From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c Date: Thu, 11 Mar 2021 13:27:52 +0200 Message-ID: <83sg52lykn.fsf@gnu.org> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24037"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Andrea Corallo To: 47067@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Mar 11 12:29:42 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lKJVd-00067h-HS for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 11 Mar 2021 12:29:41 +0100 Original-Received: from localhost ([::1]:43544 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lKJVc-0005QA-JP for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 11 Mar 2021 06:29:40 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:34228) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lKJU3-0004IB-7c for bug-gnu-emacs@gnu.org; Thu, 11 Mar 2021 06:28:03 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:41140) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lKJU2-0006SE-Tw for bug-gnu-emacs@gnu.org; Thu, 11 Mar 2021 06:28:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lKJU2-0000K7-ND for bug-gnu-emacs@gnu.org; Thu, 11 Mar 2021 06:28:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 11 Mar 2021 11:28:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 47067 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.16154620781232 (code B ref -1); Thu, 11 Mar 2021 11:28:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 11 Mar 2021 11:27:58 +0000 Original-Received: from localhost ([127.0.0.1]:52686 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lKJTx-0000Jk-RW for submit@debbugs.gnu.org; Thu, 11 Mar 2021 06:27:58 -0500 Original-Received: from lists.gnu.org ([209.51.188.17]:42504) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lKJTv-0000Jc-Sc for submit@debbugs.gnu.org; Thu, 11 Mar 2021 06:27:56 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:34192) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lKJTv-00049n-IC for bug-gnu-emacs@gnu.org; Thu, 11 Mar 2021 06:27:55 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:33793) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lKJTu-0006Ni-Pa; Thu, 11 Mar 2021 06:27:55 -0500 Original-Received: from 84.94.185.95.cable.012.net.il ([84.94.185.95]:1526 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lKJTt-00067y-T5; Thu, 11 Mar 2021 06:27:54 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:202054 Archived-At: I was hit by a segfault while scrolling through a C source file, in this case dispnew.c. The sequence of commands was this: emacs -Q C-h sit-for RET Click on the link to subr.el In subr.el go to where sit-for calls sleep-for and type C-h f RET Click on "C source code" to display dispnew.c Scroll down with C-n or C-v The backtrace appears below, with some data I collected. The argument 'args' to Flss is obviously bogus, but I don't understand how it came into existence. Maybe related to 0x30, which stands for the symbol t? The first call-stack frame above that I can examine, frame #4, calls c-beginning-of-statement-1 with 4 nil args and the last argument of t. The levels below that are impenetrable for me: is there a way of digging into this F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0 thing? Any suggestions for how to debug this further or what data to collect that will give you an idea for the root cause(s)? P.S. Note the stopped backtrace: this is something I see for the last couple of days on the native-comp branch, not sure if it's related. I will report that separately. P.P.S. I tried to start another instance of Emacs from the branch, and it immediately displayed this: Re-entering top level after C stack overflow Which probably means something unhealthy happens when you start Emacs while another instance is under a debugger with the same *.eln files loaded. Here's the backtrace and some related variables from the crash site: Thread 1 received signal SIGSEGV, Segmentation fault. 0x01236788 in arithcompare_driver (nargs=2, args=0x28, comparison=ARITH_LESS) at data.c:2673 2673 if (NILP (arithcompare (args[i - 1], args[i], comparison))) (gdb) bt #0 0x01236788 in arithcompare_driver (nargs=2, args=0x28, comparison=ARITH_LESS) at data.c:2673 #1 0x01236860 in Flss (nargs=2, args=0x28) at data.c:2691 #2 0x61a92285 in F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0 () from d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln #3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5, arg_vector=0x827a78) at eval.c:3292 #4 0x012601ed in Ffuncall (nargs=6, args=0x827a70) at eval.c:3013 #5 0x61b00dbf in F632d6a7573742d61667465722d66756e632d6172676c6973742d70_c_just_after_func_arglist_p_0 () from d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln #6 0x01261898 in funcall_lambda (fun=XIL(0xa000000007973cb8), nargs=0, arg_vector=0x827c50) at eval.c:3292 #7 0x012601ed in Ffuncall (nargs=1, args=0x827c48) at eval.c:3013 #8 0x61aee041 in