GNU bug report logs - #20705
Emacs segfaults when typing "(yas-expand" after M-: in yas-minor-mode

Previous Next

Package: emacs;

Reported by: Clément Pit--Claudel <clement.pitclaudel <at> live.com>

Date: Sun, 31 May 2015 20:46:02 UTC

Severity: normal

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 20705 <at> debbugs.gnu.org (full text, mbox):

From: Clément Pit--Claudel
 <clement.pitclaudel <at> live.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 20705 <at> debbugs.gnu.org
Subject: Re: bug#20705: Acknowledgement (Emacs segfaults when typing
 "(yas-expand" after M-: in yas-minor-mode)
Date: Tue, 02 Jun 2015 02:17:15 -0700

[Message part 1 (text/plain, inline)]
On 06/01/2015 07:52 AM, Eli Zaretskii wrote:
>> Date: Sun, 31 May 2015 14:21:11 -0700
>> From: Clément Pit--Claudel
>>  <clement.pitclaudel <at> live.com>
>>
>> Some further investigation:
>>
>> * yas-minor-mode is useless; (require 'yasnippet) is sufficient.
>> * The bug is triggered by eldoc; disabling global-eldoc-mode makes it go away.
> 
> Thanks.
> 
> Is the complex command line you show in your report still needed?

Not anymore. I've reduced it further (it turns out that it's sufficient to just load the right file from yasnippet to trigger the bug, so given the attached file the following recipe does the trick):

   1. emacs -Q -l segfault.el
   2. Type "(yas-expand"

This reliably crash emacs on my machine. I've affixed a backtrace to this email, but I'm not sure if it's more useful. I used the parameters recommended in M-x view-emacs-debugging.

I tried reducing the attached file (it's large!) and for that I started by removing all comments and strings. Interestingly this caused Emacs to stop crashing, giving the following message instead:

   eldoc error: (cyclic-function-indirection yas-expand)

Maybe someone can make sense out of that? It seems to come from src/data.c:2129:

/* If OBJECT is a symbol, find the end of its function chain and
   return the value found there.  If OBJECT is not a symbol, just
   return it.  If there is a cycle in the function chain, signal a
   cyclic-function-indirection error.

   This is like Findirect_function, except that it doesn't signal an
   error if the chain ends up unbound.  */
Lisp_Object
indirect_function (register Lisp_Object object)
{
  Lisp_Object tortoise, hare;

  hare = tortoise = object;

  for (;;)
    {
      if (!SYMBOLP (hare) || NILP (hare))
	break;
      hare = XSYMBOL (hare)->function;
      if (!SYMBOLP (hare) || NILP (hare))
	break;
      hare = XSYMBOL (hare)->function;

      tortoise = XSYMBOL (tortoise)->function;

      if (EQ (hare, tortoise))
	xsignal1 (Qcyclic_function_indirection, object);
    }

  return hare;
}

Which matches part of the backtrace:

