Bug 448750 - Latest update of claws crashes all the time
Latest update of claws crashes all the time
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: claws-mail (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Andreas Bierfert
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-28 12:03 EDT by Arjan van de Ven
Modified: 2008-07-23 03:19 EDT (History)
3 users (show)

See Also:
Fixed In Version: 3.5.0-1.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-18 19:08:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
claws-mail.spec-3.5.0.patch (1.32 KB, text/x-patch)
2008-06-30 01:59 EDT, Jens Petersen
no flags Details

  None (edit)
Description Arjan van de Ven 2008-05-28 12:03:20 EDT
Description of problem:

the latest claws package crashes all the time for me in a gcc malloc corruption
crash.... this started less than 2 weeks ago; the package before that was just
fine.. this is obviously highly annoying and it's something done late in the
game, so hopefully easy to revert.
Comment 1 Colin Leroy 2008-05-29 10:31:14 EDT
Hi,

Can you get a backtrace with symbols ? Maybe a fix is already in CVS, and if
not, it'll be done :)
Comment 2 Arjan van de Ven 2008-05-29 12:40:06 EDT
======= Backtrace: =========
/lib/libc.so.6[0x82d7e4]
/lib/libglib-2.0.so.0(g_free+0x36)[0x46f88356]
/lib/libglib-2.0.so.0(g_string_free+0x5c)[0x46fa448c]
/usr/bin/claws-mail(session_destroy+0x5d)[0x81e6ffd]
/usr/bin/claws-mail[0x80f5353]
/usr/bin/claws-mail[0x80f9fa9]
/usr/bin/claws-mail(folderview_check_new+0x267)[0x80eab57]
/usr/bin/claws-mail(inc_all_account_mail+0x154)[0x8108d04]
/usr/bin/claws-mail[0x81173d3]
/lib/libglib-2.0.so.0[0x46f807c6]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1e8)[0x46f80098]
/lib/libglib-2.0.so.0[0x46f83743]
/lib/libglib-2.0.so.0(g_main_loop_run+0x1d2)[0x46f83c62]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xe0)[0x4731690d]
/usr/bin/claws-mail(main+0x110c)[0x81191dc]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7d65d6]
/usr/bin/claws-mail[0x8079191]
======= Memory map: ========


I'll install the debuginfo's as well
Comment 3 Colin Leroy 2008-05-29 12:52:21 EDT
It sounds like a double-free that's been fixed in CVS...
If you could bother applying these patches and see if it corrects that crash,
it'd be great! 

3.4.0cvs39	* src/imap.c
    Fix double free when STARTTLS fails (for
    example due to refusing the certificate)

http://www.colino.net/claws-mail/getpatchset.php?ver=3.4.0cvs39

3.4.0cvs47	* src/imap.c
    Fix another possible crash (on fatal errors
    at login, like stream error).

http://www.colino.net/claws-mail/getpatchset.php?ver=3.4.0cvs47
Comment 4 Arjan van de Ven 2008-05-29 12:59:59 EDT
ok applied the patches; will see how it holds up in the next few hours
Comment 5 Arjan van de Ven 2008-05-30 02:09:46 EDT
so far so good; no crashes yet with the patched version
thanks a lot for the quick response...

and it sounds like I would greatly appreciate a fedora update package with these
2 fixes... I'm sure I'm not the only one who hits these.
Comment 6 Arjan van de Ven 2008-05-30 14:04:51 EDT
no such luck ;-(

*** glibc detected *** ./claws-mail: double free or corruption (out): 0x12665d20 ***
======= Backtrace: =========
/lib/libc.so.6[0x82d7e4]
/lib/libc.so.6(cfree+0x96)[0x82f846]
/lib/libglib-2.0.so.0(g_free+0x36)[0x46f88356]
/lib/libglib-2.0.so.0(g_string_free+0x5c)[0x46fa448c]
./claws-mail(session_destroy+0x5d)[0x81e709d]
./claws-mail[0x80f5353]
./claws-mail[0x80f826a]
./claws-mail[0x80fa264]
./claws-mail[0x80e1c18]
./claws-mail(folder_item_move_msgs+0x2d)[0x80e1dbd]
./claws-mail(filtering_move_and_copy_msgs+0x2fa)[0x80dcaea]
./claws-mail(folder_item_scan_full+0x947)[0x80e0ae7]
./claws-mail(folder_item_scan+0x19)[0x80e11d9]
./claws-mail(folderview_check_new+0x308)[0x80eabf8]
./claws-mail(inc_all_account_mail+0x154)[0x8108da4]
./claws-mail[0x8108f1b]
/lib/libglib-2.0.so.0[0x46f807c6]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1e8)[0x46f80098]
/lib/libglib-2.0.so.0[0x46f83743]
/lib/libglib-2.0.so.0(g_main_loop_run+0x1d2)[0x46f83c62]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xe0)[0x4731690d]
./claws-mail(main+0x110c)[0x811927c]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7d65d6]
./claws-mail[0x8079191]
======= Memory map: ========

it happened when I lost connection to my access point
Comment 7 Colin Leroy 2008-05-31 05:13:16 EDT
> it happened when I lost connection to my access point

