I can now recreate at will with a magit sequence (l o hackbox/ TAB) which triggers a minibuffer re-size to accommodate the list of git branches:(gdb) info frame 0
Stack frame at 0x7fffffffb2e0:
rip = 0x5555556a80ef in Factive_minibuffer_window (minibuf.c:230); saved rip = 0x5555556f52ab
called by frame at 0x7fffffffb340
source language c.
Arglist at 0x7fffffffb2c8, args:
Locals at 0x7fffffffb2c8, Previous frame's sp is 0x7fffffffb2e0
Saved registers:
rip at 0x7fffffffb2d8
(gdb) x/5i $pc
=> 0x5555556a80ef <Factive_minibuffer_window+79>: mov -0x3(%rax),%r10
0x5555556a80f3 <Factive_minibuffer_window+83>: lea -0x3(%rdx),%eax
0x5555556a80f6 <Factive_minibuffer_window+86>: test $0x7,%al
0x5555556a80f8 <Factive_minibuffer_window+88>: jne 0x5555556a8153 <Factive_minibuffer_window+179>
0x5555556a80fa <Factive_minibuffer_window+90>: nopw 0x0(%rax,%rax,1)
(gdb) p/x $rax
$4 = 0x0
(gdb) p/x $r10
$5 = 0x7fffeece9c6d
(gdb) l
225 Lisp_Object innermost_MB;
226
227 if (!minibuf_level)
228 return Qnil;
229
230 innermost_MB = nth_minibuffer (minibuf_level);
231 FOR_EACH_FRAME (frames, frame)
232 {
233 f = XFRAME (frame);
234 if (FRAME_LIVE_P (f)
(gdb) p minibuf_level
$6 = 2
(gdb) p Vminibuffer_list
$7 = (Lisp_Object) 0x555555c9aca3
(gdb) p $*
A syntax error in expression, near `'.
(gdb) p *$
$8 = <incomplete type>
(gdb)Let me know if you want something else.On Tue, 11 May 2021 at 03:24, Eli Zaretskii <eliz@gnu.org> wrote:> From: Alex Bennée <alex.bennee@linaro.org>
> Date: Mon, 10 May 2021 20:30:58 +0100
> Cc: Alan Mackenzie <acm@muc.de>
>
> It seems my mail client left this in the sent folder but never actually sent it:
>
> I haven't been able to find a reproduction as the bug hits fairly
> randomly hence I'm running in my normal init.el heavy environment.
> That said there shouldn't be anything in lisp that could cause a
> segfault in the core C code.
>
> This only started happening this week after a recent update from
> master (I update every Monday). The only change I could see that might
> be related was f608b4b93 (Prevent the selected window being a dead
> mini-window when switching frames).
>
> Unfortunately no symbols. However both core dumps so far have seen the
> same null XCAR being called from nth_minibuffer:
>
> #0 0x00007f4384f585cb in raise (sig=sig@entry=11) at ../sysdeps/unix/sysv/linux/raise.c:50
> set = {__val = {18446744067266837247, 0 <repeats 15 times>}}
> pid = <optimized out>
> tid = <optimized out>
> #1 0x000055b6738bf530 in terminate_due_to_signal (sig=sig@entry=11,
> backtrace_limit=backtrace_limit@entry=40) at emacs.c:437
> #2 0x000055b6738bf97d in handle_fatal_signal (sig=sig@entry=11) at sysdep.c:1762
> #3 0x000055b6739b8ca8 in deliver_thread_signal (sig=sig@entry=11, handler=0x55b6738bf972
> <handle_fatal_signal>) at sysdep.c:1754
> #4 0x000055b6739b8d29 in deliver_fatal_thread_signal (sig=11) at sysdep.c:1867
> fatal = <optimized out>
> #5 0x000055b6739b8d29 in handle_sigsegv (sig=11, siginfo=<optimized out>, arg=<optimized out>) at
> sysdep.c:1867
> fatal = <optimized out>
> #6 0x00007f4384f58730 in <signal handler called> () at /lib/x86_64-linux-gnu/libpthread.so.0
> #7 0x000055b6739ce0ef in XCAR (c=0x0) at lisp.h:1420
> tail = 0x0
> frames = <optimized out>
> frame = <optimized out>
> f = <optimized out>
> innermost_MB = <optimized out>
> #8 0x000055b6739ce0ef in nth_minibuffer (depth=<optimized out>) at minibuf.c:972
> tail = 0x0
> frames = <optimized out>
> frame = <optimized out>
> f = <optimized out>
> innermost_MB = <optimized out>
Please show the Lisp value of Vminibuffer_list.
--Alex Bennée
KVM/QEMU Hacker for Linaro