[Evolution] Double SEGV and deadlock [SMP]

From: Mika Liljeberg <mika liljeberg welho com>
To: evolution lists ximian com
Subject: [Evolution] Double SEGV and deadlock [SMP]
Date: 04 Mar 2003 17:08:12 +0200
Package: Evolution
Priority: Normal
Version: 1.2.2
Synopsis: Double SEGV and deadlock [SMP]
Bugzilla-Product: Evolution
Bugzilla-Component: Mailer

Description:

Threads 3 and 1 both receive a SEGV. Thread 1 is in libc free()
function. Post mortem on thread 3 indicates that e_mempool_new() may be
returning a garbage pointer. The application deadlocks attempting to
display gnome crash dialog.


(gdb) thread apply all bt

Thread 9 (Thread 180232 (LWP 1907)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbebffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x416c23c8) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x41406ac0) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x416e6830) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbebffbe0) at manager.c:300

Thread 8 (Thread 98311 (LWP 1902)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbedffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814ba70) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814ba40) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b9e8) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbedffbe0) at manager.c:300

Thread 7 (Thread 81926 (LWP 1901)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbefffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814ba70) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814ba40) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b9e8) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbefffbe0) at manager.c:300

Thread 6 (Thread 114693 (LWP 1903)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbf1ffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814ba70) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814ba40) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b9e8) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbf1ffbe0) at manager.c:300

Thread 5 (Thread 49156 (LWP 1896)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbf3ffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814ba70) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814ba40) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b9e8) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbf3ffbe0) at manager.c:300

Thread 4 (Thread 32771 (LWP 1893)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbf5ffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814b9b8) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814b988) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b930) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbf5ffbe0) at manager.c:300

Thread 3 (Thread 16386 (LWP 1892)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbf7ffbe0) at pthread.c:1084
#2  0x40393790 in __pthread_alt_lock (lock=0x8105498, self=0xbf7ffbe0) at restart.h:34
#3  0x40390984 in __pthread_mutex_lock (mutex=0x8105488) at mutex.c:120
#4  0x080ae6b3 in segv_redirect (sig=1) at main.c:80
#5  0x4039575a in __pthread_sighandler (signo=11, ctx=
      {gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43, __dsh = 0, edi = 128, esi = 
185467032, ebp = 3212834404, esp = 3212834380, ebx = 1076058104, edx = 256, ecx = 1, eax = 2, trapno = 14, 
err = 6, eip = 1076016724, cs = 35, __csh = 0, eflags = 66050, esp_at_signal = 3212834380, ss = 43, __ssh = 
0, fpstate = 0xbf7ff3d0, oldmask = 2147483648, cr2 = 185467032}) at sighandler.c:38
#6  <signal handler called>
#7  e_mempool_new (blocksize=141266760, threshold=128, flags=139996672) at e-memory.c:420
#8  0x4007c6fd in camel_text_index_name_init (idn=0x86b8f48) at camel-text-index.c:1501
#9  0x400661e5 in camel_object_init (o=0x86b8f48, klass=0x8665ef8, type=0x8665ef8) at camel-object.c:380
#10 0x40066261 in camel_object_new (type=0x8665ef8) at camel-object.c:406
#11 0x4007c7ce in camel_text_index_name_new (idx=0x4130f560, name=0x8408f6a "1046689793.22055_4923.devil", 
nameid=134932076) at camel-text-index.c:1538
#12 0x4007b407 in text_index_add_name (idx=0x4130f560, name=0x8408f6a "1046689793.22055_4923.devil") at 
camel-text-index.c:617
#13 0x40052528 in camel_index_add_name (idx=0x411a9020, name=0x8408f6a "1046689793.22055_4923.devil") at 
camel-index.c:185
#14 0x40046850 in camel_folder_summary_info_new_from_parser (s=0x820e288, mp=0x86347d0) at 
camel-folder-summary.c:932
#15 0x400466f5 in camel_folder_summary_add_from_parser (s=0x820e288, mp=0x86347d0) at 
camel-folder-summary.c:843
#16 0x412f53d0 in camel_maildir_summary_add (cls=0x820e288, name=0x41a1d993 "1046689793.22055_4923.devil:2,", 
forceindex=0) at camel-maildir-summary.c:478
#17 0x412f5731 in maildir_summary_check (cls=0x820e288, changes=0x81c8490, ex=0x86aa2b0) at 
camel-maildir-summary.c:605
#18 0x412eded3 in camel_local_summary_check (cls=0x820e288, changeinfo=0x81c8490, ex=0x86aa2b0) at 
camel-local-summary.c:257
#19 0x412f5ad2 in maildir_summary_sync (cls=0x820e288, expunge=0, changes=0x81c8490, ex=0x86aa2b0) at 
camel-maildir-summary.c:726
#20 0x412edf16 in camel_local_summary_sync (cls=0x820e288, expunge=0, changeinfo=0x81c8490, ex=0x86aa2b0) at 
camel-local-summary.c:286
#21 0x412ecca6 in local_sync (folder=0x81b6b48, expunge=0, ex=0x86aa2b0) at camel-local-folder.c:420
#22 0x4004ae39 in camel_folder_sync (folder=0x81b6b48, expunge=0, ex=0x86aa2b0) at camel-folder.c:279
#23 0x0809e590 in mlf_sync (folder=0x81b6b48, expunge=0, ex=0x86aa2b0) at mail-local.c:260
#24 0x4004ae39 in camel_folder_sync (folder=0x41314f78, expunge=0, ex=0x86aa2b0) at camel-folder.c:279
#25 0x400825db in vee_sync (folder=0x81a9208, expunge=0, ex=0x86aa2b0) at camel-vee-folder.c:613
#26 0x4004ae39 in camel_folder_sync (folder=0x81a9208, expunge=0, ex=0x86aa2b0) at camel-folder.c:279
#27 0x080a4abf in sync_folder_sync (mm=0x411a9020) at mail-ops.c:1524
#28 0x080a144f in mail_msg_received (e=0x814b8b8, msg=0x86aa298, data=0x0) at mail-mt.c:503
#29 0x4022d1f6 in thread_received_msg (e=0x814b8b8, m=0x86aa298) at e-msgport.c:617
#30 0x4022d2f1 in thread_dispatch (din=0x814b8b8) at e-msgport.c:698
#31 0x4038fd53 in pthread_start_thread (arg=0xbf7ffbe0) at manager.c:300

