After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 680471 - [abrt] Crash under ml_tree_value_at_ex()
[abrt] Crash under ml_tree_value_at_ex()
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
3.2.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
: 766692 767479 785944 (view as bug list)
Depends on: 764065
Blocks:
 
 
Reported: 2012-07-23 17:40 UTC by Milan Crha
Modified: 2017-08-23 08:35 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Milan Crha 2012-07-23 17:40:42 UTC
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=841580

[abrt] evolution-3.2.3-3.fc16: ml_tree_value_at_ex: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV)

libreport version: 2.0.10
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        evolution
comment:        Try to switch to calendar view
crash_function: ml_tree_value_at_ex
executable:     /usr/bin/evolution
time:           Thu 19 Jul 2012 16:21:56 EEST

Core was generated by `evolution'.
Program terminated with signal 11, Segmentation fault.

Thread 2 (Thread 0x7fbfb6bcd700 (LWP 2540))

  • #0 read
    at ../sysdeps/unix/syscall-template.S line 82
  • #1 read
    at /usr/include/bits/unistd.h line 45
  • #2 unix_signal_helper_thread
    at gmain.c line 4567
  • #3 g_thread_create_proxy
    at gthread.c line 1962
  • #4 start_thread
    at pthread_create.c line 309
  • #5 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 115

Thread 1 (Thread 0x7fbfbe09d980 (LWP 2538))

  • #0 ??
  • #1 ml_tree_value_at_ex
    at message-list.c line 1598
  • #2 cell_toggle_draw
    at e-cell-toggle.c line 184
  • #3 e_cell_draw
    at e-cell.c line 333
  • #4 eti_draw
    at e-table-item.c line 2070
  • #5 gnome_canvas_group_draw
    at gnome-canvas.c line 1544
  • #6 gnome_canvas_paint_rect
    at gnome-canvas.c line 1816
  • #7 gnome_canvas_draw
    at gnome-canvas.c line 2333
  • #8 _gtk_marshal_BOOLEAN__BOXED
    at gtkmarshalers.c line 85
  • #9 gtk_widget_draw_marshaller
    at gtkwidget.c line 819
  • #10 g_closure_invoke
    at gclosure.c line 774
  • #11 signal_emit_unlocked_R
    at gsignal.c line 3310
  • #12 g_signal_emit_valist
    at gsignal.c line 3013
  • #13 g_signal_emit
    at gsignal.c line 3060
  • #14 _gtk_widget_draw_internal
    at gtkwidget.c line 5722
  • #15 _gtk_widget_draw_internal
    at gtkwidget.c line 5698
  • #16 gtk_widget_send_expose
    at gtkwidget.c line 5969
  • #17 gtk_main_do_event
    at gtkmain.c line 1801
  • #18 _gdk_window_process_updates_recurse
    at gdkwindow.c line 3857
  • #19 _gdk_window_process_updates_recurse
    at gdkwindow.c line 3830
  • #20 _gdk_window_process_updates_recurse
    at gdkwindow.c line 3830
  • #21 _gdk_window_process_updates_recurse
    at gdkwindow.c line 3830
  • #22 _gdk_window_process_updates_recurse
    at gdkwindow.c line 3830
  • #23 gdk_window_process_updates_internal
    at gdkwindow.c line 4013
  • #24 gdk_window_process_all_updates
    at gdkwindow.c line 4144
  • #25 gtk_container_idle_sizer
    at gtkcontainer.c line 1664
  • #26 gdk_threads_dispatch
    at gdk.c line 754
  • #27 g_main_dispatch
    at gmain.c line 2441
  • #28 g_main_context_dispatch
    at gmain.c line 3011
  • #29 g_main_context_iterate
    at gmain.c line 3089
  • #30 g_main_loop_run
    at gmain.c line 3297
  • #31 gtk_main
    at gtkmain.c line 1362
  • #32 main
    at main.c line 709

Comment 1 Milan Crha 2015-03-10 16:53:51 UTC
No duplicate for a long time, I'm closing this.
Comment 2 Milan Crha 2015-10-26 10:07:24 UTC
There had been filled a similar bug report from the latest stable version, 3.18.1:
https://bugzilla.redhat.com/show_bug.cgi?id=1273751

Thread 1 (Thread 0x7f9f2c52dac0 (LWP 4638))

