From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Daniel Clemente Newsgroups: gmane.emacs.bugs Subject: bug#71693: 30.0.50, SIGSEGV in FRAME_TTY (sf) in redisplay_internal Date: Fri, 21 Jun 2024 10:46:58 +0000 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="30165"; mail-complaints-to="usenet@ciao.gmane.io" To: 71693@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Jun 21 12:48:09 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sKboO-0007gP-R1 for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 21 Jun 2024 12:48:08 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sKboF-0008DF-5C; Fri, 21 Jun 2024 06:47:59 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sKboE-0008Cr-1S for bug-gnu-emacs@gnu.org; Fri, 21 Jun 2024 06:47:58 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sKboD-0004mB-Q6 for bug-gnu-emacs@gnu.org; Fri, 21 Jun 2024 06:47:57 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sKboI-0000wX-5P for bug-gnu-emacs@gnu.org; Fri, 21 Jun 2024 06:48:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Daniel Clemente Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 21 Jun 2024 10:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 71693 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.17189668603583 (code B ref -1); Fri, 21 Jun 2024 10:48:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 21 Jun 2024 10:47:40 +0000 Original-Received: from localhost ([127.0.0.1]:57027 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sKbnv-0000vi-6D for submit@debbugs.gnu.org; Fri, 21 Jun 2024 06:47:39 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:52630) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sKbns-0000vZ-KZ for submit@debbugs.gnu.org; Fri, 21 Jun 2024 06:47:37 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sKbnn-0008B7-U0 for bug-gnu-emacs@gnu.org; Fri, 21 Jun 2024 06:47:31 -0400 Original-Received: from mail-vs1-xe2b.google.com ([2607:f8b0:4864:20::e2b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sKbnl-0004ip-Sg for bug-gnu-emacs@gnu.org; Fri, 21 Jun 2024 06:47:31 -0400 Original-Received: by mail-vs1-xe2b.google.com with SMTP id ada2fe7eead31-48d9998787fso618349137.1 for ; Fri, 21 Jun 2024 03:47:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718966847; x=1719571647; darn=gnu.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=YQLXtp/7a1uMVvgMTWY3kZjM/TRhkwZzAOgZ8scb99E=; b=PatTWq6pluLNQXaHdQngK8quzHuhXSiBMgsA5Crn2sGfGLi9ajIftFDENwjOIGxgRW e/8IOdK6mLJP0scQVCu3gPmC+MIlaqeWZqGrsInxDyB3z8CyWMmLQ/StwKnZ8C7dcuSz XgqKP94+EHcln/RGCnj0wLepTmUkp4W1HsyXQisspVoCA1sUmDxa6QNJ7mxfrAv02CsQ vqZh0QEacmVWRGcJ+olZVKYoFytes1K/6DN60Tyojez3cwmhofSb/dQOyhxjz8XVDVa4 qnxI7DwY6LRE2d/XnANWBtuE+Djg6YHRm7/+/EoJ3OX1Yz98X6fUmZ5u3olzzRCoJ6B3 CvgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718966847; x=1719571647; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=YQLXtp/7a1uMVvgMTWY3kZjM/TRhkwZzAOgZ8scb99E=; b=pGu+fw4A2oUQFI9YulTv0vikM9VlW+D5cH0F50fsN0/z47tD17VYtXhGJJzGBqx+vL glQWlck4R+2nOJfPoDceCIJE4dImBfiFmwHQ6+FkojdFcQojiIINttzR2FcuwLOBPnot fg72U2z3wq5cPtf/ZUtqGHw/uIQZb900tR3LAnf4Z7COKQet89RzaYOH07RleJWcImQi cdRwYFXeKlDM4JQ9PnAUEMIaa3kLS9bk0Hwy/3no2/loIiEaD5Snk5FeUDeBycOu2U2F xWHh0Y0UINPoW/2Ffaa8bHXMPeEYP7L+ivFxgzEWfD9YtxJzw0m0rTXx87DGYTVhB4nw PK1w== X-Gm-Message-State: AOJu0YwKBhhdjJmeP7GLqV5T3Jx+MRCARDFcgNjSyPEMlRSqGeX2kil5 CJ/0kI3S4g3ivIr5DXQad9A+01adXNy4jkIjQ0jawpJRoxfFW8JF3W6Wi0ciHvbkMbnVITNdFSI qry/OstB5UnO7OLg1hPk389MGExLFukmw X-Google-Smtp-Source: AGHT+IGQz8tx8bDLRi6LEH5uN3In3IUZqFh1yFhmuIoWs8EzPJ71yGZkmPnzzxlu8SEQcpNJ+Iu42/HJK51U4YQ9OTQ= X-Received: by 2002:a67:ee4b:0:b0:48d:8904:3dad with SMTP id ada2fe7eead31-48f13140716mr8462776137.32.1718966847322; Fri, 21 Jun 2024 03:47:27 -0700 (PDT) Received-SPF: pass client-ip=2607:f8b0:4864:20::e2b; envelope-from=n142857@gmail.com; helo=mail-vs1-xe2b.