After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 745165 - Crash in vprintf on i686/32-bit arch when editing drafts, changing folders, idle
Crash in vprintf on i686/32-bit arch when editing drafts, changing folders, idle
Status: RESOLVED FIXED
Product: geary
Classification: Other
Component: composer
master
Other Linux
: Normal major
: 0.11.1
Assigned To: Geary Maintainers
Geary Maintainers
: 749516 751346 754593 758621 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2015-02-25 15:44 UTC by tmlmt
Modified: 2016-08-02 01:03 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
gdb file as explained in https://wiki.gnome.org/Apps/Geary/FAQ (59.35 KB, text/plain)
2015-02-25 15:44 UTC, tmlmt
Details
Typical situation before crash (44.12 KB, image/png)
2015-02-27 08:10 UTC, tmlmt
Details
geary 0.10 segmentation fault backtrace (3.78 KB, text/plain)
2015-05-01 21:58 UTC, Isaac David
Details
geary-0.10 backtrace (4.05 KB, text/plain)
2015-07-08 11:14 UTC, Maxime.J
Details

Description tmlmt 2015-02-25 15:44:46 UTC
Created attachment 297891 [details]
gdb file as explained in https://wiki.gnome.org/Apps/Geary/FAQ

Hi,

I'm having repeated crashes when composing messages or editing drafts ! Please see the geary.gdb file attached, where I opened geary, clicked on a draft email and started editing the draft for a few seconds.

Pulled, built and compiled latest git repository today (Feb 25) on Ubuntu 14.04.2

Thanks for looking at it!
Comment 1 Jim Nelson 2015-02-25 20:56:36 UTC
Strange -- this is occurring inside of an internal vprintf call used for logging.  What happens if you run Geary with logging turned off, i.e.

$ geary
Comment 2 tmlmt 2015-02-26 14:42:06 UTC
Isn't it what I did with "gdb --args geary --debug 2>&1 | tee geary.gdb" ? Anyway, I launched geary with the plain "geary" command as you suggested. I don't know if the seg fault only happens when I edit a draft but at least I know that it happens when I do so. So I reproduces the bug twice, and I noticed that it happens right after my something strange happens with my draft folder. During these two occasions:

Each time, when I opened geary, my draft folder contained one message currently being edited. And in the sidebar, I can see "Draft     (1)"

1st time: I saw the message in the message list disappear, "Draft     (1)" switch to "Draft      (2)" before crashing. 

2nd time: I saw the message in the message list switch from "Me        3m ago" to "Me      now" before crashing.
Comment 3 Jim Nelson 2015-02-26 20:22:23 UTC
(In reply to tmlmt from comment #2)
> Isn't it what I did with "gdb --args geary --debug 2>&1 | tee geary.gdb"

Not exactly.  The crash occurred within the logic the writes the debug log, so I was trying to verify if the crash would *only* occur when logging.

> 1st time: I saw the message in the message list disappear, "Draft     (1)"
> switch to "Draft      (2)" before crashing. 
> 
> 2nd time: I saw the message in the message list switch from "Me        3m
> ago" to "Me      now" before crashing.

So, do you have the Drafts folder selected when this happens?

What mail service are you using (Gmail, Yahoo, etc.)?
Comment 4 tmlmt 2015-02-27 08:10:20 UTC
Created attachment 298065 [details]
Typical situation before crash
Comment 5 tmlmt 2015-02-27 08:17:30 UTC
I added an attachment, "screenshot.png", which shows a typical situation where this happens. The app did crash a few seconds later after taking the screenshot. 

My email account is a corporate Microsoft Exchange account (serverdata.net), that I access with IMAP + SSL/TLS (port 993).
Comment 6 Jim Nelson 2015-02-27 20:33:36 UTC
Two possibilities / questions:

* Does this only happen when the Drafts folder is selected?  In other words, if you are viewing your Inbox and press New Message, does this occur?

* Do you have iBus installed / active?  There is an outstanding bug where iBus causes the composer to eat up CPU; I wonder if there's a use case where it could crash.  See bug #739645 and https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/1276186
Comment 7 tmlmt 2015-03-02 08:55:46 UTC
(In reply to Jim Nelson from comment #6)
> * Does this only happen when the Drafts folder is selected?  In other words,
> if you are viewing your Inbox and press New Message, does this occur?

I just checked, and yes, this also occurs when viewing my Inbox and pressing New Message. I wrote a few lines and then *crash*. I also tried by selecting the trash folder for instance: same thing. 

It seems that all that is revolving around the Drafts folder, with which I experience several weird bugs that maybe cumulate with the object of this bug report. For instance, when there are at least two messages in my drafts folder and I quickly delete all of them (by selecting one and pressing "DEL" several times), after the last one is deleted, geary crashes. 

Can I provide you with any debug output or anything else that could help identify the culprit ? 

> * Do you have iBus installed / active?  There is an outstanding bug where
> iBus causes the composer to eat up CPU; I wonder if there's a use case where
> it could crash.  See bug #739645 and
> https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/1276186

I don't think so. I checked but have no running processes nor packages installed containing "ibus" apart from libusb and libustr, and there's nothing in my /usr/bin and /usr/local/bin containing "ibus".
Comment 8 tmlmt 2015-03-04 16:52:12 UTC
Or should I recompile geary with specific versions of some packages ?
Comment 9 Isaac David 2015-04-29 04:58:03 UTC
I think I'm experiencing the same bug. The SEGFAULT doesn't happen at any specific workflow or part of the user interface, but it's always caused in vprintf() according to gdb.

