Bug#881624: vim: Random crashes due to some memory corruption

Konstantin Khomoutov kostix at bswap.ru
Mon Nov 13 16:56:30 UTC 2017 

Package: vim
Version: 2:8.0.0197-4+deb9u1
Severity: normal
Tags: upstream

I use console Vim at an rxvt-unicode console with the support of 256
colors.  (I use the "Zenburn" colour theme with Vim, FWIW.)
That is, I have:

  $ echo $TERM
  rxvt-unicode-256color


I'm experience sporadic (but rare) crashes which basically come in two
flavours:

- One manifestation is that the output at the lower part of the window
  becomes garbled when scrolling (upwards).
  Pressin Ctrl-L fixes the problem.

  When I start seeing this, this is a symptom of an imminent crash which
  will happen withing minutes to a hour or two.

- Invoking Vim from a stopped background job using the "fg" command
  of my shell (which is bash).


No matter what the apparent cause, the crash always looks like Vim
getting the SIGABRT signal:

  Vim: Caught deadly signal ABRT
  
  Vim: Finished.
  Aborted.

In either case, I think this problem looks like some slow memory
corruption so the real trigger can be any action.


I have arranger for Vim to drop the core when crashing, and installed
the debug symbols package, so I have the output of the "bt" command in
a post-mortem GDB session, attached.


Please let me know if I can help more (it's okay for me to install
an instrumented version of Vim if needed.)


-- Package-specific info:

--- real paths of main Vim binaries ---
/usr/bin/vi is /usr/bin/vim.basic
/usr/bin/vim is /usr/bin/vim.basic

-- System Information:
Debian Release: 9.1
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages vim depends on:
ii  libacl1      2.2.52-3+b1
ii  libc6        2.24-11+deb9u1
ii  libgpm2      1.20.4-6.2+b1
ii  libselinux1  2.6-3+b3
ii  libtinfo5    6.0+20161126-1+deb9u1
ii  vim-common   2:8.0.0197-4+deb9u1
ii  vim-runtime  2:8.0.0197-4+deb9u1

vim recommends no packages.

Versions of packages vim suggests:
pn  ctags        <none>
pn  vim-doc      <none>
pn  vim-scripts  <none>

-- no debconf information
-------------- next part --------------
#0  0x00007efdf6b5e2e7 in kill () at ../sysdeps/unix/syscall-template.S:84
#1  0x00005574ebdab113 in may_core_dump () at os_unix.c:3357
#2  0x00005574ebdacdf3 in may_core_dump () at os_unix.c:3314
#3  mch_exit (r=1) at os_unix.c:3323
#4  0x00005574ebe51b7c in getout (exitval=1) at main.c:1495
#5  <signal handler called>
#6  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#7  0x00007efdf6b5f3fa in __GI_abort () at abort.c:89
#8  0x00007efdf6b9bbd0 in __libc_message (do_abort=do_abort at entry=2, 
    fmt=fmt at entry=0x7efdf6c90dd0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#9  0x00007efdf6ba1f96 in malloc_printerr (action=3, str=0x7efdf6c90e48 "double free or corruption (!prev)", 
    ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5049
#10 0x00007efdf6ba27de in _int_free (av=0x7efdf6ec4b00 <main_arena>, p=0x5574ed211cd0, have_lock=0) at malloc.c:3905
#11 0x00005574ebcdc6b2 in clear_tv (varp=varp at entry=0x5574ed224310) at eval.c:7091
#12 0x00005574ebcded91 in vars_clear_ext (ht=ht at entry=0x5574ed644fc0, free_val=free_val at entry=1) at eval.c:7627
#13 0x00005574ebcdedaa in vars_clear (ht=ht at entry=0x5574ed644fc0) at eval.c:7601
#14 0x00005574ebe326c6 in free_funccal (fc=0x5574ed644d60, free_val=free_val at entry=1) at userfunc.c:619
#15 0x00005574ebe37a64 in free_unref_funccal (copyID=copyID at entry=1982, testing=testing at entry=0) at userfunc.c:3471
#16 0x00005574ebcdb820 in garbage_collect (testing=testing at entry=0) at eval.c:5382
#17 0x00005574ebd470fb in before_blocking () at getchar.c:1526
#18 0x00005574ebdab7dd in mch_inchar (buf=buf at entry=0x5574ed55e3a6 "", maxlen=76, wtime=-1, tb_change_cnt=10929)
    at os_unix.c:455
#19 0x00005574ebe2b753 in ui_inchar (buf=buf at entry=0x5574ed55e3a6 "", maxlen=maxlen at entry=76, wtime=wtime at entry=-1, 
    tb_change_cnt=tb_change_cnt at entry=10929) at ui.c:195
#20 0x00005574ebd47534 in inchar (buf=0x5574ed55e3a6 "", maxlen=230, wait_time=-1, tb_change_cnt=10929)
    at getchar.c:3056
#21 0x00005574ebd49464 in vgetorpeek (advance=advance at entry=1) at getchar.c:2832
#22 0x00005574ebd49d68 in vgetc () at getchar.c:1605
#23 0x00005574ebd4a199 in safe_vgetc () at getchar.c:1801
#24 0x00005574ebd8f089 in normal_cmd (oap=0x7fff9c15b000, toplevel=1) at normal.c:627
#25 0x00005574ebe52585 in main_loop (cmdwin=0, noexmode=0) at main.c:1311
#26 0x00005574ebe533ab in vim_main2 () at main.c:877
#27 0x00005574ebcb503d in main (argc=<optimized out>, argv=<optimized out>) at main.c:415
quit

More information about the pkg-vim-maintainers mailing list