Description of problem: Office 365 email account. Sending email with 15 individual attachments, not zipped. Crash seems to occur right after sending. Message shows up in the Sent Items folder. Version-Release number of selected component: evolution-3.24.6-1.fc26 Additional info: reporter: libreport-2.9.1 backtrace_rating: 4 cmdline: /usr/bin/evolution crash_function: e_attachment_store_get_num_attachments executable: /usr/bin/evolution journald_cursor: s=48d44bcb09e3459289cb018456d15da4;i=2c21e;b=cb95d257295744dab35eeaba5712f84b;m=193171cf38;t=563a31903f578;x=93221f5f218a332f kernel: 4.14.13-200.fc26.x86_64 rootdir: / runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (7 frames) #0 e_attachment_store_get_num_attachments at /usr/src/debug/evolution-3.24.6/src/e-util/e-attachment-store.c:542 #1 composer_build_message at /usr/src/debug/evolution-3.24.6/src/composer/e-msg-composer.c:1451 #2 e_msg_composer_get_message_draft at /usr/src/debug/evolution-3.24.6/src/composer/e-msg-composer.c:5076 #3 save_snapshot_replace_cb at /usr/src/debug/evolution-3.24.6/src/modules/composer-autosave/e-autosave-utils.c:329 #4 g_task_return_now at gtask.c:1145 #5 complete_in_idle_cb at gtask.c:1159 #11 gtk_main at gtkmain.c:1322
Created attachment 1386390 [details] File: backtrace
Created attachment 1386391 [details] File: cgroup
Created attachment 1386392 [details] File: core_backtrace
Created attachment 1386393 [details] File: cpuinfo
Created attachment 1386394 [details] File: dso_list
Created attachment 1386395 [details] File: environ
Created attachment 1386396 [details] File: exploitable
Created attachment 1386397 [details] File: limits
Created attachment 1386398 [details] File: maps
Created attachment 1386399 [details] File: open_fds
Created attachment 1386400 [details] File: proc_pid_status
Created attachment 1386401 [details] File: var_log_messages
Thanks for a bug report. It looks like a coincidence, when you finished the message and sent it there also triggered an autosave of it, which had been accessing already freed memory or something like that.
I've been able to reproduce this by cheating in the code, to have time to close the composer while it was saving the content. It's fixed for the next release with: Created commit 79dd568d6d in evo master (3.27.90+) [1] Created commit 963e2b721a in evo gnome-3-26 (3.26.5+) [1] https://git.gnome.org/browse/evolution/commit/?id=79dd568d6d
It looks like I didn't fix it completely, I just noticed something odd. I'll investigate it further and then update this bug report.
Hrm, while it seemed like I'm able to reproduce this just by sending the message yesterday, I'm not able to reproduce it today. I'll keep watching for this issue and update the bug if I find anything.
*** Bug 1543644 has been marked as a duplicate of this bug. ***
*** Bug 1554144 has been marked as a duplicate of this bug. ***
*** Bug 1554146 has been marked as a duplicate of this bug. ***
I'm reopening this bug report, both due comment #15 and due to the duplicates.
I'm still not able to reproduce this reliably. It looks like one of the prerequisites is to close the composer while it is auto-saving the message, thus when the auto-save is done the composer window is gone.
*** Bug 1583000 has been marked as a duplicate of this bug. ***
I made some enhancements in the previous change which might help with this. I hope. Created commit 2179125d83 in evo master (3.29.3+) [1] Created commit f5f57a0f05 in evo gnome-3-28 (3.28.3+) [1] https://gitlab.gnome.org/GNOME/evolution/commit/2179125d83