The backtrace is a bit different, it's probably another double-free in error
handling :-(

I'll look more closely at it; can you send a gdb backtrace with symbols? You
should be able to reproduce it by disconnecting the AP in the middle of an imap
mail copy.
Comment 8 Colin Leroy 2008-05-31 06:34:51 EDT
BTW, did the frequency of the crashes go down since you applied the two patches?
Comment 9 Arjan van de Ven 2008-05-31 18:36:16 EDT
as for the frequency...hard to say, I would say it went down some, but since
it's correlated with my wifi being shitty, that can also be externally caused

#5  0x0082f846 in __libc_free (mem=<value optimized out>) at malloc.c:3625
#6  0x46f88356 in IA__g_free (mem=<value optimized out>) at gmem.c:190
#7  0x46fa448c in IA__g_string_free (string=<value optimized out>, 
    free_segment=<value optimized out>) at gstring.c:473
#8  0x081e709d in session_destroy (session=0xf89e200) at session.c:211
#9  0x080f5353 in imap_handle_error (session=0xf89e200, 
    libetpan_errcode=<value optimized out>) at imap.c:540
#10 0x080f62f9 in imap_cmd_noop (session=0xf89e200) at imap.c:3440
#11 0x080f9bfa in imap_scan_required (folder=0x9638800, _item=0x963a100)
    at imap.c:4119
#12 0x080de815 in folder_item_write_cache (item=0x963a100) at folder.c:2499
#13 0x080dfc54 in folder_item_close (item=0x963a100) at folder.c:1900
#14 0x080e8eef in folderview_close_opened (folderview=0x93e4d30)
    at folderview.c:2156
#15 0x080e922a in folderview_selected (ctree=0x93571c0, row=0x9634590, 
    column=-1, folderview=0x93e4d30) at folderview.c:2215
#16 0x4731d9f7 in _gtk_marshal_VOID__POINTER_INT (closure=Could not find the
frame base for "_gtk_marshal_VOID__POINTER_INT".
)
    at gtkmarshalers.c:2481
#17 0x4703512b in IA__g_closure_invoke (closure=<value optimized out>, 
    return_value=<value optimized out>, n_param_values=<value optimized out>, 
    param_values=<value optimized out>, invocation_hint=<value optimized out>)
    at gclosure.c:490
#18 0x47049995 in signal_emit_unlocked_R (node=<value optimized out>, 
    detail=<value optimized out>, instance=<value optimized out>, 
    emission_return=<value optimized out>, 
    instance_and_params=<value optimized out>) at gsignal.c:2440
#19 0x4704aece in IA__g_signal_emit_valist (instance=<value optimized out>, 
    signal_id=<value optimized out>, detail=<value optimized out>, 
    var_args=<value optimized out>) at gsignal.c:2199
#20 0x473a053a in IA__gtk_signal_emit (object=Could not find the frame base for
"IA__gtk_signal_emit".
) at gtksignal.c:360
#21 0x4726c672 in IA__gtk_ctree_select (ctree=Could not find the frame base for
"IA__gtk_ctree_select".
) at gtkctree.c:4491
#22 0x47269895 in real_unselect_all (clist=Could not find the frame base for
"real_unselect_all".
) at gtkctree.c:3469
#23 0x08213496 in gtk_sctree_real_unselect_all (clist=0x93571c0)
    at gtksctree.c:1886
#24 0x472373bc in IA__gtk_clist_unselect_all (clist=Could not find the frame
base for "IA__gtk_clist_unselect_all".
) at gtkclist.c:3513
#25 0x0821122e in select_row (sctree=0x93571c0, row=11, col=0, 
    state=<value optimized out>, _node=0x0) at gtksctree.c:1477
#26 0x08212937 in gtk_sctree_button_press (widget=0x93571c0, event=0xef52630)
    at gtksctree.c:1648
#27 0x4731a13e in _gtk_marshal_BOOLEAN__BOXED (closure=Could not find the frame
base for "_gtk_marshal_BOOLEAN__BOXED".
) at gtkmarshalers.c:84
#28 0x470338a9 in g_type_class_meta_marshal (closure=<value optimized out>, 
    return_value=Could not find the frame base for "g_type_class_meta_marshal".
) at gclosure.c:567
#29 0x4703512b in IA__g_closure_invoke (closure=<value optimized out>, 
    return_value=<value optimized out>, n_param_values=<value optimized out>, 
    param_values=<value optimized out>, invocation_hint=<value optimized out>)
    at gclosure.c:490
#30 0x4704963d in signal_emit_unlocked_R (node=<value optimized out>, 
    detail=<value optimized out>, instance=<value optimized out>, 
