Package: emacs;
Reported by: George P <georgepanagopo <at> gmail.com>
Date: Thu, 15 May 2025 18:46:01 UTC
Severity: normal
Found in version 30.1
Message #14 received at 78444 <at> debbugs.gnu.org (full text, mbox):
From: George P <georgepanagopo <at> gmail.com> To: Pip Cet <pipcet <at> protonmail.com>, Eli Zaretskii <eliz <at> gnu.org> Cc: 78444 <at> debbugs.gnu.org Subject: Re: bug#78444: 30.1; Crash in GC (vector_marked_p) Date: Fri, 16 May 2025 13:45:36 -0400
[Message part 1 (text/plain, inline)]
>
> Can you describe what you were doing at the time of the crash?
I was not doing anything in particular (editing a latex file with LaTeX/PS
mode). These crashes have happened to me at very random times. The only
thing that I have been suspecting could be causing this is viewing org-mode
buffers that have special fontification. I have
https://github.com/awth13/org-appear and https://github.com/minad/org-modern
installed, and previously I had
https://github.com/integral-dw/org-superstar-mode. I had just viewed an org
file before the crash.
Please show the details of 'v'. Like this:
>
> (gdb) frame 0
> (gdb) p v
> (gdb) p/x v->header
>
> Also, you've elided the part where GDB says what fatal signal was
> delivered. I'm guessing it was SIGSEGV, but please show that part of
> what GDB displayed when it kicked in.
>
> Please keep the crashed session inside GDB in case we want you to look
> around and report more data.
>
Unfortunately, I don't have the program running (because I foolishly
thought I could continue from the crash). I do have the core however, here
is what you both asked for:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 vector_marked_p (v=v <at> entry=0x4000000023000008) at alloc.c:4273
warning: 4273 alloc.c: No such file or directory
[Current thread is 1 (LWP 691035)]
warning: File "/nix/store/ji2c308n46lfvpi9jpr3ma8rqq42wx3p-glib-2.82.4/lib/
libgobject-2.0.so.0.8200.4-gdb.py" auto-loading has been declined by your
`auto-load safe-path' set to "$debugdir:$datadir/auto-load".
warning: File "/nix/store/ji2c308n46lfvpi9jpr3ma8rqq42wx3p-glib-2.82.4/lib/
libglib-2.0.so.0.8200.4-gdb.py" auto-loading has been declined by your
`auto-load safe-path' set to "$debugdir:$datadir/auto-load".
warning: File "/nix/store/8ryr50ic059w32djkygs1g1kxdpj7dgx-isl-0.20/lib/
libisl.so.19.1.0-gdb.py" auto-loading has been declined by your `auto-load
safe-path' set to "$debugdir:$datadir/auto-load".
warning: File
"/nix/store/fjyh571wr8ifsw1h6j2nx22fmjj91b6y-gcc-14-20241116-lib/lib/libstdc++.
so.6.0.33-gdb.py" auto-loading has been declined by your `auto-load
safe-path' set to "$debugdir:$datadir/auto-load".
