Pip Cet writes: > "Oliver Reiter" writes: > >> Eli Zaretskii writes: >> >>>> Date: Sun, 09 Feb 2025 11:43:51 +0000 >>>> From: Pip Cet >>>> Cc: oliver.reiter@snapdragon.cc, 76133@debbugs.gnu.org >>>> >>>> "Eli Zaretskii" writes: >>>> >>>> > I just don't yet understand the root cause of this crash. We had in >>>> > the past crashes similar to this, due to invalid Lisp objects, which >>>> > had nothing to do with GC. I thought it would be good to see what >>>> > that object is before we decide this was solved. >>>> >>>> The Lisp object in question (0x7fffa7debfb3) was stored in the specpdl, >>>> then retrieved from it. We know that our code to resize the specpdl was >>>> buggy and may have resulted in stale pointers after a resize happened. >>>> >>>> > Why are you sure this bug was already fixed? >>>> >>>> I'm not sure, I just think it's likely enough we might want to wait for >>>> a new crash report if it hasn't been fixed :-) >>> >>> I think we are very close to seeing this object, so it might be >>> worthwhile to wait until we see it. >>> >>> It is also good to know what was the error Emacs was trying to signal >>> in this case. >> >> I can get to the object 0x7fffa7debfb3, but it doesn't tell me much: >> >> (gdb) fr 20 >> #20 0x00005555556b4d55 in cmd_error (data=XIL(0x7fffb59141b3)) >> at /home/reitero/build/sources/emacs/emacs/src/keyboard.c:1021 >> 1021 cmd_error_internal (data, macroerror); >> (gdb) p data >> $28 = XIL(0x7fffb59141b3) > > So $28 is a cons cell. > >> (gdb) xcar >> $29 = 0x175d8 >> (gdb) xsymbol >> $30 = (struct Lisp_Symbol *) 0x555555954418 >> "wrong-type-argument" > > The car of $28 is the symbol wrong-type-argument > >> (gdb) xcdr >> $31 = 0x0 >> (gdb) p data >> $32 = XIL(0x7fffb59141b3) >> (gdb) xcdr >> $33 = 0x7fffb591419b >> (gdb) xcdr >> $34 = 0x7fffb5914183 >> (gdb) xcar >> $35 = 0x7fffa7debfb3 > > And the caddr is $35, also apparently a cons cell > >> (gdb) xtype >> Lisp_Cons >> (gdb) xcar >> $36 = 0x7fffaa1962f0 > > but the car of $35 is invalid, since it seems to be an untagged pointer, > not a symbol-tagged one. > >> (gdb) xtype >> Lisp_Symbol >> (gdb) xsymbol >> $37 = (struct Lisp_Symbol *) 0xd554ffad3130 >> Cannot access memory at address 0xd554ffad3140 >> >> (gdb) fr 20 >> #20 0x00005555556b4d55 in cmd_error (data=XIL(0x7fffb59141b3)) >> at /home/reitero/build/sources/emacs/emacs/src/keyboard.c:1021 >> 1021 cmd_error_internal (data, macroerror); >> (gdb) p data >> $38 = XIL(0x7fffb59141b3) >> (gdb) xcar >> $39 = 0x175d8 >> (gdb) xsymbol >> $40 = (struct Lisp_Symbol *) 0x555555954418 >> "wrong-type-argument" >> (gdb) p data >> $41 = XIL(0x7fffb59141b3) >> (gdb) xcdr >> $42 = 0x7fffb591419b >> (gdb) xcdr >> $43 = 0x7fffb5914183 >> (gdb) xcar >> $44 = 0x7fffa7debfb3 >> (gdb) xtype >> Lisp_Cons >> (gdb) xcdr >> $45 = 0x0 >> (gdb) xtype >> Lisp_Symbol >> (gdb) xsymbol >> $46 = (struct Lisp_Symbol *) 0x55555593ce40 >> "nil" >> >> Is there something else I can try? > > > You could try looking at the cadr: > > p data > xcdr > xcar > > That might tell us what kind of object was found to be invalid. We then > put an entry into the specpdl about it and it was likely lost during the > resizing operation, resulting in the invalid caddr. > > Pip Sure, here you go. I seem to be going in circles: (gdb) fr 20 #20 0x00005555556b4d55 in cmd_error (data=XIL(0x7fffb59141b3)) at /home/reitero/build/sources/emacs/emacs/src/keyboard.c:1021 1021 cmd_error_internal (data, macroerror); (gdb) p data $3 = XIL(0x7fffb59141b3) (gdb) xcdr $4 = 0x7fffb591419b (gdb) xcar $5 = 0xd8c8 (gdb) xtype Lisp_Symbol (gdb) xsymbol $6 = (struct Lisp_Symbol *) 0x55555594a708 "keymapp" (gdb) p data $7 = XIL(0x7fffb59141b3) (gdb) xcar $8 = 0x175d8 (gdb) xtype Lisp_Symbol (gdb) xsymbol $9 = (struct Lisp_Symbol *) 0x555555954418 "wrong-type-argument" (gdb) p data $10 = XIL(0x7fffb59141b3) (gdb) xcdr $11 = 0x7fffb591419b (gdb) xcar $12 = 0xd8c8 (gdb) xtype Lisp_Symbol (gdb) xsymbol $13 = (struct Lisp_Symbol *) 0x55555594a708 "keymapp" (gdb) p data $14 = XIL(0x7fffb59141b3) (gdb) xcdr $15 = 0x7fffb591419b (gdb) xcdr $16 = 0x7fffb5914183 (gdb) xcar $17 = 0x7fffa7debfb3 (gdb) xtype Lisp_Cons (gdb) xcar $18 = 0x7fffaa1962f0 (gdb) xtype Lisp_Symbol (gdb) xsymbol $19 = (struct Lisp_Symbol *) 0xd554ffad3130 Cannot access memory at address 0xd554ffad3140 (gdb) fr 20 #20 0x00005555556b4d55 in cmd_error (data=XIL(0x7fffb59141b3)) at /home/reitero/build/sources/emacs/emacs/src/keyboard.c:1021 1021 cmd_error_internal (data, macroerror); (gdb) p data $20 = XIL(0x7fffb59141b3) (gdb) xcdr $21 = 0x7fffb591419b (gdb) xcdr $22 = 0x7fffb5914183 (gdb) xcar $23 = 0x7fffa7debfb3 (gdb) xtype Lisp_Cons (gdb) xcdr $24 = 0x0 (gdb) fr 20 #20 0x00005555556b4d55 in cmd_error (data=XIL(0x7fffb59141b3)) at /home/reitero/build/sources/emacs/emacs/src/keyboard.c:1021 1021 cmd_error_internal (data, macroerror); (gdb) p data $25 = XIL(0x7fffb59141b3) (gdb) xcdr $26 = 0x7fffb591419b (gdb) xcar $27 = 0xd8c8 (gdb) xtype Lisp_Symbol (gdb) xsymbol $28 = (struct Lisp_Symbol *) 0x55555594a708 "keymapp" (gdb) xcdr $29 = 0x0 (gdb) p data $30 = XIL(0x7fffb59141b3) (gdb) xcdr $31 = 0x7fffb591419b (gdb) xcar $32 = 0xd8c8 (gdb) xtype Lisp_Symbol (gdb) xsymbol $33 = (struct Lisp_Symbol *) 0x55555594a708 "keymapp"