GNU bug report logs - #77205
31.0.50; Emacs sometimes crashes if many frames are present

Previous Next

Package: emacs;

Reported by: Markus Triska <triska <at> metalevel.at>

Date: Sun, 23 Mar 2025 10:48:05 UTC

Severity: normal

Found in version 31.0.50

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Markus Triska <triska <at> metalevel.at>
To: 77205 <at> debbugs.gnu.org
Subject: bug#77205: 31.0.50; Emacs sometimes crashes if many frames are present
Date: Sun, 23 Mar 2025 11:47:08 +0100

To reproduce this issue, please download many_frames_tty.el from:

    https://www.metalevel.at/ei/many_frames_tty.el

Then start Emacs with:

    $ emacs -Q -nw --load many_frames_tty.el

Leave it running for a while, then press:

    C-g C-g

The expected result is that the loop is interrupted, and this works in
many cases. However, in some cases, Emacs crashes with:

    lisp.h:1697: Emacs fatal error: assertion failed: 0 <= nbytes

    lisp.h:1697: Emacs fatal error: assertion failed: 0 <= nbytes
    Aborted (core dumped)

and sometimes with:

    /lib/x86_64-linux-gnu/libc.so.6(+0x28150)[0x77e7df428150]
    /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x89)[0x77e7df428209]
    ./emacs(+0x3f5c5)[0x602bae7015c5]
    Aborted (core dumped)

This is related to #77200 in that Emacs also crashes, however the
backtraces are now different, and the crash occurs after C-g C-g.

Please see below two different backtraces I got after such crashes.

Thank you and all the best,
Markus


Backtrace #1:
======================================================================

#0  0x00007ffff7442bcb in __GI_kill () at ../sysdeps/unix/syscall-template.S:120
#1  0x0000555555791a46 in sys_suspend () at sysdep.c:633
#2  0x000055555577f720 in handle_interrupt (in_signal_handler=true) at keyboard.c:12287
#3  0x000055555577f5a1 in handle_interrupt_signal (sig=2) at keyboard.c:12213
#4  0x0000555555793556 in deliver_process_signal (sig=2, handler=0x55555577f548 <handle_interrupt_signal>) at sysdep.c:1751
#5  0x000055555577f5c7 in deliver_interrupt_signal (sig=2) at keyboard.c:12220
#6  <signal handler called>
#7  0x00005555557a10e6 in Fcurrent_buffer () at buffer.c:2292
#8  0x0000555555826cf1 in swap_in_symval_forwarding (symbol=0x555555ac3b40 <lispsym+16128>, blv=0x55555a7402b0) at data.c:1551
#9  0x0000555555826e66 in find_symbol_value (symbol=XIL(0x3f00)) at data.c:1590
#10 0x0000555555826ecd in Fsymbol_value (symbol=XIL(0x3f00)) at data.c:1609
#11 0x00005555557a127d in set_buffer_internal_2 (b=0x555555c047c8) at buffer.c:2361
#12 0x00005555557a116e in set_buffer_internal_1 (b=0x555555c1f1b0) at buffer.c:2310
#13 0x000055555560bc12 in redisplay_window (window=XIL(0x5555566ccb15), just_this_one_p=false) at xdisp.c:20287
#14 0x0000555555603965 in redisplay_window_0 (window=XIL(0x5555566ccb15)) at xdisp.c:18260
#15 0x000055555584af04 in internal_condition_case_1 (bfun=0x55555560391f <redisplay_window_0>, arg=XIL(0x5555566ccb15), handlers=XIL(0x7ffff45f3e73), hfun=0x5555556037f8 <redisplay_window_error>) at eval.c:1644
#16 0x00005555556037ca in redisplay_windows (window=XIL(0x5555566ccb15)) at xdisp.c:18229
#17 0x0000555555602084 in redisplay_internal () at xdisp.c:17646
#18 0x00005555555ffa8d in redisplay () at xdisp.c:16802
#19 0x0000555555766b0a in read_char (commandflag=1, map=XIL(0x7ffff34a00a3), prev_event=XIL(0), used_mouse_menu=0x7fffffffd799, end_time=0x0) at keyboard.c:2672
#20 0x000055555577bcdd in read_key_sequence (keybuf=0x7fffffffd9c0, prompt=XIL(0), dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false, disable_text_conversion_p=false) at keyboard.c:10848
#21 0x0000555555762ae6 in command_loop_1 () at keyboard.c:1424
#22 0x000055555584ae1b in internal_condition_case (bfun=0x555555762698 <command_loop_1>, handlers=XIL(0x90), hfun=0x555555761a8b <cmd_error>) at eval.c:1620
#23 0x000055555576223b in command_loop_2 (handlers=XIL(0x90)) at keyboard.c:1163
#24 0x000055555584a1ec in internal_catch (tag=XIL(0x11df0), func=0x55555576220d <command_loop_2>, arg=XIL(0x90)) at eval.c:1300
#25 0x00005555557621c9 in command_loop () at keyboard.c:1141
#26 0x000055555576150d in recursive_edit_1 () at keyboard.c:749
#27 0x0000555555761741 in Frecursive_edit () at keyboard.c:832
#28 0x000055555575cc4f in main (argc=5, argv=0x7fffffffde88) at emacs.c:2560

