From: Richard Copley <rcopley@gmail.com>
To: 29040@debbugs.gnu.org, eliz@gnu.org
Subject: bug#29040: emacs-26 crash due to misaligned longjmp buffer in 64-bit MSYS2/MinGW-W64 build
Date: Sat, 28 Oct 2017 14:40:41 +0100 [thread overview]
Message-ID: <CAPM58ohC7ZBSCALq-Gwd3u_cqStr-N-N+je0f9FZ_AyD=APCeA@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2619 bytes --]
When I build from the current emacs-26 branch with the current 64-bit
mingw-w64 toolchain from MSYS2, with optimization, Emacs sometimes
crashes with a segfault on typing C-g.
As far as I can tell, the current 64-bit pretest is not affected.
The attached file "servicelistpage.txt" helps to reproduce the crash.
It was created by the OP in this thread on help-gnu-emacs:
<http://lists.gnu.org/archive/html/help-gnu-emacs/2017-10/msg00089.html>
To reproduce the build with the 64-bit MinGW-W64 toolchain from MSYS2,
* Save a backup of your MSYS2 installation, if it is in working order.
* Update MSYS2.
* In MSYS2 MINGW64 shell in the emacs repo:
git reset --hard 68182a47
git clean -xfd
./autogen.sh
./configure --with-modules --without-pop 'CFLAGS=-O1 -ggdb3'
make -j8 -O
Then, to reproduce the crash from "src/emacs -Q servicelistpage.txt":
* Wait for the buffer to be displayed.
* Type [C-g].
Partial GDB backtrace (full backtrace attached):
Thread 1 (Thread 5480.0x1e9c):
#0 0x00007ffaa1b693a0 in ntdll!RtlCaptureContext ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#1 0x00007ffaa1ad8f27 in ntdll!RtlUnwindEx ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#2 0x00007ffaa0671f4a in msvcrt!_setjmpex ()
from C:\WINDOWS\System32\msvcrt.dll
No symbol table info available.
#3 0x00000004000b1a9a in quit_throw_to_read_char (
from_signal=from_signal@entry=false) at keyboard.c:10548
No locals.
The faulting instruction in ntdll!RtlCaptureContext (frame #0) is
0x00007ffaa1b693a0 <+384>: movaps 0x60(%rax),%xmm0
The memory operand should be 16-byte aligned but it is not. That is
the cause of the segfault. I think the following extract from the GDB
session shows the problem. The value in %rax is 0x4005CDAE8 (not
16-byte aligned).
(gdb) p $rax
$1 = 17185954536
(gdb) up
#1 0x00007ffaa1ad8f27 in ntdll!RtlUnwindEx ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
(gdb) up
#2 0x00007ffaa0671f4a in msvcrt!_setjmpex ()
from C:\WINDOWS\System32\msvcrt.dll
(gdb) up
#3 0x00000004000b1a9a in quit_throw_to_read_char (
from_signal=from_signal@entry=false) at keyboard.c:10548
10548 sys_longjmp (getcjmp, 1);
(gdb) p &getcjmp
$2 = (sys_jmp_buf *) 0x4005cdae8 <main_thread+224>
In the help-gnu-emacs thread, Eli said:
[...] we should ask the MinGW64 developers for advice about using
longjmp. Most probably, something in that area has changed in recent
releases of their runtime [...]
Eli, my apologies, but I don't think I understand the issues well
enough to have a productive discussion with the MinGW-W64 developers
myself.
[-- Attachment #2: servicelistpage-1.txt --]
[-- Type: text/plain, Size: 28 bytes --]
"hello":""
[-- Attachment #3: backtrace.txt --]
[-- Type: text/plain, Size: 13135 bytes --]
$ gdb --quiet -ex run --args src/emacs.exe -Q "C:\Users\buster\AppData\Local\Temp\servicelistpage-1.txt"
Reading symbols from src/emacs.exe...done.
