segfault in `marktree_itr_next_skip` #22801

lewis6991 · 2023-03-28T15:54:32Z

Problem

Random segaults. Happened a few times today:

0   nvim                          	       0x1030fb338 marktree_itr_next_skip + 688 (marktree.c:744)
1   nvim                          	       0x1030fb2b8 marktree_itr_next_skip + 560 (marktree.c:738)
2   nvim                          	       0x1030fa430 marktree_itr_next + 44 (marktree.c:703)
3   nvim                          	       0x102f974e8 decor_redraw_col + 592 (decoration.c:323)
4   nvim                          	       0x102fa8010 win_line + 9036 (drawline.c:1622)
5   nvim                          	       0x102fb4954 win_update + 10432 (drawscreen.c:2192)
6   nvim                          	       0x102fb15f8 update_screen + 2812 (drawscreen.c:621)
7   nvim                          	       0x10314e6e0 normal_redraw + 104 (normal.c:1315)
8   nvim                          	       0x10314e014 normal_check + 388 (normal.c:1408)
9   nvim                          	       0x1032426d4 state_enter + 76 (state.c:40)
10  nvim                          	       0x10313e0e0 normal_enter + 168 (normal.c:497)
11  nvim                          	       0x102ef5968 main + 4188 (main.c:641)
12  dyld                          	       0x198c77e50 start + 2544

traceback

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               nvim [34644]
Path:                  /usr/local/bin/nvim
Identifier:            nvim
Version:               ???
Code Type:             ARM-64 (Native)
Parent Process:        nvim [34643]
Responsible:           kitty [1161]
User ID:               501

Date/Time:             2023-03-29 13:32:13.3180 +0100
OS Version:            macOS 13.2.1 (22D68)
Report Version:        12
Anonymous UUID:        9360193C-5EBB-E569-B9F1-A27F9F9068F4

Sleep/Wake UUID:       36426B86-7C4A-4890-A634-DD6940509454

Time Awake Since Boot: 330000 seconds
Time Since Wake:       7009 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000008
Exception Codes:       0x0000000000000001, 0x0000000000000008

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [34644]

VM Region Info: 0x8 is not in any region.  Bytes before following region: 105555129532408
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      MALLOC_NANO (reserved)   600078000000-600080000000 [128.0M] rw-/rwx SM=NUL  ...(unallocated)

Kernel Triage:
VM - pmap_enter retried due to resource shortage
VM - pmap_enter retried due to resource shortage
VM - pmap_enter retried due to resource shortage
VM - pmap_enter retried due to resource shortage
VM - pmap_enter retried due to resource shortage


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   nvim                          	       0x1030fb338 marktree_itr_next_skip + 688 (marktree.c:744)
1   nvim                          	       0x1030fb2b8 marktree_itr_next_skip + 560 (marktree.c:738)
2   nvim                          	       0x1030fa430 marktree_itr_next + 44 (marktree.c:703)
3   nvim                          	       0x102f974e8 decor_redraw_col + 592 (decoration.c:323)
4   nvim                          	       0x102fa8010 win_line + 9036 (drawline.c:1622)
5   nvim                          	       0x102fb4954 win_update + 10432 (drawscreen.c:2192)
6   nvim                          	       0x102fb15f8 update_screen + 2812 (drawscreen.c:621)
7   nvim                          	       0x10314e6e0 normal_redraw + 104 (normal.c:1315)
8   nvim                          	       0x10314e014 normal_check + 388 (normal.c:1408)
9   nvim                          	       0x1032426d4 state_enter + 76 (state.c:40)
10  nvim                          	       0x10313e0e0 normal_enter + 168 (normal.c:497)
11  nvim                          	       0x102ef5968 main + 4188 (main.c:641)
12  dyld                          	       0x198c77e50 start + 2544

Thread 1:
0   libsystem_kernel.dylib        	       0x198f6584c __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x198fa2638 _pthread_cond_wait + 1232
2   nvim                          	       0x1033e53ac uv_cond_wait + 32
3   nvim                          	       0x1033c5540 worker + 280
4   libsystem_pthread.dylib       	       0x198fa206c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x198f9ce2c thread_start + 8

Thread 2:
0   libsystem_kernel.dylib        	       0x198f6584c __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x198fa2638 _pthread_cond_wait + 1232
2   nvim                          	       0x1033e53ac uv_cond_wait + 32
3   nvim                          	       0x1033c5540 worker + 280
4   libsystem_pthread.dylib       	       0x198fa206c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x198f9ce2c thread_start + 8

Thread 3:
0   libsystem_kernel.dylib        	       0x198f6584c __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x198fa2638 _pthread_cond_wait + 1232
2   nvim                          	       0x1033e53ac uv_cond_wait + 32
3   nvim                          	       0x1033c5540 worker + 280
4   libsystem_pthread.dylib       	       0x198fa206c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x198f9ce2c thread_start + 8

Thread 4:
0   libsystem_kernel.dylib        	       0x198f6584c __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x198fa2638 _pthread_cond_wait + 1232
2   nvim                          	       0x1033e53ac uv_cond_wait + 32
3   nvim                          	       0x1033c5540 worker + 280
4   libsystem_pthread.dylib       	       0x198fa206c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x198f9ce2c thread_start + 8


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x00000001034aa490   x1: 0x0000000000000000   x2: 0x0000000000000000   x3: 0x0000000000000000
    x4: 0x00000001034aa490   x5: 0x000000016cf0b7a0   x6: 0x0000000000000020   x7: 0x0000000000000e90
    x8: 0x0000000000000000   x9: 0x0000000000000004  x10: 0x0000000000000002  x11: 0x000000000000001d
   x12: 0x0000000000000001  x13: 0x00000000ffff800c  x14: 0x0000000000000efa  x15: 0x00000000ffff7dff
   x16: 0x0000000198deb6a4  x17: 0x00000001f938ffb8  x18: 0x0000000000000000  x19: 0x000000010366dc10
   x20: 0x0000000102ef490c  x21: 0x000000010366dc30  x22: 0x000000016cf0ed60  x23: 0x0000000198ced000
   x24: 0x00000001f4a33600  x25: 0x0000000000000000  x26: 0x0000000000000000  x27: 0x0000000000000000
   x28: 0x0000000000000000   fp: 0x000000016cf0b4c0   lr: 0x00000001030fb2b8
    sp: 0x000000016cf0b490   pc: 0x00000001030fb338 cpsr: 0x20001000
   far: 0x0000000000000008  esr: 0x92000006 (Data Abort) byte read Translation fault

