GNOME Bugzilla – Bug 729790
Crash under alert_bar_response_close()
Last modified: 2014-05-30 10:36:39 UTC
Using Debian Sid/unstable with Evolution 3.12.1-1, no messages shown, still downloading IMAP message I believe, Evolution started with CAMEL_DEBUG=imapx:io,imapx:conman evolution crashed with a segmentation fault after half an hour. segfault at ffffd000 ip b758d4e3 sp bfa81bd0 error 5 in libevolution-util.so.0.0.0[b753e000+1ee000] Before the following messages were printed to the terminal. [imapx:I] I/O: 'I00889 SELECT Kalender ' [imapx:I] I/O: '* 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 0] UID validity status * OK [UIDNEXT 1] Predicted next UID * FLAGS (\Answered \Flagged \Deleted \Draft \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Draft \Seen)] Permanent flags I00889 OK [READ-WRITE] SELECT completed ' [imapx:I] I/O: 'I00890 UID FETCH 1:* (RFC822.SIZE RFC822.HEADER FLAGS) ' [imapx:I] I/O: 'I00888 UID FETCH 1:* (RFC822.SIZE RFC822.HEADER FLAGS) ' [imapx:I] I/O: 'I00890 OK UID FETCH completed Bogus sequence in UID FETCH: Sequence out of range ' [imapx:I] I/O: '' (evolution:18088): evolution-mail-WARNING **: Failed to refresh folder 'test@example.com: Kalender': Fehler beim Abrufen neuer Nachrichten: Server sent unexpected response: Bogus
$ dpkg -S libevolution-util libevolution: /usr/lib/evolution/3.12/libevolution-util.so.0 evolution-dev: /usr/lib/evolution/3.12/libevolution-util.so libevolution: /usr/lib/evolution/3.12/libevolution-util.so.0.0.0 $ dpkg -l libevolution evolution-dev […] ii evolution-dev 3.12.1-1 i386 development library files for Evolution ii libevolution 3.12.1-1 i386 evolution libraries
No idea if it matters, but crashes are critical in my opinion as they cause data loss.
The account in the backtrace uses the server `imap.alice.de` which is not working well I believe. But Evolution should deal with it. $ telnet imap.alice.de 143 Trying 91.136.8.184... Connected to imap.alice.de. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=LOGIN ID] mail48c50 IMAP4rev1 Bigfoot paul@mattotaupa:~ $ telnet imap.alice.de 993 Trying 91.136.8.184... Connected to imap.alice.de. Escape character is '^]'. Connection closed by foreign host. $ gdb evolution -c core GNU gdb (GDB) 7.6.2 (Debian 7.6.2-1.1) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/evolution...Reading symbols from /usr/lib/debug/.build-id/03/893d975ba505e3714a4bc7360928cfd15b9220.debug...done. done. [New LWP 18088] [New LWP 18102] [New LWP 18099] [New LWP 18112] [New LWP 18151] [New LWP 18110] [New LWP 18111] [New LWP 18702] [New LWP 18150] [New LWP 18704] [New LWP 18712] [New LWP 18735] [New LWP 18705] [New LWP 18736] [New LWP 18711] [New LWP 18752] [New LWP 18774] [New LWP 18713] [New LWP 18924] [New LWP 18723] [New LWP 22441] [New LWP 18766] [New LWP 27303] [New LWP 18923] [New LWP 27363] [New LWP 27300] [New LWP 21476] [New LWP 27305] [New LWP 27297] warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". Core was generated by `evolution'. Program terminated with signal 11, Segmentation fault.
+ Trace 233574
Thread 1 (Thread 0xb0b99900 (LWP 18088))
(In reply to comment #0) > [imapx:I] I/O: 'I00890 OK UID FETCH completed > Bogus sequence in UID FETCH: Sequence out of range > ' > [imapx:I] I/O: '' > > (evolution:18088): evolution-mail-WARNING **: Failed to refresh folder > 'test@example.com: Kalender': Fehler beim Abrufen neuer Nachrichten: Server > sent unexpected response: Bogus The above means the folder is empty and the server responses OK, but also a reason for the OK as 1:* is not a correct message sequence - it's because the next UID is 1. The problem is that the server returns the additional message on a new line, without correct prefix, which causes the error in the response parser in the IMAPx code. The server should fix this, as far as I can tell. (In reply to comment #3) > The account in the backtrace uses the server `imap.alice.de` which is not > working well I believe. But Evolution should deal with it. > > ... > > Connection closed by foreign host. I agree. The changes around bug #720154 are supposed to address this kind of issues. > #0 e_alert_response at e-alert.c line 945 > #1 alert_bar_response_close at e-alert-bar.c line 54 What did happen before this crash and what did you do, just before it? If I read the backtrace correctly, then there was some error message above the message list, on which you clicked the "x" button to close it, which triggered the crash. Is the observation correct? I didn't see such crash on my machine, though I use only gtk3-3.10.6-1.3.fc20.x86_64, thus slightly older version. My guess is that the corresponding EAlert got freed before the close attempt and thus it use-after-free it here. valgrind may prove or reject the theory.
(In reply to comment #4) > (In reply to comment #0) > > [imapx:I] I/O: 'I00890 OK UID FETCH completed > > Bogus sequence in UID FETCH: Sequence out of range > > ' > > [imapx:I] I/O: '' > > > > (evolution:18088): evolution-mail-WARNING **: Failed to refresh folder > > 'test@example.com: Kalender': Fehler beim Abrufen neuer Nachrichten: Server > > sent unexpected response: Bogus > > The above means the folder is empty and the server responses OK, but also a > reason for the OK as 1:* is not a correct message sequence - it's because the > next UID is 1. The problem is that the server returns the additional message on > a new line, without correct prefix, which causes the error in the response > parser in the IMAPx code. The server should fix this, as far as I can tell. Ok, good to know. > (In reply to comment #3) > > The account in the backtrace uses the server `imap.alice.de` which is not > > working well I believe. But Evolution should deal with it. > > > > ... > > > > Connection closed by foreign host. > > I agree. The changes around bug #720154 are supposed to address this kind of > issues. I’ll try with E-D-S build from the 3.12 branch. > > #0 e_alert_response at e-alert.c line 945 > > #1 alert_bar_response_close at e-alert-bar.c line 54 > > What did happen before this crash and what did you do, just before it? If I > read the backtrace correctly, then there was some error message above the > message list, on which you clicked the "x" button to close it, which triggered > the crash. Is the observation correct? > > I didn't see such crash on my machine, though I use only > gtk3-3.10.6-1.3.fc20.x86_64, thus slightly older version. My guess is that the > corresponding EAlert got freed before the close attempt and thus it > use-after-free it here. valgrind may prove or reject the theory. Does this mean, that it would be a GTK+ bug?
(In reply to comment #5) > Does this mean, that it would be a GTK+ bug? I do not know yet. I'm plain guessing here. It can be something with gtk, or with evolution itself, or some memory corruption happened and stroke in this way, which would be the worse case, because finding where the corruption happened would not be easy.
Any update on this, please? If you are able to reliably reproduce this, and if it's about a memory corruption, then involving valgrind and reproducing the steps would log the error (not necessarily crash, because valgrind can avoid certain crashes). The valgrind command would look like this: $ G_SLICE=always-malloc valgrind --num-callers=20 evolution &>log.txt
I was not able to reproduce this anymore.