GNU bug report logs - #41321
27.0.91; Emacs aborts due to invalid pseudovector objects

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 25 May 2020 14:53:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 25 10:53:14 2020
Received: from localhost ([127.0.0.1]:42106 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jdETa-0004M3-8q
	for submit <at> debbugs.gnu.org; Mon, 25 May 2020 10:53:14 -0400
Received: from eggs.gnu.org ([209.51.188.92]:44654)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jdETY-0004Lq-Ip
 for 41321 <at> debbugs.gnu.org; Mon, 25 May 2020 10:53:13 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:50445)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jdETS-0003qm-Kx; Mon, 25 May 2020 10:53:06 -0400
Received: from [176.228.60.248] (port=3178 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jdETR-0002sI-Sq; Mon, 25 May 2020 10:53:06 -0400
Date: Mon, 25 May 2020 17:53:17 +0300
Message-Id: <838shgvzfm.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>, eggert@HIDDEN
In-Reply-To: <CAOqdjBdtG-24L2VsHPDZr6BKFKvCNerMvNeZEeK9Fx4Zt=-exA@HIDDEN>
 (message from Pip Cet on Mon, 25 May 2020 11:28:46 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83y2phwb9x.fsf@HIDDEN> <83r1v9w9vi.fsf@HIDDEN>
 <CAOqdjBetfK+4beScdosoduVbMfD7pmO6D0s8YamXo-K0nTkn3g@HIDDEN>
 <83mu5xw50d.fsf@HIDDEN>
 <CAOqdjBfeCNALm=S969A_9AG5Bq6q5pkSiP+DZWhrpk1QE52RkQ@HIDDEN>
 <83k110wxte.fsf@HIDDEN>
 <CAOqdjBcdbmU75ChUKAsJ8P8kf+M0ZnTCGfd2tKFi9Vo0KRyDkA@HIDDEN>
 <CAOqdjBdtG-24L2VsHPDZr6BKFKvCNerMvNeZEeK9Fx4Zt=-exA@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Mon, 25 May 2020 11:28:46 +0000
> Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
> 
> And I just noticed strings aren't aligned to LISP_ALIGNMENT on
> x86_64-pc-linux-gnu.
> 
> I think we're going to have to weaken the maybe_lisp_pointer check to
> check only for GC_ALIGNMENT.

I tend to agree.

Paul, why did we move to max_align_t as the alignment requirement?
AFAIU, GCC enlarged that recently to allow for _Float128 type (at
least on 32-bit hosts), but do we really need that?

Also, what does this mean for stack-based Lisp objects?  AFAIU, we
previously required 8-byte alignment on 32-bit hosts (and on
MS-Windows we jump through some hoops to guarantee that in callbacks
of Windows APIs and in thread functions that manipulate Lisp objects).
Does the use of max_align_t means that now stack-based Lisp objects
will need to have 16-byte alignment on 32-bit Windows?

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 25 May 2020 11:29:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 25 07:29:30 2020
Received: from localhost ([127.0.0.1]:40021 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jdBIQ-0003Aq-Lc
	for submit <at> debbugs.gnu.org; Mon, 25 May 2020 07:29:30 -0400
Received: from mail-oi1-f194.google.com ([209.85.167.194]:41338)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jdBIP-0003Ae-1x
 for 41321 <at> debbugs.gnu.org; Mon, 25 May 2020 07:29:29 -0400
Received: by mail-oi1-f194.google.com with SMTP id 23so14554512oiq.8
 for <41321 <at> debbugs.gnu.org>; Mon, 25 May 2020 04:29:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=L6WLoWtibt1bg/F/iNqL0z2qfx0Ip5ZlxIzo9j5nnA8=;
 b=gb0Qg5/9n7g+Vm7kl74dZWz6Vh/ZPN9vKpVX6/OEpvWNvjvUrt8LHMQ9F5PYaoJDOf
 NMjEkBppyah+kUPWDkvziwY8SCRstng0I8n4vwCpe9Y14vm0aOkYpN3aMySzcv+/CS/I
 TmzRicVC3TeaZjNDbR8i2mDdTVIlAaOaRxVM/Ls2L3SI+/tJ2FnJRPph67mSjZFuTRvW
 o3kQhcAola19/83KGrAJTe4Hvrg8E5JkbG3A4vWpuGLIMkcgm/mdtpTUJzdHpbk7qCy0
 Hgd5Be9r1XX5kcTf/Nrd5R1oY81GOftsrN2L/U0VpQ0IJBTYPtZPdxd1+XxNUDthVRqg
 NDOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=L6WLoWtibt1bg/F/iNqL0z2qfx0Ip5ZlxIzo9j5nnA8=;
 b=O833rhl20a/hLc3ILCdfYpFlWPCnQ/Bs8VtprHSBHBHiDB4R2w/EDUBDhOHnmhMQqh
 4RO6qt+z/2s0ehQ2hqoVFIMNCKXWHLvNTTBD4tZ/JztlJCd0OScoIsVJGLtX3z/MJTrn
 KVp20pG8pLUE5Rw3NjlyB82E7dbwfGF7EkDJN6zUURK5C0wsV4bWahCR36trUEMiZH+y
 AYWkvJqfgoYhqe1Wbhc5umwUXoLFqvniZMSRAgDdKzAJGFIPSszd2jjkzq0ZmFPKREK7
 BuWMHZfkKhstocIUM64PHcMY5dNND9yo3Ztld8fUk3RkGUtsCFgND2vB7byjMTl5KL/p
 3g9Q==
X-Gm-Message-State: AOAM532DB3fBDfaqDRDuxDua5K/ROpEd1JraYELRenBld3BOgExR4rYQ
 9P6DcomH2BaTnV68pajs//2FuoRNwWM6GmEucio=
X-Google-Smtp-Source: ABdhPJx/1B+FHM6KmiS37n+2fSstuX4ip4kPx76fTkhDTBPvAkKpTEPiNVEKCopCncvzdpNWpEdlty0V0w+v82n/I8Y=
X-Received: by 2002:a05:6808:1c8:: with SMTP id
 x8mr10546010oic.30.1590406163485; 
 Mon, 25 May 2020 04:29:23 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83y2phwb9x.fsf@HIDDEN> <83r1v9w9vi.fsf@HIDDEN>
 <CAOqdjBetfK+4beScdosoduVbMfD7pmO6D0s8YamXo-K0nTkn3g@HIDDEN>
 <83mu5xw50d.fsf@HIDDEN>
 <CAOqdjBfeCNALm=S969A_9AG5Bq6q5pkSiP+DZWhrpk1QE52RkQ@HIDDEN>
 <83k110wxte.fsf@HIDDEN>
 <CAOqdjBcdbmU75ChUKAsJ8P8kf+M0ZnTCGfd2tKFi9Vo0KRyDkA@HIDDEN>
In-Reply-To: <CAOqdjBcdbmU75ChUKAsJ8P8kf+M0ZnTCGfd2tKFi9Vo0KRyDkA@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Mon, 25 May 2020 11:28:46 +0000
Message-ID: <CAOqdjBdtG-24L2VsHPDZr6BKFKvCNerMvNeZEeK9Fx4Zt=-exA@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>, eggert@HIDDEN
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Mon, May 25, 2020 at 6:40 AM Pip Cet <pipcet@HIDDEN> wrote:
> We should also fix the (symbol-related) Emacs bug before it bites us:
> on both branches, unless we can get a mingw user to provide the output
> of "disassemble Fprog1" (and a bunch of other functions). (OTOH, we've
> already decided to keep crashable GC bugs on the emacs-27 branch).

And I just noticed strings aren't aligned to LISP_ALIGNMENT on
x86_64-pc-linux-gnu.

I think we're going to have to weaken the maybe_lisp_pointer check to
check only for GC_ALIGNMENT.

The commit that introduced this problem, for what it's worth, is
967d2c55ef3908fd378e05b2a0070663ae45f6de

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 25 May 2020 06:40:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 25 02:40:57 2020
Received: from localhost ([127.0.0.1]:39576 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jd6n9-00009R-Jw
	for submit <at> debbugs.gnu.org; Mon, 25 May 2020 02:40:56 -0400
Received: from mail-ot1-f54.google.com ([209.85.210.54]:35462)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jd6n7-00009E-LP
 for 41321 <at> debbugs.gnu.org; Mon, 25 May 2020 02:40:53 -0400
Received: by mail-ot1-f54.google.com with SMTP id 69so13139237otv.2
 for <41321 <at> debbugs.gnu.org>; Sun, 24 May 2020 23:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=j+agg+IB5QK23rRQdejmAkRr7wu9w8iCHAdNUtNB7go=;
 b=P0ydDhyZHw+cjA/EZGocUJK6dHZPKN54Uts/NqiyXhnSnXslrXSdHpCi5pqBhtDvq3
 sWzchhzuOgh7FsxgONkgS9EPjw61R5pqZ6+OK6HEPJi7EH94qTvwC2FWNf0mzDQ00eiR
 1243nnPGQsTM4b/5poLTkdbp2RRYFx37pyxFPYORYlsJFkoeqKqNSyscK9ldBSGWsDvk
 ob6+oLl0any2/WOgCVz9ubV93qq/TCXbiaIwb2NBibN2YlxEIPG3VMkRXo8w83/bB+oF
 8LKdVFeb37D3imtpI/1weiZGoXIxKwOD+SB9RUbHvUW5qzKcO4GAnK2Lg0JDhAGFd3/Q
 m9tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=j+agg+IB5QK23rRQdejmAkRr7wu9w8iCHAdNUtNB7go=;
 b=OnnGGIf4gzZyH5FVRWzcjDtFMwLzQwM3dkw6C6OU5DNzS1I9id544VBB+1qNSjlldz
 KPheYyWKhA01Axfao3FvaCNM+9CHsSQl3oEMR9r2kxoTfKUR7Q4sufE+3uMyF38HE+ui
 eSPaSL3e6Kua8Pw20dCkwtAK0zQvanUv/YpeHFm2h9CZguBTnH+SDrq2NaxaXXXmfnTz
 CqnoSpeoILGn58eURvB6VYNTSG+/gybXx9aampfhGZderR2NIqVOMT+Fk0xFdCMYAH7Y
 cdWPSJjWDC+OxEqagmfBNjMpRNIVVm3WDiQreUct5YSKzprRF3oeTUtah94nZw5ipCbM
 wiVQ==
X-Gm-Message-State: AOAM531UwyRH+XRb3qYUzGf1rbpMbKiZftasR95eI0n5kjCpoHKV/nkx
 ZcFWowJtHKP2rsudOKeNbmihX/lrPPBdnKr37A4=
X-Google-Smtp-Source: ABdhPJyUrWzsWDfS3HSJiJQ7VWaIdSeXUxdzLAu5O7xDIfrAtgrCJyrtxBm3U4hnUpKJ44nVuUoQODPCnC+7TT37jR4=
X-Received: by 2002:a9d:7a50:: with SMTP id z16mr21252998otm.292.1590388847915; 
 Sun, 24 May 2020 23:40:47 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83y2phwb9x.fsf@HIDDEN> <83r1v9w9vi.fsf@HIDDEN>
 <CAOqdjBetfK+4beScdosoduVbMfD7pmO6D0s8YamXo-K0nTkn3g@HIDDEN>
 <83mu5xw50d.fsf@HIDDEN>
 <CAOqdjBfeCNALm=S969A_9AG5Bq6q5pkSiP+DZWhrpk1QE52RkQ@HIDDEN>
 <83k110wxte.fsf@HIDDEN>
In-Reply-To: <83k110wxte.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Mon, 25 May 2020 06:40:11 +0000
Message-ID: <CAOqdjBcdbmU75ChUKAsJ8P8kf+M0ZnTCGfd2tKFi9Vo0KRyDkA@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Mon, May 25, 2020 at 2:30 AM Eli Zaretskii <eliz@HIDDEN> wrote:
> > From: Pip Cet <pipcet@HIDDEN>
> > Date: Sun, 24 May 2020 19:40:09 +0000
> > Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
> > What they show you is that memory at a certain address, which they
> > helpfully specify, isn't mapped.
> >
> > You conclude that memory at a totally different address isn't mapped,
> > even though GDB quite explicitly never says so.
> >
> > That conclusion is invalid.
> Your opinion, not mine, not yet anyway.

