0) Similar crash here (evolution 2.29.2). Similar situation (cancelled some stuff in the status bar since evolution took its time when I returned to it after a suspend/resume cycle and manually switching network form wireless to wired).

1) Last few lines of output:
(evolution:10390): camel-WARNING **: Camel operation status stack non empty: 

(evolution:10390): evolution-shell-CRITICAL **: e_shell_backend_get_shell: assertion `E_IS_SHELL_BACKEND (shell_backend)' failed

(evolution:10390): evolution-shell-CRITICAL **: e_shell_get_shell_settings: assertion `E_IS_SHELL (shell)' failed
Segmentation fault (core dumped)

2) gdb on this core file:
(gdb) bt

+ Trace 219272

reader = 0x86aa6d0
html_display = <value optimized out>
message_list = 0x0
shell_backend = <value optimized out>
shell_settings = <value optimized out>
shell = <value optimized out>
event = 0x0
target = <value optimized out>
mark_read = <value optimized out>
timeout_interval = <value optimized out>

3) Quick, uninformed analysis
evolution is dereferencing a NULL pointer with "message_list->cursor_uid". message_list was set by e_mail_reader_get_message_list(). Shouldn't a NULL return by that function be checked and this call back return if message_list turns out to be NULL?

Note, however, that by the time evolution crashes here shell_backend, shell, and shell_settings all seem to be NULL too.

*** Bug 604896 has been marked as a duplicate of this bug. ***

Evolution 2.29.5 

I get this crash often now a days while fetching the new mails

(evolution:12195): evolution-shell-CRITICAL **: e_shell_backend_get_shell: assertion `E_IS_SHELL_BACKEND (shell_backend)' failed

(evolution:12195): evolution-shell-CRITICAL **: e_shell_get_shell_settings: assertion `E_IS_SHELL (shell)' failed

Program received signal SIGSEGV, Segmentation fault.
0xb606bf7d in mail_reader_message_loaded_cb (folder=0x89a1098, message_uid=0x9cd6398 "0853BD1E00000001FA9D5DF038000001", message=0x99f1c00, 
    user_data=0x8a241e0, ex=0x9d1744c) at e-mail-reader.c:1765
1765		cursor_uid = MESSAGE_LIST (message_list)->cursor_uid;
(gdb) bt

+ Trace 219998

Created attachment 151166 [details] [review]
proposed evo patch

for evolution;

When you open a message in a new window, then new message list and mail browser are created, and the browser is freed immediately on the window close, but the message list is still alive, doing its part (for me waiting for message list regeneration). When it's done the signals are called with freed pointers as EMailReader and such. Thus the most important part is signal disconnection on browser dispose.

I was unable to get the exact crash you have, so maybe it'll not help for you completely. Please give it a try. Thanks.

Downstream bug report about the same:
https://bugzilla.redhat.com/show_bug.cgi?id=553550

I got a crash even after i have a patch applied from comment#4

evolution:636): evolution-shell-CRITICAL **: e_shell_backend_get_shell: assertion `E_IS_SHELL_BACKEND (shell_backend)' failed

(evolution:636): evolution-shell-CRITICAL **: e_shell_get_shell_settings: assertion `E_IS_SHELL (shell)' failed

Program received signal SIGSEGV, Segmentation fault.
0xb5d2bed1 in mail_reader_message_loaded_cb (folder=0x87d9070, message_uid=0x88b3a38 "7469", message=0x8ab8588, user_data=0x85ba2c0, ex=0x8820854) at e-mail-reader.c:1767
1767		cursor_uid = MESSAGE_LIST (message_list)->cursor_uid;
(gdb) bt full

+ Trace 220141

(In reply to comment #4)
> I was unable to get the exact crash you have, so maybe it'll not help for you
> completely. Please give it a try. Thanks.

Err, I hate when I'm right with things like the one above. I didn't get those runtime warnings there, so that can be the clue. Could you either run it on valgrind, and/or try to find any exact steps/data what I should do to trigger that, please? Or, maybe, if Paul can reproduce, then maybe he can look at this?

*** Bug 611108 has been marked as a duplicate of this bug. ***

*** Bug 633716 has been marked as a duplicate of this bug. ***

Comment on attachment 151166 [details] [review]
proposed evo patch

code in latest evo git master diverged too much, the patch is unusable, thus I'm marking it as such (thanks ssieb for noting this on IRC)

Here's a backtrace from evolution current master:

+ Trace 225219

Here's the code in case it changes:
2641			!priv->restoring_message_selection;
2642		timeout_interval =
2643			e_shell_settings_get_int (
2644			shell_settings, "mail-mark-seen-timeout");
2645	
2646		if (MESSAGE_LIST (message_list)->seen_id > 0) {
2647			g_source_remove (MESSAGE_LIST (message_list)->seen_id);
2648			MESSAGE_LIST (message_list)->seen_id = 0;
2649		}

Created attachment 178125 [details] [review]
evo patch

for evolution;

I finally got to this, and when cheating a bit (adding slowness to camel_folder_get_message), then I can reproduce this too. This patch fixes it, because the EMailReader is reffed, but when one closes the message window then the underlying MessageList is freed, so later, when the event mail_reader_message_loaded_cb is called the message list is NULL.

Created commit 88e2ead in evo master (2.91.6+)

*** Bug 618902 has been marked as a duplicate of this bug. ***