crash with recursive edit + mode line properties + revert-buffer

emacs-devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
crash with recursive edit + mode line properties + revert-buffer

From:	Karl Chen
Subject:	crash with recursive edit + mode line properties + revert-buffer
Date:	Fri, 31 Dec 2004 02:39:15 -0800
Hi,

I've identified a crash bug in Emacs CVS HEAD.  I can reproduce it
99% of the time.  It has something to do with recursive edits,
mode lines with properties, reverted buffers.

Steps to reproduce:

emacs -q

M-x which-func-mode RET
C-x C-f /tmp/a.el RET
;; type (paste) the following:

(defun foo ()
  (setq x 0) ; dummy code that you can step through
  (setq x (1+ x))
  (setq x (1+ x))
  (setq x (1+ x))
  (setq x (1+ x))
  (setq x (1+ x))
  (setq x (1+ x)))

M-1 C-M-x ; i.e. edebug `foo'

M-: (foo) RET ; this will jump into the debugger

SPC SPC SPC SPC ; step through a couple times

M-x revert-buffer RET yes RET


Now, after a while Emacs will crash.  Sometimes just typing a few
spaces will make it crash; sometimes you have to ESC ESC ESC
(keyboard-escape-quit) to resume debugging.  Recursing deeper with
multiple (foo) invocations seems to increase the probability of
triggering a crash with a random input event.

So it's some memory access bug.  [Aside: I tried running emacs
under valgrind and it fails in `re_compile_pattern' , then reports
"emacs: Memory exhausted--use M-x save-some-buffers then exit and
restart Emacs" and exits.  Probably the unexec mechanism is
incompatible with valgrind; I didn't investigate.]

I've verified this in CVS HEAD 2004-10-25 and later.  Emacs
21.3.1 doesn't crash using its which-func-mode.  That makes sense
since in emacs-21.3, which-func-mode doesn't use properties.
Emacs 21.3 may or may not have this crash bug.  CVS
which-func-mode isn't compatible with 21.3 so I didn't test it.
The following may be equivalently dangerous:

   (add-to-list 'mode-line-format
                '(:propertize "foo" face blue-foreground-face))


FYI from display_mode_element() in xdips.c:

                /* If the starting string has properties,
                   merge the specified ones onto the existing ones.  */
                if (! NILP (oprops) && !risky)
                  {
                    Lisp_Object tem;

                    oprops = Fcopy_sequence (oprops);
                    tem = props;
                    while (CONSP (tem))
                      {
                        oprops = Fplist_put (oprops, XCAR (tem),
                                             XCAR (XCDR (tem)));
                        tem = XCDR (XCDR (tem));
                      }
                    props = oprops;
                  }


Here is a backtrace.  It's very long but I included the whole
thing in case it's relevant.  It looks more or less the same each
time Emacs crashes.  You can see many Frecursive_edit() on the
stack and lots of elisp in between.


