bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#34256: 27.0.50; Crash on draw_glyphs()


From: Kaushal Modi
Subject: bug#34256: 27.0.50; Crash on draw_glyphs()
Date: Thu, 31 Jan 2019 22:15:43 -0500

On Thu, Jan 31, 2019 at 3:26 PM Eli Zaretskii <address@hidden> wrote:

OK, so here's a way that could potentially find the culprit:

  $ cd /path/to/emacs/src
  $ gdb ./emacs
  ...
  (gdb) source ./.gdbinit
  (gdb) break fill_image_glyph_string
  (gdb) run

(gdb) break fill_image_glyph_string
Breakpoint 3 at 0x4377e1: file xdisp.c, line 26151.
(gdb) run
Starting program: /home/kmodi/downloads/git/emacs/src/emacs
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffec3ab700 (LWP 5462)]

(emacs:5458): GLib-GIO-CRITICAL **: g_settings_schema_source_lookup: assertion 'source != NULL' failed
 

When this breakpoint breaks, type:

  (gdb) disable
  (gdb) print s->f->terminal->image_cache->images[0]
  (gdb) watch -l s->f->terminal->image_cache->images[0] if s->f->terminal->image_cache->images[0] == 0
  (gdb) continue

Thread 1 "emacs" hit Breakpoint 3, fill_image_glyph_string (
    address@hidden) at xdisp.c:26151
26151   {
(gdb) disable
(gdb) print s->f->terminal->image_cache->images[0]
$1 = (struct image *) 0x42a70b0
(gdb) watch -l s->f->terminal->image_cache->images[0] if s->f->terminal->image_cache->images[0] == 0
Hardware watchpoint 4: -location s->f->terminal->image_cache->images[0]
(gdb) continue
Continuing.
 
Then invoke the rest of your recipe.  (It could be that the breakpoint
breaks only after you invoke the last two lines of the recipe.)

warning: Watchpoint condition cannot be tested in the current scope

Thread 1 "emacs" hit Hardware watchpoint 4: -location s->f->terminal->image_cache->images[0]

Old value = (struct image *) 0x42a70b0
New value = (struct image *) 0x0
free_image (address@hidden, address@hidden) at image.c:1022
1022          if (img->picture)
 
