eval/typval_encode: Restore original copyID #6070

justinmk · 2017-02-07T12:42:01Z

References #5234
References #5774
References #5817
References #5883
References #5934

VimFiler ASAN trace
sample backtrace showing dv_copyID being overwritten by clear_tv, which allows it to be collected by garbage_collect .. free_unref_items

nhooyr · 2017-02-07T13:26:27Z

This also fixes the issue we discussed in gitter. Putting it here for posterity.

for anyone who has fzf.vim installed, could you watch https://asciinema.org/a/87k73u1krg2a6frkeutcwsbrn and try the steps in the screencast yourself to see if you can reproduce the crash?
first :Buffers, then exit terminal mode, then quit the fzf window, then try opening it again

tweekmonster · 2017-02-07T14:47:14Z

It's not really reproducible / easy to trigger though

@blueyed Try this with master:

Open vimfiler
Press <c-w>w
:call garbagecollect()
Press and hold <c-w> until it crashes

That reliably crashes for me.

blueyed · 2017-02-07T14:51:12Z

@tweekmonster
I am not using Vimfiler, but tagbar is what triggered a crash for me.
Does it still crash for you with this PR?

tweekmonster · 2017-02-07T15:44:15Z

@blueyed No crash with this PR. It seems holding <c-w> causes RES memory to periodically increase without going back down (just watching top). I'm not sure if that's normal or if I'm misinterpreting it.

justinmk · 2017-02-07T15:45:30Z

causes RES memory to periodically increase without going back down (just watching top)

Yeah, probably. How bad is it though? And you're sure it never goes back down to the original level?

tweekmonster · 2017-02-07T16:53:26Z

@justinmk Wrote this script to answer your question.

memwatch.py

#!/usr/bin/env python3
import re
import sys
import time

if len(sys.argv) < 2:
    print('Need a PID')
    sys.exit(1)

try:
    pid = int(sys.argv[1])
except ValueError:
    print('Argument not a PID')
    sys.exit(1)

last = 0
last_log = time.time()
rss_re = re.compile(r'^\s*VmRSS:\s*(\d+)', re.M)

try:
    while True:
        time.sleep(0.1)
        with open('/proc/%d/status' % pid, 'rt') as fp:
            m = rss_re.search(fp.read())
            if not m:
                continue

            cur = int(m.group(1))
            if cur == last:
                continue

            delta = cur - last
            last = cur
            now = time.time()
            print('%d kB (%s%d, %.3fs)' % (cur, '+' if delta > 0 else '',
                                           delta, now - last_log))
            last_log = now
except (KeyboardInterrupt, FileNotFoundError):
    pass

Not exactly elegant, but it seems to work. It checks every 0.1s and prints the current memory and the delta. Here's my log using a minimal vimrc, with observation notes:

long output

$ ./memwatch.py $(pidof nvim)
94496 kB (+94496, 0.101s)  # nvim started
138808 kB (+44312, 7.721s)
180972 kB (+42164, 0.100s)
194428 kB (+13456, 0.100s)
194672 kB (+244, 0.100s)
194784 kB (+112, 0.100s)
195076 kB (+292, 0.100s)
195244 kB (+168, 0.201s)
195412 kB (+168, 0.100s)
210204 kB (+14792, 0.100s)
226584 kB (+16380, 0.100s)
249420 kB (+22836, 0.100s)
257588 kB (+8168, 0.100s)  # vimfiler opened
265164 kB (+7576, 4.011s)  # idle
265240 kB (+76, 4.011s)  # idle
265284 kB (+44, 33.389s)  # :call<space>
279052 kB (+13768, 4.311s)  # garb<tab>
279164 kB (+112, 45.518s)  # <cr>
280036 kB (+872, 3.910s)  # idle
286728 kB (+6692, 0.100s)  # idle
287628 kB (+900, 24.664s)  # <c-w> spam
296008 kB (+8380, 0.100s)
303604 kB (+7596, 0.100s)
304376 kB (+772, 0.100s)
312868 kB (+8492, 0.100s)
320420 kB (+7552, 0.100s)
321768 kB (+1348, 0.100s)
324628 kB (+2860, 0.100s)
329124 kB (+4496, 0.100s)
333648 kB (+4524, 0.100s)
334628 kB (+980, 0.100s)
336296 kB (+1668, 0.100s)
339616 kB (+3320, 0.100s)
344140 kB (+4524, 0.100s)
344960 kB (+820, 0.100s)
348072 kB (+3112, 0.100s)
350628 kB (+2556, 0.100s)
355700 kB (+5072, 0.100s)
355888 kB (+188, 0.100s)
358780 kB (+2892, 0.100s)
360944 kB (+2164, 0.100s)
366136 kB (+5192, 0.100s)
366440 kB (+304, 0.100s)
371084 kB (+4644, 0.100s)
372496 kB (+1412, 0.100s)
376688 kB (+4192, 0.100s)
377024 kB (+336, 0.100s)
381408 kB (+4384, 0.100s)
384172 kB (+2764, 0.100s)
385956 kB (+1784, 0.100s)
387756 kB (+1800, 0.100s)
391192 kB (+3436, 0.100s)
392784 kB (+1592, 0.100s)
392952 kB (+168, 0.100s)
396612 kB (+3660, 0.100s)
400888 kB (+4276, 0.100s)
402024 kB (+1136, 0.100s)
406648 kB (+4624, 0.301s)
408704 kB (+2056, 0.100s)
408876 kB (+172, 0.301s)
409076 kB (+200, 0.301s)
409196 kB (+120, 0.200s)
409392 kB (+196, 0.301s)
409808 kB (+416, 0.100s)
410020 kB (+212, 0.401s)
410240 kB (+220, 0.301s)
410396 kB (+156, 0.100s)
410788 kB (+392, 0.200s)
411232 kB (+444, 0.401s)
411360 kB (+128, 0.301s)
411668 kB (+308, 0.100s)
411840 kB (+172, 0.301s)
412044 kB (+204, 0.100s)
412348 kB (+304, 0.401s)
412580 kB (+232, 0.401s)
412752 kB (+172, 0.100s)
413068 kB (+316, 0.301s)
413392 kB (+324, 0.401s)
413688 kB (+296, 0.100s)
413968 kB (+280, 0.100s)
414088 kB (+120, 0.301s)
414252 kB (+164, 0.100s)
414476 kB (+224, 0.401s)
414940 kB (+464, 0.401s)
415292 kB (+352, 0.401s)
415420 kB (+128, 0.401s)
415568 kB (+148, 0.401s)
415864 kB (+296, 0.401s)
415984 kB (+120, 0.401s)
416120 kB (+136, 0.201s)
416344 kB (+224, 0.201s)
416900 kB (+556, 0.100s)
417300 kB (+400, 0.401s)
417528 kB (+228, 0.401s)
417564 kB (+36, 0.100s)
417656 kB (+92, 0.301s)
417840 kB (+184, 0.100s)
417940 kB (+100, 0.401s)
418276 kB (+336, 0.401s)
418520 kB (+244, 0.401s)
418592 kB (+72, 0.401s)
418732 kB (+140, 0.200s)
419280 kB (+548, 0.200s)
419308 kB (+28, 0.301s)
419376 kB (+68, 0.100s)
419612 kB (+236, 0.401s)
419808 kB (+196, 0.401s)
420060 kB (+252, 0.401s)
420460 kB (+400, 0.401s)
420676 kB (+216, 0.401s)
421004 kB (+328, 0.401s)
421388 kB (+384, 0.401s)
421844 kB (+456, 0.100s)
422036 kB (+192, 0.100s)  # stop spam
422260 kB (+224, 34.893s)
422304 kB (+44, 0.100s)  # :qa<cr>
427340 kB (+5036, 5.114s)

Usage keeps going up but doesn't go down. However, if I use my full configs and plugins, the memory usage does occasionally go down, but that's most likely something working correctly and not really notable here.

justinmk · 2017-02-07T17:52:20Z

@tweekmonster 427340 kB is 427 MB. Is that right?

If I do this many times:

:VimFiler
:bwipe!

memory returns to the original level, or grows very slowly.

blueyed · 2017-02-07T18:09:32Z

Are issues with the Neovim Python host related to this PR?
I just got a 100% CPU "loop"(?), where memory increased fast:

