Package: emacs;
Reported by: George P <georgepanagopo <at> gmail.com>
Date: Thu, 15 May 2025 18:46:01 UTC
Severity: normal
Found in version 30.1
View this message in rfc822 format
From: George P <georgepanagopo <at> gmail.com> To: Eli Zaretskii <eliz <at> gnu.org> Cc: pipcet <at> protonmail.com, acorallo <at> gnu.org, 78444 <at> debbugs.gnu.org Subject: bug#78444: 30.1; Crash in GC (vector_marked_p) Date: Sun, 15 Jun 2025 09:12:08 -0400
[Message part 1 (text/plain, inline)]
Yes, that is precisely what it says....
(gdb) p displayed_buffer
$1 = (struct buffer *) 0xfffffffffffffffb
(gdb) p *displayed_buffer
Cannot access memory at address 0xfffffffffffffffb
On Sun, Jun 15, 2025, 09:08 Eli Zaretskii <eliz <at> gnu.org> wrote:
> > From: George P <georgepanagopo <at> gmail.com>
> > Date: Sun, 15 Jun 2025 08:22:54 -0400
> > Cc: Eli Zaretskii <eliz <at> gnu.org>, 78444 <at> debbugs.gnu.org,
> acorallo <at> gnu.org
> >
> > I got another emacs crash, this time I was using 30.1 with both Pip's
> patch and the gcc flag -fno-tree-sra
> > during compilation, although the crash is probably unrelated, as it is
> in redisplay instead of GC. The crash
> > also coincided with my Windows computer (remember I am using Cygwin/X to
> ssh to a linux machine to open
> > up an emacsclient) being forcefully restarted with a frame open.
> Unfortunately, I have no way of knowing with
> > certainty that the crash happened during my Windows restart, as both
> took place overnight.
> >
> > I have included the backtrace below, it seems that displayed_buffer is
> not a valid address.
> >
> > Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
> > 0x000000000047df16 in redisplay_window_1 (window=window <at> entry
> =0x1d17b245)
> > at xdisp.c:18029
> > warning: 18029 xdisp.c: No such file or directory
> > (gdb) bt full
> > #0 0x000000000047df16 in redisplay_window_1 (window=window <at> entry=0x1d17b245)
> at xdisp.c:18029
> > No locals.
> > #1 0x00000000005a7ea9 in internal_condition_case_1 (bfun=bfun <at> entry
> =0x47df0f
> > <redisplay_window_1>, arg=0x1d17b245, handlers=<optimized out>,
> hfun=hfun <at> entry=0x43ee0b
> > <redisplay_window_error>) at eval.c:1637
> > val = <optimized out>
> > c = 0xe0fda0
> > #2 0x000000000046cfe8 in redisplay_internal () at xdisp.c:17526
> > mini_window = <optimized out>
> > mini_window = <optimized out>
> > mini_frame = <optimized out>
> > w = 0x257ca838
> > sw = <optimized out>
> > fr = <optimized out>
> > pending = false
> > must_finish = <optimized out>
> > match_p = <optimized out>
> > tlbufpos = {charpos = 8573, bytepos = 330795424}
> > tlendpos = <optimized out>
> > number_of_visible_frames = 4
> > sf = 0x191ebd60
> > polling_stopped_here = <optimized out>
> > tail = <optimized out>
> > frame = <optimized out>
> > MAX_HSCROLL_RETRIES = MAX_HSCROLL_RETRIES
> > hscroll_retries = <optimized out>
> > MAX_GARBAGED_FRAME_RETRIES = MAX_GARBAGED_FRAME_RETRIES
> > garbaged_frame_retries = <optimized out>
> > consider_all_windows_p = <optimized out>
> > update_miniwindow_p = <optimized out>
> > count = <optimized out>
> > retry_frame = <optimized out>
> > #3 0x000000000046d411 in redisplay_preserve_echo_area
> (from_where=from_where <at> entry=8) at
> > xdisp.c:17749
> > count = <optimized out>
> > #4 0x000000000053610a in detect_input_pending_run_timers
> (do_display=do_display <at> entry=true) at
> > keyboard.c:11576
> > old_timers_run = 7077069
> > #5 0x00000000005f8c73 in wait_reading_process_output
> (time_limit=time_limit <at> entry=0,
> > nsecs=nsecs <at> entry=0, read_kbd=read_kbd <at> entry=-1,
> do_display=do_display <at> entry=true,