(gdb) frame 0
#0 vector_marked_p (v=v <at> entry=0x4000000023000008) at alloc.c:4273
4273 in alloc.c
(gdb) p v
$1 = (const struct Lisp_Vector *) 0x4000000023000008
(gdb) p/x v->header
Cannot access memory at address 0x4000000023000008
(gdb) set print elements 0
(gdb) p last_marked
$2 = {0x15554ea7b163, 0x1f3eb0, 0x15554ea7b153, 0x15554ea7b113, 0x10710,
0x15554ea7b103, 0xe344f4, 0x2237643, 0x10da0, 0x2237633, 0x15554de36280,
0xc64485 <Sselected_window+5>, 0x15554de5d268, 0x13ff3ad, 0x2, 0x1d373234,
0x46ddbcd, 0x15554de5d450, 0x15554df5c948, 0x60, 0x0, 0x15554ec524dd,
0x15554eb23723, 0x0, 0x15554eb24c65, 0x0, 0x0, 0xa, 0x10710,
0x15554df5c8b8, 0x60, 0x0, 0x0, 0x0, 0x3e10, 0x15554e014d50, 0x60, 0x0,
0x15554ed0a8e5, 0x15554eb2b183, 0x0, 0x15554eb73b0d, 0x0, 0x0, 0x16,
0x7842613, 0x1d54f9e4, 0x31d4a, 0x9839b1d, 0x1818f8b3, 0x9540, 0x1818f873,
0x1818f893, 0x3d80, 0x1818f883, 0x30, 0x1818f853, 0x30, 0x0, 0x1ce4e9ad,
0x1be0b704, 0x18505ee3, 0x18505f03, 0xdc20, 0xa, 0x18505eb3, 0x18505ec3,
0xdb90, 0x2, 0x18505e43, 0x18505e93, 0x96c0, 0x18505e83, 0x3a, 0x18505e73,
0xa, 0x18505e53, 0x6, 0x4d533dd, 0x20ccaced, 0x1818fc43,
0x9540, 0x1818fc33, 0x0, 0x1818fc13, 0xe460, 0x0, 0x1ce4e9ad, 0x0, 0x0,
0x30, 0x20ccad45, 0x179dfc73, 0x9540, 0x179dfc63, 0x0, 0x179dfc03,
0x179dfc53, 0x15554de617c0, 0x179dfc13, 0x1bb24600, 0x60, 0x18502db3,
0x95a0, 0x18502dc3, 0x18502f33, 0x0, 0x18502f43, 0x466b42d, 0x406,
0x1d49ebc4, 0x46cfcd5, 0x15554e0bd5c8
<F756e6971756966792d726174696f6e616c697a65_uniquify_rationalize_0+744>,
0x60, 0x1475f63, 0x95a0, 0x1475f53,
0x2242473, 0x248c664, 0x2242433, 0x1475f03, 0x4290, 0x1475ef3, 0x103f8b4,
0x1475ee3, 0x103f8d4, 0x1475ed3, 0x0, 0x1475ec3, 0x0, 0x1475f43, 0x0,
0x1475f33, 0x15554edb315b, 0x4290, 0x15554edb316b, 0x15554eb8d5fc,
0x15554edb317b, 0x15554edb318c, 0x15554eb2c6b3, 0x24b5b4d, 0x0, 0x0,
0x245d955, 0x0, 0x0, 0x15554e0bd578
<F756e6971756966792d726174696f6e616c697a65_uniquify_rationalize_0+664>,
0x60, 0x2242523, 0x15554de31ee0,
0x2242513, 0x24b5c25, 0x15554de31ee0, 0x15554e0bd578
<F756e6971756966792d726174696f6e616c697a65_uniquify_rationalize_0+664>,
0x2242b13, 0x2242ad3, 0x2242753, 0x15554dfd07e8, 0x127db30, 0x2242b23,
0x15554ece9985, 0x15554de35860, 0x15554dff3f28, 0x15554ece9985,
0x15554ece9abb, 0x10140, 0x15554ece9acb, 0x30, 0x0, 0x192, 0x15554ece9a15,
0x606, 0x15554ece9a6c, 0x15554ece9a45, 0x15554de35288, 0x15554ece9a5b,
0x15554dfd0818,
0x16, 0x15554eb2b3a4, 0x15554ece99b5, 0x606, 0x15554ece99f4,
0x15554ece99e5, 0x7b60, 0x12, 0x15554eb2b2d4, 0x2242ac3, 0x15554eb2b275,
0x22429d3, 0x2242993, 0x2, 0x222be93, 0x15554f00ebbd, 0x2242983,
0x15554eb2b275, 0x2220813, 0x251724d, 0x15554de323b8, 0x22207c3, 0x1ee26a3,
0x15554e3190c8 <top_level_run+728>, 0x1ee26b3, 0xa49d00 <pure+3488800>,
0x60, 0x226e9d3, 0x15554de5a568, 0x226e9c3, 0x1f73c54, 0x226ea63,
0x15554de5ec50, 0x226ea53, 0x226ea83, 0x1eea8c3, 0x15554e26ab80
