Package: emacs;
Reported by: George P <georgepanagopo <at> gmail.com>
Date: Thu, 15 May 2025 18:46:01 UTC
Severity: normal
Found in version 30.1
View this message in rfc822 format
From: George P <georgepanagopo <at> gmail.com> To: Pip Cet <pipcet <at> protonmail.com> Cc: Eli Zaretskii <eliz <at> gnu.org>, acorallo <at> gnu.org, 78444 <at> debbugs.gnu.org Subject: bug#78444: 30.1; Crash in GC (vector_marked_p) Date: Sun, 15 Jun 2025 08:22:54 -0400
[Message part 1 (text/plain, inline)]
Hi!
I got another emacs crash, this time I was using 30.1 with both Pip's patch
and the gcc flag -fno-tree-sra during compilation, although the crash is
probably unrelated, as it is in redisplay instead of GC. The crash also
coincided with my Windows computer (remember I am using Cygwin/X to ssh to
a linux machine to open up an emacsclient) being forcefully restarted with
a frame open. Unfortunately, I have no way of knowing with certainty that
the crash happened during my Windows restart, as both took place overnight.
I have included the backtrace below, it seems that displayed_buffer is not
a valid address.
Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x000000000047df16 in redisplay_window_1 (window=window <at> entry=0x1d17b245)
at xdisp.c:18029
warning: 18029 xdisp.c: No such file or directory
(gdb) bt full
#0 0x000000000047df16 in redisplay_window_1 (window=window <at> entry=0x1d17b245)
at xdisp.c:18029
No locals.
#1 0x00000000005a7ea9 in internal_condition_case_1 (bfun=bfun <at> entry=0x47df0f
<redisplay_window_1>, arg=0x1d17b245, handlers=<optimized out>,
hfun=hfun <at> entry=0x43ee0b <redisplay_window_error>) at eval.c:1637
val = <optimized out>
c = 0xe0fda0
#2 0x000000000046cfe8 in redisplay_internal () at xdisp.c:17526
mini_window = <optimized out>
mini_window = <optimized out>
mini_frame = <optimized out>
w = 0x257ca838
sw = <optimized out>
fr = <optimized out>
pending = false
must_finish = <optimized out>
match_p = <optimized out>
tlbufpos = {charpos = 8573, bytepos = 330795424}
tlendpos = <optimized out>
number_of_visible_frames = 4
sf = 0x191ebd60
polling_stopped_here = <optimized out>
tail = <optimized out>
frame = <optimized out>
MAX_HSCROLL_RETRIES = MAX_HSCROLL_RETRIES
hscroll_retries = <optimized out>
MAX_GARBAGED_FRAME_RETRIES = MAX_GARBAGED_FRAME_RETRIES
garbaged_frame_retries = <optimized out>
consider_all_windows_p = <optimized out>
update_miniwindow_p = <optimized out>
count = <optimized out>
retry_frame = <optimized out>
#3 0x000000000046d411 in redisplay_preserve_echo_area
(from_where=from_where <at> entry=8) at xdisp.c:17749
count = <optimized out>
#4 0x000000000053610a in detect_input_pending_run_timers
(do_display=do_display <at> entry=true) at keyboard.c:11576
old_timers_run = 7077069
#5 0x00000000005f8c73 in wait_reading_process_output
(time_limit=time_limit <at> entry=0, nsecs=nsecs <at> entry=0,
read_kbd=read_kbd <at> entry=-1,
do_display=do_display <at> entry=true, wait_for_cell=wait_for_cell <at> entry=0x0,
wait_proc=wait_proc <at> entry=0x0, just_wait_proc=0) at process.c:5844
leave = false
process_skipped = false
wrapped = <optimized out>
channel_start = <optimized out>
child_fd = <optimized out>
last_read_channel = 57
channel = <optimized out>
nfds = 0
Available = {fds_bits = {7157535148594949416, 13839864582178052,
9007199254740992, 0 <repeats 13 times>}}
Writeok = {fds_bits = {0 <repeats 16 times>}}
check_write = <optimized out>
check_delay = <optimized out>
no_avail = false
xerrno = 11
proc = <optimized out>
timeout = {tv_sec = 0, tv_nsec = 6772189}
end_time = <optimized out>
timer_delay = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--c
got_output_end_time = <optimized out>
MINIMUM = MINIMUM
TIMEOUT = TIMEOUT
FOREVER = FOREVER
wait = FOREVER
got_some_output = -1
prev_wait_proc_nbytes_read = 0
retry_for_async = <optimized out>
count = <optimized out>
now = <optimized out>
#6 0x00000000005366d9 in kbd_buffer_get_event (kbp=kbp <at> entry=0x7fffffffdb08,
used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb,
end_time=end_time <at> entry=0x0) at keyboard.c:4094
do_display = true
obj = <optimized out>
str = <optimized out>
had_pending_selection_requests = false