Starting program: C:\projects\emacs\src\emacs.exe -Q C:\Users\buster\AppData\Local\Temp\servicelistpage-1.txt
[New Thread 5480.0x1e9c]
[New Thread 5480.0x3bcc]
[New Thread 5480.0x1e04]
[New Thread 5480.0x38a4]
[New Thread 5480.0x28a0]
[New Thread 5480.0x2a2c]
Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007ffaa1b693a0 in ntdll!RtlCaptureContext ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
(gdb) thread apply all bt full
Thread 6 (Thread 5480.0x2a2c):
#0 0x00007ffa9f001144 in win32u!NtUserGetMessage ()
from C:\WINDOWS\System32\win32u.dll
No symbol table info available.
#1 0x00007ffaa1862dd6 in USER32!GetMessageW ()
from C:\WINDOWS\System32\user32.dll
No symbol table info available.
#2 0x000000040017b2d7 in w32_msg_pump (msg_buf=msg_buf@entry=0x4bafec0)
at w32fns.c:3255
msg = {
hwnd = 0x0,
message = 0,
wParam = 0,
lParam = 0,
time = 1213933250,
pt = {
x = 1136,
y = 1066
}
}
result = <optimized out>
focus_window = <optimized out>
#3 0x000000040017b389 in w32_msg_worker (arg=<optimized out>)
at w32fns.c:3478
msg = {
hwnd = 0x0,
message = 0,
wParam = 0,
lParam = 0,
time = 0,
pt = {
x = 0,
y = 0
}
}
dummy_buf = {
next = 0x0,
w32msg = {
msg = {
hwnd = 0x0,
message = 0,
wParam = 0,
lParam = 0,
time = 0,
pt = {
x = 0,
y = 0
}
},
dwModifiers = 0,
rect = {
left = 0,
top = 0,
right = 0,
bottom = 0
}
},
result = 0,
completed = 0
}
#4 0x00007ffaa0da2774 in KERNEL32!BaseThreadInitThunk ()
from C:\WINDOWS\System32\kernel32.dll
No symbol table info available.
#5 0x00007ffaa1b30d51 in ntdll!RtlUserThreadStart ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#6 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Thread 5 (Thread 5480.0x28a0):
#0 0x00007ffaa1b65a24 in ntdll!ZwDelayExecution ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#1 0x00007ffa9e037287 in SleepEx () from C:\WINDOWS\System32\KernelBase.dll
No symbol table info available.
#2 0x00000004001a89c2 in timer_loop (arg=0x401adfd60 <real_itimer>)
at w32proc.c:397
sleep_time = <optimized out>
handler = <optimized out>
now = <optimized out>
expire = <optimized out>
reload = <optimized out>
itimer = 0x401adfd60 <real_itimer>
which = <optimized out>
crit = 0x401adfca0 <crit_prof>
hth = 0x0
#3 0x00007ffaa0da2774 in KERNEL32!BaseThreadInitThunk ()
from C:\WINDOWS\System32\kernel32.dll
No symbol table info available.
#4 0x00007ffaa1b30d51 in ntdll!RtlUserThreadStart ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#5 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Thread 4 (Thread 5480.0x38a4):
#0 0x00007ffaa1b68c34 in ntdll!ZwWaitForWorkViaWorkerFactory ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#1 0x00007ffaa1b01553 in ntdll!TpReleaseWork ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#2 0x00007ffaa0da2774 in KERNEL32!BaseThreadInitThunk ()
from C:\WINDOWS\System32\kernel32.dll
No symbol table info available.
#3 0x00007ffaa1b30d51 in ntdll!RtlUserThreadStart ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#4 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Thread 3 (Thread 5480.0x1e04):
#0 0x00007ffaa1b68c34 in ntdll!ZwWaitForWorkViaWorkerFactory ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#1 0x00007ffaa1b01553 in ntdll!TpReleaseWork ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#2 0x00007ffaa0da2774 in KERNEL32!BaseThreadInitThunk ()
from C:\WINDOWS\System32\kernel32.dll
No symbol table info available.