Binary Images:
       0x102ef0000 -        0x10347bfff nvim (*) <3cdd5d97-64a8-397f-8beb-8cd573e9acaa> /usr/local/bin/nvim
       0x198c72000 -        0x198cfcba3 dyld (*) <191e84f1-4b95-39c8-b253-1c1ef56c0fa8> /usr/lib/dyld
       0x198f61000 -        0x198f9afeb libsystem_kernel.dylib (*) <3dcd49b9-b3c5-3d90-be40-a3b807cb9cd7> /usr/lib/system/libsystem_kernel.dylib
       0x198f9b000 -        0x198fa7ffb libsystem_pthread.dylib (*) <9f3b729a-ed04-3e65-adac-d75ad06ebbdc> /usr/lib/system/libsystem_pthread.dylib
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 4
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=877.8M resident=0K(0%) swapped_out_or_unallocated=877.8M(100%)
Writable regions: Total=7.1G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=7.1G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Activity Tracing                   256K        1 
Kernel Alloc Once                   32K        1 
MALLOC                             4.1G      193 
MALLOC guard page                   96K        4 
MALLOC_LARGE (reserved)            1.5G        1         reserved VM address space (unallocated)
MALLOC_MEDIUM (reserved)         904.0M        8         reserved VM address space (unallocated)
MALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)
STACK GUARD                       56.1M        5 
Stack                             40.1M        5 
VM_ALLOCATE                      292.2M     2289 
__AUTH                             307K       58 
__AUTH_CONST                      3558K      142 
__DATA                            1771K      140 
__DATA_CONST                      4198K      154 
__DATA_DIRTY                       361K       58 
__LINKEDIT                       769.6M       12 
__OBJC_CONST                       289K       36 
__OBJC_RO                         65.5M        1 
__OBJC_RW                         1988K        1 
__TEXT                           108.2M      161 
dyld private memory                256K        1 
mapped file                         16K        1 
shared memory                       32K        2 
===========                     =======  ======= 
TOTAL                              8.1G     3275 
TOTAL, minus reserved VM space     5.4G     3275 



