Hide Forgot
Version-Release number of selected component: evolution-data-server-3.20.5-3.fc24 Additional info: reporter: libreport-2.7.2 backtrace_rating: 4 cmdline: /usr/libexec/evolution-calendar-factory-subprocess --factory ews --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.Calendarx2487x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/2487/2 crash_function: e_soap_response_from_xmldoc executable: /usr/libexec/evolution-calendar-factory-subprocess global_pid: 2547 kernel: 4.7.3-200.fc24.x86_64 pkg_fingerprint: 73BD E983 81B4 6521 pkg_vendor: Fedora Project runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (9 frames) #0 e_soap_response_from_xmldoc at e-soap-response.c:233 #1 e_soap_response_new_from_xmldoc at e-soap-response.c:142 #2 e_soap_message_parse_response at e-soap-message.c:1179 #3 ews_response_cb at e-ews-connection.c:804 #4 soup_session_process_queue_item at soup-session.c:2056 #5 async_run_queue at soup-session.c:2095 #6 idle_run_queue at soup-session.c:2129 #11 e_ews_soup_thread at e-ews-connection.c:1732 #12 g_thread_proxy at gthread.c:780 Potential duplicate: bug 1215317
Created attachment 1205819 [details] File: backtrace
Created attachment 1205820 [details] File: cgroup
Created attachment 1205821 [details] File: core_backtrace
Created attachment 1205822 [details] File: dso_list
Created attachment 1205823 [details] File: environ
Created attachment 1205824 [details] File: exploitable
Created attachment 1205825 [details] File: limits
Created attachment 1205826 [details] File: maps
Created attachment 1205827 [details] File: mountinfo
Created attachment 1205828 [details] File: namespaces
Created attachment 1205829 [details] File: open_fds
Created attachment 1205830 [details] File: proc_pid_status
Created attachment 1205831 [details] File: var_log_messages
Thanks for a bug report. I see ABRT found a possible already filled bug #1215317, which looks very similar. The problem with it is that the bug report has no real resolution. I see from the backtrace that this crashed in the calendar factory when serving one of your evolution-ews calendars, but nothing more. If you'd have any insight, any detail about what was happening with the machine, the connection, or any other detail, then it'll be helpful. I do not recall seeing this myself in the past, though my EWS account doesn't have much activity.
Nope sorry no idea, I was trying to brake it but it just won't brake in a way i can reproduce. It just randomly pop up in my problem reporting and lately I don't even have this. My only idea is that office 365 (which my company use for EWS accounts) is returning some weird data. And yes it happens sometimes that i go the web based client and it shows random errors, maybe not enough sanity check in soap responses?
Thanks for the update. It looks to me like some sort of use-after-free, because the related code is this: 229 if (xml_body != NULL) { 230 if (strcmp ((const gchar *) xml_body->name, "Header") == 0) { 231 /* read header parameters */ 232 parse_parameters (response, xml_body); 233 xml_body = soup_xml_real_node (xml_body->next); 234 } where the place of the crash is line 233, which dereferences xml_body (by accessing its xml_body->next member). The backtrace shows that the xml_body is NULL, thus, if the gdb is correct, then the crash doesn't make sense, because one can get on line 233 only if the xml_body isn't NULL, which is tested on line 229, thus, from my point of view, something wrote somewhere where it shouldn't and it stroke back here. Such issue can strike in (semi-)random places, depending on the actual memory content. The tools like valgrind can help to identify such issues, but their side effect is also significantly slower run (due to all the memory checking), thus also a change in timing, which can prevent issues which depend on "proper timing". I'm closing this for now, but feel free to update here, if you find anything interesting, or simply ask in case you'd like to help with something (no need to reopen the bug report, I receive notifications for closed bugs too).