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1083281696 (LWP 18761)]
0x4073f2dd in bcopy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x4073f2dd in bcopy () from /lib/tls/libc.so.6
#1  0xbfff4748 in ?? ()
#2  0xbfffdbd4 in ?? ()
#3  0x081c8c4f in concat ()
#4  0x081c85d4 in Fcopy_sequence ()
#5  0x080b604f in display_mode_element ()
#6  0x080b67ce in display_mode_element ()
#7  0x080b685f in display_mode_element ()
#8  0x080b6a40 in display_mode_element ()
#9  0x080b6a40 in display_mode_element ()
#10 0x080b6a40 in display_mode_element ()
#11 0x080b5d7d in display_mode_line ()
#12 0x080b5bcb in display_mode_lines ()
#13 0x080adf18 in redisplay_window ()
#14 0x080a9e83 in redisplay_window_0 ()
#15 0x081c111e in internal_condition_case_1 ()
#16 0x080a9e20 in redisplay_windows ()
#17 0x080a92b4 in redisplay_internal ()
#18 0x080a7828 in redisplay ()
#19 0x0814a60a in read_char ()
#20 0x08153d0e in read_key_sequence ()
#21 0x08147fa0 in command_loop_1 ()
#22 0x081c0ff9 in internal_condition_case ()
#23 0x08147a7f in command_loop_2 ()
#24 0x081c0abe in internal_catch ()
#25 0x081479dd in command_loop ()
#26 0x081474ba in recursive_edit_1 ()
#27 0x081475ff in Frecursive_edit ()
#28 0x081c31a0 in Ffuncall ()
#29 0x081f77f6 in Fbyte_code ()
#30 0x081c39a4 in funcall_lambda ()
#31 0x081c33d8 in Ffuncall ()
#32 0x081f77f6 in Fbyte_code ()
#33 0x081c39a4 in funcall_lambda ()
#34 0x081c33d8 in Ffuncall ()
#35 0x081f77f6 in Fbyte_code ()
#36 0x081c39a4 in funcall_lambda ()
#37 0x081c33d8 in Ffuncall ()
#38 0x081f77f6 in Fbyte_code ()
#39 0x081c39a4 in funcall_lambda ()
#40 0x081c35ff in apply_lambda ()
#41 0x081c261e in Feval ()
#42 0x081bf9a0 in Fsetq ()
#43 0x081c2239 in Feval ()
#44 0x081c35a4 in apply_lambda ()
#45 0x081c261e in Feval ()
#46 0x081bf836 in Fprogn ()
#47 0x081c3958 in funcall_lambda ()
#48 0x081c3485 in Ffuncall ()
#49 0x081f77f6 in Fbyte_code ()
#50 0x081c39a4 in funcall_lambda ()
#51 0x081c33d8 in Ffuncall ()
#52 0x081f77f6 in Fbyte_code ()
#53 0x081c39a4 in funcall_lambda ()
#54 0x081c35ff in apply_lambda ()
#55 0x081c261e in Feval ()
#56 0x081bf836 in Fprogn ()
#57 0x081c3958 in funcall_lambda ()
#58 0x081c35ff in apply_lambda ()
#59 0x081c2725 in Feval ()
#60 0x081c31bb in Ffuncall ()
#61 0x081f77f6 in Fbyte_code ()
#62 0x081c39a4 in funcall_lambda ()
#63 0x081c33d8 in Ffuncall ()
#64 0x081c29e5 in Fapply ()
#65 0x081c2db3 in apply1 ()
#66 0x081bd84d in Fcall_interactively ()
#67 0x08155c85 in Fcommand_execute ()
#68 0x08148ff0 in command_loop_1 ()
#69 0x081c0ff9 in internal_condition_case ()
#70 0x08147a7f in command_loop_2 ()
#71 0x081c0abe in internal_catch ()
#72 0x081479dd in command_loop ()
#73 0x081474ba in recursive_edit_1 ()
#74 0x081475ff in Frecursive_edit ()
#75 0x081c31a0 in Ffuncall ()
#76 0x081f77f6 in Fbyte_code ()
#77 0x081c39a4 in funcall_lambda ()
#78 0x081c33d8 in Ffuncall ()
#79 0x081f77f6 in Fbyte_code ()
#80 0x081c39a4 in funcall_lambda ()
#81 0x081c33d8 in Ffuncall ()
#82 0x081f77f6 in Fbyte_code ()
#83 0x081c39a4 in funcall_lambda ()
#84 0x081c33d8 in Ffuncall ()
#85 0x081f77f6 in Fbyte_code ()