-----------
Full Report
-----------

{"app_name":"nvim","timestamp":"2023-03-29 13:32:13.00 +0100","app_version":"","slice_uuid":"3cdd5d97-64a8-397f-8beb-8cd573e9acaa","build_version":"","platform":1,"share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 13.2.1 (22D68)","roots_installed":0,"incident_id":"22020022-1316-41EE-A02D-CD6DD97659A5","name":"nvim"}
{
  "uptime" : 330000,
  "procRole" : "Unspecified",
  "version" : 2,
  "userID" : 501,
  "deployVersion" : 210,
  "modelCode" : "MacBookPro18,3",
  "coalitionID" : 999,
  "osVersion" : {
    "train" : "macOS 13.2.1",
    "build" : "22D68",
    "releaseType" : "User"
  },
  "captureTime" : "2023-03-29 13:32:13.3180 +0100",
  "incident" : "22020022-1316-41EE-A02D-CD6DD97659A5",
  "pid" : 34644,
  "translated" : false,
  "cpuType" : "ARM-64",
  "roots_installed" : 0,
  "bug_type" : "309",
  "procLaunch" : "2023-03-29 11:52:28.3327 +0100",
  "procStartAbsTime" : 7815097405406,
  "procExitAbsTime" : 7958734946922,
  "procName" : "nvim",
  "procPath" : "\/usr\/local\/bin\/nvim",
  "parentProc" : "nvim",
  "parentPid" : 34643,
  "coalitionName" : "net.kovidgoyal.kitty",
  "crashReporterKey" : "9360193C-5EBB-E569-B9F1-A27F9F9068F4",
  "responsiblePid" : 1161,
  "responsibleProc" : "kitty",
  "wakeTime" : 7009,
  "sleepWakeUUID" : "36426B86-7C4A-4890-A634-DD6940509454",
  "sip" : "enabled",
  "vmRegionInfo" : "0x8 is not in any region.  Bytes before following region: 105555129532408\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      MALLOC_NANO (reserved)   600078000000-600080000000 [128.0M] rw-\/rwx SM=NUL  ...(unallocated)",
  "exception" : {"codes":"0x0000000000000001, 0x0000000000000008","rawCodes":[1,8],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x0000000000000008"},
  "termination" : {"flags":0,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":34644},
  "ktriageinfo" : "VM - pmap_enter retried due to resource shortage\nVM - pmap_enter retried due to resource shortage\nVM - pmap_enter retried due to resource shortage\nVM - pmap_enter retried due to resource shortage\nVM - pmap_enter retried due to resource shortage\n",
  "vmregioninfo" : "0x8 is not in any region.  Bytes before following region: 105555129532408\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      MALLOC_NANO (reserved)   600078000000-600080000000 [128.0M] rw-\/rwx SM=NUL  ...(unallocated)",
  "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":4},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
  "faultingThread" : 0,
  "threads" : [{"triggered":true,"id":6634362,"threadState":{"x":[{"value":4350190736,"symbolLocation":0,"symbol":"decor_state"},{"value":0},{"value":0},{"value":0},{"value":4350190736,"symbolLocation":0,"symbol":"decor_state"},{"value":6122682272},{"value":32},{"value":3728},{"value":0},{"value":4},{"value":2},{"value":29},{"value":1},{"value":4294934540},{"value":3834},{"value":4294934015},{"value":6859699876,"symbolLocation":0,"symbol":"free"},{"value":8476229560},{"value":0},{"value":4352039952},{"sourceLine":239,"value":4344203532,"sourceFile":"main.c","symbol":"main","symbolLocation":0},{"value":4352039984},{"value":6122696032},{"value":6858657792,"symbolLocation":24,"symbol":"objc_visitor::Visitor::forEachClass(bool, objc_visitor::Visitor::DataSection const&, void (objc_visitor::Class&, bool, bool&) block_pointer) (.cold.1)"},{"value":8399304192,"symbolLocation":0,"symbol":"gProcessInfo"},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4346327736},"cpsr":{"value":536875008},"fp":{"value":6122681536},"sp":{"value":6122681488},"esr":{"value":2449473542,"description":"(Data Abort) byte read Translation fault"},"pc":{"value":4346327864,"matchesCrashFrame":1},"far":{"value":8}},"queue":"com.apple.main-thread","frames":[{"imageOffset":2143032,"sourceLine":744,"sourceFile":"marktree.c","symbol":"marktree_itr_next_skip","imageIndex":0,"symbolLocation":688},{"imageOffset":2142904,"sourceLine":738,"sourceFile":"marktree.c","symbol":"marktree_itr_next_skip","imageIndex":0,"symbolLocation":560},{"imageOffset":2139184,"sourceLine":703,"sourceFile":"marktree.c","symbol":"marktree_itr_next","imageIndex":0,"symbolLocation":44},{"imageOffset":685288,"sourceLine":323,"sourceFile":"decoration.c","symbol":"decor_redraw_col","imageIndex":0,"symbolLocation":592},{"imageOffset":753680,"sourceLine":1622,"sourceFile":"drawline.c","symbol":"win_line","imageIndex":0,"symbolLocation":9036},{"imageOffset":805204,"sourceLine":2192,"sourceFile":"drawscreen.c","symbol":"win_update","imageIndex":0,"symbolLocation":10432},{"imageOffset":792056,"sourceLine":621,"sourceFile":"drawscreen.c","symbol":"update_screen","imageIndex":0,"symbolLocation":2812},{"imageOffset":2483936,"sourceLine":1315,"sourceFile":"normal.c","symbol":"normal_redraw","imageIndex":0,"symbolLocation":104},{"imageOffset":2482196,"sourceLine":1408,"sourceFile":"normal.c","symbol":"normal_check","imageIndex":0,"symbolLocation":388},{"imageOffset":3483348,"sourceLine":40,"sourceFile":"state.c","symbol":"state_enter","imageIndex":0,"symbolLocation":76},{"imageOffset":2416864,"sourceLine":497,"sourceFile":"normal.c","symbol":"normal_enter","imageIndex":0,"symbolLocation":168},{"imageOffset":22888,"sourceLine":641,"sourceFile":"main.c","symbol":"main","imageIndex":0,"symbolLocation":4188},{"imageOffset":24144,"symbol":"start","symbolLocation":2544,"imageIndex":1}]},{"id":6634402,"frames":[{"imageOffset":18508,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":2},{"imageOffset":30264,"symbol":"_pthread_cond_wait","symbolLocation":1232,"imageIndex":3},{"imageOffset":5198764,"symbol":"uv_cond_wait","symbolLocation":32,"imageIndex":0},{"imageOffset":5068096,"symbol":"worker","symbolLocation":280,"imageIndex":0},{"imageOffset":28780,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":3},{"imageOffset":7724,"symbol":"thread_start","symbolLocation":8,"imageIndex":3}]},{"id":6634403,"frames":[{"imageOffset":18508,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":2},{"imageOffset":30264,"symbol":"_pthread_cond_wait","symbolLocation":1232,"imageIndex":3},{"imageOffset":5198764,"symbol":"uv_cond_wait","symbolLocation":32,"imageIndex":0},{"imageOffset":5068096,"symbol":"worker","symbolLocation":280,"imageIndex":0},{"imageOffset":28780,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":3},{"imageOffset":7724,"symbol":"thread_start","symbolLocation":8,"imageIndex":3}]},{"id":6634404,"frames":[{"imageOffset":18508,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":2},{"imageOffset":30264,"symbol":"_pthread_cond_wait","symbolLocation":1232,"imageIndex":3},{"imageOffset":5198764,"symbol":"uv_cond_wait","symbolLocation":32,"imageIndex":0},{"imageOffset":5068096,"symbol":"worker","symbolLocation":280,"imageIndex":0},{"imageOffset":28780,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":3},{"imageOffset":7724,"symbol":"thread_start","symbolLocation":8,"imageIndex":3}]},{"id":6634405,"frames":[{"imageOffset":18508,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":2},{"imageOffset":30264,"symbol":"_pthread_cond_wait","symbolLocation":1232,"imageIndex":3},{"imageOffset":5198764,"symbol":"uv_cond_wait","symbolLocation":32,"imageIndex":0},{"imageOffset":5068096,"symbol":"worker","symbolLocation":280,"imageIndex":0},{"imageOffset":28780,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":3},{"imageOffset":7724,"symbol":"thread_start","symbolLocation":8,"imageIndex":3}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 4344184832,
    "size" : 5816320,
    "uuid" : "3cdd5d97-64a8-397f-8beb-8cd573e9acaa",
    "path" : "\/usr\/local\/bin\/nvim",
    "name" : "nvim"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6858153984,
    "size" : 568228,
    "uuid" : "191e84f1-4b95-39c8-b253-1c1ef56c0fa8",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6861230080,
    "size" : 237548,
    "uuid" : "3dcd49b9-b3c5-3d90-be40-a3b807cb9cd7",
    "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib",
    "name" : "libsystem_kernel.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6861467648,
    "size" : 53244,
    "uuid" : "9f3b729a-ed04-3e65-adac-d75ad06ebbdc",
    "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
    "name" : "libsystem_pthread.dylib"
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  }
],
  "sharedCache" : {
  "base" : 6857506816,
  "size" : 3447455744,
  "uuid" : "835716ae-b363-3187-b065-cf94139bfc85"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=877.8M resident=0K(0%) swapped_out_or_unallocated=877.8M(100%)\nWritable regions: Total=7.1G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=7.1G(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nActivity Tracing                   256K        1 \nKernel Alloc Once                   32K        1 \nMALLOC                             4.1G      193 \nMALLOC guard page                   96K        4 \nMALLOC_LARGE (reserved)            1.5G        1         reserved VM address space (unallocated)\nMALLOC_MEDIUM (reserved)         904.0M        8         reserved VM address space (unallocated)\nMALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)\nSTACK GUARD                       56.1M        5 \nStack                             40.1M        5 \nVM_ALLOCATE                      292.2M     2289 \n__AUTH                             307K       58 \n__AUTH_CONST                      3558K      142 \n__DATA                            1771K      140 \n__DATA_CONST                      4198K      154 \n__DATA_DIRTY                       361K       58 \n__LINKEDIT                       769.6M       12 \n__OBJC_CONST                       289K       36 \n__OBJC_RO                         65.5M        1 \n__OBJC_RW                         1988K        1 \n__TEXT                           108.2M      161 \ndyld private memory                256K        1 \nmapped file                         16K        1 \nshared memory                       32K        2 \n===========                     =======  ======= \nTOTAL                              8.1G     3275 \nTOTAL, minus reserved VM space     5.4G     3275 \n",
  "legacyInfo" : {
  "threadTriggered" : {
    "queue" : "com.apple.main-thread"
  }
},
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "62fe74515312cd4599bd3c80",
      "factorPackIds" : {
        "MYRIAD_BOOSTS" : "62fe74805312cd4599bd3c81"
      },
      "deploymentId" : 240000006
    },
    {
      "rolloutId" : "60da5e84ab0ca017dace9abf",
      "factorPackIds" : {

