Package: emacs;
Reported by: Andy Moreton <andrewjmoreton <at> gmail.com>
Date: Mon, 1 Feb 2016 22:16:02 UTC
Severity: normal
Found in version 25.0.90
Done: Eli Zaretskii <eliz <at> gnu.org>
Bug is archived. No further changes may be made.
Message #20 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Andy Moreton <andrewjmoreton <at> gmail.com> To: bug-gnu-emacs <at> gnu.org Subject: Re: bug#22526: 25.0.90; Crash starting gnus Date: Thu, 11 Feb 2016 02:06:54 +0000
On Sun 07 Feb 2016, Eli Zaretskii wrote:
>> From: Andy Moreton <andrewjmoreton <at> gmail.com>
>> Date: Sun, 07 Feb 2016 20:58:57 +0000
>>
>> On Sun 07 Feb 2016, Eli Zaretskii wrote:
>> > Hard to tell without a reproducible recipe, or at least some
>> > additional info. If the session is still running in a debugger, I
>> > might ask some questions about some variables.
>>
>> I don't have that session running any more. Please do make suggestions
>> for things to look at in gdb that I can try if I manage to reproduce the
>> problem.
>
> Thanks.
>
> AFAIU, the crash was here:
>
> /* Put an anchor. */
> *(Z_ADDR) = 0; <<<<<<<<<<<<<<<<<
>
> So the first question is, of course, what is the value of Z_ADDR?
>
> Next question is what are the values of the variables in the
> expression to which Z_ADDR expands:
>
> /* Address of end of buffer. */
> #define Z_ADDR (current_buffer->text->beg + current_buffer->text->gap_size + current_buffer->text->z_byte - BEG_BYTE)
I've seen a similar crash again with emacs-25 built from changeset 456c0a31.
Lisp Backtrace:
"internal-default-process-filter" (0xbf2248)
"accept-process-output" (0xbf3940)
"nnheader-accept-process-output" (0xbf41e0)
"nntp-accept-process-output" (0xbf4a70)
"nntp-send-command-nodelete" (0xbf5320)
"nntp-send-xover-command" (0xbf5bb0)
"nntp-retrieve-headers-with-xover" (0xbf6470)
0x9dab1b8 PVEC_COMPILED
"nntp-with-open-group-function" (0xbf75b0)
"nntp-retrieve-headers" (0xbf7e40)
"gnus-retrieve-headers" (0xbf86d0)
"gnus-cache-retrieve-headers" (0xbf8f70)
"gnus-retrieve-headers" (0xbf9800)
"gnus-fetch-headers" (0xbfa0a0)
"gnus-select-newsgroup" (0xbfa950)
"gnus-summary-read-group-1" (0xbfb1f0)
"gnus-summary-read-group" (0xbfbaa0)
"gnus-summary-next-group" (0xbfc350)
"gnus-summary-walk-group-buffer" (0xbfcc10)
"gnus-summary-next-article" (0xbfd4b0)
"gnus-summary-next-unread-article" (0xbfdd50)
"gnus-summary-next-page" (0xbfe740)
"funcall-interactively" (0xbfe738)
"call-interactively" (0xbfebf0)
"command-execute" (0xbff488)
The C backtrace from "bt full" starts with the frames below (details of
current_buffer follow):
#1 0x000000040028fbc4 in emacs_abort () at ../../src/w32fns.c:9794
button = 0x6
#2 0x000000040012f72b in terminate_due_to_signal (sig=0xb, backtrace_limit=0x28) at ../../src/emacs.c:380
No locals.
#3 0x000000040015da9d in handle_fatal_signal (sig=0xb) at ../../src/sysdep.c:1601
No locals.
#4 0x000000040015da6d in deliver_thread_signal (sig=0xb, handler=0x40015da85 <handle_fatal_signal>) at ../../src/sysdep.c:1575
old_errno = 0xc
#5 0x000000040015dad9 in deliver_fatal_thread_signal (sig=0xb) at ../../src/sysdep.c:1613
No locals.
#6 0x0000000400301540 in _gnu_exception_handler (exception_data=0xbf1040) at C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crt_handler.c:223
old_handler = <optimized out>
action = 0x0
reset_fpu = 0x0
#7 0x00007ff901ae5ac6 in ntdll!__C_specific_handler () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#8 0x00007ff901af9a9d in ntdll!.chkstk () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#9 0x00007ff901a84f29 in ntdll!RtlImageNtHeaderEx () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#10 0x00007ff901af8baa in ntdll!KiUserExceptionDispatcher () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#11 0x000000040017202c in make_gap_larger (nbytes_added=0x1000) at ../../src/insdel.c:411
tem = {
i = 0xd510
}
real_gap_loc = 0xf035
real_gap_loc_byte = 0xf035
old_gap_size = 0x7d0
current_size = 0xf804
#12 0x00000004001723e4 in make_gap (nbytes_added=0x830) at ../../src/insdel.c:481
No locals.
