From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 11 22:44:25 2025 Received: (at submit) by debbugs.gnu.org; 12 Mar 2025 02:44:25 +0000 Received: from localhost ([127.0.0.1]:46588 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsC51-0001Ix-Sf for submit@debbugs.gnu.org; Tue, 11 Mar 2025 22:44:25 -0400 Received: from lists.gnu.org ([2001:470:142::17]:39172) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tsC4v-0001Ig-Qt for submit@debbugs.gnu.org; Tue, 11 Mar 2025 22:44:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tsC4o-0004Uu-1w for bug-gnu-emacs@gnu.org; Tue, 11 Mar 2025 22:44:11 -0400 Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tsC4j-0005mF-KB for bug-gnu-emacs@gnu.org; Tue, 11 Mar 2025 22:44:09 -0400 Received: by mail-pl1-x641.google.com with SMTP id d9443c01a7336-2232aead377so24643115ad.0 for ; Tue, 11 Mar 2025 19:44:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741747444; x=1742352244; darn=gnu.org; h=mime-version:message-id:date:user-agent:subject:to:from:from:to:cc :subject:date:message-id:reply-to; bh=qeMODoagXx0GbY6FieVKyAcl7hLJVIvnuZ+L+cGl8Yk=; b=cxjf/iq5rKk8J1AMldVbLVLux9dElxVK3GS50jSAah7BfMdAOkrSF3seOXX5AMZZSv xmxsbHkX+tcSBK/TwklTpN7nh3sO6YQ2NwcVAjxYDUypPpZ52ZUTd57bQz6QN+O+2uW0 jZLQjNHaY83wvH+yAwxP2EZWc/d2uJB9w0zqqB1pYjjWLI+II9uuE+LWae1O3N8V691N wGeI1cWz6jyTQU4YWhfXKUbYS29gXaaaawFC25ekSbiUtp3SWx52AYbc5bC8tSHF8Ms1 EnSlFOWCJ7PyplanRAAN0Xq0lQ54iJIeUQANYz4qw5JiyY2DZ/QDmGkU92p8/zTzJ8/z UqWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741747444; x=1742352244; h=mime-version:message-id:date:user-agent:subject:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qeMODoagXx0GbY6FieVKyAcl7hLJVIvnuZ+L+cGl8Yk=; b=u4Q+f3+dLsL+KW6uBCQHoBDmISc5j9zWVS+galYrLoxPZ7hrtANsZkZFxx9s2M+4yo TuXC0BOHBmRwziz87+rS/KWmeZRPtuSlg1Ghma514/kEi03SO2PcBpQAEUj4oPaFmvir 1K1DGv7I0jH7C2ZtV4CT3dEdrlv7r7sWP8bcFhZR6SHJYNNruhIKZWrArvMK6ylKFYil FhIvn92NoNpvBabubl8c2770IRlp6PF+dshB5j3Uyim/s9IeykvuXEIXBPwdLWWgoyby EA6ZVm13W2y+LNTZOaLxO4zwIhK/ZjgcT+g3eUzBcsetqh8I4ctZnxrqD6EJxO3oGYQc pLAg== X-Gm-Message-State: AOJu0YzorEGqbt/HM4nH7LdQqGqtSxzE6JTxiyeX1EFU/Yxoc0l4v6et hrFwk1x6qtB2UNVugKIodB1hpTBlDJfZhVaUN9CqZPY5wIqvUTWzsllZUaUz/Lw= X-Gm-Gg: ASbGncuZn+/fE2/v0efrq0oK0vF1kAC3Sf2xhymqxmGYQwQv0JvryH8elregKdGFniZ ym+cj28ES+fIYQ6vUolq0Ky26i0kEZW7X4eLDkk/D3ZNGYxkgtAYFiUsYDnPTEeTzxh8U0j6xer jjQ6fdY4Ngyqy+DPtVF2y6ApvvC7Mh76lMnNUmP+gC0g2+fcugQ69T4TX5OZx/j1Bj+9vvH6sCd zSJBnH2jYkVpvcXfmGu+lLldL0R5zzFLTYjzt/KFAu0zMd7TcFbYWQwh0UAVCAwJwmMG0c08AEh z6ImOqhG5QQ/SA1yp41T+JRSuEyQrfnO5ZnNyk9LBVtMA/IH5dsLtJ8mYADBfYUn6w== X-Google-Smtp-Source: AGHT+IEByMh0ieFJRzGt6BNIlnyFKsUkCPoJS6Cs/vuY5F5J7exAshqwfBYUN/o/1cqI1FjVnq9wkw== X-Received: by 2002:a17:903:283:b0:224:194c:6942 with SMTP id d9443c01a7336-22428bded4amr325142235ad.34.1741747442935; Tue, 11 Mar 2025 19:44:02 -0700 (PDT) Received: from localhost (23.106.131.181.16clouds.com. [23.106.131.181]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22410ac0794sm105258955ad.259.2025.03.11.19.44.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 19:44:02 -0700 (PDT) From: Eval Exec To: bug-gnu-emacs@gnu.org Subject: 31.0.50; master emacs crash with stack overflow User-Agent: mu4e 1.12.8; emacs 31.0.50 X-Debbugs-Cc: Date: Wed, 12 Mar 2025 10:43:59 +0800 Message-ID: <87zfhr6k9c.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::641; envelope-from=execvy@gmail.com; helo=mail-pl1-x641.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hello, I got a master branch emacs crash: (gdb) bt full #0 0x000000000055979e in stack_overflow (siginfo=0x85d1b0 ) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1895 addr = 0x70 bot = top = LG_STACK_HEURISTIC = LG_STACK_HEURISTIC #1 handle_sigsegv (sig=11, siginfo=0x85d1b0 , arg=) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1930 fatal = false #2 No symbol table info available. #3 backtrace_top () at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/eval.c:174 pdl = pdl = #4 backtrace_top_function () at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/eval.c:4270 pdl = pdl = #5 add_sample (count=1, plog=) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/profiler.c:328 No locals. #6 handle_profiler_signal (signal=27) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/profiler.c:380 count = 1 count = overruns = #7 deliver_process_signal (handler=, sig=27) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1751 old_errno = 1 on_main_thread = true old_errno = on_main_thread = blocked = #8 deliver_profiler_signal (signal=27) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/profiler.c:386 No locals. Backtrace stopped: Cannot access memory at address 0x7ffe5c5f2678 You can't do that without a process to debug. (gdb) In GNU Emacs 31.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.43, cairo version 1.18.2) of 2025-03-11 built on Mufasa Repository revision: 5e9675367ad0697f615b5168441bf6490977168c Repository branch: master System Description: NixOS 24.11 (Vicuna) Configured using: 'configure 'CFLAGS=-O3 -march=native -g3 -ggdb' --prefix=/home/exec/Projects/git.savannah.gnu.org/git/emacs-build/master-5e9675367ad0697f615b5168441bf6490977168c-O3-gdb --with-imagemagick --with-modules --with-pgtk --with-cairo --with-cairo-xcb --without-compress-install --with-mailutils --with-tree-sitter --with-xinput2 --enable-link-time-optimization --with-file-notification=inotify' Configured features: ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GSETTINGS HARFBUZZ IMAGEMAGICK JPEG LCMS2 LIBOTF LIBXML2 MODULES NATIVE_COMP NOTIFY INOTIFY PDUMPER PGTK PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM GTK3 ZLIB Important settings: value of $LC_COLLATE: C value of $LC_MONETARY: en_US.UTF-8 value of $LC_NUMERIC: en_US.UTF-8 value of $LC_TIME: en_US.UTF-8 value of $LANG: en_US.UTF-8 value of $XMODIFIERS: @im=fcitx locale-coding-system: utf-8-unix Major mode: mu4e:main Minor modes in effect: restore-point-mode: t global-atomic-chrome-edit-mode: t marginalia-mode: t hes-mode: t keycast-tab-bar-mode: t vertico-truncate-mode: t vertico-multiform-mode: t vertico-mode: t telega-root-auto-fill-mode: t telega-contact-birthdays-mode: t telega-active-video-chats-mode: t telega-active-locations-mode: t telega-patrons-mode: t telega-active-stories-mode: t tab-line-nerd-icons-global-mode: t global-tab-line-mode: t tab-line-mode: t org-roam-db-autosync-mode: t global-org-modern-mode: t mu4e-search-minor-mode: t mu4e-update-minor-mode: t mu4e-context-minor-mode: t mu4e-modeline-mode: t global-git-commit-mode: t treemacs-git-commit-diff-mode: t treemacs-project-follow-mode: t treemacs-filewatch-mode: t treemacs-follow-mode: t treemacs-git-mode: t treemacs-fringe-indicator-mode: t global-hungry-delete-mode: t hungry-delete-mode: t global-anzu-mode: t anzu-mode: t engine-mode: t global-evil-surround-mode: t evil-surround-mode: t global-git-gutter-mode: t yas-global-mode: t yas-minor-mode: t corfu-terminal-mode: t global-corfu-mode: t corfu-mode: t burly-tabs-mode: t global-form-feed-st-mode: t eat-eshell-mode: t sly-symbol-completion-mode: t super-save-mode: t savehist-mode: t which-key-mode: t super-hint-xref-mode: t super-hint-rg-mode: t windmove-mode: t server-mode: t save-place-mode: t recentf-mode: t winner-mode: t persistent-scratch-autosave-mode: t global-dash-fontify-mode: t nerd-icons-completion-mode: t sudo-edit-indicator-mode: t global-evil-visualstar-mode: t evil-visualstar-mode: t evil-commentary-mode: t global-evil-mc-mode: t evil-mc-mode: t evil-lion-mode: t global-evil-collection-unimpaired-mode: t evil-collection-unimpaired-mode: t TeX-PDF-mode: t global-auto-revert-mode: t evil-mode: t evil-local-mode: t general-override-mode: t minions-mode: t el-patch-use-package-mode: t elpaca-use-package-mode: t override-global-mode: t tooltip-mode: t global-eldoc-mode: t show-paren-mode: t electric-indent-mode: t mouse-wheel-mode: t tab-bar-mode: t file-name-shadow-mode: t context-menu-mode: t global-font-lock-mode: t font-lock-mode: t minibuffer-regexp-mode: t buffer-read-only: t column-number-mode: -1 line-number-mode: -1 transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t Load-path shadows: /home/exec/.emacs.d/elpaca/builds/lispy/elpa hides /home/exec/.emacs.d/elpaca/builds/ivy/elpa /home/exec/.emacs.d/elpaca/builds/modus-themes/theme-loaddefs hides /home/exec/.emacs.d/elpaca/builds/standard-themes/theme-loaddefs /home/exec/.emacs.d/elpaca/builds/modus-themes/theme-loaddefs hides /home/exec/.emacs.d/elpaca/builds/ef-themes/theme-loaddefs /home/exec/.emacs.d/elpaca/builds/modus-themes/theme-loaddefs hides /home/exec/Projects/git.savannah.gnu.org/git/emacs-build/master-5e9675367ad0697f615b5168441bf6490977168c-O3-gdb/share/emacs/31.0.50/lisp/theme-loaddefs /home/exec/.emacs.d/elpaca/builds/transient/transient hides /home/exec/Projects/git.savannah.gnu.org/git/emacs-build/master-5e9675367ad0697f615b5168441bf6490977168c-O3-gdb/share/emacs/31.0.50/lisp/transient Features: (shadow sort mail-extr copilot copilot-balancer editorconfig editorconfig-core editorconfig-core-handle editorconfig-fnmatch jsonrpc consult-dir-autoloads consult-ag-autoloads restore-point evil-collection-atomic-chrome atomic-chrome marginalia rainbow-mode elisp-autofmt highlight-defined elisp-def evil-collection-ert ert highlight-numbers parent-mode highlight-escape-sequences rainbow-delimiters breadcrumb symbol-overlay keycast zig-mode reformatter empv vertico-truncate vertico-posframe vertico-multiform evil-collection-vertico vertico lsp-uniteai nix-ts-mode go-translate gt-text-utility gt-engine-echo gt-engine-libre gt-engine-chatgpt gt-engine-youdao gt-engine-stardict gt-engine-deepl gt-engine-google-rpc gt-engine-google gt-engine-bing gt-extension gt-faces gt-core gt-httpx sdcv cap-words superword subword evil-collection-telega telega-obsolete telega telega-tdlib-events telega-match telega-root telega-info telega-chat telega-modes telega-company telega-emoji telega-user telega-notifications telega-voip telega-msg telega-story telega-webpage telega-tme telega-sticker telega-vvnote telega-ffplay telega-i18n telega-sort telega-filter telega-ins telega-inline telega-util telega-folders telega-topic telega-media telega-tdlib telega-server telega-core telega-customize emacsbug tab-line-nerd-icons evil-collection-imenu-list imenu-list tab-line rust-utils rust-mode-treesitter rust-ts-mode rust-mode rust-playpen rust-cargo rust-common rust-rustfmt rust-compile cargo cargo-process toml rg-info-hack rg-menu rg-ibuffer rg-result wgrep-rg rg-history ibuf-ext evil-collection-ibuffer ibuffer ibuffer-loaddefs rg-header evil-collection-ultra-scroll ultra-scroll pixel-scroll cua-base org-sliced-images evil-collection-org-roam org-roam-migrate org-roam-log org-roam-mode org-roam-capture org-roam-id org-roam-node org-roam-db emacsql-sqlite-builtin sqlite org-roam-utils org-roam-compat org-roam org-capture org-journal org-crypt cal-iso org-modern orderless evil-collection-mu4e mu4e mu4e-org mu4e-notification mu4e-main smtpmail mu4e-view mu4e-mime-parts mu4e-headers mu4e-thread mu4e-actions mu4e-compose mu4e-draft gnus-msg gnus-art mm-uu mml2015 gnus-sum gnus-group gnus-undo gnus-start gnus-dbus gnus-cloud nnimap nnmail mail-source utf7 nnoo gnus-spec gnus-int gnus-range gnus-win mu4e-search mu4e-lists mu4e-bookmarks mu4e-mark mu4e-message flow-fill mu4e-contacts mu4e-update mu4e-folders mu4e-context mu4e-query-items mu4e-server mu4e-modeline mu4e-vars mu4e-helpers mu4e-config mu4e-window ido mu4e-obsolete cyphejor qml-mode rfc-mode string-inflection systemd minuet pr-review pr-review-render pr-review-action pr-review-input pr-review-api pr-review-common evil-collection-forge forge-repos forge-tablist forge-topics forge-commands forge-semi forge-bitbucket buck forge-gogs gogs forge-gitea gtea forge-gitlab glab forge-github ghub-graphql treepy gsexp ghub forge-forgejo forge-notify forge-revnote forge-pullreq forge-issue forge-topic eieio-custom bug-reference forge-post forge-repo forge forge-core forge-db closql emacsql-sqlite emacsql emacsql-compiler eieio-base treemacs-magit magit-bookmark evil-collection-magit magit-submodule magit-blame magit-stash magit-reflog magit-bisect magit-push magit-pull magit-fetch magit-clone magit-remote magit-commit magit-sequence magit-notes magit-worktree magit-tag magit-merge magit-branch magit-reset magit-files magit-refs magit-status magit evil-collection-magit-repos magit-repos magit-apply magit-wip magit-log which-func magit-diff git-commit evil-collection-log-edit log-edit pcvs-util add-log magit-core magit-autorevert magit-margin magit-transient magit-process evil-collection-with-editor with-editor magit-mode magit-git magit-base dap-java dap-mode dap-tasks dap-launch lsp-docker yaml dap-overlays lsp-java treemacs-nerd-icons lsp-treemacs lsp-treemacs-generic lsp-treemacs-themes treemacs-treelib treemacs-git-commit-diff-mode treemacs-project-follow-mode treemacs-mouse-interface zoom treemacs treemacs-header-line treemacs-compatibility treemacs-mode treemacs-bookmarks treemacs-tags treemacs-interface treemacs-persistence treemacs-filewatch-mode treemacs-follow-mode treemacs-rendering treemacs-annotations treemacs-async treemacs-workspaces treemacs-dom treemacs-visuals treemacs-fringe-indicator treemacs-faces treemacs-icons treemacs-scope treemacs-themes treemacs-core-utils pfuture treemacs-logging treemacs-customization treemacs-macros consult-lsp lsp-ui lsp-ui-flycheck lsp-ui-doc evil-collection-lsp-ui-imenu lsp-ui-imenu lsp-ui-peek lsp-ui-sideline lsp-rust lsp-semantic-tokens lsp-mode network-stream lsp-ui-util lsp-protocol llm-prompt groovy-mode iedit iedit-lib evil-collection-hungry-delete hungry-delete hide-comnt minibuffer-header gptel-quick gotest fzf flycheck-clj-kondo pos-tip consult-flycheck flycheck-rust evil-anzu anzu engine-mode evil-collection-ement ement-room-list taxy-magit-section taxy ement ement-notifications ement-notify ement-room ewoc ement-lib ement-api ement-structs ement-macros dns llm-ollama llm-provider-utils llm-models llm-request-plz plz-event-source plz-media-type plz llm symex symex-evil symex-evil-support symex-hydra symex-transformations symex-transformations-lisp symex-utils evil-cleverparens evil-cleverparens-text-objects evil-cleverparens-util smartparens loadhist evil-surround symex-misc symex-interface-builtins symex-interface-fennel symex-interface-arc symex-interface-common-lisp symex-interface-clojure symex-interface-scheme symex-interface-racket symex-interface-elisp symex-interop symex-interface symex-traversals symex-dsl symex-evaluator symex-computations symex-primitives symex-ts symex-utils-ts symex-transformations-ts symex-primitives-lisp symex-data symex-ui symex-custom evil-collection-lispy lispy le-clojure delsel lispy-inline avy lispy-tags zoutline combobulate evil-collection-elfeed elfeed-show elfeed-search elfeed-csv elfeed elfeed-curl elfeed-log elfeed-db elfeed-lib xml-query dired-git-info dired-hacks dired-preview git-gutter evil-collection-cmake-mode cmake-mode consult-yasnippet yasnippet-capf yasnippet-snippets yasnippet kind-icon svg-lib corfu-terminal popon corfu-popupinfo corfu-indexed corfu-history evil-collection-corfu corfu consult-ls-git paredit clojure-ts-mode evil-collection-cider cider tramp-sh cider-debug cider-browse-ns cider-mode cider-xref-backend cider-find cider-inspector cider-completion cider-profile cider-eval cider-jar cider-repl-history pulse cider-repl cider-resolve cider-test cider-overlays cider-stacktrace cider-doc cider-browse-spec cider-clojuredocs cider-eldoc cider-docstring cider-client cider-common cider-completion-context cider-connection cider-popup sesman-browser nrepl-client cider-util sesman queue nrepl-dict spinner clojure-mode chatgpt-shell chatgpt-shell-openrouter chatgpt-shell-perplexity chatgpt-shell-openai chatgpt-shell-ollama chatgpt-shell-kagi chatgpt-shell-google chatgpt-shell-anthropic chatgpt-shell-prompt-compose evil-collection-smerge-mode smerge-mode diff shell-maker ielm evil-collection-eshell eshell em-prompt esh-mode esh-var esh-cmd esh-ext esh-proc esh-opt esh-io esh-arg esh-module esh-module-loaddefs esh-util bookmark-in-project bookmark+ bookmark+-key bookmark+-1 bookmark+-bmu bookmark+-lit babashka parseedn parseclj-parser parseclj-lex parseclj-alist evil-collection-markdown-mode markdown-mode cnfonts burly-tabs burly frameset compile-multi form-feed-st google-this echo-bar fcitx evil-collection-eat eat term/xterm xterm evil-collection-term term ehelp ox-reveal ox-odt rng-loc rng-uri rng-parse rng-match rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok nxml-util ox-latex ox-icalendar org-agenda ox-html table ox-ascii ox-publish ox org-attach org-element org-persist org-id org-refile org-element-ast inline avl-tree htmlize evil-collection-explain-pause-mode explain-pause-mode explain-pause-top explain-pause-log-to-socket evil-collection-profiler profiler weather-metno solar cal-dst url-cache display-wttr kdeconnect crux pest-mode popwin modus-themes blackboard-theme standard-themes nimbus-theme tok-theme danneskjold-theme srcery-theme subatomic256-theme iscroll xml+ evil-textobj-tree-sitter evil-textobj-tree-sitter-thing-at-point evil-textobj-tree-sitter-core tree-sitter tree-sitter-load tree-sitter-cli tsc tsc-dyn tsc-dyn-get dired-aux tsc-obsolete ctable evil-collection-color-rg color-rg line-reminder ov ht fringe-helper solarized-theme solarized solarized-faces sqlup-mode evil-collection-bm bm zen-mode evil-collection-sly sly sly-completion sly-buttons sly-messages sly-common evil-collection-apropos apropos evil-collection-arc-mode arc-mode archive-mode hyperspec sicp base16-theme idea-darkula-theme hybrid-reverse-theme material-theme doom-themes doom-themes-base nyan-mode organic-green-theme inkpot-theme github-dark-vscode-theme almost-mono-themes cyberpunk-theme soothe-theme soothe-tva zenburn-theme mindre-theme kaolin-themes kaolin-themes-lib tron-legacy-theme wildcharm-theme atom-one-dark-theme parchment-theme autothemer visual-fill-column transpose-frame gameoflife evil-collection-docker docker docker-context docker-volume docker-network docker-image docker-container docker-faces docker-core docker-compose docker-process docker-utils docker-group dockerfile-mode emacs-everywhere cus-dir dumb-jump evil-collection-popup popup websocket bindat bing-dict bing-dict-cache hl-todo atom-dark-theme ef-themes uwu-theme vagrant evil-collection-ag ag vc-svn find-dired alarm-clock alert notifications gntp pinentry evil-collection-hackernews hackernews evil-collection-notmuch notmuch notmuch-tree notmuch-jump notmuch-hello notmuch-show notmuch-print notmuch-crypto notmuch-mua notmuch-message notmuch-draft notmuch-maildir-fcc notmuch-address notmuch-company notmuch-parser notmuch-wash coolj goto-addr icalendar diary-lib diary-loaddefs notmuch-tag notmuch-lib notmuch-compat message sendmail yank-media rfc822 mml mailabbrev gmm-utils mm-view mml-smime mml-sec smime gnutls dig mm-decode mm-bodies mm-encode fussy flx affe evil-collection-consult consult clang-format apheleia apheleia-rcs apheleia-dp apheleia-formatters apheleia-utils apheleia-log apheleia-formatter-context vimrc-mode gnuplot olivetti super-save evil-collection-helpful helpful cc-langs trace cl-print evil-collection-edebug edebug evil-collection-debug debug backtrace info-look evil-collection-info info help-fns radix-tree evil-collection-elisp-refs elisp-refs solidity-mode solidity-common evil-collection-git-timemachine git-timemachine web-mode disp-table evil-collection-go-mode go-mode find-file evil-collection-js2-mode js2-mode etags fileloop git-gutter-autoloads zig-mode-autoloads reformatter-autoloads empv-autoloads yasnippet-snippets-autoloads marginalia-autoloads vertico-truncate-autoloads vertico-posframe-autoloads vertico-autoloads lsp-uniteai-autoloads nix-ts-mode-autoloads go-translate-autoloads alert-autoloads gntp-autoloads sdcv-autoloads telega-autoloads tab-line-nerd-icons-autoloads keycast-autoloads rust-mode-autoloads cargo-autoloads toml-autoloads rg-autoloads writeroom-mode-autoloads nov-autoloads esxml-autoloads kv-autoloads ultra-scroll-autoloads pdf-tools-autoloads org-sliced-images-autoloads consult-org-roam-autoloads org-roam-autoloads org-journal-autoloads org-download-autoloads org-modern-autoloads orderless-autoloads mu4e-autoloads cyphejor-autoloads symbol-overlay-autoloads qml-mode-autoloads rfc-mode-autoloads string-inflection-autoloads webpaste-autoloads systemd-autoloads minuet-autoloads pr-review-autoloads forge-autoloads closql-autoloads emacsql-autoloads ghub-autoloads treepy-autoloads lsp-java-autoloads dap-mode-autoloads bui-autoloads lsp-treemacs-autoloads lsp-docker-autoloads yaml-autoloads lsp-pyright-autoloads consult-lsp-autoloads lsp-ui-autoloads lsp-mode-autoloads groovy-mode-autoloads imenu-list-autoloads hungry-delete-autoloads hide-comnt-autoloads minibuffer-header-autoloads gptel-quick-autoloads gptel-autoloads gotest-autoloads fzf-autoloads flycheck-golangci-lint-autoloads flycheck-clj-kondo-autoloads pos-tip-autoloads consult-flycheck-autoloads flycheck-rust-autoloads flycheck-posframe-autoloads flycheck-autoloads evil-anzu-autoloads anzu-autoloads engine-mode-autoloads ement-autoloads taxy-magit-section-autoloads taxy-autoloads embark-consult-autoloads embark-autoloads ellama-autoloads llm-autoloads plz-event-source-autoloads plz-media-type-autoloads plz-autoloads symex-autoloads tree-sitter-autoloads tsc-autoloads lispy-autoloads iedit-autoloads swiper-autoloads ivy-autoloads zoutline-autoloads evil-cleverparens-autoloads smartparens-autoloads combobulate-autoloads combobulate-go combobulate-json combobulate-yaml combobulate-css combobulate-js-ts combobulate-python combobulate-html combobulate-toml combobulate-cursor multiple-cursors mc-separate-operations rectangular-region-mode mc-mark-pop mc-edit-lines mc-hide-unmatched-lines-mode mc-mark-more sgml-mode mc-cycle-cursors multiple-cursors-core combobulate-query savehist evil-collection-scheme scheme combobulate-ui combobulate-display combobulate-ztree combobulate-envelope combobulate-manipulation evil-collection-python python combobulate-procedure combobulate-navigation combobulate-misc combobulate-setup tempo combobulate-interface combobulate-settings combobulate-rules elisp-def-autoloads elfeed-tube-mpv-autoloads elfeed-tube-autoloads elfeed-autoloads eee-autoloads eee dired-git-info-autoloads dired-hacks-autoloads dired-preview-autoloads diredfl-autoloads cmake-mode-autoloads consult-yasnippet-autoloads yasnippet-capf-autoloads yasnippet-autoloads cape-autoloads kind-icon-autoloads svg-lib-autoloads corfu-terminal-autoloads popon-autoloads corfu-autoloads copilot-autoloads copilot-chat-autoloads consult-ls-git-autoloads paredit-autoloads clojure-ts-mode-autoloads cider-autoloads clojure-mode-autoloads queue-autoloads spinner-autoloads sesman-autoloads chatgpt-shell-autoloads shell-maker-autoloads breadcrumb-autoloads bookmark-in-project-autoloads bookmark+-autoloads babashka-autoloads parseedn-autoloads parseclj-autoloads aidermacs-autoloads mediawiki-autoloads markdown-mode-autoloads treemacs-magit-autoloads magit-autoloads with-editor-autoloads nerd-icons-ibuffer-autoloads treemacs-nerd-icons-autoloads treemacs-autoloads pfuture-autoloads cfrs-autoloads cnfonts-autoloads burly-autoloads compile-multi-autoloads form-feed-st-autoloads google-this-autoloads echo-bar-autoloads zoom-autoloads fcitx-autoloads eat-autoloads vterm-autoloads chatgpt-autoloads polymode-autoloads ox-reveal-autoloads htmlize-autoloads wordreference-autoloads explain-pause-mode-autoloads weather-metno-autoloads display-wttr-autoloads kdeconnect-autoloads emms-autoloads crux-autoloads pest-mode-autoloads popwin-autoloads modus-themes-autoloads blackboard-theme-autoloads standard-themes-autoloads nimbus-theme-autoloads tok-theme-autoloads danneskjold-theme-autoloads srcery-theme-autoloads subatomic256-theme-autoloads iscroll-autoloads xml+-autoloads multiple-cursors-autoloads evil-textobj-tree-sitter-autoloads evil-numbers-autoloads ctable-autoloads color-rg-autoloads line-reminder-autoloads fringe-helper-autoloads ov-autoloads solarized-theme-autoloads sqlup-mode-autoloads bm-autoloads zen-mode-autoloads sly-autoloads expand-region-autoloads highlight-defined-autoloads base16-theme-autoloads idea-darkula-theme-autoloads hybrid-reverse-theme-autoloads material-theme-autoloads doom-themes-autoloads nyan-mode-autoloads organic-green-theme-autoloads inkpot-theme-autoloads github-dark-vscode-theme-autoloads almost-mono-themes-autoloads cyberpunk-theme-autoloads soothe-theme-autoloads zenburn-theme-autoloads mindre-theme-autoloads kaolin-themes-autoloads tron-legacy-theme-autoloads wildcharm-theme-autoloads atom-one-dark-theme-autoloads parchment-theme-autoloads autothemer-autoloads visual-fill-column-autoloads transpose-frame-autoloads gameoflife-autoloads docker-autoloads dockerfile-mode-autoloads emacs-everywhere-autoloads cus-dir-autoloads makefile-executor-autoloads dumb-jump-autoloads popup-autoloads bing-dict-autoloads hl-todo-autoloads atom-dark-theme-autoloads ef-themes-autoloads uwu-theme-autoloads vagrant-autoloads ag-autoloads alarm-clock-autoloads pinentry-autoloads hackernews-autoloads notmuch-autoloads fussy-autoloads flx-autoloads affe-autoloads consult-autoloads clang-format-autoloads apheleia-autoloads elisp-autofmt-autoloads vimrc-mode-autoloads mpv-autoloads gnuplot-autoloads mermaid-mode-autoloads atomic-chrome-autoloads websocket-autoloads