Package: emacs;
Reported by: Karl Otness <karl <at> karlotness.com>
Date: Sat, 17 Dec 2022 03:40:01 UTC
Severity: normal
Found in version 30.0.50
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Karl Otness <karl <at> karlotness.com> To: bug-gnu-emacs <at> gnu.org Subject: 30.0.50; PGTK Emacs crashes after signal Date: Fri, 16 Dec 2022 22:39:27 -0500
Hello, I have been having issues with unpredictable crashes running
Emacs master with PGTK on Wayland. This looks somewhat similar to
bug#59452.
Like that bug, it seems to be caused by an Emacs signal happening in a
GTK callback. It works its way to get_char_property_and_overlay
(textprop.c:644), signals, which longjmps out of the GLib/GObject
signal handling (g_signal_emit) leading to memory corruption and a
segfault.
Backtraces below. The segfault happens after continuing. Seems like
after continuing it reenters g_signal_emit and follows a corrupted
pointer in a linked list of signals to dispatch.
Unfortunately I don't have a good recipe for reliably reproducing it.
I've only seen it happen in buffers with eglot enabled (so far C++
buffers) when clicking around, typing, messing with the eglot menu,
etc.
This is for an Emacs from recent master.
Version: 30.0.50
Commit: 1568123196cd8b57ed64e284b7deb058026be713
Configured using:
'configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib
--localstatedir=/var --with-pgtk --with-native-compilation
--without-sound --with-harfbuzz --without-m17n-flt --without-xft
--with-libotf --with-cairo --with-modules --without-gconf
--without-gsettings --with-gameuser=:games --without-imagemagick
--with-dumping=pdumper --with-sqlite3 --with-json --with-tree-sitter
'--program-transform-name=s/^ctags$/ctags.emacs/' 'CFLAGS=-g -ggdb -O3
-pipe -fno-plt -fstack-protector-all -fstack-clash-protection
-fcf-protection=full -fPIE -D_FORTIFY_SOURCE=3 -march=native
-mtune=native' 'LDFLAGS=-pie
-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now,-z,noexecstack''
Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM HARFBUZZ JPEG JSON LCMS2
LIBOTF LIBSYSTEMD LIBXML2 MODULES NATIVE_COMP NOTIFY INOTIFY PDUMPER
PGTK PNG RSVG SECCOMP SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS
TREE_SITTER WEBP XIM GTK3 ZLIB
Let me know if there's anything else I can gather that might be
helpful.
Thanks,
Karl
Here's the backtrace for the signal out of the event handling. From
GDB with a breakpoint on Fsignal and a condition
'$_any_caller_is("g_signal_emit", 20)'
> #0 Fsignal (error_symbol=error_symbol <at> entry=0x2f40, data=0x55bed53eeac3) at eval.c:1681
> #1 0x000055bece1213bf in xsignal (data=<optimized out>, error_symbol=0x2f40) at emacs/src/lisp.h:4558
> #2 xsignal1 (error_symbol=error_symbol <at> entry=0x2f40, arg=arg <at> entry=0x82) at eval.c:1878
> #3 0x000055bece1253e3 in get_char_property_and_overlay (position=0x82, prop=0x5a90, object=0x7f105451a265, overlay=0x0) at textprop.c:644
> #4 0x000055bece156110 in string_buffer_position_lim (string=string <at> entry=0x55bed52e8b24, from=from <at> entry=32, to=to <at> entry=1032, back_p=back_p <at> entry=false) at xdisp.c:6246
> #5 0x000055bece1561fa in string_buffer_position (string=0x55bed52e8b24, around_charpos=32) at xdisp.c:6284
