Ubuntu
vim package

(various) crashed with SIGSEGV in g_atomic_int_exchange_and_add()/g_variant_unref/?libappmenu.so/g_simple_async_result_complete

Bug #703988 reported by Jean-Baptiste Lallement
386
This bug affects 46 people
Affects Status Importance Assigned to Milestone
AppMenu GTK+
Fix Released
Undecided
Unassigned
appmenu-gtk (Ubuntu)
Fix Released
Medium
Unassigned
vim (Ubuntu)
Invalid
Low
Unassigned

Bug Description

Binary package hint: vim

gvim crashes randomly, with no specific action from the user and no specific configuration.

Test Case
- Open a terminal and run:
  $ gvim some_file
- Wait until it crashes (usually less then a minute)

Result:
$ Vim: Caught deadly signal SEGV
Vim: Finished.

I can reproduce it on 2 different system (a netbook and a laptop) with an up to date Natty.

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: vim-gnome 2:7.3.035+hg~8fdc12103333-1ubuntu2
ProcVersionSignature: Ubuntu 2.6.37-12.26-generic 2.6.37
Uname: Linux 2.6.37-12-generic i686
Architecture: i386
Date: Mon Jan 17 15:59:39 2011
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/vim.gnome
ProcCmdline: gvim magomatic
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LC_MESSAGES=en_US.utf8
 LANG=en_US.utf8
 LANGUAGE=en_US:en
SegvAnalysis:
 Segfault happened at: 0xda7832: ret
 PC (0x00da7832) ok
 destination "(%esp)" (0xbfe6e8b8) ok
 SP (0xbfe6e8b8) ok
 Reason could not be automatically determined.
Signal: 11
SourcePackage: vim
StacktraceTop:
 g_atomic_int_exchange_and_add () from /lib/libglib-2.0.so.0
 g_variant_unref () from /lib/libglib-2.0.so.0
 ?? () from /usr/lib/gtk-2.0/2.10.0/menuproxies/libappmenu.so
 g_simple_async_result_complete () from /usr/lib/libgio-2.0.so.0
 ?? () from /usr/lib/libgio-2.0.so.0
Title: vim.gnome crashed with SIGSEGV in g_atomic_int_exchange_and_add()
UserGroups: adm admin audio cdrom dialout dip floppy fuse libvirtd lpadmin netdev plugdev scanner sudo video

See original description

Related branches

lp:~ted/appmenu-gtk/unref-if-non-null
Conor Curran (community): Approve
Diff: 17 lines (+6/-1)
1 file modified
src/bridge.c (+6/-1)
lp:~canonical-dx-team/appmenu-gtk/ubuntu
Ken VanDine: Pending requested
Diff: 16203 lines (+5946/-3346)
18 files modified
Makefile.in (+3/-1)
aclocal.m4 (+8/-6)
build/Makefile.in (+3/-1)
build/autotools/Makefile.in (+3/-1)
build/autotools/libtool.m4 (+1256/-782)
build/autotools/ltoptions.m4 (+7/-6)
build/autotools/ltversion.m4 (+6/-6)
build/autotools/lt~obsolete.m4 (+9/-3)
config.guess (+120/-105)
config.sub (+101/-55)
configure (+1796/-966)
configure.ac (+1/-1)
debian/changelog (+10/-0)
debian/patches/01_remove_unused_variables.patch (+0/-19)
debian/patches/series (+0/-1)
ltmain.sh (+2619/-1390)
src/Makefile.in (+3/-1)
src/bridge.c (+1/-2)
lp:ubuntu/natty/appmenu-gtk
lp:ubuntu/raring-proposed/appmenu-gtk
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :
Jean-Baptiste Lallement (jibel)
description: updated
Jean-Baptiste Lallement (jibel)
tags: added: mago
Jean-Baptiste Lallement (jibel)
description: updated
Revision history for this message
Michael Bienia (geser) wrote :

As you mentioned in your original bug description that you switched your font, does it only happen with that font or with other fonts too?

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

No it happens with the default configuration too (no ~/.vimrc)
The only file in ~/.vim is a file named .netrwhist and there is also the file .viminfo in $HOME
So nothing fantastic.

The only steps to reproduce are:
- From the command line run:
  $ gvim some_file
- Wait until it crashes (usually less then a minute)

I can reproduce it on 2 different system (a netbook and a laptop) with an up to date Natty.

I'm sorry for this poor report, let me know if and how I can gather more useful informations.

description: updated
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

While I am able to reproduce it repeatedly on Unity, I didn't had a single crash when running the Classic Desktop.

Revision history for this message
David Planella (dpm) wrote :

I can confirm the last comment. I've been using the classic desktop for a while and today I tested Unity again.

While vim does not crash in the classic desktop, I can reproduce the crash every time under Unity.

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

bug 713192 looks like this one but for gnome-terminal.
I'm adding a task for dbusmenu because it seems involved somehow from the stacktrace.

Note that since the latest update update, I experience gnome-terminal crashes as well.

Revision history for this message
kyleabaker (kyleabaker) wrote :

bug 713419 looks like this one but for nautilus. I'm also seeing the gnome-terminal bug as well.

Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

confirmed due to comment #5 saying he also had same problem.