restore-point-autoloads ace-window-autoloads avy-autoloads olivetti-autoloads super-save-autoloads helpful-autoloads elisp-refs-autoloads solidity-mode-autoloads git-timemachine-autoloads web-mode-autoloads adoc-mode-autoloads go-mode-autoloads js2-mode-autoloads rust-playground-autoloads evil-collection-which-key which-key super-hint-xref super-hint-rg super-hint evil-collection-xref xref evil-collection-rg rg piper ob-shell ob-gnuplot ob-C evil-collection-org org ob ob-tangle ob-ref ob-lob ob-table ob-exp org-macro org-src evil-collection-sh-script sh-script executable ob-comint org-pcomplete org-list org-footnote org-faces org-entities ob-emacs-lisp ob-core ob-eval org-cycle org-table ol org-fold org-fold-core org-keys oc org-loaddefs org-version org-compat org-macs molecule-mode lsp hyperbole hideshow gptel-manual-complete evil-collection-gptel gptel windmove evil-collection-flycheck flycheck erc erc-backend erc-networks erc-common erc-compat erc-loaddefs evil-collection-ediff ediff ediff-merg ediff-mult ediff-wind ediff-diff ediff-help ediff-init ediff-util dired-x consult-ripgrep-all server evil-collection-eww eww vtable mule-util url-queue epa-file evil-collection-epa epa epg rfc6068 epg-config saveplace recentf tree-widget winner edit-list refine loop list-utils evil-collection-leetcode leetcode derived log4e aio mm-url evil-collection-gnus gnus nnheader gnus-util range let-alist prompts file-info browse-at-remote f image-roll evil-collection-image image-mode exif toc-mode rst scratch sql evil-collection-view view persistent-scratch exercism persist async-await iter2 generator promise url-http url-auth mail-parse rfc2231 rfc2047 rfc2045 mm-util ietf-drums mail-prsvr url-gw nsm promise-rejection-tracking promise-finally promise-done promise-es6-extensions promise-core async request mailheader mail-utils a indent-bars evil-collection-outline noutline outline mode-line-bell powerthesaurus jeison dash s evil-collection-ripgrep ripgrep evil-collection-wgrep wgrep evil-collection-grep grep evil-collection-vlf vlf vlf-base vlf-tune gptai ctrlf hl-line nerd-icons-completion nerd-icons nerd-icons-faces nerd-icons-data nerd-icons-data-mdicon nerd-icons-data-flicon nerd-icons-data-codicon nerd-icons-data-devicon nerd-icons-data-sucicon nerd-icons-data-wicon nerd-icons-data-faicon nerd-icons-data-powerline nerd-icons-data-octicon nerd-icons-data-pomicon nerd-icons-data-ipsicon disable-mouse mingus libmpdee evil-collection-mpdel mpdel mpdel-browser libmpdel-directory mpdel-playlist mpdel-tablist mpdel-song mpdel-core navigel evil-collection-bookmark bookmark evil-collection-tablist tablist tablist-filter semantic/wisent/comp semantic/wisent semantic/wisent/wisent semantic/util-modes semantic/util semantic semantic/tag semantic/lex semantic/fw mode-local find-func cedet libmpdel tq time-stamp posframe esup esup-child benchmark ssh-config-mode jq-mode json-mode json-snatcher js c-ts-common treesit evil-collection-imenu imenu cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs evil-collection-yaml-mode yaml-mode toml-mode conf-mode align highlight facemenu nix-mode ffap smie nix-repl nix-shell nix-store evil-collection-magit-section magit-section cursor-sensor llama nix-log nix-instantiate nix-shebang nix-format nix sudo-edit tramp trampver tramp-integration tramp-message tramp-compat shell pcomplete parse-time iso8601 time-date tramp-loaddefs evil-collection-devdocs devdocs mathjax evil-terminal-cursor-changer evil-visualstar evil-commentary evil-commentary-integration evil-collection-evil-mc evil-mc evil-mc-command-execute evil-mc-command-record evil-mc-cursor-make evil-mc-region evil-mc-cursor-state evil-mc-undo evil-mc-vars evil-mc-known-commands evil-mc-common evil-exchange evil-lion evil-args smartscan timeout ess ess-utils ess-custom evil-collection-unimpaired evil-collection-vc-git evil-collection-tabulated-list evil-collection-tab-bar evil-collection-simple evil-collection-replace evil-collection-process-menu evil-collection-package-menu evil-collection-minibuffer evil-collection-man evil-collection-kmacro evil-collection-indent evil-collection-help evil-collection-flymake evil-collection-elisp-mode evil-collection-eldoc evil-collection-elpaca evil-collection-dired evil-collection-diff-mode evil-collection-custom evil-collection-compile evil-collection-comint evil-collection-calendar evil-collection-buff-menu evil-collection annalist sqlite3 sqlite3-api treebundel vc-git diff-mode track-changes files-x git-link dired dired-loaddefs texfrag face-remap shr pixel-fill kinsoku url-file puny svg dom preview latex latex-flymake flymake project compile text-property-search comint ansi-osc tex-ispell tex-style tex dbus xml crm texmathp auctex display-line-numbers elec-pair lisp-mnt package browse-url xdg url-handlers xterm-color edit-list-autoloads refine-autoloads list-utils-autoloads loop-autoloads leetcode-autoloads aio-autoloads log4e-autoloads prompts-autoloads file-info-autoloads hydra-autoloads lv-autoloads browse-at-remote-autoloads image-roll-autoloads saveplace-pdf-view-autoloads pdfgrep-autoloads toc-mode-autoloads scratch-autoloads persistent-scratch-autoloads exercism-autoloads a-autoloads request-autoloads async-autoloads async-await-autoloads promise-autoloads iter2-autoloads persist-autoloads indent-bars-autoloads rainbow-delimiters-autoloads rainbow-mode-autoloads mode-line-bell-autoloads powerthesaurus-autoloads hydra lv jeison-autoloads ripgrep-autoloads wgrep-autoloads vlf-autoloads gptai-autoloads popper-autoloads ctrlf-autoloads nerd-icons-dired-autoloads nerd-icons-completion-autoloads nerd-icons-autoloads disable-mouse-autoloads mingus-autoloads libmpdee-autoloads mpdel-autoloads libmpdel-autoloads navigel-autoloads tablist-autoloads posframe-autoloads esup-autoloads quickrun-autoloads ht-autoloads ssh-config-mode-autoloads jq-mode-autoloads json-mode-autoloads json-snatcher-autoloads yaml-mode-autoloads toml-mode-autoloads highlight-escape-sequences-autoloads highlight-autoloads highlight-numbers-autoloads parent-mode-autoloads nix-mode-autoloads magit-section-autoloads llama-autoloads sudo-edit-autoloads attrap-autoloads f-autoloads dash-autoloads s-autoloads devdocs-autoloads mathjax-autoloads evil-terminal-cursor-changer-autoloads evil-surround-autoloads evil-visualstar-autoloads evil-commentary-autoloads evil-mc-autoloads evil-exchange-autoloads evil-lion-autoloads evil-args-autoloads smartscan-autoloads timeout-autoloads ess-autoloads info-colors-autoloads evil-collection-autoloads annalist-autoloads sqlite3-autoloads treebundel-autoloads git-link-autoloads texfrag-autoloads auctex-autoloads tex-site xterm-color-autoloads ispell man ansi-color autorevert filenotify cal-menu calendar cal-loaddefs advice evil evil-integration evil-maps evil-commands reveal evil-jumps evil-command-window evil-types evil-search evil-ex evil-macros evil-repeat evil-states evil-core comp comp-cstr comp-run comp-common rx evil-common thingatpt rect evil-vars ring undo-fu goto-chg evil-autoloads undo-fu-autoloads goto-chg-autoloads transient pcase format-spec transient-autoloads general memoize sanityinc-tomorrow-bright-theme color-theme-sanityinc-tomorrow color minions compat general-autoloads memoize-autoloads color-theme-sanityinc-tomorrow-autoloads minions-autoloads el-patch-autoloads el-patch el-patch-stub edmacro kmacro vc vc-dispatcher cl-extra help-mode elpaca-use-package use-package use-package-ensure use-package-delight use-package-diminish use-package-bind-key bind-key easy-mmode use-package-core elpaca-use-package-autoloads elpaca-log elpaca-ui elpaca-menu-elpa elpaca-menu-melpa url url-proxy url-privacy url-expand url-methods url-history url-cookie generate-lisp-file url-domsuf url-util url-parse auth-source cl-seq eieio eieio-core cl-macs password-cache json subr-x map byte-opt gv bytecomp byte-compile url-vars mailcap elpaca-menu-org elpaca warnings elpaca-process elpaca-autoloads early-init cus-edit pp cus-load icons wid-edit cl-loaddefs cl-lib rmc iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/pgtk-win pgtk-win term/common-win touch-screen pgtk-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads dbusbind inotify dynamic-setting system-font-setting font-render-setting cairo gtk pgtk lcms2 multi-tty move-toolbar make-network-process tty-child-frames native-compile emacs) Memory information: ((conses 16 2481616 4646933) (symbols 48 135791 2607) (strings 32 664112 282039) (string-bytes 1 20437581) (vectors 16 211082) (vector-slots 8 2492503 1101148) (floats 8 3434 2313) (intervals 56 8122 1991) (buffers 992 34)) -- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 12 09:56:13 2025 Received: (at 76970) by debbugs.gnu.org; 12 Mar 2025 13:56:13 +0000 Received: from localhost ([127.0.0.1]:48433 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsMZA-0000Rl-Jt for submit@debbugs.gnu.org; Wed, 12 Mar 2025 09:56:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52716) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tsMZ8-0000Q5-8Z for 76970@debbugs.gnu.org; Wed, 12 Mar 2025 09:56:10 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tsMZ1-0007Vd-ME; Wed, 12 Mar 2025 09:56:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=5VSxH2N5VJyM3MOgqdB974dg1rrBtAv+JBOkg27xrfg=; b=hZrl/wsyYJPM u9pSK4sMYxfL9qc3HuHCal6WI88AjxZ8UjHCUBTBUIjCpHCbIXLvkZh6TB3aUP/xDQeEv47TsQ4DV Z269Va/XVhipRKwdmVnDXt01bJB1DOQruBaSD8eBTjVHKkiKvNqK95MeTFP5kFyyF2kTOZai+dDQi R1FE4uslPqVmVVBh+RnaoIu7QXgiQZPwDyrB9GqxTTpM40HAupdm8elLD4poPHnJJuyEiGGUgoPx7 zMjso6/+LZdtozkJDhP88sEq8kkODsD6hNE3CrOPhrU3j6TvHToaSOttNpjGOG5joRo/2gNg7bpGp FCa03Biuokq2al0xCc7wgA==; Date: Wed, 12 Mar 2025 15:56:00 +0200 Message-Id: <86y0xa5p5b.fsf@gnu.org> From: Eli Zaretskii To: Eval Exec In-Reply-To: <87zfhr6k9c.fsf@gmail.com> (message from Eval Exec on Wed, 12 Mar 2025 10:43:59 +0800) Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow References: <87zfhr6k9c.fsf@gmail.com> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Eval Exec > Date: Wed, 12 Mar 2025 10:43:59 +0800 > > > Hello, I got a master branch emacs crash: > > (gdb) bt full > #0 0x000000000055979e in stack_overflow (siginfo=0x85d1b0 ) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1895 > addr = 0x70 > bot = > top = > LG_STACK_HEURISTIC = LG_STACK_HEURISTIC > #1 handle_sigsegv (sig=11, siginfo=0x85d1b0 , arg=) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1930 > fatal = false > #2 > No symbol table info available. > #3 backtrace_top () at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/eval.c:174 > pdl = > pdl = > #4 backtrace_top_function () at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/eval.c:4270 > pdl = > pdl = > #5 add_sample (count=1, plog=) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/profiler.c:328 > No locals. > #6 handle_profiler_signal (signal=27) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/profiler.c:380 > count = 1 > count = > overruns = > #7 deliver_process_signal (handler=, sig=27) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1751 > old_errno = 1 > on_main_thread = true > old_errno = > on_main_thread = > blocked = > #8 deliver_profiler_signal (signal=27) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/profiler.c:386 > No locals. > Backtrace stopped: Cannot access memory at address 0x7ffe5c5f2678 > You can't do that without a process to debug. > (gdb) Is this the main thread ("thread 1"), or some other thread? What does "info threads" say? Would it be possible for you to run Emacs under GDB at all times? That would allow to do more when Emacs crashes, because some things GDB cannot do when all it has is the core file, as opposed to a live process. E.g., the above backtrace doesn't give a clue what caused stack overflow, because it shows too few stack frames. Any idea what Emacs was doing when this happened? From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 12 10:00:29 2025 Received: (at 76970) by debbugs.gnu.org; 12 Mar 2025 14:00:29 +0000 Received: from localhost ([127.0.0.1]:51040 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsMdI-0001H9-NE for submit@debbugs.gnu.org; Wed, 12 Mar 2025 10:00:29 -0400 Received: from mail-oo1-xc43.google.com ([2607:f8b0:4864:20::c43]:54689) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1tsMdG-0001C7-1U for 76970@debbugs.gnu.org; Wed, 12 Mar 2025 10:00:26 -0400 Received: by mail-oo1-xc43.google.com with SMTP id 006d021491bc7-5fea43da18aso1620050eaf.1 for <76970@debbugs.gnu.org>; Wed, 12 Mar 2025 07:00:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741788019; x=1742392819; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=34aeN7QlvosMjxuP2QuIQ4OYCUSrgzYB6UEcapaGmJ0=; b=cdnKNOBL0tBBQ9CHAHDaQ9uKFOpnr0ounjGnk3qirTh7rcUcaMuPVQWwh5pQyQ409V Ii86E8Kg86guLRN7We9X+IAGKb9kdo9Zr1HXhvPM4KHIIlf7r+j0onCfsVLohAiH3UVa 3etWllrrvAxPYFP5keesqP6KwtWreqpltRNp1beGAW3s8b8/sm1E8yEAwFmAxHqys0Iz yktJlx3YBPD2oYiyiSxiwbKYzwtRfAQqZBZAi1XErRRB8F82RouTFtYdgk/mNRRdbU9p XoJ7psp+7MeLaFRes6txlxmBV1WvbC5Y24TF7kFVdoUKBaUQwwHNgU8LxA32BzV/z55R ZBjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741788019; x=1742392819; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=34aeN7QlvosMjxuP2QuIQ4OYCUSrgzYB6UEcapaGmJ0=; b=EtJVQk7WVFZpLDk7BwHLWnNy5T3lSXFDbrh30E1rpTSjQM4sE6nlpmfBhkXVKvLZTQ Ki2bVsD8c98wdKSUPdfB5kNpI2bdBPPm4f6rS/IuSzEC9cWyaFVPB/XWxSVig3Bmq9dx 3fyAQ1AEg5e+SJvmmYGK8b3/UE2d9gZ4Z+m5+M/0mjQZsWi2EIHkKJJPA3v6XvQf2Vpl 5HFsjX4Y2GUA5e7ftDWyO39TSHH7gLeHups6xI8h1NOwAwvc+HcgEBxgBkkxez5Te5Pa JRyWP3UlbXonEKmSwBsmm3AaLRHpMXUjsEvGMtwGyRyF1afCQCB8cLb+UkvhOG+bNMi6 ViNw== X-Gm-Message-State: AOJu0YxoyKd013i4yHfJ4x/CoH7NKf3tBs/luA86fAPPGvYd1RiCC6y2 lBleGFEcryeBKOtboKBNIwkFxTiaC9qBvip1eMTViWJ1w8auFNf6rimbMDQwlyhv39cpVe3d3n9 Ylx8wkPigLw+9IsXTcaEE5rKINIMI+1zxsBZd+Q== X-Gm-Gg: ASbGncv6DPvQjqI1WWlm5sqjc823nRQM9LHbgZUF4X540qezljRp2VM1VBwj6j64sXI C71xNFcNgtxHJXaN2HiOUi99k4ZtbEKlQAvdnYtFd01XtIk64bRJbNzURtEzJWPM9/4sQO3Fsze 6eyZBiKZ4IjuM8EQh4OjuV2UmvpAU= X-Google-Smtp-Source: AGHT+IFE+UixgUIt3dyePydcle0brwkVYACMvz2fRQ4gJmqFEEpBiVh+mOm7Ewh0ZElzht9UjTnI0T3jmkHaldYGuOg= X-Received: by 2002:a05:6808:1a0a:b0:3fa:351:c191 with SMTP id 5614622812f47-3fa0351c547mr4925294b6e.20.1741788018437; Wed, 12 Mar 2025 07:00:18 -0700 (PDT) MIME-Version: 1.0 References: <87zfhr6k9c.fsf@gmail.com> <86y0xa5p5b.fsf@gnu.org> In-Reply-To: <86y0xa5p5b.fsf@gnu.org> From: Eval Exec Date: Wed, 12 Mar 2025 22:00:06 +0800 X-Gm-Features: AQ5f1JqZMldVYedGzbFex2P2pEvtlVsvhSwB9Famww6oL5RfglOjj1UR7yqj9io Message-ID: Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow To: Eli Zaretskii Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) > Would it be possible for you to run Emacs under GDB at all times? it's possible. > Any idea what Emacs was doing when this happened? I forget, maybe I'm doing `(profiler-start)` that times? I'm not sure. On Wed, Mar 12, 2025 at 9:56=E2=80=AFPM Eli Zaretskii wrote: > > > From: Eval Exec > > Date: Wed, 12 Mar 2025 10:43:59 +0800 > > > > > > Hello, I got a master branch emacs crash: > > > > (gdb) bt full > > #0 0x000000000055979e in stack_overflow (siginfo=3D0x85d1b0 ) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysd= ep.c:1895 > > addr =3D 0x70 > > bot =3D > > top =3D > > LG_STACK_HEURISTIC =3D LG_STACK_HEURISTIC > > #1 handle_sigsegv (sig=3D11, siginfo=3D0x85d1b0 ,= arg=3D) at /home/exec/Projects/git.savannah.gnu.org/git/ema= cs/src/sysdep.c:1930 > > fatal =3D false > > #2 > > No symbol table info available. > > #3 backtrace_top () at /home/exec/Projects/git.savannah.gnu.org/git/em= acs/src/eval.c:174 > > pdl =3D > > pdl =3D > > #4 backtrace_top_function () at /home/exec/Projects/git.savannah.gnu.o= rg/git/emacs/src/eval.c:4270 > > pdl =3D > > pdl =3D > > #5 add_sample (count=3D1, plog=3D) at /home/exec/Projec= ts/git.savannah.gnu.org/git/emacs/src/profiler.c:328 > > No locals. > > #6 handle_profiler_signal (signal=3D27) at /home/exec/Projects/git.sav= annah.gnu.org/git/emacs/src/profiler.c:380 > > count =3D 1 > > count =3D > > overruns =3D > > #7 deliver_process_signal (handler=3D, sig=3D27) at /ho= me/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1751 > > old_errno =3D 1 > > on_main_thread =3D true > > old_errno =3D > > on_main_thread =3D > > blocked =3D > > #8 deliver_profiler_signal (signal=3D27) at /home/exec/Projects/git.sa= vannah.gnu.org/git/emacs/src/profiler.c:386 > > No locals. > > Backtrace stopped: Cannot access memory at address 0x7ffe5c5f2678 > > You can't do that without a process to debug. > > (gdb) > > Is this the main thread ("thread 1"), or some other thread? What does > "info threads" say? > > Would it be possible for you to run Emacs under GDB at all times? > That would allow to do more when Emacs crashes, because some things > GDB cannot do when all it has is the core file, as opposed to a live > process. E.g., the above backtrace doesn't give a clue what caused > stack overflow, because it shows too few stack frames. > > Any idea what Emacs was doing when this happened? From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 12 11:27:11 2025 Received: (at 76970) by debbugs.gnu.org; 12 Mar 2025 15:27:11 +0000 Received: from localhost ([127.0.0.1]:51298 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsNzD-00058A-Dm for submit@debbugs.gnu.org; Wed, 12 Mar 2025 11:27:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58334) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tsNzB-00057x-5C for 76970@debbugs.gnu.org; Wed, 12 Mar 2025 11:27:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tsNz5-0001NW-Os; Wed, 12 Mar 2025 11:27:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=QENkE0BhdsCVLLbnibxNklgSDw9JzrFXaM9KBgCS38M=; b=DCG3t2VP8aXw UwmmGtm/FDrHgR3MylEnERJiM1vOl1bZCSdkZ8pzwHEvF86J7heWCT0Hc46jsUmihVWeqOFUxctI0 FB8DVqwhKDMm2KwtS6WXDnpM6g905TJ9xTd6JB3nXNPpzaUuBfhqxc3Cz4KRdZmjzJkGNe5L6mwPT Q9P5uWJ9tzeUcohmAF4UoHRFd27oNEfJQ9K+jIpHoKh/bmowvBezCBo06v1KnjmBL6BOSdnlPUEoK 6JJch+v2g5qxpAv4XsTg7v1A5HPhKlqVm7ETsLZ0lJoUIi15p+kHZmRQMOktb+sy7hoImMzv4QmxM yjsALfg8B06cMh0smWmuTw==; Date: Wed, 12 Mar 2025 17:26:59 +0200 Message-Id: <868qpa5kxo.fsf@gnu.org> From: Eli Zaretskii To: Eval Exec In-Reply-To: (message from Eval Exec on Wed, 12 Mar 2025 22:00:06 +0800) Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow References: <87zfhr6k9c.fsf@gmail.com> <86y0xa5p5b.fsf@gnu.org> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Eval Exec > Date: Wed, 12 Mar 2025 22:00:06 +0800 > Cc: 76970@debbugs.gnu.org > > > Would it be possible for you to run Emacs under GDB at all times? > > it's possible. Then please consider doing this. > > Any idea what Emacs was doing when this happened? > > I forget, maybe I'm doing `(profiler-start)` that times? I'm not sure. Then I'm completely stomped how could that cause stack overflow. From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 12 12:22:09 2025 Received: (at 76970) by debbugs.gnu.org; 12 Mar 2025 16:22:09 +0000 Received: from localhost ([127.0.0.1]:51372 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsOqP-0007cc-FS for submit@debbugs.gnu.org; Wed, 12 Mar 2025 12:22:09 -0400 Received: from mail-40133.protonmail.ch ([185.70.40.133]:46897) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tsOqM-0007bz-CZ for 76970@debbugs.gnu.org; Wed, 12 Mar 2025 12:22:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1741796518; x=1742055718; bh=OIzqbQPWiBIRK1yL8R+s4DWOAmsB2Mk8UWdxMEqdFhA=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=BjWnf9AoAP4JX5VVRKsRcIjPIoHkDpLJZo2k7+LkZ8b72cy7n9saRxJ8eLs7HdmF6 +mtrbYYju5iCVGKQCf0xB/kuFil2+UUyeGRfv0sR1CmeyezPrE9lOOtoQq9XEWXac8 nfJ0BY+kcctECkf8rXvTA837Bb7v5G26OUn0wfIZ86g+Muj2GV23uOL1G5isTGAUHB bUFs/egeHH8B9HvxJoSnQUFo8dYoeqzXebduY1iDil6wQhRLQVb5i1g4iX0Eb1GpVw VXUBapbBoLVzwmcxg/IB++CeN+ICYk7eV+kHZjgrOTAmmDip0PpYER8z4ABV8coR4p 2Mv79yP6JYppg== Date: Wed, 12 Mar 2025 16:21:52 +0000 To: Eli Zaretskii From: Pip Cet Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow Message-ID: <87y0xafcef.fsf@protonmail.com> In-Reply-To: <86y0xa5p5b.fsf@gnu.org> References: <87zfhr6k9c.fsf@gmail.com> <86y0xa5p5b.fsf@gnu.org> Feedback-ID: 112775352:user:proton X-Pm-Message-ID: 8b1be4287a6399afc8e1eac30fdcb2fb48c2acc8 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org, Eval Exec X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "Eli Zaretskii" writes: >> From: Eval Exec >> Date: Wed, 12 Mar 2025 10:43:59 +0800 >> >> >> Hello, I got a master branch emacs crash: >> >> (gdb) bt full >> #0 0x000000000055979e in stack_overflow (siginfo=3D0x85d1b0 ) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysde= p.c:1895 >> addr =3D 0x70 >> bot =3D >> top =3D >> LG_STACK_HEURISTIC =3D LG_STACK_HEURISTIC >> #1 handle_sigsegv (sig=3D11, siginfo=3D0x85d1b0 , >> arg=3D) at >> /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1930 >> fatal =3D false >> #2 >> No symbol table info available. >> #3 backtrace_top () at /home/exec/Projects/git.savannah.gnu.org/git/ema= cs/src/eval.c:174 >> pdl =3D >> pdl =3D That looks like current_thread was NULL, and there was no stack overflow at all. It looks like this can happen when running several Lisp threads while profiling is in use, but it's not trivial to trigger. Pip From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 18 00:04:44 2025 Received: (at 76970) by debbugs.gnu.org; 18 Mar 2025 04:04:45 +0000 Received: from localhost ([127.0.0.1]:34560 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuOC3-0004m6-Be for submit@debbugs.gnu.org; Tue, 18 Mar 2025 00:04:44 -0400 Received: from mail-ot1-x342.google.com ([2607:f8b0:4864:20::342]:48155) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1tuOBz-0004kb-LK for 76970@debbugs.gnu.org; Tue, 18 Mar 2025 00:04:41 -0400 Received: by mail-ot1-x342.google.com with SMTP id 46e09a7af769-72a0a9cb29fso3012243a34.0 for <76970@debbugs.gnu.org>; Mon, 17 Mar 2025 21:04:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742270674; x=1742875474; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=PuAP774HBibacFq4ojafiT6m8esLGxMi0MYodM8RWpQ=; b=A0m9ekNrkZ8BbElPveo02sMDBMMRfpnOIV+JTe3lR9Dxg8EkgDzlrULTeWdBc+E3qP l0lj1HsaLCz9dfUeU7EowceIL7QpkB9hPoPR5JBkyzx51lB2cACmnkzX4QJDP6+wdrrp BUJFZXW93+WqX56Q0ebgSDojZVixrEhZ0ByxesTz22x3dHWu7rqevcDbzwUlQh3wjQ1l z65PHHYy92EwBLNu2rga+3XIy9OG7Zd7nRasRxC6tHvatWowaP4CYgIXVqf25F77eE+S sne1vkcgi4zLHMfUIf2ou/ofFKHhfZ3xq0O9OowDCtqW+WaHNKIf/jVhErug10xoIrYn 8J+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742270674; x=1742875474; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PuAP774HBibacFq4ojafiT6m8esLGxMi0MYodM8RWpQ=; b=OQfuCsakApZWtrdDI/vSDFhWV8l96csqRjM/R0mlO9n0CmjLUX5lSgc9gXnrqSJtu5 7TNFmwktCtotyNYbfIkbSezOTbIkJx6UUgyrJgzTmgsx6ZF58BE+4P0cKjuCsNQvmrGt 4jvRD+zFf3orxgZCOsEfRXKJ7aNXoOn6NoJG1E4xNdLoJzrT2DybVj9IXFKJZT0Ytelf 17ET4WJSPw8GA3rfcCIbI9n4pdZWxU+y4C84qjSiz74Cea/8qSeaIE5p8B3uCekSWCxp H2LHA6h/eCtr6wz2AjH1bsb0a4/tLHynhfo/vUt75zIvd5mcebo+nDnaw2Ihe0WmUKf7 Md5w== X-Forwarded-Encrypted: i=1; AJvYcCVE0RK+NZMTM9rRy9OqABfL4e9EwIWAeEfewXPk4yJJXFNjxEOOKLkG33EItylYHF8DYrajbQ==@debbugs.gnu.org X-Gm-Message-State: AOJu0YxigetyioiE4dW61DanCrE0d24+ZIYz+ihqKYXFNhWRxJ3a9WDs lbbpGpel2ZL49tGx9hGNbo0LJZZc1LWRPHC+YW0NB2hm4Yp18ngP+KG9RmfvwoTr8haLTRFRaXH kElRZay63o3PBP116BmeB7xccmcPyvJnYubQ= X-Gm-Gg: ASbGnctOPL+SDZlsfLFnFncdoPBl4djJZRyitAk54ULUiJVlW5QBPOPJn+Zj5qNLPXJ JvVvRgwsa2zqsILcd0LjAKw9KovITjypTe4Fd8a0nw3EtfBrwaGhPGgJS5ASzH5EyUN+9769G+B p+/vQc90xq+WWpNz68D/IwzkE5E/s= X-Google-Smtp-Source: AGHT+IEKYwoeK+fHGTLgDojOHY/mpxo6yoiTOmF6WuCy30sWAJBxeT8wa0F3H576FyBS8RTWwvIfs8IRSQC1p/Rumfk= X-Received: by 2002:a05:6830:d03:b0:72b:a465:d93c with SMTP id 46e09a7af769-72bee6842f9mr1478303a34.20.1742270673668; Mon, 17 Mar 2025 21:04:33 -0700 (PDT) MIME-Version: 1.0 References: <87zfhr6k9c.fsf@gmail.com> <86y0xa5p5b.fsf@gnu.org> <87y0xafcef.fsf@protonmail.com> In-Reply-To: <87y0xafcef.fsf@protonmail.com> From: Eval Exec Date: Tue, 18 Mar 2025 12:04:22 +0800 X-Gm-Features: AQ5f1JpKrutgC5UuQqnTqX7do5-_U7dzGtLdYfygUcfAmLbGQ81jdQvLEs2RoV8 Message-ID: Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow To: Pip Cet Content-Type: multipart/alternative; boundary="0000000000009b53d60630960054" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76970 Cc: Eli Zaretskii , 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --0000000000009b53d60630960054 Content-Type: text/plain; charset="UTF-8" Hello, Pip ,could you please merge master into feature/igc branch again? Thank you. On Thu, Mar 13, 2025, 00:22 Pip Cet wrote: > "Eli Zaretskii" writes: > > >> From: Eval Exec > >> Date: Wed, 12 Mar 2025 10:43:59 +0800 > >> > >> > >> Hello, I got a master branch emacs crash: > >> > >> (gdb) bt full > >> #0 0x000000000055979e in stack_overflow (siginfo=0x85d1b0 > ) at /home/exec/Projects/ > git.savannah.gnu.org/git/emacs/src/sysdep.c:1895 > >> addr = 0x70 > >> bot = > >> top = > >> LG_STACK_HEURISTIC = LG_STACK_HEURISTIC > >> #1 handle_sigsegv (sig=11, siginfo=0x85d1b0 , > >> arg=) at > >> /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1930 > >> fatal = false > >> #2 > >> No symbol table info available. > >> #3 backtrace_top () at /home/exec/Projects/ > git.savannah.gnu.org/git/emacs/src/eval.c:174 > >> pdl = > >> pdl = > > That looks like current_thread was NULL, and there was no stack overflow > at all. It looks like this can happen when running several Lisp > threads while profiling is in use, but it's not trivial to trigger. > > Pip > > --0000000000009b53d60630960054 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello, Pip ,could you please merge master into feature/ig= c branch again? Thank you.

