GlibC "fix" broke Evolution 1.4.6 on FC2

David Malcolm dmalcolm at redhat.com
Tue Nov 16 19:37:45 UTC 2004 

On Fri, 2004-11-12 at 13:14 -0500, David Malcolm wrote:
> On Fri, 2004-11-12 at 08:21 -0500, Temlakos wrote:
> > The problem is that Ximian refuses even to consider the problem. Why 
> > should I have to trace a bug in someone else's code? More to the point, 
> > how do I solve the problem? As matters now stand, Evolution is unusable. 
> > When it sends and receives mail, it has a fifty percent chance of crashing.
> 
> Thanks for sending this detailed report.  Please can you file all of
> this as a bug in Red Hat's Bugzilla so that it doesn't get lost.

I've gone ahead and added this as bug #139573

> 
> Thanks
> 
> > 
> > Here is the output of BugBuddy on my system:
> > 
> > Distribution: Fedora Core release 2 (Tettnang)
> > Package: Evolution
> > Priority: Normal
> > Version: GNOME2.6. unspecified
> > Gnome-Distributor: Red Hat, Inc
> > Synopsis: Crash on Send/Receive Mail
> > Bugzilla-Product: Evolution
> > Bugzilla-Component: Mailer
> > Bugzilla-Version: unspecified
> > BugBuddy-GnomeVersion: 2.0 (2.6.0)
> > Description:
> > Description of the crash:
> > 
> > Whenever I do a Send/Receive, especially if there's any mail in the box,
> > the program crashes.
> > 
> > Steps to reproduce the crash:
> > 1. Start Evolution.
> > 2. Click Send/Receive.
> > 3. [It doesn't get that far]
> > 
> > Expected Results:
> > 
> > Download mail.
> > 
> > How often does this happen?
> > 
> > Has happened three times in thirty seconds. My e-mail client is
> > unusable.
> > 
> > Additional Information:
> > 
> > 
> > 
> > Debugging Information:
> > 
> > Backtrace was generated from '/usr/bin/evolution'
> > 
> > (no debugging symbols found)...Using host libthread_db library
> > "/lib/tls/libthread_db.so.1".
> > (no debugging symbols found)...(no debugging symbols found)...(no
> > debugging symbols found)...(no debugging symbols found)...(no debugging
> > symbols found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...[Thread debugging using
> > libthread_db enabled]
> > [New Thread -151129440 (LWP 2399)]
> > [New Thread 93531056 (LWP 2422)]
> > [Thread debugging using libthread_db enabled]
> > [New Thread -151129440 (LWP 2399)]
> > [New Thread 93531056 (LWP 2422)]
> > [Thread debugging using libthread_db enabled]
> > [New Thread -151129440 (LWP 2399)]
> > [New Thread 93531056 (LWP 2422)]
> > [New Thread 68639664 (LWP 2421)]
> > [New Thread 58149808 (LWP 2420)]
> > [New Thread 39386032 (LWP 2419)]
> > [New Thread 28896176 (LWP 2418)]
> > (no debugging symbols found)...(no debugging symbols found)...(no
> > debugging symbols found)...(no debugging symbols found)...(no debugging
> > symbols found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...(no debugging symbols found)...(no debugging symbols
> > found)...0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > #1  0x00f460db in __waitpid_nocancel () from /lib/tls/libpthread.so.0
> > #2  0x02ad5442 in libgnomeui_module_info_get ()
> >    from /usr/lib/libgnomeui-2.so.0
> > #3  0x0809c8f1 in evolution_storage_set_view_factory_new_view ()
> > #4  <signal handler called>
> > #5  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > #6  0x00471057 in poll () from /lib/tls/libc.so.6
> > #7  0x00a49156 in g_main_loop_get_context () from
> > /usr/lib/libglib-2.0.so.0
> > #8  0x00a48590 in g_main_context_dispatch () from
> > /usr/lib/libglib-2.0.so.0
> > #9  0x00a48c53 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
> > #10 0x006550a8 in bonobo_main () from /usr/lib/libbonobo-2.so.0
> > #11 0x0809ccf4 in main ()
> > 
> > Thread 6 (Thread 28896176 (LWP 2418)):
> > #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > No symbol table info available.
> > #1  0x00473491 in ___newselect_nocancel () from /lib/tls/libc.so.6
> > No symbol table info available.
