Package: emacs;
Reported by: George P <georgepanagopo <at> gmail.com>
Date: Thu, 15 May 2025 18:46:01 UTC
Severity: normal
Found in version 30.1
Message #95 received at 78444 <at> debbugs.gnu.org (full text, mbox):
From: George P <georgepanagopo <at> gmail.com> To: martin rudalics <rudalics <at> gmx.at> Cc: Pip Cet <pipcet <at> protonmail.com>, acorallo <at> gnu.org, 78444 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org> Subject: Re: bug#78444: 30.1; Crash in GC (vector_marked_p) Date: Thu, 26 Jun 2025 14:45:39 -0400
[Message part 1 (text/plain, inline)]
Thanks, Maritn! I have now compiled emacs with your patch, and with
--enable-checking, and will let you know if I get a hit.
I got another crash (before compiling with Martin's patch and without
--enable-checking, but with Pip's patch and -fno-tree-sra). I got the crash
after rapidly pressing 2 keystrokes. I am not sure exactly which
keystrokes, but I think it was ' followed by Del. It could be completely
unrelated to this bug, but the trace seems pretty weird, as the m pointer
represents ASCII text for "ganap/u/", which is the reversed start of my
home directory "/u/panagopo". Could it be that we have some sort of memory
corruption that is throwing us in different directions?
In any case, I will try to find a reproducer for this. Here is the trace:
Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
adjust_markers_for_insert (from=11354, from_byte=11354, to=11355,
to_byte=11355, before_markers=before_markers <at> entry=false) at insdel.c:301
warning: 301 insdel.c: No such file or directory
(gdb) bt full
#0 adjust_markers_for_insert (from=11354, from_byte=11354, to=11355,
to_byte=11355, before_markers=before_markers <at> entry=false) at insdel.c:301
m = 0x67616e61702f752f
nchars = 1
nbytes = 1
#1 0x000000000055660c in insert_1_both (string=string <at> entry=0x7fffffffdac3
"t\377\177", nchars=nchars <at> entry=1, nbytes=nbytes <at> entry=1,
inherit=inherit <at> entry=true, prepare=prepare <at> entry=true,
before_markers=before_markers <at> entry=false) at insdel.c:935
No locals.
#2 0x00000000005574d8 in insert_and_inherit
(string=string <at> entry=0x7fffffffdac3
"t\377\177", nbytes=nbytes <at> entry=1) at insdel.c:694
len = 1
opoint = <optimized out>
#3 0x000000000056b3f4 in internal_self_insert (c=116, n=n <at> entry=1) at
cmds.c:475
hairy = 1
tem = <optimized out>
synt = <optimized out>
overwrite = <optimized out>
len = 1
str = "t\377\177\000"
chars_to_delete = 0
spaces_to_insert = 0
#4 0x000000000056b4f7 in Fself_insert_command (n=<optimized out>, c=0x1d2)
at cmds.c:297
character = <optimized out>
val = <optimized out>
#5 0x00000000005aa44b in funcall_subr (subr=subr <at> entry=0xc6ea40
<Sself_insert_command>, numargs=numargs <at> entry=2,
args=args <at> entry=0x7fffffffddd0)