> > wait_for_cell=wait_for_cell <at> entry=0x0, wait_proc=wait_proc <at> entry=0x0,
> just_wait_proc=0) at
> > process.c:5844
> > leave = false
> > process_skipped = false
> > wrapped = <optimized out>
> > channel_start = <optimized out>
> > child_fd = <optimized out>
> > last_read_channel = 57
> > channel = <optimized out>
> > nfds = 0
> > Available = {fds_bits = {7157535148594949416, 13839864582178052,
> 9007199254740992, 0
> > <repeats 13 times>}}
> > Writeok = {fds_bits = {0 <repeats 16 times>}}
> > check_write = <optimized out>
> > check_delay = <optimized out>
> > no_avail = false
> > xerrno = 11
> > proc = <optimized out>
> > timeout = {tv_sec = 0, tv_nsec = 6772189}
> > end_time = <optimized out>
> > timer_delay = <optimized out>
> > --Type <RET> for more, q to quit, c to continue without paging--c
> > got_output_end_time = <optimized out>
> > MINIMUM = MINIMUM
> > TIMEOUT = TIMEOUT
> > FOREVER = FOREVER
> > wait = FOREVER
> > got_some_output = -1
> > prev_wait_proc_nbytes_read = 0
> > retry_for_async = <optimized out>
> > count = <optimized out>
> > now = <optimized out>
> > #6 0x00000000005366d9 in kbd_buffer_get_event (kbp=kbp <at> entry
> =0x7fffffffdb08,
> > used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb,
> end_time=end_time <at> entry=0x0) at
> > keyboard.c:4094
> > do_display = true
> > obj = <optimized out>
> > str = <optimized out>
> > had_pending_selection_requests = false
> > had_pending_conversion_events = false
> > #7 0x00000000005370d4 in read_event_from_main_queue
> (end_time=end_time <at> entry=0x0,
> > local_getcjmp=local_getcjmp <at> entry=0x7fffffffde30,
> > used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb) at keyboard.c:2330
> > c = 0x0
> > save_jump = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0},
> __mask_was_saved = 0, __saved_mask = {__val = {0
> > <repeats 16 times>}}}}
> > kb = 0x6df4b30
> > count = <optimized out>
> > #8 0x000000000053724a in read_decoded_event_from_main_queue
> (end_time=end_time <at> entry=0x0,
> > local_getcjmp=local_getcjmp <at> entry=0x7fffffffde30,
> prev_event=prev_event <at> entry=0x0,
> > used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb) at keyboard.c:2393
> > nextevt = <optimized out>
> > frame = <optimized out>
> > terminal = <optimized out>
> > events = {0x0, 0xffffffffffffffff, 0x0, 0x330b335, 0x0,
> 0x684dda38, 0x2f4ee1e9, 0x0, 0x684dda38,
> > 0x307e0271, 0x3c, 0x0, 0x11fd0, 0x330b335, 0xc8ef563, 0xf4bec416f5a4e600}
> > n = 0
> > #9 0x0000000000538668 in read_char (commandflag=1, map=map <at> entry=0x1645e493,
> prev_event=0x0,
> > used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffe0bb,
> end_time=end_time <at> entry=0x0) at
> > keyboard.c:3015
> > c = 0x0
> > local_getcjmp = {{__jmpbuf = {0, 6459013156217622215, 0,
> 140737488346880, 0, 13113857, -
> > 6459042925873656121, 6459043636991954631}, __mask_was_saved = 0,
> __saved_mask = {__val = {2,
> > 0, 5991556, 67072736, 111988528, 109922016, 5863938, 0, 67072736,
> 98399184, 5864240, 109922032,
> > 5510427, 0, 4625762720, 0}}}}
> > save_jump = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0},
> __mask_was_saved = 0, __saved_mask = {__val = {0
> > <repeats 16 times>}}}}
> > tem = <optimized out>
> > save = <optimized out>
> > previous_echo_area_message = 0x0
> > also_record = 0x0
> > reread = false
> > recorded = false
> > polling_stopped_here = true
> > orig_kboard = 0x6df4b30
> > jmpcount = <optimized out>
> > #10 0x0000000000539789 in read_key_sequence (keybuf=keybuf <at> entry
> =0x7fffffffe1e0,
> > prompt=prompt <at> entry=0x0, dont_downcase_last=dont_downcase_last <at> entry
> =false,
