[Evolution] [SMP+evolution-mail] Memory corruption



On Wed, 2003-03-05 at 09:59, Mika Liljeberg wrote:
On Wed, 2003-03-05 at 03:50, Not Zed wrote:
put this in bug report on bugzilla.ximian.com

More evidence. This time the heap is clearly corrupted. malloc() crashes
inside libc and the application deadlocks on the head allocator mutex.

How many of these do you want in bugzilla? :)

        MikaL


(gdb) thread apply all bt

Thread 8 (Thread 114695 (LWP 8761)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbedffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814ba70) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814ba40) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b9e8) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbedffbe0) at manager.c:300

Thread 7 (Thread 98310 (LWP 8760)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbefffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814ba70) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814ba40) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b9e8) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbefffbe0) at manager.c:300

Thread 6 (Thread 163845 (LWP 8767)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbf1ffbe0) at pthread.c:1084
#2  0x40393790 in __pthread_alt_lock (lock=0x41400020, self=0xbf1ffbe0) at restart.h:34
#3  0x40390984 in __pthread_mutex_lock (mutex=0x41400010) at mutex.c:120
#4  0x411052b5 in __libc_free (mem=0x425e63c0) at malloc.c:3342
#5  0x40f966fb in g_free (mem=0x425e63c0) at gmem.c:411
#6  0x40f8b9e0 in g_ptr_array_free (array=0x41d9907c, free_segment=1) at garray.c:291
#7  0x412ecfd7 in local_search_by_uids (folder=0x8214120, 
    expression=0x81c02a8 " (or\n  (match-all (header-matches \"x-camel-mlist\"  \"debian-news lists debian 
org\"))\n  )\n", uids=0x88e7f5c, ex=0x0)
    at camel-local-folder.c:528
#8  0x4004c93e in camel_folder_search_by_uids (folder=0x8214120, 
    expr=0x81c02a8 " (or\n  (match-all (header-matches \"x-camel-mlist\"  \"debian-news lists debian 
org\"))\n  )\n", uids=0x88e7f5c, ex=0x0) at camel-folder.c:1231
#9  0x0809e855 in mlf_search_by_uids (folder=0x4131a228, 
    expression=0x81c02a8 " (or\n  (match-all (header-matches \"x-camel-mlist\"  \"debian-news lists debian 
org\"))\n  )\n", uids=0x88e7f5c, ex=0x0) at mail-local.c:342
#10 0x4004c93e in camel_folder_search_by_uids (folder=0x4131a228, 
    expr=0x81c02a8 " (or\n  (match-all (header-matches \"x-camel-mlist\"  \"debian-news lists debian 
org\"))\n  )\n", uids=0x88e7f5c, ex=0x0) at camel-folder.c:1231
#11 0x400849b7 in folder_changed_change (session=0x8168bc8, msg=0xfffffffc) at camel-vee-folder.c:1409
#12 0x40074411 in session_thread_received (thread=0x4163a890, msg=0x411a9020, session=0x8168bc8) at 
camel-session.c:759
#13 0x4022d1f6 in thread_received_msg (e=0x4163a890, m=0x425d9e10) at e-msgport.c:617
#14 0x4022d2f1 in thread_dispatch (din=0x4163a890) at e-msgport.c:698
#15 0x4038fd53 in pthread_start_thread (arg=0xbf1ffbe0) at manager.c:300

Thread 5 (Thread 49156 (LWP 8754)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbf3ffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814ba70) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814ba40) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b9e8) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbf3ffbe0) at manager.c:300

Thread 4 (Thread 32771 (LWP 8753)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbf5ffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814b9b8) at restart.h:34
#3  0x4022caea in e_msgport_wait (mp=0x814b988) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b930) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbf5ffbe0) at manager.c:300

Thread 3 (Thread 16386 (LWP 8752)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0xbf7ffbe0) at pthread.c:1084
#2  0x4038ef05 in pthread_cond_wait (cond=0x0, mutex=0x814b900) at restart.h:34
---Type <return> to continue, or q <return> to quit---
#3  0x4022caea in e_msgport_wait (mp=0x814b8d0) at e-msgport.c:305
#4  0x4022d38a in thread_dispatch (din=0x814b878) at e-msgport.c:665
#5  0x4038fd53 in pthread_start_thread (arg=0xbf7ffbe0) at manager.c:300