      },
      "deploymentId" : 240000008
    }
  ],
  "experiments" : [
    {
      "treatmentId" : "c28e4ee6-1b08-4f90-8e05-2809e78310a3",
      "experimentId" : "6317d2003d24842ff850182a",
      "deploymentId" : 400000012
    }
  ]
}
}

Steps to reproduce

NA

Neovim version (nvim -v)

NVIM v0.9.0-dev-bad218cd6

Operating system/version

macOS 13.2.1

Installation

Source

The text was updated successfully, but these errors were encountered:

lewis6991 · 2023-03-29T10:48:28Z

Another (different) crash (with line numbers), but still related to the decor provider:

0   nvim                          	       0x102abf2f4 draw_virt_text_item + 180 (drawline.c:319)
1   nvim                          	       0x102abf0d8 draw_virt_text + 820 (drawline.c:293)
2   nvim                          	       0x102abf0d8 draw_virt_text + 820 (drawline.c:293)
3   nvim                          	       0x102abc07c win_line + 25528 (drawline.c:2704)
4   nvim                          	       0x102ac4954 win_update + 10432 (drawscreen.c:2192)
5   nvim                          	       0x102ac15f8 update_screen + 2812 (drawscreen.c:621)
6   nvim                          	       0x102c5e6e0 normal_redraw + 104 (normal.c:1315)
7   nvim                          	       0x102c5e014 normal_check + 388 (normal.c:1408)
8   nvim                          	       0x102d526d4 state_enter + 76 (state.c:40)
9   nvim                          	       0x102c4e0e0 normal_enter + 168 (normal.c:497)
10  nvim                          	       0x102a05968 main + 4188 (main.c:641)
11  dyld                          	       0x198c77e50 start + 2544

backtrace

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               nvim [7206]
Path:                  /usr/local/bin/nvim
Identifier:            nvim
Version:               ???
Code Type:             ARM-64 (Native)
Parent Process:        Exited process [7205]
Responsible:           kitty [1161]
User ID:               501

Date/Time:             2023-03-29 11:46:18.9166 +0100
OS Version:            macOS 13.2.1 (22D68)
Report Version:        12
Anonymous UUID:        9360193C-5EBB-E569-B9F1-A27F9F9068F4

Sleep/Wake UUID:       36426B86-7C4A-4890-A634-DD6940509454

Time Awake Since Boot: 320000 seconds
Time Since Wake:       655 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes:       0x0000000000000001, 0x0000000000000000

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [7206]

VM Region Info: 0 is not in any region.  Bytes before following region: 4339007488
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                      102a00000-102f8c000    [ 5680K] r-x/r-x SM=COW  ...ocal/bin/nvim

Kernel Triage:
VM - pmap_enter retried due to resource shortage
VM - pmap_enter retried due to resource shortage
VM - pmap_enter retried due to resource shortage
VM - pmap_enter retried due to resource shortage
VM - pmap_enter retried due to resource shortage


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   nvim                          	       0x102abf2f4 draw_virt_text_item + 180 (drawline.c:319)
1   nvim                          	       0x102abf0d8 draw_virt_text + 820 (drawline.c:293)
2   nvim                          	       0x102abf0d8 draw_virt_text + 820 (drawline.c:293)
3   nvim                          	       0x102abc07c win_line + 25528 (drawline.c:2704)
4   nvim                          	       0x102ac4954 win_update + 10432 (drawscreen.c:2192)
5   nvim                          	       0x102ac15f8 update_screen + 2812 (drawscreen.c:621)
6   nvim                          	       0x102c5e6e0 normal_redraw + 104 (normal.c:1315)
7   nvim                          	       0x102c5e014 normal_check + 388 (normal.c:1408)
8   nvim                          	       0x102d526d4 state_enter + 76 (state.c:40)
9   nvim                          	       0x102c4e0e0 normal_enter + 168 (normal.c:497)
10  nvim                          	       0x102a05968 main + 4188 (main.c:641)
11  dyld                          	       0x198c77e50 start + 2544

Thread 1:
0   libsystem_kernel.dylib        	       0x198f6584c __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x198fa2638 _pthread_cond_wait + 1232
2   nvim                          	       0x102ef53ac uv_cond_wait + 32
3   nvim                          	       0x102ed5540 worker + 280
4   libsystem_pthread.dylib       	       0x198fa206c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x198f9ce2c thread_start + 8

Thread 2:
0   libsystem_kernel.dylib        	       0x198f6584c __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x198fa2638 _pthread_cond_wait + 1232
2   nvim                          	       0x102ef53ac uv_cond_wait + 32
3   nvim                          	       0x102ed5540 worker + 280
4   libsystem_pthread.dylib       	       0x198fa206c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x198f9ce2c thread_start + 8

Thread 3:
0   libsystem_kernel.dylib        	       0x198f6584c __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x198fa2638 _pthread_cond_wait + 1232
2   nvim                          	       0x102ef53ac uv_cond_wait + 32
3   nvim                          	       0x102ed5540 worker + 280
4   libsystem_pthread.dylib       	       0x198fa206c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x198f9ce2c thread_start + 8

Thread 4:
0   libsystem_kernel.dylib        	       0x198f6584c __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x198fa2638 _pthread_cond_wait + 1232
2   nvim                          	       0x102ef53ac uv_cond_wait + 32
3   nvim                          	       0x102ed5540 worker + 280
4   libsystem_pthread.dylib       	       0x198fa206c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x198f9ce2c thread_start + 8


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x000000012881f200   x1: 0x000000000000000f   x2: 0x000000016d3fb810   x3: 0x0000000000000000
    x4: 0x0000000000000065   x5: 0x0000000000000008   x6: 0x000000016d3fbd10   x7: 0x0000000000000780
    x8: 0x000000016d3fb810   x9: 0x0000000000000000  x10: 0x0000000000000000  x11: 0x0000000000000064
   x12: 0x0000000000000001  x13: 0x00000000ffff821c  x14: 0x000000000000281c  x15: 0x00000000ffff7dff
   x16: 0x0000000198fcfed0  x17: 0x00000001f938ffb8  x18: 0x0000000000000000  x19: 0x000000010317dc10
   x20: 0x0000000102a0490c  x21: 0x000000010317dc30  x22: 0x000000016d3fed60  x23: 0x0000000198ced000
   x24: 0x00000001f4a33600  x25: 0x0000000000000000  x26: 0x0000000000000000  x27: 0x0000000000000000
   x28: 0x0000000000000000   fp: 0x000000016d3fb790   lr: 0x0000000102abf0d8
    sp: 0x000000016d3fb6b0   pc: 0x0000000102abf2f4 cpsr: 0x80001000
   far: 0x0000000000000000  esr: 0x92000006 (Data Abort) byte read Translation fault

