From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "John W. Eaton" Newsgroups: gmane.emacs.devel Subject: Re: SEGV in x_catch_errors_unwind (x86_64-unknown-linux-gnu) Date: Fri, 17 Feb 2006 03:04:38 -0500 Message-ID: <17397.33686.218699.659071@segfault.lan> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1140213517 31728 80.91.229.2 (17 Feb 2006 21:58:37 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 17 Feb 2006 21:58:37 +0000 (UTC) Cc: "John W. Eaton" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Feb 17 22:58:36 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1FADcZ-0007an-R6 for ged-emacs-devel@m.gmane.org; Fri, 17 Feb 2006 22:58:36 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FACmP-0003ug-QS for ged-emacs-devel@m.gmane.org; Fri, 17 Feb 2006 16:04:42 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FA0fB-00056t-8e for emacs-devel@gnu.org; Fri, 17 Feb 2006 03:08:25 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FA0dm-0002pc-42 for emacs-devel@gnu.org; Fri, 17 Feb 2006 03:06:59 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FA0df-0002dh-TB for emacs-devel@gnu.org; Fri, 17 Feb 2006 03:06:52 -0500 Original-Received: from [144.92.13.31] (helo=mail.cae.wisc.edu) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FA0iz-0008Mu-1M for emacs-devel@gnu.org; Fri, 17 Feb 2006 03:12:21 -0500 Original-Received: from portkey.cae.wisc.edu (portkey.cae.wisc.edu [144.92.13.118]) by mail.cae.wisc.edu (8.13.4/8.13.4) with ESMTP id k1H84dbt015865; Fri, 17 Feb 2006 02:04:39 -0600 (CST) Original-Received: from segfault.lan (24-54-183-118.pittpa.adelphia.net [24.54.183.118]) (authenticated bits=0) by portkey.cae.wisc.edu (8.13.4/8.13.4/Debian-3) with ESMTP id k1H84cSk022779 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 17 Feb 2006 02:04:38 -0600 Original-To: emacs-devel@gnu.org X-Mailer: VM 7.19 under Emacs 22.0.50.1 X-CAE-MailScanner-Information: Please contact security@engr.wisc.edu if this message contains a virus or has been corrupted in delivery. X-CAE-MailScanner: Found to be clean (benji) X-Mailman-Approved-At: Fri, 17 Feb 2006 04:07:50 -0500 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:50664 Archived-At: On Mon, 13 Feb 2006, Richard M. Stallman wrote: | He gave this crucial piece of information: | | In both gdb sessions I get: | | (gdb) p x_error_message | $1 = (struct x_error_message_stack *) 0x0 | | >From that, can you see a bug in your code? | | (gdb) xbacktrace | "face-attr-match-p" | | That ought to localize it pretty well too. I'm also encountering a crash due to x_error_message == 0, here: (gdb) p x_error_message $1 = (struct x_error_message_stack *) 0x0 (gdb) list 7538 7539 static Lisp_Object 7540 x_catch_errors_unwind (dummy) 7541 Lisp_Object dummy; 7542 { 7543 Display *dpy = x_error_message->dpy; 7544 struct x_error_message_stack *tmp; 7545 7546 /* The display may have been closed before this function is called. 