backtrace

#0  0x000000000041c560 in _PyObject_Free (ctx=0x0, p=0x7f70fcab8cf0) at Objects/obmalloc.c:1420
#1  0x000000000058f0e6 in cell_clear (op=<optimized out>) at Objects/cellobject.c:127
#2  0x00000000005474ca in delete_garbage (old=<optimized out>, collectable=<optimized out>) at Modules/gcmodule.c:866
#3  collect (generation=generation@entry=0, n_collected=n_collected@entry=0x7ffeb55283c0, n_uncollectable=n_uncollectable@entry=0x7ffeb55283c8, nofail=nofail@entry=0) at Modules/gcmodule.c:1014
#4  0x0000000000547eca in collect_with_callback (generation=0) at Modules/gcmodule.c:1119
#5  collect_generations () at Modules/gcmodule.c:1142
#6  0x0000000000548521 in _PyObject_GC_Alloc (use_calloc=0, basicsize=<optimized out>) at Modules/gcmodule.c:1708
#7  _PyObject_GC_Malloc (basicsize=<optimized out>) at Modules/gcmodule.c:1718
#8  _PyObject_GC_New (tp=tp@entry=0x8aa580 <PyFunction_Type>) at Modules/gcmodule.c:1730
#9  0x000000000059cd8b in PyFunction_NewWithQualName (code=code@entry=0x7f7110926c90, globals=0x7f7110916d08, qualname=qualname@entry=0x7f7110928098) at Objects/funcobject.c:21
#10 0x00000000004f6b11 in PyEval_EvalFrameEx (f=f@entry=0x26bdef8, throwflag=throwflag@entry=0) at Python/ceval.c:3314
#11 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x281a040, argcount=3, kws=0x281a058, kwcount=0, defs=0x7f71108bf488, 
    defcount=1, kwdefs=0x0, closure=0x0, name=0x7f71108fbae0, qualname=0x7f711091bc10) at Python/ceval.c:4033
#12 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5528690, func=0x7f71108c6ae8) at Python/ceval.c:4828
#13 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5528690) at Python/ceval.c:4745
#14 PyEval_EvalFrameEx (f=f@entry=0x2819e88, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#15 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x28b28a8, argcount=2, kws=0x28b28b8, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc5b84f8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#16 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5528860, func=0x7f70fc7f59d8) at Python/ceval.c:4828
#17 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5528860) at Python/ceval.c:4745
#18 PyEval_EvalFrameEx (f=f@entry=0x28b26e8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#19 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x311b148, argcount=2, kws=0x311b158, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc5b84f8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#20 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5528a30, func=0x7f70fc7f59d8) at Python/ceval.c:4828
#21 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5528a30) at Python/ceval.c:4745
#22 PyEval_EvalFrameEx (f=f@entry=0x311af88, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#23 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x26b2698, argcount=2, kws=0x26b26a8, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc5b84f8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#24 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5528c00, func=0x7f70fc7f59d8) at Python/ceval.c:4828
#25 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5528c00) at Python/ceval.c:4745
#26 PyEval_EvalFrameEx (f=f@entry=0x26b24d8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#27 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2785b60, argcount=2, kws=0x2785b70, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc5b84f8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#28 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5528dd0, func=0x7f70fc7f59d8) at Python/ceval.c:4828
#29 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5528dd0) at Python/ceval.c:4745
#30 PyEval_EvalFrameEx (f=f@entry=0x27859a8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#31 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x4f5ba50, argcount=3, kws=0x4f5ba68, kwcount=0, defs=0x7f71108bf488, 
    defcount=1, kwdefs=0x0, closure=0x0, name=0x7f71108fbae0, qualname=0x7f711091bc10) at Python/ceval.c:4033
#32 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5528fa0, func=0x7f71108c6ae8) at Python/ceval.c:4828
#33 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5528fa0) at Python/ceval.c:4745
#34 PyEval_EvalFrameEx (f=f@entry=0x4f5b898, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#35 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2891778, argcount=2, kws=0x2891788, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a728, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#36 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5529170, func=0x7f70fc7f5598) at Python/ceval.c:4828
#37 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5529170) at Python/ceval.c:4745
#38 PyEval_EvalFrameEx (f=f@entry=0x28915b8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#39 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x266af78, argcount=2, kws=0x266af88, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a728, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#40 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5529340, func=0x7f70fc7f5598) at Python/ceval.c:4828
#41 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5529340) at Python/ceval.c:4745
#42 PyEval_EvalFrameEx (f=f@entry=0x266adb8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#43 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2802830, argcount=2, kws=0x2802840, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a728, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#44 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5529510, func=0x7f70fc7f5598) at Python/ceval.c:4828
#45 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5529510) at Python/ceval.c:4745
#46 PyEval_EvalFrameEx (f=f@entry=0x2802678, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#47 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x36fa760, argcount=3, kws=0x36fa778, kwcount=0, defs=0x7f71108bf488, 
    defcount=1, kwdefs=0x0, closure=0x0, name=0x7f71108fbae0, qualname=0x7f711091bc10) at Python/ceval.c:4033
#48 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb55296e0, func=0x7f71108c6ae8) at Python/ceval.c:4828
#49 call_function (oparg=<optimized out>, pp_stack=0x7ffeb55296e0) at Python/ceval.c:4745
#50 PyEval_EvalFrameEx (f=f@entry=0x36fa5a8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#51 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2664ac8, argcount=2, kws=0x2664ad8, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fce657c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#52 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb55298b0, func=0x7f70fc7f5ea0) at Python/ceval.c:4828
#53 call_function (oparg=<optimized out>, pp_stack=0x7ffeb55298b0) at Python/ceval.c:4745
#54 PyEval_EvalFrameEx (f=f@entry=0x2664908, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#55 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2b2ba20, argcount=2, kws=0x2b2ba30, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fce657c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#56 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5529a80, func=0x7f70fc7f5ea0) at Python/ceval.c:4828
#57 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5529a80) at Python/ceval.c:4745
#58 PyEval_EvalFrameEx (f=f@entry=0x2b2b868, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#59 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x26a4c00, argcount=3, kws=0x26a4c18, kwcount=0, defs=0x7f71108bf488, 
    defcount=1, kwdefs=0x0, closure=0x0, name=0x7f71108fbae0, qualname=0x7f711091bc10) at Python/ceval.c:4033
#60 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5529c50, func=0x7f71108c6ae8) at Python/ceval.c:4828
#61 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5529c50) at Python/ceval.c:4745
#62 PyEval_EvalFrameEx (f=f@entry=0x26a4a48, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#63 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2d5c0b8, argcount=2, kws=0x2d5c0c8, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a7c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#64 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5529e20, func=0x7f70fc7f5bf8) at Python/ceval.c:4828
#65 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5529e20) at Python/ceval.c:4745
#66 PyEval_EvalFrameEx (f=f@entry=0x2d5bef8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#67 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x280c5e8, argcount=2, kws=0x280c5f8, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a7c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#68 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb5529ff0, func=0x7f70fc7f5bf8) at Python/ceval.c:4828
#69 call_function (oparg=<optimized out>, pp_stack=0x7ffeb5529ff0) at Python/ceval.c:4745
---Type <return> to continue, or q <return> to quit---
#70 PyEval_EvalFrameEx (f=f@entry=0x280c428, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#71 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x27e36e8, argcount=2, kws=0x27e36f8, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a7c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#72 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552a1c0, func=0x7f70fc7f5bf8) at Python/ceval.c:4828
#73 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552a1c0) at Python/ceval.c:4745
#74 PyEval_EvalFrameEx (f=f@entry=0x27e3528, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#75 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x299e788, argcount=2, kws=0x299e798, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a7c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#76 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552a390, func=0x7f70fc7f5bf8) at Python/ceval.c:4828
#77 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552a390) at Python/ceval.c:4745
#78 PyEval_EvalFrameEx (f=f@entry=0x299e5c8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#79 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x26b1a48, argcount=2, kws=0x26b1a58, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a7c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#80 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552a560, func=0x7f70fc7f5bf8) at Python/ceval.c:4828
#81 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552a560) at Python/ceval.c:4745
#82 PyEval_EvalFrameEx (f=f@entry=0x26b1888, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#83 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x266e7c8, argcount=2, kws=0x266e7d8, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a7c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#84 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552a730, func=0x7f70fc7f5bf8) at Python/ceval.c:4828
#85 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552a730) at Python/ceval.c:4745
#86 PyEval_EvalFrameEx (f=f@entry=0x266e608, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#87 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2668d88, argcount=2, kws=0x2668d98, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a7c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#88 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552a900, func=0x7f70fc7f5bf8) at Python/ceval.c:4828
#89 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552a900) at Python/ceval.c:4745
#90 PyEval_EvalFrameEx (f=f@entry=0x2668bc8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#91 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x3bed6b0, argcount=2, kws=0x3bed6c0, kwcount=0, defs=0x0, defcount=0, 
    kwdefs=0x0, closure=0x7f70fc96a7c8, name=0x7f7110924df0, qualname=0x7f7110928098) at Python/ceval.c:4033
#92 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552aad0, func=0x7f70fc7f5bf8) at Python/ceval.c:4828
#93 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552aad0) at Python/ceval.c:4745
#94 PyEval_EvalFrameEx (f=f@entry=0x3bed4f8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#95 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x25b00f0, argcount=2, kws=0x25b0100, kwcount=1, defs=0x7f71108bf488, 
    defcount=1, kwdefs=0x0, closure=0x0, name=0x7f71108fbae0, qualname=0x7f711091bc10) at Python/ceval.c:4033
#96 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552aca0, func=0x7f71108c6ae8) at Python/ceval.c:4828
#97 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552aca0) at Python/ceval.c:4745
#98 PyEval_EvalFrameEx (f=f@entry=0x25aff58, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#99 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7ffeb552ada0, func=0x7f71108abbf8) at Python/ceval.c:4818
#100 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552ada0) at Python/ceval.c:4745
#101 PyEval_EvalFrameEx (f=f@entry=0x25704e8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#102 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=4, pp_stack=0x7ffeb552aea0, func=0x7f71108abb70) at Python/ceval.c:4818
#103 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552aea0) at Python/ceval.c:4745
#104 PyEval_EvalFrameEx (f=f@entry=0x2585088, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#105 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7ffeb552afa0, func=0x7f71108aba60) at Python/ceval.c:4818
#106 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552afa0) at Python/ceval.c:4745
#107 PyEval_EvalFrameEx (f=f@entry=0x7f711352d048, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#108 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f710f7733d0, argcount=4, kws=kws@entry=0x0, kwcount=0, 
    defs=0x7f7110885338, defcount=1, kwdefs=0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4033
#109 0x00000000004fddf3 in PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f710f7733d0, argcount=<optimized out>, kws=kws@entry=0x0, kwcount=0, 
    defs=0x7f7110885338, defcount=1, kwdefs=0x0, closure=0x0) at Python/ceval.c:4054
#110 0x000000000059c4a4 in function_call (func=0x7f71108a3f28, arg=0x7f710f7733b8, kw=0x0) at Objects/funcobject.c:627
#111 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f71108a3f28, arg=arg@entry=0x7f710f7733b8, kw=kw@entry=0x0) at Objects/abstract.c:2166
#112 0x000000000058f5c4 in method_call (func=0x7f71108a3f28, arg=0x7f710f7733b8, kw=0x0) at Objects/classobject.c:330
#113 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f710f65ab88, arg=arg@entry=0x7f710f648bd0, kw=kw@entry=0x0) at Objects/abstract.c:2166
#114 0x000000000049ea4f in slot_tp_call (self=0x24bb798, args=0x7f710f648bd0, kwds=0x0) at Objects/typeobject.c:6072
#115 0x0000000000437c5a in PyObject_Call (func=func@entry=0x24bb798, arg=arg@entry=0x7f710f648bd0, kw=kw@entry=0x0) at Objects/abstract.c:2166
#116 0x00000000004f5f25 in do_call (nk=<optimized out>, na=3, pp_stack=0x7ffeb552b390, func=0x24bb798) at Python/ceval.c:4951
#117 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552b390) at Python/ceval.c:4747
#118 PyEval_EvalFrameEx (f=f@entry=0x7f71139f95b8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#119 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f710f6476b8, argcount=1, kws=kws@entry=0x7f7115aa2060, kwcount=0, 
    defs=0x0, defcount=0, kwdefs=0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4033
#120 0x00000000004fddf3 in PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f710f6476b8, argcount=<optimized out>, kws=kws@entry=0x7f7115aa2060, 
    kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at Python/ceval.c:4054
#121 0x000000000059c576 in function_call (func=0x7f71104b17b8, arg=0x7f710f6476a0, kw=0x7f710fb97648) at Objects/funcobject.c:627
#122 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f71104b17b8, arg=arg@entry=0x7f710f6476a0, kw=kw@entry=0x7f710fb97648) at Objects/abstract.c:2166
#123 0x00000000004f4d56 in ext_do_call (nk=<optimized out>, na=<optimized out>, flags=<optimized out>, pp_stack=0x7ffeb552b668, func=0x7f71104b17b8) at Python/ceval.c:5049
#124 PyEval_EvalFrameEx (f=f@entry=0x2a03458, throwflag=throwflag@entry=0) at Python/ceval.c:3290
#125 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2586760, argcount=1, kws=0x2586768, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x7f71106228d0, name=0x7f711411d960, qualname=0x7f7110623f80) at Python/ceval.c:4033
#126 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552b830, func=0x7f71104b1840) at Python/ceval.c:4828
#127 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552b830) at Python/ceval.c:4745
#128 PyEval_EvalFrameEx (f=f@entry=0x25865b8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#129 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2492c78, argcount=1, kws=0x2492c80, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x0, name=0x7f7110942cf0, qualname=0x7f7110904108) at Python/ceval.c:4033
#130 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552ba00, func=0x7f71104b1d90) at Python/ceval.c:4828
#131 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552ba00) at Python/ceval.c:4745
#132 PyEval_EvalFrameEx (f=f@entry=0x2492a48, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#133 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f7115aa2060, argcount=0, kws=kws@entry=0x7f7115aa2060, kwcount=0, 
    defs=0x7f711094cfb0, defcount=1, kwdefs=0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4033
#134 0x00000000004fddf3 in PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f7115aa2060, argcount=<optimized out>, kws=kws@entry=0x7f7115aa2060, 
    kwcount=0, defs=0x7f711094cfb0, defcount=1, kwdefs=0x0, closure=0x0) at Python/ceval.c:4054
