Bug 358364

Summary: Crashes on startup ever since trying to answer email
Product: [Applications] kontact Reporter: Jan Hudec <bulb>
Component: mailAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED UNMAINTAINED    
Severity: crash CC: kdenis
Priority: NOR Keywords: drkonqi
Version: unspecified   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Valgrind memcheck trace
One more valgrind trace

Description Jan Hudec 2016-01-22 09:53:30 UTC 
Application: kontact (4.14.10)
KDE Platform Version: 4.14.14
Qt Version: 4.8.7
Operating System: Linux 4.3.0-1-amd64 x86_64
Distribution: Debian GNU/Linux testing (stretch)

-- Information about the crash:
- What I was doing when the application crashed:

Kontact crashed. I am not sure whether it was trying to answer or just display email. Ever since it crashes immediately on startup. Starting kmail alone crashes as well.

The crash can be reproduced every time.

-- Backtrace:
Application: Kontact (kontact), signal: Aborted
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f508d07d940 (LWP 3726))]

Thread 3 (Thread 0x7f5066317700 (LWP 3727)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f50897baa4d in ?? () from /usr/lib/x86_64-linux-gnu/libQtWebKit.so.4
#2  0x00007f50897baaa9 in ?? () from /usr/lib/x86_64-linux-gnu/libQtWebKit.so.4
#3  0x00007f50842bf284 in start_thread (arg=0x7f5066317700) at pthread_create.c:333
#4  0x00007f508a56974d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 2 (Thread 0x7f5025a14700 (LWP 3742)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f50894de191 in ?? () from /usr/lib/x86_64-linux-gnu/libQtWebKit.so.4
#2  0x00007f50897eafe6 in ?? () from /usr/lib/x86_64-linux-gnu/libQtWebKit.so.4
#3  0x00007f50842bf284 in start_thread (arg=0x7f5025a14700) at pthread_create.c:333
#4  0x00007f508a56974d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7f508d07d940 (LWP 3726)):
[KCrash Handler]
#6  0x00007f508a4b4657 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#7  0x00007f508a4b5a2a in __GI_abort () at abort.c:89
#8  0x00007f508a4f2bb3 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7f508a5eb5f8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#9  0x00007f508a4f800e in malloc_printerr (action=1, str=0x7f508a5eb708 "free(): invalid next size (fast)", ptr=<optimized out>) at malloc.c:4965
#10 0x00007f508a4f87eb in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3834
#11 0x00007f508b9bd89d in QTextEngine::clearLineData() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#12 0x00007f508ba09b8f in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#13 0x00007f508bbdb564 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#14 0x00007f508bbdbde0 in QTextEdit::resizeEvent(QResizeEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#15 0x00007f508b7a71b0 in QWidget::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#16 0x00007f508bb6d80e in QFrame::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#17 0x00007f508ad2abd6 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#18 0x00007f508b7508bc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#19 0x00007f508b757816 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#20 0x00007f508c4d271a in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#21 0x00007f508ad2aa6d in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#22 0x00007f508b7a3321 in QWidgetPrivate::sendPendingMoveAndResizeEvents(bool, bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#23 0x00007f508b7a44b3 in QWidgetPrivate::show_helper() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#24 0x00007f508b7a6502 in QWidget::setVisible(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#25 0x00007f508b7a4407 in QWidgetPrivate::showChildren(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#26 0x00007f508b7a44cf in QWidgetPrivate::show_helper() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#27 0x00007f508b7a6502 in QWidget::setVisible(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#28 0x00007f508b7a4407 in QWidgetPrivate::showChildren(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#29 0x00007f508b7a44cf in QWidgetPrivate::show_helper() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#30 0x00007f508b7a6502 in QWidget::setVisible(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#31 0x00007f508b7a4407 in QWidgetPrivate::showChildren(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#32 0x00007f508b7a44cf in QWidgetPrivate::show_helper() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#33 0x00007f508b7a6502 in QWidget::setVisible(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#34 0x00007f508b7a4407 in QWidgetPrivate::showChildren(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#35 0x00007f508b7a44cf in QWidgetPrivate::show_helper() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#36 0x00007f508b7a6502 in QWidget::setVisible(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#37 0x00007f508b7a4407 in QWidgetPrivate::showChildren(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#38 0x00007f508b7a44cf in QWidgetPrivate::show_helper() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#39 0x00007f508b7a6502 in QWidget::setVisible(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#40 0x00007f508b7a4407 in QWidgetPrivate::showChildren(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#41 0x00007f508b7a44cf in QWidgetPrivate::show_helper() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#42 0x00007f508b7a6502 in QWidget::setVisible(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#43 0x00007f508b7a4407 in QWidgetPrivate::showChildren(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#44 0x00007f508b7a44cf in QWidgetPrivate::show_helper() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#45 0x00007f508b7a6502 in QWidget::setVisible(bool) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#46 0x00007f501b789162 in KMKernel::recoverDeadLetters() () from /usr/lib/libkmailprivate.so.4
#47 0x00007f501bb727c0 in ?? () from /usr/lib/kde4/kmailpart.so
#48 0x00007f501bb74431 in ?? () from /usr/lib/kde4/kmailpart.so
#49 0x00007f508b2c759a in KPluginFactory::create(char const*, QWidget*, QObject*, QList<QVariant> const&, QString const&) () from /usr/lib/libkdecore.so.5
#50 0x00007f508cb3f8c6 in KontactInterface::Core::createPart(char const*) () from /usr/lib/libkontactinterface.so.4
#51 0x00007f501e489a62 in ?? () from /usr/lib/kde4/kontact_kmailplugin.so
#52 0x00007f508cb4284c in KontactInterface::Plugin::part() () from /usr/lib/libkontactinterface.so.4
#53 0x00007f508cd687e4 in Kontact::MainWindow::selectPlugin(KontactInterface::Plugin*) () from /usr/lib/libkontactprivate.so.4
#54 0x00007f508cd65624 in Kontact::MainWindow::loadSettings() () from /usr/lib/libkontactprivate.so.4
#55 0x00007f508cd6c38a in Kontact::MainWindow::initObject() () from /usr/lib/libkontactprivate.so.4
#56 0x00007f508cd6cbc6 in Kontact::MainWindow::MainWindow() () from /usr/lib/libkontactprivate.so.4
#57 0x00000000004044f5 in _start ()

