vterm sometimes crashes

[Maurizio Lombardi]

Sometimes vterm crashes when playing with command history and command completion.
I didn't find a reliable way to reproduce it yet but I have a stack trace:

[/app/vterm(59)] Assertion failed (scrbuf->row < scrbuf->rows) in task 59, file "generic/io/chargrid.c", line 145.
[/app/vterm(59)] 0x0000000000ad3d80: 0x0000000000416665()
[/app/vterm(59)] 0x0000000000ad3db0: 0x0000000000416828()
[/app/vterm(59)] 0x0000000000ad3dd0: 0x0000000000409736()
[/app/vterm(59)] 0x0000000000ad3e30: 0x00000000004013f4()
[/app/vterm(59)] 0x0000000000ad3f40: 0x000000000040d006()
[/app/vterm(59)] 0x0000000000ad3fd0: 0x0000000000413d80()
[/app/vterm(59)] 0x0000000000ad3ff0: 0x00000000004115b9()
[/app/vterm(59)] -- end of stack trace --
[/srv/taskmon(16)] taskmon: Task 59 fault in thread 0xffffffff84d293d0.
[/srv/taskmon(16)] taskmon: Executing /app/taskdump -t 59
[/app/taskdump(71)] Task Dump Utility
[/app/taskdump(71)] Dumping task '/app/vterm' (task ID 59).
[/app/taskdump(71)] Loaded symbol table from /app/vterm
[/app/taskdump(71)] Threads:
[/app/taskdump(71)]  [1] hash: 0xffffffff84d293d0
[/app/taskdump(71)] Thread 0xffffffff84d293d0: PC = 0x000000000040fe13 (_ready_list_pop.constprop.15+339). FP = 0x000000000064dfa0
[/app/taskdump(71)]   0x000000000064dfa0: 0x000000000040fe13 (_ready_list_pop.constprop.15+339)
[/app/taskdump(71)]   0x000000000064dfd0: 0x000000000041158e (_helper_fibril_fn+62)
[/app/taskdump(71)]   0x000000000064dff0: 0x00000000004115b9 (_fibril_main+41)
[/app/taskdump(71)] Address space areas:
[/app/taskdump(71)]  [1] flags: R-XC base: 0x0000000000400000 size: 122880
[/app/taskdump(71)]  [2] flags: RW-C base: 0x000000000061d000 size: 172032
[/app/taskdump(71)]  [3] flags: RW-C base: 0x0000000000647000 size: 4096
[/app/taskdump(71)]  [4] flags: RW-C base: 0x0000000000649000 size: 4096
[/app/taskdump(71)]  [5] flags: RW-C base: 0x000000000064b000 size: 4096
[/app/taskdump(71)]  [6] flags: RW-C base: 0x000000000064d000 size: 4096
[/app/taskdump(71)]  [7] flags: R--C base: 0x000000000064f000 size: 4096
[/app/taskdump(71)]  [8] flags: RW-C base: 0x0000000000650000 size: 159744
[/app/taskdump(71)]  [9] flags: RW-C base: 0x0000000000678000 size: 1048576
[/app/taskdump(71)]  [10] flags: RW-C base: 0x0000000000779000 size: 1048576
[/app/taskdump(71)]  [11] flags: RW-C base: 0x000000000087a000 size: 1318912
[/app/taskdump(71)]  [12] flags: RW-C base: 0x00000000009bc000 size: 94208
[/app/taskdump(71)]  [13] flags: RW-C base: 0x00000000009d4000 size: 1048576
[/app/taskdump(71)]  [14] flags: RW-C base: 0x0000000000ad5000 size: 1048576
[/app/taskdump(71)]  [15] flags: RW-C base: 0x0000000000bd6000 size: 1048576
[/app/taskdump(71)]  [16] flags: R-XC base: 0x0000000070000000 size: 86016
[/app/taskdump(71)]  [17] flags: RW-C base: 0x0000000070215000 size: 126976
[/app/taskdump(71)]  [18] flags: RW-C base: 0x0000000070234000 size: 4096
[/app/taskdump(71)]  [19] flags: RW-C base: 0x0000000070235000 size: 4096
[/app/taskdump(71)]  [20] flags: RW-C base: 0x0000000070237000 size: 4096
[/app/taskdump(71)]  [21] flags: RW-C base: 0x0000000070239000 size: 4096
[/app/taskdump(71)]  [22] flags: RW-C base: 0x000000007023b000 size: 4096
[/app/taskdump(71)]  [23] flags: R--C base: 0x000000007023d000 size: 4096