#3 0x00007ffaa1b30d51 in ntdll!RtlUserThreadStart ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#4 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Thread 2 (Thread 5480.0x3bcc):
#0 0x00007ffaa1b68c34 in ntdll!ZwWaitForWorkViaWorkerFactory ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#1 0x00007ffaa1b01553 in ntdll!TpReleaseWork ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#2 0x00007ffaa0da2774 in KERNEL32!BaseThreadInitThunk ()
from C:\WINDOWS\System32\kernel32.dll
No symbol table info available.
#3 0x00007ffaa1b30d51 in ntdll!RtlUserThreadStart ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#4 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Thread 1 (Thread 5480.0x1e9c):
#0 0x00007ffaa1b693a0 in ntdll!RtlCaptureContext ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#1 0x00007ffaa1ad8f27 in ntdll!RtlUnwindEx ()
from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#2 0x00007ffaa0671f4a in msvcrt!_setjmpex ()
from C:\WINDOWS\System32\msvcrt.dll
No symbol table info available.
#3 0x00000004000b1a9a in quit_throw_to_read_char (
from_signal=from_signal@entry=false) at keyboard.c:10548
No locals.
#4 0x00000004000b3db5 in kbd_buffer_get_event (end_time=0x0,
used_mouse_menu=0x0, kbp=<synthetic pointer>) at keyboard.c:3790
obj = <optimized out>
#5 read_event_from_main_queue (used_mouse_menu=0x0, local_getcjmp=0xbff258,
end_time=0x0) at keyboard.c:2151
c = {
i = 0
}
save_jump = {{
Part = {0, 0}
} <repeats 16 times>}
kb = <optimized out>
#6 read_decoded_event_from_main_queue (used_mouse_menu=0x0, prev_event=...,
local_getcjmp=0xbff258, end_time=0x0) at keyboard.c:2214
No locals.
#7 read_char (commandflag=120, commandflag@entry=1, map=..., map@entry=...,
prev_event=..., used_mouse_menu=0x0, used_mouse_menu@entry=0xbff44b,
end_time=end_time@entry=0x0) at keyboard.c:2802
c = <optimized out>
jmpcount = 0
local_getcjmp = {{
Part = {12579624, 17185452969}
}, {
Part = {12578304, 12579624}
}, {
Part = {17185461184, 17185861600}
}, {
Part = {534528, 3}
}, {
Part = {0, 0}
}, {
Part = {17180601996, 3843995738016}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}, {
Part = {0, 0}
}}
save_jump = {{
Part = {17185907520, 17185869328}
}, {
Part = {61768, 80389168}
}, {
Part = {2, 17185131016}
}, {
Part = {12579296, 0}
}, {
Part = {0, 17181005805}
}, {
Part = {0, 17185907520}
}, {
Part = {35840, 17188240544}
}, {
Part = {61768, 120}
}, {
Part = {17185131016, 12579296}
}, {
Part = {0, 17181009037}
}, {
Part = {0, 80389168}
}, {
Part = {1, 15}
}, {
Part = {5, 17188880288}
}, {
Part = {3002368, 17180939646}
}, {
Part = {0, 80389168}
}, {
Part = {0, 15}
}}
tem = <optimized out>
save = <optimized out>
previous_echo_area_message = {
i = 0
}
also_record = {
i = 0
}
reread = false
recorded = false
polling_stopped_here = true
orig_kboard = 0x1
#8 0x00000004000b61a3 in read_key_sequence (keybuf=keybuf@entry=0xbff580,
bufsize=bufsize@entry=30, prompt=..., prompt@entry=...,
dont_downcase_last=dont_downcase_last@entry=false,
can_return_switch_frame=can_return_switch_frame@entry=true,
fix_current_buffer=fix_current_buffer@entry=true,
prevent_redisplay=prevent_redisplay@entry=false) at keyboard.c:9147
interrupted_kboard = 0x41c4c50