<F7363726f6c6c2d6261722d746f6f6c6b69742d7363726f6c6c_scroll_bar_toolkit_scroll_0+1136>,
0x60, 0x42c7a73, 0x13e60, 0x42c7a63, 0x42c7a53, 0x15554def15c8, 0x42c7a43,
0xc197c0 <pure+5388000>, 0x42c7a33, 0x36df2c0, 0x60, 0x0, 0x43f78f5,
0x42caeb3, 0x0, 0x4384d5d, 0x0, 0x0, 0x42c7a93, 0x15554dea8fb0, 0x42c7a83,
0x43d4c94, 0x0, 0x1eea8d3, 0x15554de48168,
0x1eea8e3, 0x1f73cf4, 0x1eea8f3, 0x1f73d14, 0x226ea73, 0x1eea873,
0x1253d0, 0x1eea883, 0x15554de48168, 0x1eea893, 0x1f73cb4, 0x1eea8a3,
0x1f73cd4, 0x226ea43, 0x1eea7f3, 0x1253d0, 0x1eea813, 0x15554de48168,
0x1eea823, 0x1f73c74, 0x1eea833, 0x1f73c94, 0x226eba3, 0x15554de30d68,
0x226eb93, 0x226eb83, 0x226eb73, 0xb0eba0 <pure+4295360>, 0x15554dfc0740,
0x60, 0x1f652493, 0x15554de32c08, 0x1f6524a3, 0x124f290, 0x60, 0x0,
0x538cb05, 0x1f67b0c3, 0x9540, 0x1f67b093, 0x1f67b0b3, 0x30, 0x1f67b0a3,
0x30, 0x1f67b083, 0x30, 0x0, 0x1baba95d, 0x20bef7e4, 0x1f67e3e3,
0x1f67e3f3, 0xdc20, 0xa, 0x1f67e3c3, 0x1f67e3d3, 0xdb90, 0x2, 0x1f67e1d3,
0x1f67e3b3, 0x96c0, 0x1f67e3a3, 0x3a, 0x1f67e393, 0xa, 0x1f67e1e3, 0x6,
0x979f79d, 0x9492115, 0x1f67b4f3, 0x9540, 0x1f67b353, 0x1f67b393, 0x30,
0x1f67b383, 0x30, 0x1f67b373, 0x3d80, 0x1f67b363, 0x30,
0x1f67b343, 0x30, 0x0, 0x1baba95d, 0x0, 0x0, 0x30, 0x949216d, 0x1f67b323,
0x9540, 0x1f67b2e3, 0x1f67b313, 0x30, 0x1f67b303, 0x30, 0x1f67b2f3, 0x30,
0x1f67b2d3, 0x30, 0x0, 0x1baba95d, 0x0, 0x0, 0x30, 0x94921c5, 0x1f67b163,
0x9540, 0x1f67b153, 0x0, 0x1f67b0f3, 0xe460, 0x0, 0x1baba95d, 0x0, 0x0,
0x30, 0x949221d, 0x1f67b2b3, 0x9540, 0x1f67b2a3, 0x0, 0x1f67b263,
0x1f67b293, 0xafe0, 0x1f67b283, 0xa2, 0x1f67b273, 0xa2, 0x0,
0x1baba95d, 0x0, 0x0, 0x30, 0x9492275, 0x1f67b243, 0x9540, 0x1f67b233,
0x0, 0x1f67b203, 0x1f67b223, 0x15554de617c0, 0x1f67b213, 0x15554df1a3a0,
0x60, 0x1f641ba3, 0x95a0, 0x1f641bb3, 0x1f641bc3, 0x8ae5574, 0x1f641bd3,
0x15554ec0ff33, 0x4290, 0x15554ec0ff43, 0x15554ec0ff84, 0x15554ec0ff53,
0x15554ec0ff64, 0x15554eb2c6b3, 0x38294cd, 0x1f6463e3, 0x9540, 0x1f6463a3,
0x1f6463d3, 0x30, 0x1f6463c3, 0x3d50, 0x1f6463b3, 0x30,
0x1f646393, 0x30, 0x0, 0x98e7985, 0x8f680f4, 0x1f647ac3, 0x1f647ad3,
0xdc20, 0xa, 0x1f647aa3, 0x1f647ab3, 0xdb90, 0x2, 0x1f647a53, 0x1f647a93,
0x96c0, 0x1f647a83, 0x3a, 0x1f647a73, 0xa, 0x1f647a63, 0x6, 0x98e79dd,
0x98f1d0d, 0x0, 0x400000002300000d, 0x0, 0x27f62ad, 0x0, 0x0, 0x60,
0x2235443, 0x10da0, 0x2235433, 0x30, 0xc6d2a5
<Sactive_minibuffer_window+5>, 0x15554defbf98, 0x60, 0x15554ea7b0c3,
0x15554de5dc98,
0x15554ea7b0b3, 0xe33ed5, 0x606, 0xe34c84, 0xe33eb5, 0x15554de78758,
0x15554defbf98, 0xe33e85, 0x606, 0xe35054, 0xe33e6d, 0x10710, 0x60,
0x15554f053c7b, 0x7da0, 0x15554f053c8b, 0x11850, 0x60, 0x15554f4abdeb,
0x7da0, 0x15554f4abdfb, 0x11850, 0x15554f4abe0b, 0x7e00, 0x15554f4abe1b,
0x15554f4abeab, 0x11850, 0x15554f4abe2b, 0x7dd0, 0x15554f4abe3b,
