This morning I had the first crash since updating to
d7ef9678754509d426df5f6f2086ca03f7d68b1c on trunk (which doesn't include
110767's fix to init_from_display_pos), in an emacs that's been running for
10 days.

#0  0x00007f958a006b7b in raise (sig=<optimized out>) at
../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#1  0x00000000004cf767 in terminate_due_to_signal (sig=6,
backtrace_limit=<optimized out>) at emacs.c:344
#2  0x00000000004e98c0 in emacs_abort () at sysdep.c:2061
#3  0x0000000000492515 in bidi_pop_it (bidi_it=<optimized out>) at
bidi.c:638
#4  0x00000000004492a1 in pop_it (it=0x7fff2ab33b18) at xdisp.c:5860
#5  0x0000000000453558 in next_overlay_string (it=0x7fff2ab33b18) at
xdisp.c:5309
#6  0x0000000000427a74 in set_iterator_to_next (it=0x7fff2ab33b18,
reseat_p=<optimized out>) at xdisp.c:7279
#7  0x00000000004315df in display_line (it=0x7fff2ab33b18) at xdisp.c:19790
#8  0x0000000000431008 in try_window (window=<optimized out>, flags=1,
pos=...) at xdisp.c:16300
#9  0x000000000044ce04 in redisplay_window (window=161353781,
just_this_one_p=0) at xdisp.c:15826
#10 0x0000000000452ba3 in redisplay_window_0 (window=28326) at xdisp.c:13894
#11 0x0000000000541aeb in internal_condition_case_1 (bfun=0x452b80
<redisplay_window_0>, arg=161353781, handlers=10062150, hfun=<optimized
out>) at eval.c:1326
#12 0x0000000000449b2f in redisplay_windows (window=<optimized out>) at
xdisp.c:13874
#13 0x000000000042e39b in redisplay_internal () at xdisp.c:13453
#14 0x00000000004308c4 in redisplay_preserve_echo_area (from_where=28326)
at xdisp.c:13710
#15 0x00000000004d9105 in detect_input_pending_run_timers
(do_display=<optimized out>) at keyboard.c:10276
#16 0x000000000057bce3 in wait_reading_process_output
(time_limit=<optimized out>, nsecs=<optimized out>, read_kbd=-1,
do_display=true, wait_for_cell=9858002, wait_proc=0x0,
    just_wait_proc=<optimized out>) at process.c:4749
#17 0x00000000004d7d30 in kbd_buffer_get_event (end_time=<optimized out>,
kbp=<optimized out>, used_mouse_menu=0x7fff2ab3cac7) at keyboard.c:3802
#18 read_char (commandflag=<optimized out>, nmaps=8, maps=0x7fff2ab3c930,
prev_event=9858002, used_mouse_menu=0x7fff2ab3cac7, end_time=<optimized
out>) at keyboard.c:2768
#19 0x00000000004d423d in read_key_sequence (bufsize=30, keybuf=<optimized
out>, prompt=<optimized out>, dont_downcase_last=<optimized out>,
can_return_switch_frame=<optimized out>,
    fix_current_buffer=<optimized out>) at keyboard.c:9230
#20 0x00000000004d381a in command_loop_1 () at keyboard.c:1458
#21 0x00000000005419b1 in internal_condition_case (bfun=0x4d2590
<command_loop_1>, handlers=9909682, hfun=<optimized out>) at eval.c:1288
#22 0x00000000004e2946 in command_loop_2 (ignore=<optimized out>) at
keyboard.c:1167
#23 0x0000000000541486 in internal_catch (tag=<optimized out>,
func=0x4e2920 <command_loop_2>, arg=9858002) at eval.c:1059
#24 0x00000000004d1d09 in command_loop () at keyboard.c:1146
#25 recursive_edit_1 () at keyboard.c:778
#26 0x00000000004d1e26 in Frecursive_edit () at keyboard.c:842
#27 0x00000000004d0d69 in main (argc=<error reading variable: Cannot access
memory at address 0x0>, argv=<optimized out>) at emacs.c:1552


Frame #3 aborted b/c bidi_cache_sp is 0.
Frame #4 has:
(gdb) p it->current
$2 = {
  pos = {
    charpos = 99256,
    bytepos = 99256
  },
  overlay_string_index = 0,
  string_pos = {
    charpos = -1,
    bytepos = -1
  },
  dpvec_index = -1
}

(gdb) p current_buffer->name_
$3 = 65944961
(gdb) pp current_buffer->name_
Cannot access memory at address 0x8ce6b8

(gdb) p current_buffer->text->beg[99256]@100
$5 = ' ' <repeats 24 times>, "],\n", ' ' <repeats 22 times>, "}],\n", ' '
<repeats 20 times>, "],\n", ' ' <repeats 20 times>, "'tar"

which tells me this is
common.gypi<http://src.chromium.org/viewvc/chrome/trunk/src/build/common.gypi?view=markup>,
running in gyp-mode (as opposed to the previous report which was in
cc-mode).

Let me know if you think this is worth debugging further or if I should
first sync & rebuild before a further crash will be interesting.