[/app/taskdump(71)]  [24] flags: RW-C base: 0x000000007023e000 size: 4096
[/app/taskdump(71)]  [25] flags: RW-C base: 0x0000000070240000 size: 1048576
[/app/taskdump(71)]  [26] flags: RW-C base: 0x00007ffffff00000 size: 1048576
[/app/taskdump(71)] Fibril 0x00000000006293e0:
[/app/taskdump(71)]   0x000000007033fc90: 0x0000000000416911 (context_swap+17)
[/app/taskdump(71)]   0x000000007033fcc0: 0x0000000000410543 (_fibril_switch_to+227)
[/app/taskdump(71)]   0x000000007033fd80: 0x0000000000410b60 (fibril_wait_timeout+560)
[/app/taskdump(71)]   0x000000007033fda0: 0x0000000000414549 (async_manager+25)
[/app/taskdump(71)]   0x000000007033fdc0: 0x000000000040022c (_start+0)
[/app/taskdump(71)]   0x000000007033fdf0: 0x0000000000405ef9 (__libc_main+393)
[/app/taskdump(71)]   0x000000007033fe10: 0x00000000004002d3 (__c_start+147)
[/app/taskdump(71)]   0x000000007033fe20: 0x0000000000400238 (_start+12)
[/app/taskdump(71)] Fibril 0x0000000000647c30:
[/app/taskdump(71)]   0x0000000000649df0: 0x0000000000416911 (context_swap+17)
[/app/taskdump(71)]   0x0000000000649e20: 0x0000000000410543 (_fibril_switch_to+227)
[/app/taskdump(71)]   0x0000000000649ee0: 0x0000000000410b60 (fibril_wait_timeout+560)
[/app/taskdump(71)]   0x0000000000649f30: 0x00000000004117d5 (fibril_ipc_wait+197)
[/app/taskdump(71)]   0x0000000000649fd0: 0x00000000004139ab (async_manager_fibril+27)
[/app/taskdump(71)]   0x0000000000649ff0: 0x00000000004115b9 (_fibril_main+41)
[/app/taskdump(71)] Fibril 0x000000000064b870:
[/app/taskdump(71)]   0x000000000064df80: 0x0000000000416911 (context_swap+17)
[/app/taskdump(71)]   0x000000000064dfa0: 0x00000000004102ab (_fibril_switch_to.constprop.17+187)
[/app/taskdump(71)]   0x000000000064dfd0: 0x000000000041158e (_helper_fibril_fn+62)
[/app/taskdump(71)]   0x000000000064dff0: 0x00000000004115b9 (_fibril_main+41)
[/app/taskdump(71)] Fibril 0x000000000066c410:
[/app/taskdump(71)]   0x0000000000777d70: 0x0000000000416911 (context_swap+17)
[/app/taskdump(71)]   0x0000000000777da0: 0x0000000000410543 (_fibril_switch_to+227)
[/app/taskdump(71)]   0x0000000000777e60: 0x0000000000410b60 (fibril_wait_timeout+560)
[/app/taskdump(71)]   0x0000000000777ed0: 0x0000000000411d79 (fibril_condvar_wait_timeout.constprop.8+201)
[/app/taskdump(71)]   0x0000000000777f00: 0x00000000004154b3 (prodcons_consume+51)
[/app/taskdump(71)]   0x0000000000777fd0: 0x0000000000402448 (event_loop+56)
[/app/taskdump(71)]   0x0000000000777ff0: 0x00000000004115b9 (_fibril_main+41)
[/app/taskdump(71)] Fibril 0x000000000066c5d0:
[/app/taskdump(71)]   0x0000000000878d60: 0x0000000000416911 (context_swap+17)
[/app/taskdump(71)]   0x0000000000878d90: 0x0000000000410543 (_fibril_switch_to+227)
[/app/taskdump(71)]   0x0000000000878e50: 0x0000000000410b60 (fibril_wait_timeout+560)
[/app/taskdump(71)]   0x0000000000878ef0: 0x000000000041378f (async_data_read_start+127)
[/app/taskdump(71)]   0x0000000000878fa0: 0x000000000040d24b (win_get_event+75)
[/app/taskdump(71)]   0x0000000000878fd0: 0x0000000000401e65 (fetch_input+37)
[/app/taskdump(71)]   0x0000000000878ff0: 0x00000000004115b9 (_fibril_main+41)
[/app/taskdump(71)] Fibril 0x000000000066d760:
[/app/taskdump(71)]   0x0000000000ad3c40: 0x0000000000416911 (context_swap+17)