Thread 2 (Thread 32769 (LWP 1891)):
#0  0x411582c0 in *__GI___poll (fds=0x81752a4, nfds=1, timeout=201) at ../sysdeps/unix/sysv/linux/poll.c:63
#1  0x4038fa8e in __pthread_manager (arg=0xc9) at manager.c:145

Thread 1 (Thread 16384 (LWP 1847)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0x40396080) at pthread.c:1084
#2  0x40393790 in __pthread_alt_lock (lock=0x411a9cf0, self=0x40396080) at restart.h:34
#3  0x40390984 in __pthread_mutex_lock (mutex=0x411a9ce0) at mutex.c:120
#4  0x41103000 in ptmalloc_lock_all () at arena.c:222
#5  0x40391047 in __fork () at ptfork.c:74
#6  0x40bd79fc in gnome_init () from /usr/lib/libgnomeui.so.32
#7  0x080ae6d6 in segv_redirect (sig=-1073746004) at main.c:71
#8  0x4039575a in __pthread_sighandler (signo=11, ctx=
      {gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43, __dsh = 0, edi = 1092263136, esi = 
142184952, ebp = 3221222104, esp = 3221222064, ebx = 1092259872, edx = 1092263196, ecx = 1092263136, eax = 
142184992, trapno = 0, err = 0, eip = 1091588810, cs = 35, __csh = 0, eflags = 2097670, esp_at_signal = 
3221222064, ss = 43, __ssh = 0, fpstate = 0xbffff030, oldmask = 2147483648, cr2 = 0}) at sighandler.c:38
#9  <signal handler called>
#10 __libc_free (mem=0x87991f8) at malloc.c:3345
#11 0x40f966fb in g_free (mem=0x87991f8) at gmem.c:411
#12 0x405b171d in e_tree_sorted_node_resorted () from /usr/lib/libgal.so.21
#13 0x405b1eb6 in e_tree_sorted_node_resorted () from /usr/lib/libgal.so.21
#14 0x405b1f05 in e_tree_sorted_node_resorted () from /usr/lib/libgal.so.21
#15 0x405b1f05 in e_tree_sorted_node_resorted () from /usr/lib/libgal.so.21
#16 0x405b1f05 in e_tree_sorted_node_resorted () from /usr/lib/libgal.so.21
#17 0x405b277e in e_tree_table_adapter_get_type () from /usr/lib/libgal.so.21
#18 0x40eb9043 in gtk_marshal_NONE__POINTER (object=0x855eee8, func=0x405b2728 
<e_tree_table_adapter_get_type+196>, func_data=0x81aad78, args=0xbffff538)
    at gtkmarshal.c:193
#19 0x40ee8b6c in gtk_handlers_run (handlers=0x84fe0e0, signal=0xbffff4e4, object=0x855eee8, 
params=0xbffff538, after=0) at gtksignal.c:1917
#20 0x40ee7fd5 in gtk_signal_real_emit (object=0x855eee8, signal_id=136, params=0xbffff538) at 
gtksignal.c:1477
#21 0x40ee60b3 in gtk_signal_emit (object=0x855eee8, signal_id=136) at gtksignal.c:552
#22 0x405aa535 in e_tree_model_node_changed () from /usr/lib/libgal.so.21
#23 0x405af95e in e_tree_selection_model_get_type () from /usr/lib/libgal.so.21
#24 0x405af0f1 in e_tree_selection_model_get_type () from /usr/lib/libgal.so.21
#25 0x40f964ea in g_idle_dispatch (source_data=0x405af094, dispatch_time=0xbffff920, user_data=0x855eee8) at 
gmain.c:1367
#26 0x40f954c8 in g_main_dispatch (dispatch_time=0xbffff920) at gmain.c:656
#27 0x40f95ad3 in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#28 0x40f95c6c in g_main_run (loop=0x814ef00) at gmain.c:935
#29 0x40eb77f7 in gtk_main () at gtkmain.c:524
#30 0x404f8ecd in bonobo_main () from /usr/lib/libbonobo.so.2
#31 0x080ae84c in main (argc=-1073743020, argv=0x80f8a35) at main.c:160
0x411582c0      63      in ../sysdeps/unix/sysv/linux/poll.c
(gdb) t 3
[Switching to thread 3 (Thread 16386 (LWP 1892))]#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at 
