GNU bug report logs -
#77024
31.0.50; feature/igc: crash "switching to thread"
Previous Next
Reported by: Oliver Reiter <reiter <at> wiiw.ac.at>
Date: Sat, 15 Mar 2025 06:40:02 UTC
Severity: normal
Found in version 31.0.50
Done: Pip Cet <pipcet <at> protonmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Eli Zaretskii <eliz <at> gnu.org> writes:
>> From: Oliver Reiter <reiter <at> wiiw.ac.at>
>> Date: Fri, 14 Mar 2025 21:34:32 +0100
>>
>> After weeks of no crash, emacs crashed on me today again.
>>
>> [New Thread 0x7fffb3bb96c0 (LWP 54691)]
>> [Thread 0x7fffb3bb96c0 (LWP 54691) exited]
>> ... quite a lot of those
>> [New Thread 0x7fffb3bb96c0 (LWP 54696)]
>> [Thread 0x7fffb3bb96c0 (LWP 54696) exited]
>> [New Thread 0x7fffb3bb96c0 (LWP 54709)]
>> [Thread 0x7fffb3bb96c0 (LWP 54709) exited]
>> [New Thread 0x7fffb3bb96c0 (LWP 54751)]
>> [Switching to Thread 0x7fffb3bb96c0 (LWP 54751)]
>>
>> Thread 409 "diff-hl--update" hit Breakpoint 1, terminate_due_to_signal (sig=6, backtrace_limit=40) at /home/reitero/build/sources/emacs/emacs_debug/src/emacs.c:425
>> 425 {
>> (gdb) bt
>> #0 terminate_due_to_signal (sig=6, backtrace_limit=40) at /home/reitero/build/sources/emacs/emacs_debug/src/emacs.c:425
>> #1 0x00005555556d31a5 in emacs_abort () at /home/reitero/build/sources/emacs/emacs_debug/src/sysdep.c:2378
>> #2 0x000055555579fa76 in fix_lisp_obj (ss=ss <at> entry=0x7fffb3bb81a8, pobj=pobj <at> entry=0x555556f67eb0) at /home/reitero/build/sources/emacs/emacs_debug/src/igc.c:1132
>
> This is here:
>
> mps_word_t tag = word & IGC_TAG_MASK;
> if (tag `= Lisp_Int0 || tag =' Lisp_Int1)
> return MPS_RES_OK;
> else if (tag == Lisp_Type_Unused0)
> emacs_abort (); <<<<<<<<<<<<<<<<<<<<<<<<<<
>
> Called from here:
>
> case SPECPDL_UNWIND:
> IGC_FIX12_OBJ (ss, &pdl->unwind.arg);
> break;
>
> Can you show the contents of 'pdl' here?
I am not that proficient in debugging, do you mean like this?
From 'bt full', I figured that 'pdl' is at 0x555556f67ea0:
#2 0x000055555579fa76 in fix_lisp_obj (ss=ss <at> entry=0x7fffb3bb81a8, pobj=pobj <at> entry=0x555556f67eb0) at /home/reitero/build/sources/emacs/emacs_debug/src/igc.c:1132
word = <optimized out>
p = 0x555556f67eb0
tag = 1
client = <optimized out>
base = <optimized out>
res = <optimized out>
_ss = 0x7fffb3bb81a8
_mps_zs = <optimized out>
_mps_ufs = 0
_mps_wt = <optimized out>
_mps_w = <optimized out>
#3 0x00005555557a1040 in scan_specpdl (ss=0x7fffb3bb81a8, start=<optimized out>, end=0x555556f684e0, closure=<optimized out>) at /home/reitero/build/sources/emacs/emacs_debug/src/igc.c:1535
res = <optimized out>
pdl = 0x555556f67ea0
t = <optimized out>
_ss = 0x7fffb3bb81a8
_mps_zs = <optimized out>
_mps_ufs = 0
_mps_wt = <optimized out>
_mps_w = <optimized out>
So:
(gdb) p *(struct Lisp_String *)0x555556f67ea0
$5 = {
gc_header = {
v = 1,
gcaligned = 1 '\001'
},
u = {
s = {
size = 1,
size_byte = 4294967297,
intervals = 0x1,
data = 0x0
},
next = 0x1,
gcaligned = 1 '\001'
}
}
This should then be pdl->unwind.arg, I guess:
(gdb) p *(struct Lisp_String *)0x555556f67eb0
$4 = {
gc_header = {
v = 4294967297,
gcaligned = 1 '\001'
},
u = {
s = {
size = 1,
size_byte = 0,
intervals = 0x0,
data = 0x1287 <error: Cannot access memory at address 0x1287>
},
next = 0x1,
gcaligned = 1 '\001'
}
}
If you meant something else, happy to help.
Oliver
This bug report was last modified 69 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.