Bug 368766 - KMail crashes when moving mail in reference counting code
Summary: KMail crashes when moving mail in reference counting code
Alias: None
Product: kmail2
Classification: Applications
Component: message list (show other bugs)
Version: 5.3.1
Platform: Neon Linux
: NOR grave (vote)
Target Milestone: ---
Assignee: kdepim bugs
: 368767 369042 (view as bug list)
Depends on:
Reported: 2016-09-13 21:26 UTC by Stephan Diestelhorst
Modified: 2017-04-11 19:58 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:


Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Diestelhorst 2016-09-13 21:26:53 UTC
Version 5.3.0 (QtWebEngine)
KDE Frameworks 5.25.0
Qt 5.7.0 (built against 5.7.0)
The xcb windowing system
Project Neon User
I am using threaded view, but was moving a non-threaded message to a different folder.  This smells like a race condition to me, maybe someone is free-ing memory while the reference counter is non-zero, and someone still has a reference to it and tries to set that to zero?
Related: bug 368496 and bug 364994.
Thread 1 "kmail" received signal SIGSEGV, Segmentation fault.
0x00007ffff2160efc in ?? () from /usr/lib/x86_64-linux-gnu/libKF5MimeTreeParser.so.5
(gdb) bt                                                                                                               
#0  std::__atomic_base<int>::load (__m=std::memory_order_relaxed, this=<error reading variable: Cannot access memory at address 0xb8>)
    at /usr/include/c++/5/bits/atomic_base.h:396                                                                       
#1  QAtomicOps<int>::load<int> (_q_value=<error reading variable: Cannot access memory at address 0xb8>)               
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:103                                                    
#2  QBasicAtomicInteger<int>::load (this=<error reading variable: Cannot access memory at address 0xb8>)               
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:99                                                      
#3  QtPrivate::RefCount::ref (this=<error reading variable: Cannot access memory at address 0xb8>)                     
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:55                                                         
#4  QVector<QSharedPointer<MimeTreeParser::Interface::MessagePart> >::QVector (v=..., this=<synthetic pointer>)        
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:363                                                                           
#5  QForeachContainer<QVector<QSharedPointer<MimeTreeParser::Interface::MessagePart> > const>::QForeachContainer (t=...,                
    this=<synthetic pointer>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qglobal.h:944                                                 
#6  MimeTreeParser::toplevelTextNode (messageTree=...) at /workspace/build/mimetreeparser/src/bodyformatter/utils.cpp:55                
#7  0x00007ffff216127a in MimeTreeParser::toplevelTextNode (messageTree=...)                                                            
    at /workspace/build/mimetreeparser/src/bodyformatter/utils.cpp:64                                                                   
#8  0x00007ffff2175d04 in MimeTreeParser::ObjectTreeParser::parseObjectTree (this=this@entry=0x7fffffffcd80, node=node@entry=0x2b63550)
    at /workspace/build/mimetreeparser/src/viewer/objecttreeparser.cpp:185
#9  0x00007ffff2ab4d27 in MessageViewer::ViewerPrivate::parseContent (this=this@entry=0xae7670, content=0x2b63550)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:969
#10 0x00007ffff2ab531d in MessageViewer::ViewerPrivate::displayMessage (this=this@entry=0xae7670)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:842
#11 0x00007ffff2ab5d8a in MessageViewer::ViewerPrivate::updateReaderWin (this=0xae7670)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:2133
#12 0x00007ffff5ea9f36 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff5eb64e8 in QTimer::timerEvent(QTimerEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007ffff5eaaa93 in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ffff676a89c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#16 0x00007ffff6772296 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#17 0x00007ffff5e7eda8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007ffff5ed123e in QTimerInfoList::activateTimers() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007ffff5ed1771 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007fffea2b71a7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007fffea2b7400 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007fffea2b74ac in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007ffff5ed22ef in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007ffff5e7cd9a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007ffff5e853ac in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#26 0x0000000000403984 in ?? ()
#27 0x00007ffff52b7830 in __libc_start_main (main=0x4028d0, argc=1, argv=0x7fffffffded8, init=<optimised out>, fini=<optimised out>, 
    rtld_fini=<optimised out>, stack_end=0x7fffffffdec8) at ../csu/libc-start.c:291
#28 0x0000000000404079 in _start ()
(gdb) q

Reproducible: Sometimes

Steps to Reproduce:
1. (Not sure: enable threaded view)
2. Move a few messages to other folders

Actual Results:  
KMail crashes with the backtrace above.

Expected Results:  
KMail just moves my message ;)
Comment 1 Stephan Diestelhorst 2016-09-13 21:37:14 UTC
*** Bug 368767 has been marked as a duplicate of this bug. ***
Comment 2 Stephan Diestelhorst 2016-09-13 21:38:16 UTC
Please see the duplicate for a very similar crash that does *not* use threaded view (but instead Current Activity, Flat).  Still crashes in the same code.
Comment 3 Denis Kurz 2016-09-20 07:51:00 UTC
*** Bug 369042 has been marked as a duplicate of this bug. ***