RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1947187 - [abrt] evolution: verify_certificate_cb(): evolution killed by SIGABRT
Summary: [abrt] evolution: verify_certificate_cb(): evolution killed by SIGABRT
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: glib-networking
Version: 9.0
Hardware: x86_64
OS: All
unspecified
medium
Target Milestone: beta
: ---
Assignee: Michael Catanzaro
QA Contact: Tomas Pelka
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:5ac31fa2ee51507fbeb9e092294...
Depends On: 1719987
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-07 20:53 UTC by Michael Catanzaro
Modified: 2022-05-17 15:37 UTC (History)
28 users (show)

Fixed In Version: glib-networking-2.68.3-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1719987
Environment:
Last Closed: 2022-05-17 15:36:00 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNOME Gitlab GNOME glib-networking issues 97 0 None None None 2021-11-30 14:36:13 UTC
Red Hat Product Errata RHBA-2022:3894 0 None None None 2022-05-17 15:36:04 UTC

Description Michael Catanzaro 2021-04-07 20:53:43 UTC 
+++ This bug was initially created as a clone of Bug #1719987 +++

Version-Release number of selected component:
evolution-3.32.2-1.fc30

Additional info:
reporter:       libreport-2.10.0
backtrace_rating: 4
cmdline:        evolution
crash_function: verify_certificate_cb
executable:     /usr/bin/evolution
journald_cursor: s=f94a1f45d07340ba9f1a92084a886f84;i=49685;b=2ed67db813a14f588def09b33e24b2ca;m=1d71e308f;t=58b07be4b5b82;x=59254b7ade2b8c0e
kernel:         5.1.6-300.fc30.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1000

--- Additional comment from Tadas on 2019-06-12 16:30:49 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:30:50 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:30:52 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:30:54 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:30:55 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:30:57 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:30:58 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:31:00 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:31:02 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:31:03 CDT ---



--- Additional comment from Tadas on 2019-06-12 16:31:05 CDT ---



--- Additional comment from Milan Crha on 2019-06-13 02:15:44 CDT ---

Thanks for a bug report. This is crashing somewhere deep in gnutls, thus I move it there for further investigation. It would be also helpful if you could provide steps or at least the context when this happened to you and whether you are able to reproduce this. Thanks in advance.

Thread 1 (Thread 0x7fb7beffd700 (LWP 10817)):
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007fb7f0a07895 in __GI_abort () at abort.c:79
#2  0x00007fb7f3c6eb53 in g_assertion_message (domain=<optimized out>, file=<optimized out>, line=<optimized out>, func=0x7fb7d4566170 <__FUNCTION__.31924> "verify_certificate_cb", message=<optimized out>) at ../glib/gtestutils.c:2878
#3  0x00007fb7f3cca6ff in g_assertion_message_expr (domain=domain@entry=0x7fb7d456507b "GLib-Net", file=file@entry=0x7fb7d4565940 "../tls/gnutls/gtlsconnection-gnutls.c", line=line@entry=1939, func=func@entry=0x7fb7d4566170 <__FUNCTION__.31924> "verify_certificate_cb", expr=expr@entry=0x7fb7d456584a "priv->handshake_context") at ../glib/gtestutils.c:2904
#4  0x00007fb7d455ebce in verify_certificate_cb (session=<optimized out>) at ../tls/gnutls/gtlsconnection-gnutls.c:1939
#5  verify_certificate_cb (session=<optimized out>) at ../tls/gnutls/gtlsconnection-gnutls.c:1924
#6  0x00007fb7d4398cf1 in _gnutls_run_verify_callback (side=2, session=0x7fb71c006d70) at handshake.c:2847
#7  _gnutls_run_verify_callback (session=0x7fb71c006d70, side=2) at handshake.c:2813
#8  0x00007fb7d439c5d8 in handshake_client (session=0x7fb71c006d70) at handshake.c:2969
#9  gnutls_handshake (session=0x7fb71c006d70) at handshake.c:2724
#10 0x00007fb7d455e4a7 in handshake_thread (task=0x7fb7b4053d50, object=0x55e880908d50, task_data=<optimized out>, cancellable=<optimized out>) at ../tls/gnutls/gtlsconnection-gnutls.c:2051
#11 0x00007fb7f3e80927 in g_task_thread_pool_thread (thread_data=0x7fb7b4053d50, pool_data=<optimized out>) at ../gio/gtask.c:1404
#12 0x00007fb7f3ccbf14 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:308
#13 0x00007fb7f3ccb4e2 in g_thread_proxy (data=0x7fb73c00f850) at ../glib/gthread.c:805
#14 0x00007fb7f47fe5a2 in start_thread (arg=<optimized out>) at pthread_create.c:486
#15 0x00007fb7f0ae0303 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