#135 0x000000000059c576 in function_call (func=0x7f71104bc048, arg=0x7f7115aa2048, kw=0x7f710f4f05c8) at Objects/funcobject.c:627
#136 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f71104bc048, arg=arg@entry=0x7f7115aa2048, kw=kw@entry=0x7f710f4f05c8) at Objects/abstract.c:2166
#137 0x00000000004f4d56 in ext_do_call (nk=<optimized out>, na=<optimized out>, flags=<optimized out>, pp_stack=0x7ffeb552bcd8, func=0x7f71104bc048) at Python/ceval.c:5049
#138 PyEval_EvalFrameEx (f=f@entry=0x2577b58, throwflag=throwflag@entry=0) at Python/ceval.c:3290
#139 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f7115aa2060, argcount=0, kws=kws@entry=0x7f7115aa2060, kwcount=0, 
---Type <return> to continue, or q <return> to quit---
    defs=0x0, defcount=0, kwdefs=0x0, closure=0x7f7110900080, name=0x0, qualname=0x0) at Python/ceval.c:4033
#140 0x00000000004fddf3 in PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f7115aa2060, argcount=<optimized out>, kws=kws@entry=0x7f7115aa2060, 
    kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x7f7110900080) at Python/ceval.c:4054
#141 0x000000000059c576 in function_call (func=0x7f71104bc0d0, arg=0x7f7115aa2048, kw=0x7f710f4f0888) at Objects/funcobject.c:627
#142 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f71104bc0d0, arg=arg@entry=0x7f7115aa2048, kw=kw@entry=0x7f710f4f0888) at Objects/abstract.c:2166
#143 0x00000000004f4d56 in ext_do_call (nk=<optimized out>, na=<optimized out>, flags=<optimized out>, pp_stack=0x7ffeb552bfa8, func=0x7f71104bc0d0) at Python/ceval.c:5049
#144 PyEval_EvalFrameEx (f=f@entry=0x22caeb8, throwflag=throwflag@entry=0) at Python/ceval.c:3290
#145 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2663a68, argcount=0, kws=0x2663a68, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x7f71104c1048, name=0x7f711411d960, qualname=0x7f7110db1288) at Python/ceval.c:4033
#146 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552c170, func=0x7f71104bc158) at Python/ceval.c:4828
#147 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552c170) at Python/ceval.c:4745
#148 PyEval_EvalFrameEx (f=f@entry=0x26638e8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#149 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=_co@entry=0x7f7115990ae0, globals=globals@entry=0x0, locals=locals@entry=0x7f7115990ae0, args=args@entry=0x0, argcount=argcount@entry=0, 
    kws=kws@entry=0x0, kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4033
#150 0x00000000004fde1f in PyEval_EvalCodeEx (closure=0x0, kwdefs=0x0, defcount=0, defs=0x0, kwcount=0, kws=0x0, argcount=0, args=0x0, locals=locals@entry=0x7f7115990ae0, globals=globals@entry=0x0, 
    _co=_co@entry=0x7f7115990ae0) at Python/ceval.c:4054
#151 PyEval_EvalCode (co=co@entry=0x7f7115990ae0, globals=globals@entry=0x7f7110952048, locals=locals@entry=0x7f7110952048) at Python/ceval.c:777
#152 0x0000000000528dba in run_mod (arena=0x28923d0, flags=0x7ffeb552c360, locals=0x7f7110952048, globals=0x7f7110952048, filename=<optimized out>, mod=0x2556b80) at Python/pythonrun.c:976
#153 PyRun_StringFlags (str=str@entry=0x7f710f6398d0 "jedi_vim.show_call_signatures()", start=start@entry=257, globals=globals@entry=0x7f7110952048, locals=locals@entry=0x7f7110952048, flags=0x7ffeb552c360)
    at Python/pythonrun.c:900
#154 0x00000000004f1c33 in builtin_exec_impl (module=<optimized out>, locals=0x7f7110952048, globals=0x7f7110952048, source=<optimized out>) at Python/bltinmodule.c:972
#155 builtin_exec (module=<optimized out>, args=<optimized out>) at Python/clinic/bltinmodule.c.h:274
#156 0x00000000005a1569 in PyCFunction_Call (func=func@entry=0x7f7115ada240, args=args@entry=0x7f710f561788, kwds=kwds@entry=0x0) at Objects/methodobject.c:109
#157 0x00000000004fced4 in call_function (oparg=<optimized out>, pp_stack=0x7ffeb552c470) at Python/ceval.c:4720
#158 PyEval_EvalFrameEx (f=f@entry=0x24f77f8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#159 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f711597ebf0, argcount=4, kws=kws@entry=0x0, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4033
#160 0x00000000004fddf3 in PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f711597ebf0, argcount=<optimized out>, kws=kws@entry=0x0, kwcount=0, 
    defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at Python/ceval.c:4054
#161 0x000000000059c4a4 in function_call (func=0x7f7110daca60, arg=0x7f711597ebd8, kw=0x0) at Objects/funcobject.c:627
#162 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f7110daca60, arg=arg@entry=0x7f711597ebd8, kw=kw@entry=0x0) at Objects/abstract.c:2166
#163 0x00000000004f4d56 in ext_do_call (nk=<optimized out>, na=<optimized out>, flags=<optimized out>, pp_stack=0x7ffeb552c748, func=0x7f7110daca60) at Python/ceval.c:5049
#164 PyEval_EvalFrameEx (f=f@entry=0x244bde8, throwflag=throwflag@entry=0) at Python/ceval.c:3290
#165 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f71159679c0, argcount=9, kws=kws@entry=0x0, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4033
#166 0x00000000004fddf3 in PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f71159679c0, argcount=<optimized out>, kws=kws@entry=0x0, kwcount=0, 
    defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at Python/ceval.c:4054
#167 0x000000000059c4a4 in function_call (func=0x7f7110db9400, arg=0x7f71159679a8, kw=0x0) at Objects/funcobject.c:627
#168 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f7110db9400, arg=arg@entry=0x7f71159679a8, kw=kw@entry=0x0) at Objects/abstract.c:2166
#169 0x000000000058f5c4 in method_call (func=0x7f7110db9400, arg=0x7f71159679a8, kw=0x0) at Objects/classobject.c:330
#170 0x0000000000437c5a in PyObject_Call (func=0x7f71109471c8, arg=arg@entry=0x7f7113a4f518, kw=kw@entry=0x0) at Objects/abstract.c:2166
#171 0x000000000055af9f in partial_call (pto=0x7f7110938778, args=<optimized out>, kw=0x0) at ./Modules/_functoolsmodule.c:167
#172 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f7110938778, arg=arg@entry=0x7f7110daf3a8, kw=kw@entry=0x0) at Objects/abstract.c:2166
#173 0x00000000004f4d56 in ext_do_call (nk=<optimized out>, na=<optimized out>, flags=<optimized out>, pp_stack=0x7ffeb552cb28, func=0x7f7110938778) at Python/ceval.c:5049
#174 PyEval_EvalFrameEx (f=f@entry=0x7f7110932be8, throwflag=throwflag@entry=0) at Python/ceval.c:3290
#175 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=3, pp_stack=0x7ffeb552cc20, func=0x7f7110db9488) at Python/ceval.c:4818
#176 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552cc20) at Python/ceval.c:4745
#177 PyEval_EvalFrameEx (f=f@entry=0x244b768, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#178 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x244b6c0, argcount=2, kws=0x244b6d0, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x7f711598c208, name=0x7f7113a2fe40, qualname=0x7f7113eb18d0) at Python/ceval.c:4033
#179 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552cdf0, func=0x7f7110db9c80) at Python/ceval.c:4828
#180 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552cdf0) at Python/ceval.c:4745
#181 PyEval_EvalFrameEx (f=f@entry=0x244b508, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#182 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f7115aa2060, argcount=0, kws=kws@entry=0x0, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x7f7110dae7d8, name=0x0, qualname=0x0) at Python/ceval.c:4033
#183 0x00000000004fddf3 in PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f7115aa2060, argcount=<optimized out>, kws=kws@entry=0x0, kwcount=0, 
    defs=0x0, defcount=0, kwdefs=0x0, closure=0x7f7110dae7d8) at Python/ceval.c:4054
#184 0x000000000059c4a4 in function_call (func=0x7f71104bcc80, arg=0x7f7115aa2048, kw=0x0) at Objects/funcobject.c:627
#185 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f71104bcc80, arg=arg@entry=0x7f7115aa2048, kw=<optimized out>) at Objects/abstract.c:2166
#186 0x00000000004f3f17 in PyEval_CallObjectWithKeywords (func=func@entry=0x7f71104bcc80, arg=arg@entry=0x7f7115aa2048, kw=kw@entry=0x0) at Python/ceval.c:4595
#187 0x00007f71109715cf in g_initialstub (mark=mark@entry=0x7ffeb552d0e0) at greenlet.c:798
#188 0x00007f7110970f76 in g_switch (target=0x7f711103bdf0, args=0x7f7115aa2048, kwargs=<optimized out>) at greenlet.c:570
#189 0x00007f7110971e13 in green_switch (self=<optimized out>, args=<optimized out>, kwargs=<optimized out>) at greenlet.c:1081
#190 0x00000000005a1589 in PyCFunction_Call (func=func@entry=0x7f7110daa558, args=args@entry=0x7f710f4a6108, kwds=kwds@entry=0x0) at Objects/methodobject.c:98
#191 0x00000000004fced4 in call_function (oparg=<optimized out>, pp_stack=0x7ffeb552d1f0) at Python/ceval.c:4720
#192 PyEval_EvalFrameEx (f=f@entry=0x244bbb8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#193 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2445648, argcount=2, kws=0x2445658, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x7f710f65d9b0, name=0x7f7113a449f0, qualname=0x7f7110d9a3f0) at Python/ceval.c:4033
#194 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552d3c0, func=0x7f710fcdbea0) at Python/ceval.c:4828
#195 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552d3c0) at Python/ceval.c:4745
#196 PyEval_EvalFrameEx (f=f@entry=0x24454b8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#197 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7ffeb552d4c0, func=0x7f7113a46d90) at Python/ceval.c:4818
#198 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552d4c0) at Python/ceval.c:4745
#199 PyEval_EvalFrameEx (f=f@entry=0x24456e8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#200 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7ffeb552d5c0, func=0x7f7113a46c80) at Python/ceval.c:4818
#201 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552d5c0) at Python/ceval.c:4745
#202 PyEval_EvalFrameEx (f=f@entry=0x2444e68, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#203 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7ffeb552d6c0, func=0x7f7110da6598) at Python/ceval.c:4818
#204 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552d6c0) at Python/ceval.c:4745
#205 PyEval_EvalFrameEx (f=f@entry=0x7f711092fa98, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#206 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7ffeb552d7c0, func=0x7f7110da4bf8) at Python/ceval.c:4818
#207 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552d7c0) at Python/ceval.c:4745
#208 PyEval_EvalFrameEx (f=f@entry=0x2442b48, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#209 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f710f64edb8, argcount=1, kws=kws@entry=0x0, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4033
---Type <return> to continue, or q <return> to quit---
#210 0x00000000004fddf3 in PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f710f64edb8, argcount=<optimized out>, kws=kws@entry=0x0, kwcount=0, 
    defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at Python/ceval.c:4054
#211 0x000000000059c4a4 in function_call (func=0x7f7110da0510, arg=0x7f710f64eda0, kw=0x0) at Objects/funcobject.c:627
#212 0x0000000000437c5a in PyObject_Call (func=func@entry=0x7f7110da0510, arg=arg@entry=0x7f710f64eda0, kw=kw@entry=0x0) at Objects/abstract.c:2166
#213 0x00000000004f4d56 in ext_do_call (nk=<optimized out>, na=<optimized out>, flags=<optimized out>, pp_stack=0x7ffeb552da98, func=0x7f7110da0510) at Python/ceval.c:5049
#214 PyEval_EvalFrameEx (f=f@entry=0x24420b8, throwflag=throwflag@entry=0) at Python/ceval.c:3290
#215 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=1, pp_stack=0x7ffeb552db90, func=0x7f71112b5950) at Python/ceval.c:4818
#216 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552db90) at Python/ceval.c:4745
#217 PyEval_EvalFrameEx (f=f@entry=0x2441bf8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#218 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=1, pp_stack=0x7ffeb552dc90, func=0x7f711106e9d8) at Python/ceval.c:4818
#219 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552dc90) at Python/ceval.c:4745
#220 PyEval_EvalFrameEx (f=f@entry=0x7f711597c448, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#221 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=1, pp_stack=0x7ffeb552dd90, func=0x7f711106d510) at Python/ceval.c:4818
#222 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552dd90) at Python/ceval.c:4745
#223 PyEval_EvalFrameEx (f=f@entry=0x7f7110936048, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#224 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=1, pp_stack=0x7ffeb552de90, func=0x7f7110da6268) at Python/ceval.c:4818
#225 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552de90) at Python/ceval.c:4745
#226 PyEval_EvalFrameEx (f=f@entry=0x7f7113ec43d8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#227 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7ffeb552df90, func=0x7f7110da48c8) at Python/ceval.c:4818
#228 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552df90) at Python/ceval.c:4745
#229 PyEval_EvalFrameEx (f=f@entry=0x7f711092fe08, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#230 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7ffeb552e090, func=0x7f7113a49268) at Python/ceval.c:4818
#231 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552e090) at Python/ceval.c:4745
#232 PyEval_EvalFrameEx (f=f@entry=0x7f7110930ac8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#233 0x00000000004fce48 in fast_function (nk=<optimized out>, na=<optimized out>, n=3, pp_stack=0x7ffeb552e190, func=0x7f7113a46b70) at Python/ceval.c:4818
#234 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552e190) at Python/ceval.c:4745
#235 PyEval_EvalFrameEx (f=f@entry=0x244cb68, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#236 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x2449f60, argcount=4, kws=0x2449f80, kwcount=0, defs=0x7f7113a41a38, 
    defcount=1, kwdefs=0x0, closure=0x0, name=0x7f7113ef3ae8, qualname=0x7f7113a48e30) at Python/ceval.c:4033
#237 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552e360, func=0x7f7110da6840) at Python/ceval.c:4828
#238 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552e360) at Python/ceval.c:4745
#239 PyEval_EvalFrameEx (f=f@entry=0x2449d98, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#240 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f71109333c8, argcount=4, kws=0x7f71109333e8, kwcount=1, 
    defs=0x7f7113a3efa0, defcount=2, kwdefs=0x0, closure=0x0, name=0x7f7113a37170, qualname=0x7f7113a371b0) at Python/ceval.c:4033
#241 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552e530, func=0x7f7113a451e0) at Python/ceval.c:4828
#242 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552e530) at Python/ceval.c:4745
#243 PyEval_EvalFrameEx (f=f@entry=0x7f7110933230, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#244 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x22cdd38, argcount=2, kws=0x22cdd48, kwcount=0, defs=0x0, 
    defcount=0, kwdefs=0x0, closure=0x0, name=0x7f7115aaf3b0, qualname=0x7f7110dad030) at Python/ceval.c:4033
#245 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552e700, func=0x7f7110db92f0) at Python/ceval.c:4828
#246 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552e700) at Python/ceval.c:4745
#247 PyEval_EvalFrameEx (f=f@entry=0x22cdb68, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#248 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x21d0828, argcount=0, kws=0x21d0828, kwcount=0, defs=0x7f7113e8d290, 
    defcount=1, kwdefs=0x0, closure=0x0, name=0x7f71159a0730, qualname=0x7f71159a0730) at Python/ceval.c:4033
#249 0x00000000004f9f9a in fast_function (nk=<optimized out>, na=<optimized out>, n=<optimized out>, pp_stack=0x7ffeb552e8d0, func=0x7f7115994488) at Python/ceval.c:4828
#250 call_function (oparg=<optimized out>, pp_stack=0x7ffeb552e8d0) at Python/ceval.c:4745
#251 PyEval_EvalFrameEx (f=f@entry=0x21d06a8, throwflag=throwflag@entry=0) at Python/ceval.c:3251
#252 0x00000000004fdd1d in _PyEval_EvalCodeWithName (_co=_co@entry=0x7f7115a07ed0, globals=globals@entry=0x7f7115a527c8, locals=locals@entry=0x7f7115a527c8, args=args@entry=0x0, argcount=argcount@entry=0, 
    kws=kws@entry=0x0, kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4033
#253 0x00000000004fde1f in PyEval_EvalCodeEx (closure=0x0, kwdefs=0x0, defcount=0, defs=0x0, kwcount=0, kws=0x0, argcount=0, args=0x0, locals=locals@entry=0x7f7115a527c8, globals=globals@entry=0x7f7115a527c8, 
    _co=_co@entry=0x7f7115a07ed0) at Python/ceval.c:4054
#254 PyEval_EvalCode (co=co@entry=0x7f7115a07ed0, globals=globals@entry=0x7f7115a527c8, locals=locals@entry=0x7f7115a527c8) at Python/ceval.c:777
#255 0x0000000000529fce in run_mod (arena=0x2201d60, flags=0x7ffeb552e970, locals=0x7f7115a527c8, globals=0x7f7115a527c8, filename=0x7f7115a12af0, mod=<optimized out>) at Python/pythonrun.c:976
#256 PyRun_StringFlags (flags=0x7ffeb552e970, locals=0x7f7115a527c8, globals=0x7f7115a527c8, start=257, str=0x7f71159e4a10 "import sys; sys.path.remove(\"\"); import neovim; neovim.start_host()\n")
    at Python/pythonrun.c:900
#257 PyRun_SimpleStringFlags (command=0x7f71159e4a10 "import sys; sys.path.remove(\"\"); import neovim; neovim.start_host()\n", flags=flags@entry=0x7ffeb552ea80) at Python/pythonrun.c:421
#258 0x0000000000420b7f in run_command (cf=0x7ffeb552ea80, command=0x215de70 L"import sys; sys.path.remove(\"\"); import neovim; neovim.start_host()\n") at Modules/main.c:279
#259 Py_Main (argc=argc@entry=4, argv=argv@entry=0x2136c20) at Modules/main.c:706
#260 0x000000000041c3ad in main (argc=4, argv=<optimized out>) at ./Programs/python.c:65

