On 8 October 2016 at 16:34, Eli Zaretskii <eliz@gnu.org> wrote:

> > From: Reuben Thomas <rrt@sc3d.org>
> > Date: Sat, 8 Oct 2016 16:26:30 +0100
> > Cc: 24640@debbugs.gnu.org
> >
> >  Well, can you tell why it crashed this time? IOW, what was the
> >  immediate cause of SIGSEGV?
> >
> > ​Exactly the same as before: crashed while lazy-reloading in desktop.el.
> At the same point as before, as far as
> > I can tell.
>
> No, I meant the immediate cause of SIGSEGV, one frame below the one
> which invokes the signal handler.  There must be some bad data there,
> what it is?
>

​Here's the current C backtrace:

#0  0x000000000054aa44 in mark_object (arg=<optimised out>) at alloc.c:6488
#1  0x000000000054a8fe in mark_object (arg=<optimised out>) at alloc.c:6452
#2  0x000000000054a8fe in mark_object (arg=<optimised out>) at alloc.c:6452
#3  0x000000000054a9cb in mark_object (arg=<optimised out>) at alloc.c:6539
#4  0x000000000054a9cb in mark_object (arg=<optimised out>) at alloc.c:6539
#5  0x000000000054b20c in Fgarbage_collect (end=0x7fffffff9a28) at
alloc.c:5745
#6  0x000000000054b20c in Fgarbage_collect () at alloc.c:5979
#7  0x000000000059979e in exec_byte_code () at lisp.h:4656
#8  0x000000000059979e in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=6, args=<optimised out>, args@entry=0x937914
<pure+912340>) at bytecode.c:714
#9  0x0000000000562976 in funcall_lambda (fun=140737488330544,
nargs=nargs@entry=6, arg_vector=0x937914 <pure+912340>,
    arg_vector@entry=0x7fffffff9ea0) at eval.c:2855
#10 0x0000000000562c3b in Ffuncall (nargs=nargs@entry=7,
args=args@entry=0x7fffffff9e98)
at eval.c:2754
#11 0x00000000005641d4 in Fapply (nargs=7, args=0x7fffffff9e98) at
eval.c:2278
#12 0x0000000000562d41 in Ffuncall (nargs=8, args=args@entry=0x7fffffff9e90)
at eval.c:2673
#13 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=3, args=<optimised out>, args@entry=0x236a3d4) at
bytecode.c:880
#14 0x0000000000562976 in funcall_lambda (fun=140737488331264,
nargs=nargs@entry=3, arg_vector=0x236a3d4,
    arg_vector@entry=0x7fffffffa188) at eval.c:2855
#15 0x0000000000562c3b in Ffuncall (nargs=nargs@entry=4,
args=args@entry=0x7fffffffa180)
at eval.c:2754
#16 0x00000000005641d4 in Fapply (nargs=4, args=0x7fffffffa180) at
eval.c:2278
#17 0x0000000000562d41 in Ffuncall (nargs=5, args=args@entry=0x7fffffffa178)
at eval.c:2673
#18 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=2, args=<optimised out>, args@entry=0x240e244) at
bytecode.c:880
#19 0x0000000000562976 in funcall_lambda (fun=140737488332048,
nargs=nargs@entry=2, arg_vector=0x240e244,
    arg_vector@entry=0x7fffffffa318) at eval.c:2855
#20 0x0000000000562c3b in Ffuncall (nargs=nargs@entry=3,
args=0x7fffffffa310) at eval.c:2754
#21 0x0000000000564020 in Fapply (nargs=<optimised out>,
args=0x7fffffffa488) at eval.c:2321
#22 0x0000000000562d41 in Ffuncall (nargs=3, args=args@entry=0x7fffffffa480)
at eval.c:2673
#23 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=3, args=<optimised out>, args@entry=0x22fa6f4) at
bytecode.c:880
#24 0x0000000000562976 in funcall_lambda (fun=140737488332496,
nargs=nargs@entry=3, arg_vector=0x22fa6f4,
    arg_vector@entry=0x7fffffffa638) at eval.c:2855
#25 0x0000000000562c3b in Ffuncall (nargs=4, args=args@entry=0x7fffffffa630)
at eval.c:2754
#26 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=1, args=<optimised out>, args@entry=0x2b7d384) at
bytecode.c:880
#27 0x0000000000562976 in funcall_lambda (fun=140737488332992,
nargs=nargs@entry=1, arg_vector=0x2b7d384,
    arg_vector@entry=0x7fffffffa800) at eval.c:2855
#28 0x0000000000562c3b in Ffuncall (nargs=2, args=args@entry=0x7fffffffa7f8)
at eval.c:2754
#29 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=1, args=<optimised out>, args@entry=0x2b7d564) at
