GlibC "fix" broke Evolution 1.4.6 on FC2

David Malcolm dmalcolm at redhat.com
Fri Nov 12 18:14:28 UTC 2004 

On Fri, 2004-11-12 at 08:21 -0500, Temlakos wrote:
> The problem is that Ximian refuses even to consider the problem. Why 
> should I have to trace a bug in someone else's code? More to the point, 
> how do I solve the problem? As matters now stand, Evolution is unusable. 
> When it sends and receives mail, it has a fifty percent chance of crashing.

Thanks for sending this detailed report.  Please can you file all of
this as a bug in Red Hat's Bugzilla so that it doesn't get lost.

Thanks

> 
> Here is the output of BugBuddy on my system:
> 
> Distribution: Fedora Core release 2 (Tettnang)
> Package: Evolution
> Priority: Normal
> Version: GNOME2.6. unspecified
> Gnome-Distributor: Red Hat, Inc
> Synopsis: Crash on Send/Receive Mail
> Bugzilla-Product: Evolution
> Bugzilla-Component: Mailer
> Bugzilla-Version: unspecified
> BugBuddy-GnomeVersion: 2.0 (2.6.0)
> Description:
> Description of the crash:
> 
> Whenever I do a Send/Receive, especially if there's any mail in the box,
> the program crashes.
> 
> Steps to reproduce the crash:
> 1. Start Evolution.
> 2. Click Send/Receive.
> 3. [It doesn't get that far]
> 
> Expected Results:
> 
> Download mail.
> 
> How often does this happen?
> 
> Has happened three times in thirty seconds. My e-mail client is
> unusable.
> 
> Additional Information:
> 
> 
> 
> Debugging Information:
> 
> Backtrace was generated from '/usr/bin/evolution'
> 
> (no debugging symbols found)...Using host libthread_db library
> "/lib/tls/libthread_db.so.1".
> (no debugging symbols found)...(no debugging symbols found)...(no
> debugging symbols found)...(no debugging symbols found)...(no debugging
> symbols found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...[Thread debugging using
> libthread_db enabled]
> [New Thread -151129440 (LWP 2399)]
> [New Thread 93531056 (LWP 2422)]
> [Thread debugging using libthread_db enabled]
> [New Thread -151129440 (LWP 2399)]
> [New Thread 93531056 (LWP 2422)]
> [Thread debugging using libthread_db enabled]
> [New Thread -151129440 (LWP 2399)]
> [New Thread 93531056 (LWP 2422)]
> [New Thread 68639664 (LWP 2421)]
> [New Thread 58149808 (LWP 2420)]
> [New Thread 39386032 (LWP 2419)]
> [New Thread 28896176 (LWP 2418)]
> (no debugging symbols found)...(no debugging symbols found)...(no
> debugging symbols found)...(no debugging symbols found)...(no debugging
> symbols found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...(no debugging symbols found)...(no debugging symbols
> found)...0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> #1  0x00f460db in __waitpid_nocancel () from /lib/tls/libpthread.so.0
> #2  0x02ad5442 in libgnomeui_module_info_get ()
>    from /usr/lib/libgnomeui-2.so.0
> #3  0x0809c8f1 in evolution_storage_set_view_factory_new_view ()
> #4  <signal handler called>
> #5  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> #6  0x00471057 in poll () from /lib/tls/libc.so.6
> #7  0x00a49156 in g_main_loop_get_context () from
> /usr/lib/libglib-2.0.so.0
> #8  0x00a48590 in g_main_context_dispatch () from
> /usr/lib/libglib-2.0.so.0
> #9  0x00a48c53 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
> #10 0x006550a8 in bonobo_main () from /usr/lib/libbonobo-2.so.0
> #11 0x0809ccf4 in main ()
> 
> Thread 6 (Thread 28896176 (LWP 2418)):
> #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> No symbol table info available.
> #1  0x00473491 in ___newselect_nocancel () from /lib/tls/libc.so.6
> No symbol table info available.
> #2  0x04f0c2de in camel_service_gethost ()
>    from /usr/lib/evolution/1.4/libcamel.so.0
> No symbol table info available.