Binary Images:
       0x102a00000 -        0x102f8bfff nvim (*) <3cdd5d97-64a8-397f-8beb-8cd573e9acaa> /usr/local/bin/nvim
       0x198c72000 -        0x198cfcba3 dyld (*) <191e84f1-4b95-39c8-b253-1c1ef56c0fa8> /usr/lib/dyld
       0x198f61000 -        0x198f9afeb libsystem_kernel.dylib (*) <3dcd49b9-b3c5-3d90-be40-a3b807cb9cd7> /usr/lib/system/libsystem_kernel.dylib
       0x198f9b000 -        0x198fa7ffb libsystem_pthread.dylib (*) <9f3b729a-ed04-3e65-adac-d75ad06ebbdc> /usr/lib/system/libsystem_pthread.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 4
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=877.8M resident=0K(0%) swapped_out_or_unallocated=877.8M(100%)
Writable regions: Total=2.2G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=2.2G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Activity Tracing                   256K        1 
Kernel Alloc Once                   32K        1 
MALLOC                           818.2M       66 
MALLOC guard page                   96K        4 
MALLOC_MEDIUM (reserved)         936.0M        8         reserved VM address space (unallocated)
MALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)
STACK GUARD                       56.1M        5 
Stack                             40.1M        5 
VM_ALLOCATE                       80.0M      636 
__AUTH                             307K       58 
__AUTH_CONST                      3558K      142 
__DATA                            1771K      140 
__DATA_CONST                      4198K      154 
__DATA_DIRTY                       361K       58 
__LINKEDIT                       769.6M       12 
__OBJC_CONST                       289K       36 
__OBJC_RO                         65.5M        1 
__OBJC_RW                         1988K        1 
__TEXT                           108.2M      161 
dyld private memory                256K        1 
mapped file                         16K        1 
shared memory                       32K        2 
===========                     =======  ======= 
TOTAL                              3.2G     1494 
TOTAL, minus reserved VM space     1.9G     1494 