Each time the watchpoint breaks, type

 (gdb) bt

(gdb) bt
#0  free_image (address@hidden, address@hidden) at image.c:1022
#1  0x00000000006646a1 in clear_image_cache (f=0x143b260,
    address@hidden(0xc5a0)) at image.c:1574
#2  0x000000000066a35d in Fclear_image_cache (filter=...) at image.c:1658
#3  0x00000000005cf848 in funcall_subr (subr=0xceadc0 <Sclear_image_cache>,
    address@hidden, address@hidden) at eval.c:2935
#4  0x00000000005cdc27 in Ffuncall (nargs=1, address@hidden)
    at eval.c:2860
#5  0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x4d70415), maxdepth=..., address@hidden(17),
    args_template=..., address@hidden(1024),
    address@hidden, args=<optimized out>, address@hidden)
    at bytecode.c:633
#6  0x00000000005d0e5b in funcall_lambda (address@hidden(0x4d70635),
    address@hidden, address@hidden)
    at eval.c:3058
#7  0x00000000005cdd80 in Ffuncall (nargs=1, address@hidden)
    at eval.c:2862
#8  0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x4ce79c5), maxdepth=..., address@hidden(7),
    args_template=..., address@hidden(0),
    address@hidden, args=<optimized out>, address@hidden)
    at bytecode.c:633
#9  0x00000000005d0e5b in funcall_lambda (address@hidden(0x4ce6925),
    address@hidden, address@hidden)
    at eval.c:3058
#10 0x00000000005cdd80 in Ffuncall (nargs=1, address@hidden)
    at eval.c:2862
#11 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
---Type <return> to continue, or q <return> to quit---
    address@hidden(0x7ffff32d538d), maxdepth=...,
    address@hidden(5), args_template=...,
    address@hidden(513), address@hidden,
    args=<optimized out>, address@hidden) at bytecode.c:633
#12 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff32d535d),
    address@hidden, address@hidden)
    at eval.c:3058
#13 0x00000000005cdd80 in Ffuncall (nargs=3, address@hidden)
    at eval.c:2862
#14 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x7ffff31de765), maxdepth=...,
    address@hidden(13), args_template=...,
    address@hidden(256), address@hidden,
    args=<optimized out>, address@hidden) at bytecode.c:633
#15 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff31de735),
    address@hidden, address@hidden)
    at eval.c:3058
#16 0x00000000005cdd80 in Ffuncall (nargs=1, address@hidden)
    at eval.c:2862
#17 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x60373e5), maxdepth=..., address@hidden(16),
    args_template=..., address@hidden(1026),
    address@hidden, args=<optimized out>, address@hidden)
    at bytecode.c:633
#18 0x00000000005d0e5b in funcall_lambda (address@hidden(0x60374e5),
    address@hidden, address@hidden)
    at eval.c:3058
#19 0x00000000005cdd80 in Ffuncall (nargs=5, address@hidden)
    at eval.c:2862
---Type <return> to continue, or q <return> to quit---
#20 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x3e55fd5), maxdepth=..., address@hidden(18),
    args_template=..., address@hidden(771),
    address@hidden, args=<optimized out>, address@hidden)
    at bytecode.c:633
#21 0x00000000005d0e5b in funcall_lambda (address@hidden(0x3e55365),
    address@hidden, address@hidden)
    at eval.c:3058
#22 0x00000000005cdd80 in Ffuncall (nargs=4, address@hidden)
    at eval.c:2862
#23 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x3e549b5), maxdepth=..., address@hidden(6),
    args_template=..., address@hidden(514),
    address@hidden, args=<optimized out>, address@hidden)
    at bytecode.c:633
#24 0x00000000005d0e5b in funcall_lambda (address@hidden(0x3e549d5),
    address@hidden, address@hidden)
    at eval.c:3058
#25 0x00000000005cdd80 in Ffuncall (nargs=3, address@hidden)
    at eval.c:2862
#26 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x3e54895), maxdepth=..., address@hidden(9),
    args_template=..., address@hidden(257),
    address@hidden, args=<optimized out>, address@hidden)
    at bytecode.c:633
#27 0x00000000005d0e5b in funcall_lambda (address@hidden(0x3e54945),
    address@hidden, address@hidden)
    at eval.c:3058
#28 0x00000000005cdd80 in Ffuncall (nargs=2, address@hidden)
---Type <return> to continue, or q <return> to quit---
    at eval.c:2862
#29 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x7ffff323e465), maxdepth=...,
    address@hidden(30), args_template=...,
    address@hidden(770), address@hidden,
    args=<optimized out>, address@hidden) at bytecode.c:633
#30 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff323e435),
    address@hidden, address@hidden)
    at eval.c:3058
#31 0x00000000005cdd80 in Ffuncall (nargs=4, address@hidden)
    at eval.c:2862
#32 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x7ffff323da15), maxdepth=...,
    address@hidden(14), args_template=...,
    address@hidden(771), address@hidden,
    args=<optimized out>, address@hidden) at bytecode.c:633
#33 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff323d9e5),
    address@hidden, address@hidden)
    at eval.c:3058
#34 0x00000000005cdd80 in Ffuncall (nargs=4, address@hidden)
    at eval.c:2862
#35 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x7ffff323d94d), maxdepth=...,
    address@hidden(7), args_template=...,
    address@hidden(770), address@hidden,
    args=<optimized out>, address@hidden) at bytecode.c:633
#36 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff323d91d),
    address@hidden, address@hidden)
    at eval.c:3058
---Type <return> to continue, or q <return> to quit---
#37 0x00000000005cdd80 in Ffuncall (nargs=3, address@hidden)
    at eval.c:2862
#38 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x1c09dd5), maxdepth=..., address@hidden(10),
    args_template=..., address@hidden(257),
    address@hidden, args=<optimized out>, address@hidden)
    at bytecode.c:633
#39 0x00000000005d0e5b in funcall_lambda (address@hidden(0x1c09e25),
    address@hidden, address@hidden)
    at eval.c:3058
#40 0x00000000005cdd80 in Ffuncall (nargs=2, address@hidden)
    at eval.c:2862
#41 0x00000000005cdff9 in run_hook_wrapped_funcall (nargs=<optimized out>,
    args=0x7fffffff37a0) at eval.c:2587
#42 0x00000000005cd341 in run_hook_with_args (nargs=2, args=0x7fffffff37a0,
    address@hidden <run_hook_wrapped_funcall>) at eval.c:2668
#43 0x00000000005cd4de in Frun_hook_wrapped (nargs=<optimized out>,
    args=<optimized out>) at eval.c:2602
#44 0x00000000005cf71c in funcall_subr (subr=0xce4ac0 <Srun_hook_wrapped>,
    address@hidden, address@hidden) at eval.c:2915
#45 0x00000000005cdc27 in Ffuncall (nargs=3, address@hidden)
    at eval.c:2860
#46 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x7ffff32e32bd), maxdepth=...,
    address@hidden(19), args_template=...,
    address@hidden(514), address@hidden,
    args=<optimized out>, address@hidden) at bytecode.c:633
#47 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff32e328d),
    address@hidden, address@hidden)
---Type <return> to continue, or q <return> to quit---
    at eval.c:3058
#48 0x00000000005cdd80 in Ffuncall (nargs=3, address@hidden)
    at eval.c:2862
#49 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x7ffff32e303d), maxdepth=...,
