GNU bug report logs - #21394
25.0.50; Segfault when displaying unprintable character in echo area while frames are being created

Previous Next

Full log

View this message in rfc822 format

From: Pip Cet <pipcet <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 21394 <at> debbugs.gnu.org
Subject: bug#21394: 25.0.50; Segfault when displaying unprintable character in echo area while frames are being created
Date: Tue, 1 Sep 2015 17:30:36 +0000

[Message part 1 (text/plain, inline)]

On Tue, Sep 1, 2015 at 4:57 PM, Eli Zaretskii <eliz <at> gnu.org> wrote:

> > Date: Tue, 1 Sep 2015 16:43:13 +0000
> > From: Pip Cet <pipcet <at> gmail.com>
> >
> > Launch emacs -Q.
> >
> > C-x C-f emacs-bug-038.el
> > M-x eval-buffer
> >
> > Wait for approximately one minute.
>
> I waited for 1.5 minutes, and saw no crash.  But that doesn't surprise
> me, since these problems are very elusive.
>

Well, obviously it's a race condition and happens randomly. It certainly
seems to be running a lot longer with the debugging code you requested...


> > 26484   if (it->what == IT_CHARACTER)
> > 26485     {
> > 26486       XChar2b char2b;
> > 26487       struct face *face = FACE_FROM_ID (it->f, it->face_id);
> > 26488       struct font *font = face->font;
> > 26489       struct font_metrics *pcm = NULL;
> > 26490       int boff;                 /* Baseline offset.  */
> > 26491
> > 26492       if (font == NULL)
> > (gdb) p face
> > $1 = (struct face *) 0x0
> > (gdb) p it->face_id
> > $2 = 18
> > (gdb) p it->f->face_cache->used
> > $3 = 15
>
> This is another incarnation of several similar crashes we've seen for
> the past year or so (you can see them on the bug tracker).


I hope you're right, obviously. I'll try finding them on the bug tracker,
but if you have bug #s that would be very much appreciated.


> If you can somehow produce a trace of face caching and un-caching in
> this recipe, with backtraces to show who calls those, perhaps we could
> finally nail this sucker.
>

I think I've got what you want here. However, I'm not sure how far back in
the log is relevant to you; I'm attaching the end of the log here, but will
send the full log by private email, if that's okay?

I've used these gdb commands:

----
b free_realized_faces
b uncache_face
b cache_face
command 1
bt
c
end
command 2
p c->used
bt
c
end
command 3
p c->used
bt
c
end
----

Please feel free to respond with a list of alternative commands, and I'll
be happy to attempt producing another backtrace here.

I'm currently trying with the same commands with .gdbinit loaded, so we
have xbacktraces, but xbacktrace is really slow so it might take a while
(or never trigger the bug, obviously). It appears to be slower by about a
factor of 100, so this will probably run for a few hours.

[Message part 2 (text/html, inline)]

[emacs-bug-046.txt (text/plain, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.