Maybe I'm approaching this the wrong way: What are you actually planning to do?

I think we should work around the mingw bug on both the master and
emacs-27 branches.

We should also fix the (symbol-related) Emacs bug before it bites us:
on both branches, unless we can get a mingw user to provide the output
of "disassemble Fprog1" (and a bunch of other functions). (OTOH, we've
already decided to keep crashable GC bugs on the emacs-27 branch).

And we should wait and see whether similar crashes keep happening.

What we should not do is encourage people to keep looking for another
Emacs bug based on the existing backtraces.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 25 May 2020 02:30:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 22:30:36 2020
Received: from localhost ([127.0.0.1]:39245 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jd2su-0000IB-Ga
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 22:30:36 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34174)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jd2st-0000Hz-2U
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 22:30:35 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:41338)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jd2sn-0002w8-EL; Sun, 24 May 2020 22:30:29 -0400
Received: from [176.228.60.248] (port=1382 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jd2sl-0003i5-2k; Sun, 24 May 2020 22:30:28 -0400
Date: Mon, 25 May 2020 05:30:37 +0300
Message-Id: <83k110wxte.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBfeCNALm=S969A_9AG5Bq6q5pkSiP+DZWhrpk1QE52RkQ@HIDDEN>
 (message from Pip Cet on Sun, 24 May 2020 19:40:09 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83y2phwb9x.fsf@HIDDEN> <83r1v9w9vi.fsf@HIDDEN>
 <CAOqdjBetfK+4beScdosoduVbMfD7pmO6D0s8YamXo-K0nTkn3g@HIDDEN>
 <83mu5xw50d.fsf@HIDDEN>
 <CAOqdjBfeCNALm=S969A_9AG5Bq6q5pkSiP+DZWhrpk1QE52RkQ@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Sun, 24 May 2020 19:40:09 +0000
> Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
> 
> > I use GDB every day in this very "unusual
> > environment", both when debugging Emacs and other programs.
> 
> And you've never run into GDB bugs?

Not such blatant ones, no, and not lately.

> Are you saying the bug I've found isn't "a real trouble"?

I'm saying I'm not convinced that problem has anything to do with this
particular segfault.

> What they show you is that memory at a certain address, which they
> helpfully specify, isn't mapped.
> 
> You conclude that memory at a totally different address isn't mapped,
> even though GDB quite explicitly never says so.
> 
> That conclusion is invalid.

Your opinion, not mine, not yet anyway.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 24 May 2020 19:40:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 15:40:59 2020
Received: from localhost ([127.0.0.1]:38836 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcwUV-0000ib-AD
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 15:40:59 -0400
Received: from mail-ot1-f42.google.com ([209.85.210.42]:35318)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jcwUN-0000i6-He
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 15:40:51 -0400
Received: by mail-ot1-f42.google.com with SMTP id 69so12413225otv.2
 for <41321 <at> debbugs.gnu.org>; Sun, 24 May 2020 12:40:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=SaNZTZAk2E3O2TYeOuZFzDNnTA50frPGKHaWomX1xvA=;
 b=X43FyVEzcEOQaRzGIvKrCRT2ryAyUoHajfvhFXI7ebUA7EY7ogcVjuMZgC38tQrq6j
 japlsINL69qcpPl97+Qg3sEBt8IAylBrYVTuJpS5efIHC/cvRHraHfsoNO2/++8soBsG
 8aVBGz05Fsxo7gP8aLkVDtGH53hKnpo56yp+quOJLsh5DHQNoZ3Invq/VDeW4KuGmbBU
 Rf2K5NLPBhFVkR6xesFTJ8mxxNpU1Ra4ggPyepCU+Fa3UvrIKlS09l8KZtKcOOaMAc1g
 BsX55qcaFYwgSghyU4+UQbUqlf+DeLZS2axgU861UlAplnIyNtKZ/Svc20Pa7ezgwfkW
 Q78g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=SaNZTZAk2E3O2TYeOuZFzDNnTA50frPGKHaWomX1xvA=;
 b=KIjzf/UeBGdZ+H/smk2iw41OIcEusEEyID5C1e66xVw+7guiFUxHgRsLwC0pYJ5UjD
 X7TUE5waiYBaBMiEMr25E6JqwNiCCEd3WCZ2Wy/9gC/DUiRc0JhS7vhlxBuvNSlHo2/P
 frVtCNjJlNvnOguCkOvRZ8RxdfNZVQQKjFsYR3Dw12R9Ao7TZ89BQnBg88XfHmvNblds
 b9f5dCCYGucu4UrFKlXvImsjWdtALscM2I4DBi83ZUxe2+yHm/jJYgEYI28FXBhZsMfb
 hINk/LZ0y9Ffr2H0StupKeRuDxFbUAwnVpHSkjw3rY4hz6FVdPEcWVNf7wpEu2rfu5XR
 kXqw==
X-Gm-Message-State: AOAM531MModdUA0/qdT0xiL1wuY1xd9O1lOAJVoODrmhzPEatstQG/uG
 IFpTSqo971l8RNBadO9VoNG0+BH8JhCODwV6z9U=
X-Google-Smtp-Source: ABdhPJy8KiErZokPJLEvxcIoUTikGtPpmMsloPI6tUEpOuo1HZegWBV/aIYwdaPgmF9JkKH7Hn4watafC7+7K42VrWM=
X-Received: by 2002:a05:6830:61b:: with SMTP id
 w27mr16605196oti.154.1590349245522; 
 Sun, 24 May 2020 12:40:45 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83y2phwb9x.fsf@HIDDEN> <83r1v9w9vi.fsf@HIDDEN>
 <CAOqdjBetfK+4beScdosoduVbMfD7pmO6D0s8YamXo-K0nTkn3g@HIDDEN>
 <83mu5xw50d.fsf@HIDDEN>
In-Reply-To: <83mu5xw50d.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Sun, 24 May 2020 19:40:09 +0000
Message-ID: <CAOqdjBfeCNALm=S969A_9AG5Bq6q5pkSiP+DZWhrpk1QE52RkQ@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Sun, May 24, 2020 at 6:40 PM Eli Zaretskii <eliz@HIDDEN> wrote:
> > From: Pip Cet <pipcet@HIDDEN>
> > Date: Sun, 24 May 2020 18:03:57 +0000
> > Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
> >
> > > If you still claim that I didn't demonstrate that the buffer's overlay
> > > chain got corrupted
> >
> > I do, of course. The message GDB prints simply does not say anything
> > problematic about the buffer's overlay chain.
> >
> > > as part of the bug that caused the segfault,
> > > please point out what I missed here.
> >
> > You omitted the third call to xtype, which was even more clearly
> > nonsensical: xtype was misbehaving. We don't know in which way it was
> > misbehaving. So there's no evidence either way.
> >
> > FWIW, running into gdb bugs is something that happens to me almost on
> > a regular basis. There's no point reporting those, as there's
> > generally no response. In your case, you're in an unusual environment
> > with a rather large and complicated .gdbinit file which does very
> > strange things to avoid running into GDB bugs that we know about. All
> > that increases the likelihood of your encountering a gdb bug that no
> > one else has, or that has been reported but never responded to.
>
> I don't buy this, sorry.

So you think there's a second bug, located in Emacs, which causes GDB,
which isn't supposed to be broken by anything the debuggee does, to be
broken and respond in nonsensical ways?

> I use GDB every day in this very "unusual
> environment", both when debugging Emacs and other programs.

And you've never run into GDB bugs?

> The
> probability of these being due to some bug in GDB or in .gdbinit
> commands is very low, as I and others use them all the time.

I'm perfectly willing to help you trace down this bug (in GDB or
.gdbinit; we've already found the bug in mingw and the one in Emacs)
if it serves any purpose, but I suspect you don't have the time.

But I can't conceive of an explanation in which a bug in Emacs could
cause a bug-free GDB to respond in the nonsensical way your last
invocation of xtype did.

> It is much more probable that the commands I've shown are signs of a real
> trouble in Emacs and not in GDB.

Are you saying the bug I've found isn't "a real trouble"? I'm curious
as to what trouble you're imagining.

> I'm not willing to disregard what
> those commands show me because they don't match your theory.

What they show you is that memory at a certain address, which they
helpfully specify, isn't mapped.

You conclude that memory at a totally different address isn't mapped,
even though GDB quite explicitly never says so.