0x15554f4abe8b, 0x11850, 0x15554f4abe9b, 0x2, 0x15554f4abe4b, 0xd530,
0x15554f4abe5b, 0x15554f4abe6b, 0x15554f4abe7b, 0x2, 0x11850, 0x0,
0x15554f053c9b, 0x7e00, 0x15554f053cab, 0x15554f053d3b, 0x10710,
0x15554f053cbb, 0x7dd0, 0x15554f053ccb, 0x15554f053d1b, 0x10710,
0x15554f053d2b, 0x2, 0x15554f053cdb, 0xd530, 0x15554f053ceb,
0x15554f053cfb, 0x15554f053d0b, 0x2, 0x10710, 0xc643c5 <Sselect_window+5>,
0x3de0, 0x1a, 0xe35074, 0x1e, 0xe35094}
(gdb) p last_marked_index
$3 = 431
This part seems to indicate you run something called
> gcmh-idle-garbage-collect, which triggers GC from a timer function?
> If so, please describe what you do with this and show the relevant
> code.
>
> In general, please describe anything related to GC and timers that you
> customized in your sessions, as that could be relevant to the nature
> and the reasons of this bug.
>
>
Yes, I am using gcmh (
https://github.com/emacsmirror/gcmh/blob/master/gcmh.el). I have these
parameters for it:
(setq gcmh-idle-delay 'auto ; default is 15s
gcmh-auto-idle-delay-factor 10
gcmh-high-cons-threshold (* 64 1024 1024)) ; 64mb
I don't think that there is anything else GC related that I am using.
Also, what is the memory footprint of the crashed Emacs process?
>
Hard for me to say. I restored my session and this is the memory-report for
that session. I would assume that the crashed session is 2-3 times larger:
Estimated Emacs Memory Usage
133 MiB Overall Object Memory Usage
83 MiB Total Buffer Memory Usage
40 MiB Reserved (But Unused) Object Memory
34 MiB Memory Used By Global Variables
13 MiB Memory Used By Symbol Plists
2.6 KiB Total Image Cache Size
Object Storage
49 MiB Conses
42 MiB Strings
25 MiB Vectors
11 MiB Intervals
5.2 MiB Symbols
359 KiB Buffer-Objects
54 KiB Floats
Largest Buffers
7.1 MiB REPL-useq
5.6 MiB alloc.c
4.4 MiB fish_history
3.3 MiB *code-conversion-work*
2.1 MiB vat.pdf
2 MiB VTerm ~/scratch
1.9 MiB ta.py
1.9 MiB loom.pdf
1.6 MiB REPL-9_useq<2>
1.6 MiB REPL-9_useq
1.6 MiB specification.py
1.5 MiB loom-oos.pdf
1.4 MiB REPL-jpeq
1.2 MiB uf.py
1.2 MiB xterm.c
1.2 MiB *Messages*
1.1 MiB REPL-peeq
1.1 MiB fc-monitor.py
865 KiB vat.tex
843 KiB VTerm /v/l/s/coredump
Largest Variables
3 MiB kill-ring
3 MiB kill-ring-yank-pointer
2.4 MiB undo-equiv-table
2.2 MiB package-lint-symbol-info
2.2 MiB load-history
2.2 MiB lsp--session
1.8 MiB lsp-modeline--diagnostics-wks->strings
813 KiB nerd-icons/mdicon-alist
709 KiB easy-menu-converted-items-table
707 KiB persp-buffer-props-hash
653 KiB *persp-hash*
652 KiB info-lookup-cache
625 KiB treemacs--themes
547 KiB treemacs--scope-storage
513 KiB face--new-frame-defaults
436 KiB centaur-tabs-display-hash
402 KiB file-notify-descriptors
389 KiB minor-mode-map-alist
388 KiB yank-menu
374 KiB centaur-tabs--buffers
Does this mean you run Emacs on a Red Hat system via the Cygwin X
> implementation that runs on Windows?
