Description of problem: the latest claws package crashes all the time for me in a gcc malloc corruption crash.... this started less than 2 weeks ago; the package before that was just fine.. this is obviously highly annoying and it's something done late in the game, so hopefully easy to revert.
Hi, Can you get a backtrace with symbols ? Maybe a fix is already in CVS, and if not, it'll be done :)
======= Backtrace: ========= /lib/libc.so.6[0x82d7e4] /lib/libglib-2.0.so.0(g_free+0x36)[0x46f88356] /lib/libglib-2.0.so.0(g_string_free+0x5c)[0x46fa448c] /usr/bin/claws-mail(session_destroy+0x5d)[0x81e6ffd] /usr/bin/claws-mail[0x80f5353] /usr/bin/claws-mail[0x80f9fa9] /usr/bin/claws-mail(folderview_check_new+0x267)[0x80eab57] /usr/bin/claws-mail(inc_all_account_mail+0x154)[0x8108d04] /usr/bin/claws-mail[0x81173d3] /lib/libglib-2.0.so.0[0x46f807c6] /lib/libglib-2.0.so.0(g_main_context_dispatch+0x1e8)[0x46f80098] /lib/libglib-2.0.so.0[0x46f83743] /lib/libglib-2.0.so.0(g_main_loop_run+0x1d2)[0x46f83c62] /usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xe0)[0x4731690d] /usr/bin/claws-mail(main+0x110c)[0x81191dc] /lib/libc.so.6(__libc_start_main+0xe6)[0x7d65d6] /usr/bin/claws-mail[0x8079191] ======= Memory map: ======== I'll install the debuginfo's as well
It sounds like a double-free that's been fixed in CVS... If you could bother applying these patches and see if it corrects that crash, it'd be great! 3.4.0cvs39 * src/imap.c Fix double free when STARTTLS fails (for example due to refusing the certificate) http://www.colino.net/claws-mail/getpatchset.php?ver=3.4.0cvs39 3.4.0cvs47 * src/imap.c Fix another possible crash (on fatal errors at login, like stream error). http://www.colino.net/claws-mail/getpatchset.php?ver=3.4.0cvs47
ok applied the patches; will see how it holds up in the next few hours
so far so good; no crashes yet with the patched version thanks a lot for the quick response... and it sounds like I would greatly appreciate a fedora update package with these 2 fixes... I'm sure I'm not the only one who hits these.
no such luck ;-( *** glibc detected *** ./claws-mail: double free or corruption (out): 0x12665d20 *** ======= Backtrace: ========= /lib/libc.so.6[0x82d7e4] /lib/libc.so.6(cfree+0x96)[0x82f846] /lib/libglib-2.0.so.0(g_free+0x36)[0x46f88356] /lib/libglib-2.0.so.0(g_string_free+0x5c)[0x46fa448c] ./claws-mail(session_destroy+0x5d)[0x81e709d] ./claws-mail[0x80f5353] ./claws-mail[0x80f826a] ./claws-mail[0x80fa264] ./claws-mail[0x80e1c18] ./claws-mail(folder_item_move_msgs+0x2d)[0x80e1dbd] ./claws-mail(filtering_move_and_copy_msgs+0x2fa)[0x80dcaea] ./claws-mail(folder_item_scan_full+0x947)[0x80e0ae7] ./claws-mail(folder_item_scan+0x19)[0x80e11d9] ./claws-mail(folderview_check_new+0x308)[0x80eabf8] ./claws-mail(inc_all_account_mail+0x154)[0x8108da4] ./claws-mail[0x8108f1b] /lib/libglib-2.0.so.0[0x46f807c6] /lib/libglib-2.0.so.0(g_main_context_dispatch+0x1e8)[0x46f80098] /lib/libglib-2.0.so.0[0x46f83743] /lib/libglib-2.0.so.0(g_main_loop_run+0x1d2)[0x46f83c62] /usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xe0)[0x4731690d] ./claws-mail(main+0x110c)[0x811927c] /lib/libc.so.6(__libc_start_main+0xe6)[0x7d65d6] ./claws-mail[0x8079191] ======= Memory map: ======== it happened when I lost connection to my access point
> it happened when I lost connection to my access point The backtrace is a bit different, it's probably another double-free in error handling :-( I'll look more closely at it; can you send a gdb backtrace with symbols? You should be able to reproduce it by disconnecting the AP in the middle of an imap mail copy.