    address@hidden(27), args_template=...,
    address@hidden(512), address@hidden,
    args=<optimized out>, address@hidden) at bytecode.c:633
#50 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff32e300d),
    address@hidden, address@hidden)
    at eval.c:3058
#51 0x00000000005cdd80 in Ffuncall (nargs=3, address@hidden)
    at eval.c:2862
#52 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=...,
    address@hidden(0x7ffff3352f5d), maxdepth=...,
    address@hidden(12), args_template=...,
    address@hidden(257), address@hidden,
    args=<optimized out>, address@hidden) at bytecode.c:633
#53 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff3352f2d),
    address@hidden, address@hidden)
    at eval.c:3058
#54 0x00000000005cdd80 in Ffuncall (address@hidden,
    address@hidden) at eval.c:2862
#55 0x00000000005ccffa in internal_condition_case_n (bfun=0x5cdaef <Ffuncall>,
    address@hidden, address@hidden, handlers=...,
    address@hidden(0xc5a0), address@hidden <safe_eval_handler>)
    at eval.c:1456
#56 0x00000000004455e9 in safe__call (address@hidden,
    address@hidden, func=XIL(0x7ffff25f1c78), address@hidden)
---Type <return> to continue, or q <return> to quit---
    at xdisp.c:2644
#57 0x000000000044dd82 in safe_call (address@hidden, func=...)
    at xdisp.c:2659
#58 0x000000000044dda3 in safe_call1 (fn=..., address@hidden(0x7ffff25f1c78),
    arg=..., address@hidden(1)) at xdisp.c:2670
#59 0x000000000044e068 in handle_fontified_prop (it=0x7fffffff4520)
    at xdisp.c:3914
#60 0x0000000000455bc3 in handle_stop (address@hidden)
    at xdisp.c:3480
#61 0x0000000000455c97 in reseat (address@hidden, pos=...,
    address@hidden) at xdisp.c:6673
#62 0x0000000000456563 in init_iterator (address@hidden,
    address@hidden, charpos=1, bytepos=<optimized out>,
    row=<optimized out>, address@hidden)
    at xdisp.c:3095
#63 0x000000000045e6e1 in start_display (address@hidden,
    address@hidden, pos=...) at xdisp.c:3111
#64 0x0000000000466acf in try_window (window=..., address@hidden(0x4e72525),
    pos=..., address@hidden) at xdisp.c:17812
#65 0x000000000047c63b in redisplay_window (window=XIL(0x4e72525),
    address@hidden) at xdisp.c:17265
#66 0x000000000047e247 in redisplay_window_0 (window=...,
    address@hidden(0x4e72525)) at xdisp.c:14993
#67 0x00000000005cce92 in internal_condition_case_1 (
    address@hidden <redisplay_window_0>, arg=...,
    address@hidden(0x4e72525), handlers=...,
    address@hidden <redisplay_window_error>) at eval.c:1400
#68 0x000000000043d755 in redisplay_windows (window=...) at xdisp.c:14973
#69 0x000000000043d6f6 in redisplay_windows (window=...) at xdisp.c:14967
---Type <return> to continue, or q <return> to quit---
#70 0x000000000046ce76 in redisplay_internal () at xdisp.c:14443
#71 0x000000000046e493 in redisplay () at xdisp.c:13664
#72 0x000000000054451e in read_char (commandflag=0, map=..., address@hidden(0x47f8093), prev_event=XIL(0x47f8093), address@hidden, address@hidden)
    at keyboard.c:2462
#73 0x0000000000545f05 in read_key_sequence (address@hidden, prompt=..., address@hidden(0x3ada394), dont_downcase_last=<optimized out>,
    address@hidden, address@hidden, address@hidden) at keyboard.c:9082
#74 0x00000000005489be in read_key_sequence_vs (prompt=..., continue_echo=XIL(0), dont_downcase_last=..., can_return_switch_frame=XIL(0), cmd_loop=..., address@hidden)
    at keyboard.c:9777
#75 0x0000000000548a97 in Fread_key_sequence_vector (prompt=..., continue_echo=..., dont_downcase_last=..., can_return_switch_frame=..., cmd_loop=...) at keyboard.c:9858
#76 0x00000000005cf89c in funcall_subr (subr=0xcdd780 <Sread_key_sequence_vector>, address@hidden, address@hidden) at eval.c:2947
#77 0x00000000005cdc27 in Ffuncall (nargs=4, address@hidden) at eval.c:2860
#78 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=..., address@hidden(0x7ffff31fe77d), maxdepth=..., address@hidden(14), args_template=...,
    address@hidden(256), address@hidden, args=<optimized out>, address@hidden) at bytecode.c:633
#79 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff31fe74d), address@hidden, address@hidden) at eval.c:3058
#80 0x00000000005cdd80 in Ffuncall (nargs=2, address@hidden) at eval.c:2862
#81 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=..., address@hidden(0x7ffff319f95d), maxdepth=..., address@hidden(9), args_template=..., address@hidden(257),
    address@hidden, args=<optimized out>, address@hidden) at bytecode.c:633
#82 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff319f92d), address@hidden, address@hidden) at eval.c:3058
#83 0x00000000005cdd80 in Ffuncall (nargs=2, address@hidden) at eval.c:2862
#84 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=..., address@hidden(0x603b905), maxdepth=..., address@hidden(14), args_template=..., address@hidden(0),
    address@hidden, args=<optimized out>, address@hidden) at bytecode.c:633
#85 0x00000000005d0e5b in funcall_lambda (address@hidden(0x603ba45), address@hidden, address@hidden) at eval.c:3058
#86 0x00000000005cdd80 in Ffuncall (address@hidden, address@hidden) at eval.c:2862
#87 0x00000000005c91cb in Ffuncall_interactively (nargs=1, args=0x7fffffffa618) at callint.c:253
#88 0x00000000005cf71c in funcall_subr (subr=0xce4780 <Sfuncall_interactively>, address@hidden, address@hidden) at eval.c:2915
#89 0x00000000005cdc27 in Ffuncall (address@hidden, address@hidden) at eval.c:2860
#90 0x00000000005ce16c in Fapply (address@hidden, address@hidden) at eval.c:2433
#91 0x00000000005c9a0a in Fcall_interactively (function=..., record_flag=..., keys=...) at callint.c:340
#92 0x00000000005cf86a in funcall_subr (subr=0xce4740 <Scall_interactively>, address@hidden, address@hidden) at eval.c:2940
#93 0x00000000005cdc27 in Ffuncall (nargs=4, address@hidden) at eval.c:2860
#94 0x000000000060f0bb in exec_byte_code (bytestr=..., vector=..., address@hidden(0x7ffff32a25a5), maxdepth=..., address@hidden(13), args_template=...,
    address@hidden(1025), address@hidden, args=<optimized out>, address@hidden) at bytecode.c:633
#95 0x00000000005d0e5b in funcall_lambda (address@hidden(0x7ffff32a2575), address@hidden, address@hidden) at eval.c:3058
#96 0x00000000005cdd80 in Ffuncall (address@hidden, address@hidden) at eval.c:2862
#97 0x00000000005ce041 in call1 (fn=..., address@hidden(0x4020), arg1=...) at eval.c:2711
#98 0x0000000000547999 in command_loop_1 () at keyboard.c:1462
#99 0x00000000005ccded in internal_condition_case (address@hidden <command_loop_1>, handlers=..., address@hidden(0x5490), address@hidden <cmd_error>) at eval.c:1376
#100 0x0000000000537c9a in command_loop_2 (ignore=..., address@hidden(0)) at keyboard.c:1090
#101 0x00000000005ccd35 in internal_catch (tag=..., address@hidden <command_loop_2>, arg=..., address@hidden(0)) at eval.c:1139
#102 0x000000000053addd in command_loop () at keyboard.c:1069
#103 0x000000000053bcff in recursive_edit_1 () at keyboard.c:714
#104 0x000000000053c061 in Frecursive_edit () at keyboard.c:785
#105 0x0000000000534efa in main (argc=1, argv=<optimized out>) at emacs.c:1949