> #3  0x04f0bea8 in camel_service_gethost ()
>    from /usr/lib/evolution/1.4/libcamel.so.0
> No symbol table info available.
> #4  0x0070c354 in camel_pop3_store_get_type ()
>    from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
> No symbol table info available.
> #5  0x0070c8e0 in camel_pop3_store_get_type ()
>    from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
> No symbol table info available.
> #6  0x0070d43d in camel_pop3_store_expunge ()
>    from /usr/lib/evolution/1.4/camel-providers/libcamelpop3.so
> No symbol table info available.
> #7  0x04f0b6c5 in camel_service_connect ()
>    from /usr/lib/evolution/1.4/libcamel.so.0
> No symbol table info available.
> #8  0x04f0d634 in camel_session_get_service_connected ()
>    from /usr/lib/evolution/1.4/libcamel.so.0
> No symbol table info available.
> #9  0x010902fe in mail_tool_get_inbox ()
>    from /usr/lib/evolution/1.4/components/libevolution-mail.so
> No symbol table info available.
> #10 0x01086882 in mail_filter_on_demand ()
>    from /usr/lib/evolution/1.4/components/libevolution-mail.so
> No symbol table info available.
> #11 0x010846fe in mail_msg_wait_all ()
>    from /usr/lib/evolution/1.4/components/libevolution-mail.so
> No symbol table info available.
> #12 0x02c1c5b7 in e_thread_busy () from
> /usr/lib/evolution/1.4/libeutil.so.0
> No symbol table info available.
> #13 0x02c1c6e7 in e_thread_busy () from
> /usr/lib/evolution/1.4/libeutil.so.0
> No symbol table info available.
> #14 0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> No symbol table info available.
> #15 0x0047a7da in clone () from /lib/tls/libc.so.6
> No symbol table info available.
> 
> Thread 5 (Thread 39386032 (LWP 2419)):
> #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> No symbol table info available.
> #1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
>    from /lib/tls/libpthread.so.0
> No symbol table info available.
> #2  0x02c1bf65 in e_msgport_wait () from
> /usr/lib/evolution/1.4/libeutil.so.0
> No symbol table info available.
> #3  0x02c1c77d in e_thread_busy () from
> /usr/lib/evolution/1.4/libeutil.so.0
> No symbol table info available.
> #4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> No symbol table info available.
> #5  0x0047a7da in clone () from /lib/tls/libc.so.6
> No symbol table info available.
> 
> Thread 4 (Thread 58149808 (LWP 2420)):
> #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> No symbol table info available.
> #1  0x00f44eee in __lll_mutex_lock_wait () from
> /lib/tls/libpthread.so.0
> No symbol table info available.
> #2  0x00f41df4 in _L_mutex_lock_29 () from /lib/tls/libpthread.so.0
> No symbol table info available.
> #3  0x00f6a860 in _dl_runtime_resolve () from /lib/ld-linux.so.2
> No symbol table info available.
> #4  0x0809c8c3 in evolution_storage_set_view_factory_new_view ()
> No symbol table info available.
> #5  0x0809c8c3 in evolution_storage_set_view_factory_new_view ()
> No symbol table info available.
> #6  <signal handler called>
> No symbol table info available.
> #7  0x00425a33 in strlen () from /lib/tls/libc.so.6
> No symbol table info available.
> #8  0x02c17804 in e_gethostbyname_r ()
>    from /usr/lib/evolution/1.4/libeutil.so.0
> No symbol table info available.
> #9  0x04f0bf77 in camel_service_gethost ()
>    from /usr/lib/evolution/1.4/libcamel.so.0
> No symbol table info available.
> #10 0x04f0bff8 in camel_service_gethost ()
>    from /usr/lib/evolution/1.4/libcamel.so.0
> No symbol table info available.
> #11 0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> No symbol table info available.
> #12 0x0047a7da in clone () from /lib/tls/libc.so.6
> No symbol table info available.
> 
> Thread 3 (Thread 68639664 (LWP 2421)):
> #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> No symbol table info available.
> #1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
>    from /lib/tls/libpthread.so.0
> No symbol table info available.
> #2  0x02c1bf65 in e_msgport_wait () from
> /usr/lib/evolution/1.4/libeutil.so.0
> No symbol table info available.
