GNU bug report logs - #77024
31.0.50; feature/igc: crash "switching to thread"

Previous Next

Package: emacs;

Reported by: Oliver Reiter <reiter <at> wiiw.ac.at>

Date: Sat, 15 Mar 2025 06:40:02 UTC

Severity: normal

Found in version 31.0.50

Done: Pip Cet <pipcet <at> protonmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Pip Cet <pipcet <at> protonmail.com>
To: Oliver Reiter <reiter <at> wiiw.ac.at>
Cc: 77024 <at> debbugs.gnu.org
Subject: bug#77024: 31.0.50; feature/igc: crash "switching to thread"
Date: Sat, 15 Mar 2025 11:08:11 +0000

"Oliver Reiter" <reiter <at> wiiw.ac.at> writes:

> Evening!

> After weeks of no crash, emacs crashed on me today again.

Thanks for the report!

I'm surprised that you hit the multi-Lisp-thread code, I thought it
remained essentially unused.  In any case, the problem here is that when
we create a new thread, we xmalloc the new thread's specpdl.  This is
Fmake_thread:


  union specbinding *pdlvec = xmalloc ((1 + size) * sizeof (union specbinding));
  new_thread->m_specpdl = pdlvec + 1;  /* Skip the dummy entry.  */
  new_thread->m_specpdl_end = new_thread->m_specpdl + size;
  new_thread->m_specpdl_ptr = new_thread->m_specpdl;

And this is init_eval_once_for_pdumper, which works:

  union specbinding *pdlvec = xzalloc ((size + 1) * sizeof *specpdl);
  specpdl = specpdl_ptr = pdlvec + 1;
  specpdl_end = specpdl + size;

xmalloc often returns memory that happens to be zeroed, but doesn't
guarantee it, and then we try to scan the new specpdl and hit the assert
below.

> [New Thread 0x7fffb3bb96c0 (LWP 54691)]
> [Thread 0x7fffb3bb96c0 (LWP 54691) exited]
> ... quite a lot of those
> [New Thread 0x7fffb3bb96c0 (LWP 54696)]
> [Thread 0x7fffb3bb96c0 (LWP 54696) exited]
> [New Thread 0x7fffb3bb96c0 (LWP 54709)]
> [Thread 0x7fffb3bb96c0 (LWP 54709) exited]
> [New Thread 0x7fffb3bb96c0 (LWP 54751)]
> [Switching to Thread 0x7fffb3bb96c0 (LWP 54751)]

TBH, I'd rather go through the thread.c code once more to make sure
there aren't any obvious bugs preventing it from working with HAVE_MPS.

What were you doing that launched multiple threads?

> Thread 409 "diff-hl--update" hit Breakpoint 1, terminate_due_to_signal (sig=6, backtrace_limit=40) at /home/reitero/build/sources/emacs/emacs_debug/src/emacs.c:425

I'll fix the xmalloc->xzalloc thing now, but it's possible there are
other problems, particularly with so many threads...

Pip
This bug report was last modified 32 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.