I tried noodling around in rr to get some more details but I'm a bit lost with how the C code iterates through the objects. It certainly looks like Fnthcdr just ends up with an empty value. Log attached: On Tue, 11 May 2021 at 07:51, Alex Bennée wrote: > I can now recreate at will with a magit sequence (l o hackbox/ TAB) which > triggers a minibuffer re-size to accommodate the list of git branches: > > (gdb) info frame 0 > Stack frame at 0x7fffffffb2e0: > rip = 0x5555556a80ef in Factive_minibuffer_window (minibuf.c:230); saved > rip = 0x5555556f52ab > called by frame at 0x7fffffffb340 > source language c. > Arglist at 0x7fffffffb2c8, args: > Locals at 0x7fffffffb2c8, Previous frame's sp is 0x7fffffffb2e0 > Saved registers: > rip at 0x7fffffffb2d8 > (gdb) x/5i $pc > => 0x5555556a80ef : mov > -0x3(%rax),%r10 > 0x5555556a80f3 : lea > -0x3(%rdx),%eax > 0x5555556a80f6 : test $0x7,%al > 0x5555556a80f8 : jne > 0x5555556a8153 > 0x5555556a80fa : nopw > 0x0(%rax,%rax,1) > (gdb) p/x $rax > $4 = 0x0 > (gdb) p/x $r10 > $5 = 0x7fffeece9c6d > (gdb) l > 225 Lisp_Object innermost_MB; > 226 > 227 if (!minibuf_level) > 228 return Qnil; > 229 > 230 innermost_MB = nth_minibuffer (minibuf_level); > 231 FOR_EACH_FRAME (frames, frame) > 232 { > 233 f = XFRAME (frame); > 234 if (FRAME_LIVE_P (f) > (gdb) p minibuf_level > $6 = 2 > (gdb) p Vminibuffer_list > $7 = (Lisp_Object) 0x555555c9aca3 > (gdb) p $* > A syntax error in expression, near `'. > (gdb) p *$ > $8 = > (gdb) > > Let me know if you want something else. > > On Tue, 11 May 2021 at 03:24, Eli Zaretskii wrote: > >> > From: Alex Bennée >> > Date: Mon, 10 May 2021 20:30:58 +0100 >> > Cc: Alan Mackenzie >> > >> > It seems my mail client left this in the sent folder but never actually >> sent it: >> > >> > I haven't been able to find a reproduction as the bug hits fairly >> > randomly hence I'm running in my normal init.el heavy environment. >> > That said there shouldn't be anything in lisp that could cause a >> > segfault in the core C code. >> > >> > This only started happening this week after a recent update from >> > master (I update every Monday). The only change I could see that might >> > be related was f608b4b93 (Prevent the selected window being a dead >> > mini-window when switching frames). >> > >> > Unfortunately no symbols. However both core dumps so far have seen the >> > same null XCAR being called from nth_minibuffer: >> > >> > #0 0x00007f4384f585cb in raise (sig=sig@entry=11) at >> ../sysdeps/unix/sysv/linux/raise.c:50 >> > set = {__val = {18446744067266837247, 0 }} >> > pid = >> > tid = >> > #1 0x000055b6738bf530 in terminate_due_to_signal (sig=sig@entry=11, >> > backtrace_limit=backtrace_limit@entry=40) at emacs.c:437 >> > #2 0x000055b6738bf97d in handle_fatal_signal (sig=sig@entry=11) at >> sysdep.c:1762 >> > #3 0x000055b6739b8ca8 in deliver_thread_signal (sig=sig@entry=11, >> handler=0x55b6738bf972 >> > ) at sysdep.c:1754 >> > #4 0x000055b6739b8d29 in deliver_fatal_thread_signal (sig=11) at >> sysdep.c:1867 >> > fatal = >> > #5 0x000055b6739b8d29 in handle_sigsegv (sig=11, siginfo=> out>, arg=) at >> > sysdep.c:1867 >> > fatal = >> > #6 0x00007f4384f58730 in () at >> /lib/x86_64-linux-gnu/libpthread.so.0 >> > #7 0x000055b6739ce0ef in XCAR (c=0x0) at lisp.h:1420 >> > tail = 0x0 >> > frames = >> > frame = >> > f = >> > innermost_MB = >> > #8 0x000055b6739ce0ef in nth_minibuffer (depth=) at >> minibuf.c:972 >> > tail = 0x0 >> > frames = >> > frame = >> > f = >> > innermost_MB = >> >> Please show the Lisp value of Vminibuffer_list. >> > > > -- > Alex Bennée > KVM/QEMU Hacker for Linaro > -- Alex Bennée KVM/QEMU Hacker for Linaro