That conclusion is invalid.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 24 May 2020 19:10:26 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 15:10:26 2020
Received: from localhost ([127.0.0.1]:38747 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcw0w-0008Nu-GZ
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 15:10:26 -0400
Received: from mail-ot1-f51.google.com ([209.85.210.51]:34752)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jcw0g-0008NL-Gn
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 15:10:25 -0400
Received: by mail-ot1-f51.google.com with SMTP id b18so12375748oti.1
 for <41321 <at> debbugs.gnu.org>; Sun, 24 May 2020 12:10:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=gPnSx2BsHkjdX0KbbiptYAXmiMn5SNbKDMldjRQH+2s=;
 b=gg6jGpLEqlNPEieSYjf3qhEaeFyWeOEPT/FgWkQxJjnv7JuY5qag0KpiV9qrtoynx2
 QCLwxo/69Eo3Dg6exfDkozMsWyRoZlIDu19GUDWAULNPt+VJF0ooiwev9/0WyGwkycsT
 9V8/bhPqKjyWJy91Hjb3UpTmpoCpPKCaTc29+3FRm7tTqQcVkse/JuO3w5Vkl6D/BhGF
 eUlh8UMCy6frqtvyGR38H2KHRlTqW2XTcBvEGbybG6IrKfX5QgLOGiDCsiX+mibQwnjy
 R/IrlA/IFE2pMehztfV2T7Hfjh6NYRWAEjCQPD/GhNP1sz0/QQUdzXGBP5Rv/XwPj4KX
 IFGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=gPnSx2BsHkjdX0KbbiptYAXmiMn5SNbKDMldjRQH+2s=;
 b=Z32lPMHvhyKDGwcr2vvGMld/AvRo/0mzdGA/tDlvsbWv/JB19vUwchQcDPakRjomaD
 xHEbuHh+90pUuYMCoqNaIP3wloKmrvL9161aBF8ir1cIE9E6UXS1WqMkzrIdghdAgwcU
 /4uraPZwJQCdjOeAQ5BzFPKQJM2R+ReHKWFJCUkqmzDP96GhIo794pLtBkd4l0LSAVak
 Yn813aIkDdmkPZvRUbcy4HWBdqF9vhADUa4pu0mD8paPLnOQn7hyeY/h7uDg10jKRprL
 nK9Qb2z2bMwPRTTilOHDby2t1QzXwS6xfzF4RjOQm3lG/sBh2mAxapKtiIjNlyF88i0r
 k5kw==
X-Gm-Message-State: AOAM531LZcHBskDbJGmR2XBGi5uLN7/fRpDGyU1Jh7AuhX8HE9QwnhS5
 D/mgYea8fDPafBz+FT95WUUR1tdzSoIA+r+7RyA=
X-Google-Smtp-Source: ABdhPJxySqqSQk3yC+570zDliVSOIfCLi5w+98gsCVple0kAC1X+DSl7Q06a0wJogtue9rfMZxZj5+LWfw0IFRgHkKk=
X-Received: by 2002:a05:6830:61b:: with SMTP id
 w27mr16538372oti.154.1590347404985; 
 Sun, 24 May 2020 12:10:04 -0700 (PDT)
MIME-Version: 1.0
References: <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83zha8cgpi.fsf@HIDDEN> <86tv05noov.fsf@HIDDEN>
In-Reply-To: <86tv05noov.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Sun, 24 May 2020 19:09:28 +0000
Message-ID: <CAOqdjBdvMr=nX-290HY5JHYWeh+oO1OEHQkFs8RYci2rhd2VKw@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Andy Moreton <andrewjmoreton@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Sun, May 24, 2020 at 7:01 PM Andy Moreton <andrewjmoreton@HIDDEN> wrote:
> > So your flavor is even more broken than what Debian ships? That's
> > interesting, which flavor is it?
>
> FYI, there are two separate projects:
>   mingw.org: 32bit only.
>   mingw-w64: 32bit and 64bit, using a different C runtime.
>
> On my machine a simple test program shows:
>
> --------------------------------------------------------------
>   project     gcc     cpu   alignof(max_align_t)
> --------------------------------------------------------------
> mingw.org   9.2.0    i686   16
> mingw-w64  10.1.0    i686   16 (stdint.h before stddef.h)
>                              8 (stdint.h after  stddef.h)
> mingw-w64  10.1.0  x86_64   16
> --------------------------------------------------------------

Thanks!

> This problem only appears with the 32bit mingw-w64 toolchain.

FWIW, the problem is that the incorrect value of 16 is returned in
some cases. All 32bit toolchains appear to be broken. I said that
mingw.org was "more broken" than mingw-w64 because it _always_ returns
the incorrect value, rather than doing so only for an unfortunate
combination of #includes.

> Eli uses the mingw.org toolchain. Linux distros initially used
> mingw.org, but switched to mingw-w64 cross compilers several years ago.

I couldn't get the mingw.org toolchain to work at all...

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 24 May 2020 19:00:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 15:00:29 2020
Received: from localhost ([127.0.0.1]:38739 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcvrJ-000877-Af
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 15:00:29 -0400
Received: from lists.gnu.org ([209.51.188.17]:41216)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <geb-bug-gnu-emacs@HIDDEN>)
 id 1jcvrH-000870-Tq
 for submit <at> debbugs.gnu.org; Sun, 24 May 2020 15:00:28 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34876)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <geb-bug-gnu-emacs@HIDDEN>)
 id 1jcvrH-0000vu-Jd
 for bug-gnu-emacs@HIDDEN; Sun, 24 May 2020 15:00:27 -0400
Received: from ciao.gmane.io ([159.69.161.202]:56466)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <geb-bug-gnu-emacs@HIDDEN>)
 id 1jcvrG-0002RB-H0
 for bug-gnu-emacs@HIDDEN; Sun, 24 May 2020 15:00:27 -0400
Received: from list by ciao.gmane.io with local (Exim 4.92)
 (envelope-from <geb-bug-gnu-emacs@HIDDEN>)
 id 1jcvrB-000KNS-Ro
 for bug-gnu-emacs@HIDDEN; Sun, 24 May 2020 21:00:21 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: bug-gnu-emacs@HIDDEN
From: Andy Moreton <andrewjmoreton@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
Date: Sun, 24 May 2020 20:00:16 +0100
Message-ID: <86tv05noov.fsf@HIDDEN>
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
Mime-Version: 1.0
Content-Type: text/plain
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (windows-nt)
Cancel-Lock: sha1:ChM2o76/gfGWWPTrWwWh2kJVeu4=
Received-SPF: pass client-ip=159.69.161.202;
 envelope-from=geb-bug-gnu-emacs@HIDDEN; helo=ciao.gmane.io
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/24 13:37:56
X-ACL-Warn: Detected OS   = Linux 2.2.x-3.x [generic] [fuzzy]
X-Spam_score_int: 3
X-Spam_score: 0.3
X-Spam_bar: /
X-Spam_report: (0.3 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001,
 FORGED_GMAIL_RCVD=1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001,
 HEADER_FROM_DIFFERENT_DOMAINS=0.249, NML_ADSP_CUSTOM_MED=0.9, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-Spam-Score: 0.1 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.9 (/)

On Sun 24 May 2020, Pip Cet wrote:

> On Sun, May 24, 2020 at 2:24 PM Eli Zaretskii <eliz@HIDDEN> wrote:
>> > From: Pip Cet <pipcet@HIDDEN>
>> > Date: Sat, 23 May 2020 23:54:17 +0000
>> > Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
>> >
>> > I think I've worked it out: it's this mingw bug:
>> > https://sourceforge.net/p/mingw-w64/bugs/778/
>>
>> Thank you for working on this tricky problem.
>>
>> FTR, I don't use that flavor of MinGW.
>
> So your flavor is even more broken than what Debian ships? That's
> interesting, which flavor is it?

FYI, there are two separate projects:
  mingw.org: 32bit only.
  mingw-w64: 32bit and 64bit, using a different C runtime.

On my machine a simple test program shows:

--------------------------------------------------------------
  project     gcc     cpu   alignof(max_align_t)
--------------------------------------------------------------
mingw.org   9.2.0    i686   16
mingw-w64  10.1.0    i686   16 (stdint.h before stddef.h)
                             8 (stdint.h after  stddef.h)
mingw-w64  10.1.0  x86_64   16
--------------------------------------------------------------

This problem only appears with the 32bit mingw-w64 toolchain.

Eli uses the mingw.org toolchain. Linux distros initially used
mingw.org, but switched to mingw-w64 cross compilers several years ago.

    AndyM

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 24 May 2020 18:40:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 14:40:39 2020
Received: from localhost ([127.0.0.1]:38707 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcvY7-0007XI-0O
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 14:40:39 -0400
Received: from eggs.gnu.org ([209.51.188.92]:54040)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jcvXz-0007Wv-MH
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 14:40:38 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:35980)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jcvXu-0008QH-2w; Sun, 24 May 2020 14:40:26 -0400
Received: from [176.228.60.248] (port=4283 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jcvXt-0007t3-Fi; Sun, 24 May 2020 14:40:25 -0400
Date: Sun, 24 May 2020 21:40:34 +0300
Message-Id: <83mu5xw50d.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBetfK+4beScdosoduVbMfD7pmO6D0s8YamXo-K0nTkn3g@HIDDEN>
 (message from Pip Cet on Sun, 24 May 2020 18:03:57 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83y2phwb9x.fsf@HIDDEN> <83r1v9w9vi.fsf@HIDDEN>
 <CAOqdjBetfK+4beScdosoduVbMfD7pmO6D0s8YamXo-K0nTkn3g@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Sun, 24 May 2020 18:03:57 +0000
> Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
> 
> > If you still claim that I didn't demonstrate that the buffer's overlay
> > chain got corrupted
> 
> I do, of course. The message GDB prints simply does not say anything
> problematic about the buffer's overlay chain.
> 
> > as part of the bug that caused the segfault,
> > please point out what I missed here.
> 
> You omitted the third call to xtype, which was even more clearly
> nonsensical: xtype was misbehaving. We don't know in which way it was
> misbehaving. So there's no evidence either way.
> 
> FWIW, running into gdb bugs is something that happens to me almost on
> a regular basis. There's no point reporting those, as there's
> generally no response. In your case, you're in an unusual environment
> with a rather large and complicated .gdbinit file which does very
> strange things to avoid running into GDB bugs that we know about. All
> that increases the likelihood of your encountering a gdb bug that no
> one else has, or that has been reported but never responded to.

I don't buy this, sorry.  I use GDB every day in this very "unusual
environment", both when debugging Emacs and other programs.  The
probability of these being due to some bug in GDB or in .gdbinit
commands is very low, as I and others use them all the time.  It is
much more probable that the commands I've shown are signs of a real
trouble in Emacs and not in GDB.  I'm not willing to disregard what
those commands show me because they don't match your theory.  I prefer
facts.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 24 May 2020 18:04:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 14:04:41 2020
Received: from localhost ([127.0.0.1]:38650 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcuzI-0006f9-Qw
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 14:04:41 -0400
Received: from mail-ot1-f51.google.com ([209.85.210.51]:38603)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jcuzI-0006ew-3J
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 14:04:40 -0400
Received: by mail-ot1-f51.google.com with SMTP id o13so12300935otl.5
 for <41321 <at> debbugs.gnu.org>; Sun, 24 May 2020 11:04:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=AadenALC9XcefOWndGXdd48cEQ8Zm9n2scqMnBtIHuk=;
 b=TI/D2Wc4vPSRXkstjbv/bUPQNw3eWUFuoMi+osmo4suX2g3LQWogrI6DxyeReTS6Oz
 nAGUIAm7p07LHbNepyVeW5VEGfJ7e5wrp203dWehk1uFePyt1kfBENOqQuEJ3rSyL1mF
 uPQBF1qM6pQgLOzsVV0H+RjEdyxKmrXXmRXR37G1oU+TH213y3QTmpv3OQ+4asII4vMu
 nR2F6OikR6/ldh6tCEG4Ly2t5DpBFJoTJ5btUObfXhK2FVCfjrxuLjFnapfTMW7w53DZ
 oVRC59WSDxnvghDP0aMX5xH3w9KGYoojGCWWw2WudznIk1Ajp8H3wKobHwHKt6jKUp9b
 CxCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=AadenALC9XcefOWndGXdd48cEQ8Zm9n2scqMnBtIHuk=;
 b=mjKVTc85ziCqjcdZ2j35k1R1LLIQ/6bH9oVzZOgD2ZyS/+wwB6Z7xLvgbamNRWq25F
 AJFlfuUMubBL6AuTAZPFRlZOaSAJLuBEjNuirUME+PRlYnACY88ThxGV07YkwBTKfaKY
 RC4YW91fCsTcLMbB2DtIxyvEnA+Bmpfp1xADRcaMwOPobtee2hlwwMta3i9qZ4SN2xYs
 7uJJmgK/uk7p9gKN+EdSBa98ZGTjrjh5IeHqxhm9PQPbRb1jPa3VAxnLBpR5nI1EckvC
 83g1C0EGyvN9JVZg2ChUsd77g45/pyC3o3GkPpVzy9kyzbEtJsrBOax8/iTgzZUO20gM
 ToOA==
X-Gm-Message-State: AOAM531db1rOdJLNNN1cRK+yGP4fcid+kSuT+5Gr5dDQStmwcHcLLHYV
 JBu1KeADJjL2vqprKPQ+qMlD/6sgu53alkTYZQE=
X-Google-Smtp-Source: ABdhPJz4ho4WHuXhRDBVvs7UftLYjDKijmcxlGTY1qJiSQuXyJDIEqOV594EyqLTCYgmf0K+6Naxb0ve5TxhT+9Ib1c=
X-Received: by 2002:a05:6830:61b:: with SMTP id
 w27mr16381061oti.154.1590343474468; 
 Sun, 24 May 2020 11:04:34 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83y2phwb9x.fsf@HIDDEN> <83r1v9w9vi.fsf@HIDDEN>
In-Reply-To: <83r1v9w9vi.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Sun, 24 May 2020 18:03:57 +0000
Message-ID: <CAOqdjBetfK+4beScdosoduVbMfD7pmO6D0s8YamXo-K0nTkn3g@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Sun, May 24, 2020 at 4:55 PM Eli Zaretskii <eliz@HIDDEN> wrote:
> And here's a reminder from how the same looked in the session that> segfaulted:
>
>   (gdb) p current_buffer->overlays_before
>   $28 = (struct Lisp_Overlay *) 0x170cb080
>   (gdb) p $28->start
>   $29 = XIL(0xa0000000170cb040)
>   (gdb) xtype
>   Lisp_Vectorlike
>   Cannot access memory at address 0x18ac04f8

