GNOME Bugzilla – Bug 274128
Evolution crashed when an imap folder opened
Last modified: 2007-11-22 10:14:35 UTC
Distribution: Debian 3.1 Package: Evolution Priority: Major Version: GNOME2.8.1 2.0.3 Gnome-Distributor: Debian Synopsis: Evolution crashed when an imap folder opened Bugzilla-Product: Evolution Bugzilla-Component: Mailer Bugzilla-Version: 2.0.3 BugBuddy-GnomeVersion: 2.0 (2.8.0) Description: Description of the crash: I read my emails through firewall which possibly change or drop something from the protocol. In some situation (I couldn't find the exact reason) the evolution crash. Steps to reproduce the crash: I try to reproduce it with more verbose firewall policy but without this I couldn't tell anything. But I'm sure the that the firewall do the trick. How often does this happen? Nearly every time, when communication with the server. (Open a folder, read a message) Additional Information: Debugging Information: Backtrace was generated from '/usr/bin/evolution' (no debugging symbols found) Using host libthread_db library "/lib/libthread_db.so.1". (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 25664)] [New Thread 32769 (LWP 25667)] [New Thread 16386 (LWP 25668)] [New Thread 65539 (LWP 25683)] [New Thread 49156 (LWP 25670)] [New Thread 81925 (LWP 25689)] [New Thread 98310 (LWP 25690)] [New Thread 114695 (LWP 25696)] (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) 0x40f99c0b in waitpid () from /lib/libpthread.so.0
+ Trace 57396
Thread 6 (Thread 81925 (LWP 25689))
Unknown reporter: sasa@balabit.hu, changed to bugbuddy-import@ximian.com. Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
I did some investigation. strace: 26553 recv(42, "* 1437 FETCH (UID 24379 BODY ((\""..., 1024, 0) = 254 26553 gettimeofday({1111952088, 227558}, NULL) = 0 26553 poll( <unfinished ...> 26539 <... select resumed> ) = 1 (in [3]) 26539 read(3, "\1\1n \0\0\0\0@\0\0\0\0\0\0\0\327\3k\2\352\2\351\0\20\0"..., 32) = 32 26539 gettimeofday({1111952088, 230424}, NULL) = 0 26539 write(3, "\2\0\4\0\366\0\0\3\0@\0\0\0\0\0\0005\20\4\0\232\3\0\3\367"..., 1868) = 1868 26539 read(3, 0xbffff2a0, 32) = -1 EAGAIN (Resource temporarily unavailable) 26539 select(4, [3], NULL, NULL, NULL <unfinished ...> 26553 <... poll resumed> [{fd=42, events=POLLIN, revents=POLLIN}, {fd=36, events=POLLIN}], 2, 240000) = 1 26553 recv(42, "\r\nB00141 OK Completed\r\n", 1024, 0) = 23 26553 --- SIGSEGV (Segmentation fault) @ 0 (0) --- The firewall output: 2005-03-27T21:34:42+0100 fw other_imap[8125]: imap.reply(6): (other_imap@zorp/intra_imap_balabit:4/imap): Complete response arrived; rsp='* 1437 FETCH (UID 24379 BODY (("TEXT" "PLAIN" ("CHARSET" "utf-8") NIL NIL "QUOTED-PRINTABLE" 523 14)("TEXT" "PLAIN" ("CHARSET" "utf-8") NIL NIL "QUOTED-PRINTABLE" 829 49)("TEXT" "PLAIN" ("CHARSET" "utf-8") NIL NIL "QUOTED-PRINTABLE" 8406 392) "MIXED"))' 2005-03-27T21:34:42+0100 fw other_imap[8125]: imap.debug(6): (other_imap@zorp/intra_imap_balabit:4/imap): Reconstructed response; rsp='* 1437 FETCH (UID 24379 BODY (("TEXT" "PLAIN" ("CHARSET" "utf-8") NIL NIL "QUOTED-PRINTABLE" 523 14) ("TEXT" "PLAIN" ("CHARSET" "utf-8") NIL NIL "QUOTED-PRINTABLE" 829 49) ("TEXT" "PLAIN" ("CHARSET" "utf-8") NIL NIL "QUOTED-PRINTABLE" 8406 392) "MIXED"))' 2005-03-27T21:34:42+0100 fw other_imap[8125]: core.dump(7): (other_imap@zorp/intra_imap_balabit:4/imap/client): Writing channel; fd='6', count='254' 2005-03-27T21:34:42+0100 fw other_imap[8125]: core.dump(7): (other_imap@zorp/intra_imap_balabit:4/imap/client): Writing channel; fd='6', count='2' 2005-03-27T21:34:42+0100 fw other_imap[8125]: imap.reply(6): (other_imap@zorp/intra_imap_balabit:4/imap): Complete response arrived; rsp='B00141 OK Completed' 2005-03-27T21:34:42+0100 fw other_imap[8125]: imap.debug(6): (other_imap@zorp/intra_imap_balabit:4/imap): Reconstructed response; rsp='B00141 OK Completed' 2005-03-27T21:34:42+0100 fw other_imap[8125]: core.dump(7): (other_imap@zorp/intra_imap_balabit:4/imap/client): Writing channel; fd='6', count='19' 2005-03-27T21:34:42+0100 fw other_imap[8125]: core.dump(7): (other_imap@zorp/intra_imap_balabit:4/imap/client): Writing channel; fd='6', count='2' A bigger backtrace: 0x40f99c0b in waitpid () from /usr/lib/debug/libpthread.so.0
+ Trace 57397
And it's hung when try to read this message.