-----------
Full Report
-----------

{"app_name":"nvim","timestamp":"2023-03-29 11:46:22.00 +0100","app_version":"","slice_uuid":"3cdd5d97-64a8-397f-8beb-8cd573e9acaa","build_version":"","platform":1,"share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 13.2.1 (22D68)","roots_installed":0,"incident_id":"CD70F130-80CE-4C0A-B563-15C7BB7BC9A2","name":"nvim"}
{
  "uptime" : 320000,
  "procRole" : "Unspecified",
  "version" : 2,
  "userID" : 501,
  "deployVersion" : 210,
  "modelCode" : "MacBookPro18,3",
  "coalitionID" : 999,
  "osVersion" : {
    "train" : "macOS 13.2.1",
    "build" : "22D68",
    "releaseType" : "User"
  },
  "captureTime" : "2023-03-29 11:46:18.9166 +0100",
  "incident" : "CD70F130-80CE-4C0A-B563-15C7BB7BC9A2",
  "pid" : 7206,
  "translated" : false,
  "cpuType" : "ARM-64",
  "roots_installed" : 0,
  "bug_type" : "309",
  "procLaunch" : "2023-03-29 09:47:31.1383 +0100",
  "procStartAbsTime" : 7641973397889,
  "procExitAbsTime" : 7806230795678,
  "procName" : "nvim",
  "procPath" : "\/usr\/local\/bin\/nvim",
  "parentProc" : "Exited process",
  "parentPid" : 7205,
  "coalitionName" : "net.kovidgoyal.kitty",
  "crashReporterKey" : "9360193C-5EBB-E569-B9F1-A27F9F9068F4",
  "responsiblePid" : 1161,
  "responsibleProc" : "kitty",
  "wakeTime" : 655,
  "sleepWakeUUID" : "36426B86-7C4A-4890-A634-DD6940509454",
  "sip" : "enabled",
  "vmRegionInfo" : "0 is not in any region.  Bytes before following region: 4339007488\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      __TEXT                      102a00000-102f8c000    [ 5680K] r-x\/r-x SM=COW  ...ocal\/bin\/nvim",
  "exception" : {"codes":"0x0000000000000001, 0x0000000000000000","rawCodes":[1,0],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x0000000000000000"},
  "termination" : {"flags":0,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":7206},
  "ktriageinfo" : "VM - pmap_enter retried due to resource shortage\nVM - pmap_enter retried due to resource shortage\nVM - pmap_enter retried due to resource shortage\nVM - pmap_enter retried due to resource shortage\nVM - pmap_enter retried due to resource shortage\n",
  "vmregioninfo" : "0 is not in any region.  Bytes before following region: 4339007488\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      __TEXT                      102a00000-102f8c000    [ 5680K] r-x\/r-x SM=COW  ...ocal\/bin\/nvim",
  "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":4},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
  "faultingThread" : 0,
  "threads" : [{"triggered":true,"id":6482063,"threadState":{"x":[{"value":4974572032},{"value":15},{"value":6127859728},{"value":0},{"value":101},{"value":8},{"value":6127861008},{"value":1920},{"value":6127859728},{"value":0},{"value":0},{"value":100},{"value":1},{"value":4294935068},{"value":10268},{"value":4294934015},{"value":6861684432,"symbolLocation":0,"symbol":"_platform_memmove"},{"value":8476229560},{"value":0},{"value":4346862608},{"sourceLine":239,"value":4339026188,"sourceFile":"main.c","symbol":"main","symbolLocation":0},{"value":4346862640},{"value":6127873376},{"value":6858657792,"symbolLocation":24,"symbol":"objc_visitor::Visitor::forEachClass(bool, objc_visitor::Visitor::DataSection const&, void (objc_visitor::Class&, bool, bool&) block_pointer) (.cold.1)"},{"value":8399304192,"symbolLocation":0,"symbol":"gProcessInfo"},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4339790040},"cpsr":{"value":2147487744},"fp":{"value":6127859600},"sp":{"value":6127859376},"esr":{"value":2449473542,"description":"(Data Abort) byte read Translation fault"},"pc":{"value":4339790580,"matchesCrashFrame":1},"far":{"value":0}},"queue":"com.apple.main-thread","frames":[{"imageOffset":783092,"sourceLine":319,"sourceFile":"drawline.c","symbol":"draw_virt_text_item","imageIndex":0,"symbolLocation":180},{"imageOffset":782552,"sourceLine":293,"sourceFile":"drawline.c","symbol":"draw_virt_text","imageIndex":0,"symbolLocation":820},{"imageOffset":782552,"sourceLine":293,"sourceFile":"drawline.c","symbol":"draw_virt_text","imageIndex":0,"symbolLocation":820},{"imageOffset":770172,"sourceLine":2704,"sourceFile":"drawline.c","symbol":"win_line","imageIndex":0,"symbolLocation":25528},{"imageOffset":805204,"sourceLine":2192,"sourceFile":"drawscreen.c","symbol":"win_update","imageIndex":0,"symbolLocation":10432},{"imageOffset":792056,"sourceLine":621,"sourceFile":"drawscreen.c","symbol":"update_screen","imageIndex":0,"symbolLocation":2812},{"imageOffset":2483936,"sourceLine":1315,"sourceFile":"normal.c","symbol":"normal_redraw","imageIndex":0,"symbolLocation":104},{"imageOffset":2482196,"sourceLine":1408,"sourceFile":"normal.c","symbol":"normal_check","imageIndex":0,"symbolLocation":388},{"imageOffset":3483348,"sourceLine":40,"sourceFile":"state.c","symbol":"state_enter","imageIndex":0,"symbolLocation":76},{"imageOffset":2416864,"sourceLine":497,"sourceFile":"normal.c","symbol":"normal_enter","imageIndex":0,"symbolLocation":168},{"imageOffset":22888,"sourceLine":641,"sourceFile":"main.c","symbol":"main","imageIndex":0,"symbolLocation":4188},{"imageOffset":24144,"symbol":"start","symbolLocation":2544,"imageIndex":1}]},{"id":6482096,"frames":[{"imageOffset":18508,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":2},{"imageOffset":30264,"symbol":"_pthread_cond_wait","symbolLocation":1232,"imageIndex":3},{"imageOffset":5198764,"symbol":"uv_cond_wait","symbolLocation":32,"imageIndex":0},{"imageOffset":5068096,"symbol":"worker","symbolLocation":280,"imageIndex":0},{"imageOffset":28780,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":3},{"imageOffset":7724,"symbol":"thread_start","symbolLocation":8,"imageIndex":3}]},{"id":6482097,"frames":[{"imageOffset":18508,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":2},{"imageOffset":30264,"symbol":"_pthread_cond_wait","symbolLocation":1232,"imageIndex":3},{"imageOffset":5198764,"symbol":"uv_cond_wait","symbolLocation":32,"imageIndex":0},{"imageOffset":5068096,"symbol":"worker","symbolLocation":280,"imageIndex":0},{"imageOffset":28780,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":3},{"imageOffset":7724,"symbol":"thread_start","symbolLocation":8,"imageIndex":3}]},{"id":6482098,"frames":[{"imageOffset":18508,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":2},{"imageOffset":30264,"symbol":"_pthread_cond_wait","symbolLocation":1232,"imageIndex":3},{"imageOffset":5198764,"symbol":"uv_cond_wait","symbolLocation":32,"imageIndex":0},{"imageOffset":5068096,"symbol":"worker","symbolLocation":280,"imageIndex":0},{"imageOffset":28780,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":3},{"imageOffset":7724,"symbol":"thread_start","symbolLocation":8,"imageIndex":3}]},{"id":6482099,"frames":[{"imageOffset":18508,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":2},{"imageOffset":30264,"symbol":"_pthread_cond_wait","symbolLocation":1232,"imageIndex":3},{"imageOffset":5198764,"symbol":"uv_cond_wait","symbolLocation":32,"imageIndex":0},{"imageOffset":5068096,"symbol":"worker","symbolLocation":280,"imageIndex":0},{"imageOffset":28780,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":3},{"imageOffset":7724,"symbol":"thread_start","symbolLocation":8,"imageIndex":3}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 4339007488,
    "size" : 5816320,
    "uuid" : "3cdd5d97-64a8-397f-8beb-8cd573e9acaa",
    "path" : "\/usr\/local\/bin\/nvim",
    "name" : "nvim"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6858153984,
    "size" : 568228,
    "uuid" : "191e84f1-4b95-39c8-b253-1c1ef56c0fa8",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6861230080,
    "size" : 237548,
    "uuid" : "3dcd49b9-b3c5-3d90-be40-a3b807cb9cd7",
    "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib",
    "name" : "libsystem_kernel.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6861467648,
    "size" : 53244,
    "uuid" : "9f3b729a-ed04-3e65-adac-d75ad06ebbdc",
    "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
    "name" : "libsystem_pthread.dylib"
  }
],
  "sharedCache" : {
  "base" : 6857506816,
  "size" : 3447455744,
  "uuid" : "835716ae-b363-3187-b065-cf94139bfc85"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=877.8M resident=0K(0%) swapped_out_or_unallocated=877.8M(100%)\nWritable regions: Total=2.2G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=2.2G(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nActivity Tracing                   256K        1 \nKernel Alloc Once                   32K        1 \nMALLOC                           818.2M       66 \nMALLOC guard page                   96K        4 \nMALLOC_MEDIUM (reserved)         936.0M        8         reserved VM address space (unallocated)\nMALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)\nSTACK GUARD                       56.1M        5 \nStack                             40.1M        5 \nVM_ALLOCATE                       80.0M      636 \n__AUTH                             307K       58 \n__AUTH_CONST                      3558K      142 \n__DATA                            1771K      140 \n__DATA_CONST                      4198K      154 \n__DATA_DIRTY                       361K       58 \n__LINKEDIT                       769.6M       12 \n__OBJC_CONST                       289K       36 \n__OBJC_RO                         65.5M        1 \n__OBJC_RW                         1988K        1 \n__TEXT                           108.2M      161 \ndyld private memory                256K        1 \nmapped file                         16K        1 \nshared memory                       32K        2 \n===========                     =======  ======= \nTOTAL                              3.2G     1494 \nTOTAL, minus reserved VM space     1.9G     1494 \n",
  "legacyInfo" : {
  "threadTriggered" : {
    "queue" : "com.apple.main-thread"
  }
},
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "62fe74515312cd4599bd3c80",
      "factorPackIds" : {
        "MYRIAD_BOOSTS" : "62fe74805312cd4599bd3c81"
      },
      "deploymentId" : 240000006
    },
    {
      "rolloutId" : "60da5e84ab0ca017dace9abf",
      "factorPackIds" : {