> > can_return_switch_frame=can_return_switch_frame <at> entry=true,
> > fix_current_buffer=fix_current_buffer <at> entry=true,
> prevent_redisplay=prevent_redisplay <at> entry=false,
> > disable_text_conversion_p=false) at keyboard.c:10743
> > interrupted_kboard = 0x6df4b30
> > interrupted_frame = 0x191ebd60
> > key = <optimized out>
> > used_mouse_menu = false
> > echo_local_start = 0
> > last_real_key_start = 0
> > keys_local_start = 0
> > new_binding = <optimized out>
> > count = <optimized out>
> > t = 0
> > echo_start = 0
> > keys_start = 0
> > current_binding = 0x1645e493
> > first_unbound = 31
> > mock_input = 0
> > used_mouse_menu_history = {false <repeats 30 times>}
> > fkey = {parent = 0x189f853, map = 0x189f853, start = 0, end = 0}
> > keytran = {parent = 0x15554f4f941b, map = 0x15554f4f941b, start
> = 0, end = 0}
> > indec = {parent = 0x189f863, map = 0x189f863, start = 0, end = 0}
> > shift_translated = false
> > delayed_switch_frame = 0x0
> > original_uppercase = 0x0
> > original_uppercase_position = -1
> > disabled_conversion = false
> > starting_buffer = 0x13b789a0
> > fake_prefixed_keys = 0x0
> > first_event = 0x0
> > second_event = <optimized out>
> > #11 0x000000000053ac06 in command_loop_1 () at keyboard.c:1429
> > cmd = <optimized out>
> > keybuf = {0x11ac0, 0x15f855d3, 0x133e0, 0x5982d3
> <set_default_internal+530>, 0x7fffffffe260, 0x2,
> > 0x30, 0x1785bba5, 0x0, 0x5a770f <do_one_unbind+319>, 0x1804610, 0x60,
> 0x0, 0x0, 0x0, 0x5a8d59
> > <unbind_to+105>, 0xb, 0x111c0, 0x30, 0x1785bba5, 0x7bc0,
> 0xf4bec416f5a4e600, 0xcf32a0 <globals>,
> > 0x1566b533, 0x60,
> > 0x52f4c6 <cmd_error+363>, 0x0, 0xf4bec416f5a4e600, 0x60,
> 0x15554edf4d83}
> > i = <optimized out>
> > last_pt = <optimized out>
> > prev_modiff = 396499
> > prev_buffer = 0x13b789a0
> > #12 0x00000000005a7e25 in internal_condition_case (bfun=bfun <at> entry=0x53a9ce
> <command_loop_1>,
> > handlers=handlers <at> entry=0x90, hfun=hfun <at> entry=0x52f35b <cmd_error>) at
> eval.c:1613
> > val = <optimized out>
> > c = 0xe0fc60
> > #13 0x00000000005292ae in command_loop_2 (handlers=handlers <at> entry=0x90)
> at keyboard.c:1168
> > val = <optimized out>
> > #14 0x00000000005a7d42 in internal_catch (tag=tag <at> entry=0x122d0,
> func=func <at> entry=0x529294
> > <command_loop_2>, arg=arg <at> entry=0x90) at eval.c:1292
> > val = <optimized out>
> > c = 0xea0f40
> > #15 0x000000000052926b in command_loop () at keyboard.c:1146
> > No locals.
> > #16 0x000000000052eec4 in recursive_edit_1 () at keyboard.c:754
> > count = <optimized out>
> > val = <optimized out>
> > #17 0x000000000052f25c in Frecursive_edit () at keyboard.c:837
> > count = <optimized out>
> > buffer = <optimized out>
> > #18 0x0000000000528660 in main (argc=<optimized out>,
> argv=0x7fffffffe5a8) at emacs.c:2635
> > stack_bottom_variable = 0x155553f84458 <_gnutls_lib_state>
> > old_argc = <optimized out>
> > dump_file = 0x0
> > no_loadup = false
> > junk = 0x0
> > dname_arg = 0x0
> > ch_to_dir = 0x0
> > original_pwd = 0x0
> > dump_mode = <optimized out>
> > skip_args = 1
> > temacs = 0x0
> > attempt_load_pdump = <optimized out>
> > only_version = false
> > rlim = {rlim_cur = 18446744073709551615, rlim_max =
> 18446744073709551615}
> > lc_all = <optimized out>
> > sockfd = -1
> > module_assertions = <optimized out>
> > (gdb) p displayed_buffer
> > $1 = (struct buffer *) 0xfffffffffffffffb
>
> This value is garbled, I guess? What does this show:
>
> (gdb) p *displayed_buffer
>
> If it says "cannot access", I have no idea how this garbage could have
> ended up there.
>
>
[Message part 2 (text/html, inline)]
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.