justinmk · 2017-02-07T18:26:15Z

@blueyed Unless that issue is caused by this PR, it's not relevant (I can't think of any way it could be).

There's also nothing in that backtrace that gives any hint about what's going on. E.g. PyEval_EvalFrameEx is internal to python. We would need to look at the higher-level python (not cython) stacktrace.

tweekmonster · 2017-02-07T19:28:19Z

@justinmk It is kB, but I goofed. I was doing it with ASAN enabled. This is from a Debug build without ASAN:

14900 kB (+14900, 0.101s)
15100 kB (+200, 3.208s)
15108 kB (+8, 0.100s)
15180 kB (+72, 0.501s)
15268 kB (+88, 0.100s)
15272 kB (+4, 1.303s)  # start spamming <c-w>
15464 kB (+192, 8.922s)
15704 kB (+240, 7.018s)
15964 kB (+260, 7.719s)
16220 kB (+256, 7.518s)
16480 kB (+260, 7.819s)
16740 kB (+260, 7.116s)
16996 kB (+256, 7.920s)
17260 kB (+264, 8.020s)
17524 kB (+264, 6.717s)

Much more reasonable 😅

ZyX-I · 2017-02-07T19:51:07Z

AFAIR clear_tv like this was created because I got crashes on deeply nested structures. It would be more logical to fix the problem with encode_vim_to_nothing.

justinmk · 2017-02-07T20:00:22Z

@ZyX-I Thanks for commenting, was going to ping you before doing anything with this.