  • #0 g_str_hash
    at ghash.c line 1875
  • #1 g_hash_table_lookup_node
    at ghash.c line 375
  • #2 g_hash_table_lookup
    at ghash.c line 1147
  • #3 e_mail_label_list_store_lookup
    at e-mail-label-list-store.c line 671
  • #4 add_label_if_known
    at message-list.c line 1640
  • #5 add_all_labels_foreach
    at message-list.c line 1667
  • #6 for_node_and_subtree_if_collapsed
    at message-list.c line 1528
  • #7 ml_tree_value_at_ex
    at message-list.c line 1902
  • #8 ect_draw
    at e-cell-text.c line 746
  • #9 e_cell_draw
    at e-cell.c line 357
  • #10 eti_draw
    at e-table-item.c line 2126
  • #11 gnome_canvas_group_draw
    at gnome-canvas.c line 1543
  • #12 gnome_canvas_paint_rect
    at gnome-canvas.c line 1816
  • #13 gnome_canvas_draw
    at gnome-canvas.c line 2310
  • #14 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #15 _gtk_widget_draw_internal
    at gtkwidget.c line 6927
  • #16 _gtk_widget_draw_windows
    at gtkwidget.c line 6933
  • #17 _gtk_widget_draw
    at gtkwidget.c line 7007
  • #18 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #19 gtk_container_draw
    at gtkcontainer.c line 3666
  • #20 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #21 _gtk_widget_draw_internal
    at gtkwidget.c line 7007
  • #22 _gtk_widget_draw
    at gtkwidget.c line 7013
  • #23 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #24 gtk_container_draw
    at gtkcontainer.c line 3666
  • #25 gtk_scrolled_window_draw
    at gtkscrolledwindow.c line 2352
  • #26 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #27 _gtk_widget_draw_internal
    at gtkwidget.c line 6927
  • #28 _gtk_widget_draw_windows
    at gtkwidget.c line 6933
  • #29 _gtk_widget_draw
    at gtkwidget.c line 7007
  • #30 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #31 gtk_container_draw
    at gtkcontainer.c line 3666
  • #32 gtk_paned_draw
    at gtkpaned.c line 1751
  • #33 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #34 _gtk_widget_draw_internal
    at gtkwidget.c line 6927
  • #35 _gtk_widget_draw_windows
    at gtkwidget.c line 6933
  • #36 _gtk_widget_draw
    at gtkwidget.c line 7038
  • #37 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #38 gtk_container_draw
    at gtkcontainer.c line 3666
  • #39 gtk_box_draw
    at gtkbox.c line 451
  • #40 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #41 _gtk_widget_draw_internal
    at gtkwidget.c line 7007
  • #42 _gtk_widget_draw
    at gtkwidget.c line 7013
  • #43 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #44 gtk_container_draw
    at gtkcontainer.c line 3666
  • #45 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #46 _gtk_widget_draw_internal
    at gtkwidget.c line 7007
  • #47 _gtk_widget_draw
    at gtkwidget.c line 7013
  • #48 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #49 gtk_container_propagate_draw
    at gtkcontainer.c line 3840
  • #50 gtk_notebook_draw
    at gtknotebook.c line 2618
  • #51 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #52 _gtk_widget_draw_internal
    at gtkwidget.c line 7007
  • #53 _gtk_widget_draw
    at gtkwidget.c line 7013
  • #54 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #55 gtk_container_draw
    at gtkcontainer.c line 3666
  • #56 gtk_box_draw
    at gtkbox.c line 451
  • #57 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #58 _gtk_widget_draw_internal
    at gtkwidget.c line 7007
  • #59 _gtk_widget_draw
    at gtkwidget.c line 7013
  • #60 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #61 gtk_container_draw
    at gtkcontainer.c line 3666
  • #62 gtk_paned_draw
    at gtkpaned.c line 1751
  • #63 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #64 _gtk_widget_draw_internal
    at gtkwidget.c line 6927
  • #65 _gtk_widget_draw_windows
    at gtkwidget.c line 6933
  • #66 _gtk_widget_draw
    at gtkwidget.c line 7038
  • #67 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #68 gtk_container_draw
    at gtkcontainer.c line 3666
  • #69 gtk_box_draw
    at gtkbox.c line 451
  • #70 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #71 _gtk_widget_draw_internal
    at gtkwidget.c line 7007
  • #72 _gtk_widget_draw
    at gtkwidget.c line 7013
  • #73 gtk_container_propagate_draw_internal
    at gtkcontainer.c line 3797
  • #74 gtk_container_draw
    at gtkcontainer.c line 3666
  • #75 gtk_window_draw
    at gtkwindow.c line 9857
  • #76 _gtk_widget_draw_internal
    at gtkwidget.c line 6831
  • #77 _gtk_widget_draw_internal
    at gtkwidget.c line 6927
  • #78 _gtk_widget_draw_windows
    at gtkwidget.c line 6933
  • #79 _gtk_widget_draw
    at gtkwidget.c line 7007
  • #80 gtk_widget_send_expose
    at gtkwidget.c line 7514
  • #81 gtk_main_do_event
    at gtkmain.c line 1770
  • #82 _gdk_window_process_updates_recurse_helper
    at gdkwindow.c line 3589
  • #83 gdk_window_process_updates_internal
    at gdkwindow.c line 3734
  • #84 gdk_window_process_updates_with_mode
    at gdkwindow.c line 3935
  • #85 _g_closure_invoke_va
    at gclosure.c line 864
  • #86 g_signal_emit_valist
    at gsignal.c line 3292
  • #87 g_signal_emit_by_name
    at gsignal.c line 3479
  • #88 gdk_frame_clock_paint_idle
    at gdkframeclockidle.c line 430
  • #89 gdk_threads_dispatch
    at gdk.c line 719
  • #90 g_timeout_dispatch
    at gmain.c line 4577
  • #91 g_main_dispatch
    at gmain.c line 3154
  • #92 g_main_context_dispatch
    at gmain.c line 3769
  • #93 g_main_context_iterate
    at gmain.c line 3840
  • #94 g_main_loop_run
    at gmain.c line 4034
  • #95 gtk_main
    at gtkmain.c line 1241
  • #96 main
    at main.c line 654