bytecode.c:880
#30 0x0000000000562976 in funcall_lambda (fun=140737488333712,
nargs=nargs@entry=1, arg_vector=0x2b7d564,
    arg_vector@entry=0x7fffffffab08) at eval.c:2855
#31 0x0000000000562c3b in Ffuncall (nargs=nargs@entry=2,
args=args@entry=0x7fffffffab00)
at eval.c:2754
#32 0x00000000005641d4 in Fapply (nargs=2, args=0x7fffffffab00) at
eval.c:2278
#33 0x0000000000562d41 in Ffuncall (nargs=3, args=args@entry=0x7fffffffaaf8)
at eval.c:2673
#34 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>,
args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimised
out>, args@entry=0x0) at bytecode.c:880
#35 0x000000000056283f in funcall_lambda (fun=10562237, nargs=nargs@entry=3,
arg_vector=arg_vector@entry=0x7fffffffad20)
    at eval.c:2921
#36 0x0000000000562c3b in Ffuncall (nargs=4, args=args@entry=0x7fffffffad18)
at eval.c:2754
#37 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>,
args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimised
out>, args@entry=0x0) at bytecode.c:880
#38 0x000000000056283f in funcall_lambda (fun=10569021, nargs=nargs@entry=2,
arg_vector=arg_vector@entry=0x7fffffffaf60)
    at eval.c:2921
#39 0x0000000000562c3b in Ffuncall (nargs=3, args=args@entry=0x7fffffffaf58)
at eval.c:2754
#40 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>,
args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimised
out>, args@entry=0x0) at bytecode.c:880
#41 0x000000000056283f in funcall_lambda (fun=10570821, nargs=nargs@entry=0,
arg_vector=arg_vector@entry=0x7fffffffb1a8)
    at eval.c:2921
#42 0x0000000000562c3b in Ffuncall (nargs=1, args=args@entry=0x7fffffffb1a0)
at eval.c:2754
#43 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=0, args=<optimised out>, args@entry=0x2e5f674) at
bytecode.c:880
#44 0x0000000000562976 in funcall_lambda (fun=140737488335872,
nargs=nargs@entry=0, arg_vector=0x2e5f674,
    arg_vector@entry=0x7fffffffb388) at eval.c:2855
#45 0x0000000000562c3b in Ffuncall (nargs=1, args=args@entry=0x7fffffffb380)
at eval.c:2754
#46 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=0, args=<optimised out>, args@entry=0x2e605a4) at
bytecode.c:880
#47 0x0000000000562976 in funcall_lambda (fun=140737488336320,
nargs=nargs@entry=0, arg_vector=0x2e605a4,
    arg_vector@entry=0x7fffffffb530) at eval.c:2855
#48 0x0000000000562c3b in Ffuncall (nargs=1, args=args@entry=0x7fffffffb528)
at eval.c:2754
#49 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_temp---Type <return>
to continue, or q <return> to quit---
late=<optimised out>, nargs=nargs@entry=1, args=<optimised out>,
args@entry=0x2e56384)
at bytecode.c:880
#50 0x0000000000562976 in funcall_lambda (fun=140737488336944,
nargs=nargs@entry=1, arg_vector=0x2e56384,
    arg_vector@entry=0x7fffffffb7b0) at eval.c:2855
#51 0x0000000000562c3b in Ffuncall (nargs=2, args=args@entry=0x7fffffffb7a8)
at eval.c:2754
#52 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=10, args=<optimised out>, args@entry=0x2ca3794) at
bytecode.c:880
#53 0x0000000000562976 in funcall_lambda (fun=140737488337792,
nargs=nargs@entry=10, arg_vector=0x2ca3794,
    arg_vector@entry=0x7fffffffb948) at eval.c:2855
#54 0x0000000000562c3b in Ffuncall (nargs=nargs@entry=11,
args=0x7fffffffb940) at eval.c:2754
#55 0x0000000000564020 in Fapply (nargs=<optimised out>,
args=0x7fffffffbb00) at eval.c:2321
#56 0x0000000000562d41 in Ffuncall (nargs=3, args=args@entry=0x7fffffffbaf8)
at eval.c:2673
#57 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=0, args=<optimised out>, args@entry=0x2ca8ab4) at
bytecode.c:880
#58 0x0000000000562976 in funcall_lambda (fun=140737488338240,
nargs=nargs@entry=0, arg_vector=0x2ca8ab4,
    arg_vector@entry=0x7fffffffbcb0) at eval.c:2855
#59 0x0000000000562c3b in Ffuncall (nargs=1, args=args@entry=0x7fffffffbca8)