Thread 2 (Thread 32769 (LWP 8751)):
#0  0x411582c0 in *__GI___poll (fds=0x81751e4, nfds=1, timeout=201) at ../sysdeps/unix/sysv/linux/poll.c:63
#1  0x4038fa8e in __pthread_manager (arg=0xc9) at manager.c:145

Thread 1 (Thread 16384 (LWP 8724)):
#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
#1  0x40391f35 in __pthread_wait_for_restart_signal (self=0x40396080) at pthread.c:1084
#2  0x40393790 in __pthread_alt_lock (lock=0x41300020, self=0x40396080) at restart.h:34
#3  0x40390984 in __pthread_mutex_lock (mutex=0x41300010) at mutex.c:120
#4  0x41103000 in ptmalloc_lock_all () at arena.c:222
#5  0x40391047 in __fork () at ptfork.c:74
#6  0x40bd79fc in gnome_init () from /usr/lib/libgnomeui.so.32
#7  0x080ae6d6 in segv_redirect (sig=-1073745844) at main.c:71
#8  0x4039575a in __pthread_sighandler (signo=11, ctx=
      {gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43, __dsh = 0, edi = 64, esi = 
1105336384, ebp = 3221222264, esp = 3221222224, ebx = 1092259872, edx = 1105336256, ecx = 1105336208, eax = 
512, trapno = 14, err = 6, eip = 1091593330, cs = 35, __csh = 0, eflags = 66050, esp_at_signal = 3221222224, 
ss = 43, __ssh = 0, fpstate = 0xbffff0d0, oldmask = 2147483648, cr2 = 520}) at sighandler.c:38
#9  <signal handler called>
#10 0x41106472 in malloc_consolidate (av=0x41300010) at malloc.c:4340
#11 0x41105e80 in _int_malloc (av=0x41300010, bytes=134932076) at malloc.c:3808
#12 0x41105145 in __libc_malloc (bytes=523) at malloc.c:3281
#13 0x40f965e9 in g_malloc (size=523) at gmem.c:177
#14 0x4022b725 in e_mempool_alloc (pool=0x41e1efa4, size=26) at e-memory.c:470
#15 0x4022b78d in e_mempool_strdup (pool=0x41e1efa4, str=0x425e639e "1046864975.8767_444.devil") at 
e-memory.c:482
#16 0x4004e032 in camel_folder_change_info_change_uid (info=0x4230fd48, uid=0x425e639e 
"1046864975.8767_444.devil") at camel-folder.c:2065
#17 0x4004dd33 in change_info_cat (info=0x4230fd48, source=0x88e7f14, add=0x806e378 
<camel_folder_change_info_change_uid>) at camel-folder.c:1952
#18 0x4004dd9a in camel_folder_change_info_cat (info=0x4230fd48, source=0x425e7298) at camel-folder.c:1971
#19 0x40084b86 in folder_changed (sub=0x4131a228, changes=0x425e7298, vf=0x81b0338) at camel-vee-folder.c:1581
#20 0x40084beb in message_changed (f=0x4131a228, uid=0x8bcfd87 "1046864975.8767_444.devil", vf=0x81b0338) at 
camel-vee-folder.c:1606
#21 0x40067231 in camel_object_trigger_event (vo=0x4131a228, 
    name=0xbffff560 
"\bªzA0ªzA4íbA0ìbAÌÐuA\bÑuADÑuA\200ÑuA¼ÑuAøÆeA4ÇeApÇeA¬ÇeAèÇeA¬äyAèäyA$åyA`åyA\234åyA\230äyAü}GA8~GAt~GA°~GAì~GAxÿEA´ÿEAðÿEA,",
 
