[vim/vim] Vim: Caught deadly signal SEGV (from drawscreen.c) (Issue #11961)

12 views
Skip to first unread message

errael

unread,
Feb 8, 2023, 5:07:25 PM2/8/23
to vim/vim, Subscribed

Steps to reproduce

This is intermittent, happened 2 times out of ~15 tries. Mercurial is configured to run a vim based merge tool (Splice). Splice does configuration when it starts up. There some gtk on the stack, timing issue? The version of vim is less that a week old and I didn't see any recent changes that obviously covered this.

Some gdb output, full backtrace below

(gdb)  up 5
#5  0x000056524e7b781d in update_screen (type_arg=type_arg@entry=40) at drawscreen.c:273
273		if (wp->w_buffer->b_mod_set)
(gdb) p wp
$1 = (win_T *) 0x5652512bc640
(gdb) p wp->w_buffer
$2 = (buf_T *) 0x0

Here's console

$ hg merge tip
merging swingset/CHANGELOG-POMS.txt
4 files to edit
Vim: Caught deadly signal SEGV
Vim: preserving files...
Vim: Finished.
Segmentation fault (core dumped)
merging swingset/CHANGELOG-POMS.txt failed!

Expected behaviour

No SEGV

Version of Vim

9.0.1274

Environment

ubuntu/gtk

Logs and stack traces

(gdb) bt
#0  0x00007fcee004275b in kill () at ../sysdeps/unix/syscall-template.S:120
#1  0x000056524e8a91bc in may_core_dump () at os_unix.c:3511
#2  mch_exit (r=r@entry=1) at os_unix.c:3477
#3  0x000056524ea15316 in getout (exitval=1) at main.c:1750
#4  0x00007fcee0042520 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6
#5  0x000056524e7b781d in update_screen (type_arg=type_arg@entry=40) at drawscreen.c:273
#6  0x000056524e9520a9 in set_shellsize_inner (height=0, mustset=0, width=<optimized out>)
    at term.c:3702
#7  set_shellsize (width=<optimized out>, height=0, mustset=0) at term.c:3740
#8  0x000056524e9ce435 in gui_resize_shell (pixel_width=1796, pixel_height=pixel_height@entry=872)
    at gui.c:1593
#9  0x000056524e9d9872 in form_configure_event
    (widget=<optimized out>, event=0x7ffdeecc8808, data=<optimized out>) at gui_gtk_x11.c:4233
#10 0x00007fcee17e5b77 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#11 0x00007fcee0fadd2f in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x00007fcee0fc9c36 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#13 0x00007fcee0fcb026 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007fcee0fcb863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#15 0x00007fcee17ae724 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#16 0x00007fcee1652001 in gtk_main_do_event () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#17 0x000056524e9dec42 in form_send_configure (form=<optimized out>) at gui_gtk_f.c:860
#18 form_size_allocate (widget=0x565250a87260, allocation=0x7ffdeecc88e0) at gui_gtk_f.c:520
#19 0x00007fcee179ee20 in gtk_widget_size_allocate_with_baseline ()
    at /lib/x86_64-linux-gnu/libgtk-3.so.0
#20 0x00007fcee1531812 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#21 0x00007fcee153276c in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#22 0x00007fcee1588d07 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#23 0x00007fcee15327e9 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#24 0x00007fcee179ee20 in gtk_widget_size_allocate_with_baseline ()
    at /lib/x86_64-linux-gnu/libgtk-3.so.0
#25 0x00007fcee17bb78b in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#26 0x00007fcee0fadd2f in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#27 0x00007fcee0fc9895 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#28 0x00007fcee0fcb614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#29 0x00007fcee0fcb863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#30 0x00007fcee179f1a2 in gtk_widget_size_allocate_with_baseline ()
    at /lib/x86_64-linux-gnu/libgtk-3.so.0
#31 0x00007fcee17c01b4 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#32 0x00007fcee0fcb700 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#33 0x00007fcee0fcb863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#34 0x00007fcee1575740 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#35 0x00007fcee0fcb700 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#36 0x00007fcee0fcb863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#37 0x00007fcee133fbe6 in  () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#38 0x00007fcee132c2ad in  () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#39 0x00007fcee0eb52c8 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#40 0x00007fcee0eb4c44 in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#41 0x00007fcee0f096c8 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#42 0x00007fcee0eb23e3 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x000056524e9d6290 in gui_mch_update () at gui_gtk_x11.c:6430
#44 0x000056524e9c070e in win_alloc (after=0x0, hidden=hidden@entry=0) at window.c:5513
#45 0x000056524e9bf7f7 in win_split_ins (size=0, flags=0, new_wp=0x0, dir=0) at window.c:5731
#46 0x000056524e7fa597 in ex_splitview (eap=0x7ffdeecc9ae0) at ex_docmd.c:6825
#47 0x000056524e7f3d6e in do_one_cmd
--Type <RET> for more, q to quit, c to continue without paging--c
    (cmdlinep=0x7ffdeecc9ab0, flags=11, cstack=0x7ffdeecc9c68, cookie=0x0, fgetline=<optimized out>) at ex_docmd.c:2580