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:287617 Archived-At: I enabled -fsanitize. I'm using an X terminal to run TTY Emacs inside. I opened the daemon inside gdb with emacs --fg-daemon -Q I saw this crash just by opening a few frames like xterm -e "emacsclient" "-c" "-e" '(dired "~")' And closing them. But I don't have an exact reproduction formula. It seems that sf contains bad data, i.e. it doesn't represent frame data. The 2 times I randomly saw this crash, I tried to dump the core with gdb, and it started creating a huge file of many Gb until I stopped it. [Detaching after fork from child process 5364] xdisp.c:16932:10: runtime error: member access within null pointer of type 'struct terminal' Program received signal SIGSEGV, Segmentation fault. 0x0000555556610d93 in redisplay_internal () at xdisp.c:16932 16932 && FRAME_TTY (sf)->previous_frame != sf) (gdb) bt #0 0x0000555556610d93 in redisplay_internal () at xdisp.c:16932 #1 0x000055555660d9e1 in redisplay () at xdisp.c:16562 #2 0x00005555569aab1e in read_char (commandflag=1, map=XIL(0x7ffff1882cb3), prev_event=XIL(0), used_mouse_menu=0x7fffffffd4b0, end_time=0x0) at keyboard.c:2678 #3 0x00005555569e9ca2 in read_key_sequence ( keybuf=0x7fffffffd7a0, prompt=XIL(0), dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false, disable_text_conversion_p=false) at keyboard.c:10728 #4 0x000055555699b122 in command_loop_1 () at keyboard.c:1429 #5 0x0000555556cbb678 in internal_condition_case ( bfun=0x55555699a22d , handlers=XIL(0x90), hfun=0x555556998204 ) at eval.c:1613 #6 0x0000555556999797 in command_loop_2 (handlers=XIL(0x90)) at keyboard.c:1168 #7 0x0000555556cb84d8 in internal_catch (tag=XIL(0xfb40), func=0x555556999767 , arg=XIL(0x90)) at eval.c:1292 #8 0x000055555699969a in command_loop () at keyboard.c:1146 #9 0x0000555556996e7a in recursive_edit_1 () at keyboard.c:754 #10 0x0000555556997531 in Frecursive_edit () at keyboard.c:837 #11 0x0000555556989057 in main (argc=5, argv=0x7fffffffdea8) at emacs.c:2629 Lisp Backtrace: "redisplay_internal (C function)" (0x0) (gdb) list 16927 can't reuse current matrices in this case. */ 16928 if (face_change) 16929 windows_or_buffers_changed = 47; 16930 16931 if ((FRAME_TERMCAP_P (sf) || FRAME_MSDOS_P (sf)) 16932 && FRAME_TTY (sf)->previous_frame != sf) 16933 { 16934 /* Since frames on a single ASCII terminal share the same 16935 display area, displaying a different frame means redisplay 16936 the whole thing. */ (gdb) p sf $1 = (struct frame *) 0x6210000ef9b0 (gdb) p FRAME_TTY(sf) Cannot access memory at address 0x50 (gdb) p *sf $2 = { header = { size = 4611686018595348501 }, name = XIL(0x6190000ecba4), icon_name = XIL(0), title = XIL(0), last_mouse_device = XIL(0), focus_frame = XIL(0), root_window = XIL(0), selected_window = XIL(0x62100033936d), old_selected_window = XIL(0x62100033936d), minibuffer_window = XIL(0x621000122e1d), param_alist = XIL(0x7fffeaa65a13), scroll_bars = XIL(0), condemned_scroll_bars = XIL(0), menu_bar_items = XIL(0x621000344895), face_hash_table = XIL(0x6210002470ad), menu_bar_vector = XIL(0), buffer_predicate = XIL(0), buffer_list = XIL(0), buried_buffer_list = XIL(0), tool_bar_position = XIL(0xfab0), tab_bar_items = XIL(0), tool_bar_items = XIL(0), face_cache = 0x0, last_tab_bar_item = 0, menu_bar_items_used = 0, current_pool = 0x0, --Type for more, q to quit, c to continue without paging-- desired_pool = 0x0, desired_matrix = 0x0, current_matrix = 0x0, glyphs_initialized_p = false, resized_p = false, default_face_done_p = false, already_hscrolled_p = true, updated_p = true, fonts_changed = false, cursor_type_changed = false, redisplay = false, visible = 0, iconified = false, garbaged = false, wants_modeline = true, auto_raise = false, auto_lower = false, no_split = false, explicit_name = false, window_change = false, window_state_change = false, mouse_moved = false, pointer_invisible = false, frozen_window_starts = false, output_method = output_termcap, can_set_window_size = true, after_make_frame = true, tab_bar_redisplayed = false, tab_bar_resized = false, --Type for more, q to quit, c to continue without paging-- tool_bar_redisplayed = false, tool_bar_resized = false, inhibit_horizontal_resize = false, inhibit_vertical_resize = false, face_change = false, inhibit_clear_image_cache = false, new_size_p = false, was_invisible = false, select_mini_window_flag = false, change_stamp = 18, number_of_windows = 3, tab_bar_lines = 0, tab_bar_height = 0, n_tab_bar_rows = 0, n_tab_bar_items = 0, tool_bar_lines = 