#13 0x00000004001733a4 in insert_from_string_1 (string=..., pos=0x0, pos_byte=0x0, nchars=0x1000, nbytes=0x1000, inherit=0x0, before_markers=0x1) at ../../src/insdel.c:916
outgoing_nbytes = 0x1000
intervals = 0xbf1fd0
#14 0x00000004001731f3 in insert_from_string_before_markers (string=..., pos=0x0, pos_byte=0x0, length=0x1000, length_byte=0x1000, inherit=0x0) at ../../src/insdel.c:882
opoint = 0xf035
#15 0x000000040025011d in Finternal_default_process_filter (proc=..., text=...) at ../../src/process.c:5527
old_read_only = {
i = 0x0
}
old_begv = 0x1
old_zv = 0xf035
old_begv_byte = 0x1
old_zv_byte = 0xf035
before = 0xf035
before_byte = 0xf035
opoint_byte = 0xf035
b = 0xbf20e0
p = 0x77feb88
opoint = 0xf035
#16 0x00000004001eb021 in Ffuncall (nargs=0x3, args=0xbf2240) at ../../src/eval.c:2696
internal_argbuf = {{
i = 0xbf21f0
}, {
i = 0x400163f98
}, {
i = 0x0
}, {
i = 0x0
}, {
i = 0xbf21b0
}, {
i = 0x40012990e
}, {
i = 0x401b9b350
}, {
i = 0x401ba2dd0
}}
fun = {
i = 0x4006a8df5
}
original_fun = {
i = 0x7ee0
}
funcar = {
i = 0x0
}
numargs = 0x2
lisp_numargs = {
i = 0x4006a8df0
}
val = {
i = 0xbf21e0
}
internal_args = 0xbf2248
count = 0xa0
In frame #11 make_gap_larger, current_buffer looks like:
(gdb) $1 = (struct buffer *) 0x9434730
(gdb) $2 = {
header = {
size = 0x4000000006032047
},
name_ = {
i = 0x6b5d4b4
},
filename_ = {
i = 0x0
},
directory_ = {
i = 0x91406d4
},
backed_up_ = {
i = 0x0
},
save_length_ = {
i = 0x2
},
auto_save_file_name_ = {
i = 0x0
},
read_only_ = {
i = 0x0
},
mark_ = {
i = 0x69ae731
},
local_var_alist_ = {
i = 0x69526c3
},
major_mode_ = {
i = 0x6938
},
mode_name_ = {
i = 0x40032154c
},
mode_line_format_ = {
i = 0x4007ff4a3
},
header_line_format_ = {
i = 0x0
},
keymap_ = {
i = 0x0
},
abbrev_table_ = {
i = 0x4007c1855
},
syntax_table_ = {
i = 0x400789e2d
},
category_table_ = {
i = 0x40078a605
},
case_fold_search_ = {
i = 0x0
},
tab_width_ = {
i = 0x22
},
fill_column_ = {
i = 0x13a
},
left_margin_ = {
i = 0x2
},
auto_fill_function_ = {
i = 0x0
},
downcase_table_ = {
i = 0x40078ab5d
},
upcase_table_ = {
i = 0x40078fbe5
},
case_canon_table_ = {
i = 0x400985f35
},
case_eqv_table_ = {
i = 0x400976965
},
truncate_lines_ = {
i = 0xd510
},
word_wrap_ = {
i = 0x0
},
ctl_arrow_ = {
i = 0xd510
},
bidi_display_reordering_ = {
i = 0xd510
},
bidi_paragraph_direction_ = {
i = 0x0
},
selective_display_ = {
i = 0x0
},
selective_display_ellipses_ = {
i = 0xd510
},
minor_modes_ = {
i = 0x0
},
overwrite_mode_ = {
i = 0x0
},
abbrev_mode_ = {
i = 0x0
},
display_table_ = {
i = 0x0
},
mark_active_ = {
i = 0x0
},
enable_multibyte_characters_ = {
i = 0x0
},
buffer_file_coding_system_ = {
i = 0xfffffffffec61568
},
file_format_ = {
i = 0x0
},
auto_save_file_format_ = {
i = 0xd510
},
cache_long_scans_ = {
i = 0xd510
},
width_table_ = {
i = 0x0
},
pt_marker_ = {
i = 0x0
},
begv_marker_ = {
i = 0x0
},
zv_marker_ = {
i = 0x0
},
point_before_scroll_ = {
i = 0x0
},
file_truename_ = {
i = 0x0