> > #2  0x04f0c2de in camel_service_gethost ()
> >    from /usr/lib/evolution/1.4/libcamel.so.0
> > No symbol table info available.
> > #3  0x04f0bea8 in camel_service_gethost ()
> >    from /usr/lib/evolution/1.4/libcamel.so.0
> > No symbol table info available.
> > #4  0x0070c354 in camel_pop3_store_get_type ()
> >    from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
> > No symbol table info available.
> > #5  0x0070c8e0 in camel_pop3_store_get_type ()
> >    from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
> > No symbol table info available.
> > #6  0x0070d43d in camel_pop3_store_expunge ()
> >    from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
> > No symbol table info available.
> > #7  0x04f0b6c5 in camel_service_connect ()
> >    from /usr/lib/evolution/1.4/libcamel.so.0
> > No symbol table info available.
> > #8  0x04f0d634 in camel_session_get_service_connected ()
> >    from /usr/lib/evolution/1.4/libcamel.so.0
> > No symbol table info available.
> > #9  0x010902fe in mail_tool_get_inbox ()
> >    from /usr/lib/evolution/1.4/components/libevolution-mail.so
> > No symbol table info available.
> > #10 0x01086882 in mail_filter_on_demand ()
> >    from /usr/lib/evolution/1.4/components/libevolution-mail.so
> > No symbol table info available.
> > #11 0x010846fe in mail_msg_wait_all ()
> >    from /usr/lib/evolution/1.4/components/libevolution-mail.so
> > No symbol table info available.
> > #12 0x02c1c5b7 in e_thread_busy () from
> > /usr/lib/evolution/1.4/libeutil.so.0
> > No symbol table info available.
> > #13 0x02c1c6e7 in e_thread_busy () from
> > /usr/lib/evolution/1.4/libeutil.so.0
> > No symbol table info available.
> > #14 0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #15 0x0047a7da in clone () from /lib/tls/libc.so.6
> > No symbol table info available.
> > 
> > Thread 5 (Thread 39386032 (LWP 2419)):
> > #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > No symbol table info available.
> > #1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
> >    from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #2  0x02c1bf65 in e_msgport_wait () from
> > /usr/lib/evolution/1.4/libeutil.so.0
> > No symbol table info available.
> > #3  0x02c1c77d in e_thread_busy () from
> > /usr/lib/evolution/1.4/libeutil.so.0
> > No symbol table info available.
> > #4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #5  0x0047a7da in clone () from /lib/tls/libc.so.6
> > No symbol table info available.
> > 
> > Thread 4 (Thread 58149808 (LWP 2420)):
> > #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > No symbol table info available.
> > #1  0x00f44eee in __lll_mutex_lock_wait () from
> > /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #2  0x00f41df4 in _L_mutex_lock_29 () from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #3  0x00f6a860 in _dl_runtime_resolve () from /lib/ld-linux.so.2
> > No symbol table info available.
> > #4  0x0809c8c3 in evolution_storage_set_view_factory_new_view ()
> > No symbol table info available.
> > #5  0x0809c8c3 in evolution_storage_set_view_factory_new_view ()
> > No symbol table info available.
> > #6  <signal handler called>
> > No symbol table info available.
> > #7  0x00425a33 in strlen () from /lib/tls/libc.so.6
> > No symbol table info available.
> > #8  0x02c17804 in e_gethostbyname_r ()
> >    from /usr/lib/evolution/1.4/libeutil.so.0
> > No symbol table info available.
> > #9  0x04f0bf77 in camel_service_gethost ()
> >    from /usr/lib/evolution/1.4/libcamel.so.0
> > No symbol table info available.
> > #10 0x04f0bff8 in camel_service_gethost ()
> >    from /usr/lib/evolution/1.4/libcamel.so.0
> > No symbol table info available.
> > #11 0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #12 0x0047a7da in clone () from /lib/tls/libc.so.6
> > No symbol table info available.
> > 
> > Thread 3 (Thread 68639664 (LWP 2421)):
> > #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > No symbol table info available.
> > #1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
> >    from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #2  0x02c1bf65 in e_msgport_wait () from
> > /usr/lib/evolution/1.4/libeutil.so.0
> > No symbol table info available.