> #3  0x04f0bfae in camel_service_gethost ()
>    from /usr/lib/evolution/1.4/libcamel.so.0
> No symbol table info available.
> #4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> No symbol table info available.
> #5  0x0047a7da in clone () from /lib/tls/libc.so.6
> No symbol table info available.
> 
> Thread 2 (Thread 93531056 (LWP 2422)):
> #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> No symbol table info available.
> #1  0x00f42922 in pthread_cond_wait@@GLIBC_2.3.2 ()
>    from /lib/tls/libpthread.so.0
> No symbol table info available.
> #2  0x02c1bf65 in e_msgport_wait () from
> /usr/lib/evolution/1.4/libeutil.so.0
> No symbol table info available.
> #3  0x04f0bfae in camel_service_gethost ()
>    from /usr/lib/evolution/1.4/libcamel.so.0
> No symbol table info available.
> #4  0x00f3f98c in start_thread () from /lib/tls/libpthread.so.0
> No symbol table info available.
> #5  0x0047a7da in clone () from /lib/tls/libc.so.6
> No symbol table info available.
> 
> Thread 1 (Thread -151129440 (LWP 2399)):
> #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> No symbol table info available.
> #1  0x00f460db in __waitpid_nocancel () from /lib/tls/libpthread.so.0
> No symbol table info available.
> #2  0x02ad5442 in libgnomeui_module_info_get ()
>    from /usr/lib/libgnomeui-2.so.0
> No symbol table info available.
> #3  0x0809c8f1 in evolution_storage_set_view_factory_new_view ()
> No symbol table info available.
> #4  <signal handler called>
> No symbol table info available.
> #5  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> No symbol table info available.
> #6  0x00471057 in poll () from /lib/tls/libc.so.6
> No symbol table info available.
> #7  0x00a49156 in g_main_loop_get_context () from
> /usr/lib/libglib-2.0.so.0
> No symbol table info available.
> #8  0x00a48590 in g_main_context_dispatch () from
> /usr/lib/libglib-2.0.so.0
> No symbol table info available.
> #9  0x00a48c53 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
> #10 0x006550a8 in bonobo_main () from /usr/lib/libbonobo-2.so.0
> No symbol table info available.
> #11 0x0809ccf4 in main ()
> No symbol table info available.
> #0  0x00f5f7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> 
> And here is what Ximian said about it:
> 
> /------- Additional Comments From Gerardo Marin <mailto:gerardo at novell.com> 2004-11-11 18:00 -------/
> 
> *** This bug has been marked as a duplicate of 43160
> 
> And here are the relevant comments from some of Ximian's people, when this issue evidently came up *a year and a half ago*:
> 
> 
> I can't find anything wrong with our code. I think there is just
> random memory corruption happening somewhere, except I can't find it.
> Also, mail_importer_init() is called fairly early in owner_set_cb() so
> the memory corruption has to happen before then.
> 
> if all the crashes were in g_module_open(), I'd be blaming libc right
> about now, but unfortunately there are even a few crashes in
> mail_importer_module_init() which is a symbol loaded from each
> importer module.
> 
> As far as I can tell, there is definetely no memory corruption
> happening within mail_importer_init(). looking at some of the
> backtraces, you can tell the correct (strdup'd) string is making it to
>  g_module_open(), but the string passed to dlopen() by g_module_open
> is *not* the same pointer, so I wonder if glib is doing something
> fucked? Somehow I doubt this, but...*shrug*
> 
> for all I know, this memory corruption could be in the shell or
> calendar or addressbook or summary...or... anywhere.