The reporter indicates this bug may be a duplicate of or related to bug 355279, bug 347427.

Possible duplicates by query: bug 355279, bug 354573, bug 352692, bug 348699, bug 347427.

Reported using DrKonqi
Comment 1 Jan Hudec 2016-01-22 12:52:03 UTC 
I am now certain it started after trying to answer email, because when I started it under valgrind it filtered the invalid write and two composers opened.

I am attaching the valgrind memcheck output. There are two invalid writes, presumably one in each composer that starts. The backtraces clearly show they are MessageComposer-related.

Unfortunately Debian does not seem to have debug information for the /usr/lib/libkmailprivate.so.4.14.10, which appears on the last line of the stack trace. All of the MessageComposer and everything called from it is decoded correctly though.

Hope it helps.
Kind regards,
Jan
Comment 2 Jan Hudec 2016-01-22 12:55:28 UTC 
Created attachment 96785 [details]
Valgrind memcheck trace

I killed kontact after it started (successfully under valgrind). When I then started it, it crashed again, so I am quite sure the log corresponds to the faulty case.
Comment 3 Jan Hudec 2016-01-22 13:12:38 UTC 
Created attachment 96786 [details]
One more valgrind trace

When I started it next time, one more message editor came up. However the number of invalid writes remained two. I also noticed some invalid reads there.

The standard error also showed these errors:

kontact(9096) MessageList::Core::ModelPrivate::findMessageParent: Circular reference loop detected in the message tree 
kontact(9096) MessageList::Core::ModelPrivate::viewItemJobStepInternalForJobPass1Fill: Circular In-Reply-To reference loop detected in the message tree 
kontact(9096) MessageList::Core::ModelPrivate::findMessageParent: Circular In-Reply-To reference loop detected in the message tree 

Not sure whether they are related; they appeared long after the point where it would have crashed without valgrind.
Comment 4 Jan Hudec 2016-01-22 13:16:17 UTC 
I closed the message editors when running under valgrind. Since then, kontact starts up correctly again.

This workaround isn't for mere mortals, but presumably there might be some way to remove the draft message via akonadi. I don't know how though; I restarted since it started crashing and something remembered there should be message editor open across it.
Comment 5 Denis Kurz 2017-06-23 20:59:18 UTC 
This bug has never been confirmed for a KDE PIM version that is based on KDE Frameworks, except possibly a Technology Preview version 5.0.x. Those Framework-based versions differ significantly from the old 4.x series. Therefore, I plan to close it in around two or three months. In the meantime, it is set to WAITINGFORINFO to give reporters the opportunity to check if it is still valid. As soon as someone confirms it for a recent version (at least 5.1, ideally even more recent), I'll gladly reopen it.

Please understand that we lack the manpower to triage bugs reported for versions almost two years beyond their end of life.
Comment 6 Denis Kurz 2018-02-01 09:46:01 UTC 
Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.1 aka 15.12; preferably much more recent), please open a new one unless it already exists. Thank you for all your input.