Eli Zaretskii writes: >> From: Oliver Reiter >> Date: Fri, 14 Mar 2025 21:34:32 +0100 >> >> After weeks of no crash, emacs crashed on me today again. >> >> [New Thread 0x7fffb3bb96c0 (LWP 54691)] >> [Thread 0x7fffb3bb96c0 (LWP 54691) exited] >> ... quite a lot of those >> [New Thread 0x7fffb3bb96c0 (LWP 54696)] >> [Thread 0x7fffb3bb96c0 (LWP 54696) exited] >> [New Thread 0x7fffb3bb96c0 (LWP 54709)] >> [Thread 0x7fffb3bb96c0 (LWP 54709) exited] >> [New Thread 0x7fffb3bb96c0 (LWP 54751)] >> [Switching to Thread 0x7fffb3bb96c0 (LWP 54751)] >> >> Thread 409 "diff-hl--update" hit Breakpoint 1, terminate_due_to_signal (sig=6, backtrace_limit=40) at /home/reitero/build/sources/emacs/emacs_debug/src/emacs.c:425 >> 425 { >> (gdb) bt >> #0 terminate_due_to_signal (sig=6, backtrace_limit=40) at /home/reitero/build/sources/emacs/emacs_debug/src/emacs.c:425 >> #1 0x00005555556d31a5 in emacs_abort () at /home/reitero/build/sources/emacs/emacs_debug/src/sysdep.c:2378 >> #2 0x000055555579fa76 in fix_lisp_obj (ss=ss@entry=0x7fffb3bb81a8, pobj=pobj@entry=0x555556f67eb0) at /home/reitero/build/sources/emacs/emacs_debug/src/igc.c:1132 > > This is here: > > mps_word_t tag = word & IGC_TAG_MASK; > if (tag `= Lisp_Int0 || tag =' Lisp_Int1) > return MPS_RES_OK; > else if (tag == Lisp_Type_Unused0) > emacs_abort (); <<<<<<<<<<<<<<<<<<<<<<<<<< > > Called from here: > > case SPECPDL_UNWIND: > IGC_FIX12_OBJ (ss, &pdl->unwind.arg); > break; > > Can you show the contents of 'pdl' here? I am not that proficient in debugging, do you mean like this? From 'bt full', I figured that 'pdl' is at 0x555556f67ea0: #2 0x000055555579fa76 in fix_lisp_obj (ss=ss@entry=0x7fffb3bb81a8, pobj=pobj@entry=0x555556f67eb0) at /home/reitero/build/sources/emacs/emacs_debug/src/igc.c:1132 word = p = 0x555556f67eb0 tag = 1 client = base = res = _ss = 0x7fffb3bb81a8 _mps_zs = _mps_ufs = 0 _mps_wt = _mps_w = #3 0x00005555557a1040 in scan_specpdl (ss=0x7fffb3bb81a8, start=, end=0x555556f684e0, closure=) at /home/reitero/build/sources/emacs/emacs_debug/src/igc.c:1535 res = pdl = 0x555556f67ea0 t = _ss = 0x7fffb3bb81a8 _mps_zs = _mps_ufs = 0 _mps_wt = _mps_w = So: (gdb) p *(struct Lisp_String *)0x555556f67ea0 $5 = { gc_header = { v = 1, gcaligned = 1 '\001' }, u = { s = { size = 1, size_byte = 4294967297, intervals = 0x1, data = 0x0 }, next = 0x1, gcaligned = 1 '\001' } } This should then be pdl->unwind.arg, I guess: (gdb) p *(struct Lisp_String *)0x555556f67eb0 $4 = { gc_header = { v = 4294967297, gcaligned = 1 '\001' }, u = { s = { size = 1, size_byte = 0, intervals = 0x0, data = 0x1287 }, next = 0x1, gcaligned = 1 '\001' } } If you meant something else, happy to help. Oliver