From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Pip Cet via "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#74547: 31.0.50; igc: assertion failed in buffer.c
Date: Sun, 01 Dec 2024 10:49:57 +0000
Message-ID: <87cyibn0dz.fsf@protonmail.com>
References: <87serdu9m3.fsf@telefonica.net> <m2ed2x5fpw.fsf@gmail.com>
Reply-To: Pip Cet <pipcet@protonmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="34781"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 74547@debbugs.gnu.org,
 =?UTF-8?Q?=C3=93scar?= Fuentes <oscarfv@telefonica.net>
To: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 01 11:51:19 2024
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1tHhXq-0008rX-Nz
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 01 Dec 2024 11:51:18 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1tHhXc-00081W-5U; Sun, 01 Dec 2024 05:51:04 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tHhXa-00081L-LC
 for bug-gnu-emacs@gnu.org; Sun, 01 Dec 2024 05:51:02 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tHhXZ-0008DV-VF
 for bug-gnu-emacs@gnu.org; Sun, 01 Dec 2024 05:51:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:References:In-Reply-To:From:Date:To:Subject;
 bh=IPbVefVBMGlZCNi9P1vl3Uv7HfsowzOs+li9HDYZSMI=; 
 b=oMbV3Te3rNGzQhbiLOfaHlXfo1MXwEq21nDCMzW87hmLqeI0XJ67PYpWQu5QsrN0DmLFkhE116EpgjG+Ks0CfXvwsP90F2Tvv4kSw6gmXVr2XChpaqjVifkUtlUbmqgoKmWAWvxo9oU4xYlMKqAGRKEhfRpC/ltXWzOitlGVDPesUCUoT3RDsW4BpLRbFUVCtSbNJT02zpSn9r/trXEIrEvKxXcbbpU0XygSvASJsvqY2hcrOlTpR/kB7HEFk1AeG8jYuXOU2MD42QkKuawUYJtP3B4Q+pjWmPinFEsRGUB51miAcsQkRgUK6NFGb2WY8fsPPGwZIoS3ia5h3SvSuA==;
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tHhXZ-0001OX-Q2
 for bug-gnu-emacs@gnu.org; Sun, 01 Dec 2024 05:51:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Pip Cet <pipcet@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sun, 01 Dec 2024 10:51:01 +0000
Resent-Message-ID: <handler.74547.B74547.17330502135276@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 74547
X-GNU-PR-Package: emacs
Original-Received: via spool by 74547-submit@debbugs.gnu.org id=B74547.17330502135276
 (code B ref 74547); Sun, 01 Dec 2024 10:51:01 +0000
Original-Received: (at 74547) by debbugs.gnu.org; 1 Dec 2024 10:50:13 +0000
Original-Received: from localhost ([127.0.0.1]:50405 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tHhWm-0001N2-MV
 for submit@debbugs.gnu.org; Sun, 01 Dec 2024 05:50:13 -0500
Original-Received: from mail-10628.protonmail.ch ([79.135.106.28]:33399)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@protonmail.com>) id 1tHhWk-0001HZ-1Z
 for 74547@debbugs.gnu.org; Sun, 01 Dec 2024 05:50:11 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1733050203; x=1733309403;
 bh=IPbVefVBMGlZCNi9P1vl3Uv7HfsowzOs+li9HDYZSMI=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post;
 b=xfmj4OgX/3YdpUIOtlKJ1ZtZVjyqkhllTaQr4d32419+i+nvVuKiSAQLiWf/Fpqtb
 Go72pjADtx0JIR16IEiFtrHxlY19RkbbKEDQulGq0B6ndU8zKSyGQ0fM18Ooa+Hfvg
 D9qChsw1iDNLZUeRCFMDPZLNCfItqYHsVms5HO5FMuy97Zsn7pExQF/EOaKoHhoHV/
 ubdNQ0SczRlaBT6d7ztVqv4QAViGl+TeJys6y7SrKbLkgEw2KjY6Udck3heAmM5lPw
 plqEOmF6r0EAiXkZBVZFFKcf/zq30laNq67CSBolw2As9pIRb1m03UBN8cH3qNGlU8
 OZj8TaVFb+O3A==
In-Reply-To: <m2ed2x5fpw.fsf@gmail.com>
Feedback-ID: 112775352:user:proton
X-Pm-Message-ID: e537bccdf9de69e0957c191592e974d40b9ab659
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:296236
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/296236>

Gerd M=C3=B6llmann <gerd.moellmann@gmail.com> writes:

> =C3=93scar Fuentes <oscarfv@telefonica.net> writes:
>
>> While editing a .dart file with lsp-mode.
>
> Thanks Oscar. That's a difficult one.

