Package: emacs;
Reported by: Eli Zaretskii <eliz <at> gnu.org>
Date: Thu, 11 Mar 2021 11:28:02 UTC
Severity: normal
Found in version 28.0.50
Done: Eli Zaretskii <eliz <at> gnu.org>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: help-debbugs <at> gnu.org (GNU bug Tracking System) To: Eli Zaretskii <eliz <at> gnu.org> Subject: bug#47067: closed (Re: bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c) Date: Tue, 06 Apr 2021 16:10:02 +0000
[Message part 1 (text/plain, inline)]
Your bug report #47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 47067 <at> debbugs.gnu.org. -- 47067: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=47067 GNU Bug Tracking System Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
From: Eli Zaretskii <eliz <at> gnu.org> To: Andrea Corallo <akrl <at> sdf.org> Cc: 47067-done <at> debbugs.gnu.org Subject: Re: bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c Date: Tue, 06 Apr 2021 19:09:50 +0300> From: Andrea Corallo <akrl <at> sdf.org> > Cc: 47067 <at> debbugs.gnu.org > Date: Tue, 06 Apr 2021 16:06:53 +0000 > > >> Right, 0a3e715e1f should do the job please have a try when you like. > > > > Thanks, this works. > > Nice, is there anything left we should look into for this bug? No, closing.
[Message part 3 (message/rfc822, inline)]
From: Eli Zaretskii <eliz <at> gnu.org> To: bug-gnu-emacs <at> gnu.org Cc: Andrea Corallo <akrl <at> sdf.org> Subject: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c Date: Thu, 11 Mar 2021 13:27:52 +0200I was hit by a segfault while scrolling through a C source file, in this case dispnew.c. The sequence of commands was this: emacs -Q C-h sit-for RET Click on the link to subr.el In subr.el go to where sit-for calls sleep-for and type C-h f RET Click on "C source code" to display dispnew.c Scroll down with C-n or C-v The backtrace appears below, with some data I collected. The argument 'args' to Flss is obviously bogus, but I don't understand how it came into existence. Maybe related to 0x30, which stands for the symbol t? The first call-stack frame above that I can examine, frame #4, calls c-beginning-of-statement-1 with 4 nil args and the last argument of t. The levels below that are impenetrable for me: is there a way of digging into this F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0 thing? Any suggestions for how to debug this further or what data to collect that will give you an idea for the root cause(s)? P.S. Note the stopped backtrace: this is something I see for the last couple of days on the native-comp branch, not sure if it's related. I will report that separately. P.P.S. I tried to start another instance of Emacs from the branch, and it immediately displayed this: Re-entering top level after C stack overflow Which probably means something unhealthy happens when you start Emacs while another instance is under a debugger with the same *.eln files loaded. Here's the backtrace and some related variables from the crash site: Thread 1 received signal SIGSEGV, Segmentation fault. 0x01236788 in arithcompare_driver (nargs=2, args=0x28, comparison=ARITH_LESS) at data.c:2673 2673 if (NILP (arithcompare (args[i - 1], args[i], comparison))) (gdb) bt #0 0x01236788 in arithcompare_driver (nargs=2, args=0x28, comparison=ARITH_LESS) at data.c:2673 #1 0x01236860 in Flss (nargs=2, args=0x28) at data.c:2691 #2 0x61a92285 in F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0 () from d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln #3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5, arg_vector=0x827a78) at eval.c:3292 #4 0x012601ed in Ffuncall (nargs=6, args=0x827a70) at eval.c:3013 #5 0x61b00dbf in F632d6a7573742d61667465722d66756e632d6172676c6973742d70_c_just_after_func_arglist_p_0 () from d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln #6 0x01261898 in funcall_lambda (fun=XIL(0xa000000007973cb8), nargs=0, arg_vector=0x827c50) at eval.c:3292 #7 0x012601ed in Ffuncall (nargs=1, args=0x827c48) at eval.c:3013 #8 0x61aee041 in F632d6261636b2d6f7665722d6d656d6265722d696e697469616c697a657273_c_back_over_member_initializers_0 () from d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln #9 0x01261898 in funcall_lambda (fun=XIL(0xa0000000079739f8), nargs=1, arg_vector=0x827e28) at eval.c:3292 #10 0x012601ed in Ffuncall (nargs=2, args=0x827e20) at eval.c:3013 #11 0x0a525b36 in ?? () #12 0x01261898 in funcall_lambda (fun=XIL(0xa0000000079b97c0), nargs=1, arg_vector=0x8280c0) at eval.c:3292 #13 0x012601ed in Ffuncall (nargs=2, args=0x8280b8) at eval.c:3013 #14 0x0686af93 in ?? () #15 0x012de838 in helper_save_restriction () at comp.c:4575 #16 0x0122e9aa in wrong_type_argument (predicate=XIL(0x892404890c245c89), value=XIL(0x8244c89e45d8be0)) at data.c:143 Backtrace stopped: previous frame inner to this frame (corrupt stack?) Lisp Backtrace: "c-beginning-of-statement-1" (0x827a78) "c-just-after-func-arglist-p" (0x827c50) "c-back-over-member-initializers" (0x827e28) "c-font-lock-cut-off-declarators" (0x8280c0) "font-lock-fontify-keywords-region" (0x828418) "font-lock-default-fontify-region" (0x828728) "c-font-lock-fontify-region" (0x8288d8) "font-lock-fontify-region" (0x828ac8) 0x78fb7e8 PVEC_COMPILED "jit-lock--run-functions" (0x829460) "jit-lock-fontify-now" (0x829720) "jit-lock-function" (0x829948) "redisplay_internal (C function)" (0x0) (gdb) fr 3 #3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5, arg_vector=0x827a78) at eval.c:3292 3292 val = XSUBR (fun)->function.a0 (); (gdb) p nargs $1 = 5 (gdb) p args[0] No symbol "args" in current context. (gdb) p arg_vector $2 = (Lisp_Object *) 0x827a78 (gdb) p arg_vector [0] $3 = XIL(0) (gdb) p arg_vector [1] $4 = XIL(0) (gdb) p arg_vector[0] $5 = XIL(0) (gdb) p arg_vector[1] $6 = XIL(0) (gdb) p arg_vector[2] $7 = XIL(0) (gdb) p arg_vector[3] $8 = XIL(0) (gdb) p arg_vector[4] $9 = XIL(0x30) (gdb) xtype Lisp_Symbol (gdb) xsymbol $10 = (struct Lisp_Symbol *) 0x186a390 <lispsym+48> "t" (gdb) up #4 0x012601ed in Ffuncall (nargs=6, args=0x827a70) at eval.c:3013 3013 val = funcall_lambda (fun, numargs, args + 1); (gdb) p args[0] $11 = XIL(0x60800a8) (gdb) xtype Lisp_Symbol (gdb) xsymbol $12 = (struct Lisp_Symbol *) 0x78ea408 "c-beginning-of-statement-1" (gdb) p args[1] $13 = XIL(0) (gdb) p args[2] $14 = XIL(0) (gdb) p args[3] $15 = XIL(0) (gdb) p args[4] $16 = XIL(0) (gdb) p args[5] $17 = XIL(0x30) (gdb) down #3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5, arg_vector=0x827a78) at eval.c:3292 3292 val = XSUBR (fun)->function.a0 (); (gdb) p fun $18 = XIL(0xa00000000796aed8) (gdb) xtype Lisp_Vectorlike PVEC_SUBR (gdb) xsubr $19 = (struct Lisp_Subr *) 0x796aed8 { header = { size = 1342205952 }, function = { a0 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, a1 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, a2 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, a3 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, a4 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, a5 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, a6 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, a7 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, a8 = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, aUNEVALLED = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>, aMANY = 0x61a8d020 <F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0> }, min_args = 0, max_args = 5, symbol_name = 0x796eac0 "c-beginning-of-statement-1", { intspec = 0x0, native_intspec = XIL(0) }, doc = 91, native_comp_u = {XIL(0xa0000000078884c0)}, native_c_name = { 0x796eaf8 "F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0"}, lambda_list = {XIL(0xc0000000079155b0)}, type = {XIL(0)} } (gdb) p 0x28 $20 = 40 (gdb) xtype Lisp_Symbol (gdb) xsymbol $21 = (struct Lisp_Symbol *) 0x186a388 <lispsym+40> Cannot access memory at address 0x1a4 (gdb) In GNU Emacs 28.0.50 (build 1080, i686-pc-mingw32) of 2021-03-11 built on HOME-C4E4A596F7 Repository revision: 8497af6892fcf9b08a1c120e897c9f5c21ea64fa Repository branch: master Windowing system distributor 'Microsoft Corp.', version 5.1.2600 System Description: Microsoft Windows XP Service Pack 3 (v5.1.0.2600) Configured using: 'configure -C --prefix=/d/usr --with-wide-int --with-modules --enable-checking=yes,glyphs 'CFLAGS=-O0 -gdwarf-4 -g3'' Configured features: ACL GIF GMP GNUTLS HARFBUZZ JPEG JSON LCMS2 LIBXML2 MODULES NOTIFY W32NOTIFY PDUMPER PNG RSVG SOUND THREADS TIFF TOOLKIT_SCROLL_BARS XPM ZLIB Important settings: value of $LANG: ENU locale-coding-system: cp1255 Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t global-eldoc-mode: t eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug message rmc puny dired dired-loaddefs rfc822 mml mml-sec epa derived epg epg-config gnus-util rmail rmail-loaddefs auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs password-cache json map text-property-search time-date subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils iso-transl tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars term/common-win tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice button loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote threads w32notify w32 lcms2 multi-tty make-network-process emacs) Memory information: ((conses 16 56717 12106) (symbols 48 7804 1) (strings 16 21565 2060) (string-bytes 1 626902) (vectors 16 13077) (vector-slots 8 172292 12096) (floats 8 23 61) (intervals 40 263 114) (buffers 888 10))
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.