[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through
From: |
Eli Zaretskii |
Subject: |
bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c |
Date: |
Thu, 11 Mar 2021 13:27:52 +0200 |
I was hit by a segfault while scrolling through a C source file, in
this case dispnew.c. The sequence of commands was this:
emacs -Q
C-h sit-for RET
Click on the link to subr.el
In subr.el go to where sit-for calls sleep-for and type C-h f RET
Click on "C source code" to display dispnew.c
Scroll down with C-n or C-v
The backtrace appears below, with some data I collected. The argument
'args' to Flss is obviously bogus, but I don't understand how it came
into existence. Maybe related to 0x30, which stands for the symbol t?
The first call-stack frame above that I can examine, frame #4, calls
c-beginning-of-statement-1 with 4 nil args and the last argument of t.
The levels below that are impenetrable for me: is there a way of
digging into this
F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0
thing?
Any suggestions for how to debug this further or what data to collect
that will give you an idea for the root cause(s)?
P.S. Note the stopped backtrace: this is something I see for the last
couple of days on the native-comp branch, not sure if it's related. I
will report that separately.
P.P.S. I tried to start another instance of Emacs from the branch, and
it immediately displayed this:
Re-entering top level after C stack overflow
Which probably means something unhealthy happens when you start Emacs
while another instance is under a debugger with the same *.eln files
loaded.
Here's the backtrace and some related variables from the crash site:
Thread 1 received signal SIGSEGV, Segmentation fault.
0x01236788 in arithcompare_driver (nargs=2, args=0x28, comparison=ARITH_LESS)
at data.c:2673
2673 if (NILP (arithcompare (args[i - 1], args[i], comparison)))
(gdb) bt
#0 0x01236788 in arithcompare_driver (nargs=2, args=0x28,
comparison=ARITH_LESS) at data.c:2673
#1 0x01236860 in Flss (nargs=2, args=0x28) at data.c:2691
#2 0x61a92285 in
F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0
()
from
d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln
#3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5,
arg_vector=0x827a78) at eval.c:3292
#4 0x012601ed in Ffuncall (nargs=6, args=0x827a70) at eval.c:3013
#5 0x61b00dbf in
F632d6a7573742d61667465722d66756e632d6172676c6973742d70_c_just_after_func_arglist_p_0
()
from
d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln
#6 0x01261898 in funcall_lambda (fun=XIL(0xa000000007973cb8), nargs=0,
arg_vector=0x827c50) at eval.c:3292
#7 0x012601ed in Ffuncall (nargs=1, args=0x827c48) at eval.c:3013
#8 0x61aee041 in
F632d6261636b2d6f7665722d6d656d6265722d696e697469616c697a657273_c_back_over_member_initializers_0
()
from
d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln
#9 0x01261898 in funcall_lambda (fun=XIL(0xa0000000079739f8), nargs=1,
arg_vector=0x827e28) at eval.c:3292
#10 0x012601ed in Ffuncall (nargs=2, args=0x827e20) at eval.c:3013
#11 0x0a525b36 in ?? ()
#12 0x01261898 in funcall_lambda (fun=XIL(0xa0000000079b97c0), nargs=1,
arg_vector=0x8280c0) at eval.c:3292
#13 0x012601ed in Ffuncall (nargs=2, args=0x8280b8) at eval.c:3013
#14 0x0686af93 in ?? ()
#15 0x012de838 in helper_save_restriction () at comp.c:4575
#16 0x0122e9aa in wrong_type_argument (predicate=XIL(0x892404890c245c89),
value=XIL(0x8244c89e45d8be0)) at data.c:143
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Lisp Backtrace:
"c-beginning-of-statement-1" (0x827a78)
"c-just-after-func-arglist-p" (0x827c50)
"c-back-over-member-initializers" (0x827e28)
"c-font-lock-cut-off-declarators" (0x8280c0)
"font-lock-fontify-keywords-region" (0x828418)
"font-lock-default-fontify-region" (0x828728)
"c-font-lock-fontify-region" (0x8288d8)
"font-lock-fontify-region" (0x828ac8)
0x78fb7e8 PVEC_COMPILED
"jit-lock--run-functions" (0x829460)
"jit-lock-fontify-now" (0x829720)
"jit-lock-function" (0x829948)
"redisplay_internal (C function)" (0x0)
(gdb) fr 3
#3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5,
arg_vector=0x827a78) at eval.c:3292
3292 val = XSUBR (fun)->function.a0 ();
(gdb) p nargs
$1 = 5
(gdb) p args[0]
No symbol "args" in current context.