    emission_return=<value optimized out>, 
    instance_and_params=<value optimized out>) at gsignal.c:2478
#31 0x4704ad58 in IA__g_signal_emit_valist (instance=<value optimized out>, 
    signal_id=<value optimized out>, detail=<value optimized out>, 
    var_args=<value optimized out>) at gsignal.c:2209
#32 0x4704b336 in IA__g_signal_emit (instance=Could not find the frame base for
"IA__g_signal_emit".
) at gsignal.c:2243
#33 0x4748b928 in gtk_widget_event_internal (widget=Could not find the frame
base for "gtk_widget_event_internal".
) at gtkwidget.c:4678
#34 0x4748b450 in IA__gtk_widget_event (widget=Could not find the frame base for
"IA__gtk_widget_event".
) at gtkwidget.c:4478
#35 0x473186fb in IA__gtk_propagate_event (widget=Could not find the frame base
for "IA__gtk_propagate_event".
) at gtkmain.c:2336
#36 0x473171aa in IA__gtk_main_do_event (event=Could not find the frame base for
"IA__gtk_main_do_event".
) at gtkmain.c:1541
#37 0x47137fc0 in gdk_event_dispatch (source=Could not find the frame base for
"gdk_event_dispatch".
) at gdkevents-x11.c:2351
#38 0x46f80098 in IA__g_main_context_dispatch (context=<value optimized out>)
    at gmain.c:2009
#39 0x46f83743 in g_main_context_iterate (context=<value optimized out>, 
    block=<value optimized out>, dispatch=<value optimized out>, self=Could not
find the frame base for "g_main_context_iterate".
)
    at gmain.c:2642
#40 0x46f83901 in IA__g_main_context_iteration (context=<value optimized out>, 
    may_block=<value optimized out>) at gmain.c:2705
#41 0x47316b69 in IA__gtk_main_iteration () at gtkmain.c:1251
#42 0x081deeed in threaded_run (folder=0x9638800, param=0xbfbc0a38, 
    result=0xbfbc0a34, func=0x81e07a0 <expunge_run>) at imap-thread.c:427
#43 0x081df28a in imap_threaded_expunge (folder=0x9638800)
    at imap-thread.c:2959
#44 0x080f93d5 in imap_cmd_expunge (session=0xf89e200) at imap.c:3730
#45 0x080fa275 in imap_remove_msgs (folder=0x9638800, dest=0x963a100, 
    msglist=0x0, relation=0xf840ce8) at imap.c:1967
#46 0x080e1c18 in do_copy_msgs (dest=0x9635e28, msglist=0xf5c5440, 
    remove_source=1) at folder.c:3232
#47 0x080e1dbd in folder_item_move_msgs (dest=0x9635e28, msglist=0xf5c5440)
    at folder.c:3389
#48 0x080dcaea in filtering_move_and_copy_msgs (msgs=0xee018d0)
    at filtering.c:246
#49 0x080e0ae7 in folder_item_scan_full (item=0x963a100, filtering=1)
    at folder.c:2190
#50 0x080e11d9 in folder_item_scan (item=0x963a100) at folder.c:2295
#51 0x080eabf8 in folderview_check_new (folder=0x9638800) at folderview.c:1270
#52 0x08108da4 in inc_all_account_mail (mainwin=0x9366608, autocheck=1, 
    notify=0) at inc.c:365
#53 0x08108f1b in inc_autocheck_func (data=0x9366608) at inc.c:1538
#54 0x46f807c6 in g_timeout_dispatch (source=Could not find the frame base for
"g_timeout_dispatch".
) at gmain.c:3443
#55 0x46f80098 in IA__g_main_context_dispatch (context=<value optimized out>)
    at gmain.c:2009
#56 0x46f83743 in g_main_context_iterate (context=<value optimized out>, 
    block=<value optimized out>, dispatch=<value optimized out>, self=Could not
find the frame base for "g_main_context_iterate".
)
    at gmain.c:2642
#57 0x46f83c62 in IA__g_main_loop_run (loop=<value optimized out>)
    at gmain.c:2850
#58 0x4731690d in IA__gtk_main () at gtkmain.c:1163
#59 0x0811927c in main (argc=Cannot access memory at address 0x0
) at main.c:1505
Comment 10 Arjan van de Ven 2008-05-31 19:49:59 EDT
progress; via some instrumentation of the code I've found that
session_destroy() is being called on a session that previously had
session_destroy() called on it. 
This clearly leads to various double frees etc.... 

next: find out why a session that was destroyed still hung around to be
destroyed again.
Comment 11 Arjan van de Ven 2008-05-31 20:47:40 EDT
I added the code below (with a printf) and... so far no crashes
(but the printf is triggering, and clearly if it triggers that would later on
lead to a double free).