On Thu, Mar 13, 2025, 00:22= Pip Cet <pipcet@protonmail.com= > wrote:
"Eli Zaretskii= " <eliz@gnu.org> writes:

>> From: Eval Exec <execvy@gmail.com>
>> Date: Wed, 12 Mar 2025 10:43:59 +0800
>>
>>
>> Hello, I got a master branch emacs crash:
>>
>> (gdb) bt full
>> #0=C2=A0 0x000000000055979e in stack_overflow (siginfo=3D0x85d1b0 = <sigsegv_stack+62640>) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1895
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0addr =3D 0x70 <error: Cannot a= ccess memory at address 0x70>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0bot =3D <optimized out>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0top =3D <optimized out>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0LG_STACK_HEURISTIC =3D LG_STACK_H= EURISTIC
>> #1 handle_sigsegv (sig=3D11, siginfo=3D0x85d1b0 <sigsegv_stack+= 62640>,
>> arg=3D<optimized out>) at
>> /home/exec/Projects/git.s= avannah.gnu.org/git/emacs/src/sysdep.c:1930
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0fatal =3D false
>> #2=C2=A0 <signal handler called>
>> No symbol table info available.
>> #3=C2=A0 backtrace_top () at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/eval.c:174
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0pdl =3D <optimized out>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0pdl =3D <optimized out>

That looks like current_thread was NULL, and there was no stack overflow at all.=C2=A0 It looks like this can happen when running several Lisp
threads while profiling is in use, but it's not trivial to trigger.

Pip

--0000000000009b53d60630960054-- From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 17 18:38:37 2025 Received: (at 76970) by debbugs.gnu.org; 17 Jun 2025 22:38:38 +0000 Received: from localhost ([127.0.0.1]:37129 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uRewu-0008QU-SP for submit@debbugs.gnu.org; Tue, 17 Jun 2025 18:38:37 -0400 Received: from mxout5.mail.janestreet.com ([64.215.233.18]:52285) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uRewq-0008PZ-DX for 76970@debbugs.gnu.org; Tue, 17 Jun 2025 18:38:33 -0400 From: Aaron Zeng To: 76970@debbugs.gnu.org Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow Date: Tue, 17 Jun 2025 18:38:26 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=janestreet.com; s=waixah; t=1750199906; bh=cTXZvvYgVvECYaUtfmifQHyt0ti7+vGNzXFMNpiPpGs=; h=From:To:Cc:Subject:Date; b=Iu9uDOaC9QWvGozsFwJ6hjDvBPNI8eK+np1dPsHRWvg1/bReZNT+F4j9yv03Se4Sa S+aKe8a9bfwdFfsu0wIDD/eVVZNDnWvd4LWd3vry3i8EHSYBYu8L2SEJGQIF+Dq3cg xlQQcxzF/JRc/mqKHGlIriQlbz4lLLl9s9kclj56QDDvmNBIgKUqoEKyDGoC27q9ep HU1ytDS84mv4n1icXThVFeHE6je/SkQSh3c8e1VD0Mp3GqTwuvIv06azioTFmq4RkJ /0YGHpW3rR27qdoJuArQ+J+3w+kGGnCzMOn6uje5ahIIVg7kMSoS1Q4xp0StotZBCY gVwzTMcYhfQVQ== X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: app-emacs-dev@janestreet.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) I'd like to report that users at my site have seen this crash occur quite a few times recently, although not necessarily ending in a stack_overflow() frame (instead usually ending in backtrace_top()). For us, we believe the incidence was increased by enabling global-diff-hl-mode (with diff-hl-update-async set to t, so that it uses threads). If the Lisp profiler is running and SIGPROF happens to be delivered while current_thread is NULL, then the following code in backtrace_top will cause a segfault: union specbinding * backtrace_top (void) { /* This is so "xbacktrace" doesn't crash in pdumped Emacs if they invoke the command before init_eval_once_for_pdumper initializes specpdl machinery. See also backtrace_p above. */ if (!specpdl) /* HERE!!! */ return NULL; add_sample (profiler.c) is called from a signal handler and therefore needs to be robust in the case where a thread has just died and there is no current thread, so it cannot blindly read specpdl. Here is a full backtrace that I managed to reproduce once. Emacs was built at commit 31bac0d68c08f3f2fb03fa6ded17b771b168353e. Unfortunately, getting a completely reliable reproduction has proved tricky. emacs -Q M-x package-initialize M-: (setopt diff-hl-update-async t) M-x global-diff-hl-mode ... and then visiting some files under version control (gdb) bt full #0 0x00000000005564f7 in stack_overflow (siginfo=3D0xcbeb30 ) at sysdep.c:1902 addr =3D 0x70 bot =3D top =3D fatal =3D false #1 0x00000000005564f7 in handle_sigsegv (sig=3D11, siginfo=3D0xcbeb30 , arg=3D) at sysdep.c:1937 fatal =3D false #2 0x00007fbda4812970 in () at /lib64/libpthread.s= o.0 #3 0x00000000005c3f27 in backtrace_top () at eval.c:4294 pdl =3D pdl =3D #4 0x00000000005c3f27 in backtrace_top_function () at eval.c:4294 pdl =3D #5 0x000000000063a0da in add_sample (plog=3D0xcdf060 , count=3D1436) = at lisp.h:1192 #6 0x0000000000557604 in deliver_process_signal (sig=3D27, handler=3D0x63a= 440 ) at sysdep.c:1758 old_errno =3D 11 on_main_thread =3D true #7 0x00007fbda4812970 in () at /lib64/libpthread.s= o.0 #8 0x00007fbda481154a in __lll_unlock_wake () at /lib64/libpthread.so.0 #9 0x00007fbda480c2e6 in __pthread_mutex_unlock_usercnt () at /lib64/libpt= hread.so.0 #10 0x000000000063af2f in release_global_lock () at thread.c:621 sa =3D 0x7ffc6645abd0 self =3D 0xc76300 oldset =3D {__val =3D {0, 0, 843691369, 843691368, 843691369, 84369= 1368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 13385744}} #11 0x000000000063af2f in really_call_select (arg=3D0x7ffc6645abd0) at thre= ad.c:621 sa =3D 0x7ffc6645abd0 self =3D 0xc76300 oldset =3D {__val =3D {0, 0, 843691369, 843691368, 843691369, 84369= 1368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 13385744}} #12 0x000000000063bb1e in flush_stack_call_func (arg=3D0x7ffc6645abd0, func= =3D0x63af00 ) at lisp.h:4509 sa =3D=20 {func =3D 0x419450 , max_fds =3D 16, rfds =3D 0x7ffc= 6645acc0, wfds =3D 0x7ffc6645ad40, efds =3D 0x0, timeout =3D 0x7ffc6645b2d0= , sigmask =3D 0x0, result =3D -1756783244} #13 0x000000000063bb1e in thread_select (func=3D, max_fds=3Dmax_fds@entry=3D16, rfds=3Drfds@entr= y=3D0x7ffc6645acc0, wfds=3Dwfds@entry=3D0x7ffc6645ad40, efds=3Defds@entry= =3D0x0, timeout=3Dtimeout@entry=3D0x7ffc6645b2d0, sigmask=3D0x0) at thread.= c:656 sa =3D=20 {func =3D 0x419450 , max_fds =3D 16, rfds =3D 0x7ffc= 6645acc0, wfds =3D 0x7ffc6645ad40, efds =3D 0x0, timeout =3D 0x7ffc6645b2d0= , sigmask =3D 0x0, result =3D -1756783244} #14 0x00000000006687ae in xg_select (fds_lim=3D16, rfds=3Drfds@entry=3D0x7ffc6645b440, wfds=3Dwfds@entry=3D= 0x7ffc6645b4c0, efds=3Defds@entry=3D0x0, timeout=3Dtimeout@entry=3D0x7ffc66= 45b2d0, sigmask=3Dsigmask@entry=3D0x0) at xgselect.c:184 all_rfds =3D {fds_bits =3D {32872, 0 }} all_wfds =3D {fds_bits =3D {0 }} tmo =3D {tv_sec =3D 843691368, tv_nsec =3D 0} tmop =3D 0x7ffc6645b2d0 context =3D 0x30c3c7c0 have_wfds =3D gfds_buf =3D=20 {{fd =3D 6, events =3D 1, revents =3D 0}, {fd =3D 20, events = =3D 0, revents =3D 0}, {fd =3D 838180836, events =3D 0, revents =3D 0}, {fd= =3D 1, events =3D 0, revents =3D 0}, {fd =3D 0, events =3D 0, revents =3D = 0}, {fd =3D 0, events =3D 0, revents =3D 0}, {fd =3D 0, events =3D 0, reven= ts =3D 0}, {fd =3D 0, events =3D 0, revents =3D 0}, {fd =3D 1, events =3D 0= , revents =3D 0}, {fd =3D 843421012, events =3D 0, revents =3D 0}, {fd =3D = 28, events =3D 0, revents =3D 0}, {fd =3D 1715839064, events =3D 32764, rev= ents =3D 0}, {fd =3D 6398880, events =3D 0, revents =3D 0}, {fd =3D 1715839= 040, events =3D 32764, revents =3D 0}, {fd =3D 0, events =3D 0, revents =3D= 0}, {fd =3D 0, events =3D 0, revents =3D 0}, {fd =3D 837799222, events =3D= 0, revents =3D 0}, {fd =3D 0, events =3D 0, revents =3D 0}, {fd =3D 838180= 836, events =3D 0, revents =3D 0}, {fd =3D -1547505218, events =3D 32701, r= events =3D 0}, {fd =3D 838180836, events =3D 0, revents =3D 0}, {fd =3D 0, = events =3D 42256, revents =3D 59604}, {fd =3D 1715843008, events =3D 32764,= revents =3D 0}, {fd =3D 838931840, events =3D 0, revents =3D 0}, {fd =3D -= 40, events =3D 0, revents =3D 0}, {fd =3D 1, events =3D 0, revents =3D 0}, = {fd =3D 1715842976, events =3D 32764, revents =3D 0}, {fd =3D 2, events =3D= 0, revents =3D 0}, {fd =3D 1715843168, events =3D 32764, revents =3D 0}, {= fd =3D -1547358463, events =3D 32701, revents =3D 0}, {fd =3D 13385680, eve= nts =3D 0, revents =3D 0}, {fd =3D 13385744, events =3D 0, revents =3D 0}, = {fd =3D 0, events =3D 0, revents =3D 0}, {fd =3D 838180808, events =3D 0, r= events =3D 0}, {fd =3D 2, events =3D 0, revents =3D 0}, {fd =3D 1715842936,= events =3D 32764, revents =3D 0}, {fd =3D 0, events =3D 0, revents =3D 0},= {fd =3D 800, events =3D 0, revents =3D 0}, {fd =3D 2, events =3D 0, revent= s =3D 0}, {fd =3D 1715842928, events =3D 32764, revents =3D 0}, {fd =3D 171= 5842936, events =3D 32764, revents =3D 0}, {fd =3D 31536, events =3D 0, rev= ents =3D 0}, {fd =3D 800, events =3D 0, revents =3D 0}, {fd =3D 6023312, ev= ents =3D 0, revents =3D 0}, {fd =3D 1, events =3D 0, revents =3D 0}, {fd = =3D 0, events =3D 0, revents =3D 0}, {fd =3D 1715843168, events =3D 32764, = revents =3D 0}, {fd =3D 838931840, events =3D 0, revents =3D 0}, {fd =3D 83= 5827600, events =3D 0, revents =3D 0}, {fd =3D -1419453425, events =3D 3270= 1, revents =3D 0}, {fd --Type for more, q to quit, c to continue with= out paging--c =3D 20, events =3D 0, revents =3D 0}, {fd =3D 13397248, events =3D 0, reven= ts =3D 0}, {fd =3D 843393045, events =3D 0, revents =3D 0}, {fd =3D -900935= 680, events =3D 56540, revents =3D 24937}, {fd =3D 31536, events =3D 0, rev= ents =3D 0}, {fd =3D 1, events =3D 0, revents =3D 0}, {fd =3D 2, events =3D= 0, revents =3D 0}, {fd =3D 1715843168, events =3D 32764, revents =3D 0}, {= fd =3D 13831584, events =3D 0, revents =3D 0}, {fd =3D 1715843216, events = =3D 32764, revents =3D 0}, {fd =3D 1715843152, events =3D 32764, revents = =3D 0}, {fd =3D -1547525380, events =3D 32701, revents =3D 0}, {fd =3D 1, e= vents =3D 0, revents =3D 0}, {fd =3D -1547524967, events =3D 32701, revents= =3D 0}, {fd =3D -1143734272, events =3D 13752, revents =3D 50873}, {fd =3D= 6, events =3D 0, revents =3D 0}, {fd =3D 48, events =3D 0, revents =3D 0},= {fd =3D 4511648, events =3D 0, revents =3D 0}, {fd =3D 2, events =3D 0, re= vents =3D 0}, {fd =3D 836797584, events =3D 0, revents =3D 0}, {fd =3D 2, e= vents =3D 0, revents =3D 0}, {fd =3D 2, events =3D 0, revents =3D 0}, {fd = =3D 1, events =3D 2, revents =3D 0}, {fd =3D 838931840, events =3D 0, reven= ts =3D 0}, {fd =3D 0, events =3D 0, revents =3D 0}, {fd =3D -900935680, eve= nts =3D 56540, revents =3D 24937}, {fd =3D 0, events =3D 0, revents =3D 0},= {fd =3D 13831584, events =3D 0, revents =3D 0}, {fd =3D 2, events =3D 0, r= events =3D 0}, {fd =3D 1, events =3D 0, revents =3D 0}, {fd =3D 13831584, e= vents =3D 0, revents =3D 0}, {fd =3D -1547505218, events =3D 32701, revents= =3D 0}, {fd =3D 1715843280, events =3D 32764, revents =3D 0}, {fd =3D 0, e= vents =3D 10240, revents =3D 61035}, {fd =3D 838931840, events =3D 0, reven= ts =3D 0}, {fd =3D 838931832, events =3D 0, revents =3D 0}, {fd =3D -30, ev= ents =3D 0, revents =3D 0}, {fd =3D 1, events =3D 0, revents =3D 0}, {fd = =3D 1, events =3D 0, revents =3D 0}, {fd =3D 13831584, events =3D 0, revent= s =3D 0}, {fd =3D 838931840, events =3D 0, revents =3D 0}, {fd =3D -1547572= 342, events =3D 32701, revents =3D 0}, {fd =3D 838468288, events =3D 0, rev= ents =3D 0}, {fd =3D -727379968, events =3D 232, revents =3D 0}, {fd =3D 81= 8666165, events =3D 0, revents =3D 0}, {fd =3D 5612100, events =3D 0, reven= ts =3D 0}, {fd =3D 125000000, events =3D 0, revents =3D 0}, {fd =3D 8186661= 65, events =3D 0, revents =3D 0}, {fd =3D 52961, events =3D 0, revents =3D = 0}, {fd =3D 6444207, events =3D 0, revents =3D 0}, {fd =3D 0, events =3D 0,= revents =3D 0}, {fd =3D 0, events =3D 0, revents =3D 0}, {fd =3D 171584345= 6, events =3D 32764, revents =3D 0}, {fd =3D 6450379, events =3D 0, revents= =3D 0}, {fd =3D 1783793666, events =3D 116, revents =3D 0}, {fd =3D 138544= 7426, events =3D 931, revents =3D 0}, {fd =3D 837309808, events =3D 0, reve= nts =3D 0}, {fd =3D 5510319, events =3D 0, revents =3D 0}, {fd =3D 10569646= 08, events =3D 0, revents =3D 16384}, {fd =3D 5946044, events =3D 65281, re= vents =3D 65535}, {fd =3D -1778304512, events =3D 32701, revents =3D 0}, {f= d =3D 0, events =3D 0, revents =3D 0}, {fd =3D 0, events =3D 0, revents =3D= 0}, {fd =3D 1750195774, events =3D 0, revents =3D 0}, {fd =3D 219655029, e= vents =3D 0, revents =3D 0}, {fd =3D 0, events =3D 0, revents =3D 0}, {fd = =3D 837309811, events =3D 0, revents =3D 0}, {fd =3D 5, events =3D 0, reven= ts =3D 0}, {fd =3D 817673880, events =3D 0, revents =3D 0}, {fd =3D 4848413= , events =3D 0, revents =3D 0}, {fd =3D 0, events =3D 0, revents =3D 0}, {f= d =3D 125000000, events =3D 0, revents =3D 0}, {fd =3D 37, events =3D 0, re= vents =3D 0}, {fd =3D 836738800, events =3D 0, revents =3D 0}, {fd =3D 0, e= vents =3D 0, revents =3D 0}, {fd =3D 836738800, events =3D 0, revents =3D 0= }, {fd =3D 1715843552, events =3D 32764, revents =3D 0}, {fd =3D 5511222, e= vents =3D 0, revents =3D 0}} gfds =3D 0x7ffc6645adc0 gfds_size =3D n_gfds =3D retval =3D 0 our_fds =3D 0 max_fds =3D i =3D nfds =3D tmo_in_millisec =3D -1 must_free =3D need_to_dispatch =3D #15 0x0000000000619058 in wait_reading_process_output (time_limit=3Dtime_li= mit@entry=3D37, nsecs=3Dnsecs@entry=3D0, read_kbd=3Dread_kbd@entry=3D-1, do= _display=3Ddo_display@entry=3Dtrue, wait_for_cell=3Dwait_for_cell@entry=3D0= x0, wait_proc=3Dwait_proc@entry=3D0x0, just_wait_proc=3D0) at process.c:5748 tls_nfds =3D 0 tls_available =3D {fds_bits =3D {0 }} process_skipped =3D wrapped =3D channel_start =3D child_fd =3D last_read_channel =3D 11 channel =3D nfds =3D Available =3D {fds_bits =3D {32808, 0 }} Writeok =3D {fds_bits =3D {0 }} check_write =3D true check_delay =3D no_avail =3D false xerrno =3D 2 proc =3D timeout =3D {tv_sec =3D 0, tv_nsec =3D 124947039} end_time =3D timer_delay =3D got_output_end_time =3D {tv_sec =3D 1750195811, tv_nsec =3D 2196522= 99} wait =3D TIMEOUT got_some_output =3D -1 prev_wait_proc_nbytes_read =3D 0 retry_for_async =3D now =3D #16 0x000000000043159d in sit_for (timeout=3Dtimeout@entry=3D0x96, reading= =3Dreading@entry=3Dtrue, display_option=3Ddisplay_option@entry=3D1) at lisp= .h:1192 sec =3D 37 nsec =3D 0 do_display =3D true curbuf_eq_winbuf =3D true nbytes =3D #17 0x0000000000547f46 in read_char (commandflag=3D1, map=3D0x31e9ec83, pre= v_event=3D0x0, used_mouse_menu=3D0x7ffc6645bcab, end_time=3D0x0) at lisp.h:= 1226 tem0 =3D timeout =3D 37 delay_level =3D buffer_size =3D c =3D 0x0 local_getcjmp =3D {{__jmpbuf =3D {13838880, 2237550689305543785, 0,= 817841440, 837414019, 140722024332816, -2236691474347539351, 2237551069047= 604329}, __mask_was_saved =3D 0, __saved_mask =3D {__val =3D {0, 836738805,= 1, 6, 48096, 1, 6494148, 2, 6467199, 837428755, 1, 836738805, 48096, 53913= , 53913, 836738800}}}} save_jump =3D {{__jmpbuf =3D {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_s= aved =3D 0, __saved_mask =3D {__val =3D {0 }}}} tem =3D save =3D previous_echo_area_message =3D 0x0 also_record =3D 0x0 reread =3D false recorded =3D false polling_stopped_here =3D false orig_kboard =3D 0x30bf4520 #18 0x0000000000548b34 in read_key_sequence (keybuf=3D0x7ffc6645be10, promp= t=3D0x0, dont_downcase_last=3D, can_return_switch_frame=3Dtr= ue, fix_current_buffer=3Dtrue, prevent_redisplay=3D, disable= _text_conversion_p=3Dfalse) at keyboard.c:10743 interrupted_kboard =3D 0x30bf4520 interrupted_frame =3D 0x30bcb3e0 key =3D used_mouse_menu =3D false echo_local_start =3D 0 last_real_key_start =3D 0 keys_local_start =3D 0 new_binding =3D t =3D 0 echo_start =3D 0 keys_start =3D 0 current_binding =3D 0x31e9ec83 first_unbound =3D 31 mock_input =3D 0 used_mouse_menu_history =3D {false } fkey =3D {parent =3D 0x7fbdac6f98a3, map =3D 0x7fbdac6f98a3, start = =3D 0, end =3D 0} keytran =3D {parent =3D 0x7fbd9749a683, map =3D 0x7fbd9749a683, sta= rt =3D 0, end =3D 0} indec =3D {parent =3D 0x7fbdac6f9893, map =3D 0x7fbdac6f9893, start= =3D 0, end =3D 0} shift_translated =3D false delayed_switch_frame =3D 0x0 original_uppercase =3D 0x539f22 original_uppercase_position =3D -1 disabled_conversion =3D starting_buffer =3D fake_prefixed_keys =3D 0x0 first_event =3D 0x0 second_event =3D #19 0x000000000054a394 in command_loop_1 () at lisp.h:1192 cmd =3D keybuf =3D {0x36, 0x18a, 0x7fbd973a343c, 0x60, 0x60, 0x0, 0x0, 0x11= 1c0, 0x400000003f000000, 0x5be4f4 , 0x0, 0x31ee8a03, 0xb, 0x= 111c0, 0x30, 0x30c8b715, 0x7fbd95e7fbb8, 0x60, 0x31ee8a03, 0x7ffc6645bed0, = 0x0, 0x0, 0x7ffc6645c078, 0x53f0c6 , 0xffffffffffffff00, 0x7= ffc6645c044, 0xb, 0xb310, 0x0, 0x7fbd96f922a5} i =3D last_pt =3D prev_modiff =3D 1582 prev_buffer =3D 0x32452810 #20 0x00000000005bd222 in internal_condition_case (bfun=3Dbfun@entry=3D0x54= a1d0 , handlers=3Dhandlers@entry=3D0x90, hfun=3Dhfun@entry= =3D0x53ef60 ) at eval.c:1613 val =3D c =3D 0x30c7a5f0 #21 0x0000000000537c4a in command_loop_2 (handlers=3Dhandlers@entry=3D0x90)= at keyboard.c:1168 val =3D #22 0x00000000005bd151 in internal_catch (tag=3Dtag@entry=3D0x122d0, func= =3Dfunc@entry=3D0x537c30 , arg=3Darg@entry=3D0x90) at eval.= c:1292 val =3D c =3D 0x30c7a4b0 #23 0x0000000000537bef in command_loop () at lisp.h:1192 #24 0x000000000053eb16 in recursive_edit_1 () at keyboard.c:754 val =3D #25 0x000000000053eea4 in Frecursive_edit () at keyboard.c:837 buffer =3D #26 0x0000000000426797 in main (argc=3D, argv=3D) at emacs.c:2646 stack_bottom_variable =3D 0x6169dcdcca4cd000 old_argc =3D no_loadup =3D false junk =3D 0x0 dname_arg =3D 0x0 ch_to_dir =3D 0x0 original_pwd =3D dump_mode =3D skip_args =3D 1 temacs =3D 0x0 attempt_load_pdump =3D only_version =3D rlim =3D {rlim_cur =3D 10022912, rlim_max =3D 18446744073709551615} lc_all =3D sockfd =3D -1 module_assertions =3D From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 21 05:06:15 2025 Received: (at 76970) by debbugs.gnu.org; 21 Jun 2025 09:06:15 +0000 Received: from localhost ([127.0.0.1]:33733 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSuAv-0002jq-HH for submit@debbugs.gnu.org; Sat, 21 Jun 2025 05:06:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53292) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSuAt-0002is-8T for 76970@debbugs.gnu.org; Sat, 21 Jun 2025 05:06:12 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uSuAn-0006nk-2E; Sat, 21 Jun 2025 05:06:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=BsnxyEQQn2Lb0VuJwoq3C8xuxDwa9jl2djpnDeaILIs=; b=mE2wogxr+ZjO Wh6YzR1FIKfW1OCLYMTW5SCk/SFYS0nmjFQNVEacrD3jVO3kFrAB4u9fjYRmKl9bLabSpxsU6oxbT ZqGWY6nBEJg1nfEzqah3MSbE1ulqLfxJ60HZ8vIgHqOxa+SiWXdWFgY/9U09xqOUE6ju5xp7KguV5 /UI25oBCt/DpdzWez4JEIPS0jAT6I/twbMCXDWx1dXwjDs5DrceNljschMt72BYJghrfHOGlJFr81 Hb54817HGrtueLRG9g7icynDkHyJHO4Gazp4vOAwYMZWvxyWGBeqYl9Q3NNBFORtOtqfxDd6ep9UV KD0vGmC8OugT8s4JoaJXsw==; Date: Sat, 21 Jun 2025 12:06:00 +0300 Message-Id: <865xgpjwg7.fsf@gnu.org> From: Eli Zaretskii To: Aaron Zeng In-Reply-To: (bug-gnu-emacs@gnu.org) Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow References: <87zfhr6k9c.fsf@gmail.com> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Cc: app-emacs-dev@janestreet.com > Date: Tue, 17 Jun 2025 18:38:26 -0400 > From: Aaron Zeng via "Bug reports for GNU Emacs, > the Swiss army knife of text editors" > > I'd like to report that users at my site have seen this crash occur > quite a few times recently, although not necessarily ending in a > stack_overflow() frame (instead usually ending in backtrace_top()). > > For us, we believe the incidence was increased by enabling > global-diff-hl-mode (with diff-hl-update-async set to t, so that it > uses threads). If the Lisp profiler is running and SIGPROF happens to > be delivered while current_thread is NULL, then the following code in > backtrace_top will cause a segfault: > > union specbinding * > backtrace_top (void) > { > /* This is so "xbacktrace" doesn't crash in pdumped Emacs if they > invoke the command before init_eval_once_for_pdumper initializes > specpdl machinery. See also backtrace_p above. */ > if (!specpdl) /* HERE!!! */ > return NULL; > > add_sample (profiler.c) is called from a signal handler and therefore > needs to be robust in the case where a thread has just died and there > is no current thread, so it cannot blindly read specpdl. Thanks, I installed a fix on the master branch, please see if it fixes your problem. > Here is a full backtrace that I managed to reproduce once. Emacs was > built at commit 31bac0d68c08f3f2fb03fa6ded17b771b168353e. > Unfortunately, getting a completely reliable reproduction has proved > tricky. > > emacs -Q > M-x package-initialize > M-: (setopt diff-hl-update-async t) > M-x global-diff-hl-mode > ... and then visiting some files under version control > > (gdb) bt full > #0 0x00000000005564f7 in stack_overflow (siginfo=0xcbeb30 ) at sysdep.c:1902 > addr = 0x70 > bot = > top = > fatal = false > #1 0x00000000005564f7 in handle_sigsegv (sig=11, siginfo=0xcbeb30 , arg=) at sysdep.c:1937 > fatal = false > #2 0x00007fbda4812970 in () at /lib64/libpthread.so.0 > #3 0x00000000005c3f27 in backtrace_top () at eval.c:4294 > pdl = > pdl = > #4 0x00000000005c3f27 in backtrace_top_function () at eval.c:4294 > pdl = > #5 0x000000000063a0da in add_sample (plog=0xcdf060 , count=1436) at lisp.h:1192 > #6 0x0000000000557604 in deliver_process_signal (sig=27, handler=0x63a440 ) at sysdep.c:1758 > old_errno = 11 > on_main_thread = true > #7 0x00007fbda4812970 in () at /lib64/libpthread.so.0 > #8 0x00007fbda481154a in __lll_unlock_wake () at /lib64/libpthread.so.0 > #9 0x00007fbda480c2e6 in __pthread_mutex_unlock_usercnt () at /lib64/libpthread.so.0 > #10 0x000000000063af2f in release_global_lock () at thread.c:621 > sa = 0x7ffc6645abd0 > self = 0xc76300 > oldset = {__val = {0, 0, 843691369, 843691368, 843691369, 843691368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 13385744}} > #11 0x000000000063af2f in really_call_select (arg=0x7ffc6645abd0) at thread.c:621 > sa = 0x7ffc6645abd0 > self = 0xc76300 > oldset = {__val = {0, 0, 843691369, 843691368, 843691369, 843691368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 13385744}} This seems to be a different problem? The segfault is inside release_global_lock, with self = current_thread = &main_thread, which is not NULL? Or what did I miss? From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 21 05:38:56 2025 Received: (at 76970) by debbugs.gnu.org; 21 Jun 2025 09:38:56 +0000 Received: from localhost ([127.0.0.1]:33842 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSugZ-00008m-QH for submit@debbugs.gnu.org; Sat, 21 Jun 2025 05:38:56 -0400 Received: from mail-10629.protonmail.ch ([79.135.106.29]:58879) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSugY-00007v-6t for 76970@debbugs.gnu.org; Sat, 21 Jun 2025 05:38:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1750498726; x=1750757926; bh=LHwJVNTitPyP1A+qjr9Aup+qiIBQR98GIKODu8r1l1g=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=RtbIP8KXR5qglFsdLxpRc3BeWIgQe16vOHOl1HNMH9e78rgJ5MaDfgmLVyyWbAJ+j DSeF2WsziQXAZMJAvOW41dWkgcTPcqb19DxuEd2MkSO2BuM1qAYfO9XuimocI1X8Ps Kvy60068n/Rretie0QPjMlKuB0eDyMr4J3ChiMw8xzL/oD5YiinlgnTXdMhRFTBY1T PbZMphXTVBYMkMJ4KqEWd6zMLiVhUqUb3qY6B4bgom+Msls13224hmjOG5SFRVinJY g/5qRZ/MPzipxEZpWW2bibCVgLIMmqHWpaMLFnzCDACWOjSznJAmHYtht3R6lSNpGU 7Jv3KKRJMsg2w== Date: Sat, 21 Jun 2025 09:38:41 +0000 To: Eli Zaretskii From: Pip Cet Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow Message-ID: <87ikkp77tx.fsf@protonmail.com> In-Reply-To: <865xgpjwg7.fsf@gnu.org> References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> Feedback-ID: 112775352:user:proton X-Pm-Message-ID: c275289e5e8cb69efeee2303365f199e44f4070c MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com, Aaron Zeng X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "Eli Zaretskii" writes: >> (gdb) bt full >> #0 0x00000000005564f7 in stack_overflow (siginfo=3D0xcbeb30 ) at sysdep.c:1902 >> addr =3D 0x70 >> bot =3D >> top =3D >> fatal =3D false >> #1 0x00000000005564f7 in handle_sigsegv (sig=3D11, siginfo=3D0xcbeb30 <= sigsegv_stack+62896>, arg=3D) at sysdep.c:1937 >> fatal =3D false >> #2 0x00007fbda4812970 in () at /lib64/libpthrea= d.so.0 >> #3 0x00000000005c3f27 in backtrace_top () at eval.c:4294 >> pdl =3D >> pdl =3D The segfault is the signal delivered while we were in frame #3, with signal number 11. >> #4 0x00000000005c3f27 in backtrace_top_function () at eval.c:4294 >> pdl =3D >> #5 0x000000000063a0da in add_sample (plog=3D0xcdf060 , count=3D143= 6) at lisp.h:1192 >> #6 0x0000000000557604 in deliver_process_signal (sig=3D27, handler=3D0x= 63a440 ) at sysdep.c:1758 >> old_errno =3D 11 >> on_main_thread =3D true >> #7 0x00007fbda4812970 in () at /lib64/libpthrea= d.so.0 >> #8 0x00007fbda481154a in __lll_unlock_wake () at /lib64/libpthread.so.0 This is the profiler signal, delivered while we're in frame #8, with signal number 27. >> #9 0x00007fbda480c2e6 in __pthread_mutex_unlock_usercnt () at /lib64/li= bpthread.so.0 >> #10 0x000000000063af2f in release_global_lock () at thread.c:621 >> sa =3D 0x7ffc6645abd0 >> self =3D 0xc76300 >> oldset =3D {__val =3D {0, 0, 843691369, 843691368, 843691369, 84= 3691368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 13385744}} >> #11 0x000000000063af2f in really_call_select (arg=3D0x7ffc6645abd0) at t= hread.c:621 >> sa =3D 0x7ffc6645abd0 >> self =3D 0xc76300 >> oldset =3D {__val =3D {0, 0, 843691369, 843691368, 843691369, 84= 3691368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 13385744}} > > This seems to be a different problem? The segfault is inside > release_global_lock, with self =3D current_thread =3D &main_thread, which > is not NULL? Or what did I miss? release_global_lock has released the lock, so any other thread could have set current_thread to point to its thread structure, or set it to NULL if the other thread has exited. So there's no second problem here, as far as I can see. Pip From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 21 06:44:40 2025 Received: (at 76970) by debbugs.gnu.org; 21 Jun 2025 10:44:40 +0000 Received: from localhost ([127.0.0.1]:34499 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSviB-0000x4-FC for submit@debbugs.gnu.org; Sat, 21 Jun 2025 06:44:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54718) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSvi7-0000wE-Qi for 76970@debbugs.gnu.org; Sat, 21 Jun 2025 06:44:36 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uSvi1-0005qd-8a; Sat, 21 Jun 2025 06:44:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=XPrWKcJhraEAZNUMiQ5xXn7CXuxvBI32kL/o35kWHMw=; b=UtbpqJ3WN4qW Dq0JHjpd9q9iOI+Ge/KhloMu8TqMbLMA8VBLM3WCkN4gahvxwiSx6h2hhTx7g1F2xLAr4wT40c+/Y 7daAWOcmsnGvDf4WDVeDh8m6gLFctGfSo8R7plUJvMzRIwUJhTDgXT9h/vHIc4ilWKJVhI28cgWYh 64MK5nm2QQtOTNXJjkcZjkW7dU94XH9qVnG4E4i8gcPt0AuC24xyjkhjenDE/Owe1UYK5LEIfIpYu 4HqU8kHjDPISM0tDWUAgQsKYDxn5qzKlTtSODpZEArXG4jLWjI/z1jcJziOdoPY7TuC9GsLpoaI99 QHCuu9qmRdz2kRiWgR0YTw==; Date: Sat, 21 Jun 2025 13:44:25 +0300 Message-Id: <86wm95idbq.fsf@gnu.org> From: Eli Zaretskii To: Pip Cet In-Reply-To: <87ikkp77tx.fsf@protonmail.com> (message from Pip Cet on Sat, 21 Jun 2025 09:38:41 +0000) Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com, azeng@janestreet.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Date: Sat, 21 Jun 2025 09:38:41 +0000 > From: Pip Cet > Cc: Aaron Zeng , 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com > > "Eli Zaretskii" writes: > >> (gdb) bt full > >> #0 0x00000000005564f7 in stack_overflow (siginfo=0xcbeb30 ) at sysdep.c:1902 > >> addr = 0x70 > >> bot = > >> top = > >> fatal = false > >> #1 0x00000000005564f7 in handle_sigsegv (sig=11, siginfo=0xcbeb30 , arg=) at sysdep.c:1937 > >> fatal = false > >> #2 0x00007fbda4812970 in () at /lib64/libpthread.so.0 > >> #3 0x00000000005c3f27 in backtrace_top () at eval.c:4294 > >> pdl = > >> pdl = > > The segfault is the signal delivered while we were in frame #3, with > signal number 11. > > >> #4 0x00000000005c3f27 in backtrace_top_function () at eval.c:4294 > >> pdl = > >> #5 0x000000000063a0da in add_sample (plog=0xcdf060 , count=1436) at lisp.h:1192 > >> #6 0x0000000000557604 in deliver_process_signal (sig=27, handler=0x63a440 ) at sysdep.c:1758 > >> old_errno = 11 > >> on_main_thread = true > >> #7 0x00007fbda4812970 in () at /lib64/libpthread.so.0 > >> #8 0x00007fbda481154a in __lll_unlock_wake () at /lib64/libpthread.so.0 > > This is the profiler signal, delivered while we're in frame #8, with > signal number 27. > > >> #9 0x00007fbda480c2e6 in __pthread_mutex_unlock_usercnt () at /lib64/libpthread.so.0 > >> #10 0x000000000063af2f in release_global_lock () at thread.c:621 > >> sa = 0x7ffc6645abd0 > >> self = 0xc76300 > >> oldset = {__val = {0, 0, 843691369, 843691368, 843691369, 843691368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 13385744}} > >> #11 0x000000000063af2f in really_call_select (arg=0x7ffc6645abd0) at thread.c:621 > >> sa = 0x7ffc6645abd0 > >> self = 0xc76300 > >> oldset = {__val = {0, 0, 843691369, 843691368, 843691369, 843691368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 13385744}} > > > > This seems to be a different problem? The segfault is inside > > release_global_lock, with self = current_thread = &main_thread, which > > is not NULL? Or what did I miss? > > release_global_lock has released the lock, so any other thread could > have set current_thread to point to its thread structure, or set it to > NULL if the other thread has exited. The variable current_thread is a global variable. really_call_select, which calls release_global_lock in the backtrace, does this: static void really_call_select (void *arg) { struct select_args *sa = arg; struct thread_state *self = current_thread; sigset_t oldset; block_interrupt_signal (&oldset); self->not_holding_lock = 1; release_global_lock (); If we are to believe the backtrace, SIGPROF was delivered when we were inside release_global_lock (which doesn't touch current_thread, AFAICT). And the backtrace shows: > #10 0x000000000063af2f in release_global_lock () at thread.c:621 > sa = 0x7ffc6645abd0 > self = 0xc76300 Which tells me that current_thread's value is main_thread, since that's the value of 'self'. And main_thread is always a valid value. If release_global_lock caused some other thread to run, then that other thread will call post_acquire_global_lock, which never sets current_thread to NULL, it only assigns that variable the value of another thread's self. If there's no other thread (i.e., that other thread exited), then release_global_lock will not switch to any other thread and will not set current_thread to NULL. So please elaborate on how this scenario could cause a segfault. From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 22 02:15:23 2025 Received: (at 76970) by debbugs.gnu.org; 22 Jun 2025 06:15:23 +0000 Received: from localhost ([127.0.0.1]:46261 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uTDz9-00041j-7G for submit@debbugs.gnu.org; Sun, 22 Jun 2025 02:15:23 -0400 Received: from mail-4316.protonmail.ch ([185.70.43.16]:60789) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uTDz4-00041O-Mz for 76970@debbugs.gnu.org; Sun, 22 Jun 2025 02:15:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1750572912; x=1750832112; bh=Ufmetgp/ALrrT+3EJwbXP3rgIkRgs99UhV6lemPTS9Q=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=ACzs0yOqTsTeFclmpBgMxn8bXteTCcnx393Z3wgedXt5EjTWgKgdcF2n+6wIgj70Z mvOTvTqjcL5O/GUw4QN8KzBqR6WY32zOBEFGAhBFLjx7Yv8oWa4jjFUY/QBGD6SHnf Ihvq33vm2dqXpvOOwVOvhBv9yGaEbLo71oNt9Qfn577PyNdTe3BkE3zyfZmcHO8YDE P9zLIoi6gdR1TKUkLf59dw+VdcV/Kli0/9Gx9HILXP2Lqy5Cw+7jwRA42xE1MDb3yx UcYla8kVcTCvsdO9JcTgxNIwPmcn15k/8DYwB9TqnRtG/O+ptBG1ncN/zTONazGmLr NckddDR0axGtw== Date: Sun, 22 Jun 2025 06:15:07 +0000 To: Eli Zaretskii From: Pip Cet Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow Message-ID: <87h608715m.fsf@protonmail.com> In-Reply-To: <86wm95idbq.fsf@gnu.org> References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> Feedback-ID: 112775352:user:proton X-Pm-Message-ID: b2b6e340c82073da32d86a19ea992e4f8856ec8e MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com, azeng@janestreet.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "Eli Zaretskii" writes: >> Date: Sat, 21 Jun 2025 09:38:41 +0000 >> From: Pip Cet >> Cc: Aaron Zeng , 76970@debbugs.gnu.org, app-emacs-= dev@janestreet.com >> >> "Eli Zaretskii" writes: >> >> (gdb) bt full >> >> #0 0x00000000005564f7 in stack_overflow (siginfo=3D0xcbeb30 ) at sysdep.c:1902 >> >> addr =3D 0x70 >> >> bot =3D >> >> top =3D >> >> fatal =3D false >> >> #1 0x00000000005564f7 in handle_sigsegv (sig=3D11, siginfo=3D0xcbeb3= 0 , arg=3D) at sysdep.c:1937 >> >> fatal =3D false >> >> #2 0x00007fbda4812970 in () at /lib64/libpth= read.so.0 >> >> #3 0x00000000005c3f27 in backtrace_top () at eval.c:4294 >> >> pdl =3D >> >> pdl =3D >> >> The segfault is the signal delivered while we were in frame #3, with >> signal number 11. >> >> >> #4 0x00000000005c3f27 in backtrace_top_function () at eval.c:4294 >> >> pdl =3D >> >> #5 0x000000000063a0da in add_sample (plog=3D0xcdf060 , count=3D= 1436) at lisp.h:1192 >> >> #6 0x0000000000557604 in deliver_process_signal (sig=3D27, handler= =3D0x63a440 ) at sysdep.c:1758 >> >> old_errno =3D 11 >> >> on_main_thread =3D true >> >> #7 0x00007fbda4812970 in () at /lib64/libpth= read.so.0 >> >> #8 0x00007fbda481154a in __lll_unlock_wake () at /lib64/libpthread.s= o.0 >> >> This is the profiler signal, delivered while we're in frame #8, with >> signal number 27. >> >> >> #9 0x00007fbda480c2e6 in __pthread_mutex_unlock_usercnt () at /lib64= /libpthread.so.0 >> >> #10 0x000000000063af2f in release_global_lock () at thread.c:621 >> >> sa =3D 0x7ffc6645abd0 >> >> self =3D 0xc76300 >> >> oldset =3D {__val =3D {0, 0, 843691369, 843691368, 843691369,= 843691368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 1338574= 4}} >> >> #11 0x000000000063af2f in really_call_select (arg=3D0x7ffc6645abd0) a= t thread.c:621 >> >> sa =3D 0x7ffc6645abd0 >> >> self =3D 0xc76300 >> >> oldset =3D {__val =3D {0, 0, 843691369, 843691368, 843691369,= 843691368, 0, 837799220, 0, 1, 13385680, 13385744, 0, 0, 13385680, 1338574= 4}} >> > >> > This seems to be a different problem? The segfault is inside >> > release_global_lock, with self =3D current_thread =3D &main_thread, wh= ich >> > is not NULL? Or what did I miss? >> >> release_global_lock has released the lock, so any other thread could >> have set current_thread to point to its thread structure, or set it to >> NULL if the other thread has exited. > > The variable current_thread is a global variable. really_call_select, > which calls release_global_lock in the backtrace, does this: > > static void > really_call_select (void *arg) > { > struct select_args *sa =3D arg; > struct thread_state *self =3D current_thread; > sigset_t oldset; > > block_interrupt_signal (&oldset); > self->not_holding_lock =3D 1; > release_global_lock (); > > If we are to believe the backtrace, SIGPROF was delivered when we were > inside release_global_lock (which doesn't touch current_thread, > AFAICT). And the backtrace shows: > >> #10 0x000000000063af2f in release_global_lock () at thread.c:621 >> sa =3D 0x7ffc6645abd0 >> self =3D 0xc76300 > > Which tells me that current_thread's value is main_thread, since > that's the value of 'self'. And main_thread is always a valid value. > > If release_global_lock caused some other thread to run, then that > other thread will call post_acquire_global_lock, which never sets > current_thread to NULL, it only assigns that variable the value of Most likely the other thread continued running, finished, and set current_thread to NULL before we got a chance to run the main thread again. It's very likely we spent some time in release_global_lock because we were still in that function when SIGPROF, which only happens once in a while, hit. There may well have been more threads than CPU cores. Pip From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 22 03:15:38 2025 Received: (at 76970) by debbugs.gnu.org; 22 Jun 2025 07:15:38 +0000 Received: from localhost ([127.0.0.1]:46340 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uTEvS-0006nk-9i for submit@debbugs.gnu.org; Sun, 22 Jun 2025 03:15:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47246) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uTEvN-0006nT-F3 for 76970@debbugs.gnu.org; Sun, 22 Jun 2025 03:15:36 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uTEvH-0006hi-3U; Sun, 22 Jun 2025 03:15:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=QY60ciPw7VOn8xb8M0OnxQCzx37BBJDZLZdv6SW3mZw=; b=HDw+No24WwSj vfjJqOoxSD1lsiSHCVhicZT81WGldWvxUq2L3vRhWYoD0TQ6uDPLzawx0CzMNIl3LWocWjcawUa4C /uDI4GaExxfKl+nTEe6IH4oC3ZtXpdxpQ5YldXpbVWm8HqSInQpLWvZukBZK3thcf6GgvCI4bMAh6 C2jhefCvyRbxeTwtK3WwUK4lp/TG+2QDP4FYecP9hwHR12Y0cGs1Ki9XRz8gUlFFsC97U3F5MaNgs Wgg02PpOrPW8wnxnaukWSNYULRv/c80/8J6xb5aJfxQ38zFmR/xSeb3qk1n9jPr4L9R9ouPFBpqvu 8jM+tv6hFhQqi7p+pcM+MQ==; Date: Sun, 22 Jun 2025 10:15:24 +0300 Message-Id: <86tt48gsc3.fsf@gnu.org> From: Eli Zaretskii To: Pip Cet In-Reply-To: <87h608715m.fsf@protonmail.com> (message from Pip Cet on Sun, 22 Jun 2025 06:15:07 +0000) Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> <87h608715m.fsf@protonmail.com> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com, azeng@janestreet.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Date: Sun, 22 Jun 2025 06:15:07 +0000 > From: Pip Cet > Cc: azeng@janestreet.com, 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com > > "Eli Zaretskii" writes: > > >> release_global_lock has released the lock, so any other thread could > >> have set current_thread to point to its thread structure, or set it to > >> NULL if the other thread has exited. > > > > The variable current_thread is a global variable. really_call_select, > > which calls release_global_lock in the backtrace, does this: > > > > static void > > really_call_select (void *arg) > > { > > struct select_args *sa = arg; > > struct thread_state *self = current_thread; > > sigset_t oldset; > > > > block_interrupt_signal (&oldset); > > self->not_holding_lock = 1; > > release_global_lock (); > > > > If we are to believe the backtrace, SIGPROF was delivered when we were > > inside release_global_lock (which doesn't touch current_thread, > > AFAICT). And the backtrace shows: > > > >> #10 0x000000000063af2f in release_global_lock () at thread.c:621 > >> sa = 0x7ffc6645abd0 > >> self = 0xc76300 > > > > Which tells me that current_thread's value is main_thread, since > > that's the value of 'self'. And main_thread is always a valid value. > > > > If release_global_lock caused some other thread to run, then that > > other thread will call post_acquire_global_lock, which never sets > > current_thread to NULL, it only assigns that variable the value of > > Most likely the other thread continued running, finished, and set > current_thread to NULL before we got a chance to run the main thread > again. This is possible, but we have no evidence to think this is what happened. Moreover, the main thread didn't yet return from pthread_mutex_unlock when SIGPROF is delivered: >> #4 0x00000000005c3f27 in backtrace_top_function () at eval.c:4294 >> pdl = >> #5 0x000000000063a0da in add_sample (plog=0xcdf060 , count=1436) at lisp.h:1192 >> #6 0x0000000000557604 in deliver_process_signal (sig=27, handler=0x63a440 ) at sysdep.c:1758 >> old_errno = 11 >> on_main_thread = true >> #7 0x00007fbda4812970 in () at /lib64/libpthread.so.0 >> #8 0x00007fbda481154a in __lll_unlock_wake () at /lib64/libpthread.so.0 >> #9 0x00007fbda480c2e6 in __pthread_mutex_unlock_usercnt () at /lib64/libpthread.so.0 >> >> #10 0x000000000063af2f in release_global_lock () at thread.c:621 Is the global lock already released at this point? are other threads allowed to run? What is __lll_unlock_wake about -- doesn't it wake some other thread? If it did not yet do so, the other thread couldn't have been running. IOW, we need backtrace from all the threads, not just from the main thread, to draw any definitive conclusions. From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 23 16:07:44 2025 Received: (at 76970) by debbugs.gnu.org; 23 Jun 2025 20:07:44 +0000 Received: from localhost ([127.0.0.1]:58346 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uTnS9-00050A-Ew for submit@debbugs.gnu.org; Mon, 23 Jun 2025 16:07:44 -0400 Received: from mxout5.mail.janestreet.com ([64.215.233.18]:34507) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uTnS5-0004zG-2U for 76970@debbugs.gnu.org; Mon, 23 Jun 2025 16:07:39 -0400 Received: from mail-lj1-f200.google.com ([209.85.208.200]) by mxgoog2.mail.janestreet.com with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) (Exim 4.98.2) id 1uTnRy-00000005uxr-2Uq4 for 76970@debbugs.gnu.org; Mon, 23 Jun 2025 16:07:31 -0400 Received: by mail-lj1-f200.google.com with SMTP id 38308e7fff4ca-32b4b645bb4so24514341fa.0 for <76970@debbugs.gnu.org>; Mon, 23 Jun 2025 13:07:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=janestreet.com; s=google; t=1750709250; x=1751314050; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=0d0/oqXdUtqymJLG8+WwpEw7IoefxLdGsDkJcoVC5a0=; b=WT1futM8SroS3DNKg8UfoStBORqnDYqOCTXfDwSitrDKbh1cB4tlMDj+71xwoSSDCf lcPd+g/+gLFR0/ba7/sSOdjnc++DirMukzlQnzrpzHHIc/vZcWP5vFkNoNTXMtsdLbQt 4/mTU5WO8LIPC73xfZ8HwGp2o70GqBoAUqKjc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=janestreet.com; s=waixah; t=1750709251; bh=0d0/oqXdUtqymJLG8+WwpEw7IoefxLdGsDkJcoVC5a0=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=HbUAirOI/nfqLTkZGdzBsReaZueAyAtLLvOdubsh5xw9e0/tOlvniEwl4sh9Y632l BwkxRaH+ZcAy8UJ7HUTwgjKnScvFBIJf9DY7HAqWAliJ4cmjNs3yhs7UYuXZgZTty6 CrAhM5BRE55js56kSuL7Ym+DCITjVO1fFbb3eFN7qvVjeR+XHDEhwz9c3enKNVc/fU XZ44eLl1IoUNcmIMuzzpBZz7ky8U10q876ENsDfHMShO6OSwDEKYukFAf9jBaER8JO ssPWvAfLRxP9cCTHihnjJ2oikiefiPz+ace7RYoijOYNU4qoWPKPHyN/pSLJwbxZ7P d0s7hc7rBccOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750709250; x=1751314050; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0d0/oqXdUtqymJLG8+WwpEw7IoefxLdGsDkJcoVC5a0=; b=adZF0alzDMeRUciwN3xUBVIUCPgGfgzZxJnVwssMhOIWj8A8mrqXaGMy9vHqy4yPey irdtKGJyh/iPbfam16E+je6ixyv+QGcLvI7nlVQrqR7u1BaOHhxKmc7JgONrcXCQBYE0 2EmRobakELQhBfGPooN47o7Y5lOgBY4i1dNnyiiQbaF/M8GtjYd5FT6Jy5xCgtWA4SIk 5fxByNvK3RfLOBFZP0C3oZPX3p118jj5YzWerkoAC9sWFKckpYwFLDLbYzCRBn11qu3H b4evR3a4FRO07uvBjT5zfxFQAmI0xroT030dsZSaBqUT6kLXLCO/1D51VrZBYxltGPOz faVA== X-Forwarded-Encrypted: i=1; AJvYcCWfpOpVtU/eytlY/PYeN/s9UZQxfxQ2HClcPHfgD7Az0ohr+/0bxRDGW8q9qFZ8vn0fmmK7XA==@debbugs.gnu.org X-Gm-Message-State: AOJu0Yzlu8JoahoAHKOtKermtBdmL7UwsRA9ruwCIRGpwCS+SNcToaL2 qtIX5r/dw8FOEThI/3fxcswi7LLGG7JS2KLBj5yQJJdVwTV5RSYWPKhSiBqmIjkohskLHX2cLMK 8z48QyZKKsd3r+i90rcDr6gT57ULNdQ/gRrPxuqMwbjsFrkrtvwc0MiXtFmXjBZwX8aJp0Vmjqy vZGBF8sLLSESBpqUKWfJrJMOYCNT0B X-Gm-Gg: ASbGnctvIFA7EWbNc8Q3nkeBviZ2tFXW2cYR4jWs/hba7ptw3VfrtCqVUcBEIt6eWqr DaTJ+8RxZYxwApDPDR1Uc1eemkVrrkvnT7xm/TBOLEyhr96oh+BGTmZmgFjBodFn5OFb7C49iIO tY1Q== X-Received: by 2002:a05:6512:224c:b0:553:388a:e794 with SMTP id 2adb3069b0e04-553e3baeb05mr4869880e87.17.1750709249846; Mon, 23 Jun 2025 13:07:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHeubKfAVVN3gavs5cKxA9yrrsgHGUBU9lHvTuTV6r0QIRxzlelsY9lsSR/Vzl4kAKVa2yGd24dD8iBDOVsVqc= X-Received: by 2002:a05:6512:224c:b0:553:388a:e794 with SMTP id 2adb3069b0e04-553e3baeb05mr4869871e87.17.1750709249346; Mon, 23 Jun 2025 13:07:29 -0700 (PDT) MIME-Version: 1.0 References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> <87h608715m.fsf@protonmail.com> <86tt48gsc3.fsf@gnu.org> In-Reply-To: <86tt48gsc3.fsf@gnu.org> From: Aaron Zeng Date: Mon, 23 Jun 2025 16:06:52 -0400 X-Gm-Features: AX0GCFtTMI5iEKbSSpJjEMrTTKivM5R7JvPfVrA7onNzRnUb8O_dEiTU83tckZg Message-ID: Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow To: Eli Zaretskii Content-Type: multipart/mixed; boundary="000000000000e9e117063842c242" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: Pip Cet , app-emacs-dev@janestreet.com, 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --000000000000e9e117063842c242 Content-Type: multipart/alternative; boundary="000000000000e9e116063842c240" --000000000000e9e116063842c240 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, Jun 22, 2025 at 3:15=E2=80=AFAM Eli Zaretskii wrote: > This is possible, but we have no evidence to think this is what > happened. Moreover, the main thread didn't yet return from > pthread_mutex_unlock when SIGPROF is delivered: > > >> #4 0x00000000005c3f27 in backtrace_top_function () at eval.c:4294 > >> pdl =3D > >> #5 0x000000000063a0da in add_sample (plog=3D0xcdf060 , count=3D1= 436) > at lisp.h:1192 > >> #6 0x0000000000557604 in deliver_process_signal (sig=3D27, > handler=3D0x63a440 ) at sysdep.c:1758 > >> old_errno =3D 11 > >> on_main_thread =3D true > >> #7 0x00007fbda4812970 in () at > /lib64/libpthread.so.0 > >> #8 0x00007fbda481154a in __lll_unlock_wake () at /lib64/libpthread.so= .0 > >> #9 0x00007fbda480c2e6 in __pthread_mutex_unlock_usercnt () at > /lib64/libpthread.so.0 > >> >> #10 0x000000000063af2f in release_global_lock () at thread.c:621 > > Is the global lock already released at this point? are other threads > allowed to run? What is __lll_unlock_wake about -- doesn't it wake > some other thread? If it did not yet do so, the other thread couldn't > have been running. > > IOW, we need backtrace from all the threads, not just from the main > thread, to draw any definitive conclusions. > I applied your patch from the master branch and got a segfault again, but it has a different top frame. I have attached a backtrace generated with [thread apply all bt full]. In this one, I do not see __lll_unlock_wake appear at all. This is from Emacs compiled at revision 991d3ad80a37a1cf8951d2607eb5f7544f968e93. It seems it is possible for current_thread to be set to NULL by the dying thread, during backtrace_top. --000000000000e9e116063842c240 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Sun, Jun 22, 2025 at 3:15=E2=80=AFAM Eli Z= aretskii <eliz@gnu.org= > wrote:
= This is possible, but we have no evidence to think this is what
happened.=C2=A0 Moreover, the main thread didn't yet return from
pthread_mutex_unlock when SIGPROF is delivered:

>> #4=C2=A0 0x00000000005c3f27 in backtrace_top_function () at eval.c= :4294
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0pdl =3D <optimized out>
>> #5=C2=A0 0x000000000063a0da in add_sample (plog=3D0xcdf060 <cpu= >, count=3D1436) at lisp.h:1192
>> #6=C2=A0 0x0000000000557604 in deliver_process_signal (sig=3D27, h= andler=3D0x63a440 <handle_profiler_signal>) at sysdep.c:1758
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0old_errno =3D 11
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0on_main_thread =3D true
>> #7=C2=A0 0x00007fbda4812970 in <signal handler called> () at= /lib64/libpthread.so.0
>> #8=C2=A0 0x00007fbda481154a in __lll_unlock_wake () at /lib64/libp= thread.so.0
>> #9=C2=A0 0x00007fbda480c2e6 in __pthread_mutex_unlock_usercnt () a= t /lib64/libpthread.so.0
>> >> #10 0x000000000063af2f in release_global_lock () at threa= d.c:621

Is the global lock already released at this point? are other threads
allowed to run?=C2=A0 What is __lll_unlock_wake about -- doesn't it wak= e
some other thread?=C2=A0 If it did not yet do so, the other thread couldn&#= 39;t
have been running.