> #6 0x000055bece1aaddb in note_mouse_highlight (f=f <at> entry=0x55bed1a839e8, x=<optimized out>, y=<optimized out>) at xdisp.c:35339
> #7 0x000055bece4039ac in note_mouse_movement (event=0x55bed1ce6030, frame=0x55bed1a839e8) at pgtkterm.c:5821
> #8 motion_notify_event (widget=widget <at> entry=0x55bed2024130, event=0x55bed1ce6030, user_data=<optimized out>) at pgtkterm.c:5905
> #9 0x00007f105c684fd8 in _gtk_marshal_BOOLEAN__BOXED (closure=0x55bed1ef9f40, return_value=0x7ffebc5ae480, n_param_values=<optimized out>, param_values=0x7ffebc5ae4e0, invocation_hint=<optimized out>, marshal_data=<optimized out>)
> at gtk/gtkmarshalers.c:84
> #10 0x00007f105c095210 in g_closure_invoke (closure=0x55bed1ef9f40, return_value=0x7ffebc5ae480, n_param_values=2, param_values=0x7ffebc5ae4e0, invocation_hint=0x7ffebc5ae460) at ../glib/gobject/gclosure.c:832
> #11 0x00007f105c0c2ea8 in signal_emit_unlocked_R.isra.0
> (node=<optimized out>, detail=detail <at> entry=0, instance=instance <at> entry=0x55bed2024130, emission_return=emission_return <at> entry=0x7ffebc5ae5f0, instance_and_params=instance_and_params <at> entry=0x7ffebc5ae4e0)
> at ../glib/gobject/gsignal.c:3796
> #12 0x00007f105c0b2980 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args <at> entry=0x7ffebc5ae6a0) at ../glib/gobject/gsignal.c:3559
> #13 0x00007f105c0b3204 in g_signal_emit (instance=instance <at> entry=0x55bed2024130, signal_id=<optimized out>, detail=detail <at> entry=0) at ../glib/gobject/gsignal.c:3606
> #14 0x00007f105c9447f5 in gtk_widget_event_internal.part.0.lto_priv.0 (widget=0x55bed2024130, event=0x55bed1ce6030) at ../gtk/gtk/gtkwidget.c:7812
> #15 0x00007f105c7e20db in propagate_event_up (topmost=<optimized out>, event=<optimized out>, widget=0x55bed2024130) at ../gtk/gtk/gtkmain.c:2588
> #16 propagate_event (widget=widget <at> entry=0x55bed2024130, event=event <at> entry=0x55bed1ce6030, captured=captured <at> entry=0, topmost=topmost <at> entry=0x0) at ../gtk/gtk/gtkmain.c:2691
> #17 0x00007f105c7e2212 in gtk_propagate_event (widget=widget <at> entry=0x55bed2024130, event=event <at> entry=0x55bed1ce6030) at ../gtk/gtk/gtkmain.c:2725
> #18 0x00007f105c7e2fbb in gtk_main_do_event (event=<optimized out>) at ../gtk/gtk/gtkmain.c:1921
> #19 gtk_main_do_event (event=<optimized out>) at ../gtk/gtk/gtkmain.c:1691
> #20 0x00007f105c542cd3 in _gdk_event_emit (event=0x55bed1ce6030) at ../gtk/gdk/gdkevents.c:73
> #21 _gdk_event_emit (event=0x55bed1ce6030) at ../gtk/gdk/gdkevents.c:67
> #22 0x00007f105c576d48 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../gtk/gdk/wayland/gdkeventsource.c:124
> #23 0x00007f105bf9787b in g_main_dispatch (context=0x55bed0cc5940) at ../glib/glib/gmain.c:3444
> #24 g_main_context_dispatch (context=0x55bed0cc5940) at ../glib/glib/gmain.c:4162
> #25 0x000055bece3feea9 in pgtk_read_socket (terminal=<optimized out>, hold_quit=0x7ffebc5ae9f0) at pgtkterm.c:3839
> #26 pgtk_read_socket (terminal=<optimized out>, hold_quit=0x7ffebc5ae9f0) at pgtkterm.c:3818
> #27 0x000055bece251ae1 in gobble_input () at keyboard.c:7417
> #28 0x000055bece254901 in handle_async_input () at keyboard.c:7648
> #29 process_pending_signals () at keyboard.c:7662
> #30 unblock_input_to (level=0) at keyboard.c:7677