I'm using Geary with my own mail server (dovecot/postfix)
Comment 10 Isaac David 2015-05-01 21:58:40 UTC
Created attachment 302739 [details]
geary 0.10 segmentation fault backtrace

so I compiled Geary with debugging symbols and always get the same resulting backtrace. Execution stops at imap-engine-minimal-folder.vala:1272, it's a call to a debug() method which I guess goes as far as libc's vfprintf() and makes it crash
Comment 11 Robert Schroll 2015-05-18 00:45:34 UTC
*** Bug 749516 has been marked as a duplicate of this bug. ***
Comment 12 Robert Schroll 2015-05-18 00:59:56 UTC
In bug 749516, we hit what seems to be the same problem, but without being in a composer.  The stacktraces all point to the last debug statement at the end of do_replay_removed_message().  Here's the bottom of the trace from the other bug:

  • #0 vfprintf
  • #1 __vasprintf_chk
  • #2 g_vasprintf
  • #3 g_vasprintf
  • #4 g_strdup_vprintf
  • #5 g_logv
    at /build/glib2.0-D4HIKQ/glib2.0-2.44.0/./glib/gmessages.c line 948
  • #6 g_log

At level 5, there's a suspiciously small pointer (0x1de), along with a message that that memory location cannot be accessed.  I don't know if that's a clue to this or not.

As a simple test, try commenting out the debug statement on lines 1272-1275 of imap-engine-minimal-folder.vala.  If the problem is really in the vprintf, that should avoid it.
Comment 13 Isaac David 2015-05-18 20:53:14 UTC
(In reply to Robert Schroll from comment #12)
> do_replay_removed_message()...
> try commenting out the debug statement on lines 1272-1275 of imap-engine-minimal-folder.vala.

That did the trick for me. Since my last comment I have been using Geary without problems after commenting out that statement.
Comment 14 Robert Schroll 2015-06-23 19:39:49 UTC
*** Bug 751346 has been marked as a duplicate of this bug. ***
Comment 15 Maxime.J 2015-07-08 11:14:08 UTC
Created attachment 307066 [details]
geary-0.10 backtrace
Comment 16 Maxime.J 2015-07-08 11:22:30 UTC
Comment on attachment 307066 [details]
geary-0.10 backtrace

Same issue with do_replay_removed_message and vprintf.
Comment 17 Maxime.J 2015-07-08 15:58:46 UTC
Interesting to note that I have this problem on two different 32 bits setups.
Didn't try on 64 bits but It seems to be a common factor.
Comment 18 Isaac David 2015-07-13 17:14:18 UTC
(In reply to Maxime.J from comment #17)
> Interesting to note that I have this problem on two different 32 bits setups.
> Didn't try on 64 bits but It seems to be a common factor.

I think we are hitting the nail on the head with this new insight. It didn't occur to me that I was using an i686 machine whenever this problem arose. For the sake of curiosity I went to test a vanilla Geary 0.10 on an x86-64 machine and couldn't reproduce the bug.

The 32-bit setups might be a common factor among all the people facing this bug. Seems too fishy to be unrelated. I can't see yet if this is related to the pointer in comment #12 and how, but in any way this bug is likely to belong to glibc or valac, not geary.
Comment 19 Michael Gratton 2016-06-05 12:23:36 UTC
Hi all, is this still an issue with more recent versions of Geary/GLib/glibc?
Comment 20 Isaac David 2016-06-05 18:08:30 UTC
(In reply to Michael Gratton from comment #19)
> Hi all, is this still an issue with more recent versions of Geary/GLib/glibc?

Geary 0.11 here, it is still a problem. The workaround in comment #12 still works too.

Thanks for taking up the baton Michael.
Comment 21 Michael Gratton 2016-06-06 13:17:07 UTC
(In reply to Isaac David from comment #20)
> 
> Geary 0.11 here, it is still a problem. The workaround in comment #12 still
> works too.

Well that won't do! Let's try to get this fixed. What would help is a minimal test case, either as a plain C GLib/libc program or a Vala program.

If we can capture the arguments passed in to the problematic debug call at the end of do_replay_removed_messagethat that reliably causes a crash (either via a "bt full" in gdb or by adding individual debug statements before the problematic one), it would be interesting to see if a Vala or C program with a call to debug/g_log with the same format string and arguments would also crash.

Can someone try that out and let us know what happens?
Comment 22 Michael Gratton 2016-06-16 04:52:03 UTC
*** Bug 758621 has been marked as a duplicate of this bug. ***
Comment 23 Michael Gratton 2016-06-16 06:12:40 UTC
Can someone CC'ed who has built Geary on a 32-bit arch please attach the generated file "build/src/engine/imap-engine/imap-engine-minimal-folder.c" from their build? I don't have access to a decent internet connection at the moment so it's going to take a very long time to download a i686 ISO and try it in a VM. Ta!
Comment 24 Khurshid Alam 2016-06-16 10:11:33 UTC
I just compiled 0.11 with the patch at launchpad. 

Recipe: https://code.launchpad.net/~khurshid-alam/+recipe/geary-daily-0.11
patch: http://bazaar.launchpad.net/~khurshid-alam/geary/patch-745165/view/head:/debian/patches/vbprintf_bug.patch


So far everything is working well. it doesn't crash while editing draft.
Comment 25 Michael Gratton 2016-06-19 12:18:24 UTC
Turns out the format string was using "%d" to print int64 values rather than "%lld", and valac wasn't warning about it (although gcc was).

Fix committed to master as e5d6522 and geary-0.11 as bc2711f.
Comment 26 Michael Gratton 2016-08-02 01:03:01 UTC
*** Bug 754593 has been marked as a duplicate of this bug. ***