unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
From: Pip Cet via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: "Gerd Möllmann" <gerd.moellmann@gmail.com>
Cc: 74547@debbugs.gnu.org, "Óscar Fuentes" <oscarfv@telefonica.net>
Subject: bug#74547: 31.0.50; igc: assertion failed in buffer.c
Date: Sun, 01 Dec 2024 10:49:57 +0000	[thread overview]
Message-ID: <87cyibn0dz.fsf@protonmail.com> (raw)
In-Reply-To: <m2ed2x5fpw.fsf@gmail.com>

Gerd Möllmann <gerd.moellmann@gmail.com> writes:

> Óscar Fuentes <oscarfv@telefonica.net> writes:
>
>> While editing a .dart file with lsp-mode.
>
> Thanks Oscar. That's a difficult one.

I agree.

>> #3  0x00005555559c1384 in mps_lib_assert_fail
>>     (condition=0x555555a4a157 "size > 0", line=579, file=0x555555a47782 "buffer.c")
>>     at /home/oscar/dev/other/mps/code/mpsliban.c:87
>> #4  BufferFill
>> #5  0x00005555559f2da0 in amcSegFix (seg=0x7fffb820d070, ss=0x7fffffff9fc0, refIO=0x7fffffff99d0)
>>         trace = <optimized out>
>> #6  0x0000555555990b8c in _mps_fix2 (mps_ss=0x7fffffff9fc8, mps_ref_io=0x7fffffff9a10)
>>         res = <optimized out>
>> #7  0x0000555555903cac in fix_lisp_obj (ss=0x7fffffff9fc8, pobj=0x7fff89f0e000)
>>     at ../../emacs/src/igc.c:998
>>         res = 32767
>>         client = 0x7fff93f2f7d0
>>         base = 0x7fff93f2f7d0
>>         p = 0x7fff89f0e000
>> --Type <RET> for more, q to quit, c to continue without paging--
>>         word = 140735675561940
>>         tag = 4
>>         _ss = 0x7fffffff9fc8
>>         _mps_zs = 22
>>         _mps_ufs = 549755846664
>>         _mps_wt = 32768
>>         _mps_w = 133143986160
>> #8  0x0000555555904160 in fix_array (ss=0x7fffffff9fc8, array=0x7fff89f0e000, n=6)
>>     at ../../emacs/src/igc.c:1233
>>         res = 30
>>         i = 0
>>         _ss = 0x7fffffff9fc8
>>         _mps_zs = 22
>>         _mps_ufs = 549755813896
>>         _mps_wt = <optimized out>
>>         _mps_w = 133143986160
>> #9  0x000055555590674b in fix_vectorlike (ss=0x7fffffff9fc8, v=0x7fff89f0dff0)
>>     at ../../emacs/src/igc.c:1974
>>         res = 32767
>>         size = 6
>>         _ss = 0x7fffffff9fc8
>>         _mps_zs = 22
>>         _mps_ufs = 549755813896
>>         _mps_wt = <optimized out>
>>         _mps_w = 133143986160
>> #10 0x0000555555908d53 in fix_vector (ss=0x7fffffff9fc8, v=0x7fff89f0dff0)
>> --Type <RET> for more, q to quit, c to continue without paging--
>>     at ../../emacs/src/igc.c:2646
>>         obj_ = 0x7fff89f0dff0
>>         res = 0
>>         _ss = 0x7fffffff9fc8
>>         _mps_zs = 22
>>         _mps_ufs = 549755813896
>>         _mps_wt = <optimized out>
>>         _mps_w = 133143986160
>> #11 0x00005555559061d4 in dflt_scan_obj
>>     (ss=0x7fffffff9fc8, base_start=0x7fff89f0dff0,
>>     base_limit=0x7fff89f0f000, closure=0x0)
>
> I've stripped the rest of the backtrace because it's probably not
> too relevant.
>
> What Emacs is doing here is allocate a cons, which triggers a GC step
> because the allocation point needs more memory. In this GC step, we
> scans a memory area containing a vector (or vectorlike) containing 6
> elements. The first element is a string for which MPS_FIX1 says it needs
> to be passed to MPS_FIX2, but MPS_FIX2 aborts.
>
> I have no idea why that is. I've added Pip in CC, maybe he has ideas.

I think the relevant part is that the IGC header of the object passed to
_mps_fix2 is incorrect: it claims to have size 0.  This is often the
case when no traceable reference to an object was found in a previous GC
pass and the memory has been reused for other purposes.

So it seems there is a vector or pseudovector of size 6 that somehow
attempts to resurrect a freed object (in the first slot). Unfortunately,
6 is the usual size for Lisp closures, so it's a very common allocation
and we can't just breakpoint based on that size alone.

Do you have a core dump, Óscar? I think we need to look at the vector
and see whether we can figure out how it was allocated or modified.

I think it's unlikely this particular vector is a closure, FWIW, because
the first slot of a closure vector is always a fixnum.

Pip






  reply	other threads:[~2024-12-01 10:49 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-26 18:35 bug#74547: 31.0.50; igc: assertion failed in buffer.c Óscar Fuentes
2024-11-27  6:54 ` Gerd Möllmann
2024-12-01 10:49   ` Pip Cet via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
2024-12-01 12:05     ` Gerd Möllmann
2024-12-01 12:17       ` Gerd Möllmann
2024-12-01 12:30         ` Pip Cet via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-01 12:39           ` Gerd Möllmann
2024-12-01 12:57             ` Pip Cet via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-01 13:30               ` Gerd Möllmann
2024-12-01 14:58                 ` Pip Cet via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-01 15:18                   ` Gerd Möllmann
2024-12-01 15:48                     ` Pip Cet via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-01 16:32                       ` Geza Herman
2024-12-01 19:41                         ` Gerd Möllmann
2024-12-01 21:15                         ` Pip Cet via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-04 19:11                           ` Geza Herman
2024-12-01 15:55                     ` Eli Zaretskii
2024-12-01 15:23                   ` Eli Zaretskii
2024-12-01 15:30                   ` Óscar Fuentes
2024-12-01 15:48                     ` Gerd Möllmann
2024-12-01 15:58                     ` Pip Cet via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-01 16:24                       ` Óscar Fuentes
2024-12-01 13:18         ` Óscar Fuentes
2024-12-01 13:44           ` Gerd Möllmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87cyibn0dz.fsf@protonmail.com \
    --to=bug-gnu-emacs@gnu.org \
    --cc=74547@debbugs.gnu.org \
    --cc=gerd.moellmann@gmail.com \
    --cc=oscarfv@telefonica.net \
    --cc=pipcet@protonmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).