I just updated the PR with a more focused change to typval_encode.c.h so that it does not modify the copyID. I assume this will cause memory leaks with some self-referencing structures, but the problem is it lets garbage_collect() take them while they are still being used.

Insight would be appreciated. Should we add refcount checks around those copyID assignments?

ZyX-I · 2017-02-07T20:06:47Z

I currently checked the way to reproduce this: on fb97457 compiled with CC=clang CFLAGS=" -O0 -g -DEXITFREE " cmake .. -DMIN_LOG_LEVEL=0 -DCMAKE_BUILD_TYPE=Debug -DBUSTED_OUTPUT_TYPE=utf -DCMAKE_INSTALL_PREFIX=$PWD/root -DJEMALLOC_USE_BUNDLED=1 -DCLANG_ASAN_UBSAN=ON -DPREFER_LUAJIT=false with directory crash containing

unite directory with Shougo/unite.vim@be09b0e
vimfiler directory with Shougo/vimfiler.vim@72c37e8
init.vim with a single line which sets &rtp to the above two directories (absolute path).

script bin/nvim -u ../crash/init.vim -i NONE --headless -s <(<<< $':split\n:VimFiler\n\C-ww:call garbagecollect()\n\C-w\C-w\C-w') causes a crash with log similar to https://gist.github.com/jamessan/7de46a04075192d0bfed5e7d8f6b98ed:

=================================================================
==27645==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000047008 at pc 0x00000080cde8 bp 0x7ffc96605e40 sp 0x7ffc96605e38
READ of size 4 at 0x613000047008 thread T0
    #0 0x80cde7 in copy_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:20160:37
    #1 0x8b742c in f_get /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:9912:5
    #2 0x7ee5d0 in call_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7303:11
    #3 0x803d8a in get_func_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7108:11
    #4 0x8a22f9 in eval7 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4354:15
    #5 0x89dce5 in eval6 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4074:7
    #6 0x898969 in eval5 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3926:7
    #7 0x893b71 in eval4 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3667:7
    #8 0x893113 in eval3 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3589:7
    #9 0x8926b3 in eval2 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3526:7
    #10 0x7e6782 in eval1 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3459:7
    #11 0x7e6e46 in eval1 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3495:9
    #12 0x7e4edc in eval0 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3421:9
    #13 0x86c7ac in ex_return /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:22235:10
    #14 0xb4198c in do_one_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:2199:5
    #15 0xb204c7 in do_cmdline /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:602:20
    #16 0x82d690 in call_user_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:22037:3
    #17 0x7edefe in call_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7288:11
    #18 0x803d8a in get_func_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7108:11
    #19 0x8a22f9 in eval7 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4354:15
    #20 0x89dce5 in eval6 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4074:7
    #21 0x898969 in eval5 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3926:7
    #22 0x893b71 in eval4 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3667:7
    #23 0x893113 in eval3 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3589:7
    #24 0x8926b3 in eval2 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3526:7
    #25 0x7e6782 in eval1 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3459:7
    #26 0x7e4edc in eval0 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3421:9
    #27 0x7f2902 in ex_let /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:1480:9
    #28 0xb4198c in do_one_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:2199:5
    #29 0xb204c7 in do_cmdline /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:602:20
    #30 0x82d690 in call_user_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:22037:3
    #31 0x7edefe in call_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7288:11
    #32 0x803d8a in get_func_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7108:11
    #33 0x7fcd4d in ex_call /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:2844:9
    #34 0xb4198c in do_one_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:2199:5
    #35 0xb204c7 in do_cmdline /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:602:20
    #36 0x82d690 in call_user_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:22037:3
    #37 0x7edefe in call_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7288:11
    #38 0x803d8a in get_func_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7108:11
    #39 0x7fcd4d in ex_call /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:2844:9
    #40 0xb4198c in do_one_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:2199:5
    #41 0xb204c7 in do_cmdline /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:602:20
    #42 0xcde218 in apply_autocmds_group /home/zyx/a.a/Proj/c/neovim/src/nvim/fileio.c:6882:5
    #43 0xca7d46 in apply_autocmds /home/zyx/a.a/Proj/c/neovim/src/nvim/fileio.c:6527:10
    #44 0x190d935 in win_enter_ext /home/zyx/a.a/Proj/c/neovim/src/nvim/window.c:3648:5
    #45 0x1914273 in win_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/window.c:3558:3
    #46 0x18dd554 in win_goto /home/zyx/a.a/Proj/c/neovim/src/nvim/window.c:3412:3
    #47 0x18da112 in do_window /home/zyx/a.a/Proj/c/neovim/src/nvim/window.c:207:7
    #48 0x10a1a1c in nv_window /home/zyx/a.a/Proj/c/neovim/src/nvim/normal.c:6423:5
    #49 0x1097a78 in normal_execute /home/zyx/a.a/Proj/c/neovim/src/nvim/normal.c:1144:3
    #50 0x1710ae3 in state_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/state.c:58:26
    #51 0x104d3fb in normal_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/normal.c:463:3
    #52 0xe0c382 in main /home/zyx/a.a/Proj/c/neovim/src/nvim/main.c:542:3
    #53 0x7ff73f0a766f in __libc_start_main (/lib64/libc.so.6+0x2066f)
    #54 0x444d68 in _start (/home/zyx/a.a/Proj/c/neovim/build/bin/nvim+0x444d68)

0x613000047008 is located 8 bytes inside of 352-byte region [0x613000047000,0x613000047160)
freed by thread T0 here:
    #0 0x4ee810 in __interceptor_free /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:38
    #1 0xf35a84 in xfree /home/zyx/a.a/Proj/c/neovim/src/nvim/memory.c:130:3
    #2 0x8202c5 in dict_free_dict /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:6432:3
    #3 0x81ce3c in free_unref_items /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:6064:7
    #4 0x7cf6dd in garbage_collect /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:5986:16
    #5 0xd44bc3 in vgetc /home/zyx/a.a/Proj/c/neovim/src/nvim/getchar.c:1372:5
    #6 0xd56a1c in safe_vgetc /home/zyx/a.a/Proj/c/neovim/src/nvim/getchar.c:1514:7
    #7 0x1710592 in state_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/state.c:37:13
    #8 0x104d3fb in normal_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/normal.c:463:3
    #9 0xe0c382 in main /home/zyx/a.a/Proj/c/neovim/src/nvim/main.c:542:3
    #10 0x7ff73f0a766f in __libc_start_main (/lib64/libc.so.6+0x2066f)

previously allocated by thread T0 here:
    #0 0x4eeb38 in malloc /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:52
    #1 0xf357e4 in try_malloc /home/zyx/a.a/Proj/c/neovim/src/nvim/memory.c:84:15
    #2 0xf359a4 in xmalloc /home/zyx/a.a/Proj/c/neovim/src/nvim/memory.c:118:15
    #3 0x7c6e86 in dict_alloc /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:6322:15
    #4 0x8a9702 in get_dict_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:6806:9
    #5 0x8a1251 in eval7 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4297:21
    #6 0x89dce5 in eval6 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4074:7
    #7 0x898969 in eval5 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3926:7
    #8 0x893b71 in eval4 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3667:7
    #9 0x893113 in eval3 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3589:7
    #10 0x8926b3 in eval2 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3526:7
    #11 0x7e6782 in eval1 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3459:7
    #12 0x7e4edc in eval0 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3421:9
    #13 0x7f2902 in ex_let /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:1480:9
    #14 0xb4198c in do_one_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:2199:5
    #15 0xb204c7 in do_cmdline /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:602:20
    #16 0x82d690 in call_user_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:22037:3
    #17 0x7edefe in call_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7288:11
    #18 0x803d8a in get_func_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7108:11
    #19 0x8a22f9 in eval7 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4354:15
    #20 0x89dce5 in eval6 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4074:7
    #21 0x898969 in eval5 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3926:7
    #22 0x893b71 in eval4 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3667:7
    #23 0x893113 in eval3 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3589:7
    #24 0x8926b3 in eval2 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3526:7
    #25 0x7e6782 in eval1 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3459:7
    #26 0x97cd6a in filter_map_one /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:9415:7
    #27 0x97c80a in filter_map /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:9389:13
    #28 0x90b4e7 in f_map /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:12944:3
    #29 0x7ee5d0 in call_func /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:7303:11

SUMMARY: AddressSanitizer: heap-use-after-free /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:20160:37 in copy_tv
Shadow bytes around the buggy address:
  0x0c2680000db0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c2680000dc0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2680000dd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680000de0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680000df0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2680000e00: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680000e10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680000e20: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c2680000e30: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2680000e40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680000e50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==27645==ABORTING

tweekmonster · 2017-02-07T20:21:10Z

@justinmk Ran with 0b88c1d

14488 kB (+14488, 0.101s)
15580 kB (+1092, 2.406s)
15592 kB (+12, 0.601s)
15608 kB (+16, 0.100s)
15624 kB (+16, 7.418s)
15628 kB (+4, 8.620s)
15880 kB (+252, 18.444s)
16136 kB (+256, 7.417s)
16396 kB (+260, 10.025s)
16660 kB (+264, 7.318s)
16912 kB (+252, 9.022s)
17176 kB (+264, 8.521s)
17440 kB (+264, 7.118s)
17700 kB (+260, 10.024s)
17964 kB (+264, 7.518s)

Second run:

14832 kB (+14832, 0.101s)
14344 kB (-488, 1.905s)
15028 kB (+684, 0.100s)
15160 kB (+132, 0.601s)
15168 kB (+8, 7.219s)
15376 kB (+208, 10.025s)
15608 kB (+232, 9.824s)
15868 kB (+260, 9.123s)
16124 kB (+256, 8.121s)
16384 kB (+260, 8.722s)
16644 kB (+260, 8.220s)
16900 kB (+256, 9.022s)
17164 kB (+264, 8.320s)
17428 kB (+264, 9.023s)
17688 kB (+260, 8.020s)
17952 kB (+264, 8.420s)
18216 kB (+264, 8.922s)

ZyX-I · 2017-02-07T20:26:36Z

@justinmk Try cherry-picking ZyX-I@b9d4a64.

ZyX-I · 2017-02-07T20:27:36Z

Will try to construct a test now.

justinmk · 2017-02-07T20:47:14Z

@ZyX-I ZyX-I@b9d4a64 fixes it. Valgrind found no problems.