Lisp Backtrace:
"redisplay_internal (C function)" (0x0)



Backtrace #2:
======================================================================

#0  terminate_due_to_signal (sig=6, backtrace_limit=2147483647) at emacs.c:424
#1  0x000055555581157a in die (msg=0x55555597305d "0 <= nbytes", file=0x555555972fc8 "lisp.h", line=1697) at alloc.c:7452
#2  0x00005555556d20a6 in STRING_BYTES (s=0x555555bb6b20) at /emacs/src/lisp.h:1697
#3  0x00005555556d20cc in SBYTES (string=XIL(0x555555bb6b24)) at /emacs/src/lisp.h:1704
#4  0x00005555556d3087 in tty_send_additional_strings (terminal=0x555555b57180, sym=XIL(0x12900)) at term.c:187
#5  0x00005555556d3453 in tty_reset_terminal_modes (terminal=0x555555b57180) at term.c:230
#6  0x0000555555792ff4 in reset_sys_modes (tty_out=0x555555b60e40) at sysdep.c:1535
#7  0x0000555555792e78 in reset_all_sys_modes () at sysdep.c:1492
#8  0x000055555577f71b in handle_interrupt (in_signal_handler=true) at keyboard.c:12277
#9  0x000055555577f5a1 in handle_interrupt_signal (sig=2) at keyboard.c:12213
#10 0x0000555555793556 in deliver_process_signal (sig=2, handler=0x55555577f548 <handle_interrupt_signal>) at sysdep.c:1751
#11 0x000055555577f5c7 in deliver_interrupt_signal (sig=2) at keyboard.c:12220
#12 <signal handler called>
#13 0x0000555555805f1f in pdumper_object_p (obj=0x7ffff477d960) at /emacs/src/pdumper.h:166
#14 0x000055555580ff6c in process_mark_stack (base_sp=0) at alloc.c:6820
#15 0x0000555555810249 in mark_object (obj=XIL(0x7ffff484409d)) at alloc.c:6872
#16 0x000055555580dd99 in mark_object_root_visitor (root_ptr=0x555555ad4428 <initial_obarray>, type=GC_ROOT_STATICPRO, data=0x0) at alloc.c:5805
#17 0x000055555580dd4d in visit_static_gc_roots (visitor=...) at alloc.c:5797
#18 0x000055555580e39f in garbage_collect () at alloc.c:6007
#19 0x000055555580e0c3 in maybe_garbage_collect () at alloc.c:5916
#20 0x000055555584727f in maybe_gc () at /emacs/src/lisp.h:5881
#21 0x000055555584f00f in Ffuncall (nargs=3, args=0x7fffffff6570) at eval.c:3082
#22 0x000055555584b0f8 in internal_condition_case_n (bfun=0x55555584eede <Ffuncall>, nargs=3, args=0x7fffffff6570, handlers=XIL(0x30), hfun=0x5555555d3b0d <dsafe_eval_handler>) at eval.c:1700
#23 0x00005555555d3c1c in dsafe__call (inhibit_quit=true, f=0x55555584eede <Ffuncall>, nargs=3, args=0x7fffffff6570) at xdisp.c:3092
#24 0x00005555555d3d8f in dsafe_eval (sexpr=XIL(0x7ffff41c59e3)) at xdisp.c:3128
#25 0x000055555562c508 in display_mode_element (it=0x7fffffff6c80, depth=5, field_width=-7, precision=-8, elt=XIL(0x7ffff41c59c3), props=XIL(0x7ffff4532c43), risky=false) at xdisp.c:28252
#26 0x000055555562c930 in display_mode_element (it=0x7fffffff6c80, depth=3, field_width=0, precision=-1, elt=XIL(0x7ffff4532ce3), props=XIL(0x7ffff4532c43), risky=false) at xdisp.c:28338
#27 0x000055555562c66b in display_mode_element (it=0x7fffffff6c80, depth=2, field_width=0, precision=-1, elt=XIL(0x7ffff4532c23), props=XIL(0), risky=false) at xdisp.c:28275
#28 0x000055555562c930 in display_mode_element (it=0x7fffffff6c80, depth=1, field_width=0, precision=0, elt=XIL(0x7ffff452f553), props=XIL(0), risky=false) at xdisp.c:28338
#29 0x000055555562aba8 in display_mode_line (w=0x5555594e2cd0, face_id=MODE_LINE_INACTIVE_FACE_ID, format=XIL(0x7ffff452f533)) at xdisp.c:27738
#30 0x000055555562a7ef in display_mode_lines (w=0x5555594e2cd0) at xdisp.c:27647
#31 0x000055555560f9ed in redisplay_window (window=XIL(0x5555594e2cd5), just_this_one_p=false) at xdisp.c:21178
#32 0x0000555555603965 in redisplay_window_0 (window=XIL(0x5555594e2cd5)) at xdisp.c:18260
#33 0x000055555584af04 in internal_condition_case_1 (bfun=0x55555560391f <redisplay_window_0>, arg=XIL(0x5555594e2cd5), handlers=XIL(0x7ffff45f3e73), hfun=0x5555556037f8 <redisplay_window_error>) at eval.c:1644
#34 0x00005555556037ca in redisplay_windows (window=XIL(0x5555594e2cd5)) at xdisp.c:18229
