FS#17452 - [fish] shell crashes randomly
Attached to Project:
Community Packages
Opened by Arael (ArchArael) - Wednesday, 09 December 2009, 17:00 GMT
Last edited by Dan Griffiths (Ghost1227) - Saturday, 09 January 2010, 01:47 GMT
Opened by Arael (ArchArael) - Wednesday, 09 December 2009, 17:00 GMT
Last edited by Dan Griffiths (Ghost1227) - Saturday, 09 January 2010, 01:47 GMT
|
Details
Description:
Occasionally fish shell crashes on my machine. It usually happens when my terminal emulator obtains the focus. Additional info: * package version(s) terminal 0.4.2-1 fish 1.23.1-2 /var/log/messages.log file: Dec 1 15:29:02 infinity kernel: fish[12590]: segfault at 64 ip b76547e0 sp bfc28260 error 4 in libc-2.11.so[b75d8000+140000] Dec 1 16:57:25 infinity kernel: fish[22098]: segfault at 0 ip b77087e0 sp bfec0400 error 4 in libc-2.11.so[b768c000+140000] Dec 1 17:17:11 infinity kernel: fish[23436]: segfault at 0 ip b75ae8d8 sp bfa9f378 error 4 in libc-2.11.so[b7532000+140000] Dec 1 17:28:25 infinity kernel: fish[21777]: segfault at 0 ip b76897e0 sp bfe47c90 error 4 in libc-2.11.so[b760d000+140000] Dec 2 14:37:57 infinity kernel: fish[2158]: segfault at 10 ip 0806b330 sp bfa22d30 error 4 in fish[8048000+56000] Dec 2 15:40:44 infinity kernel: fish[28294]: segfault at 0 ip b76a17e0 sp bfad07c0 error 4 in libc-2.11.so[b7625000+140000] Dec 3 10:23:38 infinity kernel: fish[4829]: segfault at 24 ip b77117e0 sp bfb13ba0 error 4 in libc-2.11.so[b7695000+140000] Dec 3 10:40:43 infinity kernel: fish[21382]: segfault at 64 ip b76c97e0 sp bfb5b580 error 4 in libc-2.11.so[b764d000+140000] Dec 3 14:45:54 infinity kernel: fish[14764]: segfault at 1 ip b76447e0 sp bf896040 error 4 in libc-2.11.so[b75c8000+140000] Dec 4 15:14:41 infinity kernel: fish[18536]: segfault at 0 ip b76918d8 sp bfd434e8 error 4 in libc-2.11.so[b7615000+140000] Dec 9 10:32:47 infinity kernel: fish[2793]: segfault at 0 ip b762c7e0 sp bfe64ab0 error 4 in libc-2.11.so[b75b0000+140000] Steps to reproduce: Use fish shell for a while. After some time it will crash when your terminal emulator gets the focus. |
This task depends upon
Closed by Dan Griffiths (Ghost1227)
Saturday, 09 January 2010, 01:47 GMT
Reason for closing: Not a bug
Saturday, 09 January 2010, 01:47 GMT
Reason for closing: Not a bug
Dec 11 13:45:59 infinity kernel: fish[30003]: segfault at 20 ip b761e7e0 sp bffcb9b0 error 4 in libc-2.11.so[b75a2000+140000]
yes I did. Do you know if this project is still alive? Because on the mailing list there isn't much activity. The developers haven't answered my mails and my report is still there. Pity. The ideas behind this shell are quite amazing but it doesn't seem to me that the development is still going on. You know, I was thinking to send you an email and ask you but in the end I changed my mind. Didn't want to bother you.
I found how to replicate the crash. Basically it seem to be related with the focus. What I do to obtain the crash is:
1. killall fishd
2. gdb ./fish # my -g fish binary
3. run >> in gdb shell
4. start several (from 5 to 10) terminal emulators running fish and switch between them, you will notice than sometimes the focus is gained only after you press a key: For example ls will end up in just s on the prompt.
5. after some time fishd crashes. You will notice that the terminal emulators will start to disappear as soon as they get the focus.
Here is the gdb backtrace:
[code]Program received signal SIGSEGV, Segmentation fault.
