From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: martin rudalics Newsgroups: gmane.emacs.bugs Subject: bug#54859: Crash in marking of input events with devices Date: Mon, 11 Apr 2022 18:50:07 +0200 Message-ID: <92678974-2fa2-db44-8ae3-69fbb8265168@gmx.at> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="4430"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Po Lu To: 54859@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Apr 11 18:51:25 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ndxG8-00011r-R2 for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 11 Apr 2022 18:51:24 +0200 Original-Received: from localhost ([::1]:34784 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ndxG7-0006wM-JL for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 11 Apr 2022 12:51:23 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43594) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndxFo-0006qk-GZ for bug-gnu-emacs@gnu.org; Mon, 11 Apr 2022 12:51:04 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:51660) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ndxFl-0003LA-OK for bug-gnu-emacs@gnu.org; Mon, 11 Apr 2022 12:51:04 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ndxFl-0004cq-NY for bug-gnu-emacs@gnu.org; Mon, 11 Apr 2022 12:51:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: martin rudalics Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 11 Apr 2022 16:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54859 X-GNU-PR-Package: emacs X-Debbugs-Original-To: Bug-Gnu-Emacs Original-Received: via spool by submit@debbugs.gnu.org id=B.164969581817722 (code B ref -1); Mon, 11 Apr 2022 16:51:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 11 Apr 2022 16:50:18 +0000 Original-Received: from localhost ([127.0.0.1]:45557 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndxF3-0004bj-U5 for submit@debbugs.gnu.org; Mon, 11 Apr 2022 12:50:18 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:49700) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndxF2-0004ba-Sp for submit@debbugs.gnu.org; Mon, 11 Apr 2022 12:50:17 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43386) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndxF2-0006D0-KQ for bug-gnu-emacs@gnu.org; Mon, 11 Apr 2022 12:50:16 -0400 Original-Received: from mout.gmx.net ([212.227.17.22]:33973) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndxEz-00039f-On for bug-gnu-emacs@gnu.org; Mon, 11 Apr 2022 12:50:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1649695808; bh=P4eOIjVcxjQ9XNTf0LhTZ63J9oCOL/l3fuWY8F/XR6I=; h=X-UI-Sender-Class:Date:To:Cc:From:Subject; b=QRp97zPxX2LR2j4fLgzKXEN5M0AJj+JT1Kee0XXo0FxyaEZWN8Q4U1NBMARSU976r PJUdputDeHdZnkRdE6OEFo0DW/doVPoFEoFo243KD7b16tB1RMgUrNi2yDRQUc0ysz VtMo+zHN+Zx9bLp+WkjzdKixAetHtOPYa8HFgFUQ= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Original-Received: from [192.168.1.102] ([213.142.97.37]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MbRfl-1oFl292fCD-00boPu; Mon, 11 Apr 2022 18:50:08 +0200 Content-Language: en-US X-Provags-ID: V03:K1:7SahJosj1rHk9jfqK8ite8kQQ7EFT2Cl1KFcByf/kUqSei71324 x4R18kXTVX4P7JYBIG2h+hRpIzq06zOx8H0d/DKQIIIgoOJ2G3vHryqhYx2x8B/TLLalKOI lUA3yK+Rxz8UN2DvFk/tQe6ipYdfnAVfyLSq1MIdbchI1WllioV2R0qLUa2AG6IIOs1/j/7 mUlBJzlsQSoSRVRlBi9Bg== X-UI-Out-Filterresults: notjunk:1;V03:K0:uBiPpbupVuw=:zwCoPis2FiFF2o8le5wuwb 2GFUwQZFIvme1UO9+vtGV4CvBoCnCdx4jKvbxjaQZX/Q9gtfxCGgWHQmDnAJcVYNVX5JkU74P vF/obH1xW8XanUuixRrDY99E/d7u4Qf5VNwDf3Lm3rjXeeB/Vm2oYAli1U/d5NbtceyIEuPsp arv7NRZJRXV8Db/RhQZp3hyimvTFJiSlOJhUaUF/ne2Mr9VbLAj7Y0D5iARB7cgGOPAHTaiYG O84yGRs8ek+WdiD8MNB65WNTnvGMsSw0LpVY1a1og7gXONRk+IVSbS4+ItuxncGJdq9zLcVur TTKfzXpIiPseNid/rtkDc+evr6sFZPpNCpeTMpCdwLc0YTpSsQa4zenBVJE2QaJQvOJ7wNVRF 4g6OweeRhA//Jm2N/ZKUvHrkiJs9Flm1LAtv4A4GbIWhf/HRWKHiIlaylt//Vrr2bT/mmJyaS WreAzV8AUWqTTqaGUNAlf2MbB9BCe72cx9l3dbQzh+hrkXRdJjSxZZhgdW3xMj+J0QUYDimt4 BfjCapVNauw7Y8ZwGMQhOMCjUEf/xMfvQLrBj2Uab5MEMO11W8aOvoaf9zD/YRtQKh75mqdef CDmh4oZ7L0BgHcmUGuiASAbCS7v2K+h2lMZT6e00jUTBYWEkj7tMNVg72E0rfp0uiil0m8gBP qTlhsYvUIJbdTdx8F+jCZOxkCYY7/3tH5qtxYEWUsXx3y9jvt2p/w2dCq7DLsj/gmlyCzfD7Z Sn3HwxceDlY6uMATJ+FNCBAaaItRb6v5npVpORszMMecoHDkQD6BELr6x5wRm86TJQYdN6Uz Received-SPF: pass client-ip=212.227.17.22; envelope-from=rudalics@gmx.at; helo=mout.gmx.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:229729 Archived-At: commit c4921d1157a2e3e15b1d779a6bdf768e307275dd Author: Po Lu Date: Fri Apr 8 17:00:37 2022 +0800 Fix GC marking of input events with devices * src/keyboard.c (mark_kboards): * src/pgtkterm.c (mark_pgtkterm): Mark `device' as well. reliably segfaults my patched version of Emacs. Note that the line numbers of backtraces are not those of master since I have made local changes to many of the involved files. I have not tried to reproduce the crashes on master itself because the program to produce the crashes uses too many constructs that are not available on master. A typical crash produced the backtrace below in an -Og -g3 build (-O0 builds hardly crash that way, if ever). Note that in my keyboard.c line 13102 actually is mark_object (event->ie.device); The associated event is always a HELP_EVENT. If you need further information, please tell me. martin Thread 1 "emacs" received signal SIGSEGV, Segmentation fault. 0x0000000000596e69 in symbol_marked_p (s=s@entry=0x800000a971a0) at ../../src/pdumper.h:166 166 return dump_public.start <= obj_addr && obj_addr < dump_public.end; (gdb) bt #0 0x0000000000596e69 in symbol_marked_p (s=s@entry=0x800000a971a0) at ../../src/pdumper.h:166 #1 0x000000000059ba10 in process_mark_stack (base_sp=base_sp@entry=0) at ../../src/alloc.c:6928 #2 0x000000000059bc44 in mark_object (obj=XIL(0x7fffffffcc40)) at ../../src/alloc.c:7020 #3 0x000000000054358e in mark_kboards () at ../../src/keyboard.c:13102 #4 0x000000000059c0d2 in garbage_collect () at ../../src/alloc.c:6181 #5 0x000000000059c402 in maybe_garbage_collect () at ../../src/alloc.c:6085 #6 0x00000000005c1ee8 in maybe_gc () at ../../src/lisp.h:5523 #7 0x00000000005c1ee8 in eval_sub (form=form@entry=XIL(0x7ffff422645b)) at ../../src/eval.c:2288 #8 0x00000000005c5201 in Feval (form=form@entry=XIL(0x7ffff422645b), lexical=lexical@entry=XIL(0)) at ../../src/eval.c:2240 #9 0x000000000052d4a5 in eval_dyn (form=form@entry=XIL(0x7ffff422645b)) at ../../src/lisp.h:1161 #10 0x00000000005bdc65 in internal_condition_case_1 (bfun=bfun@entry=0x52d497 , arg=arg@entry=XIL(0x7ffff422645b), handlers=handlers@entry=XIL(0x90), hfun=hfun@entry=0x52d599 ) at ../../src/eval.c:1474 #11 0x0000000000537182 in menu_item_eval_property (sexpr=sexpr@entry=XIL(0x7ffff422645b)) at ../../src/lisp.h:1161 #12 0x0000000000538856 in parse_tool_bar_item (key=, item=) at ../../src/lisp.h:1925 #13 0x0000000000538ac3 in process_tool_bar_item (key=, def=, data=, args=) at ../../src/keyboard.c:8840 #14 0x0000000000544685 in map_keymap_item (fun=fun@entry=0x53888d , args=args@entry=XIL(0), key=, val=, data=data@entry=0x0) at ../../src/keymap.c:507 #15 0x00000000005467be in map_keymap_internal (map=map@entry=XIL(0x1990b23), fun=fun@entry=0x53888d , args=args@entry=XIL(0), data=data@entry=0x0) at ../../src/lisp.h:1498 #16 0x0000000000547fa0 in map_keymap (map=XIL(0x1990b23), fun=fun@entry=0x53888d , args=args@entry=XIL(0), data=data@entry=0x0, autoload=autoload@entry=true) at ../../src/keymap.c:599 #17 0x000000000053a136 in tool_bar_items (reuse=, nitems=nitems@entry=0x7fffffffc27c) at ../../src/lisp.h:1161 #18 0x0000000000437b04 in update_tool_bar (f=f@entry=0x170e088, save_match_data=save_match_data@entry=false) at ../../src/xdisp.c:14151 #19 0x00000000004636c7 in prepare_menu_bars () at ../../src/xdisp.c:13068 #20 0x0000000000466867 in redisplay_internal () at ../../src/xdisp.c:15814 #21 0x0000000000467f57 in redisplay_preserve_echo_area (from_where=from_where@entry=2) at ../../src/xdisp.c:16554 #22 0x000000000041bd4f in Fredisplay (force=XIL(0x30)) at ../../src/dispnew.c:6215 #23 0x00000000005c22cd in eval_sub (form=) at ../../src/lisp.h:2183 #24 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451 #25 0x00000000005c4c69 in FletX (args=XIL(0xea3433)) at ../../src/lisp.h:1504 #26 0x00000000005c20ce in eval_sub (form=) at ../../src/lisp.h:2183 #27 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451 #28 0x00000000005c20ce in eval_sub (form=) at ../../src/lisp.h:2183 #29 0x00000000005c2ac8 in Fif (args=XIL(0xea2413)) at ../../src/lisp.h:1504 #30 0x00000000005c20ce in eval_sub (form=) at ../../src/lisp.h:2183 #31 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451 #32 0x00000000005c1b0a in funcall_lambda (fun=XIL(0xea2683), nargs=nargs@entry=0, arg_vector=arg_vector@entry=0x7fffffffdb18) at ../../src/lisp.h:1504 #33 0x00000000005bf2bc in funcall_general (fun=, numargs=numargs@entry=0, args=args@entry=0x7fffffffdb18) at ../../src/eval.c:2835 #34 0x00000000005bf484 in Ffuncall (nargs=1, args=0x7fffffffdb10) at ../../src/eval.c:2873 #35 0x00000000005c21ba in eval_sub (form=) at ../../src/lisp.h:2183 #36 0x00000000005c2a85 in Fprogn (body=XIL(0x103afd3), body@entry=XIL(0x103ab13)) at ../../src/eval.c:451 #37 0x00000000005c2aa0 in prog_ignore (body=body@entry=XIL(0x103ab13)) at ../../src/eval.c:462 #38 0x00000000005c3259 in Fwhile (args=) at ../../src/eval.c:1030 #39 0x00000000005c20ce in eval_sub (form=) at ../../src/lisp.h:2183 #40 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451 #41 0x00000000005c4894 in Flet (args=XIL(0x103abb3)) at ../../src/lisp.h:1504 #42 0x00000000005c20ce in eval_sub (form=) at ../../src/lisp.h:2183 #43 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451 #44 0x00000000005c1b0a in funcall_lambda (fun=XIL(0x103abd3), nargs=nargs@entry=0, arg_vector=arg_vector@entry=0x7fffffffe160) at ../../src/lisp.h:1504 #45 0x00000000005bf2bc in funcall_general (fun=, numargs=numargs@entry=0, args=args@entry=0x7fffffffe160) at ../../src/eval.c:2835 #46 0x00000000005bf484 in Ffuncall (nargs=nargs@entry=1, args=args@entry=0x7fffffffe158) at ../../src/eval.c:2873 #47 0x00000000005b98a4 in Ffuncall_interactively (nargs=1, args=0x7fffffffe158) at ../../src/callint.c:260 #48 0x00000000005c10eb in funcall_subr (subr=0xa20900 , numargs=numargs@entry=1, args=args@entry=0x7fffffffe158) at ../../src/eval.c:2938 #49 0x00000000005bf06f in funcall_general (fun=, numargs=numargs@entry=1, args=args@entry=0x7fffffffe158) at ../../src/lisp.h:2183 #50 0x00000000005bf484 in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffe150) at ../../src/eval.c:2873 #51 0x00000000005bffbc in Fapply (nargs=nargs@entry=3, args=args@entry=0x7fffffffe150) at ../../src/eval.c:2503 #52 0x00000000005ba4dc in Fcall_interactively (function=XIL(0x201a90), record_flag=XIL(0), keys=XIL(0x7ffff452ec85)) at ../../src/lisp.h:1161 #53 0x00000000005c103a in funcall_subr (subr=0xa208c0 , numargs=numargs@entry=3, args=args@entry=0x7ffff36c3070) at ../../src/eval.c:2915 #54 0x0000000000608355 in exec_byte_code (fun=, fun@entry=XIL(0x7ffff3e5254d), args_template=, args_template@entry=1025, nargs=, nargs@entry=1, args=, args@entry=0x7fffffffe4e8) at ../../src/lisp.h:2183 #55 0x00000000005c0b78 in fetch_and_exec_byte_code (fun=fun@entry=XIL(0x7ffff3e5254d), args_template=args_template@entry=1025, nargs=nargs@entry=1, args=args@entry=0x7fffffffe4e8) at ../../src/eval.c:2960 #56 0x00000000005c159f in funcall_lambda (fun=XIL(0x7ffff3e5254d), nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffe4e8) at ../../src/lisp.h:1280 #57 0x00000000005bf119 in funcall_general (fun=, numargs=numargs@entry=1, args=args@entry=0x7fffffffe4e8) at ../../src/eval.c:2823 #58 0x00000000005bf484 in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffe4e0) at ../../src/eval.c:2873 #59 0x0000000000540a33 in call1 (arg1=, fn=XIL(0x4740)) at ../../src/lisp.h:3216 #60 0x0000000000540a33 in command_loop_1 () at ../../src/keyboard.c:1515 #61 0x00000000005bdbef in internal_condition_case (bfun=bfun@entry=0x54043e , handlers=handlers@entry=XIL(0x90), hfun=hfun@entry=0x53378a ) at ../../src/eval.c:1450 #62 0x000000000052d3a9 in command_loop_2 (handlers=handlers@entry=XIL(0x90)) at ../../src/keyboard.c:1142 #63 0x00000000005bdb66 in internal_catch (tag=tag@entry=XIL(0xf360), func=func@entry=0x52d38f , arg=arg@entry=XIL(0x90)) at ../../src/eval.c:1180 #64 0x000000000052d371 in command_loop () at ../../src/lisp.h:1161 #65 0x000000000053331e in recursive_edit_1 () at ../../src/keyboard.c:729 #66 0x00000000005336b6 in Frecursive_edit () at ../../src/keyboard.c:812 #67 0x000000000052c93a in main (argc=4, argv=0x7fffffffe788) at ../../src/emacs.c:2447 [Thread 0x7ffff0990700 (LWP 20915) exited] Lisp Backtrace: "Automatic GC" (0x0) "redisplay_internal (C function)" (0x0) "redisplay" (0xffffd6e0) "let*" (0xffffd848) "progn" (0xffffd918) "if" (0xffffd9d8) "chaos-11" (0xffffdb18) "funcall" (0xffffdb10) "while" (0xffffdc88) "let" (0xffffddc8) "chaos-run" (0xffffe160) "funcall-interactively" (0xffffe158) "call-interactively" (0xf36c3070) "command-execute" (0xffffe4e8) (gdb) frame 3 #3 0x000000000054358e in mark_kboards () at ../../src/keyboard.c:13102 13102 mark_object (event->ie.device); (gdb) p event->kind $1 = HELP_EVENT (gdb) p event->ie.device $1 = XIL(0x7fffffffcab0) (gdb) xpr Lisp_Symbol $2 = (struct Lisp_Symbol *) 0x800000a97010 Cannot access memory at address 0x800000a97018 (gdb)