interrupted_frame = 0x400a3fa20 <dumped_data+4594080>
key = <optimized out>
used_mouse_menu = false
echo_local_start = 0
last_real_key_start = 0
keys_local_start = <optimized out>
new_binding = <optimized out>
t = 0
echo_start = 0
keys_start = 0
current_binding = {
i = 17188072051
}
first_event = {
i = 0
}
first_unbound = 31
mock_input = 0
fkey = {
parent = {
i = 17187443171
},
map = {
i = 17187443171
},
start = 0,
end = 0
}
keytran = {
parent = {
i = 17186169491
},
map = {
i = 17186169491
},
start = 0,
end = 0
}
indec = {
parent = {
i = 17187443187
},
map = {
i = 17187443187
},
start = 0,
end = 0
}
shift_translated = false
delayed_switch_frame = {
i = 0
}
original_uppercase = {
i = 0
}
original_uppercase_position = -1
dummyflag = false
starting_buffer = 0x4caa430
fake_prefixed_keys = {
i = 0
}
#9 0x00000004000b6ee3 in command_loop_1 () at keyboard.c:1368
cmd = <optimized out>
keybuf = {{
i = 0
}, {
i = 17181005805
}, {
i = 21392506257408078
}, {
i = 17185908864
}, {
i = 37184
}, {
i = 17188240544
}, {
i = 0
}, {
i = 120
}, {
i = 17185131016
}, {
i = 12580352
}, {
i = 17186479395
}, {
i = 17181009037
}, {
i = 1460728
}, {
i = 0
}, {
i = 17185861600
}, {
i = 1
}, {
i = 5
}, {
i = 37184
}, {
i = 0
}, {
i = 17186190821
}, {
i = 0
}, {
i = 17185861600
}, {
i = 3
}, {
i = 17187765203
}, {
i = 17185861600
}, {
i = 12580608
}, {
i = 0
}, {
i = 17181024997
}, {
i = 17185861600
}, {
i = 64312368
}}
i = <optimized out>
prev_modiff = 0
prev_buffer = 0x0
#10 0x0000000400115d7a in internal_condition_case (
bfun=bfun@entry=0x4000b6aec <command_loop_1>, handlers=...,
handlers@entry=..., hfun=hfun@entry=0x4000ad1bb <cmd_error>)
at eval.c:1332
val = {
i = 17185954536
}
c = 0x3d55430
#11 0x00000004000a9a87 in command_loop_2 (ignore=...) at keyboard.c:1110
val = <optimized out>
#12 0x0000000400115ceb in internal_catch (tag=..., tag@entry=...,
func=func@entry=0x4000a9a63 <command_loop_2>, arg=arg@entry=...)
at eval.c:1097
val = {
i = 17185954536
}
c = 0x3d552a0
#13 0x00000004000a99b4 in command_loop () at keyboard.c:1089
No locals.
#14 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
next reply other threads:[~2017-10-28 13:40 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-28 13:40 Richard Copley [this message]
2017-10-28 13:55 ` bug#29040: emacs-26 crash due to misaligned longjmp buffer in 64-bit MSYS2/MinGW-W64 build Eli Zaretskii
2017-10-28 14:10 ` bug#29040: Trouble with misaligned jmp_buf in 64-bit MinGW-64 runtime, in Emacs 26 Richard Copley
2017-11-02 6:02 ` bug#29040: Emacs 25 hangs on windows arbitrarily during search of a unicode file Paul Eggert
2017-11-02 7:43 ` Richard Copley
2017-11-02 11:10 ` Noam Postavsky
2017-11-02 15:50 ` Eli Zaretskii
2017-11-02 20:35 ` Paul Eggert
2017-11-02 20:46 ` Eli Zaretskii
2017-11-03 5:03 ` Paul Eggert
2017-11-03 8:37 ` Eli Zaretskii
2017-11-03 8:48 ` Paul Eggert
2017-11-03 8:50 ` Eli Zaretskii
2017-11-03 9:25 ` Paul Eggert
2017-11-03 10:02 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPM58ohC7ZBSCALq-Gwd3u_cqStr-N-N+je0f9FZ_AyD=APCeA@mail.gmail.com' \
--to=rcopley@gmail.com \
--cc=29040@debbugs.gnu.org \
--cc=eliz@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).