't seem to be gconf. higher up in
the callchain, there's an invalid pointer being passed to
parse_default_uri() ?

I dunno, maybe the bt is corrupted too, who the hell knows.

this bug report is a complete waste of time to even bother looking at
imho :\




/------- Additional Comments From ettore at ximian.com <mailto:ettore at ximian.com> 2003-05-19 17:50 -------/

If the problem is memory corruption, then it can't be in shell or
summary since the problem used to happen with 1.2 when things were in
separate processes.  So it must either be a bonobo-activation/oaf bug,
or a race condition in the mailer code.




/------- Additional Comments From Not Zed <mailto:notzed at ximian.com> 2003-05-19 21:11 -------/

Given that the 1.3 ones seem quite different from the earlier version
ones (none of those are in mail importer init?), it is probably the
strongest indication that the problem isn't actually with evolution code.

i.e. my first impression and still strongest would be that it is a
problem in libdl.

Probably the next likeliest candidates are some problem in the
indexing code, and/or the mail importer code.

All areas, but particularly libdl, get heavily exercised at that
initial startup stage - mail_importer_init is run at the same time as
async tasks to open folders which are the first real calls to camel,
and a lot of symbol resolution is happening.

Without some sort of reliable reproduction scenario though ... and we
dont even have any of the output from the terminal either, if there is
any.

I think i may have seen this once, but i'm not sure.  I know i have a
known buggy dynamic linker w/ multithreaded apps.

FWIW some of the dups dont look particularly related, but only maybe
half a dozen.




/------- Additional Comments From Dan Winship <mailto:danw at novell.com> 2003-05-20 07:51 -------/

Yeah, I wasn't paying enough attention and didn't notice that a
bunch of them are crashes in other threads while mail_importer_init
merely happened to be running. Although many of those are crashes
in libdl still, so it may still all be related.

Temlakos

Ulrich Drepper wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Temlakos wrote:
>
>  
>
>>I filed a report to Bugzilla.Ximian.com, and they said (a) "it's the
>>same thing we've seen before," and (b) "it's not our fault; there's some
>>memory corruption going on somewhere." They mentioned the "libc" file at
>>some point in their correspondence on this issue.
>>    
>>
>
>Memory corruptions are highly unlikely _caused_ by glibc.  The malloc
>functions will easily crash due to memory corruption but this does not
>mean there is a bug in glibc.  Every glibc change has the potential to
>bring out new bugs; if objects are laid out differently in memory,
>buffer overruns will affect different regions and the newly written to
>ones might be more sensitive.
>
>You'll have to determine what these vague statements you got really mean.
>
>- --
>➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.6 (GNU/Linux)
>
>iD8DBQFBlE942ijCOnn/RHQRAtKFAKCAe/S2Pt7ENLXLIGk5PuzJ6t1qiwCfQfB6
>pjLHWwxUe6qlaNP0n+EaZKw=
>=F7fh
>-----END PGP SIGNATURE-----
>
>  
>

More information about the fedora-list mailing list