Package: emacs;
Reported by: George P <georgepanagopo <at> gmail.com>
Date: Thu, 15 May 2025 18:46:01 UTC
Severity: normal
Found in version 30.1
View this message in rfc822 format
From: Eli Zaretskii <eliz <at> gnu.org> To: George P <georgepanagopo <at> gmail.com> Cc: pipcet <at> protonmail.com, acorallo <at> gnu.org, 78444 <at> debbugs.gnu.org Subject: bug#78444: 30.1; Crash in GC (vector_marked_p) Date: Sun, 15 Jun 2025 16:07:57 +0300
> From: George P <georgepanagopo <at> gmail.com>
> Date: Sun, 15 Jun 2025 08:22:54 -0400
> Cc: Eli Zaretskii <eliz <at> gnu.org>, 78444 <at> debbugs.gnu.org, acorallo <at> gnu.org
>
> I got another emacs crash, this time I was using 30.1 with both Pip's patch and the gcc flag -fno-tree-sra
> during compilation, although the crash is probably unrelated, as it is in redisplay instead of GC. The crash
> also coincided with my Windows computer (remember I am using Cygwin/X to ssh to a linux machine to open
> up an emacsclient) being forcefully restarted with a frame open. Unfortunately, I have no way of knowing with
> certainty that the crash happened during my Windows restart, as both took place overnight.
>
> I have included the backtrace below, it seems that displayed_buffer is not a valid address.
>
> Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
> 0x000000000047df16 in redisplay_window_1 (window=window <at> entry=0x1d17b245)
> at xdisp.c:18029
> warning: 18029 xdisp.c: No such file or directory
> (gdb) bt full
> #0 0x000000000047df16 in redisplay_window_1 (window=window <at> entry=0x1d17b245) at xdisp.c:18029
> No locals.
> #1 0x00000000005a7ea9 in internal_condition_case_1 (bfun=bfun <at> entry=0x47df0f
> <redisplay_window_1>, arg=0x1d17b245, handlers=<optimized out>, hfun=hfun <at> entry=0x43ee0b
> <redisplay_window_error>) at eval.c:1637
> val = <optimized out>
> c = 0xe0fda0
> #2 0x000000000046cfe8 in redisplay_internal () at xdisp.c:17526
> mini_window = <optimized out>
> mini_window = <optimized out>
> mini_frame = <optimized out>
> w = 0x257ca838
> sw = <optimized out>
> fr = <optimized out>
> pending = false
> must_finish = <optimized out>
> match_p = <optimized out>
> tlbufpos = {charpos = 8573, bytepos = 330795424}
> tlendpos = <optimized out>
> number_of_visible_frames = 4
> sf = 0x191ebd60
> polling_stopped_here = <optimized out>
> tail = <optimized out>
> frame = <optimized out>
> MAX_HSCROLL_RETRIES = MAX_HSCROLL_RETRIES
> hscroll_retries = <optimized out>
> MAX_GARBAGED_FRAME_RETRIES = MAX_GARBAGED_FRAME_RETRIES
> garbaged_frame_retries = <optimized out>
> consider_all_windows_p = <optimized out>
> update_miniwindow_p = <optimized out>
> count = <optimized out>
> retry_frame = <optimized out>
> #3 0x000000000046d411 in redisplay_preserve_echo_area (from_where=from_where <at> entry=8) at
> xdisp.c:17749
> count = <optimized out>
> #4 0x000000000053610a in detect_input_pending_run_timers (do_display=do_display <at> entry=true) at
> keyboard.c:11576
> old_timers_run = 7077069
> #5 0x00000000005f8c73 in wait_reading_process_output (time_limit=time_limit <at> entry=0,
> nsecs=nsecs <at> entry=0, read_kbd=read_kbd <at> entry=-1, do_display=do_display <at> entry=true,
> wait_for_cell=wait_for_cell <at> entry=0x0, wait_proc=wait_proc <at> entry=0x0, just_wait_proc=0) at
> process.c:5844
> leave = false
