I can now recreate at will with a magit sequence (l o hackbox/ TAB) which triggers a minibuffer re-size to accommodate the list of git branches: (gdb) info frame 0 Stack frame at 0x7fffffffb2e0: rip = 0x5555556a80ef in Factive_minibuffer_window (minibuf.c:230); saved rip = 0x5555556f52ab called by frame at 0x7fffffffb340 source language c. Arglist at 0x7fffffffb2c8, args: Locals at 0x7fffffffb2c8, Previous frame's sp is 0x7fffffffb2e0 Saved registers: rip at 0x7fffffffb2d8 (gdb) x/5i $pc => 0x5555556a80ef : mov -0x3(%rax),%r10 0x5555556a80f3 : lea -0x3(%rdx),%eax 0x5555556a80f6 : test $0x7,%al 0x5555556a80f8 : jne 0x5555556a8153 0x5555556a80fa : nopw 0x0(%rax,%rax,1) (gdb) p/x $rax $4 = 0x0 (gdb) p/x $r10 $5 = 0x7fffeece9c6d (gdb) l 225 Lisp_Object innermost_MB; 226 227 if (!minibuf_level) 228 return Qnil; 229 230 innermost_MB = nth_minibuffer (minibuf_level); 231 FOR_EACH_FRAME (frames, frame) 232 { 233 f = XFRAME (frame); 234 if (FRAME_LIVE_P (f) (gdb) p minibuf_level $6 = 2 (gdb) p Vminibuffer_list $7 = (Lisp_Object) 0x555555c9aca3 (gdb) p $* A syntax error in expression, near `'. (gdb) p *$ $8 = (gdb) Let me know if you want something else. On Tue, 11 May 2021 at 03:24, Eli Zaretskii wrote: > > From: Alex Bennée > > Date: Mon, 10 May 2021 20:30:58 +0100 > > Cc: Alan Mackenzie > > > > It seems my mail client left this in the sent folder but never actually > sent it: > > > > I haven't been able to find a reproduction as the bug hits fairly > > randomly hence I'm running in my normal init.el heavy environment. > > That said there shouldn't be anything in lisp that could cause a > > segfault in the core C code. > > > > This only started happening this week after a recent update from > > master (I update every Monday). The only change I could see that might > > be related was f608b4b93 (Prevent the selected window being a dead > > mini-window when switching frames). > > > > Unfortunately no symbols. However both core dumps so far have seen the > > same null XCAR being called from nth_minibuffer: > > > > #0 0x00007f4384f585cb in raise (sig=sig@entry=11) at > ../sysdeps/unix/sysv/linux/raise.c:50 > > set = {__val = {18446744067266837247, 0 }} > > pid = > > tid = > > #1 0x000055b6738bf530 in terminate_due_to_signal (sig=sig@entry=11, > > backtrace_limit=backtrace_limit@entry=40) at emacs.c:437 > > #2 0x000055b6738bf97d in handle_fatal_signal (sig=sig@entry=11) at > sysdep.c:1762 > > #3 0x000055b6739b8ca8 in deliver_thread_signal (sig=sig@entry=11, > handler=0x55b6738bf972 > > ) at sysdep.c:1754 > > #4 0x000055b6739b8d29 in deliver_fatal_thread_signal (sig=11) at > sysdep.c:1867 > > fatal = > > #5 0x000055b6739b8d29 in handle_sigsegv (sig=11, siginfo= out>, arg=) at > > sysdep.c:1867 > > fatal = > > #6 0x00007f4384f58730 in () at > /lib/x86_64-linux-gnu/libpthread.so.0 > > #7 0x000055b6739ce0ef in XCAR (c=0x0) at lisp.h:1420 > > tail = 0x0 > > frames = > > frame = > > f = > > innermost_MB = > > #8 0x000055b6739ce0ef in nth_minibuffer (depth=) at > minibuf.c:972 > > tail = 0x0 > > frames = > > frame = > > f = > > innermost_MB = > > Please show the Lisp value of Vminibuffer_list. > -- Alex Bennée KVM/QEMU Hacker for Linaro