[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#54859: Crash in marking of input events with devices
|
From: |
martin rudalics |
|
Subject: |
bug#54859: Crash in marking of input events with devices |
|
Date: |
Mon, 11 Apr 2022 18:50:07 +0200 |
commit c4921d1157a2e3e15b1d779a6bdf768e307275dd
Author: Po Lu <luangruo@yahoo.com>
Date: Fri Apr 8 17:00:37 2022 +0800
Fix GC marking of input events with devices
* src/keyboard.c (mark_kboards):
* src/pgtkterm.c (mark_pgtkterm): Mark `device' as well.
reliably segfaults my patched version of Emacs. Note that the line
numbers of backtraces are not those of master since I have made local
changes to many of the involved files. I have not tried to reproduce
the crashes on master itself because the program to produce the crashes
uses too many constructs that are not available on master.
A typical crash produced the backtrace below in an -Og -g3 build (-O0
builds hardly crash that way, if ever). Note that in my keyboard.c line
13102 actually is
mark_object (event->ie.device);
The associated event is always a HELP_EVENT. If you need further
information, please tell me.
martin
Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x0000000000596e69 in symbol_marked_p (s=s@entry=0x800000a971a0) at
../../src/pdumper.h:166
166 return dump_public.start <= obj_addr && obj_addr < dump_public.end;
(gdb) bt
#0 0x0000000000596e69 in symbol_marked_p (s=s@entry=0x800000a971a0) at
../../src/pdumper.h:166
#1 0x000000000059ba10 in process_mark_stack (base_sp=base_sp@entry=0) at
../../src/alloc.c:6928
#2 0x000000000059bc44 in mark_object (obj=XIL(0x7fffffffcc40)) at
../../src/alloc.c:7020
#3 0x000000000054358e in mark_kboards () at ../../src/keyboard.c:13102
#4 0x000000000059c0d2 in garbage_collect () at ../../src/alloc.c:6181
#5 0x000000000059c402 in maybe_garbage_collect () at ../../src/alloc.c:6085
#6 0x00000000005c1ee8 in maybe_gc () at ../../src/lisp.h:5523
#7 0x00000000005c1ee8 in eval_sub (form=form@entry=XIL(0x7ffff422645b)) at
../../src/eval.c:2288
#8 0x00000000005c5201 in Feval (form=form@entry=XIL(0x7ffff422645b),
lexical=lexical@entry=XIL(0)) at ../../src/eval.c:2240
#9 0x000000000052d4a5 in eval_dyn (form=form@entry=XIL(0x7ffff422645b)) at
../../src/lisp.h:1161
#10 0x00000000005bdc65 in internal_condition_case_1 (bfun=bfun@entry=0x52d497
<eval_dyn>, arg=arg@entry=XIL(0x7ffff422645b), handlers=handlers@entry=XIL(0x90),
hfun=hfun@entry=0x52d599 <menu_item_eval_property_1>) at ../../src/eval.c:1474
#11 0x0000000000537182 in menu_item_eval_property
(sexpr=sexpr@entry=XIL(0x7ffff422645b)) at ../../src/lisp.h:1161
#12 0x0000000000538856 in parse_tool_bar_item (key=<optimized out>,
item=<optimized out>) at ../../src/lisp.h:1925
#13 0x0000000000538ac3 in process_tool_bar_item (key=<optimized out>, def=<optimized out>,
data=<optimized out>, args=<optimized out>) at ../../src/keyboard.c:8840
#14 0x0000000000544685 in map_keymap_item (fun=fun@entry=0x53888d <process_tool_bar_item>,
args=args@entry=XIL(0), key=<optimized out>, val=<optimized out>,
data=data@entry=0x0) at ../../src/keymap.c:507
#15 0x00000000005467be in map_keymap_internal (map=map@entry=XIL(0x1990b23),
fun=fun@entry=0x53888d <process_tool_bar_item>, args=args@entry=XIL(0),
data=data@entry=0x0) at ../../src/lisp.h:1498