had_pending_conversion_events = false
#7 0x00000000005370d4 in read_event_from_main_queue
(end_time=end_time <at> entry=0x0, local_getcjmp=local_getcjmp <at> entry=0x7fffffffde30,
used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb) at keyboard.c:2330
c = 0x0
save_jump = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved
= 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}
kb = 0x6df4b30
count = <optimized out>
#8 0x000000000053724a in read_decoded_event_from_main_queue
(end_time=end_time <at> entry=0x0, local_getcjmp=local_getcjmp <at> entry=0x7fffffffde30,
prev_event=prev_event <at> entry=0x0,
used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb)
at keyboard.c:2393
nextevt = <optimized out>
frame = <optimized out>
terminal = <optimized out>
events = {0x0, 0xffffffffffffffff, 0x0, 0x330b335, 0x0, 0x684dda38,
0x2f4ee1e9, 0x0, 0x684dda38, 0x307e0271, 0x3c, 0x0, 0x11fd0, 0x330b335,
0xc8ef563, 0xf4bec416f5a4e600}
n = 0
#9 0x0000000000538668 in read_char (commandflag=1, map=map <at> entry=0x1645e493,
prev_event=0x0, used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb,
end_time=end_time <at> entry=0x0) at keyboard.c:3015
c = 0x0
local_getcjmp = {{__jmpbuf = {0, 6459013156217622215, 0,
140737488346880, 0, 13113857, -6459042925873656121, 6459043636991954631},
__mask_was_saved = 0, __saved_mask = {__val = {2, 0, 5991556, 67072736,
111988528, 109922016, 5863938, 0, 67072736, 98399184, 5864240, 109922032,
5510427, 0, 4625762720, 0}}}}
save_jump = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved
= 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}
tem = <optimized out>
save = <optimized out>
previous_echo_area_message = 0x0
also_record = 0x0
reread = false
recorded = false
polling_stopped_here = true
orig_kboard = 0x6df4b30
jmpcount = <optimized out>
#10 0x0000000000539789 in read_key_sequence
(keybuf=keybuf <at> entry=0x7fffffffe1e0,
prompt=prompt <at> entry=0x0, dont_downcase_last=dont_downcase_last <at> entry=false,
can_return_switch_frame=can_return_switch_frame <at> entry=true,
fix_current_buffer=fix_current_buffer <at> entry=true,
prevent_redisplay=prevent_redisplay <at> entry=false,
disable_text_conversion_p=false) at keyboard.c:10743
interrupted_kboard = 0x6df4b30
interrupted_frame = 0x191ebd60
key = <optimized out>
used_mouse_menu = false
echo_local_start = 0
last_real_key_start = 0
keys_local_start = 0
new_binding = <optimized out>
count = <optimized out>
t = 0
echo_start = 0
keys_start = 0
current_binding = 0x1645e493
first_unbound = 31
mock_input = 0
used_mouse_menu_history = {false <repeats 30 times>}
fkey = {parent = 0x189f853, map = 0x189f853, start = 0, end = 0}
keytran = {parent = 0x15554f4f941b, map = 0x15554f4f941b, start =
0, end = 0}
indec = {parent = 0x189f863, map = 0x189f863, start = 0, end = 0}
shift_translated = false
delayed_switch_frame = 0x0
original_uppercase = 0x0
original_uppercase_position = -1
disabled_conversion = false
starting_buffer = 0x13b789a0
fake_prefixed_keys = 0x0
first_event = 0x0
second_event = <optimized out>
#11 0x000000000053ac06 in command_loop_1 () at keyboard.c:1429
cmd = <optimized out>
keybuf = {0x11ac0, 0x15f855d3, 0x133e0, 0x5982d3
<set_default_internal+530>, 0x7fffffffe260, 0x2, 0x30, 0x1785bba5, 0x0,
0x5a770f <do_one_unbind+319>, 0x1804610, 0x60, 0x0, 0x0, 0x0, 0x5a8d59
<unbind_to+105>, 0xb, 0x111c0, 0x30, 0x1785bba5, 0x7bc0,
0xf4bec416f5a4e600, 0xcf32a0 <globals>, 0x1566b533, 0x60,
0x52f4c6 <cmd_error+363>, 0x0, 0xf4bec416f5a4e600, 0x60,
0x15554edf4d83}
i = <optimized out>
last_pt = <optimized out>
prev_modiff = 396499
prev_buffer = 0x13b789a0
#12 0x00000000005a7e25 in internal_condition_case (bfun=bfun <at> entry=0x53a9ce
<command_loop_1>, handlers=handlers <at> entry=0x90, hfun=hfun <at> entry=0x52f35b
<cmd_error>) at eval.c:1613
val = <optimized out>
c = 0xe0fc60
#13 0x00000000005292ae in command_loop_2 (handlers=handlers <at> entry=0x90) at
keyboard.c:1168
val = <optimized out>
#14 0x00000000005a7d42 in internal_catch (tag=tag <at> entry=0x122d0,
func=func <at> entry=0x529294 <command_loop_2>, arg=arg <at> entry=0x90) at
eval.c:1292
val = <optimized out>
c = 0xea0f40
#15 0x000000000052926b in command_loop () at keyboard.c:1146
No locals.