      },
      "deploymentId" : 240000008
    }
  ],
  "experiments" : [
    {
      "treatmentId" : "c28e4ee6-1b08-4f90-8e05-2809e78310a3",
      "experimentId" : "6317d2003d24842ff850182a",
      "deploymentId" : 400000012
    }
  ]
}
}

vilari-mickopf · 2023-04-18T10:51:10Z

Any updates for this or how to avoid it? It's crashing randomly every 20-30min and it's really anoying.

vilari-mickopf · 2023-04-18T21:59:24Z

Ok, I've commented vim.opt.foldmethod = 'indent' and I'm not getting crashes anymore (at least for now), so that might be a clue.

lewis6991 · 2023-04-18T22:44:03Z

Someone (including me) needs to provide an asan backtrace.

vilari-mickopf · 2023-04-18T23:51:47Z

Upon closer inspection, removing foldsigns.nvim stopped crashes (makes sense why disabling folds stopped it as well) so it might be something with your plugin actually.

lewis6991 · 2023-04-19T00:01:45Z

Any segfault is an issue with nvim. The plugin is just triggering the problem by exercising the particular code path.

zeertzjq · 2023-04-19T00:06:08Z

Any segfault is an issue with nvim.

Not if it is caused by FFI or a shared library from a plugin.

lewis6991 · 2023-04-19T00:07:42Z

Fair enough, but this issue is not caused by ffi.

lewis6991 · 2023-04-20T12:38:14Z

Finally got something from asan:

Note this is a debug build so don't know why there aren't any line numbers:

NVIM v0.10.0-dev-133+gdbcd1985d-dirty
Build type: Debug
LuaJIT 2.1.0-beta3
Compilation: /usr/bin/clang -g -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize=address -fsanitize=undefined -Wall -Wextra -pedantic -Wno-unused-parameter -Wstrict-prototypes -std=gnu99 -Wshadow -Wconversion -Wvla -Wdouble-promotion -Wmissing-noreturn -Wmissing-format-attribute -Wmissing-prototypes -Wimplicit-fallthrough -fdiagnostics-color=always -fstack-protector-strong -DNVIM_LOG_DEBUG -DUNIT_TESTING -DINCLUDE_GENERATED_DECLARATIONS -DEXITFREE -I/Users/lewrus01/.cache/nvim_build/.deps/usr/include/luajit-2.1 -I/opt/homebrew/opt/gettext/include -I/Users/lewrus01/.cache/nvim_build/.deps/usr/include -I/Users/lewrus01/.cache/nvim_build/build/src/nvim/auto -I/Users/lewrus01/.cache/nvim_build/build/include -I/Users/lewrus01/.cache/nvim_build/build/cmake.config -I/Users/lewrus01/.cache/nvim_build/src -I/Library/Developer/CommandLineTools/SDKs/MacOSX13.1.sdk/usr/include -I/Users/lewrus01/.cache/nvim_build/.deps/usr/include -I/Users/lewrus01/.cache/nvim_build/.deps/usr/include -I/Users/lewrus01/.cache/nvim_build/.deps/usr/include -I/Users/lewrus01/.cache/nvim_build/.deps/usr/include -I/Users/lewrus01/.cache/nvim_build/.deps/usr/include -I/Users/lewrus01/.cache/nvim_build/.deps/usr/include

=================================================================
==2946==ERROR: AddressSanitizer: heap-use-after-free on address 0x00010524c990 at pc 0x000102f9cd14 bp 0x00016fd01830 sp 0x00016fd00fe8
READ of size 32 at 0x00010524c990 thread T0
    #0 0x102f9cd10 in __asan_memcpy+0x1a4 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3cd10)
    #1 0x100e55ce8 in marktree_itr_current+0x458 (nvim:arm64+0x100d75ce8)
    #2 0x100524acc in decor_redraw_col+0x5dc (nvim:arm64+0x100444acc)
    #3 0x1005add98 in win_line+0x1a0dc (nvim:arm64+0x1004cdd98)
    #4 0x100625a74 in win_update+0x19e14 (nvim:arm64+0x100545a74)
    #5 0x100605e3c in update_screen+0x41f0 (nvim:arm64+0x100525e3c)
    #6 0x101086ed4 in normal_redraw+0x280 (nvim:arm64+0x100fa6ed4)
    #7 0x101084808 in normal_check+0x860 (nvim:arm64+0x100fa4808)
    #8 0x1016a2a8c in state_enter+0x25c (nvim:arm64+0x1015c2a8c)
    #9 0x10100c174 in normal_enter+0x400 (nvim:arm64+0x100f2c174)
    #10 0x1000ea104 in main+0x3d10 (nvim:arm64+0x10000a104)
    #11 0x1b0cffe4c  (<unknown module>)