ZyX-I · 2017-02-07T21:09:26Z

I now have a script which triggers the bug with bin/nvim -u NONE -i NONE --headless --cmd 'source ../crash/bug.vim':

let [l1, l2] = [[], []]
echo 'l1:' . id(l1)
echo 'l2:' . id(l2)
echo ''
let [l3, l4] = [[], []]
call add(l4, l4)
call add(l4, l3)
call add(l3, 1)
call add(l2, l2)
call add(l2, l1)
call add(l1, 1)
unlet l2
unlet l4
call garbagecollect(1)
call feedkeys(":\e:echo l1 l3\n:echo 42\n:cq\n", "t")

Should be easy to make a test out of it.

ZyX-I · 2017-02-07T21:09:55Z

ASAN log with this script for reference:

=================================================================
==23840==ERROR: AddressSanitizer: heap-use-after-free on address 0x60800000b330 at pc 0x00000080c9cd bp 0x7ffe8d0b0460 sp 0x7ffe8d0b0458
READ of size 4 at 0x60800000b330 thread T0
    #0 0x80c9cc in copy_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:20167:37
    #1 0x888ddf in get_var_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:18950:5
    #2 0x8a2a45 in eval7 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4376:15
    #3 0x89de85 in eval6 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4074:7
    #4 0x898b09 in eval5 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3926:7
    #5 0x893d11 in eval4 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3667:7
    #6 0x8932b3 in eval3 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3589:7
    #7 0x892853 in eval2 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3526:7
    #8 0x7e6782 in eval1 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3459:7
    #9 0x85210e in ex_echo /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:20294:9
    #10 0xb4226c in do_one_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:2199:5
    #11 0xb20da7 in do_cmdline /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:602:20
    #12 0x10b0b4b in nv_colon /home/zyx/a.a/Proj/c/neovim/src/nvim/normal.c:4496:18
    #13 0x1098358 in normal_execute /home/zyx/a.a/Proj/c/neovim/src/nvim/normal.c:1144:3
    #14 0x17113c3 in state_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/state.c:58:26
    #15 0x104dcdb in normal_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/normal.c:463:3
    #16 0xe0cc62 in main /home/zyx/a.a/Proj/c/neovim/src/nvim/main.c:542:3
    #17 0x7fa32c11f66f in __libc_start_main (/lib64/libc.so.6+0x2066f)
    #18 0x444d68 in _start (/home/zyx/a.a/Proj/c/neovim/build/bin/nvim+0x444d68)

0x60800000b330 is located 16 bytes inside of 88-byte region [0x60800000b320,0x60800000b378)
freed by thread T0 here:
    #0 0x4ee810 in __interceptor_free /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:38
    #1 0xf36364 in xfree /home/zyx/a.a/Proj/c/neovim/src/nvim/memory.c:130:3
    #2 0x812a58 in list_free_list /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:5068:3
    #3 0x81d322 in free_unref_items /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:6078:7
    #4 0x7cf6dd in garbage_collect /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:5986:16
    #5 0xd454a3 in vgetc /home/zyx/a.a/Proj/c/neovim/src/nvim/getchar.c:1372:5
    #6 0xd572fc in safe_vgetc /home/zyx/a.a/Proj/c/neovim/src/nvim/getchar.c:1514:7
    #7 0x1710e72 in state_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/state.c:37:13
    #8 0x104dcdb in normal_enter /home/zyx/a.a/Proj/c/neovim/src/nvim/normal.c:463:3
    #9 0xe0cc62 in main /home/zyx/a.a/Proj/c/neovim/src/nvim/main.c:542:3
    #10 0x7fa32c11f66f in __libc_start_main (/lib64/libc.so.6+0x2066f)

previously allocated by thread T0 here:
    #0 0x4eecd0 in calloc /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0xf36402 in xcalloc /home/zyx/a.a/Proj/c/neovim/src/nvim/memory.c:144:15
    #2 0x7c768a in list_alloc /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:5012:18
    #3 0x8a8208 in get_list_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4964:9
    #4 0x8a13cd in eval7 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4293:21
    #5 0x89de85 in eval6 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4074:7
    #6 0x898b09 in eval5 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3926:7
    #7 0x893d11 in eval4 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3667:7
    #8 0x8932b3 in eval3 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3589:7
    #9 0x892853 in eval2 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3526:7
    #10 0x7e6782 in eval1 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3459:7
    #11 0x8a8604 in get_list_tv /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4969:9
    #12 0x8a13cd in eval7 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4293:21
    #13 0x89de85 in eval6 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:4074:7
    #14 0x898b09 in eval5 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3926:7
    #15 0x893d11 in eval4 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3667:7
    #16 0x8932b3 in eval3 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3589:7
    #17 0x892853 in eval2 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3526:7
    #18 0x7e6782 in eval1 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3459:7
    #19 0x7e4edc in eval0 /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:3421:9
    #20 0x7f2902 in ex_let /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:1480:9
    #21 0xb4226c in do_one_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:2199:5
    #22 0xb20da7 in do_cmdline /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:602:20
    #23 0xb0d873 in do_source /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_cmds2.c:2906:3
    #24 0xb09d74 in cmd_source /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_cmds2.c:2644:14
    #25 0xb09ea0 in ex_source /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_cmds2.c:2625:3
    #26 0xb4226c in do_one_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:2199:5
    #27 0xb20da7 in do_cmdline /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:602:20
    #28 0xb270b5 in do_cmdline_cmd /home/zyx/a.a/Proj/c/neovim/src/nvim/ex_docmd.c:274:10
    #29 0xe18f81 in exe_pre_commands /home/zyx/a.a/Proj/c/neovim/src/nvim/main.c:1566:7

SUMMARY: AddressSanitizer: heap-use-after-free /home/zyx/a.a/Proj/c/neovim/src/nvim/eval.c:20167:37 in copy_tv
Shadow bytes around the buggy address:
  0x0c107fff9610: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c107fff9620: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c107fff9630: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c107fff9640: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c107fff9650: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
=>0x0c107fff9660: fa fa fa fa fd fd[fd]fd fd fd fd fd fd fd fd fa
  0x0c107fff9670: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c107fff9680: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c107fff9690: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c107fff96a0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff96b0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==23840==ABORTING

ZyX-I · 2017-02-07T21:22:51Z

By the way, I found

static void f_id(typval_T *argvars, typval_T *rettv, FunPtr fptr)
{
  char buf[sizeof(void *) * 8 * 2 + 3];
#define OFF(attr) offsetof(union typval_vval_union, attr)
  STATIC_ASSERT(
      OFF(v_string) == OFF(v_list)
      && OFF(v_string) == OFF(v_dict)
      && OFF(v_string) == OFF(v_partial)
      && sizeof(argvars[0].vval.v_string) == sizeof(argvars[0].vval.v_list)
      && sizeof(argvars[0].vval.v_string) == sizeof(argvars[0].vval.v_dict)
      && sizeof(argvars[0].vval.v_string) == sizeof(argvars[0].vval.v_partial),
      "Strings, dictionaries, lists and partials are expected to be pointers, "
      "so that all three of them can be accessed via v_string");
#undef OFF
  snprintf(buf, sizeof(buf), "%p", (void *)argvars[0].vval.v_string);
  rettv->v_type = VAR_STRING;
  rettv->vval.v_string = xmemdup(buf, sizeof(buf));
}

to be rather useful for determining “which list is l1”. Also remember wanting something like this when porting YAML parser (more precisely, dumper) to VimL: easier to check self references.

ZyX-I · 2017-02-07T21:29:15Z

Though there is one problem with snprintf:

p
The argument shall be a pointer to void. The value of the pointer is
converted to a sequence of printing characters, in an implementation-defined
manner.

(basically this means that my calculations regarding necessary space may be wrong). vim_snprintf is not helpful here, though it can be fixed: it calls sprintf.

jamessan · 2017-02-07T21:44:45Z

(basically this means that my calculations regarding necessary space may be wrong)

If we thought that could be an actual problem, then we could have snprintf tell us how much space it would take and then use that.

int n = snprintf(NULL, 0, "%p", (void *)argvars[0].vval.v_string);
rettv->v_type = VAR_STRING;
rettv->vval.v_string = xmalloc(n + 1);
snprintf(rettv->vval.v_string, n + 1, "%p", (void *)argvars[0].vval.v_string);

ZyX-I · 2017-02-07T21:49:22Z

@jamessan AFAIK, snprintf happens to be rather incompatible with C99: http://demin.ws/blog/english/2013/01/28/use-snprintf-on-different-platforms/.

justinmk · 2017-02-07T22:04:35Z

Should we replace the snprintf recommendation in clint.py with vim_snprintf ?

ZyX-I · 2017-02-07T22:36:38Z

@justinmk Depends on whether we consider somebody not following C99 our bug: theoretically compilers may optimize *printf calls in the future (I don’t see them doing this now though) and libc functions are usually more optimized (especially I do not think that any libc snprintf defers its job to sprintf which does parsing again, glibc definitely does not; though if vim_snprintf performance will be a problem then we could simply copy glibc implementation). I do not see other reasons to prefer snprintf over vim_snprintf, and this one is rather minor.

BTW, that page is rather old, but mentions Windows 7, do you know what’s on other versions supported on Neovim and other compilers?

Shougo · 2017-02-08T22:33:54Z

I have tested the branch.
No crash. Wow!

