GNU bug report logs -
#33530
26.1.90; D-Bus crashes Emacs: consp, Fatal error 7: Bus error
Previous Next
Reported by: Damien Cassou <damien <at> cassou.me>
Date: Tue, 27 Nov 2018 21:00:02 UTC
Severity: normal
Found in version 26.1.90
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 33530 in the body.
You can then email your comments to 33530 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#33530; Package
emacs.
(Tue, 27 Nov 2018 21:00:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Damien Cassou <damien <at> cassou.me>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Tue, 27 Nov 2018 21:00:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
The following line crashes both Emacs 26 and Emacs master.
emacs -Q -batch --eval "(require 'dbus)" --eval "(dbus-call-method :system \"org.freedesktop.NetworkManager\" \"/org/freedesktop/NetworkManager/Devices/1\" \"org.freedesktop.NetworkManager.Device.Wireless\" \"RequestScan\" :dict-entry)"
Here is a trace on emacs-master.
Wrong type argument: consp, Fatal error 11: Segmentation fault
#0 0x00000000005870c8 in PSEUDOVECTOR_TYPE (v=0xc8c7000c8421c6c0) at lisp.h:1573
size = -3979211692002130235
#1 0x0000000000675c88 in print_vectorlike (obj=XIL(0xc8c7000c8421c6c5), printcharfun=XIL(0x58b0), escapeflag=true, buf=0x7fffffffca10 "\004") at print.c:1368
#2 0x0000000000678de5 in print_object (obj=XIL(0xc8c7000c8421c6c5), printcharfun=XIL(0x58b0), escapeflag=true) at print.c:2152
buf = "\004\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\320\321\000\000\000\000\000\000\260X\000\000\000\000\000\000`\312\377\377\377\177\000\000\tzd\000\000\000\000\000\202\000\000\000\000"
#3 0x000000000067503c in print (obj=XIL(0xc8c7000c8421c6c5), printcharfun=XIL(0x58b0), escapeflag=true) at print.c:1145
#4 0x00000000006727d1 in Fprin1 (object=XIL(0xc8c7000c8421c6c5), printcharfun=XIL(0x58b0)) at print.c:653
old = 0xcd5800 <bss_sbrk_buffer+457984>
old_point = -1
start_point = -1
old_point_byte = -1
start_point_byte = -1
specpdl_count = 4
free_print_buffer = false
multibyte = true
original = XIL(0x58b0)
#5 0x0000000000674b2d in print_error_message (data=XIL(0x13472d3), stream=XIL(0x58b0), context=0xbc093e <pure+3999998> "", caller=XIL(0x2a90)) at print.c:980
obj = XIL(0xc8c7000c8421c6c5)
sep = 0x786fef ", "
errname = XIL(0xe3a0)
errmsg = XIL(0x7fb874)
file_error = XIL(0)
tail = XIL(0x13473b3)
#6 0x0000000000591321 in Fcommand_error_default_function (data=XIL(0x13472d3), context=XIL(0x7f0064), signal=XIL(0x2a90)) at keyboard.c:1005
sf = 0xce2830 <bss_sbrk_buffer+511280>
#7 0x00000000006485fa in funcall_subr (subr=0x7ebe80 <Scommand_error_default_function>, numargs=3, args=0x7fffffffce48) at eval.c:2939
internal_argbuf = {XIL(0x7fffffffcdb0), make_number(16107774448), XIL(0x7ebe80), XIL(0x7fffffffcd78), XIL(0x58716b), XIL(0xf00000000), XIL(0x7ebe85), XIL(0x7fffffffcd90)}
internal_args = 0x7fffffffce48
#8 0x00000000006480ef in Ffuncall (nargs=4, args=0x7fffffffce40) at eval.c:2859
fun = XIL(0x7ebe85)