--- Additional comment from Anderson Sasaki on 2019-07-22 08:02:04 CDT ---

Failure seems to happen in the certificate verification callback registered from glib-networking.

Reassigning bug for further investigation.

--- Additional comment from Michael Catanzaro on 2019-09-23 10:47:13 CDT ---



--- Additional comment from Michael Catanzaro on 2019-09-23 10:52:26 CDT ---

I don't know how to subscribe to glib-networking bugs. If anyone knows, that would be great. I only noticed this today because Milan reported it upstream.

Anyway, I agree this is definitely glib-networking's fault, not Evolution or GnuTLS.

--- Additional comment from Milan Crha on 2019-12-09 11:23:45 CST ---

(In reply to Michael Catanzaro from comment #15)
> I don't know how to subscribe to glib-networking bugs. If anyone knows, that
> would be great.

Maybe you figured that out already, thus just in case: Open the project URL:
https://src.fedoraproject.org/rpms/glib-networking
and there expand the "Watch" and pick the one you are interested in. 
That will do what you are looking for, I believe.

--- Additional comment from Michael Catanzaro on 2019-12-09 14:51:21 CST ---

That definitely doesn't work. I was already subscribed. :)

This page works: https://bugzilla.redhat.com/userprefs.cgi?tab=component_watch

--- Additional comment from Fedora Update System on 2019-12-09 14:53:46 CST ---

FEDORA-2019-4f2383bec6 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-4f2383bec6

--- Additional comment from Fedora Update System on 2019-12-09 15:21:27 CST ---

FEDORA-2019-395944db07 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-395944db07

--- Additional comment from Michael Catanzaro on 2019-12-09 15:22:15 CST ---

I'm about 70% confident this is fixed. Please complain if you hit this bug with the update.

--- Additional comment from Fedora Update System on 2019-12-10 12:28:05 CST ---

glib-networking-2.60.4-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-395944db07

--- Additional comment from Fedora Update System on 2019-12-10 12:47:24 CST ---

glib-networking-2.62.2-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-4f2383bec6

--- Additional comment from Fedora Update System on 2019-12-16 19:45:02 CST ---

glib-networking-2.62.2-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

--- Additional comment from Fedora Update System on 2020-01-04 16:14:16 CST ---

glib-networking-2.60.4-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

--- Additional comment from Milan Crha on 2020-01-06 08:23:08 CST ---



--- Additional comment from Michael Catanzaro on 2020-01-06 08:55:03 CST ---

Reopening because the user in bug #1787348 already has glib-networking 2.62.2, so the bug is not fixed after all.

I have no clue how it's still happening, but I'm trying to land a major refactor for 2.64 that should obsolete this.

--- Additional comment from Michael Catanzaro on 2020-02-04 14:10:40 CST ---



--- Additional comment from Michael Catanzaro on 2020-02-04 14:11:29 CST ---

(In reply to Michael Catanzaro from comment #26)
> I have no clue how it's still happening, but I'm trying to land a major
> refactor for 2.64 that should obsolete this.

It has slipped to 2.66, sorry.

--- Additional comment from Davide Repetto on 2020-02-12 03:04:13 CST ---

Similar problem has been detected:

This crash happened while I was marking messages as SPAM in rapid succession, at a rate of about one to three messages per second.
This is something I do every day and this is the first time a crash happened.

reporter:       libreport-2.11.3
backtrace_rating: 4
cgroup:         0::/user.slice/user-1000.slice/session-2.scope
cmdline:        evolution
crash_function: g_tls_connection_base_handshake_thread_verify_certificate
executable:     /usr/bin/evolution
journald_cursor: s=2192acf3104b4e0fb3e4bc0c4656d669;i=17cc;b=da43726002ea4a9ca1928b70cd199b79;m=20f991e71d;t=59e5cc1c86b3d;x=21cdd2cd39d405a1
kernel:         5.4.17-200.fc31.x86_64
package:        evolution-3.34.3-1.fc31
reason:         evolution killed by SIGABRT
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1000