> #31 unblock_input_to (level=<optimized out>) at keyboard.c:7671
> #32 unblock_input () at keyboard.c:7696
> #33 timer_check () at keyboard.c:4742
> #34 0x000055bece254bcd in readable_events (flags=1) at keyboard.c:3524
> #35 0x000055bece25a624 in get_input_pending (flags=1) at keyboard.c:7367
> #36 detect_input_pending_run_timers (do_display=do_display <at> entry=true) at keyboard.c:10897
> #37 0x000055bece38962f in wait_reading_process_output
> (time_limit=time_limit <at> entry=0, nsecs=nsecs <at> entry=0, read_kbd=read_kbd <at> entry=-1, do_display=<optimized out>, wait_for_cell=wait_for_cell <at> entry=0x0, wait_proc=wait_proc <at> entry=0x0, just_wait_proc=<optimized out>) at process.c:5779
> #38 0x000055bece25271c in kbd_buffer_get_event (end_time=0x0, used_mouse_menu=0x7ffebc5af64b, kbp=<synthetic pointer>) at keyboard.c:4003
> #39 read_event_from_main_queue (used_mouse_menu=0x7ffebc5af64b, local_getcjmp=0x7ffebc5af3c0, end_time=0x0) at keyboard.c:2270
> #40 read_decoded_event_from_main_queue (end_time=0x0, local_getcjmp=0x7ffebc5af3c0, prev_event=0x0, used_mouse_menu=0x7ffebc5af64b) at keyboard.c:2334
> #41 0x000055bece25b904 in read_char (commandflag=1, map=0x55bed51362e3, prev_event=0x0, used_mouse_menu=0x7ffebc5af64b, end_time=0x0) at keyboard.c:2964
> #42 0x000055bece2600b7 in read_key_sequence (keybuf=<optimized out>, prevent_redisplay=false, fix_current_buffer=<optimized out>, can_return_switch_frame=<optimized out>, dont_downcase_last=<optimized out>, prompt=<optimized out>)
> at keyboard.c:10074
> #43 0x000055bece262141 in command_loop_1 () at keyboard.c:1376
> #44 0x000055bece3055bf in internal_condition_case (bfun=bfun <at> entry=0x55bece261f70 <command_loop_1>, handlers=handlers <at> entry=0x90, hfun=hfun <at> entry=0x55bece248c70 <cmd_error>) at eval.c:1474
> #45 0x000055bece24682f in command_loop_2 (handlers=handlers <at> entry=0x90) at keyboard.c:1125
> #46 0x000055bece3054e5 in internal_catch (tag=tag <at> entry=0xfb10, func=func <at> entry=0x55bece2467f0 <command_loop_2>, arg=arg <at> entry=0x90) at eval.c:1197
> #47 0x000055bece2467bb in command_loop () at keyboard.c:1103
> #48 0x000055bece24ee1d in recursive_edit_1 () at keyboard.c:712
> #49 0x000055bece24f269 in Frecursive_edit () at keyboard.c:795
> #50 0x000055bece128b15 in main (argc=<optimized out>, argv=0x7ffebc5afc88) at emacs.c:2529
and the stack trace after the longjmp (unwinds all the way to
internal_condition_case):
> #0 0x000055bece305577 in internal_condition_case
> (bfun=bfun <at> entry=0x55bece261f70 <command_loop_1>, handlers=handlers <at> entry=0x90, hfun=hfun <at> entry=0x55bece248c70 <cmd_error>) at eval.c:1465
> #1 0x000055bece24682f in command_loop_2 (handlers=handlers <at> entry=0x90) at keyboard.c:1125
> #2 0x000055bece3054e5 in internal_catch
> (tag=tag <at> entry=0xfb10, func=func <at> entry=0x55bece2467f0 <command_loop_2>, arg=arg <at> entry=0x90) at eval.c:1197
> #3 0x000055bece2467bb in command_loop () at keyboard.c:1103
> #4 0x000055bece24ee1d in recursive_edit_1 () at keyboard.c:712
> #5 0x000055bece24f269 in Frecursive_edit () at keyboard.c:795
> #6 0x000055bece128b15 in main (argc=<optimized out>, argv=0x7ffebc5afc88) at emacs.c:2529
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.