Correct.
Anything else that is "unusual" in your sessions? Please don't save
> us any such details, as they might be relevant, or provide important
> clues as to where to look for the causes.
>
I am using doomemacs (https://github.com/doomemacs/doomemacs) so my
configuration is very large and mostly not written by me. I don't think
there is anything particularly unusual with it though.
In particular, last_marked and last_marked_index would be very
> interesting.
I have included that in the gdb trace above. Please, let me know if there
is anything else I can dig out from the core.
Thanks!
George
On Fri, May 16, 2025 at 6:41 AM Pip Cet <pipcet <at> protonmail.com> wrote:
> "George P" <georgepanagopo <at> gmail.com> writes:
> > Hi,
> >
> > I am experiencing crashes during GC, and I have no idea what causes
> > these crashes or how to reproduce them consistently.
>
> If you can reproduce it at all, we probably need a live gdb session or
> (slightly worse) a core dump to debug this further, because not all
> information is in the backtrace.
>
> > I have posted another
> > crash without debugging symbols in
> https://lists.gnu.org/archive/html/emacs-devel/2024-11/msg00724.html.
> This time, I was running emacs in gdb, the
> > trace is below. Seems to be related to bug#38936.
>
> Are you capturing coredumps ("gcore" in gdb after the crash; it's best
> to do this even if you keep the gdb session alive) or keeping the gdb
> sessions alive? That would help provide further information which might
> allow us to track this down.
>
> In particular, last_marked and last_marked_index would be very
> interesting.
>
> > (gdb) bt full
> > #0 vector_marked_p (v=v <at> entry=0x4000000023000008) at alloc.c:4273
>
> > No locals.
> > #1 0x00000000005892bc in process_mark_stack (base_sp=base_sp <at> entry=2188)
> at alloc.c:7276
> > ptr = 0x4000000023000008
> > pvectype = <optimized out>
> > obj = 0x400000002300000d
>
> That's a pseudovector header (for a font spec), but we've mistaken it
> for a Lisp object. The most likely reason is that a vector was freed
> and partly re-used for this pseudovector, but it was still reachable
> somehow, and we tried accessing it again after it was freed.
>
> We need to look at last_marked, to find out which of the 76 slots in a
> buffer object contained (directly or indirectly) this stale object, and
> then try to figure out how it got there.
>
> > Configured using:
> > 'configure
> > --prefix=/nix/store/xdxaa55akicvs3jjrr8d7nmzla4gzbyl-emacs-30.1
> > --disable-build-details --with-modules --with-x-toolkit=lucid
> > --with-cairo --without-xft --with-compress-install
> > --with-toolkit-scroll-bars --with-native-compilation
> > --without-imagemagick --with-mailutils --without-small-ja-dic
> > --with-tree-sitter --with-xinput2 --without-xwidgets --with-dbus
> > --with-selinux'
>
> I've looked a little at unusual code which would be enabled by this
> configuration, but apart from this strangeness in
> x_default_scroll_bar_color_parameter, I couldn't find anything:
>
> AUTO_STRING (foreground, "foreground");
> AUTO_STRING (background, "foreground");
>
> I suspect no one's using X resources to set the background color of
> scroll bars...
>
> Pip
>
>
[Message part 2 (text/html, inline)]
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.