IOW, we need backtrace from all the threads, not just from the main
thread, to draw any definitive conclusions.

=
I applied your patch from the master branch and got a segfault again, = but it has a different
top frame.=C2=A0 I have attached a backtra= ce generated with [thread apply all bt full].=C2=A0 In this one,
= I do not see __lll_unlock_wake appear at all.

This= is from Emacs compiled at revision=C2=A0991d3ad80a37a1cf8951d2607eb5f7544f= 968e93.

It seems it is possible for current_thread= to be set to NULL by the dying thread,
during backtrace_top.
--000000000000e9e116063842c240-- --000000000000e9e117063842c242 Content-Type: text/plain; charset="US-ASCII"; name="gdb2.txt" Content-Disposition: attachment; filename="gdb2.txt" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mc9iyn5q0 ClRocmVhZCAyIChUaHJlYWQgMHg3ZmNkZDIxZmY3MDAgKExXUCAzNzg3OTU1KSk6Cndhcm5pbmc6 IFNlY3Rpb24gYC5yZWcteHN0YXRlLzM3ODc5NTUnIGluIGNvcmUgZmlsZSB0b28gc21hbGwuCiMw ICAweDAwMDA3ZmNkZWExMzI0MDEgaW4gcG9sbCAoKSBhdCAvbGliNjQvbGliYy5zby42CiMxICAw eDAwMDA3ZmNkZjViMjM2MTYgaW4gZ19tYWluX2NvbnRleHRfaXRlcmF0ZS5pc3JhICgpIGF0IC9s aWI2NC9saWJnbGliLTIuMC5zby4wCiMyICAweDAwMDA3ZmNkZjViMjM3NDAgaW4gZ19tYWluX2Nv bnRleHRfaXRlcmF0aW9uICgpIGF0IC9saWI2NC9saWJnbGliLTIuMC5zby4wCiMzICAweDAwMDA3 ZmNkZjViMjM3OTEgaW4gZ2xpYl93b3JrZXJfbWFpbiAoKSBhdCAvbGliNjQvbGliZ2xpYi0yLjAu c28uMAojNCAgMHgwMDAwN2ZjZGY1YjRkMjA5IGluIGdfdGhyZWFkX3Byb3h5ICgpIGF0IC9saWI2 NC9saWJnbGliLTIuMC5zby4wCiM1ICAweDAwMDA3ZmNkZWRjMDgxZWEgaW4gc3RhcnRfdGhyZWFk ICgpIGF0IC9saWI2NC9saWJwdGhyZWFkLnNvLjAKIzYgIDB4MDAwMDdmY2RlYTAzOTk1MyBpbiBj bG9uZSAoKSBhdCAvbGliNjQvbGliYy5zby42CgpUaHJlYWQgMSAoVGhyZWFkIDB4N2ZjZGY1ZWQy ZTgwIChMV1AgMzc4Nzk1MCkpOgojMCAgMHgwMDAwMDAwMDAwNTU2NGY3IGluIHN0YWNrX292ZXJm bG93IChzaWdpbmZvPTB4Y2JlYjMwIDxzaWdzZWd2X3N0YWNrKzYyODk2PikgYXQgc3lzZGVwLmM6 MTkwMgogICAgICAgIGFkZHIgPSAweDcwIDxlcnJvcjogQ2Fubm90IGFjY2VzcyBtZW1vcnkgYXQg YWRkcmVzcyAweDcwPgogICAgICAgIGJvdCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHRvcCA9 IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGZhdGFsID0gZmFsc2UKIzEgIDB4MDAwMDAwMDAwMDU1 NjRmNyBpbiBoYW5kbGVfc2lnc2VndiAoc2lnPTExLCBzaWdpbmZvPTB4Y2JlYjMwIDxzaWdzZWd2 X3N0YWNrKzYyODk2PiwgYXJnPTxvcHRpbWl6ZWQgb3V0PikgYXQgc3lzZGVwLmM6MTkzNwogICAg ICAgIGZhdGFsID0gZmFsc2UKIzIgIDB4MDAwMDdmY2RlZGMxMjk3MCBpbiA8c2lnbmFsIGhhbmRs ZXIgY2FsbGVkPiAoKSBhdCAvbGliNjQvbGlicHRocmVhZC5zby4wCiMzICAweDAwMDAwMDAwMDA1 YzNlYWMgaW4gYmFja3RyYWNlX3AgKHBkbD0weDApIGF0IGV2YWwuYzoxNjIKICAgICAgICBwZGwg PSAweDAKICAgICAgICBpID0gMAojNCAgMHgwMDAwMDAwMDAwNWMzZWFjIGluIGdldF9iYWNrdHJh Y2UgKGFycmF5PTB4MWM3NjgwNDAsIHNpemU9MTYpIGF0IGV2YWwuYzo0Mjg2CiAgICAgICAgcGRs ID0gMHgwCiAgICAgICAgaSA9IDAKIzUgIDB4MDAwMDAwMDAwMDYzYTE3NiBpbiByZWNvcmRfYmFj a3RyYWNlIChjb3VudD0yMTQ5MSwgcGxvZz0weGNkZjA2MCA8Y3B1PikgYXQgcHJvZmlsZXIuYzoy NzQKICAgICAgICBsb2cgPSAweDFjNzY3ZmYwCiAgICAgICAgaGFzaCA9IDxvcHRpbWl6ZWQgb3V0 PgogICAgICAgIGhpZHggPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBpZHggPSA8b3B0aW1pemVk IG91dD4KIzYgIDB4MDAwMDAwMDAwMDYzYTE3NiBpbiBhZGRfc2FtcGxlIChwbG9nPTB4Y2RmMDYw IDxjcHU+LCBjb3VudD0yMTQ5MSkgYXQgcHJvZmlsZXIuYzozMzcKIzcgIDB4MDAwMDAwMDAwMDU1 NzYwNCBpbiBkZWxpdmVyX3Byb2Nlc3Nfc2lnbmFsIChzaWc9MjcsIGhhbmRsZXI9MHg2M2E0NTAg PGhhbmRsZV9wcm9maWxlcl9zaWduYWw+KSBhdCBzeXNkZXAuYzoxNzU4CiAgICAgICAgb2xkX2Vy cm5vID0gNAogICAgICAgIG9uX21haW5fdGhyZWFkID0gdHJ1ZQojOCAgMHgwMDAwN2ZjZGVkYzEy OTcwIGluIDxzaWduYWwgaGFuZGxlciBjYWxsZWQ+ICgpIGF0IC9saWI2NC9saWJwdGhyZWFkLnNv LjAKIzkgIDB4MDAwMDdmY2RlZGMxMTRhZCBpbiBfX2xsbF9sb2NrX3dhaXQgKCkgYXQgL2xpYjY0 L2xpYnB0aHJlYWQuc28uMAojMTAgMHgwMDAwN2ZjZGVkYzBhYWM5IGluIHB0aHJlYWRfbXV0ZXhf bG9jayAoKSBhdCAvbGliNjQvbGlicHRocmVhZC5zby4wCiMxMSAweDAwMDAwMDAwMDA2M2JlMzUg aW4gc3lzX211dGV4X2xvY2sgKG11dGV4PTxvcHRpbWl6ZWQgb3V0PikgYXQgc3lzdGhyZWFkLmM6 MTQwCiMxMiAweDAwMDAwMDAwMDA2M2FmOWEgaW4gYWNxdWlyZV9nbG9iYWxfbG9jayAoc2VsZj0w eGM3NjMwMCA8bWFpbl90aHJlYWQ+KSBhdCB0aHJlYWQuYzo2MzYKICAgICAgICBzYSA9IDB4N2Zm YzQxMTFmNWUwCiAgICAgICAgc2VsZiA9IDB4Yzc2MzAwIDxtYWluX3RocmVhZD4KICAgICAgICBv bGRzZXQgPSAKICAgICAgICAgICAge19fdmFsID0gezAsIDE0MDcyMTQwMDE4MjE0NCwgMjE0NzQ4 MzY0NywgMTQwNTIyNTY3MTE4NzM2LCAxNDA3MjE0MDAxODIxMzIsIDE0MDcyMTQwMDE4MjI3Miwg MiwgMCwgNDc2MTg2OTkyLCAxLCAwLCAwLCA0NzYxODY5OTIsIDE3MTczOTAwNDE3OTE0MTA3NjQ4 LCAxNDA1MjI1MjgzODc4MDgsIDQ3NjE4Njk5Mn19CiMxMyAweDAwMDAwMDAwMDA2M2FmOWEgaW4g cmVhbGx5X2NhbGxfc2VsZWN0IChhcmc9MHg3ZmZjNDExMWY1ZTApIGF0IHRocmVhZC5jOjYzNgog ICAgICAgIHNhID0gMHg3ZmZjNDExMWY1ZTAKICAgICAgICBzZWxmID0gMHhjNzYzMDAgPG1haW5f dGhyZWFkPgogICAgICAgIG9sZHNldCA9IHtfX3ZhbCA9IHswLCAxNDA3MjE0MDAxODIxNDQsIDIx NDc0ODM2NDcsIDE0MDUyMjU2NzExODczNiwgMTQwNzIxNDAwMTgyMTMyLCAxNDA3MjE0MDAxODIy NzIsIDIsIDAsIDQ3NjE4Njk5MiwgMSwgMCwgMCwgNDc2MTg2OTkyLCAxNzE3MzkwMDQxNzkxNDEw NzY0OCwgMTQwNTIyNTI4Mzg3ODA4LCA0NzYxODY5OTJ9fQojMTQgMHgwMDAwMDAwMDAwNjNiYjJl IGluIGZsdXNoX3N0YWNrX2NhbGxfZnVuYyAoYXJnPTB4N2ZmYzQxMTFmNWUwLCBmdW5jPTB4NjNh ZjEwIDxyZWFsbHlfY2FsbF9zZWxlY3Q+KSBhdCBsaXNwLmg6NDUwOQogICAgICAgIHNhID0ge2Z1 bmMgPSAweDQxOTQ1MCA8cHNlbGVjdEBwbHQ+LCBtYXhfZmRzID0gMTEsIHJmZHMgPSAweDdmZmM0 MTExZjZkMCwgd2ZkcyA9IDB4N2ZmYzQxMTFmNzUwLCBlZmRzID0gMHgwLCB0aW1lb3V0ID0gMHg3 ZmZjNDExMWZjZTAsIHNpZ21hc2sgPSAweDAsIHJlc3VsdCA9IDB9CiMxNSAweDAwMDAwMDAwMDA2 M2JiMmUgaW4gdGhyZWFkX3NlbGVjdCAoZnVuYz08b3B0aW1pemVkIG91dD4sIG1heF9mZHM9bWF4 X2Zkc0BlbnRyeT0xMSwgcmZkcz1yZmRzQGVudHJ5PTB4N2ZmYzQxMTFmNmQwLCB3ZmRzPXdmZHNA ZW50cnk9MHg3ZmZjNDExMWY3NTAsIGVmZHM9ZWZkc0BlbnRyeT0weDAsIHRpbWVvdXQ9dGltZW91 dEBlbnRyeT0weDdmZmM0MTExZmNlMCwgc2lnbWFzaz0weDApIGF0IHRocmVhZC5jOjY1NgogICAg ICAgIHNhID0ge2Z1bmMgPSAweDQxOTQ1MCA8cHNlbGVjdEBwbHQ+LCBtYXhfZmRzID0gMTEsIHJm ZHMgPSAweDdmZmM0MTExZjZkMCwgd2ZkcyA9IDB4N2ZmYzQxMTFmNzUwLCBlZmRzID0gMHgwLCB0 aW1lb3V0ID0gMHg3ZmZjNDExMWZjZTAsIHNpZ21hc2sgPSAweDAsIHJlc3VsdCA9IDB9CiMxNiAw eDAwMDAwMDAwMDA2Njg3YmUgaW4geGdfc2VsZWN0IChmZHNfbGltPTExLCByZmRzPXJmZHNAZW50 cnk9MHg3ZmZjNDExMWZlNTAsIHdmZHM9d2Zkc0BlbnRyeT0weDdmZmM0MTExZmVkMCwgZWZkcz1l ZmRzQGVudHJ5PTB4MCwgdGltZW91dD10aW1lb3V0QGVudHJ5PTB4N2ZmYzQxMTFmY2UwLCBzaWdt YXNrPXNpZ21hc2tAZW50cnk9MHgwKSBhdCB4Z3NlbGVjdC5jOjE4NAogICAgICAgIGFsbF9yZmRz ID0ge2Zkc19iaXRzID0gezAgPHJlcGVhdHMgMTYgdGltZXM+fX0KICAgICAgICBhbGxfd2ZkcyA9 IHtmZHNfYml0cyA9IHswIDxyZXBlYXRzIDE2IHRpbWVzPn19CiAgICAgICAgdG1vID0ge3R2X3Nl YyA9IDE0MDcyMTQwMDE4MzA1NiwgdHZfbnNlYyA9IDEzMzk3MjQ4fQogICAgICAgIHRtb3AgPSAw eDdmZmM0MTExZmNlMAogICAgICAgIGNvbnRleHQgPSAweDFjNjIwOTcwCiAgICAgICAgaGF2ZV93 ZmRzID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgZ2Zkc19idWYgPSB7e2ZkID0gNiwgZXZlbnRz ID0gMSwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAtNTQ2MTkwNjA4LCBldmVudHMgPSAzMjcxNywgcmV2 ZW50cyA9IDB9LCB7ZmQgPSA5NiwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAwLCBl dmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IC01NDk0MjEwNDgsIGV2ZW50cyA9IDMyNzE3 LCByZXZlbnRzID0gMH0sIHtmZCA9IDQ4NTAyNDY4NSwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9 LCB7ZmQgPSA0ODUzMDMwOTEsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gLTMxODU3 NDE0NiwgZXZlbnRzID0gMzI3MTcsIHJldmVudHMgPSAwfSwge2ZkID0gLTU0OTQyMjY2NCwgZXZl bnRzID0gMzI3MTcsIHJldmVudHMgPSAwfSwge2ZkID0gMCwgZXZlbnRzID0gNDIyNTYsIHJldmVu dHMgPSA1OTYwNH0sIHtmZCA9IDEwOTE2OTcwMDgsIGV2ZW50cyA9IDMyNzY0LCByZXZlbnRzID0g MH0sIHtmZCA9IDUxNTI3ODk3NiwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAtNDAs IGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMSwgZXZlbnRzID0gMCwgcmV2ZW50cyA9 IDB9LCB7ZmQgPSAxMDkxNjk2OTc2LCBldmVudHMgPSAzMjc2NCwgcmV2ZW50cyA9IDB9LCB7ZmQg PSAyLCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDEwOTE2OTcxNjgsIGV2ZW50cyA9 IDMyNzY0LCByZXZlbnRzID0gMH0sIHtmZCA9IC0zMTg0MjczOTEsIGV2ZW50cyA9IDMyNzE3LCBy ZXZlbnRzID0gMH0sIHtmZCA9IDQsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gLTMx ODU3NDE0NiwgZXZlbnRzID0gMzI3MTcsIHJldmVudHMgPSAwfSwge2ZkID0gMCwgZXZlbnRzID0g MCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAwLCBldmVudHMgPSA0MjI1NiwgcmV2ZW50cyA9IDU5NjA0 fSwge2ZkID0gMTA5MTY5NzEwNCwgZXZlbnRzID0gMzI3NjQsIHJldmVudHMgPSAwfSwge2ZkID0g NTExMzc1NjQ4LCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IC00MCwgZXZlbnRzID0g MCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAxLCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9 IDEwOTE2OTcwNzIsIGV2ZW50cyA9IDMyNzY0LCByZXZlbnRzID0gMH0sIHtmZCA9IDIsIGV2ZW50 cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMTA5MTY5NzI2NCwgZXZlbnRzID0gMzI3NjQsIHJl dmVudHMgPSAwfSwge2ZkID0gLTMxODQyNzM5MSwgZXZlbnRzID0gMzI3MTcsIHJldmVudHMgPSAw fSwge2ZkID0gLTI3Mjk2MTMxMiwgZXZlbnRzID0gMzI3MTcsIHJldmVudHMgPSAwfSwge2ZkID0g NTE0MzQ3OTI1LCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDEwOTE2OTcyMjQsIGV2 ZW50cyA9IDMyNzY0LCByZXZlbnRzID0gMH0sIHtmZCA9IC0yNzI5OTQzNjksIGV2ZW50cyA9IDMy NzE3LCByZXZlbnRzID0gMH0sIHtmZCA9IDEwOTE2OTcxNjgsIGV2ZW50cyA9IDMyNzY0LCByZXZl bnRzID0gMH0sIHtmZCA9IDUxNTI3ODk3NiwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQg PSA2NjA5NiwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAtMTgxNjY1MTYxLCBldmVu dHMgPSAzMjcxNywgcmV2ZW50cyA9IDB9LCB7ZmQgPSAwLCBldmVudHMgPSAwLCByZXZlbnRzID0g MH0sIHtmZCA9IDUwMDMwNjA4MCwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSA1MTQz NDc5MjUsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMTUwNDk2NjQwMCwgZXZlbnRz ID0gNjIzMjAsIHJldmVudHMgPSA2MTAxM30sIHtmZCA9IDgsIGV2ZW50cyA9IDAsIHJldmVudHMg PSAwfSwge2ZkID0gMSwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAyLCBldmVudHMg PSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDEwOTE2OTcxNjgsIGV2ZW50cyA9IDMyNzY0LCByZXZl bnRzID0gMH0sIHtmZCA9IDEwOTE2OTcyNjQsIGV2ZW50cyA9IDMyNzY0LCByZXZlbnRzID0gMH0s IHtmZCA9IDUxMTM3NTY0OCwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAxMDkxNjk3 MTUyLCBldmVudHMgPSAzMjc2NCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAtMzE4NTk0MzA4LCBldmVu dHMgPSAzMjcxNywgcmV2ZW50cyA9IDB9LCB7ZmQgPSAxLCBldmVudHMgPSAwLCByZXZlbnRzID0g MH0sIHtmZCA9IC0zMTg1OTM4OTUsIGV2ZW50cyA9IDMyNzE3LCByZXZlbnRzID0gMH0sIHtmZCA9 IDE0ODQxNDQ2NDAsIGV2ZW50cyA9IDMyNzgsIHJldmVudHMgPSA1NjAxOH0sIHtmZCA9IDE1MDQ5 NjY0MDAsIGV2ZW50cyA9IDYyMzIwLCByZXZlbnRzID0gNjEwMTN9LCB7ZmQgPSA4LCBldmVudHMg PSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDEsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2Zk ID0gMiwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAxMDkxNjk3MjY0LCBldmVudHMg PSAzMjc2NCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAxMzgzMTU4NCwgZXZlbnRzID0gMCwgcmV2ZW50 cyA9IDB9LCB7ZmQgPSAxMDkxNjk3MzEyLCBldmVudHMgPSAzMjc2NCwgcmV2ZW50cyA9IDB9LCB7 ZmQgPSAxMDkxNjk3MjQ4LCBldmVudHMgPSAzMjc2NCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAtMzE4 NTk0MzA4LCBldmVudHMgPSAzMjcxNywgcmV2ZW50cyA9IDB9LCB7ZmQgPSAxLCBldmVudHMgPSAw LCByZXZlbnRzID0gMH0sIHtmZCA9IC0zMTg1OTM4OTUsIGV2ZW50cyA9IDMyNzE3LCByZXZlbnRz ID0gMH0sIHtmZCA9IDE0ODQxNDQ2NDAsIGV2ZW50cyA9IDMyNzgsIHJldmVudHMgPSA1NjAxOH0s IHtmZCA9IDQxNjgzNDc5MiwgZXZlbnRzID0gMjIsIHJldmVudHMgPSAwfSwge2ZkID0gNTExMzc1 NjQ4LCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDY1MjkzOTgsIGV2ZW50cyA9IDAs IHJldmVudHMgPSAwfSwge2ZkID0gMiwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSA0 ODcxMTEwNDAsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMiwgZXZlbnRzID0gMCwg cmV2ZW50cyA9IDB9LCB7ZmQgPSAyLCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDEs IGV2ZW50cyA9IDIsIHJldmVudHMgPSAwfSwge2ZkID0gNTExMzc1NjQ4LCBldmVudHMgPSAwLCBy ZXZlbnRzID0gMH0sIHtmZCA9IDAsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMTUw NDk2NjQwMCwgZXZlbnRzID0gNjIzMjAsIHJldmVudHMgPSA2MTAxM30sIHtmZCA9IDI0LCBldmVu dHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDEzODMxNTg0LCBldmVudHMgPSAwLCByZXZlbnRz ID0gMH0sIHtmZCA9IDIsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMSwgZXZlbnRz ID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAxMzgzMTU4NCwgZXZlbnRzID0gMCwgcmV2ZW50cyA9 IDB9LCB7ZmQgPSAtMzE4NTc0MTQ2LCBldmVudHMgPSAzMjcxNywgcmV2ZW50cyA9IDB9LCB7ZmQg PSAxMDkxNjk3Mzc2LCBldmVudHMgPSAzMjc2NCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAwLCBldmVu dHMgPSAxMDI0MCwgcmV2ZW50cyA9IDYxMDM1fSwge2ZkID0gNTExMzc1NjQ4LCBldmVudHMgPSAw LCByZXZlbnRzID0gMH0sIHtmZCA9IDUxMTM3NTY0OCwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9 LCB7ZmQgPSAtMzAsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMSwgZXZlbnRzID0g MCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAxLCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9 IDEzODMxNTg0LCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDUxMTM3NTY0OCwgZXZl bnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAtMzE4NjQxMjcwLCBldmVudHMgPSAzMjcxNywg cmV2ZW50cyA9IDB9LCB7ZmQgPSA0ODcxMzIzNDksIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwg e2ZkID0gLTcyNzM3OTk2OCwgZXZlbnRzID0gMjMyLCByZXZlbnRzID0gMH0sIHtmZCA9IDAsIGV2 ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gNTYxMjEwMCwgZXZlbnRzID0gMCwgcmV2ZW50 cyA9IDB9LCB7ZmQgPSA1ODYyNTA2MCwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAw LCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDAsIGV2ZW50cyA9IDAsIHJldmVudHMg PSAwfSwge2ZkID0gNjQ0NDIyMywgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAwLCBl dmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDE3NTA3MDg4MjAsIGV2ZW50cyA9IDAsIHJl dmVudHMgPSAwfSwge2ZkID0gMTA5MTY5NzUzNiwgZXZlbnRzID0gMzI3NjQsIHJldmVudHMgPSAw fSwge2ZkID0gNjQ1MDM5NSwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSA0ODUwOTM5 NzMsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMTM4NTQ0NzQyNiwgZXZlbnRzID0g OTMxLCByZXZlbnRzID0gMH0sIHtmZCA9IDUsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2Zk ID0gNTUxMDE4MywgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAwLCBldmVudHMgPSAw LCByZXZlbnRzID0gMH0sIHtmZCA9IDAsIGV2ZW50cyA9IDU5MiwgcmV2ZW50cyA9IDc0MDV9LCB7 ZmQgPSA0ODUyOTQ1OTMsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gNDg1Mjk0Njc1 LCBldmVudHMgPSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDAsIGV2ZW50cyA9IDAsIHJldmVudHMg PSAwfSwge2ZkID0gMTc1MDcwODgyMCwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSA1 Njc4NzU2OSwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSA0ODUyOTQ2NzUsIGV2ZW50 cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMCwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7 ZmQgPSAwLCBldmVudHMgPSA1LCByZXZlbnRzID0gMH0sIHtmZCA9IDE3NTA3MDg4MjAsIGV2ZW50 cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gNTg2MjUwNjAsIGV2ZW50cyA9IDAsIHJldmVudHMg PSAwfSwge2ZkID0gMSwgZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAwLCBldmVudHMg PSAwLCByZXZlbnRzID0gMH0sIHtmZCA9IDI1Njc4MDcxOCwgZXZlbnRzID0gMCwgcmV2ZW50cyA9 IDB9LCB7ZmQgPSAyMDAwMDAwMDAsIGV2ZW50cyA9IDAsIHJldmVudHMgPSAwfSwge2ZkID0gMCwg ZXZlbnRzID0gMCwgcmV2ZW50cyA9IDB9LCB7ZmQgPSAyLCBldmVudHMgPSAwLCByZXZlbnRzID0g MH0sIHtmZCA9IDEwOTE2OTc2NDgsIGV2ZW50cyA9IDMyNzY0LCByZXZlbnRzID0gMH0sIHtmZCA9 IC0zNjgwMzk2ODYsIGV2ZW50cyA9IDMyNzE3LCByZXZlbnRzID0gMH19CiAgICAgICAgZ2ZkcyA9 IDB4N2ZmYzQxMTFmN2QwCiAgICAgICAgZ2Zkc19zaXplID0gPG9wdGltaXplZCBvdXQ+CiAgICAg ICAgbl9nZmRzID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgcmV0dmFsID0gMAogICAgICAgIG91 cl9mZHMgPSAwCiAgICAgICAgbWF4X2ZkcyA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGkgPSA8 b3B0aW1pemVkIG91dD4KICAgICAgICBuZmRzID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgdG1v X2luX21pbGxpc2VjID0gLTEKICAgICAgICBtdXN0X2ZyZWUgPSA8b3B0aW1pemVkIG91dD4KICAg ICAgICBuZWVkX3RvX2Rpc3BhdGNoID0gPG9wdGltaXplZCBvdXQ+CiMxNyAweDAwMDAwMDAwMDA2 MTkwNjggaW4gd2FpdF9yZWFkaW5nX3Byb2Nlc3Nfb3V0cHV0ICh0aW1lX2xpbWl0PXRpbWVfbGlt aXRAZW50cnk9MCwgbnNlY3M9bnNlY3NAZW50cnk9MjAwMDAwMDAwLCByZWFkX2tiZD1yZWFkX2ti ZEBlbnRyeT0wLCBkb19kaXNwbGF5PWRvX2Rpc3BsYXlAZW50cnk9ZmFsc2UsIHdhaXRfZm9yX2Nl bGw9d2FpdF9mb3JfY2VsbEBlbnRyeT0weDAsIHdhaXRfcHJvYz13YWl0X3Byb2NAZW50cnk9MHgw LCBqdXN0X3dhaXRfcHJvYz0wKSBhdCBwcm9jZXNzLmM6NTc0OAogICAgICAgIHRsc19uZmRzID0g MAogICAgICAgIHRsc19hdmFpbGFibGUgPSB7ZmRzX2JpdHMgPSB7MCA8cmVwZWF0cyAxNiB0aW1l cz59fQogICAgICAgIHByb2Nlc3Nfc2tpcHBlZCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHdy YXBwZWQgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBjaGFubmVsX3N0YXJ0ID0gPG9wdGltaXpl ZCBvdXQ+CiAgICAgICAgY2hpbGRfZmQgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBsYXN0X3Jl YWRfY2hhbm5lbCA9IC0xCiAgICAgICAgY2hhbm5lbCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAg IG5mZHMgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBBdmFpbGFibGUgPSB7ZmRzX2JpdHMgPSB7 MTAzMiwgMCA8cmVwZWF0cyAxNSB0aW1lcz59fQogICAgICAgIFdyaXRlb2sgPSB7ZmRzX2JpdHMg PSB7MCA8cmVwZWF0cyAxNiB0aW1lcz59fQogICAgICAgIGNoZWNrX3dyaXRlID0gdHJ1ZQogICAg ICAgIGNoZWNrX2RlbGF5ID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgbm9fYXZhaWwgPSBmYWxz ZQogICAgICAgIHhlcnJubyA9IDc5NjMyCiAgICAgICAgcHJvYyA9IDxvcHRpbWl6ZWQgb3V0Pgog ICAgICAgIHRpbWVvdXQgPSB7dHZfc2VjID0gMCwgdHZfbnNlYyA9IDE4Mzc0OTF9CiAgICAgICAg ZW5kX3RpbWUgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICB0aW1lcl9kZWxheSA9IDxvcHRpbWl6 ZWQgb3V0PgogICAgICAgIGdvdF9vdXRwdXRfZW5kX3RpbWUgPSB7dHZfc2VjID0gMTc1MDcwODgy MCwgdHZfbnNlYyA9IDI1Njc4MDk1OH0KICAgICAgICB3YWl0ID0gVElNRU9VVAogICAgICAgIGdv dF9zb21lX291dHB1dCA9IC0xCiAgICAgICAgcHJldl93YWl0X3Byb2NfbmJ5dGVzX3JlYWQgPSAw CiAgICAgICAgcmV0cnlfZm9yX2FzeW5jID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgbm93ID0g PG9wdGltaXplZCBvdXQ+CiMxOCAweDAwMDAwMDAwMDA0Mjc4N2IgaW4gRnNsZWVwX2ZvciAoc2Vj b25kcz08b3B0aW1pemVkIG91dD4sIG1pbGxpc2Vjb25kcz08b3B0aW1pemVkIG91dD4pIGF0IGxp c3AuaDoxMTkyCiAgICAgICAgdCA9IHt0dl9zZWMgPSAwLCB0dl9uc2VjID0gMjAwMDAwMDAwfQog ICAgICAgIHRlbmQgPSB7dHZfc2VjID0gMTc1MDcwODgyMCwgdHZfbnNlYyA9IDI1Njc4MDcxOH0K ICAgICAgICBkdXJhdGlvbiA9IDxvcHRpbWl6ZWQgb3V0PgojMTkgMHgwMDAwMDAwMDAwNWMxYzJl IGluIGV2YWxfc3ViIChmb3JtPTxvcHRpbWl6ZWQgb3V0PikgYXQgbGlzcC5oOjIyNDMKICAgICAg ICBpID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgbWF4YXJncyA9IDIKICAgICAgICBhcmdzX2xl ZnQgPSAweDAKICAgICAgICBudW1hcmdzID0gMQogICAgICAgIG9yaWdpbmFsX2Z1biA9IDxvcHRp bWl6ZWQgb3V0PgogICAgICAgIG9yaWdpbmFsX2FyZ3MgPSAweDFlYWYwMTUzCiAgICAgICAgY291 bnQgPSB7Ynl0ZXMgPSA1NzZ9CiAgICAgICAgZnVuID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAg dmFsID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgZnVuY2FyID0gPG9wdGltaXplZCBvdXQ+CiAg ICAgICAgYXJndmFscyA9IHsweDdmY2RmNTJjMDM5NywgMHgwLCAweDdmZmM0MTEyMDFlMCwgMHgw LCAweDIsIDB4NWMxMmY4IDxldmFsX3N1Yis0MD4sIDB4NCwgMHgxZWFlZmFiM30KIzIwIDB4MDAw MDAwMDAwMDVjMmY1MCBpbiBGcHJvZ24gKGJvZHk9PG9wdGltaXplZCBvdXQ+KSBhdCBldmFsLmM6 NDM5CiAgICAgICAgZm9ybSA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGZvcm0gPSA8b3B0aW1p emVkIG91dD4KICAgICAgICB2YWwgPSAweDAKICAgICAgICB0ZW1wcyA9IDB4N2ZmYzQxMTIwMTgw CiAgICAgICAgdGVtID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgbGV4ZW52ID0gMHgxY2VkMDI4 MwogICAgICAgIGVsdCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGNvdW50ID0ge2J5dGVzID0g NTQ0fQogICAgICAgIGFyZ251bSA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHNhX2F2YWlsID0g PG9wdGltaXplZCBvdXQ+CiAgICAgICAgc2FfY291bnQgPSB7Ynl0ZXMgPSA1NDR9CiAgICAgICAg dmFybGlzdCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHZhcmxpc3RfbGVuID0gPG9wdGltaXpl ZCBvdXQ+CiAgICAgICAgbnZhcnMgPSA8b3B0aW1pemVkIG91dD4KIzIxIDB4MDAwMDAwMDAwMDVj MmY1MCBpbiBGbGV0IChhcmdzPTB4MWVhZWZlMjMpIGF0IGV2YWwuYzoxMTA5CiAgICAgICAgdGVt cHMgPSAweDdmZmM0MTEyMDE4MAogICAgICAgIHRlbSA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAg IGxleGVudiA9IDB4MWNlZDAyODMKICAgICAgICBlbHQgPSA8b3B0aW1pemVkIG91dD4KICAgICAg ICBjb3VudCA9IHtieXRlcyA9IDU0NH0KICAgICAgICBhcmdudW0gPSA8b3B0aW1pemVkIG91dD4K ICAgICAgICBzYV9hdmFpbCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHNhX2NvdW50ID0ge2J5 dGVzID0gNTQ0fQogICAgICAgIHZhcmxpc3QgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICB2YXJs aXN0X2xlbiA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIG52YXJzID0gPG9wdGltaXplZCBvdXQ+ CiMyMiAweDAwMDAwMDAwMDA1YzFhZjkgaW4gZXZhbF9zdWIgKGZvcm09PG9wdGltaXplZCBvdXQ+ KSBhdCBsaXNwLmg6MjI0MwogICAgICAgIGFyZ3NfbGVmdCA9IDB4MWVhZWZlMjMKICAgICAgICBu dW1hcmdzID0gMwogICAgICAgIG9yaWdpbmFsX2Z1biA9IDB4YzEyMAogICAgICAgIG9yaWdpbmFs X2FyZ3MgPSAweDFlYWVmZTIzCiAgICAgICAgY291bnQgPSB7Ynl0ZXMgPSA1MTJ9CiAgICAgICAg ZnVuID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgdmFsID0gPG9wdGltaXplZCBvdXQ+CiAgICAg ICAgZnVuY2FyID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgYXJndmFscyA9IHsweDdmZmM0MTEy MDM1OSwgMHgxZWFlZmU4MywgMHg3ZmNkZGY0ZTI5MDAsIDB4MWVhZWZlYTMsIDB4MWVhZWZkNzMs IDB4MWVhZWZkNjMsIDB4N2ZjZGRmNGUyOTAwLCAweGMxMjB9CiMyMyAweDAwMDAwMDAwMDA1YzFk YjAgaW4gRnByb2duIChib2R5PTxvcHRpbWl6ZWQgb3V0PikgYXQgZXZhbC5jOjQzOQogICAgICAg IGZvcm0gPSA8b3B0aW1pemVkIG91dD4KICAgICAgICB2YWwgPSAweDAKIzI0IDB4MDAwMDAwMDAw MDVjMmE1ZCBpbiBwcm9nX2lnbm9yZSAoYm9keT0weDFlYWVmZGEzKSBhdCBldmFsLmM6MTEzMAog ICAgICAgIHRlc3QgPSAweDFlYWVmZTczCiAgICAgICAgYm9keSA9IDB4MWVhZWZkYTMKIzI1IDB4 MDAwMDAwMDAwMDVjMmE1ZCBpbiBGd2hpbGUgKGFyZ3M9PG9wdGltaXplZCBvdXQ+KSBhdCBldmFs LmM6MTEzMAogICAgICAgIHRlc3QgPSAweDFlYWVmZTczCiAgICAgICAgYm9keSA9IDB4MWVhZWZk YTMKIzI2IDB4MDAwMDAwMDAwMDVjMWFmOSBpbiBldmFsX3N1YiAoZm9ybT08b3B0aW1pemVkIG91 dD4pIGF0IGxpc3AuaDoyMjQzCiAgICAgICAgYXJnc19sZWZ0ID0gMHgxZWFlZmQ5MwogICAgICAg IG51bWFyZ3MgPSAzCiAgICAgICAgb3JpZ2luYWxfZnVuID0gMHg3ZmNkZGYyMjJkZjAKICAgICAg ICBvcmlnaW5hbF9hcmdzID0gMHgxZWFlZmQ5MwogICAgICAgIGNvdW50ID0ge2J5dGVzID0gNDgw fQogICAgICAgIGZ1biA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHZhbCA9IDxvcHRpbWl6ZWQg b3V0PgogICAgICAgIGZ1bmNhciA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGFyZ3ZhbHMgPSB7 MHgyZCwgMHhiZiwgMHgwLCAweDU5OWIzZCA8eHJlYWxsb2MrOTM+LCAweDdmY2RlMDA3NGNlOCwg MHg3ZmNkZTAwNzRjYjgsIDB4MiwgMHg3ZmNkZTA3YTI3ZTN9CiMyNyAweDAwMDAwMDAwMDA1YzJm NTAgaW4gRnByb2duIChib2R5PTxvcHRpbWl6ZWQgb3V0PikgYXQgZXZhbC5jOjQzOQogICAgICAg IGZvcm0gPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBmb3JtID0gPG9wdGltaXplZCBvdXQ+CiAg ICAgICAgdmFsID0gMHgwCiAgICAgICAgdGVtcHMgPSAweDdmZmM0MTEyMDM4MAogICAgICAgIHRl bSA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGxleGVudiA9IDB4MWVhZWZhYjMKICAgICAgICBl bHQgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBjb3VudCA9IHtieXRlcyA9IDQ0OH0KICAgICAg ICBhcmdudW0gPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBzYV9hdmFpbCA9IDxvcHRpbWl6ZWQg b3V0PgogICAgICAgIHNhX2NvdW50ID0ge2J5dGVzID0gNDQ4fQogICAgICAgIHZhcmxpc3QgPSA8 b3B0aW1pemVkIG91dD4KICAgICAgICB2YXJsaXN0X2xlbiA9IDxvcHRpbWl6ZWQgb3V0PgogICAg ICAgIG52YXJzID0gPG9wdGltaXplZCBvdXQ+CiMyOCAweDAwMDAwMDAwMDA1YzJmNTAgaW4gRmxl dCAoYXJncz0weDFlYWVmZDYzKSBhdCBldmFsLmM6MTEwOQogICAgICAgIHRlbXBzID0gMHg3ZmZj NDExMjAzODAKICAgICAgICB0ZW0gPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBsZXhlbnYgPSAw eDFlYWVmYWIzCiAgICAgICAgZWx0ID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgY291bnQgPSB7 Ynl0ZXMgPSA0NDh9CiAgICAgICAgYXJnbnVtID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgc2Ff YXZhaWwgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBzYV9jb3VudCA9IHtieXRlcyA9IDQ0OH0K ICAgICAgICB2YXJsaXN0ID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgdmFybGlzdF9sZW4gPSA8 b3B0aW1pemVkIG91dD4KICAgICAgICBudmFycyA9IDxvcHRpbWl6ZWQgb3V0PgojMjkgMHgwMDAw MDAwMDAwNWMxYWY5IGluIGV2YWxfc3ViIChmb3JtPTxvcHRpbWl6ZWQgb3V0PikgYXQgbGlzcC5o OjIyNDMKICAgICAgICBhcmdzX2xlZnQgPSAweDFlYWVmZDYzCiAgICAgICAgbnVtYXJncyA9IDIK ICAgICAgICBvcmlnaW5hbF9mdW4gPSAweGMxMjAKICAgICAgICBvcmlnaW5hbF9hcmdzID0gMHgx ZWFlZmQ2MwogICAgICAgIGNvdW50ID0ge2J5dGVzID0gNDE2fQogICAgICAgIGZ1biA9IDxvcHRp bWl6ZWQgb3V0PgogICAgICAgIHZhbCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGZ1bmNhciA9 IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGFyZ3ZhbHMgPSB7MHgxNjAsIDB4MCwgMHgwLCAweGMx ODAsIDB4NDAwMDAwMDAzZjAwMDAwMCwgMHg1YmU0ZjQgPHVuYmluZF90bys1MTY+LCAweDFlYWVm ZDUzLCAweDFlYWYwMWQzfQojMzAgMHgwMDAwMDAwMDAwNWMzOGVmIGluIEZldmFsIChmb3JtPTB4 MWVhZWZkNTMsIGxleGljYWw9PG9wdGltaXplZCBvdXQ+KSBhdCBldmFsLmM6MjQ2MgojMzEgMHgw MDAwMDAwMDAwNjAzZDk4IGluIGV4ZWNfYnl0ZV9jb2RlIChmdW49PG9wdGltaXplZCBvdXQ+LCBh cmdzX3RlbXBsYXRlPTxvcHRpbWl6ZWQgb3V0PiwgbmFyZ3M9PG9wdGltaXplZCBvdXQ+LCBhcmdz PTxvcHRpbWl6ZWQgb3V0PikgYXQgbGlzcC5oOjIyNDMKICAgICAgICBjYWxsX25hcmdzID0gMgog ICAgICAgIGNhbGxfZnVuID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgdmFsID0gPG9wdGltaXpl ZCBvdXQ+CiAgICAgICAgY2FsbF9hcmdzID0gMHg3ZmNkZDI5ZmYwNzAKICAgICAgICBvcmlnaW5h bF9mdW4gPSAweDdjYjAKICAgICAgICBvcCA9IDIKICAgICAgICB0eXBlID0gPG9wdGltaXplZCBv dXQ+CiAgICAgICAgdGFyZ2V0cyA9IHsweDYwNjBjNCA8ZXhlY19ieXRlX2NvZGUrMTAzNTY+LCAw eDYwM2Y1MCA8ZXhlY19ieXRlX2NvZGUrMTc5Mj4sIDB4NjAzZjRiIDxleGVjX2J5dGVfY29kZSsx Nzg3PiwgMHg2MDNmNDYgPGV4ZWNfYnl0ZV9jb2RlKzE3ODI+LCAweDYwM2EwMyA8ZXhlY19ieXRl X2NvZGUrNDM1PiwgMHg2MDNhMDMgPGV4ZWNfYnl0ZV9jb2RlKzQzNT4sIDB4NjAzZjE1IDxleGVj X2J5dGVfY29kZSsxNzMzPiwgMHg2MDNlZTQgPGV4ZWNfYnl0ZV9jb2RlKzE2ODQ+LCAweDYwNWE2 MiA8ZXhlY19ieXRlX2NvZGUrODcyMj4sIDB4NjA1YTVkIDxleGVjX2J5dGVfY29kZSs4NzE3Piwg MHg2MDVhNTggPGV4ZWNfYnl0ZV9jb2RlKzg3MTI+LCAweDYwNWE1MyA8ZXhlY19ieXRlX2NvZGUr ODcwNz4sIDB4NjAzYTJmIDxleGVjX2J5dGVfY29kZSs0Nzk+LCAweDYwM2EzMCA8ZXhlY19ieXRl X2NvZGUrNDgwPiwgMHg2MDVhNDUgPGV4ZWNfYnl0ZV9jb2RlKzg2OTM+LCAweDYwNWE2NyA8ZXhl Y19ieXRlX2NvZGUrODcyNz4sIDB4NjA1OGM0IDxleGVjX2J5dGVfY29kZSs4MzA4PiwgMHg2MDU4 YmYgPGV4ZWNfYnl0ZV9jb2RlKzgzMDM+LCAweDYwNThiYSA8ZXhlY19ieXRlX2NvZGUrODI5OD4s IDB4NjA1OGI1IDxleGVjX2J5dGVfY29kZSs4MjkzPiwgMHg2MDM5YTcgPGV4ZWNfYnl0ZV9jb2Rl KzM0Mz4sIDB4NjAzOWIwIDxleGVjX2J5dGVfY29kZSszNTI+LCAweDYwNTg5OSA8ZXhlY19ieXRl X2NvZGUrODI2NT4sIDB4NjA1OGE3IDxleGVjX2J5dGVfY29kZSs4Mjc5PiwgMHg2MDU4NGYgPGV4 ZWNfYnl0ZV9jb2RlKzgxOTE+LCAweDYwNTg0YSA8ZXhlY19ieXRlX2NvZGUrODE4Nj4sIDB4NjA1 ODQ1IDxleGVjX2J5dGVfY29kZSs4MTgxPiwgMHg2MDU4NDAgPGV4ZWNfYnl0ZV9jb2RlKzgxNzY+ LCAweDYwM2IxZiA8ZXhlY19ieXRlX2NvZGUrNzE5PiwgMHg2MDNiMjAgPGV4ZWNfYnl0ZV9jb2Rl KzcyMD4sIDB4NjA1ODYyIDxleGVjX2J5dGVfY29kZSs4MjEwPiwgMHg2MDU4NTQgPGV4ZWNfYnl0 ZV9jb2RlKzgxOTY+LCAweDYwNTgxZiA8ZXhlY19ieXRlX2NvZGUrODE0Mz4sIDB4NjA1ODFhIDxl eGVjX2J5dGVfY29kZSs4MTM4PiwgMHg2MDU4MTUgPGV4ZWNfYnl0ZV9jb2RlKzgxMzM+LCAweDYw NTgxMCA8ZXhlY19ieXRlX2NvZGUrODEyOD4sIDB4NjAzYTgwIDxleGVjX2J5dGVfY29kZSs1NjA+ LCAweDYwM2E4MCA8ZXhlY19ieXRlX2NvZGUrNTYwPiwgMHg2MDU4MzIgPGV4ZWNfYnl0ZV9jb2Rl KzgxNjI+LCAweDYwNTgyNCA8ZXhlY19ieXRlX2NvZGUrODE0OD4sIDB4NjA1N2VmIDxleGVjX2J5 dGVfY29kZSs4MDk1PiwgMHg2MDU3ZWEgPGV4ZWNfYnl0ZV9jb2RlKzgwOTA+LCAweDYwNTdlNSA8 ZXhlY19ieXRlX2NvZGUrODA4NT4sIDB4NjA1N2UwIDxleGVjX2J5dGVfY29kZSs4MDgwPiwgMHg2 MDNhZTAgPGV4ZWNfYnl0ZV9jb2RlKzY1Nj4sIDB4NjAzYWUwIDxleGVjX2J5dGVfY29kZSs2NTY+ LCAweDYwNTgwMiA8ZXhlY19ieXRlX2NvZGUrODExND4sIDB4NjA1N2Y0IDxleGVjX2J5dGVfY29k ZSs4MTAwPiwgMHg2MDU0NzkgPGV4ZWNfYnl0ZV9jb2RlKzcyMDk+LCAweDYwNTRhMyA8ZXhlY19i eXRlX2NvZGUrNzI1MT4sIDB4NjA1NTEwIDxleGVjX2J5dGVfY29kZSs3MzYwPiwgMHg2MDYwYzQg PGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEwMzU2Piwg MHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2Rl KzEwMzU2PiwgMHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDUzMWYgPGV4ZWNf Ynl0ZV9jb2RlKzY4NjM+LCAweDYwNTJiOSA8ZXhlY19ieXRlX2NvZGUrNjc2MT4sIDB4NjA1Mjgw IDxleGVjX2J5dGVfY29kZSs2NzA0PiwgMHg2MDUyNDcgPGV4ZWNfYnl0ZV9jb2RlKzY2NDc+LCAw eDYwNTIwYiA8ZXhlY19ieXRlX2NvZGUrNjU4Nz4sIDB4NjA1OTMxIDxleGVjX2J5dGVfY29kZSs4 NDE3PiwgMHg2MDU4ZmIgPGV4ZWNfYnl0ZV9jb2RlKzgzNjM+LCAweDYwNTFlMyA8ZXhlY19ieXRl X2NvZGUrNjU0Nz4sIDB4NjA1OWRjIDxleGVjX2J5dGVfY29kZSs4NTg4PiwgMHg2MDU4YzkgPGV4 ZWNfYnl0ZV9jb2RlKzgzMTM+LCAweDYwNTFhZCA8ZXhlY19ieXRlX2NvZGUrNjQ5Mz4sIDB4NjA1 MTg3IDxleGVjX2J5dGVfY29kZSs2NDU1PiwgMHg2MDUxNTEgPGV4ZWNfYnl0ZV9jb2RlKzY0MDE+ LCAweDYwNTExZSA8ZXhlY19ieXRlX2NvZGUrNjM1MD4sIDB4NjA1MGU3IDxleGVjX2J5dGVfY29k ZSs2Mjk1PiwgMHg2MDUwODkgPGV4ZWNfYnl0ZV9jb2RlKzYyMDE+LCAweDYwNTAwNyA8ZXhlY19i eXRlX2NvZGUrNjA3MT4sIDB4NjA0ZjgxIDxleGVjX2J5dGVfY29kZSs1OTM3PiwgMHg2MDRmNWIg PGV4ZWNfYnl0ZV9jb2RlKzU4OTk+LCAweDYwNGYzNSA8ZXhlY19ieXRlX2NvZGUrNTg2MT4sIDB4 NjA0ZWZmIDxleGVjX2J5dGVfY29kZSs1ODA3PiwgMHg2MDRlYzkgPGV4ZWNfYnl0ZV9jb2RlKzU3 NTM+LCAweDYwNGU5MyA8ZXhlY19ieXRlX2NvZGUrNTY5OT4sIDB4NjA0ZTU5IDxleGVjX2J5dGVf Y29kZSs1NjQxPiwgMHg2MDRlMjkgPGV4ZWNfYnl0ZV9jb2RlKzU1OTM+LCAweDYwNGRmOSA8ZXhl Y19ieXRlX2NvZGUrNTU0NT4sIDB4NjA0ZGM5IDxleGVjX2J5dGVfY29kZSs1NDk3PiwgMHg2MDRk M2YgPGV4ZWNfYnl0ZV9jb2RlKzUzNTk+LCAweDYwNGNlZCA8ZXhlY19ieXRlX2NvZGUrNTI3Nz4s IDB4NjA0Y2E2IDxleGVjX2J5dGVfY29kZSs1MjA2PiwgMHg2MDRjNWMgPGV4ZWNfYnl0ZV9jb2Rl KzUxMzI+LCAweDYwNGMxMiA8ZXhlY19ieXRlX2NvZGUrNTA1OD4sIDB4NjA0YmM4IDxleGVjX2J5 dGVfY29kZSs0OTg0PiwgMHg2MDRiN2UgPGV4ZWNfYnl0ZV9jb2RlKzQ5MTA+LCAweDYwNGIzMCA8 ZXhlY19ieXRlX2NvZGUrNDgzMj4sIDB4NjA0YWRkIDxleGVjX2J5dGVfY29kZSs0NzQ5PiwgMHg2 MDRhOGYgPGV4ZWNfYnl0ZV9jb2RlKzQ2NzE+LCAweDYwNGE0MSA8ZXhlY19ieXRlX2NvZGUrNDU5 Mz4sIDB4NjA0OWYzIDxleGVjX2J5dGVfY29kZSs0NTE1PiwgMHg2MDQ5YTQgPGV4ZWNfYnl0ZV9j b2RlKzQ0MzY+LCAweDYwNDhkMSA8ZXhlY19ieXRlX2NvZGUrNDIyNT4sIDB4NjAzYjVkIDxleGVj X2J5dGVfY29kZSs3ODE+LCAweDYwNDhhYiA8ZXhlY19ieXRlX2NvZGUrNDE4Nz4sIDB4NjA0ODgw IDxleGVjX2J5dGVfY29kZSs0MTQ0PiwgMHg2MDQ4MDggPGV4ZWNfYnl0ZV9jb2RlKzQwMjQ+LCAw eDYwNDdjOCA8ZXhlY19ieXRlX2NvZGUrMzk2MD4sIDB4NjA0N2EyIDxleGVjX2J5dGVfY29kZSsz OTIyPiwgMHg2MDQ3N2EgPGV4ZWNfYnl0ZV9jb2RlKzM4ODI+LCAweDYwNDc1MiA8ZXhlY19ieXRl X2NvZGUrMzg0Mj4sIDB4NjA0NzIyIDxleGVjX2J5dGVfY29kZSszNzk0PiwgMHg2MDQ2ZmEgPGV4 ZWNfYnl0ZV9jb2RlKzM3NTQ+LCAweDYwNjBjNCA8ZXhlY19ieXRlX2NvZGUrMTAzNTY+LCAweDYw NDZkMiA8ZXhlY19ieXRlX2NvZGUrMzcxND4sIDB4NjA0NmFhIDxleGVjX2J5dGVfY29kZSszNjc0 PiwgMHg2MDQ2ODIgPGV4ZWNfYnl0ZV9jb2RlKzM2MzQ+LCAweDYwNDY1YSA8ZXhlY19ieXRlX2Nv ZGUrMzU5ND4sIDB4NjA0NjMyIDxleGVjX2J5dGVfY29kZSszNTU0PiwgMHg2MDQ2MGMgPGV4ZWNf Ynl0ZV9jb2RlKzM1MTY+LCAweDYwM2I1ZCA8ZXhlY19ieXRlX2NvZGUrNzgxPiwgMHg2MDYwYzQg PGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDQ1ZDEgPGV4ZWNfYnl0ZV9jb2RlKzM0NTc+LCAw eDYwNDVhYiA8ZXhlY19ieXRlX2NvZGUrMzQxOT4sIDB4NjA0NTg1IDxleGVjX2J5dGVfY29kZSsz MzgxPiwgMHg2MDQ1NGYgPGV4ZWNfYnl0ZV9jb2RlKzMzMjc+LCAweDYwNDUxOSA8ZXhlY19ieXRl X2NvZGUrMzI3Mz4sIDB4NjA0NGYzIDxleGVjX2J5dGVfY29kZSszMjM1PiwgMHg2MDQ0Y2QgPGV4 ZWNfYnl0ZV9jb2RlKzMxOTc+LCAweDYwNDQ5NyA8ZXhlY19ieXRlX2NvZGUrMzE0Mz4sIDB4NjA0 NDYxIDxleGVjX2J5dGVfY29kZSszMDg5PiwgMHg2MDQ0MmIgPGV4ZWNfYnl0ZV9jb2RlKzMwMzU+ LCAweDYwNDQwMyA8ZXhlY19ieXRlX2NvZGUrMjk5NT4sIDB4NjA0M2RkIDxleGVjX2J5dGVfY29k ZSsyOTU3PiwgMHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDU1ZWUgPGV4ZWNf Ynl0ZV9jb2RlKzc1ODI+LCAweDYwNTc3MSA8ZXhlY19ieXRlX2NvZGUrNzk2OT4sIDB4NjA1YTBl IDxleGVjX2J5dGVfY29kZSs4NjM4PiwgMHg2MDU3M2EgPGV4ZWNfYnl0ZV9jb2RlKzc5MTQ+LCAw eDYwNTcwNiA8ZXhlY19ieXRlX2NvZGUrNzg2Mj4sIDB4NjA1NmQyIDxleGVjX2J5dGVfY29kZSs3 ODEwPiwgMHg2MDU2M2EgPGV4ZWNfYnl0ZV9jb2RlKzc2NTg+LCAweDYwNTYxZiA8ZXhlY19ieXRl X2NvZGUrNzYzMT4sIDB4NjA1ODcwIDxleGVjX2J5dGVfY29kZSs4MjI0PiwgMHg2MDU1ZDMgPGV4 ZWNfYnl0ZV9jb2RlKzc1NTU+LCAweDYwNTU3YyA8ZXhlY19ieXRlX2NvZGUrNzQ2OD4sIDB4NjA1 NTUzIDxleGVjX2J5dGVfY29kZSs3NDI3PiwgMHg2MDU1MTggPGV4ZWNfYnl0ZV9jb2RlKzczNjg+ LCAweDYwNTQzMCA8ZXhlY19ieXRlX2NvZGUrNzEzNj4sIDB4NjA1M2Y2IDxleGVjX2J5dGVfY29k ZSs3MDc4PiwgMHg2MDUzYjYgPGV4ZWNfYnl0ZV9jb2RlKzcwMTQ+LCAweDYwNTM2MyA8ZXhlY19i eXRlX2NvZGUrNjkzMT4sIDB4NjA2MGM0IDxleGVjX2J5dGVfY29kZSsxMDM1Nj4sIDB4NjA0M2Ez IDxleGVjX2J5dGVfY29kZSsyODk5PiwgMHg2MDQzN2QgPGV4ZWNfYnl0ZV9jb2RlKzI4NjE+LCAw eDYwNDM1NyA8ZXhlY19ieXRlX2NvZGUrMjgyMz4sIDB4NjA0MzMxIDxleGVjX2J5dGVfY29kZSsy Nzg1PiwgMHg2MDQzMGIgPGV4ZWNfYnl0ZV9jb2RlKzI3NDc+LCAweDYwNDJkNSA8ZXhlY19ieXRl X2NvZGUrMjY5Mz4sIDB4NjA0MjlmIDxleGVjX2J5dGVfY29kZSsyNjM5PiwgMHg2MDQyNjkgPGV4 ZWNfYnl0ZV9jb2RlKzI1ODU+LCAweDYwNDIzMyA8ZXhlY19ieXRlX2NvZGUrMjUzMT4sIDB4NjA0 MWU4IDxleGVjX2J5dGVfY29kZSsyNDU2PiwgMHg2MDQxYjIgPGV4ZWNfYnl0ZV9jb2RlKzI0MDI+ LCAweDYwNDE3YyA8ZXhlY19ieXRlX2NvZGUrMjM0OD4sIDB4NjA0MTU2IDxleGVjX2J5dGVfY29k ZSsyMzEwPiwgMHg2MDQwZmUgPGV4ZWNfYnl0ZV9jb2RlKzIyMjI+LCAweDYwNDBhNSA8ZXhlY19i eXRlX2NvZGUrMjEzMz4sIDB4NjA0MDc1IDxleGVjX2J5dGVfY29kZSsyMDg1PiwgMHg2MDQwNDUg PGV4ZWNfYnl0ZV9jb2RlKzIwMzc+LCAweDYwNDAxOCA8ZXhlY19ieXRlX2NvZGUrMTk5Mj4sIDB4 NjA0OTU2IDxleGVjX2J5dGVfY29kZSs0MzU4PiwgMHg2MDQ5MTEgPGV4ZWNfYnl0ZV9jb2RlKzQy ODk+LCAweDYwM2ZiNSA8ZXhlY19ieXRlX2NvZGUrMTg5Mz4sIDB4NjAzZjU1IDxleGVjX2J5dGVf Y29kZSsxNzk3PiwgMHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDYwYzQgPGV4 ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2 MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEw MzU2PiwgMHg2MDYwYzQgPGV4ZWNfYnl0ZV9jb2RlKzEwMzU2PiwgMHg2MDUwYWYgPGV4ZWNfYnl0 ZV9jb2RlKzYyMzk+LCAweDYwNGQ5MSA8ZXhlY19ieXRlX2NvZGUrNTQ0MT4sIDB4NjA0ODQ4IDxl eGVjX2J5dGVfY29kZSs0MDg4PiwgMHg2MDNlYTggPGV4ZWNfYnl0ZV9jb2RlKzE2MjQ+LCAweDYw M2U2YyA8ZXhlY19ieXRlX2NvZGUrMTU2ND4sIDB4NjA2MGM0IDxleGVjX2J5dGVfY29kZSsxMDM1 Nj4sIDB4NjA2MGM0IDxleGVjX2J5dGVfY29kZSsxMDM1Nj4sIDB4NjAzZTJmIDxleGVjX2J5dGVf Y29kZSsxNTAzPiwgMHg2MDNkZDYgPGV4ZWNfYnl0ZV9jb2RlKzE0MTQ+LCAweDYwNjBjNCA8ZXhl Y19ieXRlX2NvZGUrMTAzNTY+LCAweDYwNjBjNCA8ZXhlY19ieXRlX2NvZGUrMTAzNTY+LCAweDYw NjBjNCA8ZXhlY19ieXRlX2NvZGUrMTAzNTY+LCAweDYwNjBjNCA8ZXhlY19ieXRlX2NvZGUrMTAz NTY+LCAweDYwNjBjNCA8ZXhlY19ieXRlX2NvZGUrMTAzNTY+LCAweDYwNjBjNCA8ZXhlY19ieXRl X2NvZGUrMTAzNTY+LCAweDYwNjBjNCA8ZXhlY19ieXRlX2NvZGUrMTAzNTY+LCAweDYwNjBjNCA8 ZXhlY19ieXRlX2NvZGUrMTAzNTY+LCAweDYwM2RhOSA8ZXhlY19ieXRlX2NvZGUrMTM2OT4gPHJl cGVhdHMgNjQgdGltZXM+fQogICAgICAgIHF1aXRjb3VudGVyID0gMSAnXDAwMScKICAgICAgICBi YyA9IDB4Yzc2NGYwIDxtYWluX3RocmVhZCs0OTY+CiAgICAgICAgdG9wID0gPG9wdGltaXplZCBv dXQ+CiAgICAgICAgcGMgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBieXRlc3RyID0gPG9wdGlt aXplZCBvdXQ+CiAgICAgICAgdmVjdG9yID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgbWF4ZGVw dGggPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBjb25zdF9sZW5ndGggPSA8b3B0aW1pemVkIG91 dD4KICAgICAgICB2ZWN0b3JwID0gMHgxZGMxZDMwOAogICAgICAgIGZyYW1lX2Jhc2UgPSA8b3B0 aW1pemVkIG91dD4KICAgICAgICBmcCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGJ5dGVzdHJf ZGF0YSA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHJlc3QgPSA8b3B0aW1pemVkIG91dD4KICAg ICAgICBtYW5kYXRvcnkgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBub25yZXN0ID0gPG9wdGlt aXplZCBvdXQ+CiAgICAgICAgcHVzaGVkYXJncyA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHJl c3VsdCA9IDxvcHRpbWl6ZWQgb3V0PgojMzIgMHgwMDAwMDAwMDAwNWJlODkwIGluIEZmdW5jYWxs IChuYXJncz1uYXJnc0BlbnRyeT0xLCBhcmdzPWFyZ3NAZW50cnk9MHg3ZmZjNDExMjA1YTgpIGF0 IGV2YWwuYzozMDkzCiAgICAgICAgdmFsID0gPG9wdGltaXplZCBvdXQ+CiMzMyAweDAwMDAwMDAw MDA1YzA3M2YgaW4gY2FsbDAgKGZuPTxvcHRpbWl6ZWQgb3V0PikgYXQgbGlzcC5oOjM1MTUKICAg ICAgICBib2R5ZnVuID0gMHgxZGMxZDM2ZAogICAgICAgIGNvdW50ID0gMQogICAgICAgIHJldCA9 IDxvcHRpbWl6ZWQgb3V0PgojMzQgMHgwMDAwMDAwMDAwNWMwNzNmIGluIEZoYW5kbGVyX2JpbmRf MSAobmFyZ3M9PG9wdGltaXplZCBvdXQ+LCBhcmdzPTxvcHRpbWl6ZWQgb3V0PikgYXQgZXZhbC5j OjE0NzgKICAgICAgICBib2R5ZnVuID0gMHgxZGMxZDM2ZAogICAgICAgIGNvdW50ID0gMQogICAg ICAgIHJldCA9IDxvcHRpbWl6ZWQgb3V0PgojMzUgMHgwMDAwN2ZjZGY0NzBkMzBhIGluIEY2NTc2 NjE2YzJkNjU3ODcwNzI2NTczNzM2OTZmNmVfZXZhbF9leHByZXNzaW9uXzAgKCkgYXQgL3Vzci9s b2NhbC9ob21lL2dhcm5pc2gvcmF3LWVtYWNzLzMwLTIwMjUwNjIzXzE0MDA0OS9iaW4vLi4vbGli L2VtYWNzLzMwLjEuOTAvbmF0aXZlLWxpc3AvMzAuMS45MC1jYTI2ODJhZi9wcmVsb2FkZWQvc2lt cGxlLWZhYjViMGNmLWIzMTA3MjZkLmVsbgojMzYgMHgwMDAwMDAwMDAwNWJlODkwIGluIEZmdW5j YWxsIChuYXJncz1uYXJnc0BlbnRyeT01LCBhcmdzPWFyZ3NAZW50cnk9MHg3ZmZjNDExMjA3Mjgp IGF0IGV2YWwuYzozMDkzCiAgICAgICAgdmFsID0gPG9wdGltaXplZCBvdXQ+CiMzNyAweDAwMDAw MDAwMDA1YmE2OWUgaW4gRmZ1bmNhbGxfaW50ZXJhY3RpdmVseSAobmFyZ3M9NSwgYXJncz0weDdm ZmM0MTEyMDcyOCkgYXQgY2FsbGludC5jOjI1MAojMzggMHgwMDAwMDAwMDAwNWJlODkwIGluIEZm dW5jYWxsIChuYXJncz1uYXJnc0BlbnRyeT02LCBhcmdzPTB4N2ZmYzQxMTIwNzIwKSBhdCBldmFs LmM6MzA5MwogICAgICAgIHZhbCA9IDxvcHRpbWl6ZWQgb3V0PgojMzkgMHgwMDAwMDAwMDAwNWJl YjgwIGluIEZhcHBseSAobmFyZ3M9bmFyZ3NAZW50cnk9MywgYXJncz1hcmdzQGVudHJ5PTB4N2Zm YzQxMTIwOGQwKSBhdCBldmFsLmM6Mjc2NQogICAgICAgIGkgPSA8b3B0aW1pemVkIG91dD4KICAg ICAgICBmdW5jYWxsX25hcmdzID0gNgogICAgICAgIGZ1bmNhbGxfYXJncyA9IDxvcHRpbWl6ZWQg b3V0PgogICAgICAgIHNwcmVhZF9hcmcgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBmdW4gPSA8 b3B0aW1pemVkIG91dD4KICAgICAgICBzYV9hdmFpbCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAg IHNhX2NvdW50ID0ge2J5dGVzID0gMTkyfQogICAgICAgIG51bWFyZ3MgPSA8b3B0aW1pemVkIG91 dD4KICAgICAgICByZXR2YWwgPSA8b3B0aW1pemVkIG91dD4KIzQwIDB4MDAwMDAwMDAwMDViYzE4 YiBpbiBGY2FsbF9pbnRlcmFjdGl2ZWx5IChmdW5jdGlvbj0weDdmY2RkZjI0Yzc4OCwgcmVjb3Jk X2ZsYWc9MHgwLCBrZXlzPTB4MWQ2YTE3YTUpIGF0IGxpc3AuaDoxMTkyCiAgICAgICAgZnVudmFs ID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgZXZlbnRzID0gPG9wdGltaXplZCBvdXQ+CiAgICAg ICAgZW52ID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgc3BlY2NvdW50ID0gPG9wdGltaXplZCBv dXQ+CiAgICAgICAgYXJnX2Zyb21fdHR5ID0gZmFsc2UKICAgICAgICBrZXlfY291bnQgPSAyCiAg ICAgICAgcmVjb3JkX3RoZW5fZmFpbCA9IGZhbHNlCiAgICAgICAgc2F2ZV90aGlzX2NvbW1hbmQg PSAweDdmY2RkZjI0Yzc4OAogICAgICAgIHNhdmVfdGhpc19vcmlnaW5hbF9jb21tYW5kID0gMHg3 ZmNkZGYyNGM3ODgKICAgICAgICBzYXZlX3JlYWxfdGhpc19jb21tYW5kID0gMHg3ZmNkZGYyNGM3 ODgKICAgICAgICBzYXZlX2xhc3RfY29tbWFuZCA9IDB4N2ZjZGRmMjRjNzg4CiAgICAgICAgcHJl Zml4X2FyZyA9IDB4MAogICAgICAgIGVuYWJsZSA9IDB4MAogICAgICAgIHVwX2V2ZW50ID0gMHgw CiAgICAgICAgZm9ybSA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHNwZWNzID0gMHgxZWFmMDBm MwogICAgICAgIHNhX2F2YWlsID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgc3RyaW5nX2xlbiA9 IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHN0cmluZyA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAg IHN0cmluZ19lbmQgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBuZXh0X2V2ZW50ID0gPG9wdGlt aXplZCBvdXQ+CiAgICAgICAgbmFyZ3MgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBhcmdzID0g PG9wdGltaXplZCBvdXQ+CiAgICAgICAgdmlzYXJncyA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAg IHZhcmllcyA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHRlbSA9IDxvcHRpbWl6ZWQgb3V0Pgog ICAgICAgIHZhbCA9IDxvcHRpbWl6ZWQgb3V0PgojNDEgMHgwMDAwN2ZjZGY0NzExNWMwIGluIEY2 MzZmNmQ2ZDYxNmU2NDJkNjU3ODY1NjM3NTc0NjVfY29tbWFuZF9leGVjdXRlXzAgKCkgYXQgL3Vz ci9sb2NhbC9ob21lL2dhcm5pc2gvcmF3LWVtYWNzLzMwLTIwMjUwNjIzXzE0MDA0OS9iaW4vLi4v bGliL2VtYWNzLzMwLjEuOTAvbmF0aXZlLWxpc3AvMzAuMS45MC1jYTI2ODJhZi9wcmVsb2FkZWQv c2ltcGxlLWZhYjViMGNmLWIzMTA3MjZkLmVsbgojNDIgMHgwMDAwMDAwMDAwNWJlODkwIGluIEZm dW5jYWxsIChuYXJncz1uYXJnc0BlbnRyeT0yLCBhcmdzPWFyZ3NAZW50cnk9MHg3ZmZjNDExMjBi YzApIGF0IGV2YWwuYzozMDkzCiAgICAgICAgdmFsID0gPG9wdGltaXplZCBvdXQ+CiM0MyAweDAw MDAwMDAwMDA1NGE1ZDAgaW4gY29tbWFuZF9sb29wXzEgKCkgYXQgbGlzcC5oOjExOTIKICAgICAg ICBjbWQgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBrZXlidWYgPSB7MHg2ZSwgMHhlYSwgMHgz NiwgMHg2MCwgMHg2MCwgMHgwLCAweDAsIDB4MTExYzAsIDB4NDAwMDAwMDAzZjAwMDAwMCwgMHg1 YmU0ZjQgPHVuYmluZF90bys1MTY+LCAweDAsIDB4MWVhZmZkYTMsIDB4YiwgMHgxMTFjMCwgMHgz MCwgMHgxZWI0MjM4NSwgMHg3ZmNkZGYyN2JlMTAsIDB4NjAsIDB4MWVhZmZkYTMsIDB4N2ZmYzQx MTIwY2QwLCAweDAsIDB4MCwgMHg3ZmZjNDExMjBlNzgsIDB4NTNmMGM2IDxjbWRfZXJyb3IrMzU4 PiwgMHhmZmZmZmZmZmZmZmZmZjAwLCAweDdmZmM0MTEyMGU0NCwgMHhiLCAweGIzMTAsIDB4MCwg MHg3ZmNkZTAzNmUzMGR9CiAgICAgICAgaSA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIGxhc3Rf cHQgPSAxCiAgICAgICAgcHJldl9tb2RpZmYgPSA2NDU3CiAgICAgICAgcHJldl9idWZmZXIgPSAw eDFlZmM2NTMwCiM0NCAweDAwMDAwMDAwMDA1YmQyMjIgaW4gaW50ZXJuYWxfY29uZGl0aW9uX2Nh c2UgKGJmdW49YmZ1bkBlbnRyeT0weDU0YTFkMCA8Y29tbWFuZF9sb29wXzE+LCBoYW5kbGVycz1o YW5kbGVyc0BlbnRyeT0weDkwLCBoZnVuPWhmdW5AZW50cnk9MHg1M2VmNjAgPGNtZF9lcnJvcj4p IGF0IGV2YWwuYzoxNjEzCiAgICAgICAgdmFsID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgYyA9 IDB4MWM1NTA2MDAKIzQ1IDB4MDAwMDAwMDAwMDUzN2M0YSBpbiBjb21tYW5kX2xvb3BfMiAoaGFu ZGxlcnM9aGFuZGxlcnNAZW50cnk9MHg5MCkgYXQga2V5Ym9hcmQuYzoxMTY4CiAgICAgICAgdmFs ID0gPG9wdGltaXplZCBvdXQ+CiM0NiAweDAwMDAwMDAwMDA1YmQxNTEgaW4gaW50ZXJuYWxfY2F0 Y2ggKHRhZz10YWdAZW50cnk9MHgxMjJkMCwgZnVuYz1mdW5jQGVudHJ5PTB4NTM3YzMwIDxjb21t YW5kX2xvb3BfMj4sIGFyZz1hcmdAZW50cnk9MHg5MCkgYXQgZXZhbC5jOjEyOTIKICAgICAgICB2 YWwgPSA8b3B0aW1pemVkIG91dD4KICAgICAgICBjID0gMHgxYzY1MTc4MAojNDcgMHgwMDAwMDAw MDAwNTM3YmVmIGluIGNvbW1hbmRfbG9vcCAoKSBhdCBsaXNwLmg6MTE5MgojNDggMHgwMDAwMDAw MDAwNTNlYjE2IGluIHJlY3Vyc2l2ZV9lZGl0XzEgKCkgYXQga2V5Ym9hcmQuYzo3NTQKICAgICAg ICB2YWwgPSA8b3B0aW1pemVkIG91dD4KIzQ5IDB4MDAwMDAwMDAwMDUzZWVhNCBpbiBGcmVjdXJz aXZlX2VkaXQgKCkgYXQga2V5Ym9hcmQuYzo4MzcKICAgICAgICBidWZmZXIgPSA8b3B0aW1pemVk IG91dD4KIzUwIDB4MDAwMDAwMDAwMDQyNjc5NyBpbiBtYWluIChhcmdjPTxvcHRpbWl6ZWQgb3V0 PiwgYXJndj08b3B0aW1pemVkIG91dD4pIGF0IGVtYWNzLmM6MjY0NgogICAgICAgIHN0YWNrX2Jv dHRvbV92YXJpYWJsZSA9IDB4ZWU1NWYzNzA1OWIzZjcwMAogICAgICAgIG9sZF9hcmdjID0gPG9w dGltaXplZCBvdXQ+CiAgICAgICAgbm9fbG9hZHVwID0gZmFsc2UKICAgICAgICBqdW5rID0gMHgw CiAgICAgICAgZG5hbWVfYXJnID0gMHgwCiAgICAgICAgY2hfdG9fZGlyID0gMHgwCiAgICAgICAg b3JpZ2luYWxfcHdkID0gPG9wdGltaXplZCBvdXQ+CiAgICAgICAgZHVtcF9tb2RlID0gPG9wdGlt aXplZCBvdXQ+CiAgICAgICAgc2tpcF9hcmdzID0gMQogICAgICAgIHRlbWFjcyA9IDB4MAogICAg ICAgIGF0dGVtcHRfbG9hZF9wZHVtcCA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIG9ubHlfdmVy c2lvbiA9IDxvcHRpbWl6ZWQgb3V0PgogICAgICAgIHJsaW0gPSB7cmxpbV9jdXIgPSAxMDAyMjkx MiwgcmxpbV9tYXggPSAxODQ0Njc0NDA3MzcwOTU1MTYxNX0KICAgICAgICBsY19hbGwgPSA8b3B0 aW1pemVkIG91dD4KICAgICAgICBzb2NrZmQgPSAtMQogICAgICAgIG1vZHVsZV9hc3NlcnRpb25z ID0gPG9wdGltaXplZCBvdXQ+CnF1aXQK --000000000000e9e117063842c242-- From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 24 01:46:41 2025 Received: (at 76970) by debbugs.gnu.org; 24 Jun 2025 05:46:42 +0000 Received: from localhost ([127.0.0.1]:37951 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uTwUR-0008RR-2m for submit@debbugs.gnu.org; Tue, 24 Jun 2025 01:46:41 -0400 Received: from mail-24418.protonmail.ch ([109.224.244.18]:22347) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uTwUM-0008QP-R6 for 76970@debbugs.gnu.org; Tue, 24 Jun 2025 01:46:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1750743988; x=1751003188; bh=da8LCv8UW1+EYHkmuJXnkcYdFqDfzMc720j8ZdoPZz0=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=q6ZFQMHcGfnRthOO9r0CcI+En8syHYJ3cSTVSYMaOsLjaAryI91FE31rjiI9tgGtO azSh3ssQaBbayxmPjJvplmQ93KSJrcWhxH9B3GscKnOATYraMUjHfqGHxmnxy/R79b oeTqreHVtOnTZzrHuvZSucTIOHPnSZcNT5aGLA2x8PBANgHK7r/+Xc+NP7kPfxYwMr BnsOennBfLIirQY995CFaPJpaDReX2ds3RGJWM3dvvxDrhMKCXrJzHT+IfurtQjdTP 0CDZCVvXw0pYDH082kYRN+jU+VTaptAT7K4TsCvtQSjiZy4jMGkmQuxfpXjvff9u86 UobAcS7A4HLXA== Date: Tue, 24 Jun 2025 05:46:22 +0000 To: Aaron Zeng From: Pip Cet Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow Message-ID: <87qzz966ah.fsf@protonmail.com> In-Reply-To: References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> <87h608715m.fsf@protonmail.com> <86tt48gsc3.fsf@gnu.org> Feedback-ID: 112775352:user:proton X-Pm-Message-ID: bf704b86a82c1eb68f6f3d504d7bffd2d473fac6 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76970 Cc: Eli Zaretskii , app-emacs-dev@janestreet.com, 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "Aaron Zeng" writes: > I applied your patch from the master branch and got a segfault again, but= it has a different > top frame. I have attached a backtrace generated with [thread apply all = bt full]. In this one, > I do not see __lll_unlock_wake appear at all. This one happened while waiting for the lock, not right after unlocking it. Not a big difference. The original fix was incomplete, please try applying this one, too: diff --git a/src/eval.c b/src/eval.c index 46705dc4543..20782639990 100644 --- a/src/eval.c +++ b/src/eval.c @@ -159,7 +159,11 @@ set_backtrace_debug_on_exit (union specbinding *pdl, b= ool doe) =20 bool backtrace_p (union specbinding *pdl) -{ return specpdl ? pdl >=3D specpdl : false; } +{ + if (current_thread && specpdl && pdl) + return pdl >=3D specpdl; + return false; +} =20 static bool backtrace_thread_p (struct thread_state *tstate, union specbinding *pdl) > This is from Emacs compiled at revision 991d3ad80a37a1cf8951d2607eb5f7544= f968e93. > > It seems it is possible for current_thread to be set to NULL by the dying= thread, > during backtrace_top. It is possible, in theory, for that to happen, and this additional race condition also should be fixed, but it's not what happened here. What happened here was that current_thread became NULL, we checked it in backtrace_top, returned a NULL pointer for the pdl, passed that NULL pointer to backtrace_p, dereferenced current_thread again (by evaluating specpdl) and caused a segfault. Pip From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 24 14:51:06 2025 Received: (at 76970) by debbugs.gnu.org; 24 Jun 2025 18:51:07 +0000 Received: from localhost ([127.0.0.1]:48660 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uU8jZ-0002m0-Dm for submit@debbugs.gnu.org; Tue, 24 Jun 2025 14:51:06 -0400 Received: from mxout1.mail.janestreet.com ([38.105.200.78]:55797) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uU8jV-0002kX-Vi for 76970@debbugs.gnu.org; Tue, 24 Jun 2025 14:51:03 -0400 Received: from mail-lj1-f198.google.com ([209.85.208.198]) by mxgoog2.mail.janestreet.com with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) (Exim 4.98.2) id 1uU8jP-00000007o7W-48qQ for 76970@debbugs.gnu.org; Tue, 24 Jun 2025 14:50:56 -0400 Received: by mail-lj1-f198.google.com with SMTP id 38308e7fff4ca-32ac7176fc6so30428661fa.2 for <76970@debbugs.gnu.org>; Tue, 24 Jun 2025 11:50:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=janestreet.com; s=google; t=1750791055; x=1751395855; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Rs/nod7Ayi+9jSi6yo3PvyHaHVxZhahRXC+QvfKzPiU=; b=TSEJ1WngC3yjCZ606uTKAHoyE8lH4QDk2sF9iUTM5JsFnsvvzfJncT4hXwmuds+hOs DDCGmrbHzo/11L+B/PJ9Yf/04a8KWPCKuj2RVxk9g4oEHIGFBZT6Zzf905+8B6+K50SO /hSR7etqWr4+K6dxAZy7K2xT18fhewzi8tsqA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=janestreet.com; s=waixah; t=1750791056; bh=Rs/nod7Ayi+9jSi6yo3PvyHaHVxZhahRXC+QvfKzPiU=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=I57yG75Syhmej6rCtmEZr4thn79lQjESDjLdbCpUQkNmzMH3P/eby6JXQkpMwt0yC xpKfVV4hVkwZGAyZcU4TUm9nG6B8/ErzVIsCYHLOgXhOcRJi+u6JW/dTsh3tDDsG6d S9u2oxEriOE3Jf+bXPsIUXTyUgzMwrTGxAHnXpj/lWCNciIxe1FAsdz250m5sEp6uH DCjBncvHcOLlCXVI5gjVa+2GD5dSCgbqFovbA2Lsm2L3W8sAESZ0minGlbrUn/zcj6 j1DiOnZUBfPH/MoHu1mOcHPTK/1EIwZF1KzrDl/wUBXzo4y+UsyJhg6y7Qdsf92lao 2ni2kdfJ0bKGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750791055; x=1751395855; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rs/nod7Ayi+9jSi6yo3PvyHaHVxZhahRXC+QvfKzPiU=; b=oosaxfwBk8h06KdhIRSZDSGnNC1cnHX6p33hWL+eFdff9qcIJhU+2HtNPEBFdDCfxZ IbNEZeiTOjZ2nzL0yoNtmBHPZlowdISIckcFi0DVdU0CYH7IJIH7sBBLFNjMlJMi0Ce0 nsUlpVDbiyA66RunMiOiLNqKsALs76Dg2Vol1h+kggd8H9TcPdkvr93J1bqS37O6TTbG fAvsfcqpG2k/HzK1xaDEJR9MQ5rhAzly1EGgh4v8D6M670L5hN/uSQlsy8kcysW6O7fV AXxcfxQBbmKeKCkkmN7K+YU24ZfizKSi3TjM10kmAhm4jza3IMzalnxVvL55kyAT4MO+ cx/Q== X-Forwarded-Encrypted: i=1; AJvYcCWblg57PjNJFRSdisbMW5t09JVbr72PwHDt7/krR6Kb8wvmom0EEBS8ocJH2gvHYTkonOq77w==@debbugs.gnu.org X-Gm-Message-State: AOJu0YzVXthCDy4Vhb9ngnOCfrZIuwyHQe4dBOcMwgl2wdwxbEZwWWvi 9qTyf5Z5RgjgZWwOT9Fd5/6A7SZGz7hGSHpAceaX57j4RUNu5N8kvI/g2fpNayyhj5uiIzOKVkJ YVZ3WoXBCx8GXa4xLDNFIFXlj/V1oDihctOPicSNQiR1EZ4gL9vbZsb1i/0M6Yyt0L733gFTGwK YZQRg7i2tKr+e3rMvlVajlfbdTt9GhYKiszYg3 X-Gm-Gg: ASbGncvuYBvbVhSIG4x9vna12M5EBWX3v1/EUEZC75hPGm4STQGtKxDqPl6H8jxoK4q MDp6ql4VCcsezOfpzH54/ciYzmuCw3G3doySaX1MH01aqXNobZZ3P974BNENAf+iFP2VPKOpjMB 3iHg== X-Received: by 2002:a2e:bc18:0:b0:32b:73a8:9f75 with SMTP id 38308e7fff4ca-32b98e61debmr57009361fa.9.1750791054611; Tue, 24 Jun 2025 11:50:54 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEYY54L2M1DGs+dwV7adR5yernUpF2uMXh6HcDKuMYd/yznxocO/CEVpkjjIJheY9hIMRL6WZGhZy6TEOm4Bh4= X-Received: by 2002:a2e:bc18:0:b0:32b:73a8:9f75 with SMTP id 38308e7fff4ca-32b98e61debmr57009201fa.9.1750791054175; Tue, 24 Jun 2025 11:50:54 -0700 (PDT) MIME-Version: 1.0 References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> <87h608715m.fsf@protonmail.com> <86tt48gsc3.fsf@gnu.org> <87qzz966ah.fsf@protonmail.com> In-Reply-To: <87qzz966ah.fsf@protonmail.com> From: Aaron Zeng Date: Tue, 24 Jun 2025 14:50:17 -0400 X-Gm-Features: Ac12FXwKebK9f-fAIljW0Kbh3h0kHokf3BnhcSEx7ur-XdRRi1XYgRUdf_S5EnY Message-ID: Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow To: Pip Cet Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: Eli Zaretskii , app-emacs-dev@janestreet.com, 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) On