F632d6261636b2d6f7665722d6d656d6265722d696e697469616c697a657273_c_back_over_member_initializers_0 () from d:\usr\eli\.emacs.d\eln-cache\28.0.50-7d88f6c1\cc-engine-ccfcb170-1b345b21.eln #9 0x01261898 in funcall_lambda (fun=XIL(0xa0000000079739f8), nargs=1, arg_vector=0x827e28) at eval.c:3292 #10 0x012601ed in Ffuncall (nargs=2, args=0x827e20) at eval.c:3013 #11 0x0a525b36 in ?? () #12 0x01261898 in funcall_lambda (fun=XIL(0xa0000000079b97c0), nargs=1, arg_vector=0x8280c0) at eval.c:3292 #13 0x012601ed in Ffuncall (nargs=2, args=0x8280b8) at eval.c:3013 #14 0x0686af93 in ?? () #15 0x012de838 in helper_save_restriction () at comp.c:4575 #16 0x0122e9aa in wrong_type_argument (predicate=XIL(0x892404890c245c89), value=XIL(0x8244c89e45d8be0)) at data.c:143 Backtrace stopped: previous frame inner to this frame (corrupt stack?) Lisp Backtrace: "c-beginning-of-statement-1" (0x827a78) "c-just-after-func-arglist-p" (0x827c50) "c-back-over-member-initializers" (0x827e28) "c-font-lock-cut-off-declarators" (0x8280c0) "font-lock-fontify-keywords-region" (0x828418) "font-lock-default-fontify-region" (0x828728) "c-font-lock-fontify-region" (0x8288d8) "font-lock-fontify-region" (0x828ac8) 0x78fb7e8 PVEC_COMPILED "jit-lock--run-functions" (0x829460) "jit-lock-fontify-now" (0x829720) "jit-lock-function" (0x829948) "redisplay_internal (C function)" (0x0) (gdb) fr 3 #3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5, arg_vector=0x827a78) at eval.c:3292 3292 val = XSUBR (fun)->function.a0 (); (gdb) p nargs $1 = 5 (gdb) p args[0] No symbol "args" in current context. (gdb) p arg_vector $2 = (Lisp_Object *) 0x827a78 (gdb) p arg_vector [0] $3 = XIL(0) (gdb) p arg_vector [1] $4 = XIL(0) (gdb) p arg_vector[0] $5 = XIL(0) (gdb) p arg_vector[1] $6 = XIL(0) (gdb) p arg_vector[2] $7 = XIL(0) (gdb) p arg_vector[3] $8 = XIL(0) (gdb) p arg_vector[4] $9 = XIL(0x30) (gdb) xtype Lisp_Symbol (gdb) xsymbol $10 = (struct Lisp_Symbol *) 0x186a390 "t" (gdb) up #4 0x012601ed in Ffuncall (nargs=6, args=0x827a70) at eval.c:3013 3013 val = funcall_lambda (fun, numargs, args + 1); (gdb) p args[0] $11 = XIL(0x60800a8) (gdb) xtype Lisp_Symbol (gdb) xsymbol $12 = (struct Lisp_Symbol *) 0x78ea408 "c-beginning-of-statement-1" (gdb) p args[1] $13 = XIL(0) (gdb) p args[2] $14 = XIL(0) (gdb) p args[3] $15 = XIL(0) (gdb) p args[4] $16 = XIL(0) (gdb) p args[5] $17 = XIL(0x30) (gdb) down #3 0x01261898 in funcall_lambda (fun=XIL(0xa00000000796aed8), nargs=5, arg_vector=0x827a78) at eval.c:3292 3292 val = XSUBR (fun)->function.a0 (); (gdb) p fun $18 = XIL(0xa00000000796aed8) (gdb) xtype Lisp_Vectorlike PVEC_SUBR (gdb) xsubr $19 = (struct Lisp_Subr *) 0x796aed8 { header = { size = 1342205952 }, function = { a0 = 0x61a8d020 , a1 = 0x61a8d020 , a2 = 0x61a8d020 , a3 = 0x61a8d020 , a4 = 0x61a8d020 , a5 = 0x61a8d020 , a6 = 0x61a8d020 , a7 = 0x61a8d020 , a8 = 0x61a8d020 , aUNEVALLED = 0x61a8d020 , aMANY = 0x61a8d020 }, min_args = 0, max_args = 5, symbol_name = 0x796eac0 "c-beginning-of-statement-1", { intspec = 0x0, native_intspec = XIL(0) }, doc = 91, native_comp_u = {XIL(0xa0000000078884c0)}, native_c_name = { 0x796eaf8 "F632d626567696e6e696e672d6f662d73746174656d656e742d31_c_beginning_of_statement_1_0"}, lambda_list = {XIL(0xc0000000079155b0)}, type = {XIL(0)} } (gdb) p 0x28 $20 = 40 (gdb) xtype Lisp_Symbol (gdb) xsymbol $21 = (struct Lisp_Symbol *) 0x186a388 Cannot access memory at address 0x1a4 (gdb) In GNU Emacs 28.0.50 (build 1080, i686-pc-mingw32) of 2021-03-11 built on HOME-C4E4A596F7 Repository revision: 8497af6892fcf9b08a1c120e897c9f5c21ea64fa Repository branch: master Windowing system distributor 'Microsoft Corp.', version 5.1.2600 System Description: Microsoft Windows XP Service Pack 3 (v5.1.0.2600) Configured using: 'configure -C --prefix=/d/usr --with-wide-int --with-modules --enable-checking=yes,glyphs 'CFLAGS=-O0 -gdwarf-4 -g3'' Configured features: ACL GIF GMP GNUTLS HARFBUZZ JPEG JSON LCMS2 LIBXML2 MODULES NOTIFY W32NOTIFY PDUMPER PNG RSVG SOUND THREADS TIFF TOOLKIT_SCROLL_BARS XPM ZLIB Important settings: value of $LANG: ENU locale-coding-system: cp1255 Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t global-eldoc-mode: t eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug message rmc puny dired dired-loaddefs rfc822 mml mml-sec epa derived epg epg-config gnus-util rmail rmail-loaddefs auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs password-cache json map text-property-search time-date subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils iso-transl tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars term/common-win tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice button loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote threads w32notify w32 lcms2 multi-tty make-network-process emacs) Memory information: ((conses 16 56717 12106) (symbols 48 7804 1) (strings 16 21565 2060) (string-bytes 1 626902) (vectors 16 13077) (vector-slots 8 172292 12096) (floats 8 23 61) (intervals 40 263 114) (buffers 888 10))