> > #3  0x04f0bfae in camel_service_gethost ()
> >    from /usr/lib/evolution/1.4/libcamel.so.0
> > No symbol table info available.
> > #4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #5  0x0047a7da in clone () from /lib/tls/libc.so.6
> > No symbol table info available.
> > 
> > Thread 2 (Thread 93531056 (LWP 2422)):
> > #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > No symbol table info available.
> > #1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
> >    from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #2  0x02c1bf65 in e_msgport_wait () from
> > /usr/lib/evolution/1.4/libeutil.so.0
> > No symbol table info available.
> > #3  0x04f0bfae in camel_service_gethost ()
> >    from /usr/lib/evolution/1.4/libcamel.so.0
> > No symbol table info available.
> > #4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #5  0x0047a7da in clone () from /lib/tls/libc.so.6
> > No symbol table info available.
> > 
> > Thread 1 (Thread -151129440 (LWP 2399)):
> > #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > No symbol table info available.
> > #1  0x00f460db in __waitpid_nocancel () from /lib/tls/libpthread.so.0
> > No symbol table info available.
> > #2  0x02ad5442 in libgnomeui_module_info_get ()
> >    from /usr/lib/libgnomeui-2.so.0
> > No symbol table info available.
> > #3  0x0809c8f1 in evolution_storage_set_view_factory_new_view ()
> > No symbol table info available.
> > #4  <signal handler called>
> > No symbol table info available.
> > #5  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > No symbol table info available.
> > #6  0x00471057 in poll () from /lib/tls/libc.so.6
> > No symbol table info available.
> > #7  0x00a49156 in g_main_loop_get_context () from
> > /usr/lib/libglib-2.0.so.0
> > No symbol table info available.
> > #8  0x00a48590 in g_main_context_dispatch () from
> > /usr/lib/libglib-2.0.so.0
> > No symbol table info available.
> > #9  0x00a48c53 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
> > No symbol table info available.
> > #10 0x006550a8 in bonobo_main () from /usr/lib/libbonobo-2.so.0
> > No symbol table info available.
> > #11 0x0809ccf4 in main ()
> > No symbol table info available.
> > #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> > 
> > And here is what Ximian said about it:
> > 
> > /------- Additional Comments From Gerardo Marin <mailto:gerardo at novell.com> 2004-11-11 18:00 -------/
> > 
> > *** This bug has been marked as a duplicate of 43160
> > 
> > And here are the relevant comments from some of Ximian's people, when this issue evidently came up *a year and a half ago*:
> > 
> > 
> > I can't find anything wrong with our code. I think there is just
> > random memory corruption happening somewhere, except I can't find it.
> > Also, mail_importer_init() is called fairly early in owner_set_cb() so
> > the memory corruption has to happen before then.
> > 
> > if all the crashes were in g_module_open(), I'd be blaming libc right
> > about now, but unfortunately there are even a few crashes in
> > mail_importer_module_init() which is a symbol loaded from each
> > importer module.
> > 
> > As far as I can tell, there is definetely no memory corruption
> > happening within mail_importer_init(). looking at some of the
> > backtraces, you can tell the correct (strdup'd) string is making it to
> >  g_module_open(), but the string passed to dlopen() by g_module_open
> > is *not* the same pointer, so I wonder if glib is doing something
> > fucked? Somehow I doubt this, but...*shrug*
> > 
> > for all I know, this memory corruption could be in the shell or
> > calendar or addressbook or summary...or... anywhere.
> > 
> > #14 0x40ec9ce4 in _g_module_open (
> >     file_name=0xfffffe00 <Address 0xfffffe00 out of bounds>,
> > bind_lazy=0)
> >     at gmodule-dl.c:93
> > #15 0x40eca090 in g_module_open (
> >     file_name=0x8218cc8
> > "/usr/lib/evolution/1.2/evolution-mail-importers/libmbox.so", flags=0)
> > at gmodule.c:231
> > 
> > gmodule.c from glib 1.2 (which is where all the reports are afaict)
> > doesn't do anything with the filename, it just passes the same pointer
> > that we pass to it. but from the bt, those 2 pointers differ. I have
> > no idea how. "Not Possible"
> > 
> > 
> > 
> > 
> > /------- Additional Comments From Jeff Stedfast <mailto:fejj at ximian.com> 2003-05-19 14:42 -------/
> > 
> > hmmm, as far as the second type of trace, where the crasher is in
> > mail_importer_module_init(), this bt seems the most complete:
> > 
> > http://bugzilla.ximian.com/show_bug.cgi?id=41495
> > 
> > if one looks at that bt, one has to wonder if the
> > corruption/bug/whatever is within gconf?