(gdb) p arg_vector
$2 = (Lisp_Object *) 0x827a78
(gdb) p arg_vector [0]
$3 = XIL(0)
(gdb) p arg_vector [1]
$4 = XIL(0)
(gdb) p arg_vector[0]
$5 = XIL(0)
(gdb) p arg_vector[1]
$6 = XIL(0)
(gdb) p arg_vector[2]
$7 = XIL(0)
(gdb) p arg_vector[3]
$8 = XIL(0)
(gdb) p arg_vector[4]
$9 = XIL(0x30)
(gdb) xtype
Lisp_Symbol
(gdb) xsymbol
$10 = (struct Lisp_Symbol *) 0x186a390 <lispsym+48>
"t"
(gdb) up
#4 0x012601ed in Ffuncall (nargs=6, args=0x827a70) at eval.c:3013
3013 val = funcall_lambda (fun, numargs, args + 1);
(gdb) p args[0]
$11 = XIL(0x60800a8)
(gdb) xtype
Lisp_Symbol
(gdb) xsymbol
$12 = (struct Lisp_Symbol *) 0x78ea408
"c-beginning-of-statement-1"
(gdb) p args[1]
$13 = XIL(0)
(gdb) p args[2]
$14 = XIL(0)
(gdb) p args[3]
$15 = XIL(0)
(gdb) p args[4]
$16 = XIL(0)
(gdb) p args[5]
$17 = XIL(0x30)
(gdb) down
#3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5,
arg_vector=0x827a78) at eval.c:3292
3292 val = XSUBR (fun)->function.a0 ();
(gdb) p fun
$18 = XIL(0xa00000000796aed8)
(gdb) xtype
Lisp_Vectorlike
PVEC_SUBR
(gdb) xsubr
$19 = (struct Lisp_Subr *) 0x796aed8
{
header = {
size = 1342205952
},
function = {
a0 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
a1 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
a2 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
a3 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
a4 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
a5 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
a6 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
a7 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
a8 = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
aUNEVALLED = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>,
aMANY = 0x61a8d020
<F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0>
},
min_args = 0,
max_args = 5,
symbol_name = 0x796eac0 "c-beginning-of-statement-1",
{
intspec = 0x0,
native_intspec = XIL(0)
},
doc = 91,
native_comp_u = {XIL(0xa0000000078884c0)},
native_c_name = {
0x796eaf8
"F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0"},
lambda_list = {XIL(0xc0000000079155b0)},
type = {XIL(0)}
}
(gdb) p 0x28
$20 = 40
(gdb) xtype
Lisp_Symbol
(gdb) xsymbol
$21 = (struct Lisp_Symbol *) 0x186a388 <lispsym+40>
Cannot access memory at address 0x1a4
(gdb)
In GNU Emacs 28.0.50 (build 1080, i686-pc-mingw32)
of 2021-03-11 built on HOME-C4E4A596F7
Repository revision: 8497af6892fcf9b08a1c120e897c9f5c21ea64fa
Repository branch: master
Windowing system distributor 'Microsoft Corp.', version 5.1.2600
System Description: Microsoft Windows XP Service Pack 3 (v5.1.0.2600)
Configured using:
'configure -C --prefix=/d/usr --with-wide-int --with-modules
--enable-checking=yes,glyphs 'CFLAGS=-O0 -gdwarf-4 -g3''
Configured features:
ACL GIF GMP GNUTLS HARFBUZZ JPEG JSON LCMS2 LIBXML2 MODULES NOTIFY
W32NOTIFY PDUMPER PNG RSVG SOUND THREADS TIFF TOOLKIT_SCROLL_BARS XPM
ZLIB
Important settings:
value of $LANG: ENU
locale-coding-system: cp1255
Major mode: Lisp Interaction
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message rmc puny dired dired-loaddefs
rfc822 mml mml-sec epa derived epg epg-config gnus-util rmail
rmail-loaddefs auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache json map text-property-search time-date
subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode mm-bodies
mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs
cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils
iso-transl tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win
w32-vars term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax facemenu
font-core term/tty-colors frame minibuffer cl-generic cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese composite charscript charprop
case-table epa-hook jka-cmpr-hook help simple abbrev obarray
cl-preloaded nadvice button loaddefs faces cus-face macroexp files
window text-properties overlay sha1 md5 base64 format env code-pages
mule custom widget hashtable-print-readable backquote threads w32notify
w32 lcms2 multi-tty make-network-process emacs)
Memory information:
((conses 16 56717 12106)
(symbols 48 7804 1)
(strings 16 21565 2060)
(string-bytes 1 626902)
(vectors 16 13077)
(vector-slots 8 172292 12096)
(floats 8 23 61)
(intervals 40 263 114)
(buffers 888 10))
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c,
Eli Zaretskii <=
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/11
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/11
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Andrea Corallo, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Andrea Corallo, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Andrea Corallo, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Andrea Corallo, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/12