#16 0x000000000052eec4 in recursive_edit_1 () at keyboard.c:754
count = <optimized out>
val = <optimized out>
#17 0x000000000052f25c in Frecursive_edit () at keyboard.c:837
count = <optimized out>
buffer = <optimized out>
#18 0x0000000000528660 in main (argc=<optimized out>, argv=0x7fffffffe5a8)
at emacs.c:2635
stack_bottom_variable = 0x155553f84458 <_gnutls_lib_state>
old_argc = <optimized out>
dump_file = 0x0
no_loadup = false
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x0
original_pwd = 0x0
dump_mode = <optimized out>
skip_args = 1
temacs = 0x0
attempt_load_pdump = <optimized out>
only_version = false
rlim = {rlim_cur = 18446744073709551615, rlim_max =
18446744073709551615}
lc_all = <optimized out>
sockfd = -1
module_assertions = <optimized out>
(gdb) p displayed_buffer
$1 = (struct buffer *) 0xfffffffffffffffb
On Sat, May 31, 2025 at 11:33 AM George P <georgepanagopo <at> gmail.com> wrote:
> Eli's idea of adding -fno-tree-sra to the build options for the next
>> build is a good one.
>
>
> Yes, thanks to both for the suggestion! I will make a build with this
> option and see if the bug persists.
>
> Could it also be a dynamic module responsible? I am running at least a few
> of these (tree-sitter
> https://github.com/emacs-tree-sitter/elisp-tree-sitter, vterm
> https://github.com/akermu/emacs-libvterm and pdf-tools
> https://github.com/vedang/pdf-tools, maybe a few more).
>
> Here are the gdb things:
>
>
>> Now we have the other bug, though, it would be interesting again. Maybe
>> the same thing happened to a nativecomp constant vector here as happened
>> to a bytecode closure's constant vector in the new crash. Do you still
>> have the old core file, and can you run x/32gx 0x98e7980?
>>
>
> Yes, here it is:
>
> (gdb) x/32gx 0x98e7980
> 0x98e7980: 0xc00000001a003007 0x0000000008f680f4
> 0x98e7990: 0x000000001f647ac3 0x00000000098e79dd
> 0x98e79a0: 0x00000000098e7a25 0x0000000000000000
> 0x98e79b0: 0x00000000098e7d75 0x00000000098ee6cd
> 0x98e79c0: 0x00001555338a2ec0 0x0000000000000000
> 0x98e79d0: 0x000000001cbc0740 0xc00000000e008000
> 0x98e79e0: 0x0000000020e10970 0x0000000003aa20d0
> 0x98e79f0: 0x0000000003aa1ac0 0x00000000006e9960
> 0x98e7a00: 0x000000002265f480 0x0000001a0000001a
> 0x98e7a10: 0x0000400700000060 0x0000000000000000
> 0x98e7a20: 0x400000000e008000 0x000000001bfdbe90
> 0x98e7a30: 0x0000000020e10b80 0x000000001bfdb880
> 0x98e7a40: 0x00000000006e98e0 0x000000001fd792e0
> 0x98e7a50: 0x0000001a0000001a 0x0000400700000060
> 0x98e7a60: 0x0000000000000000 0x400000001f000005
> 0x98e7a70: 0x0000000000000606 0x0000000008ae5654
>
> Oh, sorry, "p *(struct Lisp_String *)0x000000001cfbfe40".
>>
>
> (gdb) p *(struct Lisp_String *)0x000000001cfbfe40
> $20 = {u = {s = {size = -9223372036854775719, size_byte = -1, intervals =
> 0x0, data = 0x18c4d720
> "/u/panagopo/.config/emacs/.local/cache/eln/30.1-1ed0c1e8/lsp-erlang-9f1a9a34-b13245d7.eln"},
> next = 0x8000000000000059,
> gcaligned = 89 'Y'}}
>
>
[Message part 2 (text/html, inline)]
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.