I agree.

>> #3  0x00005555559c1384 in mps_lib_assert_fail
>>     (condition=3D0x555555a4a157 "size > 0", line=3D579, file=3D0x555555a=
47782 "buffer.c")
>>     at /home/oscar/dev/other/mps/code/mpsliban.c:87
>> #4  BufferFill
>> #5  0x00005555559f2da0 in amcSegFix (seg=3D0x7fffb820d070, ss=3D0x7fffff=
ff9fc0, refIO=3D0x7fffffff99d0)
>>         trace =3D <optimized out>
>> #6  0x0000555555990b8c in _mps_fix2 (mps_ss=3D0x7fffffff9fc8, mps_ref_io=
=3D0x7fffffff9a10)
>>         res =3D <optimized out>
>> #7  0x0000555555903cac in fix_lisp_obj (ss=3D0x7fffffff9fc8, pobj=3D0x7f=
ff89f0e000)
>>     at ../../emacs/src/igc.c:998
>>         res =3D 32767
>>         client =3D 0x7fff93f2f7d0
>>         base =3D 0x7fff93f2f7d0
>>         p =3D 0x7fff89f0e000
>> --Type <RET> for more, q to quit, c to continue without paging--
>>         word =3D 140735675561940
>>         tag =3D 4
>>         _ss =3D 0x7fffffff9fc8
>>         _mps_zs =3D 22
>>         _mps_ufs =3D 549755846664
>>         _mps_wt =3D 32768
>>         _mps_w =3D 133143986160
>> #8  0x0000555555904160 in fix_array (ss=3D0x7fffffff9fc8, array=3D0x7fff=
89f0e000, n=3D6)
>>     at ../../emacs/src/igc.c:1233
>>         res =3D 30
>>         i =3D 0
>>         _ss =3D 0x7fffffff9fc8
>>         _mps_zs =3D 22
>>         _mps_ufs =3D 549755813896
>>         _mps_wt =3D <optimized out>
>>         _mps_w =3D 133143986160
>> #9  0x000055555590674b in fix_vectorlike (ss=3D0x7fffffff9fc8, v=3D0x7ff=
f89f0dff0)
>>     at ../../emacs/src/igc.c:1974
>>         res =3D 32767
>>         size =3D 6
>>         _ss =3D 0x7fffffff9fc8
>>         _mps_zs =3D 22
>>         _mps_ufs =3D 549755813896
>>         _mps_wt =3D <optimized out>
>>         _mps_w =3D 133143986160
>> #10 0x0000555555908d53 in fix_vector (ss=3D0x7fffffff9fc8, v=3D0x7fff89f=
0dff0)
>> --Type <RET> for more, q to quit, c to continue without paging--
>>     at ../../emacs/src/igc.c:2646
>>         obj_ =3D 0x7fff89f0dff0
>>         res =3D 0
>>         _ss =3D 0x7fffffff9fc8
>>         _mps_zs =3D 22
>>         _mps_ufs =3D 549755813896
>>         _mps_wt =3D <optimized out>
>>         _mps_w =3D 133143986160
>> #11 0x00005555559061d4 in dflt_scan_obj
>>     (ss=3D0x7fffffff9fc8, base_start=3D0x7fff89f0dff0,
>>     base_limit=3D0x7fff89f0f000, closure=3D0x0)
>
> I've stripped the rest of the backtrace because it's probably not
> too relevant.
>
> What Emacs is doing here is allocate a cons, which triggers a GC step
> because the allocation point needs more memory. In this GC step, we
> scans a memory area containing a vector (or vectorlike) containing 6
> elements. The first element is a string for which MPS_FIX1 says it needs
> to be passed to MPS_FIX2, but MPS_FIX2 aborts.
>
> I have no idea why that is. I've added Pip in CC, maybe he has ideas.

I think the relevant part is that the IGC header of the object passed to
_mps_fix2 is incorrect: it claims to have size 0.  This is often the
case when no traceable reference to an object was found in a previous GC
pass and the memory has been reused for other purposes.

So it seems there is a vector or pseudovector of size 6 that somehow
attempts to resurrect a freed object (in the first slot). Unfortunately,
6 is the usual size for Lisp closures, so it's a very common allocation
and we can't just breakpoint based on that size alone.

Do you have a core dump, =C3=93scar? I think we need to look at the vector
and see whether we can figure out how it was allocated or modified.

I think it's unlikely this particular vector is a closure, FWIW, because
the first slot of a closure vector is always a fixnum.

Pip