[/app/taskdump(71)]   0x0000000000ad3d40: 0x000000000040a03e (kio_printf+190)
[/app/taskdump(71)]   0x0000000000ad3d80: 0x00000000004166f2 (stacktrace_kio_print+162)
[/app/taskdump(71)]   0x0000000000ad3db0: 0x000000000041686b (__syscall+0)
[/app/taskdump(71)]   0x0000000000ad3dd0: 0x0000000000409736 (chargrid_putwchar+278)
[/app/taskdump(71)]   0x0000000000ad3e30: 0x00000000004013f4 (term_write+244)
[/app/taskdump(71)]   0x0000000000ad3f40: 0x000000000040d006 (con_conn+966)
[/app/taskdump(71)]   0x0000000000ad3fd0: 0x0000000000413d80 (connection_fibril+128)
[/app/taskdump(71)]   0x0000000000ad3ff0: 0x00000000004115b9 (_fibril_main+41)
[/app/taskdump(71)] Fibril 0x000000000066dbf0:
[/app/taskdump(71)]   0x0000000000bd4cb0: 0x0000000000416911 (context_swap+17)
[/app/taskdump(71)]   0x0000000000bd4ce0: 0x0000000000410543 (_fibril_switch_to+227)
[/app/taskdump(71)]   0x0000000000bd4da0: 0x0000000000410b60 (fibril_wait_timeout+560)
[/app/taskdump(71)]   0x0000000000bd4df0: 0x0000000000416d8b (mpsc_receive+43)
[/app/taskdump(71)]   0x0000000000bd4e30: 0x0000000000413f1b (async_get_call_timeout+75)
[/app/taskdump(71)]   0x0000000000bd4f40: 0x000000000040cca9 (con_conn+105)
[/app/taskdump(71)]   0x0000000000bd4fd0: 0x0000000000413d80 (connection_fibril+128)
[/app/taskdump(71)]   0x0000000000bd4ff0: 0x00000000004115b9 (_fibril_main+41)
[/app/taskdump(71)] Fibril 0x000000000066e080:
[/app/taskdump(71)]   0x0000000000cd5cb0: 0x0000000000416911 (context_swap+17)
[/app/taskdump(71)]   0x0000000000cd5ce0: 0x0000000000410543 (_fibril_switch_to+227)
[/app/taskdump(71)]   0x0000000000cd5da0: 0x0000000000410b60 (fibril_wait_timeout+560)
[/app/taskdump(71)]   0x0000000000cd5df0: 0x0000000000416d8b (mpsc_receive+43)
[/app/taskdump(71)]   0x0000000000cd5e30: 0x0000000000413f1b (async_get_call_timeout+75)
[/app/taskdump(71)]   0x0000000000cd5f40: 0x000000000040cca9 (con_conn+105)
[/app/taskdump(71)]   0x0000000000cd5fd0: 0x0000000000413d80 (connection_fibril+128)
[/app/taskdump(71)]   0x0000000000cd5ff0: 0x00000000004115b9 (_fibril_main+41)

[Jakub Jermář]

If you are playing with reproducing this, it would be worth to try with a -O0 build so that the stack trace is more useful.

[Jiri Svoboda]

I can reproduce this if I fill up the entire row with a nonsensical command and then append (space)/app such that the last 'p' is on the last column (i.e. the cursor is on the first cell of the next row) and then hitting tab three times.

[Jiri Svoboda]

term_set_pos does not validate its arguments and here it gets called with col=1 row=30.

[Jiri Svoboda]

tinput sometimes forgot to correct screen position when it could have gone beyond the end of a screen / scrolling occurred. This led to out-of-bound position being set via console_set_pos(). The server-side function cons_set_pos / term_set_pos would not check the arguments and pass them to chargrid_set_cursor(). chargrid_set_cursor would assert that the arguments are in bounds. This assertion would fail.

The fix is to always correct the screen position before calling console_set_pos(). In chargrid_set_curosr() instead of asserting the arguments are in range, we check them and, if they are out of range, we do nothing.

Fixed in ​68f1254cd6b6939598f1d7d4cbb6620555f6523d.