Does not actually matter for most uses, but critical for mark&sweep garbage collector. Closes neovim#5234 Closes neovim#5774 Closes neovim#5817 Closes neovim#5883 Closes neovim#5934 Closes neovim#5970 Closes neovim#5548 Helped-by: James McCoy <jamessan@jamessan.com> Helped-by: Tommy Allen <tommy@esdf.io> Helped-by: Justin M. Keyes <justinkz@gmail.com> --- Steps to reproduce: Compile fb97457 with: CC=clang CFLAGS=" -O0 -g -DEXITFREE " cmake .. -DMIN_LOG_LEVEL=0 -DCMAKE_BUILD_TYPE=Debug -DBUSTED_OUTPUT_TYPE=utf -DCMAKE_INSTALL_PREFIX=$PWD/root -DJEMALLOC_USE_BUNDLED=1 -DCLANG_ASAN_UBSAN=ON -DPREFER_LUAJIT=false Directory `crash` contains: 1. unite directory with Shougo/unite.vim@be09b0e 2. vimfiler directory with Shougo/vimfiler.vim@72c37e8 3. `init.vim` with a single line which sets `&rtp` to the above two directories (absolute path). bin/nvim -u ../crash/init.vim -i NONE --headless -s <(<<< $':split\n:VimFiler\n\C-ww:call garbagecollect()\n\C-w\C-w\C-w') --- Sample backtrace showing dv_copyID being overwritten by clear_tv, which allows it to be collected by garbage_collect .. free_unref_items: Old value = 152911 New value = 152912 0x00000000004938e5 in encode_vim_to_nothing (ignored=0x7fb6348f3b20, top_tv=0x7fb6348f3b20, objname=0x6d62e9 "clear_tv argument") at ../src/nvim/eval/typval_encode.c.h:641 641 cur_mpsv->data.d.dict->dv_copyID = copyID - 1; (rr) bt #0 0x00000000004938e5 in encode_vim_to_nothing (ignored=0x7fb6348f3b20, top_tv=0x7fb6348f3b20, objname=0x6d62e9 "clear_tv argument") at ../src/nvim/eval/typval_encode.c.h:641 #1 0x0000000000485dee in clear_tv (varp=0x7fb6348f3b20) at /home/foo/src/github.com/neovim/src/nvim/eval.c:19876 #2 0x0000000000494e5e in vars_clear_ext (ht=0x7fb634351460, free_val=1) at /home/foo/src/github.com/neovim/src/nvim/eval.c:20378 #3 0x0000000000494dca in vars_clear (ht=0x7fb634351460) at /home/foo/src/github.com/neovim/src/nvim/eval.c:20355 #4 0x000000000048efa3 in free_funccal (fc=0x7fb634351200, free_val=0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:22927 #5 0x0000000000491d8f in call_user_func (fp=0x7fb6340ae4e0, argcount=0, argvars=0x7ffdd216a050, rettv=0x7ffdd216a2b0, firstline=2, lastline=2, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:22818 #6 0x00000000004873a4 in call_func (funcname=0x7fb6348ba3e0 "vimfiler#view#_redraw_screen", len=28, rettv=0x7ffdd216a2b0, argcount_in=0, argvars_in=0x7ffdd216a050, argv_func=0x0, firstline=2, lastline=2, doesrange=0x7ffdd216a2ac, evaluate=true, partial=0x0, selfdict_in=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7687 neovim#7 0x000000000048a6f0 in get_func_tv (name=0x7fb6348ba3e0 "vimfiler#view#_redraw_screen", len=28, rettv=0x7ffdd216a2b0, arg=0x7ffdd216a2c8, firstline=2, lastline=2, doesrange=0x7ffdd216a2ac, evaluate=1, partial=0x0, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7459 neovim#8 0x0000000000489691 in ex_call (eap=0x7ffdd216a598) at /home/foo/src/github.com/neovim/src/nvim/eval.c:2817 neovim#9 0x00000000004fae46 in do_one_cmd (cmdlinep=0x7ffdd216a878, flags=7, cstack=0x7ffdd216a880, fgetline=0x4f7c30 <get_loop_line>, cookie=0x7ffdd216a7f8) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198 neovim#10 0x00000000004f6ae3 in do_cmdline (cmdline=0x0, fgetline=0x499f50 <get_func_line>, cookie=0x7fb634350800, flags=7) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601 neovim#11 0x00000000004918c0 in call_user_func (fp=0x7fb6340ae6a0, argcount=0, argvars=0x7ffdd216b6d0, rettv=0x7ffdd216b930, firstline=2, lastline=2, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:22728 neovim#12 0x00000000004873a4 in call_func (funcname=0x7fb6348f3ee0 "vimfiler#view#_redraw_all_vimfiler", len=34, rettv=0x7ffdd216b930, argcount_in=0, argvars_in=0x7ffdd216b6d0, argv_func=0x0, firstline=2, lastline=2, doesrange=0x7ffdd216b92c, evaluate=true, partial=0x0, selfdict_in=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7687 neovim#13 0x000000000048a6f0 in get_func_tv (name=0x7fb6348f3ee0 "vimfiler#view#_redraw_all_vimfiler", len=34, rettv=0x7ffdd216b930, arg=0x7ffdd216b948, firstline=2, lastline=2, doesrange=0x7ffdd216b92c, evaluate=1, partial=0x0, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7459 neovim#14 0x0000000000489691 in ex_call (eap=0x7ffdd216bc18) at /home/foo/src/github.com/neovim/src/nvim/eval.c:2817 neovim#15 0x00000000004fae46 in do_one_cmd (cmdlinep=0x7ffdd216bef8, flags=7, cstack=0x7ffdd216bf00, fgetline=0x539820 <getnextac>, cookie=0x7ffdd216c508) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198 neovim#16 0x00000000004f6ae3 in do_cmdline (cmdline=0x0, fgetline=0x539820 <getnextac>, cookie=0x7ffdd216c508, flags=7) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601 neovim#17 0x00000000005390ee in apply_autocmds_group (event=EVENT_VIMRESIZED, fname=0x7fb6348ed2c0 "/home/foo/src/github.com/neovim/build/vimfiler:default", fname_io=0x0, force=false, group=-3, buf=0x7fb634858000, eap=0x0) at /home/foo/src/github.com/neovim/src/nvim/fileio.c:6882 neovim#18 0x000000000052f67c in apply_autocmds (event=EVENT_VIMRESIZED, fname=0x0, fname_io=0x0, force=false, buf=0x7fb634858000) at /home/foo/src/github.com/neovim/src/nvim/fileio.c:6527 neovim#19 0x0000000000640df2 in screenalloc (doclear=false) at /home/foo/src/github.com/neovim/src/nvim/screen.c:6234 neovim#20 0x00000000006320d2 in screenclear () at /home/foo/src/github.com/neovim/src/nvim/screen.c:6277 neovim#21 0x0000000000641edf in screen_resize (width=49, height=56) at /home/foo/src/github.com/neovim/src/nvim/screen.c:7366 neovim#22 0x00000000006b2d82 in ui_refresh () at /home/foo/src/github.com/neovim/src/nvim/ui.c:175 neovim#23 0x00000000006b3121 in ui_refresh_event (argv=0x7ffdd216c748) at /home/foo/src/github.com/neovim/src/nvim/ui.c:181 neovim#24 0x00000000004d8297 in multiqueue_process_events (this=0x7fb634812370) at /home/foo/src/github.com/neovim/src/nvim/event/multiqueue.c:146 neovim#25 0x00000000004d7616 in loop_poll_events (loop=0x96e900 <main_loop>, ms=-1) at /home/foo/src/github.com/neovim/src/nvim/event/loop.c:56 neovim#26 0x00000000005eb635 in input_poll (ms=-1) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:326 neovim#27 0x00000000005ea700 in inbuf_poll (ms=-1) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:348 neovim#28 0x00000000005ea61d in os_inchar (buf=0x0, maxlen=0, ms=-1, tb_change_cnt=0) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:110 neovim#29 0x000000000068e0af in state_enter (s=0x7ffdd216c888) at /home/foo/src/github.com/neovim/src/nvim/state.c:49 neovim#30 0x00000000005ac514 in normal_enter (cmdwin=false, noexmode=false) at /home/foo/src/github.com/neovim/src/nvim/normal.c:463 neovim#31 0x0000000000565c62 in main (argc=9, argv=0x7ffdd216cc28) at /home/foo/src/github.com/neovim/src/nvim/main.c:540 --- ASAN trace after provoking the bug with VimFiler: ================================================================= ==8540==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000054748 at pc 0x0000007d1dd8 bp 0x7ffe71be6660 sp 0x7ffe71be6658 READ of size 4 at 0x613000054748 thread T0 #0 0x7d1dd7 in copy_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:20116:37 #1 0x87b92c in f_get /home/foo/src/github.com/neovim/src/nvim/eval.c:9895:5 #2 0x7b35c0 in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7286:11 #3 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11 #4 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15 #5 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7 #6 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7 neovim#7 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7 neovim#8 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7 neovim#9 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7 neovim#10 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7 neovim#11 0x7abe36 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3494:9 neovim#12 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9 neovim#13 0x830cac in ex_return /home/foo/src/github.com/neovim/src/nvim/eval.c:22191:10 neovim#14 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5 neovim#15 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20 neovim#16 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3 neovim#17 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11 neovim#18 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11 neovim#19 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15 neovim#20 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7 neovim#21 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7 neovim#22 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7 neovim#23 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7 neovim#24 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7 neovim#25 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7 neovim#26 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9 neovim#27 0x7b78f2 in ex_let /home/foo/src/github.com/neovim/src/nvim/eval.c:1479:9 neovim#28 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5 neovim#29 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20 neovim#30 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3 neovim#31 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11 neovim#32 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11 neovim#33 0x7c1d3d in ex_call /home/foo/src/github.com/neovim/src/nvim/eval.c:2843:9 neovim#34 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5 neovim#35 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20 neovim#36 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3 neovim#37 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11 neovim#38 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11 neovim#39 0x7c1d3d in ex_call /home/foo/src/github.com/neovim/src/nvim/eval.c:2843:9 neovim#40 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5 neovim#41 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20 neovim#42 0xca2918 in apply_autocmds_group /home/foo/src/github.com/neovim/src/nvim/fileio.c:6882:5 neovim#43 0xc6c446 in apply_autocmds /home/foo/src/github.com/neovim/src/nvim/fileio.c:6527:10 neovim#44 0x140f374 in screenalloc /home/foo/src/github.com/neovim/src/nvim/screen.c:6234:5 neovim#45 0x13958d1 in screenclear /home/foo/src/github.com/neovim/src/nvim/screen.c:6277:3 neovim#46 0x1417573 in screen_resize /home/foo/src/github.com/neovim/src/nvim/screen.c:7366:5 neovim#47 0x17fb59b in ui_refresh /home/foo/src/github.com/neovim/src/nvim/ui.c:175:3 neovim#48 0x17fc100 in ui_refresh_event /home/foo/src/github.com/neovim/src/nvim/ui.c:181:3 neovim#49 0xa05bbf in multiqueue_process_events /home/foo/src/github.com/neovim/src/nvim/event/multiqueue.c:146:7 neovim#50 0x9ff8b6 in loop_poll_events /home/foo/src/github.com/neovim/src/nvim/event/loop.c:56:3 neovim#51 0x120d584 in input_poll /home/foo/src/github.com/neovim/src/nvim/os/input.c:326:3 neovim#52 0x12092ef in inbuf_poll /home/foo/src/github.com/neovim/src/nvim/os/input.c:348:24 neovim#53 0x1209193 in os_inchar /home/foo/src/github.com/neovim/src/nvim/os/input.c:110:18 neovim#54 0x16d3615 in state_enter /home/foo/src/github.com/neovim/src/nvim/state.c:49:13 neovim#55 0x101090b in normal_enter /home/foo/src/github.com/neovim/src/nvim/normal.c:463:3 neovim#56 0xdd0a82 in main /home/foo/src/github.com/neovim/src/nvim/main.c:542:3 neovim#57 0x7f3c61df42b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) neovim#58 0x44b959 in _start (/home/foo/src/github.com/neovim/build/bin/nvim+0x44b959) 0x613000054748 is located 8 bytes inside of 352-byte region [0x613000054740,0x6130000548a0) freed by thread T0 here: #0 0x4e9d70 in __interceptor_cfree.localalias.0 (/home/foo/src/github.com/neovim/build/bin/nvim+0x4e9d70) #1 0xefa184 in xfree /home/foo/src/github.com/neovim/src/nvim/memory.c:130:3 #2 0x7e52b5 in dict_free_dict /home/foo/src/github.com/neovim/src/nvim/eval.c:6431:3 #3 0x7e1e2c in free_unref_items /home/foo/src/github.com/neovim/src/nvim/eval.c:6063:7 #4 0x7946cd in garbage_collect /home/foo/src/github.com/neovim/src/nvim/eval.c:5985:16 #5 0xd08f4f in before_blocking /home/foo/src/github.com/neovim/src/nvim/getchar.c:1331:5 #6 0x1209157 in os_inchar /home/foo/src/github.com/neovim/src/nvim/os/input.c:109:9 neovim#7 0x16d3615 in state_enter /home/foo/src/github.com/neovim/src/nvim/state.c:49:13 neovim#8 0x101090b in normal_enter /home/foo/src/github.com/neovim/src/nvim/normal.c:463:3 neovim#9 0xdd0a82 in main /home/foo/src/github.com/neovim/src/nvim/main.c:542:3 neovim#10 0x7f3c61df42b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) previously allocated by thread T0 here: #0 0x4e9f08 in malloc (/home/foo/src/github.com/neovim/build/bin/nvim+0x4e9f08) #1 0xef9ee4 in try_malloc /home/foo/src/github.com/neovim/src/nvim/memory.c:84:15 #2 0xefa0a4 in xmalloc /home/foo/src/github.com/neovim/src/nvim/memory.c:118:15 #3 0x78bcc6 in dict_alloc /home/foo/src/github.com/neovim/src/nvim/eval.c:6321:15 #4 0x86dc02 in get_dict_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:6789:9 #5 0x865751 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4296:21 #6 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7 neovim#7 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7 neovim#8 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7 neovim#9 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7 neovim#10 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7 neovim#11 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7 neovim#12 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9 neovim#13 0x7b78f2 in ex_let /home/foo/src/github.com/neovim/src/nvim/eval.c:1479:9 neovim#14 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5 neovim#15 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20 neovim#16 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3 neovim#17 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11 neovim#18 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11 neovim#19 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15 neovim#20 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7 neovim#21 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7 neovim#22 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7 neovim#23 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7 neovim#24 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7 neovim#25 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7 neovim#26 0x93f89a in filter_map_one /home/foo/src/github.com/neovim/src/nvim/eval.c:9398:7 neovim#27 0x93f33a in filter_map /home/foo/src/github.com/neovim/src/nvim/eval.c:9372:13 neovim#28 0x8ceb57 in f_map /home/foo/src/github.com/neovim/src/nvim/eval.c:12900:3 neovim#29 0x7b35c0 in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7286:11 SUMMARY: AddressSanitizer: heap-use-after-free /home/foo/src/github.com/neovim/src/nvim/eval.c:20116:37 in copy_tv Shadow bytes around the buggy address: 0x0c2680002890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c26800028a0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa 0x0c26800028b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c26800028c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c26800028d0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa =>0x0c26800028e0: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd 0x0c26800028f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2680002900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2680002910: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2680002920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2680002930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==8540==ABORTING

