Bug ID 1051540
Summary Evolution crashes when copying and pasting multiline text and/or text with formatting elements.
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Evolution
Assignee bnc-team-evolution@forge.provo.novell.com
Reporter grant.marcroft@microfocus.com
QA Contact akhil.laddha@microfocus.com
Found By ---
Blocker --- 

I've had a problem with multiple systems and believe I've narrowed down what is
triggering the behavior.  

I use Evolution for my work email. I also have the evolution-ews extension
installed to integrate with Outlook Exchange Web Services.

When I copy and paste text from a separate application or from another message
in Evolution, the email client hangs and crashes.  

The crash has even happened when only highlighting text from an email.  I'm
wondering if it has to do with the clipboard.


An strace of the process after the crash yields this output:

...
[pid 27214] write(2, "\n** (evolution:27214): CRITICAL **: WebKitDOMElement*
webkit_dom_node_get_parent_element(WebKitDOMNode*): assertion
'WEBKIT_DOM_IS_NODE(self)' failed\n", 150) = 150
[pid 27214] write(2, "\n** (evolution:27214): CRITICAL **: WebKitDOMElement*
webkit_dom_node_get_parent_element(WebKitDOMNode*): assertion
'WEBKIT_DOM_IS_NODE(self)' failed\n", 150) = 150
[pid 27214] write(2, "\n** (evolution:27214): CRITICAL **: WebKitDOMElement*
webkit_dom_node_get_parent_element(WebKitDOMNode*): assertion
'WEBKIT_DOM_IS_NODE(self)' failed\n", 150) = 150
[pid 27214] write(2, "\n** (evolution:27214): CRITICAL **: WebKitDOMElement*
webkit_dom_node_get_parent_element(WebKitDOMNode*): assertion
'WEBKIT_DOM_IS_NODE(self)' failed\n", 150) = 150
[pid 27214] write(2, "\n** (evolution:27214): CRITICAL **: WebKitDOMElement*
webkit_dom_node_get_parent_element(WebKitDOMNode*): assertion
'WEBKIT_DOM_IS_NODE(self)' failed\n", 150) = 150
[pid 27214] write(2, "\n** (evolution:27214): CRITICAL **: WebKitDOMElement*
webkit_dom_node_get_parent_element(WebKitDOMNode*): assertion
'WEBKIT_DOM_IS_NODE(self)' failed\n", 150) = 150
[pid 27214] write(2, "\n** (evolution:27214): CRITICAL **: WebKitDOMElement*
webkit_^C) = 150
Process 27214 detached
Process 27261 detached
Process 27262 detached
Process 27263 detached
Process 27271 detached
Process 27272 detached
Process 27273 detached
Process 27323 detached
Process 27324 detached
Process 27325 detached
...


I believe thousands of these threads are being forked per second.  I can't tell
exact numbers with how quickly these errors scroll.

After running evolution through gdb and pulling the backtrace with 'thread
apply all backtrace full', this is what I get:


user@hostname:~> cat gdb.txt

Thread 49 (Thread 0x7fff7da23700 (LWP 16546)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
No locals.
#1  0x00007ffff3b629fe in g_cond_wait_until (cond=cond@entry=0x6818f8,
mutex=mutex@entry=0x6818f0, end_time=end_time@entry=231871460879) at
gthread-posix.c:1441
        now = {tv_sec = 231856, tv_nsec = 460880267}
        span = {tv_sec = 14, tv_nsec = 999998733}
        sampled = 13
        res = <optimized out>
#2  0x00007ffff3af6f11 in g_async_queue_pop_intern_unlocked
(queue=queue@entry=0x6818f0, wait=wait@entry=1,
end_time=end_time@entry=231871460879)
    at gasyncqueue.c:422
        retval = <optimized out>
        __FUNCTION__ = "g_async_queue_pop_intern_unlocked"
#3  0x00007ffff3af749b in g_async_queue_timeout_pop (queue=0x6818f0,
timeout=timeout@entry=15000000) at gasyncqueue.c:543
        end_time = 231871460879
        retval = <optimized out>
#4  0x00007ffff3b463ec in g_thread_pool_wait_for_new_pool () at
gthreadpool.c:167
        pool = <optimized out>
        local_wakeup_thread_serial = <optimized out>
        last_wakeup_thread_serial = <optimized out>
        have_relayed_thread_marker = <optimized out>
#5  g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:364
        free_pool = <optimized out>
        task = 0x2
        pool = <optimized out>
#6  0x00007ffff3b459a5 in g_thread_proxy (data=0x44deb20) at gthread.c:780
        thread = 0x44deb20
#7  0x00007ffff72af744 in start_thread (arg=0x7fff7da23700) at
pthread_create.c:334
        __res = <optimized out>
        pd = 0x7fff7da23700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140735301170944,
-5630738183988996905, 0, 140737488345487, 24, 140735301170944,
5631014868340151511, 
                5630756420120057047}, mask_was_saved = 0}}, priv = {pad = {0x0,
0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#8  0x00007ffff381baad in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.

Thread 43 (Thread 0x7fff60a99700 (LWP 10428)):
#0  0x00007ffff381320d in poll () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1  0x00007ffff3b21314 in g_main_context_poll (priority=2147483647, n_fds=1,
fds=0x7fff50185f00, timeout=-1, context=0x44b4f20) at gmain.c:4135
        poll_func = 0x7ffff3b2f7f0 <g_poll>
#2  g_main_context_iterate (context=0x44b4f20, block=block@entry=1,
dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3835
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 1
        fds = 0x7fff50185f00
#3  0x00007ffff3b2164a in g_main_loop_run (loop=0x7fff50187dd0) at gmain.c:4034
        __FUNCTION__ = "g_main_loop_run"
#4  0x00007ffff2bd4153 in book_client_dbus_thread (user_data=0x44b4f20) at
e-book-client.c:324
        main_context = 0x44b4f20
        main_loop = 0x7fff50187dd0
#5  0x00007ffff3b459a5 in g_thread_proxy (data=0x43976d0) at gthread.c:780
        thread = 0x43976d0
#6  0x00007ffff72af744 in start_thread (arg=0x7fff60a99700) at
pthread_create.c:334
        __res = <optimized out>
        pd = 0x7fff60a99700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140734815115008,
-5630738183988996905, 0, 140737488341135, 24, 140734815115008,
5631003835642909911, 
                5630756420120057047}, mask_was_saved = 0}}, priv = {pad = {0x0,
0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#7  0x00007ffff381baad in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.

Thread 28 (Thread 0x7fff6ffff700 (LWP 10179)):
#0  0x00007ffff381320d in poll () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1  0x00007ffff3b21314 in g_main_context_poll (priority=2147483647, n_fds=1,
fds=0x7fff64001a00, timeout=-1, context=0x7fff7400e9a0) at gmain.c:4135
        poll_func = 0x7ffff3b2f7f0 <g_poll>
#2  g_main_context_iterate (context=0x7fff7400e9a0, block=block@entry=1,
dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3835
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 2
        fds = 0x7fff64001a00
#3  0x00007ffff3b2164a in g_main_loop_run (loop=0x7fff740092f0) at gmain.c:4034
        __FUNCTION__ = "g_main_loop_run"
#4  0x00007fffdccf6fbe in e_ews_soup_thread (user_data=0x7fff5c0028b0) at
e-ews-connection.c:1732
        cnc = 0x7fff5c0028b0
Quit

user@hostname:~ >


I saw this email thread upstream, but it doesn't look like the reporter
followed up with more details nor did the engineers on the mailing list
recommend a solution.  Looks like the original reporter was a bit off base with
his diagnosis thinking it had to do with NSS.  This definitely looks WebKit
related.

https://mail.gnome.org/archives/evolution-list/2014-August/msg00098.html

Is this something we can look into?

Please let me know if you need any other details.

You are receiving this mail because: