GNU bug report logs - #558
23.0.60; crash on M-x make-frame-on-display

Previous Next

Package: emacs;

Reported by: Andreas Seltenreich <seltenreich <at> gmx.de>

Date: Mon, 14 Jul 2008 08:50:03 UTC

Severity: normal

Done: Chong Yidong <cyd <at> stupidchicken.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 558 in the body.
You can then email your comments to 558 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>:
bug#558; Package emacs. Full text and rfc822 format available.
Acknowledgement sent to Andreas Seltenreich <seltenreich <at> gmx.de>:
New bug report received and forwarded. Copy sent to Emacs Bugs <bug-gnu-emacs <at> gnu.org>. Full text and rfc822 format available.

Message #5 received at submit <at> emacsbugs.donarmstrong.com (full text, mbox):

From: Andreas Seltenreich <seltenreich <at> gmx.de>
To: emacs-pretest-bug <at> gnu.org
Subject: 23.0.60; crash on M-x make-frame-on-display
Date: Mon, 14 Jul 2008 10:40:50 +0200

> Please write in English if possible, because the Emacs maintainers
> usually do not have translators to read other languages for them.

> Your bug report will be posted to the emacs-pretest-bug <at> gnu.org mailing list.

> Please describe exactly what actions triggered the bug
> and the precise symptoms of the bug:

1. compiling emacs from CVS using
./configure --with-x-toolkit=no CFLAGS='-O2 -g -fno-crossjumping'
2. running emacs -Q -nw
3. now there's a 1 in 10 chance M-x make-frame-on-display RET :0 RET
will crash emacs with the following symptoms:

--8<---------------cut here---------------start------------->8---
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47821396663536 (LWP 3159)]
0x00002b7e4864e28e in XPending () from /usr/lib/libX11.so.6
(gdb) bt
#0  0x00002b7e4864e28e in XPending () from /usr/lib/libX11.so.6
#1  0x000000000049a33f in XTread_socket (terminal=0xefcb70, expected=1, hold_quit=0x7fff6301e830) at xterm.c:7193
#2  0x00000000004c2f05 in read_avail_input (expected=1) at keyboard.c:7086
#3  0x00000000004c2fea in handle_async_input () at keyboard.c:7313
#4  0x0000000000494a37 in x_term_init (display_name=20626963, xrm_option=0x0, resource_name=0x1c7c2b0 "emacs") at xterm.c:10128
#5  0x000000000049f783 in x_display_info_for_name (name=20626963) at xfns.c:4101
#6  0x00000000004a453d in Fx_create_frame (parms=28664357) at xfns.c:3149
#7  0x000000000052a4c6 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3042
#8  0x000000000055f32b in Fbyte_code (bytestr=<value optimized out>, vector=19839377, maxdepth=28) at bytecode.c:678
#9  0x0000000000529f6f in funcall_lambda (fun=7562500, nargs=1, arg_vector=0x7fff6301ec38) at eval.c:3229
#10 0x000000000052a345 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3088
#11 0x000000000055f32b in Fbyte_code (bytestr=<value optimized out>, vector=29642081, maxdepth=80) at bytecode.c:678
#12 0x0000000000529f6f in funcall_lambda (fun=8106276, nargs=1, arg_vector=0x7fff6301edc8) at eval.c:3229
#13 0x000000000052a345 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3088
#14 0x000000000055f32b in Fbyte_code (bytestr=<value optimized out>, vector=10541745, maxdepth=26) at bytecode.c:678
#15 0x0000000000529f6f in funcall_lambda (fun=8103764, nargs=1, arg_vector=0x7fff6301ef98) at eval.c:3229
#16 0x000000000052a345 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3088
#17 0x0000000000527522 in Fcall_interactively (function=29659713, record_flag=9669105, keys=9736036) at callint.c:857
#18 0x000000000052a4f4 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3048
#19 0x000000000052a734 in call3 (fn=<value optimized out>, arg1=<value optimized out>, arg2=140734854457392, arg3=140734854457464) at eval.c:2868
#20 0x00000000004c092c in Fexecute_extended_command (prefixarg=9669009) at keyboard.c:10533
#21 0x000000000052a4c6 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3042
#22 0x0000000000527522 in Fcall_interactively (function=9739089, record_flag=9669009, keys=9736036) at callint.c:857
#23 0x000000000052a4f4 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3048
#24 0x000000000052a734 in call3 (fn=<value optimized out>, arg1=<value optimized out>, arg2=140734854457392, arg3=140734854457464) at eval.c:2868
#25 0x00000000004cd322 in command_loop_1 () at keyboard.c:1910
#26 0x0000000000528d34 in internal_condition_case (bfun=0x4ccf60 <command_loop_1>, handlers=9756209, hfun=0x4c6ab0 <cmd_error>) at eval.c:1511
#27 0x00000000004c5d9a in command_loop_2 () at keyboard.c:1367
#28 0x0000000000528e37 in internal_catch (tag=<value optimized out>, func=0x4c5d80 <command_loop_2>, arg=9669009) at eval.c:1247
#29 0x00000000004c68f3 in command_loop () at keyboard.c:1346
#30 0x00000000004c6c8c in recursive_edit_1 () at keyboard.c:955
#31 0x00000000004c6df0 in Frecursive_edit () at keyboard.c:1017
#32 0x00000000004bc533 in main (argc=3, argv=0x7fff6301fe38) at emacs.c:1762

Lisp Backtrace:
  "x-create-frame" (0x6301eaa8)
  "x-create-frame-with-faces" (0x6301ec38)
  "make-frame" (0x6301edc8)
  "make-frame-on-display" (0x6301ef98)
  "call-interactively" (0x6301f1b8)
  "execute-extended-command" (0x6301f368)
  "call-interactively" (0x6301f578)
(gdb) up
#1  0x000000000049a33f in XTread_socket (terminal=0xefcb70, expected=1, hold_quit=0x7fff6301e830) at xterm.c:7193
(gdb) list
7188	#endif
7189	    }
7190	#endif
7191	
7192	#ifndef USE_GTK
7193	  while (XPending (terminal->display_info.x->display))
7194	    {
7195	      int finish;
7196	
7197	      XNextEvent (terminal->display_info.x->display, &event);
(gdb) p terminal->display_info.x->display
$1 = (Display *) 0x0
(gdb) up
#2  0x00000000004c2f05 in read_avail_input (expected=1) at keyboard.c:7086
(gdb) 
#3  0x00000000004c2fea in handle_async_input () at keyboard.c:7313
(gdb) 
#4  0x0000000000494a37 in x_term_init (display_name=20626963, xrm_option=0x0, resource_name=0x1c7c2b0 "emacs") at xterm.c:10128
(gdb) list
10123		init_kboard (terminal->kboard);
10124		terminal->kboard->Vwindow_system = intern ("x");
10125		if (!EQ (XSYMBOL (Qvendor_specific_keysyms)->function, Qunbound))
10126		  {
10127		    char *vendor = ServerVendor (dpy);
10128		    UNBLOCK_INPUT;
10129		    terminal->kboard->Vsystem_key_alist
10130		      = call1 (Qvendor_specific_keysyms,
10131			       vendor ? build_string (vendor) : empty_unibyte_string);
10132		    BLOCK_INPUT;
(gdb) p terminal == terminal_list
$2 = 1
(gdb) p terminal->display_info.x->display
$3 = (Display *) 0x0
(gdb)
--8<---------------cut here---------------end--------------->8---

I can no longer trigger any crashes after patching xterm.c like this:

--8<---------------cut here---------------start------------->8---
*** xterm.c.~1.1000.~	2008-07-13 18:20:31.000000000 +0200
--- xterm.c	2008-07-14 05:22:26.000000000 +0200
***************
*** 10125,10135 ****
--- 10125,10140 ----
  	if (!EQ (XSYMBOL (Qvendor_specific_keysyms)->function, Qunbound))
  	  {
  	    char *vendor = ServerVendor (dpy);
+ 	    /* temporarily hide the partially initialized terminal */
+ 	    xassert(terminal_list == terminal);
+ 	    terminal_list = terminal->next;
  	    UNBLOCK_INPUT;
  	    terminal->kboard->Vsystem_key_alist
  	      = call1 (Qvendor_specific_keysyms,
  		       vendor ? build_string (vendor) : empty_unibyte_string);
  	    BLOCK_INPUT;
+ 	    terminal->next = terminal_list;
+ 	    terminal_list = terminal;
  	  }
  
  	terminal->kboard->next_kboard = all_kboards;
--8<---------------cut here---------------end--------------->8---

Here's a ChangeLog entry in case this fix is actually correct.

--8<---------------cut here---------------start------------->8---
2008-07-14  Andreas Seltenreich  <seltenreich <at> gmx.de>

	* xterm.c (x_term_init) [MULTI_KBOARD]: Hide the partially
	initialized terminal while unblocking input for call1 of
	Qvendor_specific_keysyms.
--8<---------------cut here---------------end--------------->8---

regards,
andreas

> In GNU Emacs 23.0.60.6 (x86_64-unknown-linux-gnu)
>  of 2008-07-14 on tengen
> Windowing system distributor `The X.Org Foundation', version 11.0.70101000
> configured using `configure  '--with-x-toolkit=no' '--enable-debug''
Information forwarded to bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>:
bug#558; Package emacs. Full text and rfc822 format available.
Acknowledgement sent to Andreas Seltenreich <seltenreich <at> gmx.de>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs <at> gnu.org>. Full text and rfc822 format available.

Message #10 received at 558 <at> emacsbugs.donarmstrong.com (full text, mbox):

From: Andreas Seltenreich <seltenreich <at> gmx.de>
To: 558 <at> debbugs.gnu.org
Subject: Re: bug#558: (23.0.60; crash on M-x make-frame-on-display)
Date: Mon, 14 Jul 2008 19:34:13 +0200

Emacs bug Tracking System writes:

> If you wish to submit further information on this problem, please
> send it to 558 <at> emacsbugs.donarmstrong.com, as before.

The patch in the initial report is broken.  Sorry for the inconvenience.
Here's a tested version.

--8<---------------cut here---------------start------------->8---
*** xterm.c.~1.1000.~	2008-07-13 18:20:31.000000000 +0200
--- xterm.c	2008-07-14 19:04:45.000000000 +0200
***************
*** 10125,10135 ****
--- 10125,10140 ----
  	if (!EQ (XSYMBOL (Qvendor_specific_keysyms)->function, Qunbound))
  	  {
  	    char *vendor = ServerVendor (dpy);
+ 	    /* temporarily hide the partially initialized terminal */
+ 	    xassert(terminal_list == terminal);
+ 	    terminal_list = terminal->next_terminal;
  	    UNBLOCK_INPUT;
  	    terminal->kboard->Vsystem_key_alist
  	      = call1 (Qvendor_specific_keysyms,
  		       vendor ? build_string (vendor) : empty_unibyte_string);
  	    BLOCK_INPUT;
+ 	    terminal->next_terminal = terminal_list;
+ 	    terminal_list = terminal;
  	  }
  
  	terminal->kboard->next_kboard = all_kboards;
--8<---------------cut here---------------end--------------->8---

I also found a way to artificially cause a SIGIO at the right time to
trigger the crash more reliably:

1. compiling emacs from CVS using
./configure --with-x-toolkit=no CFLAGS='-O2 -g -fno-crossjumping'
2. running emacs -Q -nw
3. M-x find-function RET vendor-specific-keysyms RET
4. C-u C-M-x
5. crash on M-x make-frame-on-display RET :0 RET

regards,
andreas
Reply sent to Chong Yidong <cyd <at> stupidchicken.com>:
You have taken responsibility. Full text and rfc822 format available.
Notification sent to Andreas Seltenreich <seltenreich <at> gmx.de>:
bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 558-done <at> emacsbugs.donarmstrong.com (full text, mbox):

From: Chong Yidong <cyd <at> stupidchicken.com>
To: Andreas Seltenreich <seltenreich <at> gmx.de>
Cc: 558-done <at> debbugs.gnu.org
Subject: Re: bug#558: (23.0.60; crash on M-x make-frame-on-display)
Date: Tue, 26 Aug 2008 20:11:04 -0400

Thanks very much for your patch.  I've checked it in.
bug archived. Request was from Debbugs Internal Request <don <at> donarmstrong.com> to internal_control <at> emacsbugs.donarmstrong.com. (Wed, 24 Sep 2008 14:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 16 years and 324 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.