original_fun = XIL(0x9a9d0)
funcar = XIL(0x7fffffffceb0)
numargs = 3
val = XIL(0)
count = 3
#9 0x0000000000647a93 in call3 (fn=XIL(0x9a9d0), arg1=XIL(0x13472d3), arg2=XIL(0x7f0064), arg3=XIL(0x2a90)) at eval.c:2726
#10 0x00000000005911d8 in cmd_error_internal (data=XIL(0x13472d3), context=0x7fffffffceb0 "") at keyboard.c:972
#11 0x00000000005910b7 in cmd_error (data=XIL(0x13472d3)) at keyboard.c:941
old_level = XIL(0)
old_length = XIL(0)
macroerror = "\000\316\377\377\001", '\000' <repeats 12 times>, "\317\377\377\377\177\000\000s_d", '\000' <repeats 13 times>, "ӛ1\001\000\000\000\000", <incomplete sequence \317>
#12 0x0000000000644047 in internal_condition_case (bfun=0x591523 <top_level_2>, handlers=XIL(0x54c0), hfun=0x590f67 <cmd_error>) at eval.c:1369
val = XIL(0x13472d3)
c = 0x2c9b710
#13 0x0000000000591584 in top_level_1 (ignore=XIL(0)) at keyboard.c:1096
#14 0x000000000064356e in internal_catch (tag=XIL(0xcc30), func=0x591542 <top_level_1>, arg=XIL(0)) at eval.c:1136
val = XIL(0)
c = 0x2c998e0
#15 0x0000000000591473 in command_loop () at keyboard.c:1057
#16 0x0000000000590a79 in recursive_edit_1 () at keyboard.c:703
count = 1
val = XIL(0x7fffffffd040)
#17 0x0000000000590c5b in Frecursive_edit () at keyboard.c:774
count = 0
buffer = XIL(0)
#18 0x000000000058e85d in main (argc=7, argv=0x7fffffffd288) at emacs.c:1716
stack_bottom_variable = 0x7ffff5ed6f40
do_initial_setlocale = true
dumping = false
skip_args = 1
no_loadup = false
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x0
original_pwd = 0x0
rlim = {
rlim_cur = 10022912,
rlim_max = 18446744073709551615
}
sockfd = -1
Lisp Backtrace:
"command-error-default-function" (0xffffce48)
Windowing system distributor 'Fedora Project', version 11.0.12003000
System Description: Fedora release 29 (Twenty Nine)
--
Damien Cassou
http://damiencassou.seasidehosting.st
"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill
Reply sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility.
(Wed, 28 Nov 2018 05:42:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Damien Cassou <damien <at> cassou.me>:
bug acknowledged by developer.
(Wed, 28 Nov 2018 05:42:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 33530-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Thanks for reporting that. I installed the attached into the master branch and
am marking the bug as fixed. Not sure whether it's worth installing into the
emacs-26 branch. It is a serious problem if Lisp code can make Emacs crash; on
the other hand, the usage is erroneous.
[0001-Fix-core-dump-in-dbus-message-internal.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#33530; Package
emacs.
(Wed, 28 Nov 2018 06:17:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 33530 <at> debbugs.gnu.org (full text, mbox):
> From: Damien Cassou <damien <at> cassou.me>
> Date: Tue, 27 Nov 2018 21:59:01 +0100
> Cc: Paul Eggert <eggert <at> cs.ucla.edu>, Michael Albinus <michael.albinus <at> gmx.de>
>
> The following line crashes both Emacs 26 and Emacs master.