Program received signal SIGSEGV, Segmentation fault.
Fkey_binding (key=8568165, accept_default=43008, no_remap=0, position=0) at keymap.c:1662
1662	      if (EVENT_HAS_PARAMETERS (event) && CONSP (XCDR (event)))
(gdb) backtrace
#0  Fkey_binding (key=8568165, accept_default=43008, no_remap=0, position=0) at keymap.c:1662
#1  0x0000000000543012 in eval_sub (form=<optimized out>) at eval.c:2191
#2  0x000000000054327f in For (args=25549251) at eval.c:346
#3  0x0000000000542e17 in eval_sub (form=<optimized out>) at eval.c:2131
#4  0x00000000005432d3 in Fprogn (body=25549363) at eval.c:445
#5  0x00000000005454cc in FletX (args=25549171) at eval.c:896
#6  0x0000000000542e17 in eval_sub (form=<optimized out>) at eval.c:2131
#7  0x00000000005432d3 in Fprogn (body=25549411) at eval.c:445
#8  0x00000000005435b8 in funcall_lambda (fun=fun <at> entry=25549523, nargs=nargs <at> entry=0, arg_vector=arg_vector <at> entry=0x7fffffffba60) at eval.c:2944
#9  0x0000000000542b83 in apply_lambda (fun=fun <at> entry=25549523, args=<optimized out>, count=count <at> entry=26) at eval.c:2826
#10 0x00000000005431ef in eval_sub (form=<optimized out>) at eval.c:2256
#11 0x000000000054543a in FletX (args=25990723) at eval.c:871
#12 0x0000000000542e17 in eval_sub (form=<optimized out>) at eval.c:2131
#13 0x00000000005432d3 in Fprogn (body=25990515) at eval.c:445
#14 0x0000000000544fac in Fcond (args=25990483) at eval.c:423
#15 0x0000000000542e17 in eval_sub (form=<optimized out>) at eval.c:2131
#16 0x000000000054543a in FletX (args=25989955) at eval.c:871
#17 0x0000000000542e17 in eval_sub (form=<optimized out>) at eval.c:2131
#18 0x00000000005432d3 in Fprogn (body=25989731) at eval.c:445
#19 0x00000000005435b8 in funcall_lambda (fun=fun <at> entry=25989619, nargs=nargs <at> entry=1, arg_vector=arg_vector <at> entry=0x7fffffffbf70) at eval.c:2944
#20 0x0000000000542b83 in apply_lambda (fun=fun <at> entry=25989619, args=<optimized out>, count=count <at> entry=20) at eval.c:2826
#21 0x00000000005431ef in eval_sub (form=form <at> entry=25991539) at eval.c:2256
#22 0x0000000000545b73 in Feval (form=form <at> entry=25991539, lexical=lexical <at> entry=0) at eval.c:1996
#23 0x0000000000536872 in Fdocumentation_property (symbol=symbol <at> entry=12823344, prop=prop <at> entry=23616, raw=raw <at> entry=43008) at doc.c:467
#24 0x00000000005368f9 in Fdocumentation (function=12823344, raw=43008) at doc.c:329
#25 0x0000000000543871 in Ffuncall (nargs=nargs <at> entry=3, args=args <at> entry=0x7fffffffc268) at eval.c:2721
#26 0x00000000005720e1 in exec_byte_code (bytestr=<optimized out>, vector=10126773, maxdepth=<optimized out>, args_template=args_template <at> entry=3078, nargs=nargs <at> entry=2, 
    args=<optimized out>, args <at> entry=0x7fffffffc458) at bytecode.c:919
#27 0x0000000000543413 in funcall_lambda (fun=10126693, nargs=nargs <at> entry=2, arg_vector=arg_vector <at> entry=0x7fffffffc458) at eval.c:2885
#28 0x0000000000543980 in Ffuncall (nargs=nargs <at> entry=3, args=args <at> entry=0x7fffffffc450) at eval.c:2767
#29 0x0000000000544874 in Fapply (nargs=<optimized out>, args=0x7fffffffc5b0) at eval.c:2337
#30 0x00000000005437da in Ffuncall (nargs=nargs <at> entry=3, args=args <at> entry=0x7fffffffc5a8) at eval.c:2698
#31 0x00000000005720e1 in exec_byte_code (bytestr=<optimized out>, vector=10126541, maxdepth=<optimized out>, args_template=args_template <at> entry=2, nargs=nargs <at> entry=0, 
    args=<optimized out>, args <at> entry=0x7fffffffc8a0) at bytecode.c:919
#32 0x0000000000543413 in funcall_lambda (fun=10126461, nargs=nargs <at> entry=0, arg_vector=arg_vector <at> entry=0x7fffffffc8a0) at eval.c:2885
#33 0x0000000000543980 in Ffuncall (nargs=nargs <at> entry=1, args=args <at> entry=0x7fffffffc898) at eval.c:2767
#34 0x000000000054466d in Fapply (nargs=2, args=0x7fffffffc898) at eval.c:2289
#35 0x00000000005437da in Ffuncall (nargs=nargs <at> entry=3, args=args <at> entry=0x7fffffffc890) at eval.c:2698
#36 0x00000000005720e1 in exec_byte_code (bytestr=<optimized out>, vector=19216853, maxdepth=<optimized out>, args_template=args_template <at> entry=514, nargs=nargs <at> entry=0, 
    args=<optimized out>, args <at> entry=0x7fffffffca78) at bytecode.c:919
#37 0x0000000000543413 in funcall_lambda (fun=19216893, nargs=nargs <at> entry=0, arg_vector=arg_vector <at> entry=0x7fffffffca78) at eval.c:2885
#38 0x0000000000543980 in Ffuncall (nargs=nargs <at> entry=1, args=args <at> entry=0x7fffffffca70) at eval.c:2767