That should read "Cannot access memory at address 0x170cb080". It
doesn't. It doesn't tell you whether the memory at page 0x170cb000 is
mapped, because gdb, for whatever reason (a bug in .gdbinit, a bug in
gdb, some weird command entered at the gdb prompt before the
transcript started, or even, as you yourself suggested, somehow as the
result of the memory corruption that caused the crash), looked in the
wrong place.

Instead, it tells you that the page at 0x18ac0000 isn't mapped. Which we knew.

>   (gdb) p $28->next
>   $30 = (struct Lisp_Overlay *) 0x13050320
>   (gdb) p $28->next->start
>   $31 = XIL(0xa000000016172310)
>   (gdb) xtype
>   Lisp_Vectorlike
>   Cannot access memory at address 0x18ac04f8

Same here. It should read "Cannot access memory at address 0x16172310".

> If you still claim that I didn't demonstrate that the buffer's overlay
> chain got corrupted

I do, of course. The message GDB prints simply does not say anything
problematic about the buffer's overlay chain.

> as part of the bug that caused the segfault,
> please point out what I missed here.

You omitted the third call to xtype, which was even more clearly
nonsensical: xtype was misbehaving. We don't know in which way it was
misbehaving. So there's no evidence either way.

FWIW, running into gdb bugs is something that happens to me almost on
a regular basis. There's no point reporting those, as there's
generally no response. In your case, you're in an unusual environment
with a rather large and complicated .gdbinit file which does very
strange things to avoid running into GDB bugs that we know about. All
that increases the likelihood of your encountering a gdb bug that no
one else has, or that has been reported but never responded to.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 24 May 2020 16:55:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 12:55:34 2020
Received: from localhost ([127.0.0.1]:38560 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jctuQ-0002sR-C5
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 12:55:34 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47158)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jctuO-0002sE-QT
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 12:55:33 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34503)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jctuJ-0008B1-4L; Sun, 24 May 2020 12:55:27 -0400
Received: from [176.228.60.248] (port=1793 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jctuD-0007VW-EI; Sun, 24 May 2020 12:55:25 -0400
Date: Sun, 24 May 2020 19:55:29 +0300
Message-Id: <83r1v9w9vi.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: pipcet@HIDDEN
In-Reply-To: <83y2phwb9x.fsf@HIDDEN> (message from Eli Zaretskii on Sun, 24
 May 2020 19:25:14 +0300)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 <83y2phwb9x.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> Date: Sun, 24 May 2020 19:25:14 +0300
> From: Eli Zaretskii <eliz@HIDDEN>
> Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
> 
> > > I still very much doubt that this has anything to do with stack
> > > marking during GC, since I've shown in my backtrace that
> > > current_buffer->overlays_before points to an overlay with invalid
> > > markers.
> > 
> > You haven't.
> 
> Of course, I have.

Here's how healthy overlays look in a healthy buffer:

  (gdb) p current_buffer->overlays_after
  $10 = (struct Lisp_Overlay *) 0x0
  (gdb) p current_buffer->overlays_before
  $11 = (struct Lisp_Overlay *) 0x7728258
  (gdb) p $11->start
  $12 = XIL(0xa000000007728218)
  (gdb) xtype
  Lisp_Vectorlike
  PVEC_MARKER
  (gdb) xmarker
  $13 = (struct Lisp_Marker *) 0x7728218
  (gdb) p *$
  $14 = {
    header = {
      size = 1124081664
    },
    buffer = 0x728fc38,
    need_adjustment = 0,
    insertion_type = 0,
    next = 0x765eae8,
    charpos = 13968,
    bytepos = 13968
  }
  (gdb) p $11->next
  $15 = (struct Lisp_Overlay *) 0x0

And here's a reminder from how the same looked in the session that
segfaulted:

  (gdb) p current_buffer->overlays_before
  $28 = (struct Lisp_Overlay *) 0x170cb080
  (gdb) p $28->start
  $29 = XIL(0xa0000000170cb040)
  (gdb) xtype
  Lisp_Vectorlike
  Cannot access memory at address 0x18ac04f8
  (gdb) p $28->next
  $30 = (struct Lisp_Overlay *) 0x13050320
  (gdb) p $28->next->start
  $31 = XIL(0xa000000016172310)
  (gdb) xtype
  Lisp_Vectorlike
  Cannot access memory at address 0x18ac04f8
  (gdb) p current_buffer->overlays_after
  $32 = (struct Lisp_Overlay *) 0x0
  (gdb) p $28->next->next
  $33 = (struct Lisp_Overlay *) 0x0

If you still claim that I didn't demonstrate that the buffer's overlay
chain got corrupted as part of the bug that caused the segfault,
please point out what I missed here.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 24 May 2020 16:25:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 12:25:13 2020
Received: from localhost ([127.0.0.1]:38505 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jctR3-00027z-D9
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 12:25:13 -0400
Received: from eggs.gnu.org ([209.51.188.92]:44740)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jctR2-00027m-1C
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 12:25:12 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34167)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jctQw-0002qO-Ac; Sun, 24 May 2020 12:25:06 -0400
Received: from [176.228.60.248] (port=3660 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jctQu-0002e0-KH; Sun, 24 May 2020 12:25:05 -0400
Date: Sun, 24 May 2020 19:25:14 +0300
Message-Id: <83y2phwb9x.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
 (message from Pip Cet on Sun, 24 May 2020 15:00:36 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
 <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Sun, 24 May 2020 15:00:36 +0000
> Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> 
> > FTR, I don't use that flavor of MinGW.
> 
> So your flavor is even more broken than what Debian ships?

Why _more_ broken?

> That's interesting, which flavor is it?

mingw.org's MinGW.

> > Isn't that strange?  Lisp data is allocated via lmalloc, AFAIK, and
> > lmalloc is supposed to guarantee LISP_ALIGNMENT alignment.  Or am I
> > missing something?
> 
> No, it relies on the compile-time constants and never checks.

So that is the bug to fix, no?

> > I still very much doubt that this has anything to do with stack
> > marking during GC, since I've shown in my backtrace that
> > current_buffer->overlays_before points to an overlay with invalid
> > markers.
> 
> You haven't.

Of course, I have.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 24 May 2020 15:01:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 11:01:22 2020
Received: from localhost ([127.0.0.1]:38472 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcs7t-0000EH-VC
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 11:01:22 -0400
Received: from mail-ot1-f50.google.com ([209.85.210.50]:36184)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jcs7r-0000E1-NY
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 11:01:20 -0400
Received: by mail-ot1-f50.google.com with SMTP id h7so12092809otr.3
 for <41321 <at> debbugs.gnu.org>; Sun, 24 May 2020 08:01:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=HHje3StXqblbWj6o2C9lFSZcqQEWFY7CuVzKH9Y/MwE=;
 b=EQL1XPeePTMm44Ymk+TkRdiVyesYNUUQMUwwvSyRJAM94w0mKNqTomLaaFbo/1Rivh
 k9xU4xOrz7LFY5JrDqGDgEL6BRL+g/Nh3KhSFjLa0ySd66iYrzeEwOPKXeKYzJhCA8Sz
 hfDH0XfgsQZg1avgsuXzhg7mZl5m1joN8StIEsEGuD65wDGS72wn+SL6HVzn1lKjtNzT
 IdtQN0JW4VgFS+O7GWwcUTjerE+J6b1EiEYMZQVUckGXbhRteONsipldhfAjGLk3oWL9
 53ufy1yjRzXhadb4McuMEZBTIVJfCTUcGfYZGum72pam9CI6JwkBvYc/9vm2Y86Ftluu
 T7fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=HHje3StXqblbWj6o2C9lFSZcqQEWFY7CuVzKH9Y/MwE=;
 b=U/sMIpR9ZvTpws3CjxyBT8nyWa8uznJFD6IVahdXjclcR3875padXLAXDOuIrQy8eS
 bRdOE4W6Svn79pT672K+o/YSq2SXqTuxGWLZrSNHHge1uTsbFFSPfGEhxL6APDPmBbyX
 wzSwGASZZzwA9cwRmT60lLEdwgaeKNOr4Taeu+p+3s5Q7lBHeAPDkObU0A/0Ic51cMq5
 +taYu3uxITXTCJHV2AZzZtlbjOS6Q+6QcPumEqTeBASq698yN/L1BEpx/5JWGwLiilJA
 BqESOamPSvxk8/AcwDjOTyBYCl6ibWj2zeEX7JRE9f2JQVlb3/eUY+6X9z9rRVFS7tkJ
 1Szw==
X-Gm-Message-State: AOAM532VO2QpZtNOhDlM+82aB9ssrUDMsGlxC3LBfvrfYfzBCtuB+q96
 G9MpBeFGbufIL+VbY59r+Xf3jeFxHeYC8N9QYsxCek0gLUo=
X-Google-Smtp-Source: ABdhPJy7i/Um9c4AGo6I3e6eKlq8dRmPrzIDRqV03KKLblyTBCCgsp6MsRDmuPpkWmtMGXAC/vdrte4rI/vp/JLIypE=
X-Received: by 2002:a05:6830:61b:: with SMTP id
 w27mr15901947oti.154.1590332473029; 
 Sun, 24 May 2020 08:01:13 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 <83h7w5xvfa.fsf@HIDDEN>
In-Reply-To: <83h7w5xvfa.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Sun, 24 May 2020 15:00:36 +0000
Message-ID: <CAOqdjBcg+Uaqp3=UUxjNEcO7fSWMLevmv55YbYJU2ZOhDaKbJA@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Sun, May 24, 2020 at 2:24 PM Eli Zaretskii <eliz@HIDDEN> wrote:
> > From: Pip Cet <pipcet@HIDDEN>
> > Date: Sat, 23 May 2020 23:54:17 +0000
> > Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> >
> > I think I've worked it out: it's this mingw bug:
> > https://sourceforge.net/p/mingw-w64/bugs/778/
>
> Thank you for working on this tricky problem.
>
> FTR, I don't use that flavor of MinGW.