is this still a problem with 2.2?
SZALAY Attila is this still reproducible with 2.2.1?
It's hard to get that version of evolution. Is there any debian package from it?
Sorry for the late answer. Yes I can reproduce this with this version: sasa:~$ dpkg -l evolution Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-=========================-=========================-================================================================== ii evolution 2.2.2-4 The groupware suite
Info supplied re-opening it.
umm, how hard is it to select help->about? anyway, run evolution wiht CAMEL_DEBUG=all in the environment and get the log there. it is not clear from your firewall log exactly what the client received.
This seems to be related to SSL somehow. Without SSL the problem does not happen, with SSL it crashes whenever I click on a specific message. I don't know wheter it is specific that message though. Here is the end of the CAMEL debug output (evolution 2.0.4 in Debian) <-- Literal: -->Return-Path: <cyrus@newmail> X-Sieve: CMU Sieve 2.2 Return-Path: <tt-l-bounces@lists.balabit> X-Original-To: tt-l@lists.balabit Delivered-To: tt-l@lists.balabreceived: ) received: * 1104 FETCH (FLAGS () UID 1104 INTERNALDATE "18-Oct-2005 00:00:05 +0200" RFC822.SIZE 2832 BODY[HEADER.FIELDS.NOT (RECEIVED)] {1172} received: ) received: A00336 OK Completed sending : A00337 NOOP received: A00337 OK Completed sending : A00338 UID FETCH 1100 BODY received: * 1100 FETCH (UID 1100 BODY (("TEXT" "PLAIN" ("CHARSET" "UTF-8" "FORMAT" "flowed") NIL NIL "7BIT" 64 4) ("APPLICATION" "VND.SUN.XML.WRITER" ("NAME" "TUT_ssl_051027_en.sxw") NIL NIL "BASE64" 1241818) ("TEXT" "PLAIN" ("CHARSET" "us-ascii") NIL NIL "7BIT" 132 4) "MIXED")) received: A00338 OK Completed *** attempt to put segment in horiz list twice *** attempt to put segment in horiz list twice *** attempt to put segment in horiz list twice *** attempt to put segment in horiz list twice *** attempt to put segment in horiz list twice *** attempt to put segment in horiz list twice It seems to crash when receiving the Completed message, probably because of some kind of race condition. I'm attaching a backtrace created by bug-buddy, and I'm compiling an evolution with debugging enabled right now.
Created attachment 53611 [details] backtrace by bug-buddy
The problem disappeared in 2.2.3.
