GNOME Bugzilla – Bug 745165
Crash in vprintf on i686/32-bit arch when editing drafts, changing folders, idle
Last modified: 2016-08-02 01:03:01 UTC
Created attachment 297891 [details] gdb file as explained in https://wiki.gnome.org/Apps/Geary/FAQ Hi, I'm having repeated crashes when composing messages or editing drafts ! Please see the geary.gdb file attached, where I opened geary, clicked on a draft email and started editing the draft for a few seconds. Pulled, built and compiled latest git repository today (Feb 25) on Ubuntu 14.04.2 Thanks for looking at it!
Strange -- this is occurring inside of an internal vprintf call used for logging. What happens if you run Geary with logging turned off, i.e. $ geary
Isn't it what I did with "gdb --args geary --debug 2>&1 | tee geary.gdb" ? Anyway, I launched geary with the plain "geary" command as you suggested. I don't know if the seg fault only happens when I edit a draft but at least I know that it happens when I do so. So I reproduces the bug twice, and I noticed that it happens right after my something strange happens with my draft folder. During these two occasions: Each time, when I opened geary, my draft folder contained one message currently being edited. And in the sidebar, I can see "Draft (1)" 1st time: I saw the message in the message list disappear, "Draft (1)" switch to "Draft (2)" before crashing. 2nd time: I saw the message in the message list switch from "Me 3m ago" to "Me now" before crashing.
(In reply to tmlmt from comment #2) > Isn't it what I did with "gdb --args geary --debug 2>&1 | tee geary.gdb" Not exactly. The crash occurred within the logic the writes the debug log, so I was trying to verify if the crash would *only* occur when logging. > 1st time: I saw the message in the message list disappear, "Draft (1)" > switch to "Draft (2)" before crashing. > > 2nd time: I saw the message in the message list switch from "Me 3m > ago" to "Me now" before crashing. So, do you have the Drafts folder selected when this happens? What mail service are you using (Gmail, Yahoo, etc.)?
Created attachment 298065 [details] Typical situation before crash
I added an attachment, "screenshot.png", which shows a typical situation where this happens. The app did crash a few seconds later after taking the screenshot. My email account is a corporate Microsoft Exchange account (serverdata.net), that I access with IMAP + SSL/TLS (port 993).
Two possibilities / questions: * Does this only happen when the Drafts folder is selected? In other words, if you are viewing your Inbox and press New Message, does this occur? * Do you have iBus installed / active? There is an outstanding bug where iBus causes the composer to eat up CPU; I wonder if there's a use case where it could crash. See bug #739645 and https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/1276186
(In reply to Jim Nelson from comment #6) > * Does this only happen when the Drafts folder is selected? In other words, > if you are viewing your Inbox and press New Message, does this occur? I just checked, and yes, this also occurs when viewing my Inbox and pressing New Message. I wrote a few lines and then *crash*. I also tried by selecting the trash folder for instance: same thing. It seems that all that is revolving around the Drafts folder, with which I experience several weird bugs that maybe cumulate with the object of this bug report. For instance, when there are at least two messages in my drafts folder and I quickly delete all of them (by selecting one and pressing "DEL" several times), after the last one is deleted, geary crashes. Can I provide you with any debug output or anything else that could help identify the culprit ? > * Do you have iBus installed / active? There is an outstanding bug where > iBus causes the composer to eat up CPU; I wonder if there's a use case where > it could crash. See bug #739645 and > https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/1276186 I don't think so. I checked but have no running processes nor packages installed containing "ibus" apart from libusb and libustr, and there's nothing in my /usr/bin and /usr/local/bin containing "ibus".
Or should I recompile geary with specific versions of some packages ?