at eval.c:2754
#60 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>, args_template=<optimised
out>, nargs=nargs@entry=0, args=<optimised out>, args@entry=0x2caaed4) at
bytecode.c:880
#61 0x0000000000562976 in funcall_lambda (fun=140737488338960,
nargs=nargs@entry=0, arg_vector=0x2caaed4,
    arg_vector@entry=0x7fffffffbf88) at eval.c:2855
#62 0x0000000000562c3b in Ffuncall (nargs=nargs@entry=1,
args=args@entry=0x7fffffffbf80)
at eval.c:2754
#63 0x00000000005641bc in Fapply (nargs=2, args=0x7fffffffbf80) at
eval.c:2274
#64 0x0000000000562d41 in Ffuncall (nargs=3, args=args@entry=0x7fffffffbf78)
at eval.c:2673
#65 0x00000000005975d3 in exec_byte_code (bytestr=<optimised out>,
vector=<optimised out>, maxdepth=<optimised out>,
args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimised
out>, args@entry=0x0) at bytecode.c:880
#66 0x000000000056283f in funcall_lambda (fun=10146693, nargs=nargs@entry=1,
arg_vector=arg_vector@entry=0x7fffffffc198)
    at eval.c:2921
#67 0x0000000000562c3b in Ffuncall (nargs=nargs@entry=2,
args=args@entry=0x7fffffffc190)
at eval.c:2754
#68 0x0000000000562f3a in call1 (fn=fn@entry=45264, arg1=arg1@entry=46400381)
at eval.c:2552
#69 0x00000000004f49c8 in timer_check (idle_timers=<optimised out>,
timers=<optimised out>) at keyboard.c:4427
#70 0x00000000004f49c8 in timer_check () at keyboard.c:4489
#71 0x00000000004f4d89 in readable_events (flags=flags@entry=1) at
keyboard.c:3328
#72 0x00000000004f6608 in get_input_pending (flags=flags@entry=1) at
keyboard.c:6725
#73 0x00000000004f8d78 in detect_input_pending_run_timers
(do_display=do_display@entry=true) at keyboard.c:9862
#74 0x00000000005a2abb in wait_reading_process_output
(time_limit=time_limit@entry=30, nsecs=nsecs@entry=0,
read_kbd=read_kbd@entry=-1, do_display=do_display@entry=true,
wait_for_cell=wait_for_cell@entry=0, wait_proc=wait_proc@entry=0x0,
just_wait_proc=0) at process.c:4958
#75 0x0000000000422e12 in sit_for (timeout=<optimised out>,
reading=reading@entry=true, display_option=display_option@entry=1) at
dispnew.c:5762
#76 0x00000000004fb273 in read_char (commandflag=commandflag@entry=1,
map=map@entry=76268163, prev_event=0,
used_mouse_menu=used_mouse_menu@entry=0x7fffffffce3b,
end_time=end_time@entry=0x0) at keyboard.c:2714
#77 0x00000000004fbeda in read_key_sequence
(keybuf=keybuf@entry=0x7fffffffcf10,
prompt=prompt@entry=0, dont_downcase_last=dont_downcase_last@entry=false,
can_return_switch_frame=can_return_switch_frame@entry=true,
fix_current_buffer=fix_current_buffer@entry=true,
prevent_redisplay=prevent_redisplay@entry=false, bufsize=30) at
keyboard.c:9063
#78 0x00000000004fdb26 in command_loop_1 () at keyboard.c:1365
#79 0x00000000005615b2 in internal_condition_case (bfun=bfun@entry=0x4fd920
<command_loop_1>, handlers=handlers@entry=19056, hfun=hfun@entry=0x4f4080
<cmd_error>) at eval.c:1309
#80 0x00000000004ef54c in command_loop_2 (ignore=ignore@entry=0) at
keyboard.c:1107
#81 0x0000000000561553 in internal_catch (tag=tag@entry=45840,
func=func@entry=0x4ef530 <command_loop_2>, arg=arg@entry=0)
    at eval.c:1074
#82 0x00000000004ef509 in command_loop () at keyboard.c:1086
#83 0x00000000004f3c77 in recursive_edit_1 () at keyboard.c:692
#84 0x00000000004f3fb8 in Frecursive_edit () at keyboard.c:763
#85 0x0000000000418dfe in main (argc=1, argv=0x7fffffffd298) at emacs.c:1626

​Sorry I didn't post that before, the "bt" command only gives the Lisp
backtrace, and I didn't think to try "where".​
​

​In frame #0, the code reads:

      if (XMISCANY (obj)->gcmarkbit)
        break;

at this point obj is 33, XMISCANY(obj) is 20, and gdb tells me "Cannot
access memory at address 0x20".

​If it helps, I'm happy to arrange some sort of live chat to get through
the debugging process quicker.

-- 
http://rrt.sc3d.org