BTW, did the frequency of the crashes go down since you applied the two patches?
as for the frequency...hard to say, I would say it went down some, but since it's correlated with my wifi being shitty, that can also be externally caused #5 0x0082f846 in __libc_free (mem=<value optimized out>) at malloc.c:3625 #6 0x46f88356 in IA__g_free (mem=<value optimized out>) at gmem.c:190 #7 0x46fa448c in IA__g_string_free (string=<value optimized out>, free_segment=<value optimized out>) at gstring.c:473 #8 0x081e709d in session_destroy (session=0xf89e200) at session.c:211 #9 0x080f5353 in imap_handle_error (session=0xf89e200, libetpan_errcode=<value optimized out>) at imap.c:540 #10 0x080f62f9 in imap_cmd_noop (session=0xf89e200) at imap.c:3440 #11 0x080f9bfa in imap_scan_required (folder=0x9638800, _item=0x963a100) at imap.c:4119 #12 0x080de815 in folder_item_write_cache (item=0x963a100) at folder.c:2499 #13 0x080dfc54 in folder_item_close (item=0x963a100) at folder.c:1900 #14 0x080e8eef in folderview_close_opened (folderview=0x93e4d30) at folderview.c:2156 #15 0x080e922a in folderview_selected (ctree=0x93571c0, row=0x9634590, column=-1, folderview=0x93e4d30) at folderview.c:2215 #16 0x4731d9f7 in _gtk_marshal_VOID__POINTER_INT (closure=Could not find the frame base for "_gtk_marshal_VOID__POINTER_INT". ) at gtkmarshalers.c:2481 #17 0x4703512b in IA__g_closure_invoke (closure=<value optimized out>, return_value=<value optimized out>, n_param_values=<value optimized out>, param_values=<value optimized out>, invocation_hint=<value optimized out>) at gclosure.c:490 #18 0x47049995 in signal_emit_unlocked_R (node=<value optimized out>, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:2440 #19 0x4704aece in IA__g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=<value optimized out>) at gsignal.c:2199 #20 0x473a053a in IA__gtk_signal_emit (object=Could not find the frame base for "IA__gtk_signal_emit". ) at gtksignal.c:360 #21 0x4726c672 in IA__gtk_ctree_select (ctree=Could not find the frame base for "IA__gtk_ctree_select". ) at gtkctree.c:4491 #22 0x47269895 in real_unselect_all (clist=Could not find the frame base for "real_unselect_all". ) at gtkctree.c:3469 #23 0x08213496 in gtk_sctree_real_unselect_all (clist=0x93571c0) at gtksctree.c:1886 #24 0x472373bc in IA__gtk_clist_unselect_all (clist=Could not find the frame base for "IA__gtk_clist_unselect_all". ) at gtkclist.c:3513 #25 0x0821122e in select_row (sctree=0x93571c0, row=11, col=0, state=<value optimized out>, _node=0x0) at gtksctree.c:1477 #26 0x08212937 in gtk_sctree_button_press (widget=0x93571c0, event=0xef52630) at gtksctree.c:1648 #27 0x4731a13e in _gtk_marshal_BOOLEAN__BOXED (closure=Could not find the frame base for "_gtk_marshal_BOOLEAN__BOXED". ) at gtkmarshalers.c:84 #28 0x470338a9 in g_type_class_meta_marshal (closure=<value optimized out>, return_value=Could not find the frame base for "g_type_class_meta_marshal". ) at gclosure.c:567 #29 0x4703512b in IA__g_closure_invoke (closure=<value optimized out>, return_value=<value optimized out>, n_param_values=<value optimized out>, param_values=<value optimized out>, invocation_hint=<value optimized out>) at gclosure.c:490 #30 0x4704963d in signal_emit_unlocked_R (node=<value optimized out>, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:2478 #31 0x4704ad58 in IA__g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=<value optimized out>) at gsignal.c:2209 #32 0x4704b336 in IA__g_signal_emit (instance=Could not find the frame base for "IA__g_signal_emit". ) at gsignal.c:2243 #33 0x4748b928 in gtk_widget_event_internal (widget=Could not find the frame base for "gtk_widget_event_internal". ) at gtkwidget.c:4678 #34 0x4748b450 in IA__gtk_widget_event (widget=Could not find the frame base for "IA__gtk_widget_event". ) at gtkwidget.c:4478 #35 0x473186fb in IA__gtk_propagate_event (widget=Could not find the frame base for "IA__gtk_propagate_event". ) at gtkmain.c:2336 #36 0x473171aa in IA__gtk_main_do_event (event=Could not find the frame base for "IA__gtk_main_do_event". ) at gtkmain.c:1541 #37 0x47137fc0 in gdk_event_dispatch (source=Could not find the frame base for "gdk_event_dispatch". ) at gdkevents-x11.c:2351 #38 0x46f80098 in IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2009 #39 0x46f83743 in g_main_context_iterate (context=<value optimized out>, block=<value optimized out>, dispatch=<value optimized out>, self=Could not find the frame base for "g_main_context_iterate". ) at gmain.c:2642 #40 0x46f83901 in IA__g_main_context_iteration (context=<value optimized out>, may_block=<value optimized out>) at gmain.c:2705 #41 0x47316b69 in IA__gtk_main_iteration () at gtkmain.c:1251 #42 0x081deeed in threaded_run (folder=0x9638800, param=0xbfbc0a38, result=0xbfbc0a34, func=0x81e07a0 <expunge_run>) at imap-thread.c:427 #43 0x081df28a in imap_threaded_expunge (folder=0x9638800) at imap-thread.c:2959 #44 0x080f93d5 in imap_cmd_expunge (session=0xf89e200) at imap.c:3730 #45 0x080fa275 in imap_remove_msgs (folder=0x9638800, dest=0x963a100, msglist=0x0, relation=0xf840ce8) at imap.c:1967 #46 0x080e1c18 in do_copy_msgs (dest=0x9635e28, msglist=0xf5c5440, remove_source=1) at folder.c:3232 #47 0x080e1dbd in folder_item_move_msgs (dest=0x9635e28, msglist=0xf5c5440) at folder.c:3389 #48 0x080dcaea in filtering_move_and_copy_msgs (msgs=0xee018d0) at filtering.c:246 #49 0x080e0ae7 in folder_item_scan_full (item=0x963a100, filtering=1) at folder.c:2190 #50 0x080e11d9 in folder_item_scan (item=0x963a100) at folder.c:2295 #51 0x080eabf8 in folderview_check_new (folder=0x9638800) at folderview.c:1270 #52 0x08108da4 in inc_all_account_mail (mainwin=0x9366608, autocheck=1, notify=0) at inc.c:365 #53 0x08108f1b in inc_autocheck_func (data=0x9366608) at inc.c:1538 #54 0x46f807c6 in g_timeout_dispatch (source=Could not find the frame base for "g_timeout_dispatch". ) at gmain.c:3443 #55 0x46f80098 in IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2009 #56 0x46f83743 in g_main_context_iterate (context=<value optimized out>, block=<value optimized out>, dispatch=<value optimized out>, self=Could not find the frame base for "g_main_context_iterate". ) at gmain.c:2642 #57 0x46f83c62 in IA__g_main_loop_run (loop=<value optimized out>) at gmain.c:2850 #58 0x4731690d in IA__gtk_main () at gtkmain.c:1163 #59 0x0811927c in main (argc=Cannot access memory at address 0x0 ) at main.c:1505
progress; via some instrumentation of the code I've found that session_destroy() is being called on a session that previously had session_destroy() called on it. This clearly leads to various double frees etc.... next: find out why a session that was destroyed still hung around to be destroyed again.
I added the code below (with a printf) and... so far no crashes (but the printf is triggering, and clearly if it triggers that would later on lead to a double free). @@ -3307,7 +3309,13 @@ static gint imap_status(IMAPSession *ses g_free(real_path); if (r != MAILIMAP_NO_ERROR) { + RemoteFolder *rfolder = REMOTE_FOLDER(folder); imap_handle_error(SESSION(session), r); + if (session == rfolder->session) + rfolder->session = NULL; debug_print("status err %d\n", r); return r; }
several hours with this patch... no crashes this is looking promising
Hi Arjan, I've looked at that yesterday, and that's indeed the problem (imap_handle_error() can destroy a session if the error is fatal (like a stream error). I've fixed it differently, because your patch is good but would require a lot of similar hunks. My patch consists of setting session state to disconnected, but not destroying it right on the spot. Could you try with this imap.c file? (not pointing at a patch, because there have been more than one and I'm not sure they'd apply cleanly): http://www.colino.net/claws-mail/src/imap.c Thanks!
Hi Arjan, Is it more stable with the fixed imap.c from comment #13 ?
Arjan, ping :) We (upstream) plan on a release on June 27th and would like to confirm the fix...
woops sorry about that; I've been away on a trip and didn't want to mess with a now-working setup during that. I'll recompile and give it a shot.
imap.o: In function `imap_remove_cached_msg': /usr/src/redhat/BUILD/claws-mail-3.3.1/src/imap.c:1254: undefined reference to `claws_unlink'
never mind; easy to fix (just use g_unlink for now)
Ah right, forgot about that :) It's new in CVS, indeed just a wrapper to g_unlink or to shred according to a new preference for half paranoiacs (full paranoiacs have LUKS-encrpyted filesystems anyway ;)
several hours in, no crashes...... so far so good
Still running good? :)
not a crash since... I'd say ship it! thanks for fixing this so quickly
It was crashing all the time and now after I applied the patches it works fine. Could you please at least push it to the testing repository? Sadly, claws-mail is pretty useless without it :(
3.5.0 is out since Friday, I guess updated packages will come soon :)
Created attachment 310561 [details] claws-mail.spec-3.5.0.patch This seems to work for me.
claws-mail-3.5.0-1.fc8 has been submitted as an update for Fedora 8
claws-mail-3.5.0-1.fc9 has been submitted as an update for Fedora 9
claws-mail-plugins-3.5.0-1.fc9, claws-mail-3.5.0-1.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update claws-mail-plugins claws-mail'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6246
claws-mail-plugins-3.5.0-1.fc9, claws-mail-3.5.0-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
claws-mail-plugins-3.5.0-1.fc8, claws-mail-3.5.0-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.