#86 0x081c39a4 in funcall_lambda ()
#87 0x081c35ff in apply_lambda ()
#88 0x081c261e in Feval ()
#89 0x081c35a4 in apply_lambda ()
#90 0x081c261e in Feval ()
#91 0x081bf836 in Fprogn ()
#92 0x081c3958 in funcall_lambda ()
#93 0x081c3485 in Ffuncall ()
#94 0x081f77f6 in Fbyte_code ()
#95 0x081c39a4 in funcall_lambda ()
#96 0x081c33d8 in Ffuncall ()
#97 0x081f77f6 in Fbyte_code ()
#98 0x081c39a4 in funcall_lambda ()
#99 0x081c35ff in apply_lambda ()
#100 0x081c261e in Feval ()
#101 0x081bf836 in Fprogn ()
#102 0x081c3958 in funcall_lambda ()
#103 0x081c35ff in apply_lambda ()
#104 0x081c2725 in Feval ()
#105 0x081c31bb in Ffuncall ()
#106 0x081f77f6 in Fbyte_code ()
#107 0x081c39a4 in funcall_lambda ()
#108 0x081c33d8 in Ffuncall ()
#109 0x081c29e5 in Fapply ()
#110 0x081c2db3 in apply1 ()
#111 0x081bd84d in Fcall_interactively ()
#112 0x08155c85 in Fcommand_execute ()
#113 0x08148ff0 in command_loop_1 ()
#114 0x081c0ff9 in internal_condition_case ()
#115 0x08147a7f in command_loop_2 ()
#116 0x081c0abe in internal_catch ()
#117 0x081479dd in command_loop ()
#118 0x081474ba in recursive_edit_1 ()
#119 0x081475ff in Frecursive_edit ()
#120 0x081c31a0 in Ffuncall ()
#121 0x081f77f6 in Fbyte_code ()
#122 0x081c39a4 in funcall_lambda ()
#123 0x081c33d8 in Ffuncall ()
#124 0x081f77f6 in Fbyte_code ()
#125 0x081c39a4 in funcall_lambda ()
#126 0x081c33d8 in Ffuncall ()
#127 0x081f77f6 in Fbyte_code ()
#128 0x081c39a4 in funcall_lambda ()
#129 0x081c33d8 in Ffuncall ()
#130 0x081f77f6 in Fbyte_code ()
#131 0x081c39a4 in funcall_lambda ()
#132 0x081c35ff in apply_lambda ()
#133 0x081c261e in Feval ()
#134 0x081c35a4 in apply_lambda ()
#135 0x081c261e in Feval ()
#136 0x081bf836 in Fprogn ()
#137 0x081c3958 in funcall_lambda ()
#138 0x081c3485 in Ffuncall ()
#139 0x081f77f6 in Fbyte_code ()
#140 0x081c39a4 in funcall_lambda ()
#141 0x081c33d8 in Ffuncall ()
#142 0x081f77f6 in Fbyte_code ()
#143 0x081c39a4 in funcall_lambda ()
#144 0x081c35ff in apply_lambda ()
#145 0x081c261e in Feval ()
#146 0x081bf836 in Fprogn ()
#147 0x081c3958 in funcall_lambda ()
#148 0x081c35ff in apply_lambda ()
#149 0x081c2725 in Feval ()
#150 0x081c31bb in Ffuncall ()
#151 0x081f77f6 in Fbyte_code ()
#152 0x081c39a4 in funcall_lambda ()
#153 0x081c33d8 in Ffuncall ()
#154 0x081c29e5 in Fapply ()
#155 0x081c2db3 in apply1 ()
#156 0x081bd84d in Fcall_interactively ()
#157 0x08155c85 in Fcommand_execute ()
#158 0x08148ff0 in command_loop_1 ()
#159 0x081c0ff9 in internal_condition_case ()
#160 0x08147a7f in command_loop_2 ()
#161 0x081c0abe in internal_catch ()
#162 0x081479dd in command_loop ()
#163 0x081474ba in recursive_edit_1 ()
#164 0x081475ff in Frecursive_edit ()
#165 0x081c31a0 in Ffuncall ()
#166 0x081f77f6 in Fbyte_code ()
#167 0x081c39a4 in funcall_lambda ()
#168 0x081c33d8 in Ffuncall ()
#169 0x081f77f6 in Fbyte_code ()
#170 0x081c39a4 in funcall_lambda ()
#171 0x081c33d8 in Ffuncall ()
#172 0x081f77f6 in Fbyte_code ()
#173 0x081c39a4 in funcall_lambda ()
#174 0x081c33d8 in Ffuncall ()
#175 0x081f77f6 in Fbyte_code ()
#176 0x081c39a4 in funcall_lambda ()