>
> emacs -Q -batch --eval "(require 'dbus)" --eval "(dbus-call-method :system \"org.freedesktop.NetworkManager\" \"/org/freedesktop/NetworkManager/Devices/1\" \"org.freedesktop.NetworkManager.Device.Wireless\" \"RequestScan\" :dict-entry)"
It dies trying to display an error message:
> #5 0x0000000000674b2d in print_error_message (data=XIL(0x13472d3), stream=XIL(0x58b0), context=0xbc093e <pure+3999998> "", caller=XIL(0x2a90)) at print.c:980
> obj = XIL(0xc8c7000c8421c6c5)
> sep = 0x786fef ", "
> errname = XIL(0xe3a0)
> errmsg = XIL(0x7fb874)
> file_error = XIL(0)
> tail = XIL(0x13473b3)
> #6 0x0000000000591321 in Fcommand_error_default_function (data=XIL(0x13472d3), context=XIL(0x7f0064), signal=XIL(0x2a90)) at keyboard.c:1005
> sf = 0xce2830 <bss_sbrk_buffer+511280>
> #7 0x00000000006485fa in funcall_subr (subr=0x7ebe80 <Scommand_error_default_function>, numargs=3, args=0x7fffffffce48) at eval.c:2939
> internal_argbuf = {XIL(0x7fffffffcdb0), make_number(16107774448), XIL(0x7ebe80), XIL(0x7fffffffcd78), XIL(0x58716b), XIL(0xf00000000), XIL(0x7ebe85), XIL(0x7fffffffcd90)}
> internal_args = 0x7fffffffce48
> #8 0x00000000006480ef in Ffuncall (nargs=4, args=0x7fffffffce40) at eval.c:2859
> fun = XIL(0x7ebe85)
> original_fun = XIL(0x9a9d0)
> funcar = XIL(0x7fffffffceb0)
> numargs = 3
> val = XIL(0)
> count = 3
> #9 0x0000000000647a93 in call3 (fn=XIL(0x9a9d0), arg1=XIL(0x13472d3), arg2=XIL(0x7f0064), arg3=XIL(0x2a90)) at eval.c:2726
> #10 0x00000000005911d8 in cmd_error_internal (data=XIL(0x13472d3), context=0x7fffffffceb0 "") at keyboard.c:972
> #11 0x00000000005910b7 in cmd_error (data=XIL(0x13472d3)) at keyboard.c:941
> old_level = XIL(0)
> old_length = XIL(0)
> macroerror = "\000\316\377\377\001", '\000' <repeats 12 times>, "\317\377\377\377\177\000\000s_d", '\000' <repeats 13 times>, "ӛ1\001\000\000\000\000", <incomplete sequence \317>
Can you please show the value of 'data' in frame #10 or in frame #5,
in human-readable form? This should be possible using the "xtype"
command followed by another x* command, according to what type is
shown by "xtype", probably "xsymbol".
Thanks.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#33530; Package
emacs.
(Wed, 28 Nov 2018 07:11:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 33530 <at> debbugs.gnu.org (full text, mbox):
> From: Paul Eggert <eggert <at> cs.ucla.edu>
> Date: Tue, 27 Nov 2018 21:40:55 -0800
> Cc: Michael Albinus <michael.albinus <at> gmx.de>
>
> Not sure whether it's worth installing into the emacs-26 branch.
Please do, and thanks.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#33530; Package
emacs.
(Wed, 28 Nov 2018 09:29:01 GMT)
Full text and
rfc822 format available.
Message #19 received at 33530 <at> debbugs.gnu.org (full text, mbox):
Hi Eli,
Eli Zaretskii <eliz <at> gnu.org> writes:
> Can you please show the value of 'data' in frame #10 or in frame #5,
> in human-readable form? This should be possible using the "xtype"
> command followed by another x* command, according to what type is
> shown by "xtype", probably "xsymbol".
I would like to do that but I lack knowledge of gdb. Here is what I came
up with:
(gdb) frame 10
#10 0x00000000005911d8 in cmd_error_internal (data=XIL(0x1347253), context=0x7fffffffce90 "") at keyboard.c:972
972 call3 (Vcommand_error_function, data,
(gdb) p data
$1 = XIL(0x1347253)
(gdb) xtype
Lisp_Cons
(gdb) xcons
$2 = (struct Lisp_Cons *) 0x1347250 <bss_sbrk_buffer+7214928>
{
u = {
s = {
car = XIL(0xe3a0),
u = {
cdr = XIL(0x1347283),
chain = 0x1347283
}
},
gcaligned = 0xa0
}
}
--
Damien Cassou
http://damiencassou.seasidehosting.st
"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#33530; Package
emacs.