at eval.c:3168
argbuf = {0x7fffffffdbf0, 0x5d4359 <read0+4885>, 0x15553b93d160
<d_reloc>, 0x100, 0x0, 0xd08be0 <lispsym+77952>, 0x30, 0xe0}
a = <optimized out>
maxargs = 2
keepalive = 0xc6ea45 <Sself_insert_command+5>
ret = <optimized out>
fun = <optimized out>
#6 0x00000000005abdeb in funcall_general (fun=0xc6ea45
<Sself_insert_command+5>, numargs=numargs <at> entry=2,
args=args <at> entry=0x7fffffffddd0)
at /build/source/src/lisp.h:2243
original_fun = 0x10770
#7 0x00000000005a903e in Ffuncall (nargs=nargs <at> entry=3,
args=args <at> entry=0x7fffffffddc8)
at eval.c:3093
count = {bytes = 256}
val = <optimized out>
#8 0x00000000005a4b51 in Ffuncall_interactively (nargs=3,
args=0x7fffffffddc8) at callint.c:250
speccount = <optimized out>
#9 0x00000000005aa540 in funcall_subr (subr=subr <at> entry=0xc754c0
<Sfuncall_interactively>, numargs=numargs <at> entry=3,
args=args <at> entry=0x7fffffffddc8)
at eval.c:3198
maxargs = -2
keepalive = 0xc754c5 <Sfuncall_interactively+5>
ret = <optimized out>
fun = <optimized out>
#10 0x00000000005abdeb in funcall_general (fun=0xc754c5
<Sfuncall_interactively+5>, numargs=numargs <at> entry=3,
args=args <at> entry=0x7fffffffddc8)
at /build/source/src/lisp.h:2243
original_fun = 0x9510
#11 0x00000000005a903e in Ffuncall (nargs=nargs <at> entry=4,
args=args <at> entry=0x7fffffffddc0)
at eval.c:3093
count = {bytes = 192}
val = <optimized out>
#12 0x00000000005a94e2 in Fapply (nargs=nargs <at> entry=3,
args=args <at> entry=0x7fffffffdf40)
at eval.c:2765
i = 4
funcall_nargs = 4
funcall_args = 0x7fffffffddc0
spread_arg = 0x0
fun = <optimized out>
sa_avail = <optimized out>
sa_count = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--c
numargs = <optimized out>
retval = <optimized out>
#13 0x00000000005a535b in Fcall_interactively (function=0x10770,
record_flag=0x0, keys=0x364076d) at callint.c:342
funval = <optimized out>
events = <optimized out>
env = <optimized out>
speccount = <optimized out>
arg_from_tty = false
key_count = 1
record_then_fail = false
save_this_command = 0x10770
save_this_original_command = 0x10770
save_real_this_command = 0x10770
save_last_command = 0x15554e3484b0
prefix_arg = 0x0
enable = 0x0
up_event = 0x0
form = <optimized out>
specs = 0x35ad6e13
sa_avail = <optimized out>
sa_count = <optimized out>
string_len = <optimized out>
string = <optimized out>
string_end = <optimized out>
next_event = <optimized out>
nargs = <optimized out>
args = <optimized out>
visargs = <optimized out>
varies = <optimized out>
tem = <optimized out>
val = <optimized out>
#14 0x000015554e73a93d in F636f6d6d616e642d65786563757465_command_execute_0
() from
/nix/store/cs45kvg1k756hvp50xvxspixr7gfv1im-emacs-30.1/bin/../lib/emacs/30.1/native-lisp/30.1-4f74827b/preloaded/simple-fab5b0cf-4a9a0458.eln
No symbol table info available.