7547 Check if it is still open before calling XSync. */ (gdb) xbacktrace "assoc-default" "set-auto-mode" "normal-mode" "after-find-file" "find-file-noselect-1" "find-file-noselect" "find-file-other-window" "command-line-1" "command-line" "normal-top-level" (gdb) where #0 x_catch_errors_unwind (dummy=13215333) at /scratch/jwe/src/emacs/src/xterm.c:7543 #1 0x000000000050db2d in unbind_to (count=, value=9546737) at /scratch/jwe/src/emacs/src/eval.c:3233 #2 0x000000000053c778 in Fbyte_code (bytestr=70, vector=7317884, maxdepth=40) at /scratch/jwe/src/emacs/src/bytecode.c:716 #3 0x000000000050eeab in funcall_lambda (fun=7317572, nargs=1, arg_vector=0x7ffffff35988) at /scratch/jwe/src/emacs/src/eval.c:3066 #4 0x000000000050f456 in Ffuncall (nargs=, args=0x6fa840) at /scratch/jwe/src/emacs/src/eval.c:2934 #5 0x000000000053c904 in Fbyte_code (bytestr=10163713, vector=7319660, maxdepth=64) at /scratch/jwe/src/emacs/src/bytecode.c:694 #6 0x000000000050eeab in funcall_lambda (fun=7318844, nargs=4, arg_vector=0x7ffffff35b48) at /scratch/jwe/src/emacs/src/eval.c:3066 #7 0x000000000050f456 in Ffuncall (nargs=, args=0x6fad38) at /scratch/jwe/src/emacs/src/eval.c:2934 #8 0x000000000053c904 in Fbyte_code (bytestr=10412017, vector=7308220, maxdepth=48) at /scratch/jwe/src/emacs/src/bytecode.c:694 #9 0x000000000050eeab in funcall_lambda (fun=7308036, nargs=1, arg_vector=0x7ffffff35cf8) at /scratch/jwe/src/emacs/src/eval.c:3066 #10 0x000000000050f456 in Ffuncall (nargs=, args=0x6f8300) at /scratch/jwe/src/emacs/src/eval.c:2934 #11 0x000000000053c904 in Fbyte_code (bytestr=10081201, vector=787, maxdepth=0) at /scratch/jwe/src/emacs/src/bytecode.c:694 #12 0x000000000050eeab in funcall_lambda (fun=8449212, nargs=1, arg_vector=0x7ffffff35ed8) at /scratch/jwe/src/emacs/src/eval.c:3066 #13 0x000000000050f456 in Ffuncall (nargs=, args=0x80ecb8) at /scratch/jwe/src/emacs/src/eval.c:2934 #14 0x000000000053c904 in Fbyte_code (bytestr=9752577, vector=8425668, maxdepth=56) at /scratch/jwe/src/emacs/src/bytecode.c:694 #15 0x000000000050eeab in funcall_lambda (fun=8424020, nargs=0, arg_vector=0x7ffffff36098) at /scratch/jwe/src/emacs/src/eval.c:3066 #16 0x000000000050f456 in Ffuncall (nargs=, args=0x808a50) at /scratch/jwe/src/emacs/src/eval.c:2934 #17 0x000000000053c904 in Fbyte_code (bytestr=9699873, vector=8415588, maxdepth=48) at /scratch/jwe/src/emacs/src/bytecode.c:694 #18 0x000000000050eeab in funcall_lambda (fun=8415364, nargs=0, arg_vector=0x7ffffff361d0) at /scratch/jwe/src/emacs/src/eval.c:3066 #19 0x000000000050f14c in apply_lambda (fun=8415364, args=9546737, eval_flag=1) at /scratch/jwe/src/emacs/src/eval.c:2988 #20 0x000000000050e810 in Feval (form=) at /scratch/jwe/src/emacs/src/eval.c:2277 #21 0x000000000050d587 in internal_condition_case ( bfun=0x4a4700 , handlers=9640161, hfun=0x4aa810 ) at /scratch/jwe/src/emacs/src/eval.c:1465 #22 0x00000000004a473a in top_level_1 () at /scratch/jwe/src/emacs/src/keyboard.c:1345 #23 0x000000000050d437 in internal_catch (tag=, func=0x4a4710 , arg=9546737) at /scratch/jwe/src/emacs/src/eval.c:1211 #24 0x00000000004a44db in command_loop () at /scratch/jwe/src/emacs/src/keyboard.c:1302 #25 0x00000000004a4591 in recursive_edit_1 () at /scratch/jwe/src/emacs/src/keyboard.c:1000 ---Type to continue, or q to quit--- #26 0x00000000004a4693 in Frecursive_edit () at /scratch/jwe/src/emacs/src/keyboard.c:1061 #27 0x00000000004a372f in main (argc=2011, argv=0x7ffffff36a68) at /scratch/jwe/src/emacs/src/emacs.c:1789 I'm using the CVS Emacs sources, checked out Feb 16. I'm generating this error by running emacs -q long list of files to open ... followed by grabbing the window with the mouse and moving it around the screen rapidly while Emacs is loading the files. I can usually