Changed in libdbusmenu (Ubuntu):
status: New → Confirmed
Charlie Kravetz (cjkgeek)
Changed in libdbusmenu (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Dave Gilbert (ubuntu-treblig)
summary: - vim.gnome crashed with SIGSEGV in g_atomic_int_exchange_and_add()
+ (various) crashed with SIGSEGV in
+ g_atomic_int_exchange_and_add()/g_variant_unref/?libappmenu.so/g_simple_async_result_complete
Revision history for this message
Amit Kucheria (amitk) wrote :

My log is also littered with application crashes all over (evince, gnome-terminal, eog, gvfs-smb, banshee, etc.) that seem to link back to libglib. And I am using the Classic desktop since I'm using a nouveau driver. Should I file separate bugs for each of these?

e.g.
[ 9479.287320] gnome-terminal[1927]: segfault at 24 ip 00007f7c163220b2 sp 00007fff93701c78 error 6 in libglib-2.0.so.0.2793.0[7f7c16309000+ed000]
[ 9504.078613] gnome-terminal[8133]: segfault at 24 ip 00007fd10aa360b2 sp 00007fff24467bd8 error 6 in libglib-2.0.so.0.2793.0[7fd10aa1d000+ed000]

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

Just had this problem during automated desktop testing with the character map (gucharmap) application

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

same problem in a fresh an up to date Natty VM with simple-scan

Revision history for this message
Evan (ev) wrote :

You can work around this temporarily by not loading the dbus menu proxy (UBUNTU_MENUPROXY=).

Revision history for this message
Sebastien Bacher (seb128) wrote :

Could someone get a debug stacktrace?

Revision history for this message
Sebastien Bacher (seb128) wrote :

the issue is not a vim one

Changed in vim (Ubuntu):
importance: Undecided → Low
status: New → Invalid
Revision history for this message
Sebastien Bacher (seb128) wrote :

bug #713281 has a debug retracing

Revision history for this message
Sebastien Bacher (seb128) wrote :

debug stacktrace from the retracer:

"#0 0x00007f0c0196e0b2 in g_atomic_int_exchange_and_add (atomic=0x24, val=-1)
    at /build/buildd/glib2.0-2.27.93/glib/gatomic-gcc.c:29
No locals.
#1 0x00007f0c019d3cd2 in g_variant_unref (value=0x0)
    at /build/buildd/glib2.0-2.27.93/glib/gvariant-core.c:363
No locals.
#2 0x00007f0bf6e3c16d in register_application_window_cb (object=0x229c5c0,
    res=0x2497800, user_data=0x2355920) at bridge.c:324
 error = (GError *) 0x235bbc0
 context = (AppWindowContext *) 0x2355920
 variants = <value optimized out>
#3 0x00007f0c02cc22a2 in reply_cb (connection=0x2201120, res=0x248d8c0,
    user_data=<value optimized out>)
    at /build/buildd/glib2.0-2.27.93/gio/gdbusproxy.c:2109
 simple = (GSimpleAsyncResult *) 0x2497800
 value = <value optimized out>
 error = (GError *) 0x235bbc0
#4 0x00007f0c02cb7f54 in g_dbus_connection_call_done (
    source=<value optimized out>, result=<value optimized out>,
    user_data=0x25caac0)
    at /build/buildd/glib2.0-2.27.93/gio/gdbusconnection.c:3075
 connection = <value optimized out>
 state = (CallState *) 0x25caac0
 error = (GError *) 0x235bbc0
 reply = (GDBusMessage *) 0x0
 value = <value optimized out>
#5 0x00007f0c02c70fec in complete_in_idle_cb (data=0x24ae180)
    at /build/buildd/glib2.0-2.27.93/glib/gthread.h:347
 simple = <value optimized out>"

Ted Gould (ted)
affects: dbusmenu → indicator-appmenu
affects: libdbusmenu (Ubuntu) → appmenu-gtk (Ubuntu)
affects: indicator-appmenu → appmenu-gtk
Changed in appmenu-gtk:
status: New → Fix Committed
Sebastien Bacher (seb128)
Changed in appmenu-gtk (Ubuntu):
status: Triaged → Fix Committed
Ted Gould (ted)
Changed in appmenu-gtk:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package appmenu-gtk - 0.1.93-0ubuntu1

---------------
appmenu-gtk (0.1.93-0ubuntu1) natty; urgency=low

  * New upstream release.
    * Protect variant from being unref'd when NULL (LP: #703988)
    * Check to see if the item is already realized and parse
      immediately if it is.
 -- Ted Gould <email address hidden> Fri, 11 Feb 2011 09:40:27 -0600

Changed in appmenu-gtk (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Namlee85 (namlee85) wrote :

Well it happened when i tried to resize a picture

Revision history for this message
Matteo Rossi (teo-red90) wrote :

Still happens to me when using Lyx

Revision history for this message
Alistair Buxton (a-j-buxton) wrote :

This bug is still present with appmenu-gtk 0.2.1-0ubuntu1

To reproduce it, simply move around in any GTK application's menus as rapidly as you can.

The bug seems to be a race condition. It is harder to reproduce with light-themes because they render the menu so slowly.

Revision history for this message
Alistair Buxton (a-j-buxton) wrote :

Cannot reopen this bug so I opened bug 763633.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.