So your flavor is even more broken than what Debian ships? That's
interesting, which flavor is it?

> > On mingw, if <stdint.h> is included before/instead of stddef.h,
> > alignof (max_align_t) == 16.
>
> The problem with the order of inclusion doesn't exist in my header
> files, so alignof (max_align_t) is always 16.

Okay, so that is our bug.

> > However, as can be seen by the backtrace
> > above, Eli's malloc only returned an 8-byte-aligned block.
>
> Isn't that strange?  Lisp data is allocated via lmalloc, AFAIK, and
> lmalloc is supposed to guarantee LISP_ALIGNMENT alignment.  Or am I
> missing something?

No, it relies on the compile-time constants and never checks.

The relevant code is:

enum { MALLOC_IS_LISP_ALIGNED = alignof (max_align_t) % LISP_ALIGNMENT == 0 };

static bool
laligned (void *p, size_t size)
{
  return (MALLOC_IS_LISP_ALIGNED || (intptr_t) p % LISP_ALIGNMENT == 0
      || size % LISP_ALIGNMENT != 0);
}

... so laligned is a constant "true" function on your machine, since
alignof (max_align_t) is 16 and LISP_ALIGNMENT is 16.

static void *
lmalloc (size_t size, bool clearit)
{
#ifdef USE_ALIGNED_ALLOC
  if (! MALLOC_IS_LISP_ALIGNED && size % LISP_ALIGNMENT == 0)
    {
      void *p = aligned_alloc (LISP_ALIGNMENT, size);
      if (clearit && p)
    memclear (p, size);
      return p;
    }
#endif

  while (true)
    {
      void *p = clearit ? calloc (1, size) : malloc (size);
      if (laligned (p, size))
    return p;
      free (p);
      size_t bigger = size + LISP_ALIGNMENT;
      if (size < bigger)
    size = bigger;
    }
}

That optimizes down to returning the malloc/calloc return value directly.

IOW, alloc.c relies on malloc() being max_align_t-aligned, and never
checks, not even in debug builds. That's something that needs to be
fixed, since broken-malloc environments such as yours exist.

> > That's not normally a problem, because mark_maybe_object doesn't
> > care about alignment; but in conjunction with the gcc behavior
> > change, we rely or mark_maybe_pointer to mark the pointer, and it
> > doesn't, because the pointer is not aligned to a LISP_ALIGNMENT =
> > 16-byte boundary.
>
> I still very much doubt that this has anything to do with stack
> marking during GC, since I've shown in my backtrace that
> current_buffer->overlays_before points to an overlay with invalid
> markers.

You haven't.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 24 May 2020 14:24:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 24 10:24:43 2020
Received: from localhost ([127.0.0.1]:38417 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcrYR-0007l9-96
	for submit <at> debbugs.gnu.org; Sun, 24 May 2020 10:24:43 -0400
Received: from eggs.gnu.org ([209.51.188.92]:36132)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jcrYQ-0007ky-3A
 for 41321 <at> debbugs.gnu.org; Sun, 24 May 2020 10:24:42 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:60876)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jcrYK-00066X-Q2; Sun, 24 May 2020 10:24:36 -0400
Received: from [176.228.60.248] (port=4136 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jcrYK-0007t9-95; Sun, 24 May 2020 10:24:36 -0400
Date: Sun, 24 May 2020 17:24:41 +0300
Message-Id: <83h7w5xvfa.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
 (message from Pip Cet on Sat, 23 May 2020 23:54:17 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Sat, 23 May 2020 23:54:17 +0000
> Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> 
> I think I've worked it out: it's this mingw bug:
> https://sourceforge.net/p/mingw-w64/bugs/778/

Thank you for working on this tricky problem.

FTR, I don't use that flavor of MinGW.

> On mingw, if <stdint.h> is included before/instead of stddef.h,
> alignof (max_align_t) == 16.

The problem with the order of inclusion doesn't exist in my header
files, so alignof (max_align_t) is always 16.

> However, as can be seen by the backtrace
> above, Eli's malloc only returned an 8-byte-aligned block.

Isn't that strange?  Lisp data is allocated via lmalloc, AFAIK, and
lmalloc is supposed to guarantee LISP_ALIGNMENT alignment.  Or am I
missing something?

> That's not normally a problem, because mark_maybe_object doesn't
> care about alignment; but in conjunction with the gcc behavior
> change, we rely or mark_maybe_pointer to mark the pointer, and it
> doesn't, because the pointer is not aligned to a LISP_ALIGNMENT =
> 16-byte boundary.

I still very much doubt that this has anything to do with stack
marking during GC, since I've shown in my backtrace that
current_buffer->overlays_before points to an overlay with invalid
markers.  And GC always marks buffer's overlays (and thus their
markers), as can be seen in mark_buffer.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 23 May 2020 23:55:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 23 19:55:02 2020
Received: from localhost ([127.0.0.1]:36052 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcdyn-00013X-U9
	for submit <at> debbugs.gnu.org; Sat, 23 May 2020 19:55:02 -0400
Received: from mail-ot1-f49.google.com ([209.85.210.49]:41818)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jcdyl-00013J-AO
 for 41321 <at> debbugs.gnu.org; Sat, 23 May 2020 19:55:00 -0400
Received: by mail-ot1-f49.google.com with SMTP id 63so11234624oto.8
 for <41321 <at> debbugs.gnu.org>; Sat, 23 May 2020 16:54:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=nNMERfQAzD6KoLPSM2yvIapughRDq7+jStSuuDJNfAk=;
 b=uSMmBamnj/Cb7TbE1hMw8LsCdQgr1c2DOO+ZAIE8w1Ai49Ty6SGOtgNhkisawEjNI8
 YKN9FPrFftqblQJ808U1FDcarKz/jrsj6nU8/XcFemxCKF5rszIOmULaaaWSOk1/T1en
 fftn4ummsT66ApaCbSeShY1OKJZAGFBUb4WdePS+MDqA7aFwA298DnofcAvGmBOCZ2eM
 ggFHUwdNkG29Yt+I5g6JvS7ngYd6paJMXIqVbds9MOSzvd4/dZVKt8tJwqU6jWtqbjRl
 7YN1z2Bk4TMOQljm1u4vpvhvCj8U18fTDwjdhbxJIAw1lewO5XzzvtN5+jP389o+ky7E
 0kQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=nNMERfQAzD6KoLPSM2yvIapughRDq7+jStSuuDJNfAk=;
 b=eQiTJjx5nHCqe3mTo6/E0jjU0JbyKGRBHJAtT0XdorXSlMNW7HcrsZVzytToBPKDsl
 Xi+x2K+uYFcJ7LUeSN+CnGj/8Bq8/92APF0X5c4WZ0VmnMyE9H73WkkmAnjPa2/hv02i
 aUl4hAkYaHkcQebNLHnMVmKNafX1KUtULi662CqpQ4QKeRIp6t2aCYQQRXWWClxaXVbh
 tM1i6DpQl9WBJ0vpeyrRc3Hah1rG+9zVECLUQhI5dSSi+zm1bPuKsm8FyDSrsiFIONsP
 qzmX9mas8sJBVgQDaqiLSfXoMxD7eoR82VjsQR6TBGcfYLnJhckzO5RPbEpeaYvMZsqu
 8+aQ==
X-Gm-Message-State: AOAM530VCaZnnYdNhsK1n+rQmwEFHrW3mKZxWaoM37GURDXHs031Iwju
 o5mD0N13fXlF06Uzx4pofKfp25SHJF2sDRXm+dw=
X-Google-Smtp-Source: ABdhPJx9uoU1tJZFt74Bz8I3C+wzbgHX02E6C+IuuOUkDKmQfhPtt2L6z8UuI1aj/Q/86RVtLkaxYKkmGoygYoR/vZo=
X-Received: by 2002:a05:6830:61b:: with SMTP id
 w27mr13946665oti.154.1590278093620; 
 Sat, 23 May 2020 16:54:53 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
In-Reply-To: <831rncjuwf.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Sat, 23 May 2020 23:54:17 +0000
Message-ID: <CAOqdjBeAFGTKgBOYSEBzRxFqVL+DOWFkVva4OohCOq2iAa1iEw@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: multipart/mixed; boundary="000000000000dd5c7505a6597855"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--000000000000dd5c7505a6597855
Content-Type: text/plain; charset="UTF-8"

On Fri, May 22, 2020 at 7:22 AM Eli Zaretskii <eliz@HIDDEN> wrote:
>   #0  PSEUDOVECTORP (code=<optimized out>, a=<optimized out>) at lisp.h:1720
>   #1  MARKERP (x=<optimized out>) at lisp.h:2618
>   #2  CHECK_MARKER (x=XIL(0xa000000018ac0518)) at marker.c:133
>   #3  0x010f073c in Fmarker_position (marker=XIL(0xa000000018ac0518))
>       at marker.c:452

I think I've worked it out: it's this mingw bug:
https://sourceforge.net/p/mingw-w64/bugs/778/

On mingw, if <stdint.h> is included before/instead of stddef.h,
alignof (max_align_t) == 16. However, as can be seen by the backtrace
above, Eli's malloc only returned an 8-byte-aligned block. That's not
normally a problem, because mark_maybe_object doesn't care about
alignment; but in conjunction with the gcc behavior change, we rely or
mark_maybe_pointer to mark the pointer, and it doesn't, because the
pointer is not aligned to a LISP_ALIGNMENT = 16-byte boundary.

Brute-force patch attached until we can work out how to fix this properly.