but not always cause Emacs to crash by doing this. I was unable to reproduce the problem if I set a breakpoint in x_catch_errors_unwind, so I made the following changes to xterm.c, to trace the sequence of calls to x_catch_errors and x_catch_errors_unwind, which it seems should always be paired. Index: xterm.c =================================================================== RCS file: /sources/emacs/emacs/src/xterm.c,v retrieving revision 1.897 diff -u -r1.897 xterm.c --- xterm.c 14 Feb 2006 10:01:23 -0000 1.897 +++ xterm.c 17 Feb 2006 07:48:50 -0000 @@ -7508,6 +7508,9 @@ void x_check_errors (); static Lisp_Object x_catch_errors_unwind (); +static char xxxbuf[1000]; +static int xxxidx = 0; + int x_catch_errors (dpy) Display *dpy; @@ -7531,6 +7534,9 @@ record_unwind_protect (x_catch_errors_unwind, dummy); + xxxbuf[xxxidx++] = 's'; + xxxbuf[xxxidx] = 0; + return count; } @@ -7540,6 +7546,12 @@ x_catch_errors_unwind (dummy) Lisp_Object dummy; { + xxxbuf[xxxidx++] = 'C'; + xxxbuf[xxxidx] = 0; + + if (! x_error_message) + fprintf (stderr, "%s\n", xxxbuf); + Display *dpy = x_error_message->dpy; struct x_error_message_stack *tmp; With these changes, I get a message like this: sCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCsCC just before the crash (the message is only printed if x_error_message is 0). The length varies, but it is always a sequence of sC (indicating a call to x_catch_errors followed by a call to x_catch_errors_unwind) ending with CC, indicating that x_catch_errors_unwind is being called twice, without an intervening call to x_catch_errors. Looking at the way these functions are used in xterm.c, it is not at all obvious to me how that can happen. I compiled Emacs with gcc 4.0.3 on an amd64 Debian system. Here is the output from gcc -v: Using built-in specs. Target: x86_64-linux-gnu Configured with: ../src/configure -v --enable-languages=c,c++,java,f95,objc,ada,treelang --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --program-suffix=-4.0 --enable-__cxa_atexit --enable-clocale=gnu --enable-libstdcxx-debug --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-4.0-1.4.2.0/jre --enable-mpfr --disable-werror --enable-checking=release x86_64-linux-gnu Thread model: posix gcc version 4.0.3 20060128 (prerelease) (Debian 4.0.2-8) Here is the information from report-emacs-bug: In GNU Emacs 22.0.50.9 (x86_64-unknown-linux-gnu) of 2006-02-17 on segfault X server distributor `The X.Org Foundation', version 11.0.60900000 configured using `configure '--prefix=/usr/local/cvs-emacs'' Important settings: value of $LC_ALL: nil value of $LC_COLLATE: nil value of $LC_CTYPE: nil value of $LC_MESSAGES: nil value of $LC_MONETARY: nil value of $LC_NUMERIC: nil value of $LC_TIME: nil value of $LANG: nil locale-coding-system: nil default-enable-multibyte-characters: t Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t auto-compression-mode: t tool-bar-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t unify-8859-on-encoding-mode: t utf-translate-cjk-mode: t line-number-mode: t Recent input: x r e p o r t Recent messages: (/usr/local/cvs-emacs/bin/emacs -q) For information about the GNU Project and its goals, type C-h C-p. Loading emacsbug... Loading regexp-opt...done Loading emacsbug...done I'd be happy to try any other debugging. I'm not subscribed to the list. Thanks, jwe