Thanks for a bug report. I think, on the first look, that pop3_store->engine is either NULL or some garbage pointer, but the question is why such thing happened. I suppose this is basically the first time you faced this crash, did you?

Yes, this seems to be something I've not seen before.

Similar downstream bug report from 3.6.2:
https://bugzilla.redhat.com/show_bug.cgi?id=887399

Description of problem:
The last action before Evolution disappeared from the display and was replaced by the Automatic Bug Reporting Tool was to expunge Trash.

Version-Release number of selected component:
evolution-3.6.2-3.fc18

Core was generated by `evolution'.
Program terminated with signal 11, Segmentation fault.

+ Trace 231299

I've also run into this on FC18 evolution-3.6.2-3.2.fc18 also.

In fact, I seem to run into it every day now.  Every morning when I start work, evolution has crashed and needs to be restarted.  I have lots of Fedora/RH abrt reports if any more information is required.

The frequency of this seems to have increased to about once or twice an hour now.  Very annoying to have to keep restarting evolution every time I come back to it to read new e-mail.

Any chance of getting this one fixed?

It usually depends on reproducibility. If it's reproducible on developer's machine(s), then it's usually easier to fix. What is your setting for the POP3 account. I see from the backtrace that his happens during folder expunge, thus I guess it's when expunging either On This Computer/Inbox or On This Computer/Trash. Am I right?

(In reply to comment #7)
> It usually depends on reproducibility. If it's reproducible on developer's
> machine(s), then it's usually easier to fix.

Understandable.

> What is your setting for the POP3
> account.

Pretty typical with the exception that I am using GSSAPI to authenticate.

> I see from the backtrace that his happens during folder expunge, thus
> I guess it's when expunging either On This Computer/Inbox or On This
> Computer/Trash. Am I right?

Only if that expunging happens automagically on POP3 mailboxes.  As I mentioned before, it was happening every night (i.e. while I am not at the computer, so not issuing expunges myself) before it increased to pretty much once or twice an hour.  But again, it typically happens while I am not using it, so again, not issuing expunges, myself.

Thanks for the update. What is set in Edit->Preferences->Mail Accounts-><POP account->Edit->Receiving Options tab, please? And also at Edit->Preferences->Mail Preferences->General tab->Delete Mail section.

(In reply to comment #9)
> Thanks for the update.

NPAA.  Whatever I can do to facilitate this.

> What is set in Edit->Preferences->Mail Accounts-><POP
> account->Edit->Receiving Options tab, please?

  * Check for new messages every 1 minutes
  * Leave messages on server

> And also at
> Edit->Preferences->Mail Preferences->General tab->Delete Mail section.

  o Empty trash folders on exit
  o Confirm when expunging a folder

where:

* == selected checkbox/item
o == unselected checkbox/item

Based on the backtrace from comment #3, one of configured POP3 accounts has both the options
 [x] Leave messages on server
 [x] Delete expunged from local Inbox
checked, otherwise it cannot get into that part of the code, unless it works with a garbage pointer, which was freed/unreffed incorrectly. Furthermore, pop3_folder_refresh_info_sync() is called in that backtrace only if the store is connected, which may not happen, because on update evolution always connects to the server and disconnects when the update is done. The complete backtrace in the downstream bug report doesn't suggest a thread interleaving here, hence I guess it's something else, probably the incorrect unref call. It might be noticeable when running evolution on console, there might be some critical warnings just before the crash.

I'd like to see a valgrind log for a crashing session, maybe it'll give a clue what happens here. You can run evolution under valgrind with this command:
   $ G_SLICE=always-malloc valgrind --num-callers=50 evolution &>log.txt
and let it running for some time. You mentioned it happens for you quite often, when not using it, thus it might be when evolution automatically updates content, as it can also expunge the folder content. I suppose, when you decrease automatic update interval for your POP3 (maybe also other) account(s), then the crash will exhibit itself more often.

I tried to reproduce this myself, but no luck, unfortunately. Neither valgrind claims anything related to me (only something from webkit). I hope it'll be easier for you to get the valgrind log. Please make sure you'll have installed proper (of the same version as the binary packages) debug info packages at least for evolution-data-server and evolution itself, thus the valgrind log will contain debugging information.

OK.  It seems the mitigating factor here is using gssapi for pop3.  If I change it to Login or PLAIN the problem goes away.

Perhaps that helps in reproducing.

Thanks for the clarification. I do not have available any POP3 server with enabled and working GSSAPI authentication, but as soon as I find one, I'll return back here.

I'm not sure this is relevant, but I don't use GSSAPI.  I'm using qpopper on the server and use SSL for encryption.

David, does it still crash for you too? I got a duplicate in the downstream bugzilla, but I cannot reproduce it myself, thought I use only a PLAIN authentication.

So, I just got this without using GSSAPI.  I turned that off back around comment #12 time frame.

Currently using:

evolution-ews-3.6.4-1.fc18.x86_64
evolution-3.6.4-3.fc18.x86_64
evolution-data-server-3.6.4-4.fc18.x86_64

Milan,

I haven't seen this one in a while.  As usual, I'm running recent git/masters.

I just got a similar downstream bug report from evolution-3.8.2-1.fc19:
https://bugzilla.redhat.com/show_bug.cgi?id=977927

Where the crash happened with lost connection to a pop3 server. I'll try to address this, it doesn't seem to be too complicated. (Reproducibility is a problem here, as is usual with crasher bugs.)

pop3_folder_refresh_info_sync (folder=0x2134710, cancellable=0x22b9000, error=0x22f7990) at camel-pop3-folder.c:729
729		if (!local_error && (pop3_store->engine->capa & CAMEL_POP3_CAP_UIDL) != 0)

+ Trace 232149

Created attachment 247842 [details] [review]
eds patch

for evolution-data-server;

Event after changes from [1], the code didn't check for validity of the returned pointer, thus it could crash in the similar way, when dereferencing NULL pointer. These are, hopefully, the last bits of the crashes in the POP3 provider.

[1] https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=590dc3968326d63494627020d2139c82fcf5510b

Created commit ed65569 in eds master (3.9.4+)
Created commit 6aa6b97 in eds gnome-3-8 (3.8.4+)

Will a 3.8.4 be cut any time soon?  This is an annoying crash.

Yes the planned date is July 22nd.