on the contrary, I have a fresh 2.2.3 installation, and it still crashes. attaching backtrace by bug-buddy, I'm trying to reproduce using CAMEL_DEBUG=all
Created attachment 53642 [details] backtrace This backtrace is generated by evolution-2.2.3, ldd output: bazsi@bzorp:~$ ldd /usr/bin/evolution-2.2 libeshell.so.0 => /usr/lib/evolution/2.2/libeshell.so.0 (0xb7fd8000) libemiscwidgets.so.0 => /usr/lib/evolution/2.2/libemiscwidgets.so.0 (0xb7f9a000) libevolution-importer.so.0 => /usr/lib/evolution/2.2/libevolution-importer.so.0 (0xb7f91000) libetimezonedialog.so.0 => /usr/lib/evolution/2.2/libetimezonedialog.so.0 (0xb7f8c000) libeutil.so.0 => /usr/lib/evolution/2.2/libeutil.so.0 (0xb7f61000) libevolution-widgets-a11y.so.0 => /usr/lib/evolution/2.2/libevolution-widgets-a11y.so.0 (0xb7f58000) libevolution-a11y.so.0 => /usr/lib/evolution/2.2/libevolution-a11y.so.0 (0xb7f55000) libedataserverui-1.2.so.4 => /usr/lib/libedataserverui-1.2.so.4 (0xb7f23000) libebook-1.2.so.3 => /usr/lib/libebook-1.2.so.3 (0xb7ef0000) libcamel-1.2.so.0 => /usr/lib/libcamel-1.2.so.0 (0xb7ea7000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7e3f000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7e1c000) libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7e19000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7e03000) libssl3.so => /usr/lib/libssl3.so (0xb7de1000) libsmime3.so => /usr/lib/libsmime3.so (0xb7dbd000) libnss3.so => /usr/lib/libnss3.so (0xb7d4f000) libsoftokn3.so => /usr/lib/libsoftokn3.so (0xb7cde000) libecal-1.2.so.2 => /usr/lib/libecal-1.2.so.2 (0xb7c41000) libedataserver-1.2.so.4 => /usr/lib/libedataserver-1.2.so.4 (0xb7c17000) libplc4.so => /usr/lib/libplc4.so (0xb7c12000) libplds4.so => /usr/lib/libplds4.so (0xb7c0f000) libnspr4.so => /usr/lib/libnspr4.so (0xb7bdb000) libdb-4.2.so => /usr/lib/libdb-4.2.so (0xb7b05000) libgal-2.4.so.0 => /usr/lib/libgal-2.4.so.0 (0xb7a30000) libgal-a11y-2.4.so.0 => /usr/lib/libgal-a11y-2.4.so.0 (0xb7a1d000) libgtkhtml-3.6.so.18 => /usr/lib/libgtkhtml-3.6.so.18 (0xb7979000) libgailutil.so.17 => /usr/lib/libgailutil.so.17 (0xb7971000) libgnomeui-2.so.0 => /usr/lib/libgnomeui-2.so.0 (0xb78d6000) libgnome-keyring.so.0 => /usr/lib/libgnome-keyring.so.0 (0xb78cc000) libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0xb78ae000) libgnomeprintui-2-2.so.0 => /usr/lib/libgnomeprintui-2-2.so.0 (0xb7882000) libglade-2.0.so.0 => /usr/lib/libglade-2.0.so.0 (0xb786c000) libbonoboui-2.so.0 => /usr/lib/libbonoboui-2.so.0 (0xb780d000) libSM.so.6 => /usr/X11R6/lib/libSM.so.6 (0xb7804000) libICE.so.6 => /usr/X11R6/lib/libICE.so.6 (0xb77ed000) libX11.so.6 => /usr/X11R6/lib/libX11.so.6 (0xb7726000) libgnome-2.so.0 => /usr/lib/libgnome-2.so.0 (0xb7710000) libesd.so.0 => /usr/lib/libesd.so.0 (0xb7708000) libaudiofile.so.0 => /usr/lib/libaudiofile.so.0 (0xb76e4000) libgnomevfs-2.so.0 => /usr/lib/libgnomevfs-2.so.0 (0xb7683000) libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0xb761c000) libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0xb760c000) libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb75be000) libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb75aa000) libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb75a6000) libresolv.so.2 => /lib/tls/libresolv.so.2 (0xb7594000) librt.so.1 => /lib/tls/librt.so.1 (0xb758e000) libbonobo-2.so.0 => /usr/lib/libbonobo-2.so.0 (0xb7535000) libgconf-2.so.4 => /usr/lib/libgconf-2.so.4 (0xb7501000) libbonobo-activation.so.4 => /usr/lib/libbonobo-activation.so.4 (0xb74ec000) libORBitCosNaming-2.so.0 => /usr/lib/libORBitCosNaming-2.so.0 (0xb74e7000) libORBit-2.so.0 => /usr/lib/libORBit-2.so.0 (0xb7491000) libpopt.so.0 => /lib/libpopt.so.0 (0xb7489000) libgthread-2.0.so.0 => /usr/lib/libgthread-2.0.so.0 (0xb7484000) libgnomeprint-2-2.so.0 => /usr/lib/libgnomeprint-2-2.so.0 (0xb741f000) libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0xb73f0000) libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0xb7383000) libgnomecanvas-2.so.0 => /usr/lib/libgnomecanvas-2.so.0 (0xb7357000) libart_lgpl_2.so.2 => /usr/lib/libart_lgpl_2.so.2 (0xb7341000) libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0 (0xb731b000) libgtk-x11-2.0.so.0 => /usr/lib/libgtk-x11-2.0.so.0 (0xb703c000) libxml2.so.2 => /usr/lib/libxml2.so.2 (0xb6f35000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb6f26000) libz.so.1 => /usr/lib/libz.so.1 (0xb6f14000) libgdk-x11-2.0.so.0 => /usr/lib/libgdk-x11-2.0.so.0 (0xb6e95000) libatk-1.0.so.0 => /usr/lib/libatk-1.0.so.0 (0xb6e77000) libgdk_pixbuf-2.0.so.0 => /usr/lib/libgdk_pixbuf-2.0.so.0 (0xb6e60000) libpangoxft-1.0.so.0 => /usr/lib/libpangoxft-1.0.so.0 (0xb6e59000) libpangox-1.0.so.0 => /usr/lib/libpangox-1.0.so.0 (0xb6e4e000) libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0xb6e15000) libm.so.6 => /lib/tls/libm.so.6 (0xb6df3000) libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0xb6dbf000) libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0xb6dba000) libdl.so.2 => /lib/tls/libdl.so.2 (0xb6db7000) libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0xb6d37000) libc.so.6 => /lib/tls/libc.so.6 (0xb6c02000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fea000) libexpat.so.1 => /usr/lib/libexpat.so.1 (0xb6be0000) libXrandr.so.2 => /usr/X11R6/lib/libXrandr.so.2 (0xb6bdc000) libXi.so.6 => /usr/X11R6/lib/libXi.so.6 (0xb6bd4000) libXext.so.6 => /usr/X11R6/lib/libXext.so.6 (0xb6bc6000) libXft.so.2 => /usr/lib/libXft.so.2 (0xb6bb3000) libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0xb6ba9000) libXrender.so.1 => /usr/lib/libXrender.so.1 (0xb6ba1000)
I have a full CAMEL_DEBUG=all output and a backtrace generated by debugging libraries (LD_LIBRARY_PATH=/usr/lib/debug). I'm reluctant to attach the complete IMAP session, the problem seems to be related to the fact that an untagged and tagged response to FETCH is received in two distinct TCP packets. The end of the CAMEL_DEBUG output: received: A00339 OK Completed camel_junk_plugin_check_junk em_junk_sa_check_junk sending : A00340 UID FETCH 85613 BODY received: * 298 FETCH (UID 85613 BODY (("TEXT" "PLAIN" ("CHARSET" "us-ascii") NIL NIL "QUOTED-PRINTABLE" 870 24) ("TEXT" "HTML" ("CHARSET" "us-ascii") NIL NIL "QUOTED-PRINTABLE" 2184 46) "ALTERNATIVE")) received: A00340 OK Completed The server without the firewall in picture would send the last two lines in a single TCP packet, while the firewall reconstructs those as distinct responses and relays them as separate packets. pthread_cond_wait is called with a NULL in this case, and probably that's the cause of the crash. Attaching the backtrace with debug information.
Created attachment 53644 [details] evolution-2.2.3 backtrace, debugging libraries
reopening
reassigning to component owner to get rid of "triage@ximian.com" assignee.
I couldn't reproduce this problem in the version: "Evolution 2.6.1". So I think it's fixed somewhere between 2.2 and 2.6. :))
*** Bug 468259 has been marked as a duplicate of this bug. ***
I think this will be fixed with a patch from bug 430420, so marking as duplicate. In that second bug there was a problem with returned envelope, as pvanhoof explained me. He said that there should not be two numbers at the end, as it is in comment #13 with "870 24" and "2184 46". The fix there worked for me and is committed into actual trunk and stable. Feel free to reopen if I'm wrong. *** This bug has been marked as a duplicate of 430420 ***