--000000000000dd5c7505a6597855
Content-Type: text/x-patch; charset="US-ASCII"; 
	name="0001-Accept-unaligned-pointers-in-maybe_lisp_pointer.patch"
Content-Disposition: attachment; 
	filename="0001-Accept-unaligned-pointers-in-maybe_lisp_pointer.patch"
Content-Transfer-Encoding: base64
Content-ID: <f_kakafz8k0>
X-Attachment-Id: f_kakafz8k0

RnJvbSBhYmI3OWJmMzM2MjJiNGU4NDA3NTY1YWI4ZTgyNzcxYjZhMzU5NDVlIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBQaXAgQ2V0IDxwaXBjZXRAZ21haWwuY29tPgpEYXRlOiBTYXQs
IDIzIE1heSAyMDIwIDIzOjUxOjU1ICswMDAwClN1YmplY3Q6IFtQQVRDSF0gQWNjZXB0IHVuYWxp
Z25lZCBwb2ludGVycyBpbiBtYXliZV9saXNwX3BvaW50ZXIKCiogc3JjL2FsbG9jLmMgKG1heWJl
X2xpc3BfcG9pbnRlcik6IERvbid0IHJlcXVpcmUgcG9pbnRlcnMgYmUgYWxpZ25lZAogIHRvIGEg
TElTUF9BTElHTk1FTlQgYm91bmRhcnksIGFzIHRoaXMgaXMgZmFsc2Ugb24gbWluZ3cgYnVpbGRz
LgotLS0KIHNyYy9hbGxvYy5jIHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCsp
LCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL2FsbG9jLmMgYi9zcmMvYWxsb2MuYwpp
bmRleCAxYzZiNjY0YjIyLi44NmU4MWNkMWY2IDEwMDY0NAotLS0gYS9zcmMvYWxsb2MuYworKysg
Yi9zcmMvYWxsb2MuYwpAQCAtNDU5NCw3ICs0NTk0LDcgQEAgbWFya19tYXliZV9vYmplY3RzIChM
aXNwX09iamVjdCBjb25zdCAqYXJyYXksIHB0cmRpZmZfdCBuZWx0cykKIHN0YXRpYyBib29sCiBt
YXliZV9saXNwX3BvaW50ZXIgKHZvaWQgKnApCiB7Ci0gIHJldHVybiAodWludHB0cl90KSBwICUg
TElTUF9BTElHTk1FTlQgPT0gMDsKKyAgcmV0dXJuICh1aW50cHRyX3QpIHAgJSBHQ19BTElHTk1F
TlQgPT0gMDsKIH0KIAogLyogSWYgUCBwb2ludHMgdG8gTGlzcCBkYXRhLCBtYXJrIHRoYXQgYXMg
bGl2ZSBpZiBpdCBpc24ndCBhbHJlYWR5Ci0tIAoyLjI3LjAucmMwCgo=
--000000000000dd5c7505a6597855--

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 23 May 2020 23:26:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 23 19:26:20 2020
Received: from localhost ([127.0.0.1]:36038 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcdX2-0000OX-MU
	for submit <at> debbugs.gnu.org; Sat, 23 May 2020 19:26:20 -0400
Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:31785)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <monnier@HIDDEN>) id 1jcdX0-0000OK-Ho
 for 41321 <at> debbugs.gnu.org; Sat, 23 May 2020 19:26:19 -0400
Received: from pmg2.iro.umontreal.ca (localhost.localdomain [127.0.0.1])
 by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id ECD7080ACA;
 Sat, 23 May 2020 19:26:12 -0400 (EDT)
Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 4EB73806C9;
 Sat, 23 May 2020 19:26:11 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1590276371;
 bh=qEQ6paaPSLqQuT65VhRFvN0kArzeK79CUfJj6bGGa5k=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=fceitrq0Y92h9SY/GCVCVePRs1d2FtcBTmocgTapoMBdqlzBtEj7BX+bXz6KIY2rM
 rPZwk3PFffrWvcdByJaB9hTKB6XgMn6EkXoJJYHn/FxC6LJDFhWGeCTRljqd/mnXKh
 uvjY4GEEAydg31HpqtaZSj385cZ2DFphp7efXTaZwkZkFvd6Udzt0I2yOAIm2hrUWz
 ZqO3qAef2aXqEjOMFmew1OHjcOGzOnQlDsIG7IZ73paaY/T3+pVgZHIm4lF38lUcL/
 V0MSyZKaAlU/ci875ZYpVCbBLzRi1Ydk3+LutazQJA3i6SaHNXuFXppZdxQ8XqugD+
 mgLTIC0mZ82ow==
Received: from alfajor (unknown [216.154.27.250])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id BC41A1202C1;
 Sat, 23 May 2020 19:26:10 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
Subject: Re: bug#41321: 27.0.91; Emacs aborts due to invalid pseudovector
 objects
Message-ID: <jwv367qjktv.fsf-monnier+emacs@HIDDEN>
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
 <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
 <83blmg2ggi.fsf@HIDDEN> <xjfpnawvxru.fsf@HIDDEN>
 <834ks73i8n.fsf@HIDDEN>
 <CAOqdjBdpU4U1NqErNH0idBmUxNeE3fL=2=KKpo9kbCM3DhW5gA@HIDDEN>
 <xjfblmev8hw.fsf@HIDDEN> <jwvh7w6jn4j.fsf-monnier+emacs@HIDDEN>
 <CAOqdjBcw68E5vFSwDJzU1cZ7JXr5gK29ZAiMzAXWkvsZvfKL5w@HIDDEN>
Date: Sat, 23 May 2020 19:26:09 -0400
In-Reply-To: <CAOqdjBcw68E5vFSwDJzU1cZ7JXr5gK29ZAiMzAXWkvsZvfKL5w@HIDDEN>
 (Pip Cet's message of "Sat, 23 May 2020 22:41:41 +0000")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-SPAM-INFO: Spam detection results:  0
 ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
 AWL -0.094 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
X-SPAM-LEVEL: 
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: Eli Zaretskii <eliz@HIDDEN>, 41321 <at> debbugs.gnu.org,
 Andrea Corallo <akrl@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

>> This shouldn't be a problem: wide-int builds use MSB tagging, so all
>> Lisp_Objects which contain a pointer have their lowest 32bits exactly
>> identical to that pointer (and the higher 32bits just contain the tag).
> As I said, I don't believe that's true for symbols.  Qnil is always
> binary 0, so we offset all symbols by the offset of lispsym.

Oh, right, good point: I had completely forgotten about that "detail".
We should probably adjust our conservative stack scanning accordingly.


        Stefan

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 23 May 2020 22:42:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 23 18:42:25 2020
Received: from localhost ([127.0.0.1]:35962 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jccqW-0007mC-O6
	for submit <at> debbugs.gnu.org; Sat, 23 May 2020 18:42:24 -0400
Received: from mail-oi1-f171.google.com ([209.85.167.171]:45893)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jccqV-0007lz-8g
 for 41321 <at> debbugs.gnu.org; Sat, 23 May 2020 18:42:23 -0400
Received: by mail-oi1-f171.google.com with SMTP id d191so12587049oib.12
 for <41321 <at> debbugs.gnu.org>; Sat, 23 May 2020 15:42:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=UDbETsv8N0mgA+ZWqfvLhXOpWfS3oFkkGOkAMUq+vMU=;
 b=cFmA1qEr77WEBVEoFt98Lut2kOQg7fPae5gQGkPd6ydLDbluoVtJ70JzZo8l5OZ2Va
 fN6O+8nfyn/jmn/7ZUUYfWV6fI8VIxGRH1i8qXo5xICRdNTpiPt2a3ZOTbRSojt6s4Ci
 jkPvavNXTJ8w+PaxfQrhlk54VWynBpPNC+WSp+iDzcbpqb6mOzxe3Qyxfm0HtNE5oTIq
 HFiO0Np9N9bByS+ZCMsd/twqnR6P/SGibWTfQOzKdi8We0mUnatGB3G47fncvvy3+LzR
 iCbqVS1rJxmtwJuxKErHlSIB2bLGjrrNetHDhMURNyNO1NjFXcHlfYqFgKTMWDDtAbr+
 Zlsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=UDbETsv8N0mgA+ZWqfvLhXOpWfS3oFkkGOkAMUq+vMU=;
 b=DF3+w8+N2HC4UKMrkWIq7eIWqgk3lSLn2/YbFHr/ofQlrZ8hY1b/71fsK6hO5B2+on
 LUkN5fNFwJyDODrAQyZRBSaEIbaInyj08VLBQDAp2bcRaeFvKNdiuApSfCNSldcA0OgE
 Za4unSQeS2pDjFR5LOjFbdXj53MovIx0kOWGjK9Ug/0DXNFmx/1w6aIsOm1+4bfaQB7X
 vpXUQUy+1EA2g7taGpbvL0+VBGbT0CcPK86BMGpWtQkBxs8z/oVHSYe8YnQsJCYq1m5c
 39VY0Zfl7oJk0LoCTrs/pYznOx+baSNdq+KOBojvz7m0YYFl+fBo+G1T8iS8FgH4cB16
 ckLA==
X-Gm-Message-State: AOAM5314YClDEuzOir9cKhzv1TSr9UcUTfUpvln0dkfsFs0FZrUAaChI
 buKw2+MEBVwPx6fHDiXat9tCsj0PtrLy9cgl/Q4=
X-Google-Smtp-Source: ABdhPJyos2JyGbFquf8w0BXCF/5mxsCWAq1kQmJt5rtVTUW+UwspL+TLhmyRqnckTuQGEYgPOP5x8lMSBKh74DrsK6o=
X-Received: by 2002:aca:b708:: with SMTP id h8mr5590372oif.122.1590273737555; 
 Sat, 23 May 2020 15:42:17 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
 <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
 <83blmg2ggi.fsf@HIDDEN> <xjfpnawvxru.fsf@HIDDEN> <834ks73i8n.fsf@HIDDEN>
 <CAOqdjBdpU4U1NqErNH0idBmUxNeE3fL=2=KKpo9kbCM3DhW5gA@HIDDEN>
 <xjfblmev8hw.fsf@HIDDEN> <jwvh7w6jn4j.fsf-monnier+emacs@HIDDEN>
In-Reply-To: <jwvh7w6jn4j.fsf-monnier+emacs@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Sat, 23 May 2020 22:41:41 +0000
Message-ID: <CAOqdjBcw68E5vFSwDJzU1cZ7JXr5gK29ZAiMzAXWkvsZvfKL5w@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Stefan Monnier <monnier@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: Eli Zaretskii <eliz@HIDDEN>, 41321 <at> debbugs.gnu.org,
 Andrea Corallo <akrl@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Sat, May 23, 2020 at 10:38 PM Stefan Monnier
<monnier@HIDDEN> wrote:
> >> If I'm reading this correctly, it's of some concern for wide-int
> >> builds: the two 32-bit halves of a Lisp_Object are stored
> >> non-consecutively.
>
> This shouldn't be a problem: wide-int builds use MSB tagging, so all
> Lisp_Objects which contain a pointer have their lowest 32bits exactly
> identical to that pointer (and the higher 32bits just contain the tag).

As I said, I don't believe that's true for symbols. Qnil is always
binary 0, so we offset all symbols by the offset of lispsym.

> So we'll find them in the stack even if the two halves are separate
> simply because the pointer-part will be found like any other pointer.