},
invisibility_spec_ = {
i = 0xd510
},
last_selected_window_ = {
i = 0x0
},
display_count_ = {
i = 0x2
},
left_margin_cols_ = {
i = 0x2
},
right_margin_cols_ = {
i = 0x2
},
left_fringe_width_ = {
i = 0x0
},
right_fringe_width_ = {
i = 0x0
},
fringes_outside_margins_ = {
i = 0x0
},
scroll_bar_width_ = {
i = 0x0
},
scroll_bar_height_ = {
i = 0x0
},
vertical_scroll_bar_type_ = {
i = 0xd510
},
horizontal_scroll_bar_type_ = {
i = 0xd510
},
indicate_empty_lines_ = {
i = 0xd510
},
indicate_buffer_boundaries_ = {
i = 0x0
},
fringe_indicator_alist_ = {
i = 0x400c28ab3
},
fringe_cursor_alist_ = {
i = 0x40095d173
},
display_time_ = {
i = 0x0
},
scroll_up_aggressively_ = {
i = 0x0
},
scroll_down_aggressively_ = {
i = 0x0
},
cursor_type_ = {
i = 0xd510
},
extra_line_spacing_ = {
i = 0x0
},
cursor_in_non_selected_windows_ = {
i = 0xd510
},
own_text = {
beg = 0x1f0000 "224 Overview information for 108895-109097 follows\r\n108895\tRe: Problem with whitespaces in search\ttomas <at> tuxteam.de\tThu, 28 Jan 2016 15:58:13 +0100\t<20160128145813.GB14779 <at> tuxteam.de>\t<20160128101634.G"...,
gpt = 0xf035,
z = 0xf035,
gpt_byte = 0xf035,
z_byte = 0xf035,
gap_size = 0x17d0,
modiff = 0x45c,
chars_modiff = 0x45c,
save_modiff = 0x1,
overlay_modiff = 0x1,
compact = 0x1,
beg_unchanged = 0x0,
end_unchanged = 0x0,
unchanged_modified = 0x1,
overlay_unchanged_modified = 0x1,
intervals = 0x0,
markers = 0x69ae700,
inhibit_shrinking = 0x0,
redisplay = 0x1
},
text = 0x9434970,
next = 0x9434ef0,
pt = 0xf035,
pt_byte = 0xf035,
begv = 0x1,
begv_byte = 0x1,
zv = 0xf035,
zv_byte = 0xf035,
base_buffer = 0x0,
indirections = 0x0,
window_count = 0x0,
local_flags = '\000' <repeats 49 times>,
modtime = {
tv_sec = 0x0,
tv_nsec = 0xfffffffe
},
modtime_size = 0xffffffffffffffff,
auto_save_modified = 0x0,
display_error_modiff = 0x0,
auto_save_failure_time = 0x0,
last_window_start = 0x1,
newline_cache = 0x4a222c0,
width_run_cache = 0x0,
bidi_paragraph_cache = 0x0,
prevent_redisplay_optimizations_p = 0x1,
clip_changed = 0x0,
overlays_before = 0x0,
overlays_after = 0x0,
overlay_center = 0xf035,
undo_list_ = {
i = 0xd510
}
}
...and in the same frame, current_buffer->text looks like this:
(gdb) $3 = (struct buffer_text *) 0x9434970
(gdb) $4 = {
beg = 0x1f0000 "224 Overview information for 108895-109097 follows\r\n108895\tRe: Problem with whitespaces in search\ttomas <at> tuxteam.de\tThu, 28 Jan 2016 15:58:13 +0100\t<20160128145813.GB14779 <at> tuxteam.de>\t<20160128101634.G"...,
gpt = 0xf035,
z = 0xf035,
gpt_byte = 0xf035,
z_byte = 0xf035,
gap_size = 0x17d0,
modiff = 0x45c,
chars_modiff = 0x45c,
save_modiff = 0x1,
overlay_modiff = 0x1,
compact = 0x1,
beg_unchanged = 0x0,
end_unchanged = 0x0,
unchanged_modified = 0x1,
overlay_unchanged_modified = 0x1,
intervals = 0x0,
markers = 0x69ae700,
inhibit_shrinking = 0x0,
redisplay = 0x1
}
Hopefully this is of some use.
AndyM
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.