(Wed, 28 Nov 2018 09:38:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 33530-done <at> debbugs.gnu.org (full text, mbox):
Paul Eggert <eggert <at> cs.ucla.edu> writes:
> Thanks for reporting that. I installed the attached into the master branch and
> am marking the bug as fixed. Not sure whether it's worth installing into the
> emacs-26 branch. It is a serious problem if Lisp code can make Emacs crash; on
> the other hand, the usage is erroneous.
thank you Paul for the quick fix.
--
Damien Cassou
http://damiencassou.seasidehosting.st
"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#33530; Package
emacs.
(Wed, 28 Nov 2018 09:49:01 GMT)
Full text and
rfc822 format available.
Message #25 received at 33530 <at> debbugs.gnu.org (full text, mbox):
> From: Damien Cassou <damien <at> cassou.me>
> Cc: 33530 <at> debbugs.gnu.org, eggert <at> cs.ucla.edu, michael.albinus <at> gmx.de
> Date: Wed, 28 Nov 2018 10:28:47 +0100
>
> Eli Zaretskii <eliz <at> gnu.org> writes:
> > Can you please show the value of 'data' in frame #10 or in frame #5,
> > in human-readable form? This should be possible using the "xtype"
> > command followed by another x* command, according to what type is
> > shown by "xtype", probably "xsymbol".
>
> I would like to do that but I lack knowledge of gdb. Here is what I came
> up with:
>
> (gdb) frame 10
> #10 0x00000000005911d8 in cmd_error_internal (data=XIL(0x1347253), context=0x7fffffffce90 "") at keyboard.c:972
> 972 call3 (Vcommand_error_function, data,
>
> (gdb) p data
> $1 = XIL(0x1347253)
>
> (gdb) xtype
> Lisp_Cons
>
> (gdb) xcons
Use "pp data" instead, it's better with conses, because it avoids the
need to manually drill down into each cons cell.
Thanks.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#33530; Package
emacs.
(Wed, 28 Nov 2018 11:34:02 GMT)
Full text and
rfc822 format available.
Message #28 received at 33530 <at> debbugs.gnu.org (full text, mbox):
Eli Zaretskii <eliz <at> gnu.org> writes:
>> (gdb) p data
>> $1 = XIL(0x1347253)
> Use "pp data" instead, it's better with conses, because it avoids the
> need to manually drill down into each cons cell.
(gdb) frame 10
#10 0x00000000005911d8 in cmd_error_internal (data=XIL(0x1347283), context=0x7fffffffce90 "") at keyboard.c:972
972 call3 (Vcommand_error_function, data,
(gdb) pp data
(wrong-type-argument consp
Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x00000000005870c8 in PSEUDOVECTOR_TYPE (v=0xc8c7000c8421c6c0) at lisp.h:1573
1573 ptrdiff_t size = v->header.size;
The program being debugged was signaled while in a function called from GDB.
GDB remains in the frame where the signal was received.
To change this behavior use "set unwindonsignal on".
Evaluation of the expression containing the function
(safe_debug_print) will be abandoned.
When the function is done executing, GDB will silently stop.
--
Damien Cassou
http://damiencassou.seasidehosting.st
"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#33530; Package
emacs.
(Wed, 28 Nov 2018 12:02:01 GMT)
Full text and
rfc822 format available.
Message #31 received at 33530 <at> debbugs.gnu.org (full text, mbox):
> From: Damien Cassou <damien <at> cassou.me>
> Cc: 33530 <at> debbugs.gnu.org, eggert <at> cs.ucla.edu, michael.albinus <at> gmx.de
> Date: Wed, 28 Nov 2018 12:33:51 +0100
>
> (gdb) frame 10
> #10 0x00000000005911d8 in cmd_error_internal (data=XIL(0x1347283), context=0x7fffffffce90 "") at keyboard.c:972
> 972 call3 (Vcommand_error_function, data,
>
> (gdb) pp data
> (wrong-type-argument consp
Thanks, it's clear now.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 26 Dec 2018 12:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 177 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.