#16 0x0000000000547fa0 in map_keymap (map=XIL(0x1990b23), fun=fun@entry=0x53888d
<process_tool_bar_item>, args=args@entry=XIL(0), data=data@entry=0x0,
autoload=autoload@entry=true) at ../../src/keymap.c:599
#17 0x000000000053a136 in tool_bar_items (reuse=<optimized out>,
nitems=nitems@entry=0x7fffffffc27c) at ../../src/lisp.h:1161
#18 0x0000000000437b04 in update_tool_bar (f=f@entry=0x170e088,
save_match_data=save_match_data@entry=false) at ../../src/xdisp.c:14151
#19 0x00000000004636c7 in prepare_menu_bars () at ../../src/xdisp.c:13068
#20 0x0000000000466867 in redisplay_internal () at ../../src/xdisp.c:15814
#21 0x0000000000467f57 in redisplay_preserve_echo_area
(from_where=from_where@entry=2) at ../../src/xdisp.c:16554
#22 0x000000000041bd4f in Fredisplay (force=XIL(0x30)) at
../../src/dispnew.c:6215
#23 0x00000000005c22cd in eval_sub (form=<optimized out>) at
../../src/lisp.h:2183
#24 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451
#25 0x00000000005c4c69 in FletX (args=XIL(0xea3433)) at ../../src/lisp.h:1504
#26 0x00000000005c20ce in eval_sub (form=<optimized out>) at
../../src/lisp.h:2183
#27 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451
#28 0x00000000005c20ce in eval_sub (form=<optimized out>) at
../../src/lisp.h:2183
#29 0x00000000005c2ac8 in Fif (args=XIL(0xea2413)) at ../../src/lisp.h:1504
#30 0x00000000005c20ce in eval_sub (form=<optimized out>) at
../../src/lisp.h:2183
#31 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451
#32 0x00000000005c1b0a in funcall_lambda (fun=XIL(0xea2683),
nargs=nargs@entry=0, arg_vector=arg_vector@entry=0x7fffffffdb18) at
../../src/lisp.h:1504
#33 0x00000000005bf2bc in funcall_general (fun=<optimized out>,
numargs=numargs@entry=0, args=args@entry=0x7fffffffdb18) at ../../src/eval.c:2835
#34 0x00000000005bf484 in Ffuncall (nargs=1, args=0x7fffffffdb10) at
../../src/eval.c:2873
#35 0x00000000005c21ba in eval_sub (form=<optimized out>) at
../../src/lisp.h:2183
#36 0x00000000005c2a85 in Fprogn (body=XIL(0x103afd3),
body@entry=XIL(0x103ab13)) at ../../src/eval.c:451
#37 0x00000000005c2aa0 in prog_ignore (body=body@entry=XIL(0x103ab13)) at
../../src/eval.c:462
#38 0x00000000005c3259 in Fwhile (args=<optimized out>) at ../../src/eval.c:1030
#39 0x00000000005c20ce in eval_sub (form=<optimized out>) at
../../src/lisp.h:2183
#40 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451
#41 0x00000000005c4894 in Flet (args=XIL(0x103abb3)) at ../../src/lisp.h:1504
#42 0x00000000005c20ce in eval_sub (form=<optimized out>) at
../../src/lisp.h:2183
#43 0x00000000005c2a85 in Fprogn (body=XIL(0)) at ../../src/eval.c:451
#44 0x00000000005c1b0a in funcall_lambda (fun=XIL(0x103abd3),
nargs=nargs@entry=0, arg_vector=arg_vector@entry=0x7fffffffe160) at
../../src/lisp.h:1504
#45 0x00000000005bf2bc in funcall_general (fun=<optimized out>,
numargs=numargs@entry=0, args=args@entry=0x7fffffffe160) at ../../src/eval.c:2835
#46 0x00000000005bf484 in Ffuncall (nargs=nargs@entry=1,
args=args@entry=0x7fffffffe158) at ../../src/eval.c:2873
#47 0x00000000005b98a4 in Ffuncall_interactively (nargs=1, args=0x7fffffffe158)
at ../../src/callint.c:260
#48 0x00000000005c10eb in funcall_subr (subr=0xa20900 <Sfuncall_interactively>,
numargs=numargs@entry=1, args=args@entry=0x7fffffffe158) at ../../src/eval.c:2938