0x00007ffff78b3dc8 in wcscmp () from /lib/libc.so.6
(gdb) backtrace
#0 0x00007ffff78b3dc8 in wcscmp () from /lib/libc.so.6
#1 0x000000000042a377 in input_function_get_code (
name=0x1 <Address 0x1 out of bounds>) at input.c:880
#2 0x000000000042a6d0 in input_try_mapping () at input.c:439
#3 input_readch () at input.c:499
#4 0x0000000000425090 in reader_readline () at reader.c:2587
#5 0x0000000000426aba in read_i (fd=6876720, io=0x0) at reader.c:2463
#6 reader_read (fd=6876720, io=0x0) at reader.c:3329
#7 0x000000000043a80e in main (argc=1, argv=0x7fffffffe778) at fish.c:326[/code]
Here is the valgrind backtrace:
[code] ==433== Invalid read of size 8
==433== at 0x42A6C4: input_readch (input.c:439)
==433== by 0x42508F: reader_readline (reader.c:2587)
==433== by 0x426AB9: reader_read (reader.c:2463)
==433== by 0x43A80D: main (fish.c:326)
==433== Address 0x55fa2a8 is 8 bytes inside a block of size 16 free'd
==433== at 0x4C23A18: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==433== by 0x42A557: input_mapping_erase (input.c:565)
==433== by 0x40C0EC: builtin_bind (builtin.c:564)
==433== by 0x4105A1: builtin_run (builtin.c:3837)
==433== by 0x417119: exec (exec.c:1376)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433==
==433== Invalid read of size 8
==433== at 0x42A6E1: input_readch (input.c:445)
==433== by 0x42508F: reader_readline (reader.c:2587)
==433== by 0x426AB9: reader_read (reader.c:2463)
==433== by 0x43A80D: main (fish.c:326)
==433== Address 0x55fa2a0 is 0 bytes inside a block of size 16 free'd
==433== at 0x4C23A18: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==433== by 0x42A557: input_mapping_erase (input.c:565)
==433== by 0x40C0EC: builtin_bind (builtin.c:564)
==433== by 0x4105A1: builtin_run (builtin.c:3837)
==433== by 0x417119: exec (exec.c:1376)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433==
==433== Invalid read of size 8
==433== at 0x42A5A1: input_exec_binding (input.c:379)
==433== by 0x42A7AF: input_readch (input.c:454)
==433== by 0x42508F: reader_readline (reader.c:2587)
==433== by 0x426AB9: reader_read (reader.c:2463)
==433== by 0x43A80D: main (fish.c:326)
==433== Address 0x55fa2a8 is 8 bytes inside a block of size 16 free'd
==433== at 0x4C23A18: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==433== by 0x42A557: input_mapping_erase (input.c:565)
==433== by 0x40C0EC: builtin_bind (builtin.c:564)
==433== by 0x4105A1: builtin_run (builtin.c:3837)
==433== by 0x417119: exec (exec.c:1376)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433==
==433== Invalid read of size 8
==433== at 0x42A78A: input_readch (input.c:500)
==433== by 0x42508F: reader_readline (reader.c:2587)
==433== by 0x426AB9: reader_read (reader.c:2463)
==433== by 0x43A80D: main (fish.c:326)
==433== Address 0x55fa2a0 is 0 bytes inside a block of size 16 free'd
==433== at 0x4C23A18: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==433== by 0x42A557: input_mapping_erase (input.c:565)
==433== by 0x40C0EC: builtin_bind (builtin.c:564)
==433== by 0x4105A1: builtin_run (builtin.c:3837)
==433== by 0x417119: exec (exec.c:1376)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433==
==433== Invalid read of size 8
==433== at 0x42A5A1: input_exec_binding (input.c:379)
==433== by 0x42A7F7: input_readch (input.c:524)
==433== by 0x42508F: reader_readline (reader.c:2587)
==433== by 0x426AB9: reader_read (reader.c:2463)
==433== by 0x43A80D: main (fish.c:326)
==433== Address 0x55fa2a8 is 8 bytes inside a block of size 16 free'd
==433== at 0x4C23A18: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==433== by 0x42A557: input_mapping_erase (input.c:565)
==433== by 0x40C0EC: builtin_bind (builtin.c:564)
==433== by 0x4105A1: builtin_run (builtin.c:3837)
==433== by 0x417119: exec (exec.c:1376)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433== by 0x4168CA: T.90 (exec.c:802)
==433== by 0x416FB7: exec (exec.c:1227)
==433== by 0x420BE5: eval (parser.c:2376)
==433==[/code]
I'm not expert in debugging with gdb and valgrind. I'm still learning how to do it so if you have suggestions please post. As soon as possible I will post this in the fish-users mail list. I don't hope I will receive any answer soon that's why I'm trying to fix this thing myself.
This is the function ~/.config/fish/functions/keybindings.fish:
function keybindings -d "User keybindings"
fish_default_key_bindings
bind \eu 'cd .. ; commandline -f repaint'
bind \e\. history-token-search-backward
bind \eg __fish_grep
bind \eh 'commandline -aj "~/"; commandline -f end-of-line'
bind \es 'commandline -aj "/etc/rc.d/"; commandline -f end-of-line'
bind \ej prevd-or-backward-word
bind \ek nextd-or-forward-word
end
Then I added this to my ~/.config/fish/config.fish
set -U fish_key_bindings keybindings
I don't know why but this thing has a strange effect on fish. If you start several terminal emulators and then switch between them they begin to crash.
Another strange thing is that once a terminal emulator has obtained the focus and you start writing the first character get lost.
For example you start writing ls and on the prompt you get just s. Weird. This happens only the first time you start writing then everything goes fine until the crash :D.
Anyway, I solved this by copying fish_default_keybindings.fish from /usr/share/fish/functions to ~/.config/fish/functions.
I added to this function my key bindings and now the problem seems to be fixed.