0, tool_bar_height = 0, n_tool_bar_rows = 0, n_tool_bar_items = 0, decode_mode_spec_buffer = 0x615000034600 "\0328", insert_line_cost = 0x6120002593c0, delete_line_cost = 0x612000259840, insert_n_lines_cost = 0x6120002596c0, delete_n_lines_cost = 0x612000259540, text_cols = 118, text_lines = 64, text_width = 118, text_height = 64, total_cols = 118, --Type for more, q to quit, c to continue without paging-- total_lines = 65, pixel_width = 118, pixel_height = 65, new_width = -1, new_height = -1, left_pos = 0, top_pos = 0, win_gravity = 0, size_hint_flags = 0, border_width = 0, child_frame_border_width = 0, internal_border_width = 0, right_divider_width = 0, bottom_divider_width = 0, left_fringe_width = 0, right_fringe_width = 0, fringe_cols = 0, menu_bar_lines = 1, menu_bar_height = 1, column_width = 1, line_height = 1, terminal = 0x0, output_data = { tty = 0x602000062770, x = 0x602000062770, w32 = 0x602000062770, ns = 0x602000062770, pgtk = 0x602000062770, haiku = 0x602000062770, --Type for more, q to quit, c to continue without paging-- android = 0x602000062770 }, font_driver_list = 0x0, desired_cursor = FILLED_BOX_CURSOR, cursor_width = 0, blink_off_cursor = FILLED_BOX_CURSOR, blink_off_cursor_width = 0, config_scroll_bar_width = 0, config_scroll_bar_cols = 0, config_scroll_bar_height = 0, config_scroll_bar_lines = 0, cost_calculation_baud_rate = 38400, alpha = {0, 0}, alpha_background = 0, gamma = 0, extra_line_spacing = 0, background_pixel = 18446744073709551613, foreground_pixel = 18446744073709551614 } (gdb) (gdb) pp sf # (gdb) (gdb) p sf->output_data $3 = { tty = 0x602000062770, x = 0x602000062770, w32 = 0x602000062770, ns = 0x602000062770, pgtk = 0x602000062770, haiku = 0x602000062770, android = 0x602000062770 } (gdb) p sf->output_data->tty $4 = (struct tty_output *) 0x602000062770 (gdb) xpr Lisp_Symbol $5 = (struct Lisp_Symbol *) 0xb57558f9a470 Cannot access memory at address 0xb57558f9a478 (gdb) In GNU Emacs 30.0.50 (build 14, x86_64-pc-linux-gnu) of 2024-06-14 built on sonn Repository revision: 5ecff95993d5edbffb27e14c2815d2b23003bcb4 Repository branch: master System Description: Devuan GNU/Linux 5 (daedalus) Configured using: 'configure --prefix=/opt/dc/emacs/ --without-dbus --with-tiff=no --without-tiff --without-libsystemd --without-dbus --with-mailutils --without-modules --with-native-compilation --with-x-toolkit=no --without-imagemagick --without-xft --without-harfbuzz --without-freetype --without-libotf --without-xwidgets --without-xpm --without-jpeg --without-gif --without-png --without-webp --without-rsvg --without-cairo --without-x --without-sound --enable-checking=yes,glyphs --enable-profiling 'CFLAGS=-g3 -O0 -static-libasan -fsanitize=undefined,address,bounds-strict,float-cast-overflow '' Configured features: GMP GNUTLS LCMS2 LIBSELINUX LIBXML2 NATIVE_COMP NOTIFY INOTIFY PDUMPER SECCOMP SQLITE3 THREADS XIM ZLIB Important settings: value of $LANG: en_US.UTF-8 value of $XMODIFIERS: @im=SCIM locale-coding-system: utf-8-unix Major mode: Dired by name Minor modes in effect: server-mode: t tooltip-mode: t global-eldoc-mode: t show-paren-mode: t electric-indent-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t minibuffer-regexp-mode: t buffer-read-only: t line-number-mode: t indent-tabs-mode: t transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t Load-path shadows: None found. Features: (shadow sort hashcash mail-extr compile comint ansi-osc ansi-color ring tool-bar comp-run comp-common rx emacsbug message mailcap yank-media puny rfc822 mml mml-sec password-cache epa derived epg rfc6068 epg-config gnus-util text-property-search time-date subr-x mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils pp dired-aux cl-loaddefs cl-lib regexp-opt dired dnd dired-loaddefs term/rxvt term/xterm xterm byte-opt gv bytecomp byte-compile server rmc iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads inotify lcms2 multi-tty make-network-process native-compile emacs) Memory information: ((conses 16 79584 11221) (symbols 48 7260 1) (strings 32 19579 4136) (string-bytes 1 555627) (vectors 16 9521) (vector-slots 8 101397 9175) (floats 8 33 8255) (intervals 56 2255 14) (buffers 984 14))