> > 
> > 
> > 
> > 
> > /------- Additional Comments From Jeff Stedfast <mailto:fejj at ximian.com> 2003-05-19 14:48 -------/
> > 
> > nah, on closer inspection it doesn't seem to be gconf. higher up in
> > the callchain, there's an invalid pointer being passed to
> > parse_default_uri() ?
> > 
> > I dunno, maybe the bt is corrupted too, who the hell knows.
> > 
> > this bug report is a complete waste of time to even bother looking at
> > imho :\
> > 
> > 
> > 
> > 
> > /------- Additional Comments From ettore at ximian.com <mailto:ettore at ximian.com> 2003-05-19 17:50 -------/
> > 
> > If the problem is memory corruption, then it can't be in shell or
> > summary since the problem used to happen with 1.2 when things were in
> > separate processes.  So it must either be a bonobo-activation/oaf bug,
> > or a race condition in the mailer code.
> > 
> > 
> > 
> > 
> > /------- Additional Comments From Not Zed <mailto:notzed at ximian.com> 2003-05-19 21:11 -------/
> > 
> > Given that the 1.3 ones seem quite different from the earlier version
> > ones (none of those are in mail importer init?), it is probably the
> > strongest indication that the problem isn't actually with evolution code.
> > 
> > i.e. my first impression and still strongest would be that it is a
> > problem in libdl.
> > 
> > Probably the next likeliest candidates are some problem in the
> > indexing code, and/or the mail importer code.
> > 
> > All areas, but particularly libdl, get heavily exercised at that
> > initial startup stage - mail_importer_init is run at the same time as
> > async tasks to open folders which are the first real calls to camel,
> > and a lot of symbol resolution is happening.
> > 
> > Without some sort of reliable reproduction scenario though ... and we
> > dont even have any of the output from the terminal either, if there is
> > any.
> > 
> > I think i may have seen this once, but i'm not sure.  I know i have a
> > known buggy dynamic linker w/ multithreaded apps.
> > 
> > FWIW some of the dups dont look particularly related, but only maybe
> > half a dozen.
> > 
> > 
> > 
> > 
> > /------- Additional Comments From Dan Winship <mailto:danw at novell.com> 2003-05-20 07:51 -------/
> > 
> > Yeah, I wasn't paying enough attention and didn't notice that a
> > bunch of them are crashes in other threads while mail_importer_init
> > merely happened to be running. Although many of those are crashes
> > in libdl still, so it may still all be related.
> > 
> > Temlakos
> > 
> > Ulrich Drepper wrote:
> > 
> > >-----BEGIN PGP SIGNED MESSAGE-----
> > >Hash: SHA1
> > >
> > >Temlakos wrote:
> > >
> > >  
> > >
> > >>I filed a report to Bugzilla.Ximian.com, and they said (a) "it's the
> > >>same thing we've seen before," and (b) "it's not our fault; there's some
> > >>memory corruption going on somewhere." They mentioned the "libc" file at
> > >>some point in their correspondence on this issue.
> > >>    
> > >>
> > >
> > >Memory corruptions are highly unlikely _caused_ by glibc.  The malloc
> > >functions will easily crash due to memory corruption but this does not
> > >mean there is a bug in glibc.  Every glibc change has the potential to
> > >bring out new bugs; if objects are laid out differently in memory,
> > >buffer overruns will affect different regions and the newly written to
> > >ones might be more sensitive.
> > >
> > >You'll have to determine what these vague statements you got really mean.
> > >
> > >- --
> > >➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
> > >-----BEGIN PGP SIGNATURE-----
> > >Version: GnuPG v1.2.6 (GNU/Linux)
> > >
> > >iD8DBQFBlE942ijCOnn/RHQRAtKFAKCAe/S2Pt7ENLXLIGk5PuzJ6t1qiwCfQfB6
> > >pjLHWwxUe6qlaNP0n+EaZKw=
> > >=F7fh
> > >-----END PGP SIGNATURE-----
> > >
> > >  
> > >
> > 
>

More information about the fedora-list mailing list