../sysdeps/unix/sysv/linux/sigsuspend.c:45
45      ../sysdeps/unix/sysv/linux/sigsuspend.c: No such file or directory.
        in ../sysdeps/unix/sysv/linux/sigsuspend.c
(gdb) f 7
#7  e_mempool_new (blocksize=141266760, threshold=128, flags=139996672) at e-memory.c:420
420             pool->blocksize = blocksize;
(gdb) up
#8  0x4007c6fd in camel_text_index_name_init (idn=0x86b8f48) at camel-text-index.c:1501
1501            p->pool = e_mempool_new(256, 128, E_MEMPOOL_ALIGN_BYTE);
(gdb) do
#7  e_mempool_new (blocksize=141266760, threshold=128, flags=139996672) at e-memory.c:420
420             pool->blocksize = blocksize;
(gdb) list
415     #ifdef G_THREADS_ENABLED
416             g_static_mutex_unlock(&mempool_mutex);
417     #endif
418             if (threshold >= blocksize)
419                     threshold = blocksize * 2 / 3;
420             pool->blocksize = blocksize;
421             pool->threshold = threshold;
422             pool->blocks = NULL;
423             pool->threshold_blocks = NULL;
424     
(gdb) p mempool_mutex
$1 = {runtime_mutex = 0x0, aligned_pad_u = {pad = '\0' <repeats 23 times>, dummy_double = 0, dummy_pointer = 
0x0, dummy_long = 0}}
(gdb) list 380
375     
376     /* a pool of mempool header blocks */
377     static MemChunk *mempool_memchunk;
378     #ifdef G_THREADS_ENABLED
379     static GStaticMutex mempool_mutex = G_STATIC_MUTEX_INIT;
380     #endif
381     
382     /**
383      * e_mempool_new:
384      * @blocksize: The base blocksize to use for all system alocations.
(gdb) 
385      * @threshold: If the allocation exceeds the threshold, then it is
386      * allocated separately and stored in a separate list.
387      * @flags: Alignment options: E_MEMPOOL_ALIGN_STRUCT uses native
388      * struct alignment, E_MEMPOOL_ALIGN_WORD aligns to 16 bits (2 bytes),
389      * and E_MEMPOOL_ALIGN_BYTE aligns to the nearest byte.  The default
390      * is to align to native structures.
391      * 
392      * Create a new mempool header.  Mempools can be used to efficiently
393      * allocate data which can then be freed as a whole.
394      *
(gdb) 
395      * Mempools can also be used to efficiently allocate arbitrarily
396      * aligned data (such as strings) without incurring the space overhead
397      * of aligning each allocation (which is not required for strings).
398      *
399      * However, each allocation cannot be freed individually, only all
400      * or nothing.
401      * 
402      * Return value: 
403      **/
404     MemPool *e_mempool_new(int blocksize, int threshold, EMemPoolFlags flags)
(gdb) 
405     {
406             MemPool *pool;
407     
408     #ifdef G_THREADS_ENABLED
409             g_static_mutex_lock(&mempool_mutex);
410     #endif
411             if (mempool_memchunk == NULL) {
412                     mempool_memchunk = e_memchunk_new(8, sizeof(MemPool));
413             }
414             pool = e_memchunk_alloc(mempool_memchunk);
(gdb) info local
pool = (MemPool *) 0xb0e0098
(gdb) p *pool
Cannot access memory at address 0xb0e0098
(gdb) info args
blocksize = 141266760
threshold = 128
flags = 139996672
Follow-Ups:
- Re: [Evolution] Double SEGV and deadlock [SMP]
  - From: Not Zed
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]