I think I'm experiencing the same bug. The SEGFAULT doesn't happen at any specific workflow or part of the user interface, but it's always caused in vprintf() according to gdb. I'm using Geary with my own mail server (dovecot/postfix)
Created attachment 302739 [details] geary 0.10 segmentation fault backtrace so I compiled Geary with debugging symbols and always get the same resulting backtrace. Execution stops at imap-engine-minimal-folder.vala:1272, it's a call to a debug() method which I guess goes as far as libc's vfprintf() and makes it crash
*** Bug 749516 has been marked as a duplicate of this bug. ***
In bug 749516, we hit what seems to be the same problem, but without being in a composer. The stacktraces all point to the last debug statement at the end of do_replay_removed_message(). Here's the bottom of the trace from the other bug:
+ Trace 235074
At level 5, there's a suspiciously small pointer (0x1de), along with a message that that memory location cannot be accessed. I don't know if that's a clue to this or not. As a simple test, try commenting out the debug statement on lines 1272-1275 of imap-engine-minimal-folder.vala. If the problem is really in the vprintf, that should avoid it.
(In reply to Robert Schroll from comment #12) > do_replay_removed_message()... > try commenting out the debug statement on lines 1272-1275 of imap-engine-minimal-folder.vala. That did the trick for me. Since my last comment I have been using Geary without problems after commenting out that statement.
*** Bug 751346 has been marked as a duplicate of this bug. ***
Created attachment 307066 [details] geary-0.10 backtrace
Comment on attachment 307066 [details] geary-0.10 backtrace Same issue with do_replay_removed_message and vprintf.
Interesting to note that I have this problem on two different 32 bits setups. Didn't try on 64 bits but It seems to be a common factor.
(In reply to Maxime.J from comment #17) > Interesting to note that I have this problem on two different 32 bits setups. > Didn't try on 64 bits but It seems to be a common factor. I think we are hitting the nail on the head with this new insight. It didn't occur to me that I was using an i686 machine whenever this problem arose. For the sake of curiosity I went to test a vanilla Geary 0.10 on an x86-64 machine and couldn't reproduce the bug. The 32-bit setups might be a common factor among all the people facing this bug. Seems too fishy to be unrelated. I can't see yet if this is related to the pointer in comment #12 and how, but in any way this bug is likely to belong to glibc or valac, not geary.
Hi all, is this still an issue with more recent versions of Geary/GLib/glibc?
(In reply to Michael Gratton from comment #19) > Hi all, is this still an issue with more recent versions of Geary/GLib/glibc? Geary 0.11 here, it is still a problem. The workaround in comment #12 still works too. Thanks for taking up the baton Michael.
(In reply to Isaac David from comment #20) > > Geary 0.11 here, it is still a problem. The workaround in comment #12 still > works too. Well that won't do! Let's try to get this fixed. What would help is a minimal test case, either as a plain C GLib/libc program or a Vala program. If we can capture the arguments passed in to the problematic debug call at the end of do_replay_removed_messagethat that reliably causes a crash (either via a "bt full" in gdb or by adding individual debug statements before the problematic one), it would be interesting to see if a Vala or C program with a call to debug/g_log with the same format string and arguments would also crash. Can someone try that out and let us know what happens?
*** Bug 758621 has been marked as a duplicate of this bug. ***
Can someone CC'ed who has built Geary on a 32-bit arch please attach the generated file "build/src/engine/imap-engine/imap-engine-minimal-folder.c" from their build? I don't have access to a decent internet connection at the moment so it's going to take a very long time to download a i686 ISO and try it in a VM. Ta!
I just compiled 0.11 with the patch at launchpad. Recipe: https://code.launchpad.net/~khurshid-alam/+recipe/geary-daily-0.11 patch: http://bazaar.launchpad.net/~khurshid-alam/geary/patch-745165/view/head:/debian/patches/vbprintf_bug.patch So far everything is working well. it doesn't crash while editing draft.
Turns out the format string was using "%d" to print int64 values rather than "%lld", and valac wasn't warning about it (although gcc was). Fix committed to master as e5d6522 and geary-0.11 as bc2711f.
*** Bug 754593 has been marked as a duplicate of this bug. ***