Bug 732607 – [abrt] Crash in imapx_job_fetch_new_messages_start()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 732607 - [abrt] Crash in imapx_job_fetch_new_messages_start()


Summary:	[abrt] Crash in imapx_job_fetch_new_messages_start()


Status:	RESOLVED FIXED

Product:	evolution-data-server
Classification:	Platform
Component:	Mailer
Version:	3.10.x (obsolete)
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	evolution-mail-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-07-02 06:19 UTC by Milan Crha
Modified:	2014-07-02 17:28 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Milan Crha 2014-07-02 06:19:13 UTC

Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1115173

Description of problem:
I finished reading some email.  I used Alt-F T to invoke "Empty Trash", then I left the workspace.  About 15-30 seconds later, I get notification that Evolution had crashed.

Version-Release number of selected component:
evolution-3.10.4-2.fc20

Additional info:
reporter:       libreport-2.2.2
backtrace_rating: 4
cmdline:        evolution
crash_function: ____strtoul_l_internal
executable:     /usr/bin/evolution
kernel:         3.14.8-200.fc20.x86_64

5482   if (total > 0) {
5483	   guint64 uidl;
5484	   uid = camel_imapx_dup_uid_from_summary_index (folder, total - 1);
5485	   uidl = strtoull (uid, NULL, 10);
5486	   g_free (uid);
5487	   uid = g_strdup_printf ("%" G_GUINT64_FORMAT, uidl + 1);
5488   } else

+ Trace 233753

Thread 2 (Thread 0x7fcf36ffd700 (LWP 32102))

#0 __lll_lock_wait
at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S line 135
#1 _L_lock_874
from /lib64/libpthread.so.0
#2 __GI___pthread_mutex_lock
at ../nptl/pthread_mutex_lock.c line 114
#3 vee_folder_subfolder_changed
at camel-vee-folder.c line 384
#4 vee_folder_process_changes
at camel-vee-folder.c line 499
#5 session_do_job_cb
at camel-session.c line 175
#6 run_in_thread
at gsimpleasyncresult.c line 871
#7 io_job_thread
at gioscheduler.c line 89
#8 g_task_thread_pool_thread
at gtask.c line 1245
#9 g_thread_pool_thread_proxy
at gthreadpool.c line 309
#10 g_thread_proxy
at gthread.c line 798
#11 start_thread
at pthread_create.c line 309
#12 clone
at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 111

Thread 1 (Thread 0x7fcf3d383700 (LWP 30520))

#0 __GI_____strtoul_l_internal
at ../stdlib/strtol_l.c line 298
#1 __GI_strtoul
at ../stdlib/strtol.c line 108
#2 imapx_job_fetch_new_messages_start
at camel-imapx-server.c line 5485
#3 camel_imapx_job_run
at camel-imapx-job.c line 255
#4 imapx_submit_job
at camel-imapx-server.c line 3081
#5 imapx_server_fetch_new_messages
at camel-imapx-server.c line 3243
#6 imapx_idle_thread
at camel-imapx-server.c line 3307
#7 g_thread_proxy
at gthread.c line 798
#8 start_thread
at pthread_create.c line 309
#9 clone
at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 111

Comment 1 Milan Crha 2014-07-02 06:22:25 UTC

Thread 9 is flushing summary of the same folder as the crashing Thread 1, which might be the cause of the returned wrong UID in Thread 1.

Comment 2 Milan Crha 2014-07-02 09:45:51 UTC

I addressed the crash by adding folder's summary locking for particular operations and by adding safety checks on returned values, thus the crash will not happen again.

Created commit 20533b4 in eds master (3.13.4+) [1]
Created commit 4581a32 in eds evolution-data-server-3-12 (3.12.4+)

[1] https://git.gnome.org/browse/evolution-data-server/commit/?id=20533b4