    event_data=0x8bcfd87) at camel-object.c:882
#22 0x40067231 in camel_object_trigger_event (vo=0x8214120, 
    name=0xbffff700 "\210=\e\b\207ý¼\bè÷ÿ¿$Ø\t À2&\bÀâ!\bhK2A$Ø\t À2&\b\b\204!\bX÷ÿ¿z¹\004@ A!\b|û\b 
\207ý¼\b²¸\004@$Ø\t@ A!\bx÷ÿ¿$Ø\t@ A!\b\020", 
    event_data=0x8bcfd87) at camel-object.c:882
#23 0x4004b97a in set_message_flags (folder=0x8214120, uid=0x8bcfd87 "1046864975.8767_444.devil", flags=16, 
set=136414216) at camel-folder.c:703
#24 0x4004ba0b in camel_folder_set_message_flags (folder=0x8214120, uid=0x8bcfd87 
"1046864975.8767_444.devil", flags=16, set=16) at camel-folder.c:723
#25 0x0809e976 in mlf_set_message_flags (folder=0x4131a228, uid=0x8bcfd87 "1046864975.8767_444.devil", 
flags=16, set=16) at mail-local.c:374
#26 0x4004ba0b in camel_folder_set_message_flags (folder=0x4131a228, uid=0x8bcfd87 
"1046864975.8767_444.devil", flags=16, set=16) at camel-folder.c:723
#27 0x40082c8c in vee_set_message_flags (folder=0x41311128, uid=0x41800fe0 
"lopyiyrS1046864975.8767_444.devil", flags=16, set=16) at camel-vee-folder.c:781
#28 0x4004ba0b in camel_folder_set_message_flags (folder=0x41311128, uid=0x41800fe0 
"lopyiyrS1046864975.8767_444.devil", flags=16, set=16) at camel-folder.c:723
#29 0x0807b02d in do_mark_seen (data=0x4156faa8) at folder-browser.c:2361
#30 0x40f963ea in g_timeout_dispatch (source_data=0x42371630, dispatch_time=0xbffff920, user_data=0x4156faa8) 
at gmain.c:1302
#31 0x40f954c8 in g_main_dispatch (dispatch_time=0xbffff920) at gmain.c:656
#32 0x40f95ad3 in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#33 0x40f95c6c in g_main_run (loop=0x814ebf0) at gmain.c:935
#34 0x40eb77f7 in gtk_main () at gtkmain.c:524
#35 0x404f8ecd in bonobo_main () from /usr/lib/libbonobo.so.2
#36 0x080ae84c in main (argc=-1073743020, argv=0x80f8a35) at main.c:160
0x410c2ae2      45      in ../sysdeps/unix/sysv/linux/sigsuspend.c
(gdb) t 1
[Switching to thread 1 (Thread 16384 (LWP 8724))]#0  0x410c2ae2 in *__GI___sigsuspend (set=0x411a9020) at 
../sysdeps/unix/sysv/linux/sigsuspend.c:45
45      in ../sysdeps/unix/sysv/linux/sigsuspend.c
(gdb) f 10
#10 0x41106472 in malloc_consolidate (av=0x41300010) at malloc.c:4340
4340    malloc.c: No such file or directory.
        in malloc.c
(gdb) up
#11 0x41105e80 in _int_malloc (av=0x41300010, bytes=134932076) at malloc.c:3808
3808    in malloc.c
(gdb) 
#12 0x41105145 in __libc_malloc (bytes=523) at malloc.c:3281
3281    in malloc.c
(gdb) 
#13 0x40f965e9 in g_malloc (size=523) at gmem.c:177
177     gmem.c: No such file or directory.
        in gmem.c
(gdb) 
#14 0x4022b725 in e_mempool_alloc (pool=0x41e1efa4, size=26) at e-memory.c:470
470                     n = g_malloc(sizeof(*n) - sizeof(char) + pool->blocksize);
(gdb) p *pool
$1 = {blocksize = 512, threshold = 256, align = 0, blocks = 0x0, threshold_blocks = 0x0}
(gdb) p n
$2 = (MemPoolNode *) 0x411a9020
(gdb) p *n
$3 = {next = 0x10cf34, free = 1090169248, data = "Ð"}





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]