Lisp Backtrace:
"clear-image-cache" (0xffff0650)
"org-display-inline-images" (0xffff0a88)
"org-mode" (0xffff1020)
"set-auto-mode-0" (0xffff1308)
"set-auto-mode" (0xffff17d0)
"vc-find-revision-no-save" (0xffff1bb0)
---Type <return> to continue, or q <return> to quit---
"diff-syntax-fontify-hunk" (0xffff2130)
"diff-syntax-fontify" (0xffff23f0)
"diff--font-lock-syntax" (0xffff2788)
"font-lock-fontify-keywords-region" (0xffff2d40)
"font-lock-default-fontify-region" (0xffff30b8)
"font-lock-fontify-region" (0xffff3358)
0x1c09e20 PVEC_COMPILED
"run-hook-wrapped" (0xffff37a0)
"jit-lock--run-functions" (0xffff3ae0)
"jit-lock-fontify-now" (0xffff3ef8)
"jit-lock-function" (0xffff4248)
"redisplay_internal (C function)" (0x0)
"read-key-sequence-vector" (0xffff9970)
"read-key" (0xffff9ca0)
"yes-or-no-p" (0xffffa0a0)
"vc-revert" (0xffffa620)
"funcall-interactively" (0xffffa618)
"call-interactively" (0xffffa750)
"command-execute" (0xffffaa78)
(gdb) continue
Continuing.
warning: Watchpoint condition cannot be tested in the current scope