Comment 3 Milan Crha 2015-10-26 10:10:02 UTC
The latest backtrace shows that the second thread is finishing folder refresh. It can mean that the values being used in the main (UI) thread had been changed in the second thread. That is that the CamelMessageInfo structure is not thread safe on its own.
Comment 4 Milan Crha 2016-05-05 08:33:00 UTC
And one from 3.20.1:
https://bugzilla.redhat.com/show_bug.cgi?id=1333259

This will be addressed with changes from bug #764065 hopefully.
Comment 5 Milan Crha 2016-05-20 06:58:25 UTC
*** Bug 766692 has been marked as a duplicate of this bug. ***
Comment 6 Milan Crha 2016-06-06 09:36:10 UTC
*** Bug 767228 has been marked as a duplicate of this bug. ***
Comment 7 Milan Crha 2016-06-13 12:45:36 UTC
*** Bug 767479 has been marked as a duplicate of this bug. ***
Comment 8 Paul Wise 2016-06-21 06:15:46 UTC
I just got a crash similar to this in 3.20.3-1 from Debian stretch:

Core was generated by `evolution'.
Program terminated with signal SIGSEGV, Segmentation fault.
  • #0 ??
  • #0 0x0000000000000000 in
  • #1 ml_tree_value_at_ex
    at message-list.c line 1772
  • #2 update_cell
    at gal-a11y-e-cell-toggle.c line 129
  • #3 gal_a11y_e_cell_toggle_new
    at gal-a11y-e-cell-toggle.c line 193
  • #4 eti_ref_at
    at gal-a11y-e-table-item.c line 436
  • #5 eti_a11y_reset_focus_object
    at gal-a11y-e-table-item.c line 264
  • #9 <emit signal ??? on instance 0x55d1125c8320 [ETreeSelectionModel]>
    at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./gobject/gsignal.c line 3441
  • #10 e_selection_model_cursor_changed
    at e-selection-model.c line 769
  • #11 e_tree_selection_model_change_cursor
    at e-tree-selection-model.c line 824
  • #12 e_tree_set_cursor
    at e-tree.c line 1787
  • #13 clear_tree
    at message-list.c line 3835
  • #14 message_list_set_folder
    at message-list.c line 4705
  • #15 mail_reader_set_folder
    at e-mail-reader.c line 3401
  • #16 mail_paned_view_set_folder
    at e-mail-paned-view.c line 578
  • #17 mail_shell_view_got_folder_cb
    at e-mail-shell-view-private.c line 81
  • #18 g_task_return_now
    at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./gio/gtask.c line 1107
  • #19 complete_in_idle_cb
    at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./gio/gtask.c line 1121
  • #20 g_main_context_dispatch
    at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c line 3154
  • #21 g_main_context_dispatch
    at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c line 3769
  • #22 g_main_context_iterate
    at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c line 3840
  • #23 g_main_loop_run
    at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c line 4034
  • #24 gtk_main
    at /build/gtk+3.0-UYMeaD/gtk+3.0-3.20.6/./gtk/gtkmain.c line 1269
  • #25 main
    at main.c line 660

Comment 9 Paul Wise 2016-06-23 08:19:56 UTC
Got another crash with this same backtrace.
Comment 10 Milan Crha 2016-11-08 15:12:10 UTC
This is finally addressed (added thread safety around CamelMessageInfo) with changes for bug #764065, which will be released as 3.23.2.
Comment 11 Milan Crha 2016-11-28 15:49:18 UTC
A little correction, comment #8 shows a different issue. I'm reopening bug #767228 for it.
Comment 12 Paul Wise 2016-11-29 03:44:47 UTC
I just got another crash with this backtrace, seems the fix is also in 3.22 git, will there be another release for 3.22 soon?
Comment 13 Milan Crha 2016-11-29 08:05:45 UTC
Which backtrace? There are two different issues in this bug report. That's why I wrote comment #11. The 3.22.3 is planned for December 12th.
Comment 14 Paul Wise 2016-11-29 08:07:49 UTC
I think it was the one from comment #8 again. Thanks for the info, that should be early enough to beat the Debian stretch freeze.
Comment 15 Milan Crha 2017-08-23 08:35:25 UTC
*** Bug 785944 has been marked as a duplicate of this bug. ***