#49 0x00000000005bf06f in funcall_general (fun=<optimized out>,
numargs=numargs@entry=1, args=args@entry=0x7fffffffe158) at ../../src/lisp.h:2183
#50 0x00000000005bf484 in Ffuncall (nargs=nargs@entry=2,
args=args@entry=0x7fffffffe150) at ../../src/eval.c:2873
#51 0x00000000005bffbc in Fapply (nargs=nargs@entry=3,
args=args@entry=0x7fffffffe150) at ../../src/eval.c:2503
#52 0x00000000005ba4dc in Fcall_interactively (function=XIL(0x201a90),
record_flag=XIL(0), keys=XIL(0x7ffff452ec85)) at ../../src/lisp.h:1161
#53 0x00000000005c103a in funcall_subr (subr=0xa208c0 <Scall_interactively>,
numargs=numargs@entry=3, args=args@entry=0x7ffff36c3070) at ../../src/eval.c:2915
#54 0x0000000000608355 in exec_byte_code (fun=<optimized out>, fun@entry=XIL(0x7ffff3e5254d),
args_template=<optimized out>, args_template@entry=1025, nargs=<optimized out>,
nargs@entry=1, args=<optimized out>, args@entry=0x7fffffffe4e8) at ../../src/lisp.h:2183
#55 0x00000000005c0b78 in fetch_and_exec_byte_code
(fun=fun@entry=XIL(0x7ffff3e5254d), args_template=args_template@entry=1025,
nargs=nargs@entry=1, args=args@entry=0x7fffffffe4e8) at ../../src/eval.c:2960
#56 0x00000000005c159f in funcall_lambda (fun=XIL(0x7ffff3e5254d),
nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffe4e8) at
../../src/lisp.h:1280
#57 0x00000000005bf119 in funcall_general (fun=<optimized out>,
numargs=numargs@entry=1, args=args@entry=0x7fffffffe4e8) at ../../src/eval.c:2823
#58 0x00000000005bf484 in Ffuncall (nargs=nargs@entry=2,
args=args@entry=0x7fffffffe4e0) at ../../src/eval.c:2873
#59 0x0000000000540a33 in call1 (arg1=<optimized out>, fn=XIL(0x4740)) at
../../src/lisp.h:3216
#60 0x0000000000540a33 in command_loop_1 () at ../../src/keyboard.c:1515
#61 0x00000000005bdbef in internal_condition_case (bfun=bfun@entry=0x54043e
<command_loop_1>, handlers=handlers@entry=XIL(0x90), hfun=hfun@entry=0x53378a
<cmd_error>) at ../../src/eval.c:1450
#62 0x000000000052d3a9 in command_loop_2 (handlers=handlers@entry=XIL(0x90)) at
../../src/keyboard.c:1142
#63 0x00000000005bdb66 in internal_catch (tag=tag@entry=XIL(0xf360),
func=func@entry=0x52d38f <command_loop_2>, arg=arg@entry=XIL(0x90)) at
../../src/eval.c:1180
#64 0x000000000052d371 in command_loop () at ../../src/lisp.h:1161
#65 0x000000000053331e in recursive_edit_1 () at ../../src/keyboard.c:729
#66 0x00000000005336b6 in Frecursive_edit () at ../../src/keyboard.c:812
#67 0x000000000052c93a in main (argc=4, argv=0x7fffffffe788) at
../../src/emacs.c:2447
[Thread 0x7ffff0990700 (LWP 20915) exited]
Lisp Backtrace:
"Automatic GC" (0x0)
"redisplay_internal (C function)" (0x0)
"redisplay" (0xffffd6e0)
"let*" (0xffffd848)
"progn" (0xffffd918)
"if" (0xffffd9d8)
"chaos-11" (0xffffdb18)
"funcall" (0xffffdb10)
"while" (0xffffdc88)
"let" (0xffffddc8)
"chaos-run" (0xffffe160)
"funcall-interactively" (0xffffe158)
"call-interactively" (0xf36c3070)
"command-execute" (0xffffe4e8)
(gdb) frame 3
#3 0x000000000054358e in mark_kboards () at ../../src/keyboard.c:13102
13102 mark_object (event->ie.device);
(gdb) p event->kind
$1 = HELP_EVENT
(gdb) p event->ie.device
$1 = XIL(0x7fffffffcab0)
(gdb) xpr
Lisp_Symbol
$2 = (struct Lisp_Symbol *) 0x800000a97010
Cannot access memory at address 0x800000a97018
(gdb)
- bug#54859: Crash in marking of input events with devices,
martin rudalics <=