--- Additional comment from Ben Cotton on 2020-04-30 15:27:31 CDT ---

This message is a reminder that Fedora 30 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 30 on 2020-05-26.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '30'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 30 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

--- Additional comment from Milan Crha on 2020-05-06 03:08:41 CDT ---



--- Additional comment from Michael Catanzaro on 2020-05-06 08:23:34 CDT ---

FYI this is still on my radar, I'm still hoping to remove this code in 2.64, and still don't see how it could happen.

--- Additional comment from Michael Catanzaro on 2020-05-13 07:21:57 CDT ---



--- Additional comment from Michael Catanzaro on 2020-05-13 07:22:34 CDT ---

From bug #1834994:

(In reply to Michael Catanzaro from comment #13)
> (In reply to Milan Crha from comment #12)
> > Michael, search the backtrace for: 0x7f42ec0147f0 . I think it's
> > suspiciously used, but I do not know glib-networking internals, thus maybe
> > it's correct (for example I do not know why it is part of the 'sorted'
> > array).
> 
> It's expected to be used on two threads at once, but it's not expected for
> it to be part of the 'sorted' array. That's messed up.

--- Additional comment from Michael Catanzaro on 2020-05-13 07:51:45 CDT ---

(In reply to Michael Catanzaro from comment #34)
> It's expected to be used on two threads at once, but it's not expected for
> it to be part of the 'sorted' array. That's messed up.

So I'm fairly confident that if we were to have caught that under valgrind or asan, it would be pointing us directly to the problem. But with just a backtrace, it's impossible to know what has gone wrong. Debugging this is going to require active effort from someone who is hitting the crash to run e-d-s constantly under valgrind.

--- Additional comment from Milan Crha on 2020-05-25 03:35:42 CDT ---



--- Additional comment from Ben Cotton on 2020-08-11 08:06:20 CDT ---

This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.

--- Additional comment from Milan Crha on 2020-10-29 11:38:24 CDT ---



--- Additional comment from John Dodson on 2020-10-31 17:01:48 CDT ---

This abrt event also created thousands of broken symlinks in /var/cache/abrt-di/usr/lib/debug/.build-id
which is very frustrating - that I assume is a bug in abrt? But I can't report it as it won't accept my list of thousands of broken links.

--- Additional comment from Milan Crha on 2020-11-13 03:20:52 CST ---



--- Additional comment from Milan Crha on 2021-01-04 07:02:55 CST ---



--- Additional comment from Milan Crha on 2021-03-08 01:40:29 CST ---



--- Additional comment from Milan Crha on 2021-03-08 01:40:43 CST ---



--- Additional comment from Milan Crha on 2021-03-26 01:35:15 CDT ---
Comment 2 Milan Crha 2021-04-08 15:03:33 UTC 
Can this be a consequence of the bug #1947188 ? I see that sometimes things cause a crash and sometimes not, as they cause other kind of the problem.
Comment 3 Michael Catanzaro 2021-04-08 15:06:15 UTC 
(In reply to Milan Crha from comment #2)
> Can this be a consequence of the bug #1947188 ? I see that sometimes things
> cause a crash and sometimes not, as they cause other kind of the problem.

No I don't think so, because this crash occurs in the GTlsConnection, not the global GTlsDatabase that gets shared between different GTlsConnections.
Comment 4 Milan Crha 2021-04-08 15:28:52 UTC 
I've been thinking of kind of use-after-free issue, which can strike any time and anywhere, long after they actually happened.
Comment 5 Michael Catanzaro 2021-12-06 14:58:01 UTC 
I just released glib-networking 2.68.3 with a workaround for this issue. The only other changes are (a) Croatian translation update, and (b) one memory leak fix. Should be pretty safe, unless the workaround for this issue unexpectedly breaks something.
Comment 10 errata-xmlrpc 2022-05-17 15:36:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: glib-networking), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3894
Note You need to log in before you can comment on or make changes to this bug.