> process_skipped = false
> wrapped = <optimized out>
> channel_start = <optimized out>
> child_fd = <optimized out>
> last_read_channel = 57
> channel = <optimized out>
> nfds = 0
> Available = {fds_bits = {7157535148594949416, 13839864582178052, 9007199254740992, 0
> <repeats 13 times>}}
> Writeok = {fds_bits = {0 <repeats 16 times>}}
> check_write = <optimized out>
> check_delay = <optimized out>
> no_avail = false
> xerrno = 11
> proc = <optimized out>
> timeout = {tv_sec = 0, tv_nsec = 6772189}
> end_time = <optimized out>
> timer_delay = <optimized out>
> --Type <RET> for more, q to quit, c to continue without paging--c
> got_output_end_time = <optimized out>
> MINIMUM = MINIMUM
> TIMEOUT = TIMEOUT
> FOREVER = FOREVER
> wait = FOREVER
> got_some_output = -1
> prev_wait_proc_nbytes_read = 0
> retry_for_async = <optimized out>
> count = <optimized out>
> now = <optimized out>
> #6 0x00000000005366d9 in kbd_buffer_get_event (kbp=kbp <at> entry=0x7fffffffdb08,
> used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb, end_time=end_time <at> entry=0x0) at
> keyboard.c:4094
> do_display = true
> obj = <optimized out>
> str = <optimized out>
> had_pending_selection_requests = false
> had_pending_conversion_events = false
> #7 0x00000000005370d4 in read_event_from_main_queue (end_time=end_time <at> entry=0x0,
> local_getcjmp=local_getcjmp <at> entry=0x7fffffffde30,
> used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb) at keyboard.c:2330
> c = 0x0
> save_jump = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0
> <repeats 16 times>}}}}
> kb = 0x6df4b30
> count = <optimized out>
> #8 0x000000000053724a in read_decoded_event_from_main_queue (end_time=end_time <at> entry=0x0,
> local_getcjmp=local_getcjmp <at> entry=0x7fffffffde30, prev_event=prev_event <at> entry=0x0,
> used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb) at keyboard.c:2393
> nextevt = <optimized out>
> frame = <optimized out>
> terminal = <optimized out>
> events = {0x0, 0xffffffffffffffff, 0x0, 0x330b335, 0x0, 0x684dda38, 0x2f4ee1e9, 0x0, 0x684dda38,
> 0x307e0271, 0x3c, 0x0, 0x11fd0, 0x330b335, 0xc8ef563, 0xf4bec416f5a4e600}
> n = 0
> #9 0x0000000000538668 in read_char (commandflag=1, map=map <at> entry=0x1645e493, prev_event=0x0,
> used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb, end_time=end_time <at> entry=0x0) at
> keyboard.c:3015
> c = 0x0
> local_getcjmp = {{__jmpbuf = {0, 6459013156217622215, 0, 140737488346880, 0, 13113857, -
> 6459042925873656121, 6459043636991954631}, __mask_was_saved = 0, __saved_mask = {__val = {2,
> 0, 5991556, 67072736, 111988528, 109922016, 5863938, 0, 67072736, 98399184, 5864240, 109922032,
> 5510427, 0, 4625762720, 0}}}}
> save_jump = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0
> <repeats 16 times>}}}}
> tem = <optimized out>
> save = <optimized out>
> previous_echo_area_message = 0x0
> also_record = 0x0
> reread = false
> recorded = false
> polling_stopped_here = true
> orig_kboard = 0x6df4b30
> jmpcount = <optimized out>
> #10 0x0000000000539789 in read_key_sequence (keybuf=keybuf <at> entry=0x7fffffffe1e0,
> prompt=prompt <at> entry=0x0, dont_downcase_last=dont_downcase_last <at> entry=false,
> can_return_switch_frame=can_return_switch_frame <at> entry=true,
> fix_current_buffer=fix_current_buffer <at> entry=true, prevent_redisplay=prevent_redisplay <at> entry=false,
> disable_text_conversion_p=false) at keyboard.c:10743
> interrupted_kboard = 0x6df4b30
> interrupted_frame = 0x191ebd60
> key = <optimized out>
> used_mouse_menu = false
> echo_local_start = 0
> last_real_key_start = 0
> keys_local_start = 0
> new_binding = <optimized out>
> count = <optimized out>
> t = 0
> echo_start = 0
> keys_start = 0
> current_binding = 0x1645e493
> first_unbound = 31
> mock_input = 0
> used_mouse_menu_history = {false <repeats 30 times>}
> fkey = {parent = 0x189f853, map = 0x189f853, start = 0, end = 0}
> keytran = {parent = 0x15554f4f941b, map = 0x15554f4f941b, start = 0, end = 0}
> indec = {parent = 0x189f863, map = 0x189f863, start = 0, end = 0}
> shift_translated = false
> delayed_switch_frame = 0x0
> original_uppercase = 0x0
> original_uppercase_position = -1
> disabled_conversion = false
> starting_buffer = 0x13b789a0
> fake_prefixed_keys = 0x0
> first_event = 0x0
> second_event = <optimized out>
> #11 0x000000000053ac06 in command_loop_1 () at keyboard.c:1429
> cmd = <optimized out>
> keybuf = {0x11ac0, 0x15f855d3, 0x133e0, 0x5982d3 <set_default_internal+530>, 0x7fffffffe260, 0x2,
> 0x30, 0x1785bba5, 0x0, 0x5a770f <do_one_unbind+319>, 0x1804610, 0x60, 0x0, 0x0, 0x0, 0x5a8d59
> <unbind_to+105>, 0xb, 0x111c0, 0x30, 0x1785bba5, 0x7bc0, 0xf4bec416f5a4e600, 0xcf32a0 <globals>,
> 0x1566b533, 0x60,
> 0x52f4c6 <cmd_error+363>, 0x0, 0xf4bec416f5a4e600, 0x60, 0x15554edf4d83}
> i = <optimized out>
> last_pt = <optimized out>
> prev_modiff = 396499
> prev_buffer = 0x13b789a0
> #12 0x00000000005a7e25 in internal_condition_case (bfun=bfun <at> entry=0x53a9ce <command_loop_1>,
> handlers=handlers <at> entry=0x90, hfun=hfun <at> entry=0x52f35b <cmd_error>) at eval.c:1613
> val = <optimized out>
> c = 0xe0fc60
> #13 0x00000000005292ae in command_loop_2 (handlers=handlers <at> entry=0x90) at keyboard.c:1168
> val = <optimized out>
> #14 0x00000000005a7d42 in internal_catch (tag=tag <at> entry=0x122d0, func=func <at> entry=0x529294
> <command_loop_2>, arg=arg <at> entry=0x90) at eval.c:1292
> val = <optimized out>
> c = 0xea0f40
> #15 0x000000000052926b in command_loop () at keyboard.c:1146
> No locals.
> #16 0x000000000052eec4 in recursive_edit_1 () at keyboard.c:754
> count = <optimized out>
> val = <optimized out>
> #17 0x000000000052f25c in Frecursive_edit () at keyboard.c:837
> count = <optimized out>
> buffer = <optimized out>
> #18 0x0000000000528660 in main (argc=<optimized out>, argv=0x7fffffffe5a8) at emacs.c:2635
> stack_bottom_variable = 0x155553f84458 <_gnutls_lib_state>
> old_argc = <optimized out>
> dump_file = 0x0
> no_loadup = false
> junk = 0x0
> dname_arg = 0x0
> ch_to_dir = 0x0
> original_pwd = 0x0
> dump_mode = <optimized out>
> skip_args = 1
> temacs = 0x0
> attempt_load_pdump = <optimized out>
> only_version = false
> rlim = {rlim_cur = 18446744073709551615, rlim_max = 18446744073709551615}
> lc_all = <optimized out>
> sockfd = -1
> module_assertions = <optimized out>
> (gdb) p displayed_buffer
> $1 = (struct buffer *) 0xfffffffffffffffb
This value is garbled, I guess? What does this show:
(gdb) p *displayed_buffer
If it says "cannot access", I have no idea how this garbage could have
ended up there.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.