Yes, that's what I meant to say when I said it should still work for
pseudovectors.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 23 May 2020 22:38:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 23 18:38:08 2020
Received: from localhost ([127.0.0.1]:35954 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jccmN-0007ft-SN
	for submit <at> debbugs.gnu.org; Sat, 23 May 2020 18:38:08 -0400
Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:19837)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <monnier@HIDDEN>) id 1jccmM-0007fP-DQ
 for 41321 <at> debbugs.gnu.org; Sat, 23 May 2020 18:38:06 -0400
Received: from pmg3.iro.umontreal.ca (localhost [127.0.0.1])
 by pmg3.iro.umontreal.ca (Proxmox) with ESMTP id 8DA2D4407FD;
 Sat, 23 May 2020 18:38:00 -0400 (EDT)
Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg3.iro.umontreal.ca (Proxmox) with ESMTP id 3832B4407F2;
 Sat, 23 May 2020 18:37:59 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1590273479;
 bh=FPMRLv9toaweRuDL/u+txoAyq0unkBm1OIG1NsThiAw=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=oMRnIsCxpzmA1cjvrYYOaaYp2efaZuislaE261csaXWe2IdrONiVydyg+txUea4G2
 A5sXcWr7aQmrRthBqafLZKGoPbW/k+DDoArriMSUN9LJMnVc3ilSmScgdE14VV1fvb
 1hNtG78vrT+W9lRSZBzMfRGBRHWmCwwvcF5KXGu9DOLsZZlRu28JYSU4BvBGLsrK/m
 Q48RKng5gOEVn68JlolSij5NYuLMUiEMaSB3IaEGHf61jyy6IZANfpi+xYGFPFbWYD
 nyX7dyA8TWW1KATjWmk1R5wJ9sODyMnr80KOVa7ICk2z4kxyVyyHOL3Jt+/qnNReZ/
 sNFquDgWLVtPQ==
Received: from alfajor (unknown [216.154.27.250])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id E5E3B1203C7;
 Sat, 23 May 2020 18:37:58 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Andrea Corallo <akrl@HIDDEN>
Subject: Re: bug#41321: 27.0.91; Emacs aborts due to invalid pseudovector
 objects
Message-ID: <jwvh7w6jn4j.fsf-monnier+emacs@HIDDEN>
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
 <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
 <83blmg2ggi.fsf@HIDDEN> <xjfpnawvxru.fsf@HIDDEN>
 <834ks73i8n.fsf@HIDDEN>
 <CAOqdjBdpU4U1NqErNH0idBmUxNeE3fL=2=KKpo9kbCM3DhW5gA@HIDDEN>
 <xjfblmev8hw.fsf@HIDDEN>
Date: Sat, 23 May 2020 18:37:57 -0400
In-Reply-To: <xjfblmev8hw.fsf@HIDDEN> (Andrea Corallo's message of "Sat, 23
 May 2020 17:58:19 +0000")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-SPAM-INFO: Spam detection results:  0
 ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
 AWL -0.099 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
X-SPAM-LEVEL: 
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: Eli Zaretskii <eliz@HIDDEN>, 41321 <at> debbugs.gnu.org,
 Pip Cet <pipcet@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

>> If I'm reading this correctly, it's of some concern for wide-int
>> builds: the two 32-bit halves of a Lisp_Object are stored
>> non-consecutively.

This shouldn't be a problem: wide-int builds use MSB tagging, so all
Lisp_Objects which contain a pointer have their lowest 32bits exactly
identical to that pointer (and the higher 32bits just contain the tag).
So we'll find them in the stack even if the two halves are separate
simply because the pointer-part will be found like any other pointer.


        Stefan

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 23 May 2020 17:58:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 23 13:58:22 2020
Received: from localhost ([127.0.0.1]:35487 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcYPe-00078N-1Z
	for submit <at> debbugs.gnu.org; Sat, 23 May 2020 13:58:22 -0400
Received: from mx.sdf.org ([205.166.94.20]:51382)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <akrl@HIDDEN>) id 1jcYPc-00078G-RJ
 for 41321 <at> debbugs.gnu.org; Sat, 23 May 2020 13:58:21 -0400
Received: from sdf.org (ma.sdf.org [205.166.94.33])
 by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 04NHwKDk016404
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO);
 Sat, 23 May 2020 17:58:20 GMT
Received: (from akrl@localhost)
 by sdf.org (8.15.2/8.12.8/Submit) id 04NHwJ44024688;
 Sat, 23 May 2020 17:58:19 GMT
From: Andrea Corallo <akrl@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
 <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
 <83blmg2ggi.fsf@HIDDEN> <xjfpnawvxru.fsf@HIDDEN>
 <834ks73i8n.fsf@HIDDEN>
 <CAOqdjBdpU4U1NqErNH0idBmUxNeE3fL=2=KKpo9kbCM3DhW5gA@HIDDEN>
Date: Sat, 23 May 2020 17:58:19 +0000
In-Reply-To: <CAOqdjBdpU4U1NqErNH0idBmUxNeE3fL=2=KKpo9kbCM3DhW5gA@HIDDEN>
 (Pip Cet's message of "Sat, 23 May 2020 07:00:56 +0000")
Message-ID: <xjfblmev8hw.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: Eli Zaretskii <eliz@HIDDEN>, 41321 <at> debbugs.gnu.org,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Pip Cet <pipcet@HIDDEN> writes:

> I believe this isn't the problem we're looking for, but it might be
> related anyway.
>
> I'm seeing this in the assembler source code for insdel.c produced
> with the mingw cross compiler (i686-w64-mingw32-gcc-win32):
>
>     movl    60(%esp), %eax
>     movl    %eax, (%esp)
>     movl    72(%esp), %eax
>     movl    %eax, 4(%esp)
>     call    _Fmarker_position
> If I'm reading this correctly, it's of some concern for wide-int
> builds: the two 32-bit halves of a Lisp_Object are stored
> non-consecutively.
>
> Our stack marking doesn't catch that; at least, it doesn't for
> symbols, where the less-significant half isn't a valid pointer. For
> pseudovectors, things should still work...
>
> So I think we have a problem with such --wide-int builds in cases
> where a stack temporary holds an unpinned uninterned symbol while GC
> is called. Something like
>
> (prog1
>   (gensym)
>   (garbage-collect))
>
> might trigger it. No problem with gcc -m32 on GNU/Linux, for some reason.

Very interesting.  AFAIK there's no guarantees for the compiler to spill
a DI reg in adjacent memory.  Also reading the GC code your observation
seems correct to me.

-- 
akrl@HIDDEN

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 23 May 2020 07:01:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 23 03:01:39 2020
Received: from localhost ([127.0.0.1]:33284 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcOA7-0000tY-AC
	for submit <at> debbugs.gnu.org; Sat, 23 May 2020 03:01:39 -0400
Received: from mail-ot1-f42.google.com ([209.85.210.42]:39184)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jcOA6-0000tH-0V
 for 41321 <at> debbugs.gnu.org; Sat, 23 May 2020 03:01:38 -0400
Received: by mail-ot1-f42.google.com with SMTP id d7so9988150ote.6
 for <41321 <at> debbugs.gnu.org>; Sat, 23 May 2020 00:01:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=UrsnNwMdDVHQTKouDaFJPgR27evs4tXwmX3mzrRdwCU=;
 b=iIXPZHB+1gZEcLq2nP7HWYVNSEDGpZuehSDqmsZgHRfjHy1isMafe1ynLwGkfeblcd
 Bz7mnVFvIuzGKBXYCocvRWMumKuV/7E+XcqBS9VmYpcnMBFv+QUj+U3zOBpkWcjmhYce
 pEKjatBwq1h4zm0PqoSgyzqmEXnBrkS54r2uFDS02hWSX1oa7BguKuTmeSF4Tsktmt1l
 BXKq6NrCW0aJWiwGeDZrDbzJSgr78vL3S1k4duxlOWkr0bxYyDam/4wz2ktsFPFE6AAn
 YLiTz/Uw4npRGlNaYPwXpx2jPP7Iyqo0hzpBflHlKF0H1P0ub4lMGM978OfYdUc+BVhy
 aePQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=UrsnNwMdDVHQTKouDaFJPgR27evs4tXwmX3mzrRdwCU=;
 b=ksbFeAjR0nuqFcRuZn1DVlxiW+PgOgxsxvhpG+YeB0KQMU78FD+HYM0d7A6mAVVEHE
 lJHKsHtZKXnU9jJVnRDOCTKzFnXfTaEdRiJav1gc8QXMoEo1qOSX2wIXPcOiLMZEgYW3
 U3JYUplsxAqM774IGzvA+GxVM3zIdfJbgIEWVDl93dij/m1k1hUFZolWoSkr87qHurh+
 RDW9wytXFOLIySZIjCo1xrenWnTeV9kLwbSPR0KvR9eU6lKEXW5kLuu22H1MHW9KSa5U
 WPO1nLKt1gCn1qPQJkeTPWhCHZEr9fGzObLzDBiHZpm5XObdBwEzzb+0qS6oQ8bWpX00
 DndQ==
X-Gm-Message-State: AOAM533RJ7HZdJyZsJhhjWCHDZ1XRN0EwMLUvqdrTqWtJJYxpy2h4To1
 pFNHqAwaCmS25IvBxvohyjcHM9EJEC24T8JdYDA=
X-Google-Smtp-Source: ABdhPJx9eThXRX5A52Qed+W+z3NAWlaEm7p1ZnnKuI4ZpfDAHol7f4dypB78dkREIT/F1/7tf591vN+GjHtLLUAXWOI=
X-Received: by 2002:a9d:7a50:: with SMTP id z16mr14538447otm.292.1590217292166; 
 Sat, 23 May 2020 00:01:32 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
 <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
 <83blmg2ggi.fsf@HIDDEN> <xjfpnawvxru.fsf@HIDDEN> <834ks73i8n.fsf@HIDDEN>
In-Reply-To: <834ks73i8n.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Sat, 23 May 2020 07:00:56 +0000
Message-ID: <CAOqdjBdpU4U1NqErNH0idBmUxNeE3fL=2=KKpo9kbCM3DhW5gA@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>,
 Andrea Corallo <akrl@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

I believe this isn't the problem we're looking for, but it might be
related anyway.

I'm seeing this in the assembler source code for insdel.c produced
with the mingw cross compiler (i686-w64-mingw32-gcc-win32):

    movl    60(%esp), %eax
    movl    %eax, (%esp)
    movl    72(%esp), %eax
    movl    %eax, 4(%esp)
    call    _Fmarker_position
If I'm reading this correctly, it's of some concern for wide-int
builds: the two 32-bit halves of a Lisp_Object are stored
non-consecutively.

Our stack marking doesn't catch that; at least, it doesn't for
symbols, where the less-significant half isn't a valid pointer. For
pseudovectors, things should still work...

So I think we have a problem with such --wide-int builds in cases
where a stack temporary holds an unpinned uninterned symbol while GC
is called. Something like

(prog1
  (gensym)
  (garbage-collect))

might trigger it. No problem with gcc -m32 on GNU/Linux, for some reason.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 19:03:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 15:03:10 2020
Received: from localhost ([127.0.0.1]:60402 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jcCwn-0004Dn-S0
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 15:03:10 -0400
Received: from eggs.gnu.org ([209.51.188.92]:50292)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jcCwl-0004Da-N2
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 15:03:08 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:54850)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jcCwe-0004KF-TJ; Fri, 22 May 2020 15:03:00 -0400
Received: from [176.228.60.248] (port=2243 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jcCwe-0002e8-4c; Fri, 22 May 2020 15:03:00 -0400
Date: Fri, 22 May 2020 22:03:04 +0300
Message-Id: <834ks73i8n.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Andrea Corallo <akrl@HIDDEN>
In-Reply-To: <xjfpnawvxru.fsf@HIDDEN> (message from Andrea Corallo on Fri, 22
 May 2020 14:40:05 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
 <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
 <83blmg2ggi.fsf@HIDDEN> <xjfpnawvxru.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN, pipcet@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Andrea Corallo <akrl@HIDDEN>
> Cc: Pip Cet <pipcet@HIDDEN>, 41321 <at> debbugs.gnu.org,
>         monnier@HIDDEN
> Date: Fri, 22 May 2020 14:40:05 +0000
> 
> > I see this on two different systems where Emacs was compiled with two
> > different versions of GCC.  So if you want to see the disassembly, any
> > 32-bit GCC will do, I think.
> 
> I believe the triplet can make a difference given the calling convention
> can change no?  Also CFLAGS are clearly a factor.