Thread 1 "emacs" hit Hardware watchpoint 4: -location s->f->terminal->image_cache->images[0]

Old value = (struct image *) 0x0
New value = (struct image *) 0x1f089b0
cache_image (address@hidden, address@hidden) at image.c:2044
2044      img->id = i;

The result should include the Lisp backtrace as well.  If the "print"
command above shows that images[0] is already NULL, type "bt" right
there and then, before continuing with the rest.

Each time the watchpoint breaks, type "continue" until the program
segfaults, I want to see all the cases where the image in the cache
gets nullified.

Interestingly, the segfault did not happen when I set that breakpoint and proceeded as you suggested, as you see above.

But I killed that gdb session and started again, redid steps to create and crash and got the segfault again:

(gdb) r
Starting program: /home/kmodi/downloads/git/emacs/src/emacs
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffec3ab700 (LWP 8054)]

(emacs:8050): GLib-GIO-CRITICAL **: g_settings_schema_source_lookup: assertion 'source != NULL' failed

xdisp.c:26154: Emacs fatal error: assertion failed: s->img

Thread 1 "emacs" hit Breakpoint 1, terminate_due_to_signal (address@hidden, address@hidden) at emacs.c:370
370     {
(gdb) bt
#0  terminate_due_to_signal (address@hidden, address@hidden) at emacs.c:370
#1  0x00000000005a1622 in die (address@hidden "s->img", address@hidden "xdisp.c", address@hidden) at alloc.c:7453
#2  0x00000000004378fe in fill_image_glyph_string (address@hidden) at xdisp.c:26154
#3  0x00000000004708cf in draw_glyphs (address@hidden, x=44, row=0x3c6a390, address@hidden, start=<optimized out>, address@hidden, address@hidden, hl=DRAW_NORMAL_TEXT, overlaps=0)
    at xdisp.c:26841
#4  0x0000000000474bd2 in x_write_glyphs (w=0x13fa500, updated_row=<optimized out>, start=<optimized out>, updated_area=TEXT_AREA, len=6) at xdisp.c:29042

reply via email to

[Prev in Thread] Current Thread [Next in Thread]