GNU bug report logs - #18161
24.3.92; Crash in do_switch_frame

Previous Next

Package: emacs;

Reported by: Mat Smiglarski <penthief <at> SDF.ORG>

Date: Thu, 31 Jul 2014 22:07:01 UTC

Severity: normal

Found in version 24.3.92

Fixed in version 24.3.93

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #23 received at 18161 <at> debbugs.gnu.org (full text, mbox):

From: Mat Smiglarski <penthief <at> SDF.ORG>
To: Mat Smiglarski <penthief <at> sdf.org>
Cc: Dmitry Antipov <dmantipov <at> yandex.ru>, 18161 <at> debbugs.gnu.org
Subject: Re: bug#18161: 24.3.92; Crash in do_switch_frame
Date: Sat, 02 Aug 2014 20:00:16 +0100

Here is a similar segfault but without the winner-mode dependency. 
`crash-frames' is analogous to `winner-modified-list'.

1. Start emacs

$ emacs -Q

2. Type the following into the scratch buffer:

(defvar crash-frame-list nil)

(defun debug-hook-post-command ()
  (dolist (frame crash-frame-list)
    (print (frame-parameters frame) #'external-debugging-output)))

(defun debug-hook-window-configuration-change ()
  (push (selected-frame) crash-frame-list))

(add-hook 'post-command-hook 'debug-hook-post-command)
(add-hook 'window-configuration-change-hook 
'debug-hook-window-configuration-change)

(make-frame '((left . unbound-symbol)))

3. M-x eval-buffer

A segfault now occurs with the following trace

(gdb) set args -Q
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/zz/src/emacs/src/emacs -Q
[Thread debugging using libthread_db enabled]
Using host libthread_db library 
"/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffeb5f3700 (LWP 3426)]
[New Thread 0x7fffea56c700 (LWP 3427)]
[New Thread 0x7fffe9d1b700 (LWP 3428)]

Program received signal SIGSEGV, Segmentation fault.
0x0000000000428cc4 in x_report_frame_params (f=0x1273ad8, 
alistptr=0x7fffffffd510)
    at frame.c:3142
(gdb) bt full 3
#0  0x0000000000428cc4 in x_report_frame_params (f=0x1273ad8, 
alistptr=0x7fffffffd510)
    at frame.c:3142
        tem = 0
        w = 12837042
        buf = 
"\302\232\306\000\000\000\000\000\020\325\377\377\377\177\000\000~\325S\000"
#1  0x0000000000426abc in Fframe_parameters (frame=19348189) at 
frame.c:2231
        alist = 16730822
        f = 0x1273ad8
        height = 35
        width = 80
        gcpro1 = {
          next = 0xff4ac6,
          var = 0x5dca93 <Flength+351>,
          nvars = 9295184
        }
#2  0x00000000005d7f34 in eval_sub (form=16694998) at eval.c:2185
        numargs = 4
        args_left = 12837042
        i = 1
        maxargs = 1
        argvals = {19348189, 140737488344624, 12837042, 12837042, 
140737488344672, 6146707,
          12229408, 16694934}
        fun = 9295189
        val = 0
        original_fun = 13020274
        original_args = 16694950
        funcar = 2
        gcpro1 = {
          next = 0x1273add,
          var = 0x7fffffffd630,
          nvars = 12837042
        }
        gcpro2 = {
          next = 0x1273add,
          var = 0x7fffffffd630,
          nvars = 12837042
        }
        gcpro3 = {
          next = 0x7fffffffd600,
          var = 0x7fffffffd610,
          nvars = 1
        }
(More stack frames follow...)

Lisp Backtrace:
"frame-parameters" (0xffffd610)
"print" (0xffffd6a0)
"while" (0xffffd860)
"let" (0xffffdaa0)
"debug-hook-post-command" (0xffffdcf0)



On 2014-08-02 18:40, Mat Smiglarski wrote:
> On 2014-08-02 18:22, Dmitry Antipov wrote:
>> On 08/02/2014 07:05 PM, Mat Smiglarski wrote:
>> 
>>> Lisp Backtrace:
>>> "select-frame" (0xffffd9c0)
>>> "winner-configuration" (0xffffdb60)
>>> "winner-insert-if-new" (0xffffdd20)
>>> "winner-save-old-configurations" (0xffffdec0)
>> 
>> OK.  So the problem is caused by winner-mode.  Since this bug's 
>> "Recent input"
>> isn't too informative, I should ask about how you're running 
>> winner-mode.
>> Do you have it enabled in your .emacs?
> 
> Here is my .emacs and this should be enough to reproduce the segfault
> at startup.
> 
> (winner-mode)
> (make-frame '((left . unbound-symbol)))
> 
> Here is a better backtrace:
> 
> (gdb) bt full 4
> #0  0x000000000051b898 in x_get_focus_frame (frame=0x12639d8) at 
> xfns.c:3326
>         dpyinfo = 0x53d676 <FRAMEP+29>
>         xfocus = 19282397
> #1  0x0000000000423dab in do_switch_frame (frame=19282397, track=1,
> for_deletion=0,
>     norecord=16355938) at frame.c:839
>         focus = 9294128
>         xfocus = 42959566609
>         sf = 0x11f32d8
> #2  0x0000000000424052 in Fselect_frame (frame=19282397,
> norecord=16355938) at frame.c:913
> No locals.
> #3  0x00000000005d93a1 in Ffuncall (nargs=3, args=0x7fffffffce08) at 
> eval.c:2818
>         fun = 9294133
>         original_fun = 13019330
>         funcar = 6136289
>         numargs = 2
>         lisp_numargs = 140737488342512
>         val = 140737488342480
>         internal_args = 0x7fffffffce10
>         i = 5495648
> (More stack frames follow...)
> 
> Lisp Backtrace:
> "select-frame" (0xffffce10)
> "winner-configuration" (0xffffd300)
> "winner-insert-if-new" (0xffffd810)
> "winner-save-old-configurations" (0xffffdd00)
This bug report was last modified 10 years and 351 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.