#39 0x00000000005720e1 in exec_byte_code (bytestr=<optimized out>, vector=10373125, maxdepth=<optimized out>, args_template=args_template <at> entry=2, nargs=nargs <at> entry=0, 
    args=<optimized out>, args <at> entry=0x7fffffffcc50) at bytecode.c:919
#40 0x0000000000543413 in funcall_lambda (fun=10373053, nargs=nargs <at> entry=0, arg_vector=arg_vector <at> entry=0x7fffffffcc50) at eval.c:2885
#41 0x0000000000543980 in Ffuncall (nargs=nargs <at> entry=1, args=args <at> entry=0x7fffffffcc48) at eval.c:2767
#42 0x00000000005720e1 in exec_byte_code (bytestr=<optimized out>, vector=10371773, maxdepth=<optimized out>, args_template=args_template <at> entry=2, nargs=nargs <at> entry=0, 
    args=<optimized out>, args <at> entry=0x7fffffffcf38) at bytecode.c:919
#43 0x0000000000543413 in funcall_lambda (fun=10371701, nargs=nargs <at> entry=0, arg_vector=arg_vector <at> entry=0x7fffffffcf38) at eval.c:2885
#44 0x0000000000543980 in Ffuncall (nargs=nargs <at> entry=1, args=args <at> entry=0x7fffffffcf30) at eval.c:2767
#45 0x000000000054466d in Fapply (nargs=2, args=0x7fffffffcf30) at eval.c:2289
#46 0x00000000005437da in Ffuncall (nargs=nargs <at> entry=3, args=args <at> entry=0x7fffffffcf28) at eval.c:2698
#47 0x00000000005720e1 in exec_byte_code (bytestr=<optimized out>, vector=9940461, maxdepth=<optimized out>, args_template=args_template <at> entry=0, nargs=nargs <at> entry=0, 
    args=<optimized out>, args <at> entry=0x0) at bytecode.c:919
#48 0x00000000005435fd in funcall_lambda (fun=9940381, nargs=nargs <at> entry=1, arg_vector=arg_vector <at> entry=0x7fffffffd118) at eval.c:2951
#49 0x0000000000543980 in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=0x7fffffffd110) at eval.c:2767
#50 0x0000000000543aed in call1 (fn=fn <at> entry=43776, arg1=arg1 <at> entry=19720309) at eval.c:2573
#51 0x00000000004df92d in timer_check_2 (timers=<optimized out>, timers <at> entry=0, idle_timers=<optimized out>, idle_timers <at> entry=25452755) at keyboard.c:4533
#52 0x00000000004e1bcc in timer_check () at keyboard.c:4600
#53 0x00000000004e1be9 in readable_events (flags=flags <at> entry=1) at keyboard.c:3434
#54 0x00000000004e4ae8 in get_input_pending (flags=flags <at> entry=1) at keyboard.c:6818
#55 0x00000000004e4c3f in detect_input_pending_run_timers (do_display=do_display <at> entry=true) at keyboard.c:9973
#56 0x000000000057ca91 in wait_reading_process_output (time_limit=<optimized out>, time_limit <at> entry=30, nsecs=nsecs <at> entry=0, read_kbd=read_kbd <at> entry=-1, 
    do_display=do_display <at> entry=true, wait_for_cell=wait_for_cell <at> entry=0, wait_proc=wait_proc <at> entry=0x0, just_wait_proc=just_wait_proc <at> entry=0) at process.c:5013
#57 0x000000000041f49a in sit_for (timeout=timeout <at> entry=122, reading=reading <at> entry=true, display_option=display_option <at> entry=1) at dispnew.c:5748
#58 0x00000000004e6ccb in read_char (commandflag=1, map=map <at> entry=25459891, prev_event=0, used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffd84b, end_time=end_time <at> entry=0x0)
    at keyboard.c:2781
#59 0x00000000004e7d4d in read_key_sequence (keybuf=keybuf <at> entry=0x7fffffffd900, bufsize=bufsize <at> entry=30, prompt=prompt <at> entry=0, 
    dont_downcase_last=dont_downcase_last <at> entry=false, can_return_switch_frame=can_return_switch_frame <at> entry=true, fix_current_buffer=fix_current_buffer <at> entry=true, 
    prevent_redisplay=prevent_redisplay <at> entry=false) at keyboard.c:9156
#60 0x00000000004e9289 in command_loop_1 () at keyboard.c:1407
#61 0x0000000000542136 in internal_condition_case (bfun=bfun <at> entry=0x4e8fb4 <command_loop_1>, handlers=handlers <at> entry=18624, hfun=hfun <at> entry=0x4e0885 <cmd_error>) at eval.c:1348
#62 0x00000000004dc6f8 in command_loop_2 (ignore=ignore <at> entry=0) at keyboard.c:1139
#63 0x000000000054201a in internal_catch (tag=tag <at> entry=44352, func=func <at> entry=0x4dc6e0 <command_loop_2>, arg=arg <at> entry=0) at eval.c:1108
#64 0x00000000004dc69e in command_loop () at keyboard.c:1118
#65 0x00000000004e0513 in recursive_edit_1 () at keyboard.c:728
#66 0x00000000004e07d5 in Frecursive_edit () at keyboard.c:799
#67 0x00000000004dc0e9 in main (argc=4, argv=0x7fffffffdc18) at emacs.c:1626

[segfault.el (text/x-emacs-lisp, attachment)]
This bug report was last modified 9 years and 354 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.