Created attachment 951376 [details]
File: backtrace

Created attachment 951377 [details]
File: cgroup

Created attachment 951378 [details]
File: core_backtrace

Created attachment 951379 [details]
File: dso_list

Created attachment 951380 [details]
File: environ

Created attachment 951381 [details]
File: exploitable

Created attachment 951382 [details]
File: limits

Created attachment 951383 [details]
File: maps

Created attachment 951384 [details]
File: open_fds

Created attachment 951385 [details]
File: proc_pid_status

Created attachment 951386 [details]
File: var_log_messages

Thanks for a bug report. Crashes in this function usually mean some sort of memory corruption, like when accessing already freed memory or similar. I tried to reproduce it under valgrind, by sending a reply to an EWS message, with and without storing sent messages into an EWS folder, but the valgrind didn't show anything related. It doesn't mean there is no issue, it's just that the plain text message I used doesn't trigger it.

Could you install valgrind, debug info for evolution-ews, evolution and evolution-data-server [1] then run evolution under valgrind, like this:
   $ G_SLICE=always-malloc valgrind --num-callers=20 evolution &>log.txt
and try to reproduce the crash. Note the valgrind can avoid certain crashes, but still log about them.

Also, if you could provide more details, like what settings you use for the EWS account and what message type you send and basically any other details which would help to identify where the issue is, then it'll be helpful.

[1] with a command like this:
    $ yum install evolution-ews-debuginfo evolution-debuginfo \
      evolution-data-server-debuginfo --enableretpo=updates-testing-debuginfo
    only make sure the package version of the debuginfo will match the package
    version of the binary packages.

*** Bug 1158056 has been marked as a duplicate of this bug. ***

It seems that replicating this bug will be extremely difficult to reproduce. Since reporting this issue I've only had one more such problem (unfortunately without valgrind running). I'm sending and receiving via EWS about 150-200 emails daily so it is really rare issue. I'll be back to this when will be able to reliable reproduce this bug - running on production machine through valgrind is really slow ;)

(In reply to Artur Flinta from comment #14)
> I'll be back to this when will be able to reliable reproduce this
> bug - running on production machine through valgrind is really slow ;)

Thanks. I would say that running evolution under valgrind in a production environment is useless, due to its slowness. The problem with memory corruption bugs is that they can strike back anywhere, not always at the same place, thus it's hard to pair them with an existing issue. They can also strike any time, which means even seconds/minutes/... after the actual faulty code was executed.

I'd suggest to try to watch any details, which might be easier than running evolution under valgrind. That is, if the crash is related to a message send, then watch for the pattern, like sending a new message, sending a reply, is the message a plain text or HTML, what content is the message (with HTML how much complicated it is - does it contain tables, inline images, ....). Does the sent message contain an attachment, what type and size is the attachment. Is it crashing when sending a meeting invitation. And so on. There are just too many details.

*** Bug 1163941 has been marked as a duplicate of this bug. ***

according to bug 1163941, it was after sending HTML message (my default composing mode), but without any formatting - I'm using this as plain text. But it was response for longer conversation and first of the messages had some pictures in footer. But I've responded to this person several times this week and without any problem. Moreover, crash have occurred several second after sending message. As I remember all these crashes happened when I was not using computer or was focused on other application.

Maybe it's the automatic contact feature doing something nasty. You had it enabled with a non-existent addressbook, if I recall correctly.

That the bug raises some time later is pretty much usual with this sorts of bugs (memory corruptions, like use-after-free). The faulty code modifies some memory and the bug is noticed only when that part is accessed, which highly depends on the kind of the data being stored there before the faulty code execution.

Yeah, I'll be monitoring it and not hesitate to report all bugs catched via ABRT ;)

I tried to reproduce it here, using IMAP and SMTP account, but no luck. Neither valgrind claimed anything whether BBDB plugin (Automatic Contacts) saved anything to my configured book or not. I also didn't notice any obvious issue in the bbdb code related to the message send, thus it's possible I focus in a wrong direction.

Another user experienced a similar problem:

I tried to reply to an email.

reporter:       libreport-2.3.0
backtrace_rating: 4
cmdline:        evolution
crash_function: magazine_chain_pop_head
executable:     /usr/bin/evolution
kernel:         3.17.6-300.fc21.x86_64
package:        evolution-3.12.8-1.fc21
reason:         evolution killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000

Another user experienced a similar problem:

Tried to reply to an email.

reporter:       libreport-2.3.0
backtrace_rating: 4
cmdline:        evolution
crash_function: magazine_chain_pop_head
executable:     /usr/bin/evolution
kernel:         3.17.6-300.fc21.x86_64
package:        evolution-3.12.8-1.fc21
reason:         evolution killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000

This had been fixed upstream in evolution 3.12.9, within bug [1]. I'm closing this as such. Please update to that version.

[1] https://bugzilla.gnome.org/show_bug.cgi?id=734530

*** Bug 1174134 has been marked as a duplicate of this bug. ***