#35 0x0000555555602084 in redisplay_internal () at xdisp.c:17646
#36 0x0000555555602c92 in redisplay_preserve_echo_area (from_where=2) at xdisp.c:17987
#37 0x00005555555a87c4 in Fredisplay (force=XIL(0)) at dispnew.c:6996
#38 0x000055555584d97c in eval_sub (form=XIL(0x7ffff7363aa3)) at eval.c:2592
#39 0x0000555555847fbc in Fprogn (body=XIL(0)) at eval.c:439
#40 0x000055555584d56a in eval_sub (form=XIL(0x7ffff7361773)) at eval.c:2543
#41 0x0000555555847e6f in Fif (args=XIL(0x7ffff7361753)) at eval.c:394
#42 0x000055555584d56a in eval_sub (form=XIL(0x7ffff7361673)) at eval.c:2543
#43 0x0000555555847fbc in Fprogn (body=XIL(0x7ffff735fa33)) at eval.c:439
#44 0x0000555555849d30 in Flet (args=XIL(0x7ffff735fa23)) at eval.c:1123
#45 0x000055555584d56a in eval_sub (form=XIL(0x7ffff735fa13)) at eval.c:2543
#46 0x0000555555847fbc in Fprogn (body=XIL(0)) at eval.c:439
#47 0x0000555555847ff0 in prog_ignore (body=XIL(0x7ffff735f983)) at eval.c:450
#48 0x0000555555849db0 in Fwhile (args=XIL(0x7ffff735f9f3)) at eval.c:1144
#49 0x000055555584d56a in eval_sub (form=XIL(0x7ffff735fa03)) at eval.c:2543
#50 0x0000555555847fbc in Fprogn (body=XIL(0)) at eval.c:439
#51 0x0000555555849d30 in Flet (args=XIL(0x7ffff735f953)) at eval.c:1123
#52 0x000055555584d56a in eval_sub (form=XIL(0x7ffff735f943)) at eval.c:2543
#53 0x00005555558941a2 in readevalloop_eager_expand_eval (val=XIL(0x7ffff73646f3), macroexpand=XIL(0xae30)) at lread.c:2358
#54 0x0000555555894a49 in readevalloop (readcharfun=XIL(0x555555c041ed), infile0=0x0, sourcename=XIL(0x555555c0c9f4), printflag=false, unibyte=XIL(0), readfun=XIL(0), start=XIL(0), end=XIL(0)) at lread.c:2540
#55 0x0000555555894dd8 in Feval_buffer (buffer=XIL(0x555555c041ed), printflag=XIL(0), filename=XIL(0x555555c0c9f4), unibyte=XIL(0), do_allow_print=XIL(0x30)) at lread.c:2618
#56 0x000055555584f4df in funcall_subr (subr=0x555555a43820 <Seval_buffer>, numargs=5, args=0x7ffff35ff290) at eval.c:3163
#57 0x00005555558b255a in exec_byte_code (fun=XIL(0x7ffff4247c0d), args_template=257, nargs=1, args=0x7ffff35ff298) at bytecode.c:812
#58 0x000055555584fb19 in funcall_lambda (fun=XIL(0x7ffff4356905), nargs=4, arg_vector=0x7fffffffd228) at eval.c:3246
#59 0x000055555584ed93 in funcall_general (fun=XIL(0x7ffff4356905), numargs=4, args=0x7fffffffd228) at eval.c:3038
#60 0x000055555584f058 in Ffuncall (nargs=5, args=0x7fffffffd220) at eval.c:3087
#61 0x00005555558923fb in Fload (file=XIL(0x555555c0c724), noerror=XIL(0), nomessage=XIL(0x30), nosuffix=XIL(0), must_suffix=XIL(0)) at lread.c:1615
#62 0x000055555584f4df in funcall_subr (subr=0x555555a437a0 <Sload>, numargs=3, args=0x7ffff35ff1b0) at eval.c:3163
#63 0x00005555558b255a in exec_byte_code (fun=XIL(0x7ffff478e955), args_template=769, nargs=3, args=0x7ffff35ff4a0) at bytecode.c:812
#64 0x000055555584fb19 in funcall_lambda (fun=XIL(0x7ffff47ea83d), nargs=0, arg_vector=0x7fffffffd8f0) at eval.c:3246
#65 0x000055555584f998 in apply_lambda (fun=XIL(0x7ffff47ea83d), args=XIL(0), count=...) at eval.c:3209
#66 0x000055555584db97 in eval_sub (form=XIL(0x7ffff49c1ed3)) at eval.c:2639
#67 0x000055555584cf77 in Feval (form=XIL(0x7ffff49c1ed3), lexical=XIL(0x30)) at eval.c:2456
#68 0x00005555557622d0 in top_level_2 () at keyboard.c:1179
#69 0x000055555584ae1b in internal_condition_case (bfun=0x555555762265 <top_level_2>, handlers=XIL(0x90), hfun=0x555555761a8b <cmd_error>) at eval.c:1620
#70 0x000055555576233c in top_level_1 (ignore=XIL(0)) at keyboard.c:1191
#71 0x000055555584a1ec in internal_catch (tag=XIL(0x11df0), func=0x5555557622e9 <top_level_1>, arg=XIL(0)) at eval.c:1300
#72 0x000055555576219a in command_loop () at keyboard.c:1140
#73 0x000055555576150d in recursive_edit_1 () at keyboard.c:749
#74 0x0000555555761741 in Frecursive_edit () at keyboard.c:832
#75 0x000055555575cc4f in main (argc=5, argv=0x7fffffffde88) at emacs.c:2560