ZyX-I · 2017-02-11T10:05:10Z

Missing test.

Regression test coverage for neovim#6070.

Regression test coverage for #6070.

justinmk · 2017-03-08T02:24:06Z

Test added in #6228

inoperable · 2017-04-06T09:59:36Z

Just a side note - if anyone keeps their dotfiles in a git repo (as many probably do) I had almost a crash each and every time with malloc error repeatedly 7 - 10 times when starting nvim, after a bit of digging in syslog, then I crashlogs and log stream (macOS 12.4) and if any file descriptors are touched and the entry fs stat is changed nvim will crash, first I thought it's because I was running from apfs, but then I realized that the issue is because I had a dotfiles repo with entire ~/.config/nvim tree and (at least in my case) it seem's to be a crash related. I'm not sure though if the order is correct: I moved nvim config and plugs out of the repo and the crashes are gone, however I also realized that iCloud services are pushing things back/forth a lot and maybe it is chained when git stats a file, then iCloud services does whatever it does to descriptors and in the meantime nvim crashes- or am I just stupid?

update: ok, I just re-tested it and if config files are within a git repo then it crashes 9 times 10 during start. one example crashlog is here

justinmk · 2017-04-06T10:24:18Z

@jankun That looks like #6431 (comment) , there's a patch there, maybe you could try it (if you build from source). In the future please report new issues in a separate issue.

but then I realized that the issue is because I had a dotfiles repo with entire ~/.config/nvim tree and (at least in my case) it seem's to be a crash related. I

Crashes are always bugs, no one should need to move files anywhere :)

Test ":unlet self-referencing node in a List graph #6070" feeds many characters into typeahead, so a timeout of only 100 milliseconds sometimes fails. Change that timeout to 1000 milliseconds.

Test ":unlet self-referencing node in a List graph neovim#6070" feeds many characters into typeahead, so a timeout of only 100 milliseconds sometimes fails. Change that timeout to 1000 milliseconds.

This was referenced Feb 7, 2017

pointer being freed was not allocated #5934

Closed

Crashes randomically #5774

Closed

Segmentation fault when using tagbar #5817

Closed

Segmentation Fault #5710

Closed

Segmentation fault when using Unite grep #5234

Closed

justinmk force-pushed the fix-vimfiler-crash-3 branch from 93a328f to 0b88c1d Compare February 7, 2017 19:52

justinmk changed the title ~~revert to Vim's clear_tv()~~ typval_encode: Do not modify copyID Feb 7, 2017

justinmk changed the title ~~typval_encode: Do not modify copyID~~ typval_encode: Do not modify copyID Feb 7, 2017

justinmk changed the title ~~typval_encode: Do not modify copyID~~ eval/typval_encode: Restore original copyID Feb 7, 2017

Shougo mentioned this pull request Feb 7, 2017

neovim: E724: unable to correctly dump variable with self-referencing container" haya14busa/incsearch.vim#125

Closed

justinmk mentioned this pull request Feb 8, 2017

Segfault in update_screen:387 #6004

Closed

justinmk mentioned this pull request Feb 9, 2017

crashing/freezing with splits, :term and updatetime #4134

Closed

Shougo mentioned this pull request Feb 9, 2017

Pointer allocation error while executing PlugUpdate junegunn/vim-plug#591

Closed

11 tasks

justinmk force-pushed the fix-vimfiler-crash-3 branch 2 times, most recently from 45c61ad to 09da6cb Compare February 11, 2017 05:19

justinmk force-pushed the fix-vimfiler-crash-3 branch from 09da6cb to fd9e3c9 Compare February 11, 2017 05:54

justinmk merged commit 14fc482 into neovim:master Feb 11, 2017

justinmk deleted the fix-vimfiler-crash-3 branch February 11, 2017 06:20

justinmk mentioned this pull request Mar 2, 2017

Segfault in set_ref_in_ht/set_ref_in_item via garbage_collect #3770

Closed

justinmk added a commit to justinmk/neovim that referenced this pull request Mar 6, 2017

test/let_spec: self-referencing List.

ab59541

Regression test coverage for neovim#6070.

justinmk mentioned this pull request Mar 6, 2017

test/let_spec: self-referencing List. #6228

Merged

justinmk added a commit to justinmk/neovim that referenced this pull request Mar 7, 2017

test/let_spec: self-referencing List.

db46b0f

Regression test coverage for neovim#6070.

justinmk added a commit that referenced this pull request Mar 8, 2017

test/let_spec: self-referencing List. (#6228)

087acd7

Regression test coverage for #6070.

fmoralesc mentioned this pull request Jan 18, 2018

garbage_collect() crash (failed assert) #7869

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

eval/typval_encode: Restore original copyID #6070

eval/typval_encode: Restore original copyID #6070

justinmk commented Feb 7, 2017 •

edited

Loading

nhooyr commented Feb 7, 2017

tweekmonster commented Feb 7, 2017

blueyed commented Feb 7, 2017

tweekmonster commented Feb 7, 2017

justinmk commented Feb 7, 2017 •

edited

Loading

tweekmonster commented Feb 7, 2017

justinmk commented Feb 7, 2017 •

edited

Loading

blueyed commented Feb 7, 2017 •

edited by jamessan

Loading

justinmk commented Feb 7, 2017

tweekmonster commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

justinmk commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

tweekmonster commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

justinmk commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

jamessan commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

justinmk commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

Shougo commented Feb 8, 2017

ZyX-I commented Feb 11, 2017

justinmk commented Mar 8, 2017

inoperable commented Apr 6, 2017 •

edited

Loading

justinmk commented Apr 6, 2017

eval/typval_encode: Restore original copyID #6070

eval/typval_encode: Restore original copyID #6070

Conversation

justinmk commented Feb 7, 2017 • edited Loading

nhooyr commented Feb 7, 2017

tweekmonster commented Feb 7, 2017

blueyed commented Feb 7, 2017

tweekmonster commented Feb 7, 2017

justinmk commented Feb 7, 2017 • edited Loading

tweekmonster commented Feb 7, 2017

memwatch.py

justinmk commented Feb 7, 2017 • edited Loading

blueyed commented Feb 7, 2017 • edited by jamessan Loading

justinmk commented Feb 7, 2017

tweekmonster commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

justinmk commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

tweekmonster commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

justinmk commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

jamessan commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

justinmk commented Feb 7, 2017

ZyX-I commented Feb 7, 2017

Shougo commented Feb 8, 2017

ZyX-I commented Feb 11, 2017

justinmk commented Mar 8, 2017

inoperable commented Apr 6, 2017 • edited Loading

justinmk commented Apr 6, 2017

justinmk commented Feb 7, 2017 •

edited

Loading

justinmk commented Feb 7, 2017 •

edited

Loading

justinmk commented Feb 7, 2017 •

edited

Loading

blueyed commented Feb 7, 2017 •

edited by jamessan

Loading

inoperable commented Apr 6, 2017 •

edited

Loading