@@ -3307,7 +3309,13 @@ static gint imap_status(IMAPSession *ses
 
 	g_free(real_path);
 	if (r != MAILIMAP_NO_ERROR) {
+		RemoteFolder *rfolder = REMOTE_FOLDER(folder);
 		imap_handle_error(SESSION(session), r);
+		if (session == rfolder->session)
+			rfolder->session = NULL;
 		debug_print("status err %d\n", r);
 		return r;
 	}
Comment 12 Arjan van de Ven 2008-06-01 00:13:41 EDT
several hours with this patch... no crashes
this is looking promising
Comment 13 Colin Leroy 2008-06-01 05:35:18 EDT
Hi Arjan,

I've looked at that yesterday, and that's indeed the problem
(imap_handle_error() can destroy a session if the error is fatal (like a stream
error). 
I've fixed it differently, because your patch is good but would require a lot of
similar hunks. My patch consists of setting session state to disconnected, but
not destroying it right on the spot. Could you try with this imap.c file? (not
pointing at a patch, because there have been more than one and I'm not sure
they'd apply cleanly):

http://www.colino.net/claws-mail/src/imap.c

Thanks!
Comment 14 Colin Leroy 2008-06-05 13:14:21 EDT
Hi Arjan,
Is it more stable with the fixed imap.c from comment #13 ?
Comment 15 Colin Leroy 2008-06-11 12:17:25 EDT
Arjan, ping :) We (upstream) plan on a release on June 27th and would like to
confirm the fix...
Comment 16 Arjan van de Ven 2008-06-11 12:51:02 EDT
woops sorry about that; I've been away on a trip and didn't want to mess with 
a now-working setup during that.

I'll recompile and give it a shot.
Comment 17 Arjan van de Ven 2008-06-11 13:50:03 EDT
imap.o: In function `imap_remove_cached_msg':
/usr/src/redhat/BUILD/claws-mail-3.3.1/src/imap.c:1254: undefined reference to
`claws_unlink'
Comment 18 Arjan van de Ven 2008-06-11 13:51:06 EDT
never mind; easy to fix (just use g_unlink for now)
Comment 19 Colin Leroy 2008-06-11 17:03:21 EDT
Ah right, forgot about that :) It's new in CVS, indeed just a wrapper to
g_unlink or to shred according to a new preference for half paranoiacs (full
paranoiacs have LUKS-encrpyted filesystems anyway ;)
Comment 20 Arjan van de Ven 2008-06-11 17:45:15 EDT
several hours in, no crashes...... so far so good
Comment 21 Colin Leroy 2008-06-20 08:03:23 EDT
Still running good? :)
Comment 22 Arjan van de Ven 2008-06-20 09:54:07 EDT
not a crash since... I'd say ship it!
thanks for fixing this so quickly
Comment 23 Martin Nagy 2008-06-28 02:43:42 EDT
It was crashing all the time and now after I applied the patches it works fine.
Could you please at least push it to the testing repository? Sadly, claws-mail
is pretty useless without it :(
Comment 24 Colin Leroy 2008-06-29 16:12:39 EDT
3.5.0 is out since Friday, I guess updated packages will come soon :)
Comment 25 Jens Petersen 2008-06-30 01:59:08 EDT
Created attachment 310561 [details]
claws-mail.spec-3.5.0.patch

This seems to work for me.
Comment 26 Fedora Update System 2008-07-06 16:40:37 EDT
claws-mail-3.5.0-1.fc8 has been submitted as an update for Fedora 8
Comment 27 Fedora Update System 2008-07-06 16:58:05 EDT
claws-mail-3.5.0-1.fc9 has been submitted as an update for Fedora 9
Comment 28 Fedora Update System 2008-07-08 22:53:25 EDT
claws-mail-plugins-3.5.0-1.fc9, claws-mail-3.5.0-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update claws-mail-plugins claws-mail'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6246
Comment 29 Fedora Update System 2008-07-18 19:08:04 EDT
claws-mail-plugins-3.5.0-1.fc9, claws-mail-3.5.0-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 30 Fedora Update System 2008-07-23 03:19:46 EDT
claws-mail-plugins-3.5.0-1.fc8, claws-mail-3.5.0-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.