0x00010524c990 is located 272 bytes inside of 624-byte region [0x00010524c880,0x00010524caf0)
freed by thread T0 here:
    #0 0x102f9ede4 in wrap_free+0x98 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3ede4)
    #1 0x100f04110 in xfree+0x1c (nvim:arm64+0x100e24110)
    #2 0x100e46ec4 in merge_node+0x2860 (nvim:arm64+0x100d66ec4)
    #3 0x100e3a128 in marktree_del_itr+0x3e00 (nvim:arm64+0x100d5a128)
    #4 0x100ad76f4 in extmark_clear+0xf40 (nvim:arm64+0x1009f76f4)
    #5 0x1001e213c in nvim_buf_clear_namespace+0x15c (nvim:arm64+0x10010213c)
    #6 0x100122774 in nlua_api_nvim_buf_clear_namespace+0x480 (nvim:arm64+0x100042774)
    #7 0x101c60430 in lj_BC_FUNCC+0x28 (nvim:arm64+0x101b80430)
    #8 0x101c762e0 in lua_pcall+0xe0 (nvim:arm64+0x101b962e0)
    #9 0x100cf7e18 in nlua_call_ref+0x408 (nvim:arm64+0x100c17e18)
    #10 0x1005302bc in decor_provider_invoke+0x35c (nvim:arm64+0x1004502bc)
    #11 0x1005362e8 in decor_providers_invoke_line+0x100c (nvim:arm64+0x1004562e8)
    #12 0x1005975e8 in win_line+0x392c (nvim:arm64+0x1004b75e8)
    #13 0x100625a74 in win_update+0x19e14 (nvim:arm64+0x100545a74)
    #14 0x100605e3c in update_screen+0x41f0 (nvim:arm64+0x100525e3c)
    #15 0x101086ed4 in normal_redraw+0x280 (nvim:arm64+0x100fa6ed4)
    #16 0x101084808 in normal_check+0x860 (nvim:arm64+0x100fa4808)
    #17 0x1016a2a8c in state_enter+0x25c (nvim:arm64+0x1015c2a8c)
    #18 0x10100c174 in normal_enter+0x400 (nvim:arm64+0x100f2c174)
    #19 0x1000ea104 in main+0x3d10 (nvim:arm64+0x10000a104)
    #20 0x1b0cffe4c  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x102f9f074 in wrap_calloc+0x9c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3f074)
    #1 0x100f041c0 in xcalloc+0xa0 (nvim:arm64+0x100e241c0)
    #2 0x100e333dc in split_node+0x268 (nvim:arm64+0x100d533dc)
    #3 0x100e35d50 in marktree_putp_aux+0xd2c (nvim:arm64+0x100d55d50)
    #4 0x100e36268 in marktree_putp_aux+0x1244 (nvim:arm64+0x100d56268)
    #5 0x100e330c4 in marktree_put_key+0xbd0 (nvim:arm64+0x100d530c4)
    #6 0x100e32418 in marktree_put+0x820 (nvim:arm64+0x100d52418)
    #7 0x100ad4130 in extmark_set+0x2194 (nvim:arm64+0x1009f4130)
    #8 0x1001de59c in nvim_buf_set_extmark+0x8d60 (nvim:arm64+0x1000fe59c)
    #9 0x1001211c8 in nlua_api_nvim_buf_set_extmark+0x52c (nvim:arm64+0x1000411c8)
    #10 0x101c60430 in lj_BC_FUNCC+0x28 (nvim:arm64+0x101b80430)
    #11 0x101c762e0 in lua_pcall+0xe0 (nvim:arm64+0x101b962e0)
    #12 0x100cf7e18 in nlua_call_ref+0x408 (nvim:arm64+0x100c17e18)
    #13 0x1005302bc in decor_provider_invoke+0x35c (nvim:arm64+0x1004502bc)
    #14 0x100534220 in decor_providers_invoke_win+0x1910 (nvim:arm64+0x100454220)
    #15 0x10060cf4c in win_update+0x12ec (nvim:arm64+0x10052cf4c)
    #16 0x100605e3c in update_screen+0x41f0 (nvim:arm64+0x100525e3c)
    #17 0x101086ed4 in normal_redraw+0x280 (nvim:arm64+0x100fa6ed4)
    #18 0x101084808 in normal_check+0x860 (nvim:arm64+0x100fa4808)
    #19 0x1016a2a8c in state_enter+0x25c (nvim:arm64+0x1015c2a8c)
    #20 0x10100c174 in normal_enter+0x400 (nvim:arm64+0x100f2c174)
    #21 0x1000ea104 in main+0x3d10 (nvim:arm64+0x10000a104)
    #22 0x1b0cffe4c  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3cd10) in __asan_memcpy+0x1a4
Shadow bytes around the buggy address:
  0x007020a698e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x007020a698f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
  0x007020a69900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x007020a69910: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x007020a69920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x007020a69930: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x007020a69940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x007020a69950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa
  0x007020a69960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x007020a69970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x007020a69980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2946==ABORTING

Looks like the issue is caused by running nvim_buf_clear_namespace in a decor provider.

decor_redraw_start (which runs before decor_providers_invoke_lines) gets references for the extmarks on a specific line. If these extmarks are deleted in on_lines callbacks then this results in a heap-use-after-free error. Fixes neovim#22801

fix(extmarks): disallow removing extmarks in on_lines callbacks decor_redraw_start (which runs before decor_providers_invoke_lines) gets references for the extmarks on a specific line. If these extmarks are deleted in on_lines callbacks then this results in a heap-use-after-free error. Fixes #22801

fix(extmarks): disallow removing extmarks in on_lines callbacks decor_redraw_start (which runs before decor_providers_invoke_lines) gets references for the extmarks on a specific line. If these extmarks are deleted in on_lines callbacks then this results in a heap-use-after-free error. Fixes neovim#22801

lewis6991 added bug issues reporting wrong behavior bug-crash issue reporting a crash or segfault and removed bug issues reporting wrong behavior labels Mar 28, 2023

lewis6991 assigned bfredl Mar 28, 2023

zeertzjq added marks marks, extmarks, decorations, virtual text, namespaces needs:repro We need minimal steps to reproduce the issue has:backtrace issue contains a stacktrace/ASAN log labels Mar 29, 2023

clason added this to the 0.9.1 milestone Apr 19, 2023

lewis6991 mentioned this issue Apr 20, 2023

fix: disallow removing extmarks in on_lines callbacks #23219

Merged

Brianalmeida mentioned this issue Apr 20, 2023

Bulid NVIM_VERSION: v0.10.0-dev-133+gdbcd1985d fails #23221

Closed

lewis6991 closed this as completed in #23219 Apr 27, 2023

justinmk mentioned this issue Jul 31, 2023

Crash: marktree.c:744: marktree_itr_next_skip: Assertion failed #24517

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

segfault in `marktree_itr_next_skip` #22801

segfault in `marktree_itr_next_skip` #22801

lewis6991 commented Mar 28, 2023 •

edited

lewis6991 commented Mar 29, 2023 •

edited

vilari-mickopf commented Apr 18, 2023

vilari-mickopf commented Apr 18, 2023

lewis6991 commented Apr 18, 2023

vilari-mickopf commented Apr 18, 2023

lewis6991 commented Apr 19, 2023

zeertzjq commented Apr 19, 2023 •

edited

lewis6991 commented Apr 19, 2023

lewis6991 commented Apr 20, 2023 •

edited

segfault in marktree_itr_next_skip #22801

segfault in marktree_itr_next_skip #22801

Comments

lewis6991 commented Mar 28, 2023 • edited

Problem

Steps to reproduce

Neovim version (nvim -v)

Operating system/version

Installation

lewis6991 commented Mar 29, 2023 • edited

vilari-mickopf commented Apr 18, 2023

vilari-mickopf commented Apr 18, 2023

lewis6991 commented Apr 18, 2023

vilari-mickopf commented Apr 18, 2023

lewis6991 commented Apr 19, 2023

zeertzjq commented Apr 19, 2023 • edited

lewis6991 commented Apr 19, 2023

lewis6991 commented Apr 20, 2023 • edited

segfault in `marktree_itr_next_skip` #22801

segfault in `marktree_itr_next_skip` #22801

lewis6991 commented Mar 28, 2023 •

edited

lewis6991 commented Mar 29, 2023 •

edited

zeertzjq commented Apr 19, 2023 •

edited

lewis6991 commented Apr 20, 2023 •

edited