Bug 368766

Summary: KMail crashes when moving mail in reference counting code
Product: [Applications] kmail2 Reporter: Stephan Diestelhorst <stephan.diestelhorst>
Component: message listAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED WORKSFORME    
Severity: grave CC: kdebugs, kdenis
Priority: NOR    
Version: 5.3.1   
Target Milestone: ---   
Platform: Neon   
OS: Linux   
Latest Commit: Version Fixed In:

Description Stephan Diestelhorst 2016-09-13 21:26:53 UTC 
Version 5.3.0 (QtWebEngine)
Using:
KDE Frameworks 5.25.0
Qt 5.7.0 (built against 5.7.0)
The xcb windowing system
--
Project Neon User
--
I am using threaded view, but was moving a non-threaded message to a different folder.  This smells like a race condition to me, maybe someone is free-ing memory while the reference counter is non-zero, and someone still has a reference to it and tries to set that to zero?
--
Related: bug 368496 and bug 364994.
Thread 1 "kmail" received signal SIGSEGV, Segmentation fault.
0x00007ffff2160efc in ?? () from /usr/lib/x86_64-linux-gnu/libKF5MimeTreeParser.so.5
(gdb) bt                                                                                                               
#0  std::__atomic_base<int>::load (__m=std::memory_order_relaxed, this=<error reading variable: Cannot access memory at address 0xb8>)
    at /usr/include/c++/5/bits/atomic_base.h:396                                                                       
#1  QAtomicOps<int>::load<int> (_q_value=<error reading variable: Cannot access memory at address 0xb8>)               
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:103                                                    
#2  QBasicAtomicInteger<int>::load (this=<error reading variable: Cannot access memory at address 0xb8>)               
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:99                                                      
#3  QtPrivate::RefCount::ref (this=<error reading variable: Cannot access memory at address 0xb8>)                     
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:55                                                         
#4  QVector<QSharedPointer<MimeTreeParser::Interface::MessagePart> >::QVector (v=..., this=<synthetic pointer>)        
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:363                                                                           
#5  QForeachContainer<QVector<QSharedPointer<MimeTreeParser::Interface::MessagePart> > const>::QForeachContainer (t=...,                
    this=<synthetic pointer>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qglobal.h:944                                                 
#6  MimeTreeParser::toplevelTextNode (messageTree=...) at /workspace/build/mimetreeparser/src/bodyformatter/utils.cpp:55                
#7  0x00007ffff216127a in MimeTreeParser::toplevelTextNode (messageTree=...)                                                            
    at /workspace/build/mimetreeparser/src/bodyformatter/utils.cpp:64                                                                   
#8  0x00007ffff2175d04 in MimeTreeParser::ObjectTreeParser::parseObjectTree (this=this@entry=0x7fffffffcd80, node=node@entry=0x2b63550)
    at /workspace/build/mimetreeparser/src/viewer/objecttreeparser.cpp:185
#9  0x00007ffff2ab4d27 in MessageViewer::ViewerPrivate::parseContent (this=this@entry=0xae7670, content=0x2b63550)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:969
#10 0x00007ffff2ab531d in MessageViewer::ViewerPrivate::displayMessage (this=this@entry=0xae7670)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:842
#11 0x00007ffff2ab5d8a in MessageViewer::ViewerPrivate::updateReaderWin (this=0xae7670)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:2133
#12 0x00007ffff5ea9f36 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff5eb64e8 in QTimer::timerEvent(QTimerEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007ffff5eaaa93 in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ffff676a89c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#16 0x00007ffff6772296 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#17 0x00007ffff5e7eda8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007ffff5ed123e in QTimerInfoList::activateTimers() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007ffff5ed1771 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007fffea2b71a7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007fffea2b7400 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007fffea2b74ac in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007ffff5ed22ef in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007ffff5e7cd9a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007ffff5e853ac in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#26 0x0000000000403984 in ?? ()
#27 0x00007ffff52b7830 in __libc_start_main (main=0x4028d0, argc=1, argv=0x7fffffffded8, init=<optimised out>, fini=<optimised out>, 
    rtld_fini=<optimised out>, stack_end=0x7fffffffdec8) at ../csu/libc-start.c:291
#28 0x0000000000404079 in _start ()
(gdb) q


Reproducible: Sometimes

Steps to Reproduce:
1. (Not sure: enable threaded view)
2. Move a few messages to other folders


Actual Results:  
KMail crashes with the backtrace above.

Expected Results:  
KMail just moves my message ;)
Comment 1 Stephan Diestelhorst 2016-09-13 21:37:14 UTC 
*** Bug 368767 has been marked as a duplicate of this bug. ***
Comment 2 Stephan Diestelhorst 2016-09-13 21:38:16 UTC 
Please see the duplicate for a very similar crash that does *not* use threaded view (but instead Current Activity, Flat).  Still crashes in the same code.
Comment 3 Denis Kurz 2016-09-20 07:51:00 UTC 
*** Bug 369042 has been marked as a duplicate of this bug. ***
Comment 4 Justin Zobel 2022-11-04 03:10:22 UTC 
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 5 Bug Janitor Service 2022-11-19 05:13:28 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 6 Bug Janitor Service 2022-12-04 05:15:03 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!