Version-Release number of selected component: evolution-data-server-3.56.2-1.fc42 Additional info: reporter: libreport-2.17.15 type: CCpp reason: evolution-calendar-factory killed by SIGSEGV journald_cursor: s=5c07d2b76c634327bd03e0830805b202;i=177446;b=bbe5ed35eca9468ea6c1e84fa15a30c3;m=1e2e4f04d2;t=63c401a75ec8a;x=ba877b7b0f229409 executable: /usr/libexec/evolution-calendar-factory cmdline: /usr/libexec/evolution-calendar-factory cgroup: 0::/user.slice/user-1000.slice/user/app.slice/evolution-calendar-factory.service rootdir: / uid: 1000 kernel: 6.15.9-201.fc42.x86_64 package: evolution-data-server-3.56.2-1.fc42 runlevel: N 5 backtrace_rating: 4 crash_function: object_find_init Truncated backtrace: Thread no. 1 (34 frames) #0 object_find_init at src/lib/object.c:338 #1 C_FindObjectsInit at src/pkcs11.c:490 #2 find_cert_cb at ../../lib/pkcs11.c:4173 #3 _pkcs11_traverse_tokens at ../../lib/pkcs11.c:1618 #4 _gnutls_pkcs11_get_distrust_after at ../../lib/pkcs11.c:4855 #5 _gnutls_pkcs11_verify_crt_status at ../../../lib/x509/verify.c:1343 #6 gnutls_x509_trust_list_verify_crt2 at ../../../lib/x509/verify-high.c:1590 #7 _gnutls_x509_cert_verify_peers at ../../lib/cert-session.c:598 #8 gnutls_certificate_verify_peers at ../../lib/cert-session.c:770 #9 gnutls_certificate_verify_peers3 at ../../lib/cert-session.c:704 #10 g_tls_connection_gnutls_verify_chain at ../tls/gnutls/gtlsconnection-gnutls.c:1061 #11 verify_peer_certificate at ../tls/base/gtlsconnection-base.c:1355 #12 accept_or_reject_peer_certificate at ../tls/base/gtlsconnection-base.c:1397 #15 g_main_context_dispatch_unlocked at ../glib/gmain.c:4249 #16 g_main_context_iterate_unlocked at ../glib/gmain.c:4314 #17 g_main_context_iteration at ../glib/gmain.c:4379 #18 crank_sync_handshake_context at ../tls/base/gtlsconnection-base.c:1690 #19 g_tls_connection_base_handshake at ../tls/base/gtlsconnection-base.c:1815 #20 soup_connection_connect at ../libsoup/soup-connection.c:873 #21 soup_session_ensure_item_connection at ../libsoup/soup-session.c:1783 #22 soup_session_process_queue_item at ../libsoup/soup-session.c:1805 #23 soup_session_send at ../libsoup/soup-session.c:3264 #24 e_soup_session_send_message_sync at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/libedataserver/e-soup-session.c:1948 #25 e_soup_session_send_message_simple_sync at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/libedataserver/e-soup-session.c:2095 #26 e_webdav_session_propfind_internal_sync at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/libedataserver/e-webdav-session.c:1432 #27 e_webdav_session_propfind_sync at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/libedataserver/e-webdav-session.c:1488 #28 e_webdav_session_getctag_sync at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/libedataserver/e-webdav-session.c:3309 #29 ecb_caldav_get_changes_sync at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/calendar/backends/caldav/e-cal-backend-caldav.c:891 #30 e_cal_meta_backend_get_changes_sync at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/calendar/libedata-cal/e-cal-meta-backend.c:5149 #31 ecmb_refresh_internal_sync at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/calendar/libedata-cal/e-cal-meta-backend.c:821 #32 e_cal_backend_custom_operation_thread at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/calendar/libedata-cal/e-cal-backend.c:4651 #34 cal_backend_dispatch_thread at /usr/src/debug/evolution-data-server-3.56.2-1.fc42.x86_64/src/calendar/libedata-cal/e-cal-backend.c:430 #36 g_thread_proxy at ../glib/gthread.c:893 #38 __clone3 at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
Created attachment 2103509 [details] File: proc_pid_status
Created attachment 2103510 [details] File: maps
Created attachment 2103511 [details] File: limits
Created attachment 2103512 [details] File: os_info
Created attachment 2103513 [details] File: cpuinfo
Created attachment 2103514 [details] File: core_backtrace
Created attachment 2103515 [details] File: exploitable
Created attachment 2103516 [details] File: dso_list
Created attachment 2103517 [details] File: mountinfo
Created attachment 2103518 [details] File: backtrace
Created attachment 2103519 [details] File: open_fds
Created attachment 2103520 [details] File: environ
Thanks for a bug report. This looks similar as bug #1937513. From what I can see, several of your CalDAV calendars had been connecting to their server, while multiple threads had been accessing GnuTLS internals. That's something what had been supposed to be fixed within that old bug, if I recall correctly. I move this to the glib-networking for further investigation. I see some threads do wait on some condition, but not all, not from all the places.
Good analysis, thanks. I see we are verifying the same gnutls_x509_trust_list 0x7fd319089520 on thread 1 (the crash thread) and thread 12 at the same time. This is indeed very similar to bug #1937513, but it's not the same because in that bug GTlsDatabase was performing the verification, whereas in this bug, it's handled by GTlsConnection instead. That changed in https://gitlab.gnome.org/GNOME/glib-networking/-/commit/d94c33138ecb12905fde400b1db41a3829ce7be9 so the original fix here didn't even last for very long. The underlying issue is a bug in GnuTLS, https://gitlab.com/gnutls/gnutls/-/issues/1212. Probably best to just fix it. Alternatively, it can probably be solved with extra mutexes in glib-networking, but that really shouldn't be required.
This does not look like the same issue as bug #1937513, where I put a comment saying that the original issue was fixed in: https://gitlab.com/gnutls/gnutls/-/issues/1277 Here, the crash is happening in a PKCS#11 module itself: > crash_function: object_find_init > > Truncated backtrace: > Thread no. 1 (34 frames) > #0 object_find_init at src/lib/object.c:338 > #1 C_FindObjectsInit at src/pkcs11.c:490 > #2 find_cert_cb at ../../lib/pkcs11.c:4173 I suspect that the object_find_init function is from tpm2-pkcs11: https://github.com/tpm2-software/tpm2-pkcs11/blob/1e5b798e2f1b0b674a97bf1149d28874779a2680/src/lib/object.c#L313 which has a locking mechanism, but it is only enabled under certain conditions (CKF_OS_LOCKING_OK is set and/or locking functions are specified): https://github.com/tpm2-software/tpm2-pkcs11/blob/1e5b798e2f1b0b674a97bf1149d28874779a2680/src/lib/general.c#L173 I guess the fix would be to simply set the CKF_OS_LOCKING_OK flag in the GnuTLS; this is done for p11-kit-trust.so, but not for external modules: https://gitlab.com/gnutls/gnutls/-/blob/935505fa10e96e92f3f2d69ca6f64f0ac2726d15/lib/pkcs11.c#L412
FEDORA-2025-45b1844342 (gnutls-3.8.11-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-45b1844342
FEDORA-2025-45b1844342 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-45b1844342` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-45b1844342 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-45b1844342 (gnutls-3.8.11-1.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.