#48 do_cmdline (cmdline=<optimized out>, fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:993
#49 0x000056524e9f5751 in VimCommand (self=<optimized out>, string=<optimized out>) at ./if_py_both.h:699
#50 0x00007fcee052e9ee in  () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#51 0x00007fcee047b9b8 in _PyEval_EvalFrameDefault () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#52 0x00007fcee05c681f in  () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#53 0x00007fcee047862e in _PyEval_EvalFrameDefault () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#54 0x00007fcee05c681f in  () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#55 0x00007fcee047b9b8 in _PyEval_EvalFrameDefault () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#56 0x00007fcee05c681f in  () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#57 0x00007fcee047862e in _PyEval_EvalFrameDefault () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#58 0x00007fcee05c681f in  () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#59 0x00007fcee05c194e in PyEval_EvalCode () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#60 0x00007fcee06107bd in  () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#61 0x00007fcee06117e9 in PyRun_StringFlags () at /lib/x86_64-linux-gnu/libpython3.10.so.1.0
#62 0x000056524e9ebe78 in run_cmd (cmd=0x0, arg=<optimized out>, pygilstate=<optimized out>) at ./if_py_both.h:5697
#63 0x000056524e9ebd80 in DoPyCommand (cmd=<optimized out>, init_range=<optimized out>, run=0x56524e9ebe60 <run_cmd>, arg=arg@entry=0x7ffdeeccaef0) at if_python3.c:1275
#64 0x000056524e9eb31d in ex_py3 (eap=0x7ffdeeccaef0) at if_python3.c:1309
#65 0x000056524e7f3d6e in do_one_cmd (cmdlinep=0x7ffdeeccaec0, flags=11, cstack=0x7ffdeeccb078, cookie=0x7ffdeeccc220, fgetline=<optimized out>) at ex_docmd.c:2580
#66 do_cmdline (cmdline=cmdline@entry=0x56525129aad0 "python3 SpliceInit()", fgetline=0x56524e90af70 <getsourceline>, cookie=0x7ffdeeccc220, flags=flags@entry=11) at ex_docmd.c:993
#67 0x000056524e98027c in do_ucmd (eap=eap@entry=0x7ffdeeccb8d0) at usercmd.c:1953
#68 0x000056524e7f3d8c in do_one_cmd (cmdlinep=0x7ffdeeccb8a0, flags=11, cstack=0x7ffdeeccba58, cookie=0x7ffdeeccc220, fgetline=<optimized out>) at ex_docmd.c:2573
#69 do_cmdline (cmdline=<optimized out>, fgetline=0x56524e90af70 <getsourceline>, cookie=cookie@entry=0x7ffdeeccc220, flags=flags@entry=11) at ex_docmd.c:993
#70 0x000056524e99cc7a in exec_command (iptr=0x5652512b9000) at vim9execute.c:1951
#71 exec_instructions (ectx=ectx@entry=0x7ffdeecccb50) at vim9execute.c:3098
#72 0x000056524e9a2aaa in call_def_function (ufunc=ufunc@entry=0x565251138450, argc_arg=1, argc_arg@entry=32765, argv=argv@entry=0xeeccce10, flags=flags@entry=0, partial=0x0, object=0x0, funccal=0x565251194f90, rettv=0x7ffdeeccd580) at vim9execute.c:6065
#73 0x000056524e98431b in call_user_func (fp=0x565251138450, argcount=0, argvars=0x0, rettv=<optimized out>, funcexe=0x7ffdeeccd490, selfdict=<optimized out>) at userfunc.c:2784
#74 call_user_func_check (fp=fp@entry=0x565251138450, argcount=0, argcount@entry=1, argvars=0x0, argvars@entry=0x7ffdeeccd560, rettv=<optimized out>, rettv@entry=0x7ffdeeccd580, funcexe=funcexe@entry=0x7ffdeeccd490, selfdict=selfdict@entry=0x0) at userfunc.c:3202
#75 0x000056524e983191 in call_func (funcname=0x5652511bdf00 "\200\375R28_Trampoline", len=<optimized out>, rettv=0x0, argcount_in=<optimized out>, argvars_in=<optimized out>, funcexe=funcexe@entry=0x7ffdeeccd490) at userfunc.c:3758
#76 0x000056524e98557f in call_callback (callback=callback@entry=0x565251183358, len=0, len@entry=-1, rettv=0x0, rettv@entry=0x7ffdeeccd580, argcount=0, argcount@entry=1, argvars=0x0, argvars@entry=0x7ffdeeccd560) at userfunc.c:3503
#77 0x000056524e971aa6 in timer_callback (timer=0x565251183320) at time.c:510
#78 check_due_timer () at time.c:582
#79 0x000056524e976a95 in ui_wait_for_chars_or_timer (wtime=4000, wait_func=0x56524e9d2360 <gui_wait_for_chars_3>, interrupted=0x7ffdeeccd638, ignore_input=0) at ui.c:455
#80 0x000056524e976653 in inchar_loop (buf=buf@entry=0x56524eaed7c9 <typebuf_init+57> "", maxlen=maxlen@entry=69, wtime=wtime@entry=-1, tb_change_cnt=tb_change_cnt@entry=5, wait_func=0x56524e9d2340 <gui_wait_for_chars_or_timer>, resize_func=resize_func@entry=0x0) at ui.c:384
#81 0x000056524e9cfadd in gui_wait_for_chars_buf (buf=0x56524eaed7c9 <typebuf_init+57> "", maxlen=69, wtime=-1, tb_change_cnt=5) at gui.c:3026
#82 0x000056524e97647f in ui_inchar (buf=buf@entry=0x56524eaed7c9 <typebuf_init+57> "", maxlen=69, wtime=wtime@entry=-1, tb_change_cnt=tb_change_cnt@entry=5) at ui.c:226
#83 0x000056524e8247e3 in inchar (buf=0x0, maxlen=207, wait_time=-1) at getchar.c:3766
#84 0x000056524e8287d3 in vgetorpeek (advance=advance@entry=1) at getchar.c:3547
#85 0x000056524e82792c in vgetc () at getchar.c:1739
#86 0x000056524e829bc6 in safe_vgetc () at getchar.c:1990
#87 0x000056524e88132f in normal_cmd (oap=oap@entry=0x7ffdeeccda10, toplevel=toplevel@entry=1) at normal.c:750
#88 0x000056524ea15b9d in main_loop (cmdwin=cmdwin@entry=0, noexmode=noexmode@entry=0) at main.c:1533
#89 0x000056524ea14f25 in vim_main2 () at main.c:887
#90 0x000056524ea13b3f in main (argc=<optimized out>, argv=<optimized out>) at main.c:433


Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/11961@github.com>

Bram Moolenaar

unread,
Feb 8, 2023, 5:45:21 PM2/8/23
to vim/vim, Subscribed


Ernie Rael wrote:

> ### Steps to reproduce

>
> This is intermittent, happened 2 times out of ~15 tries. Mercurial is
> configured to run a vim based merge tool (Splice). Splice does
> configuration when it starts up. There some gtk on the stack, timing
> issue? The version of vim is less that a week old and I didn't see any
> recent changes that obviously covered this.
>
> Some gdb output, full backtrace below
> ```
> (gdb) up 5
> #5 0x000056524e7b781d in update_screen ***@***.***=40) at drawscreen.c:273

> 273 if (wp->w_buffer->b_mod_set)
> (gdb) p wp
> $1 = (win_T *) 0x5652512bc640
> (gdb) p wp->w_buffer
> $2 = (buf_T *) 0x0
> ```

[...]


> #3 0x000056524ea15316 in getout (exitval=1) at main.c:1750
> #4 0x00007fcee0042520 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6
> #5 0x000056524e7b781d in update_screen ***@***.***=40) at drawscreen.c:273

> #6 0x000056524e9520a9 in set_shellsize_inner (height=0, mustset=0, width=<optimized out>)
> at term.c:3702
> #7 set_shellsize (width=<optimized out>, height=0, mustset=0) at term.c:3740
> #8 0x000056524e9ce435 in gui_resize_shell (pixel_width=1796, ***@***.***=872)
> at gui.c:1593
[...]

> #43 0x000056524e9d6290 in gui_mch_update () at gui_gtk_x11.c:6430
> #44 0x000056524e9c070e in win_alloc (after=0x0, ***@***.***=0) at window.c:5513

> #45 0x000056524e9bf7f7 in win_split_ins (size=0, flags=0, new_wp=0x0, dir=0) at window.c:5731
> #46 0x000056524e7fa597 in ex_splitview (eap=0x7ffdeecc9ae0) at ex_docmd.c:6825

Yeah, update_screen() should not be called halfway adding a new window.
There is actually a check near the start of set_shellsize_inner() if the
buffer of the current window is NULL, but that doesn't catch this case.

We could check all windows, but then resizing might not work properly.
It's probably best to set the "RedrawingDisabled" flag while splitting a
window. The redrawing() function returns FALSE then and
update_screen() will return early.

--
Execuses for making a mistake:
In the morning: "I didn't have enough coffee yet!"
In the afternoon: "Look at all the things that I did right!"
In the evening: "I'm too tired!"

/// Bram Moolenaar -- ***@***.*** -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///


Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/11961/1423336654@github.com>

Bram Moolenaar

unread,
May 20, 2023, 9:07:46 AM5/20/23
to vim/vim, Subscribed

Closed #11961 as completed via 79cdf02.


Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issue/11961/issue_event/9294456148@github.com>

Reply all
Reply to author
Forward
0 new messages