#15 0x00000000005aa47b in funcall_subr (subr=subr <at> entry=0x15554f51d4b8,
numargs=numargs <at> entry=1, args=args <at> entry=0x7fffffffe1c8) at eval.c:3174
argbuf = {0x10770, 0x0, 0x0, 0x0, 0x401d4c0, 0x607166
<start_atimer+161>, 0x0, 0x4054b15}
a = <optimized out>
maxargs = 4
keepalive = 0x15554f51d4bd
ret = <optimized out>
fun = <optimized out>
#16 0x00000000005abdeb in funcall_general (fun=0x15554f51d4bd,
numargs=numargs <at> entry=1, args=args <at> entry=0x7fffffffe1c8) at
/build/source/src/lisp.h:2243
original_fun = 0x5b80
#17 0x00000000005a903e in Ffuncall (nargs=nargs <at> entry=2,
args=args <at> entry=0x7fffffffe1c0)
at eval.c:3093
count = {bytes = 128}
val = <optimized out>
#18 0x000000000053aeac in command_loop_1 () at keyboard.c:1550
scount = <optimized out>
cmd = <optimized out>
keybuf = {0x1d2, 0x2e, 0xfa2, 0x5982d3 <set_default_internal+530>,
0x7fffffffe260, 0x2, 0x30, 0x929cedd, 0x0, 0x5a770f <do_one_unbind+319>,
0x9723cd60, 0x60, 0x0, 0x0, 0x0, 0x5a8d59 <unbind_to+105>, 0xb, 0x111c0,
0x30, 0x929cedd, 0x7bc0, 0x105ecaab80e9e00, 0xcf32a0 <globals>, 0x1ca924f3,
0x60,
0x52f4c6 <cmd_error+363>, 0x0, 0x105ecaab80e9e00, 0x60,
0x15554edf4d83}
i = <optimized out>
last_pt = 11354
prev_modiff = 387358
prev_buffer = 0x4054b10
#19 0x00000000005a7e25 in internal_condition_case (bfun=bfun <at> entry=0x53a9ce
<command_loop_1>, handlers=handlers <at> entry=0x90, hfun=hfun <at> entry=0x52f35b
<cmd_error>) at eval.c:1613
val = <optimized out>
c = 0xe0fc60
#20 0x00000000005292ae in command_loop_2 (handlers=handlers <at> entry=0x90) at
keyboard.c:1168
val = <optimized out>
#21 0x00000000005a7d42 in internal_catch (tag=tag <at> entry=0x122d0,
func=func <at> entry=0x529294 <command_loop_2>, arg=arg <at> entry=0x90) at
eval.c:1292
val = <optimized out>
c = 0xea0f40
#22 0x000000000052926b in command_loop () at keyboard.c:1146
No locals.
#23 0x000000000052eec4 in recursive_edit_1 () at keyboard.c:754
count = <optimized out>
val = <optimized out>
#24 0x000000000052f25c in Frecursive_edit () at keyboard.c:837
count = <optimized out>
buffer = <optimized out>
#25 0x0000000000528660 in main (argc=<optimized out>, argv=0x7fffffffe5a8)
at emacs.c:2635
stack_bottom_variable = 0x155553f84458 <_gnutls_lib_state>
old_argc = <optimized out>
dump_file = 0x0
no_loadup = false
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x0
original_pwd = 0x0
dump_mode = <optimized out>
skip_args = 1
temacs = 0x0
attempt_load_pdump = <optimized out>
only_version = false
rlim = {rlim_cur = 18446744073709551615, rlim_max =
18446744073709551615}
lc_all = <optimized out>
sockfd = -1
module_assertions = <optimized out>
(gdb) p *(struct Lisp_Marker *) m
Cannot access memory at address 0x67616e61702f752f
On Mon, Jun 16, 2025 at 4:34 AM martin rudalics <rudalics <at> gmx.at> wrote:
> > Can you try
> [...)
> > and get us a backtrace when it's hit.
>
> ... which was a very silly proposal. Please try
>
> diff --git a/src/window.c b/src/window.c
> index 1ac004af5e0..92e215fc9be 100644
> --- a/src/window.c
> +++ b/src/window.c
> @@ -303,6 +303,14 @@ wset_buffer (struct window *w, Lisp_Object val)
> /* Make sure that we do not assign the buffer
> to an internal window. */
> eassert (MARKERP (w->start) && MARKERP (w->pointm));
> + else
> + {
> + if (MARKERP (w->start))
> + eassert (!XMARKER (w->start)->buffer);
> + if (MARKERP (w->pointm))
> + eassert (!XMARKER (w->pointm)->buffer);
> + }
> +
> w->contents = val;
> adjust_window_count (w, 1);
> }
>
> instead. If it does not work either, I will have to think of something
> more elaborate.
>
> Thanks, martin
>
>
[Message part 2 (text/html, inline)]
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.