Tue, Jun 24, 2025 at 1:46=E2=80=AFAM Pip Cet wro= te: > > The original fix was incomplete, please try applying this one, too: > > diff --git a/src/eval.c b/src/eval.c > index 46705dc4543..20782639990 100644 > --- a/src/eval.c > +++ b/src/eval.c > @@ -159,7 +159,11 @@ set_backtrace_debug_on_exit (union specbinding *pdl,= bool doe) > > bool > backtrace_p (union specbinding *pdl) > -{ return specpdl ? pdl >=3D specpdl : false; } > +{ > + if (current_thread && specpdl && pdl) > + return pdl >=3D specpdl; > + return false; > +} > > static bool > backtrace_thread_p (struct thread_state *tstate, union specbinding *pdl) > > > This is from Emacs compiled at revision 991d3ad80a37a1cf8951d2607eb5f75= 44f968e93. > > > > It seems it is possible for current_thread to be set to NULL by the dyi= ng thread, > > during backtrace_top. > > It is possible, in theory, for that to happen, and this additional race > condition also should be fixed, but it's not what happened here. What > happened here was that current_thread became NULL, we checked it in > backtrace_top, returned a NULL pointer for the pdl, passed that NULL > pointer to backtrace_p, dereferenced current_thread again (by evaluating > specpdl) and caused a segfault. Doesn't this new code have the same issue, though? Each time specpdl appea= rs in the code, it's dereferencing current_thread anew. Maybe I am being overly paranoid, but it seems like the only correct way to avoid this race condition altogether is to read current_thread only once during the course of the signal handler, and to avoid using the macros which may read it a se= cond time, instead dereferencing a local copy of the pointer once it has been verified to be not-NULL. From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 25 07:43:50 2025 Received: (at 76970) by debbugs.gnu.org; 25 Jun 2025 11:43:50 +0000 Received: from localhost ([127.0.0.1]:33753 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uUOXd-00055f-9n for submit@debbugs.gnu.org; Wed, 25 Jun 2025 07:43:50 -0400 Received: from mail-4322.protonmail.ch ([185.70.43.22]:35231) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uUOXZ-00054P-Qd for 76970@debbugs.gnu.org; Wed, 25 Jun 2025 07:43:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1750851818; x=1751111018; bh=0vqCwWMq50mzIiM+phx4mx9zvr1GKnMs8s+5drtBZfY=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=dJWmSZ9lNvCEOeuIDvA4Vh0wI9Ud9MGDdscTIgDq7ul4hfAQQvpcVGik8qOlUbo2N j2AVb3mQwn2S9Ke4JWCziHilJ0krvMnJ6ku6sNeM8+UA6nkzUG4WlU7wQTKPQ2/atf 2ecUyN3E+2bEe3XktGau4Cgrqll+xFDhchG9vV+pYUfEepcoGQrSeSYg6sOnPQNJNg DkHoKanX/55RIgVC8WZQc4/oTtClGh1Fo+CQSDhaoW+Puo3WVVbNEZiLV1yEHvaoP5 siSmfh5VXcAoNJ9DkGu4f/0DlL6kLrWrkxIXZg4T3rmLkcSMf0n07xG6abd9HUeOd3 a8wx0omm7aUCw== Date: Wed, 25 Jun 2025 11:43:34 +0000 To: Aaron Zeng From: Pip Cet Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow Message-ID: <877c1059nh.fsf@protonmail.com> In-Reply-To: References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> <87h608715m.fsf@protonmail.com> <86tt48gsc3.fsf@gnu.org> <87qzz966ah.fsf@protonmail.com> Feedback-ID: 112775352:user:proton X-Pm-Message-ID: 2ca59e8427fa0c102cf0c66914b0b6b8432d147d MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76970 Cc: Eli Zaretskii , app-emacs-dev@janestreet.com, 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "Aaron Zeng" writes: > On Tue, Jun 24, 2025 at 1:46=E2=80=AFAM Pip Cet w= rote: >> >> The original fix was incomplete, please try applying this one, too: >> >> diff --git a/src/eval.c b/src/eval.c >> index 46705dc4543..20782639990 100644 >> --- a/src/eval.c >> +++ b/src/eval.c >> @@ -159,7 +159,11 @@ set_backtrace_debug_on_exit (union specbinding *pdl= , bool doe) >> >> bool >> backtrace_p (union specbinding *pdl) >> -{ return specpdl ? pdl >=3D specpdl : false; } >> +{ >> + if (current_thread && specpdl && pdl) >> + return pdl >=3D specpdl; >> + return false; >> +} >> >> static bool >> backtrace_thread_p (struct thread_state *tstate, union specbinding *pdl= ) >> >> > This is from Emacs compiled at revision 991d3ad80a37a1cf8951d2607eb5f7= 544f968e93. >> > >> > It seems it is possible for current_thread to be set to NULL by the dy= ing thread, >> > during backtrace_top. >> >> It is possible, in theory, for that to happen, and this additional race >> condition also should be fixed, but it's not what happened here. What >> happened here was that current_thread became NULL, we checked it in >> backtrace_top, returned a NULL pointer for the pdl, passed that NULL >> pointer to backtrace_p, dereferenced current_thread again (by evaluating >> specpdl) and caused a segfault. > > Doesn't this new code have the same issue, though? Each time specpdl app= ears > in the code, it's dereferencing current_thread anew. That is an additional issue, but it's not what happened here. But yes, we should fix that, too, if we can. Note that current_thread isn't volatile, so the compiler is free not to dereference it every time; this means that optimization may hide the race condition you're worried about. > Maybe I am being overly paranoid, but it seems like the only correct > way to avoid this race condition altogether is to read current_thread > only once during the course of the signal handler, and to avoid using > the macros which may read it a second time, instead dereferencing a > local copy of the pointer once it has been verified to be not-NULL. It's not just current_thread that may become invalid, the specpdl itself may also be concurrently modified (or grow!), and depending on your precise CPU architecture that may result in nonsensical results: in fact, the union member which is in use for a specpdl entry might change, and this would almost always result in a problem, I think. However, concurrent modifications are much less likely than seeing a NULL pointer in the rather long window between the termination of one thread's function and the point when another thread has grabbed the lock and set current_thread to its own thread state. I'm not saying we shouldn't worry about them, but if we can avoid the latter for now and add a comment explaining the former problem that would be good, I think. Ultimately, it may be best to wait for the next maybe_quit so we can get a consistent view of the specpdl, but that would distort the backtrace, too. Pip From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 01 12:18:32 2025 Received: (at 76970) by debbugs.gnu.org; 1 Jul 2025 16:18:32 +0000 Received: from localhost ([127.0.0.1]:58105 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uWdgl-0000Gz-Js for submit@debbugs.gnu.org; Tue, 01 Jul 2025 12:18:32 -0400 Received: from mxout5.mail.janestreet.com ([64.215.233.18]:53543) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uWdgj-0000Fv-CR for 76970@debbugs.gnu.org; Tue, 01 Jul 2025 12:18:30 -0400 Received: from mail-lj1-f198.google.com ([209.85.208.198]) by mxgoog2.mail.janestreet.com with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) (Exim 4.98.2) id 1uWdgd-000000080kO-1SGx for 76970@debbugs.gnu.org; Tue, 01 Jul 2025 12:18:23 -0400 Received: by mail-lj1-f198.google.com with SMTP id 38308e7fff4ca-32b5226e697so33722861fa.1 for <76970@debbugs.gnu.org>; Tue, 01 Jul 2025 09:18:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=janestreet.com; s=google; t=1751386702; x=1751991502; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cBJi9ebv9ddoZtTbB+698toKQWc3QEm+5JF7Z+wyBN0=; b=D0ttacuErsOIKoNrCRyFyJmCUOgZuGIaYPF5txVL0OC8ae7ohbX/qR12Tyn4sZ5Qxd UAaX8FC1TA0HMgMko76WpS3lge0aeq0YS/bEXnoBNjtX7WK072YAp7Me7FpvFC457IcY IW0w0CxdFm26arkg+7Pkg1FAgEoIAV+DzMx2Q= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=janestreet.com; s=waixah; t=1751386703; bh=cBJi9ebv9ddoZtTbB+698toKQWc3QEm+5JF7Z+wyBN0=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=jT3cQchCncu08oC7zEioa4SyqfQxRe2EN9i5U/wnFsr5NKgQ+aM3NDRyh3BZAXjsW ClvI7v/B7bicKiPhjKkt8KIvRVmRRZd4M5imzppD12OcpXZ/SHnFbm9gcEmzOk1Syx cqXsneTFxp6SolvUQ3JsGUW0fCzgWLm11ey+4IAnITBOg/IyoJaqDL0goi7UUj6DMD Zeaj3BSwdpcVX0Jhon3KGbVjCF6s+8K0YeI8QJjMFPKRe1rLpzJLNmR5lWK0U4wxIn 7fGiwauPy/rJA2LEiJCJ7zMReR0QuqdHIYVrbiwM7+eKC27BPWfK2bLRphOxEpeSZe /vKYM85U44DQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751386702; x=1751991502; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cBJi9ebv9ddoZtTbB+698toKQWc3QEm+5JF7Z+wyBN0=; b=eOE6YyZV8KWFZCMC+u0UzhYgB+9j3lkjmNQYDqbGGn50BNrTWn70WQv36eXUaCCSR5 YFUuUJh2UQjtTBLw3Q8G7Wtrh0Y5niUuYwqR56r7wqB2jk7xagf7NFU7L4ewxG9T/2iZ uT0SM6t+Z33u0tzcHhR5KgKg9Ip5DbMbtxo0FTWOdGsqft0ZQJSge7uH7LyTMdJyiKnk NYii2OP6aulLVYI5HWAF4WqA1MwHaWGoINKk7n2MNLODfFSz9hXReIWMwgkPled9SS2N eBjUbjg8EZa5uGfryIzABRERUc89PU7CQxLPus1PSexXtjiDbwAu10NPT8J0PAhvz1ap RAQw== X-Forwarded-Encrypted: i=1; AJvYcCVhpATXPnKfC9/6XbCnDX+2zg8FJhA8dMfwm10DvykaA1RDbiUc7r6WUc6F6sK3Spit6k6ngg==@debbugs.gnu.org X-Gm-Message-State: AOJu0Yz/XzN9BcvqTP0F8ZPIBfpTuakYieEweGhzV5ECJFNrsLDKuQJk FMcGMCnnWrcmCrpXjNDKAArBn42/dVTKEyAdFOObgGgrpUuYInEFfK18MTCCr/gktbKqjdx/GKC YDAFYZ8PX9R11G79CVkdnzfeCJmL7cNTdo87JqxjVao5bYlYSNOY4p1BFONsttAzZSc1ED/gHXL E/PvZMmXhzRty9WWEB78bK/bGB2vtV X-Gm-Gg: ASbGncuoqas1973ogTP+NTVOKr27UGPFg5PGN6mXyc3n5TOpRyglelMGvm+AaNzZM+Y lVJPakWTvZwLcOjXJtOOo7+2FZZsvc1DJGJ3I24nLUPZH8xSKhuAIfsElMsNT1BlYlsardSs4n5 t9Xw== X-Received: by 2002:a05:651c:a0b:b0:32a:6c39:8939 with SMTP id 38308e7fff4ca-32df8423968mr10916151fa.19.1751386701986; Tue, 01 Jul 2025 09:18:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGWRX07X2sDCNH9fXej9MY0DftAg6jzHrMBOcZhx0y0JYCTuBSiq3nK6fylxShFqcVcs6JiYcduF4pvM6zt9t4= X-Received: by 2002:a05:651c:a0b:b0:32a:6c39:8939 with SMTP id 38308e7fff4ca-32df8423968mr10916031fa.19.1751386701389; Tue, 01 Jul 2025 09:18:21 -0700 (PDT) MIME-Version: 1.0 References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> <87h608715m.fsf@protonmail.com> <86tt48gsc3.fsf@gnu.org> <87qzz966ah.fsf@protonmail.com> In-Reply-To: <87qzz966ah.fsf@protonmail.com> From: Aaron Zeng Date: Tue, 1 Jul 2025 12:17:45 -0400 X-Gm-Features: Ac12FXxPKEVLGP0Bsy5DVAea2Aj3-t0ZKY6LKLWn6tJADm3CX8i17_1w0g4zeX0 Message-ID: Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow To: Pip Cet Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: Eli Zaretskii , app-emacs-dev@janestreet.com, 76970@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) On Tue, Jun 24, 2025 at 1:46=E2=80=AFAM Pip Cet wro= te: > The original fix was incomplete, please try applying this one, too: > > diff --git a/src/eval.c b/src/eval.c > index 46705dc4543..20782639990 100644 > --- a/src/eval.c > +++ b/src/eval.c > @@ -159,7 +159,11 @@ set_backtrace_debug_on_exit (union specbinding *pdl,= bool doe) > > bool > backtrace_p (union specbinding *pdl) > -{ return specpdl ? pdl >=3D specpdl : false; } > +{ > + if (current_thread && specpdl && pdl) > + return pdl >=3D specpdl; > + return false; > +} > > static bool > backtrace_thread_p (struct thread_state *tstate, union specbinding *pdl) After installing that patch as well, it does seem to have helped a lot. I was seeing segfaults every couple of hours and I haven't seen one in several days. Thanks, Pip! From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 12 03:38:26 2025 Received: (at 76970) by debbugs.gnu.org; 12 Jul 2025 07:38:27 +0000 Received: from localhost ([127.0.0.1]:43399 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uaUoU-0000Cq-Cd for submit@debbugs.gnu.org; Sat, 12 Jul 2025 03:38:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56804) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uaUoR-0000CN-HF for 76970@debbugs.gnu.org; Sat, 12 Jul 2025 03:38:24 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uaUoJ-0000O9-M8; Sat, 12 Jul 2025 03:38:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=4e8rPykSNEAMRW9Ed3NRVVr54MpB2g5piDSmO3/mgzU=; b=dQhekI6+ok5WuvxyHSpe 14H6OVcTq+YSyO50u03ldKnFMwab2ZajicsA/nwEJJCb9F/13j3FURImzVcepl4JGASENEKY+WBYx xCq+FqGi7FuOalJ9Dak3lJ/nahGv2zOtZTfusH6B//9pmtoff75FSihtSQVRHdhRF8k39xrwUdz86 SzlOybRjVlQqkUgrrTaKr7Cj6gwcSiqb3qONk5zGvm59B5dEDKfKJcWVyLlqNlBBKHsVXdK39sDV/ vAUNZDZFGicTqhZNZ+RN+fUhRH3rQWo922P8KD344kRQWLdnvTdobc0yL+dbjlZFMGbkZ4FiZsPgH nP1FApwh5iWnNA==; Date: Sat, 12 Jul 2025 10:37:41 +0300 Message-Id: <86a559g8qi.fsf@gnu.org> From: Eli Zaretskii To: pipcet@protonmail.com, Aaron Zeng In-Reply-To: (message from Aaron Zeng on Tue, 1 Jul 2025 12:17:45 -0400) Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow References: <87zfhr6k9c.fsf@gmail.com> <865xgpjwg7.fsf@gnu.org> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> <87h608715m.fsf@protonmail.com> <86tt48gsc3.fsf@gnu.org> <87qzz966ah.fsf@protonmail.com> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76970 Cc: 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Aaron Zeng > Date: Tue, 1 Jul 2025 12:17:45 -0400 > Cc: Eli Zaretskii , 76970@debbugs.gnu.org, app-emacs-dev@janestreet.com > > On Tue, Jun 24, 2025 at 1:46 AM Pip Cet wrote: > > The original fix was incomplete, please try applying this one, too: > > > > diff --git a/src/eval.c b/src/eval.c > > index 46705dc4543..20782639990 100644 > > --- a/src/eval.c > > +++ b/src/eval.c > > @@ -159,7 +159,11 @@ set_backtrace_debug_on_exit (union specbinding *pdl, bool doe) > > > > bool > > backtrace_p (union specbinding *pdl) > > -{ return specpdl ? pdl >= specpdl : false; } > > +{ > > + if (current_thread && specpdl && pdl) > > + return pdl >= specpdl; > > + return false; > > +} > > > > static bool > > backtrace_thread_p (struct thread_state *tstate, union specbinding *pdl) > > After installing that patch as well, it does seem to have helped a > lot. I was seeing segfaults every couple of hours and I haven't seen > one in several days. > > Thanks, Pip! Thanks for testing. Pip, please install your patch and close the bug. From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 12 10:32:57 2025 Received: (at 76970-done) by debbugs.gnu.org; 12 Jul 2025 14:32:57 +0000 Received: from localhost ([127.0.0.1]:46656 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uabHc-0008Ge-NY for submit@debbugs.gnu.org; Sat, 12 Jul 2025 10:32:56 -0400 Received: from mail-10630.protonmail.ch ([79.135.106.30]:48189) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uabHZ-0008GG-S5 for 76970-done@debbugs.gnu.org; Sat, 12 Jul 2025 10:32:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1752330766; x=1752589966; bh=TalkwPGRgDGGPAib24mX5G6MM+n+22HP3EjzHV2knbQ=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=E1j9SOPn0qB33tU35K1rJ5X3prA7bmc9CPs88j87RMCZkcBUM7dNMtW7k46VvHu1O v9KzMtFLSUNUWVgpwGPTBV+kwF+NfAmzeNoswksF3HRGFs4lm6jijOjb6HE5MSM6sw /sfnNnnDUCTMu8yD9oQ4j5wJZULdoUpCv5kh4EYdnCFIet5feACYL8rRZ4jlKz8Y4n 4za4IcF+qYKgfottg6lNSzJrHPeWuGgEChf4iPcWjdPF9w3L38i1WDNglCySNWo0ns dLQYn4AvXvG9noaVXouygVo5xlSKulGkXWdzc9U/cHlY4kSylUfPbliRaedS2nsJVj RlkyvqxG+9zfA== Date: Sat, 12 Jul 2025 14:32:42 +0000 To: Eli Zaretskii From: Pip Cet Subject: Re: bug#76970: 31.0.50; master emacs crash with stack overflow Message-ID: <87eculpji3.fsf@protonmail.com> In-Reply-To: <86a559g8qi.fsf@gnu.org> References: <87zfhr6k9c.fsf@gmail.com> <87ikkp77tx.fsf@protonmail.com> <86wm95idbq.fsf@gnu.org> <87h608715m.fsf@protonmail.com> <86tt48gsc3.fsf@gnu.org> <87qzz966ah.fsf@protonmail.com> <86a559g8qi.fsf@gnu.org> Feedback-ID: 112775352:user:proton X-Pm-Message-ID: 01ab8540ffc5287df21ea9adf0f61d6fa60fa531 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76970-done Cc: 76970-done@debbugs.gnu.org, app-emacs-dev@janestreet.com, Aaron Zeng X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "Eli Zaretskii" writes: > Thanks for testing. > > Pip, please install your patch and close the bug. It's commit fce86c7e952, closing the bug. Pip