#177 0x081c35ff in apply_lambda ()
#178 0x081c261e in Feval ()
#179 0x081c35a4 in apply_lambda ()
#180 0x081c261e in Feval ()
#181 0x081bf836 in Fprogn ()
#182 0x081c3958 in funcall_lambda ()
#183 0x081c3485 in Ffuncall ()
#184 0x081f77f6 in Fbyte_code ()
#185 0x081c39a4 in funcall_lambda ()
#186 0x081c33d8 in Ffuncall ()
#187 0x081f77f6 in Fbyte_code ()
#188 0x081c39a4 in funcall_lambda ()
#189 0x081c35ff in apply_lambda ()
#190 0x081c261e in Feval ()
#191 0x081bf836 in Fprogn ()
#192 0x081c3958 in funcall_lambda ()
#193 0x081c35ff in apply_lambda ()
#194 0x081c2725 in Feval ()
#195 0x081c31bb in Ffuncall ()
#196 0x081f77f6 in Fbyte_code ()
#197 0x081c39a4 in funcall_lambda ()
#198 0x081c33d8 in Ffuncall ()
#199 0x081c29e5 in Fapply ()
#200 0x081c2db3 in apply1 ()
#201 0x081bd84d in Fcall_interactively ()
#202 0x08155c85 in Fcommand_execute ()
#203 0x08148ff0 in command_loop_1 ()
#204 0x081c0ff9 in internal_condition_case ()
#205 0x08147a7f in command_loop_2 ()
#206 0x081c0abe in internal_catch ()
#207 0x081479dd in command_loop ()
#208 0x081474ba in recursive_edit_1 ()
#209 0x081475ff in Frecursive_edit ()
#210 0x081c31a0 in Ffuncall ()
#211 0x081f77f6 in Fbyte_code ()
#212 0x081c39a4 in funcall_lambda ()
#213 0x081c33d8 in Ffuncall ()
#214 0x081f77f6 in Fbyte_code ()
#215 0x081c39a4 in funcall_lambda ()
#216 0x081c33d8 in Ffuncall ()
#217 0x081f77f6 in Fbyte_code ()
#218 0x081c39a4 in funcall_lambda ()
#219 0x081c33d8 in Ffuncall ()
#220 0x081f77f6 in Fbyte_code ()
#221 0x081c39a4 in funcall_lambda ()
#222 0x081c35ff in apply_lambda ()
#223 0x081c261e in Feval ()
#224 0x081c35a4 in apply_lambda ()
#225 0x081c261e in Feval ()
#226 0x081bf836 in Fprogn ()
#227 0x081c3958 in funcall_lambda ()
#228 0x081c3485 in Ffuncall ()
#229 0x081f77f6 in Fbyte_code ()
#230 0x081c39a4 in funcall_lambda ()
#231 0x081c33d8 in Ffuncall ()
#232 0x081f77f6 in Fbyte_code ()
#233 0x081c39a4 in funcall_lambda ()
#234 0x081c35ff in apply_lambda ()
#235 0x081c261e in Feval ()
#236 0x081bf836 in Fprogn ()
#237 0x081c3958 in funcall_lambda ()
#238 0x081c35ff in apply_lambda ()
#239 0x081c2725 in Feval ()
#240 0x081c31bb in Ffuncall ()
#241 0x081f77f6 in Fbyte_code ()
#242 0x081c39a4 in funcall_lambda ()
#243 0x081c33d8 in Ffuncall ()
#244 0x081c29e5 in Fapply ()
#245 0x081c2db3 in apply1 ()
#246 0x081bd84d in Fcall_interactively ()
#247 0x08155c85 in Fcommand_execute ()
#248 0x08148ff0 in command_loop_1 ()
#249 0x081c0ff9 in internal_condition_case ()
#250 0x08147a7f in command_loop_2 ()
#251 0x081c0abe in internal_catch ()
#252 0x08147a34 in command_loop ()
#253 0x081474ba in recursive_edit_1 ()
#254 0x081475ff in Frecursive_edit ()
#255 0x08145f44 in main ()


-- 
Karl 2004-12-31 01:24
[Prev in Thread]
Current Thread
[Next in Thread]
crash with recursive edit + mode line properties + revert-buffer, Karl Chen <=
Prev by Date: Re: undo in loaddefs.el buffer
Next by Date: Re: Emacs-CVS doesn't redraw correctly with gtk-2.6
Previous by thread: vc-svn.el vc-svn-diff patch: staying local when possible
Next by thread: don`t be a moron Reinaldo
Index(es):
- Date
- Thread