Lisp Backtrace:
"Automatic GC" (0x0)
"eval" (0xffff6578)
"redisplay_internal (C function)" (0x0)
"redisplay" (0xffffbf90)
"progn" (0xffffc058)
"if" (0xffffc1a8)
"let" (0xffffc3a8)
"while" (0xffffc548)
"let" (0xffffc748)
"eval-buffer" (0xf35ff290)
"load-with-code-conversion" (0xffffd228)
"load" (0xf35ff1b0)
"command-line-1" (0xf35ff0b8)
"command-line" (0xf35ff040)
"normal-top-level" (0xffffd8f0)

In GNU Emacs 31.0.50 (build 5, x86_64-pc-linux-gnu, X toolkit, Xaw
 scroll bars) of 2025-03-23 built on laptop
Repository revision: 467aba67db407e930fc5de6d4a4ae0cd6fc106df
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12302000
System Description: Ubuntu 23.10

Configured using:
 'configure --with-x-toolkit=lucid --with-xpm=ifavailable
 --with-gif=ifavailable --with-tiff=ifavailable
 --with-gnutls=ifavailable --enable-checking=yes,glyphs
 --enable-check-lisp-object-type 'CFLAGS=-O0 -g3''

Configured features:
FREETYPE GMP JPEG LIBXML2 MODULES NOTIFY INOTIFY PDUMPER PNG SECCOMP
SOUND THREADS TOOLKIT_SCROLL_BARS X11 XDBE XFT XIM XPM LUCID ZLIB

Important settings:
  value of $LC_MONETARY: de_DE.UTF-8
  value of $LC_NUMERIC: de_DE.UTF-8
  value of $LC_TIME: de_DE.UTF-8
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix
This bug report was last modified 59 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.