> 
> #14 0x40ec9ce4 in _g_module_open (
>     file_name=0xfffffe00 <Address 0xfffffe00 out of bounds>,
> bind_lazy=0)
>     at gmodule-dl.c:93
> #15 0x40eca090 in g_module_open (
>     file_name=0x8218cc8
> "/usr/lib/evolution/1.2/evolution-mail-importers/libmbox.so", flags=0)
> at gmodule.c:231
> 
> gmodule.c from glib 1.2 (which is where all the reports are afaict)
> doesn't do anything with the filename, it just passes the same pointer
> that we pass to it. but from the bt, those 2 pointers differ. I have
> no idea how. "Not Possible"
> 
> 
> 
> 
> /------- Additional Comments From Jeff Stedfast <mailto:fejj at ximian.com> 2003-05-19 14:42 -------/
> 
> hmmm, as far as the second type of trace, where the crasher is in
> mail_importer_module_init(), this bt seems the most complete:
> 
> http://bugzilla.ximian.com/show_bug.cgi?id=41495
> 
> if one looks at that bt, one has to wonder if the
> corruption/bug/whatever is within gconf?
> 
> 
> 
> 
> /------- Additional Comments From Jeff Stedfast <mailto:fejj at ximian.com> 2003-05-19 14:48 -------/
> 
> nah, on closer inspection it doesn't seem to be gconf. higher up in
> the callchain, there's an invalid pointer being passed to
> parse_default_uri() ?
> 
> I dunno, maybe the bt is corrupted too, who the hell knows.
> 
> this bug report is a complete waste of time to even bother looking at
> imho :\
> 
> 
> 
> 
> /------- Additional Comments From ettore at ximian.com <mailto:ettore at ximian.com> 2003-05-19 17:50 -------/
> 
> If the problem is memory corruption, then it can't be in shell or
> summary since the problem used to happen with 1.2 when things were in
> separate processes.  So it must either be a bonobo-activation/oaf bug,
> or a race condition in the mailer code.
> 
> 
> 
> 
> /------- Additional Comments From Not Zed <mailto:notzed at ximian.com> 2003-05-19 21:11 -------/
> 
> Given that the 1.3 ones seem quite different from the earlier version
> ones (none of those are in mail importer init?), it is probably the
> strongest indication that the problem isn't actually with evolution code.
> 
> i.e. my first impression and still strongest would be that it is a
> problem in libdl.
> 
> Probably the next likeliest candidates are some problem in the
> indexing code, and/or the mail importer code.
> 
> All areas, but particularly libdl, get heavily exercised at that
> initial startup stage - mail_importer_init is run at the same time as
> async tasks to open folders which are the first real calls to camel,
> and a lot of symbol resolution is happening.
> 
> Without some sort of reliable reproduction scenario though ... and we
> dont even have any of the output from the terminal either, if there is
> any.
> 
> I think i may have seen this once, but i'm not sure.  I know i have a
> known buggy dynamic linker w/ multithreaded apps.
> 
> FWIW some of the dups dont look particularly related, but only maybe
> half a dozen.
> 
> 
> 
> 
> /------- Additional Comments From Dan Winship <mailto:danw at novell.com> 2003-05-20 07:51 -------/
> 
> Yeah, I wasn't paying enough attention and didn't notice that a
> bunch of them are crashes in other threads while mail_importer_init
> merely happened to be running. Although many of those are crashes
> in libdl still, so it may still all be related.
> 
> Temlakos
> 
> Ulrich Drepper wrote:
> 
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Temlakos wrote:
> >
> >  
> >
> >>I filed a report to Bugzilla.Ximian.com, and they said (a) "it's the
> >>same thing we've seen before," and (b) "it's not our fault; there's some
> >>memory corruption going on somewhere." They mentioned the "libc" file at
> >>some point in their correspondence on this issue.
> >>    
> >>
> >
> >Memory corruptions are highly unlikely _caused_ by glibc.  The malloc
> >functions will easily crash due to memory corruption but this does not
> >mean there is a bug in glibc.  Every glibc change has the potential to
> >bring out new bugs; if objects are laid out differently in memory,
> >buffer overruns will affect different regions and the newly written to
> >ones might be more sensitive.
> >
> >You'll have to determine what these vague statements you got really mean.
> >
> >- --
> >➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.2.6 (GNU/Linux)
> >
> >iD8DBQFBlE942ijCOnn/RHQRAtKFAKCAe/S2Pt7ENLXLIGk5PuzJ6t1qiwCfQfB6
> >pjLHWwxUe6qlaNP0n+EaZKw=
> >=F7fh
> >-----END PGP SIGNATURE-----
> >
> >  
> >
>

More information about the users mailing list