My CFLAGS are in my original report of this bug.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 14:40:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 10:40:10 2020
Received: from localhost ([127.0.0.1]:59989 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc8qI-0001qb-Gg
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 10:40:10 -0400
Received: from mx.sdf.org ([205.166.94.20]:64235)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <akrl@HIDDEN>) id 1jc8qF-0001qM-2K
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 10:40:09 -0400
Received: from sdf.org (ma.sdf.org [205.166.94.33])
 by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 04MEe5MD000016
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO);
 Fri, 22 May 2020 14:40:06 GMT
Received: (from akrl@localhost)
 by sdf.org (8.15.2/8.12.8/Submit) id 04MEe5L7018251;
 Fri, 22 May 2020 14:40:05 GMT
From: Andrea Corallo <akrl@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
 <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
 <83blmg2ggi.fsf@HIDDEN>
Date: Fri, 22 May 2020 14:40:05 +0000
In-Reply-To: <83blmg2ggi.fsf@HIDDEN> (Eli Zaretskii's message of "Fri, 22 May
 2020 17:26:53 +0300")
Message-ID: <xjfpnawvxru.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN, Pip Cet <pipcet@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

>> From: Pip Cet <pipcet@HIDDEN>
>> Date: Fri, 22 May 2020 14:04:03 +0000
>> Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
>> 
>> I don't think posting the disassembled code for
>> `signal_before_change' can hurt, since there's no easy way for
>> anyone else to reproduce it.
>
> I see this on two different systems where Emacs was compiled with two
> different versions of GCC.  So if you want to see the disassembly, any
> 32-bit GCC will do, I think.

I believe the triplet can make a difference given the calling convention
can change no?  Also CFLAGS are clearly a factor.

-- 
akrl@HIDDEN

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 14:26:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 10:26:56 2020
Received: from localhost ([127.0.0.1]:59961 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc8dU-0001W7-Ds
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 10:26:56 -0400
Received: from eggs.gnu.org ([209.51.188.92]:48606)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jc8dT-0001Vv-8a
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 10:26:55 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:49249)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jc8dN-0000c1-Jn; Fri, 22 May 2020 10:26:49 -0400
Received: from [176.228.60.248] (port=1196 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jc8dM-0005Li-PD; Fri, 22 May 2020 10:26:49 -0400
Date: Fri, 22 May 2020 17:26:53 +0300
Message-Id: <83blmg2ggi.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
 (message from Pip Cet on Fri, 22 May 2020 14:04:03 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
 <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Fri, 22 May 2020 14:04:03 +0000
> Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> 
> I don't think posting the disassembled code for
> `signal_before_change' can hurt, since there's no easy way for
> anyone else to reproduce it.

I see this on two different systems where Emacs was compiled with two
different versions of GCC.  So if you want to see the disassembly, any
32-bit GCC will do, I think.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 14:04:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 10:04:58 2020
Received: from localhost ([127.0.0.1]:59922 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc8I2-0000xl-PF
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 10:04:58 -0400
Received: from mail-oi1-f172.google.com ([209.85.167.172]:34196)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jc8I1-0000xY-Ee
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 10:04:45 -0400
Received: by mail-oi1-f172.google.com with SMTP id w4so9411465oia.1
 for <41321 <at> debbugs.gnu.org>; Fri, 22 May 2020 07:04:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=YQFPxd60jkr+tIVaDYyLX4LXmqKGH/tymvJyhkS4i/0=;
 b=f+z+BF2KSk6EpctT+BVFATQ2iGh2zfKEhhiIKcXX/b0LdQrOlUfPARP6PdxPKkOhxn
 vqEdDiRErbdOmu8gIrBqoNd1UbbwwiwcdNOD23dIC77Z1eGB/WkS94DZ+HjqPMUMbEbt
 tcmfQO02jgLP2Azt2cZU6DpKHXYAW9bC27K89w5e8CWhotfGMTlZgIjaeZrDqlU2kKU7
 lUQ9Zcu/crvhSrDh+iH5Ic9Db7yazsIiV+0pTw+oVlYURQMMGO2PBugJvv64/3jlxsMi
 ikdOkxDOKrsSvy+qgqojU8Tu86VRF1EZyfPEP9A98Lh6772AfdCt8e77VeLSYRPsN9aA
 D1CA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=YQFPxd60jkr+tIVaDYyLX4LXmqKGH/tymvJyhkS4i/0=;
 b=dsB7nlLpRSs5Urp4RSGaYsm7I1qmTTXno49rwaHFis9gP+QJlKyjjFCTFxoNbj4NDa
 ICeGHNRp0KxqNu3XiRwFbEi+FxN2ccFEc04oQwQ7QYRrKOrDGfh1Rns2i7ZoHkO/3frh
 +6p1mYYtI3OeZG1dEvXnj27hogujNuvTz2F+fVFprxjjpOeBfjeatsVBV71otWCdubCX
 q9XEn1iu2s+ERZD1CDRq9cR+7n31X4dx3/vgcI6/gBk0dkkPHIe4Dh1QN5odGci1mf+i
 T9dvzc/qphO9mGNdMSjXgAqqa0J6urVyKwdXaKqiiT4uFNuZivHrs+XHHb3VEcv4KsdJ
 bSCQ==
X-Gm-Message-State: AOAM532vOWp+q/MsPkLqMwyPq+5Bv1bhHU9pgGNrd6eBd6urv21c2spu
 3OSHz3jS/wzjbb3JtoIx1PSSPCjEvLxRgihoEy0=
X-Google-Smtp-Source: ABdhPJxqbjVBfVWA7z/2wlB3nAARmoWZPULTSvKCjWsmzMerhOq++xnMFWFiACqoMN5S9g3grvauucqwg0YRAy6PIxE=
X-Received: by 2002:aca:c6d3:: with SMTP id w202mr2869083oif.44.1590156279735; 
 Fri, 22 May 2020 07:04:39 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 <83lflk2l07.fsf@HIDDEN>
In-Reply-To: <83lflk2l07.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Fri, 22 May 2020 14:04:03 +0000
Message-ID: <CAOqdjBf_D34Fa5QUhDqk70y98Nn=qbb4Bp7jAYbw9W7kpfTWaA@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Fri, May 22, 2020 at 12:48 PM Eli Zaretskii <eliz@HIDDEN> wrote:
> > From: Pip Cet <pipcet@HIDDEN>
> > Date: Fri, 22 May 2020 12:39:27 +0000
> > Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> >
> > > Sorry, I don't follow.  "xtype" shows the type of the last result,
> > > AFAIK, in this case the type of $29.  If this changed somehow, either
> > > we have a bug in .gdbinit or I have been using GDB incorrectly for I
> > > don't know how many years.
> >
> > I think it's most likely to be a GDB bug, and I can't reproduce it here.
> >
> > But it's definitely trying to access memory at address 0x18ac04f8,
> > which corresponds to start_marker.
>
> My interpretation of that equality was that both start_marker and the
> buffer's overlay chain git invalidated because some code relocated
> objects and unmapped the previously referenced memory, perhaps due to
> GC.  I don't yet have an explanation for how this could happen, so
> maybe this hypothesis is wrong.

I think it has to be, because the error message would then read
"Cannot access memory at address 0x170cb040", which is the only
address xvectype is supposed to look at.

> But I very much doubt there's such a blatant bug in GDB: this is the
> latest GDB 9.1, and I'm using these commands from .gdbinit all the
> time.  I tend to think this is somehow part of the bug that caused the
> crash.

I'm not sure how it could be. I don't think posting the disassembled
code for `signal_before_change' can hurt, since there's no easy way
for anyone else to reproduce it.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 12:55:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 08:55:25 2020
Received: from localhost ([127.0.0.1]:58398 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc7Cv-0007KX-94
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 08:55:25 -0400
Received: from mx.sdf.org ([205.166.94.20]:64295)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <akrl@HIDDEN>) id 1jc7Cs-0007KK-BA
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 08:55:24 -0400
Received: from sdf.org (ma.sdf.org [205.166.94.33])
 by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 04MCtIhl010140
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO);
 Fri, 22 May 2020 12:55:19 GMT
Received: (from akrl@localhost)
 by sdf.org (8.15.2/8.12.8/Submit) id 04MCtIe1028316;
 Fri, 22 May 2020 12:55:18 GMT
From: Andrea Corallo <akrl@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN> <xjfy2pkwems.fsf@HIDDEN>
 <835zco44f0.fsf@HIDDEN>
Date: Fri, 22 May 2020 12:55:18 +0000
In-Reply-To: <835zco44f0.fsf@HIDDEN> (Eli Zaretskii's message of "Fri, 22 May
 2020 14:04:03 +0300")
Message-ID: <xjftv08w2mh.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN, pipcet@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

>> From: Andrea Corallo <akrl@HIDDEN>
>> Cc: pipcet@HIDDEN, Stefan Monnier <monnier@HIDDEN>,
>>         41321 <at> debbugs.gnu.org
>> Date: Fri, 22 May 2020 08:35:55 +0000
>> 
>> I'be curious of the outcome if you had a look to your 'garbage_collect'
>> assembly to investigate the possible relation with 41357 as suggested
>> here
>> https://lists.gnu.org/archive/html/bug-gnu-emacs/2020-05/msg01095.html
>
> Sorry, I'm not sure I understand what you mean by the above.  Did you
> mean whether I disassembled garbage_collect and looked at the code?

Yes, should be quick to see if callee-save regs are pushed.

> However, given the latest findings, I now doubt even more that the
> issue you identified can have any relation to this problem.  As seen
> by the backtrace I've shown in my last message, the buffer's overlay
> list has invalid overlay objects at the point of the crash.  The 2
> pointers to the overlay lists of a buffer are unconditionally marked
> in mark_buffer, so I don't see how problems in GC with Lisp objects in
> registers could interfere in this case.  Am I missing something?

Not that I'm aware, I'm no expert of the piece of code you are looking
at and haven't investigated into.  Was just a 'cheap' idea to exclude a
potential problem from the table.

  Andrea

-- 
akrl@HIDDEN

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 12:48:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 08:48:49 2020
Received: from localhost ([127.0.0.1]:58385 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc76T-0007AL-Nf
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 08:48:49 -0400
Received: from eggs.gnu.org ([209.51.188.92]:37344)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jc76R-0007A6-Kp
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 08:48:44 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47611)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jc76M-0007Lx-6D; Fri, 22 May 2020 08:48:38 -0400
Received: from [176.228.60.248] (port=3051 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jc76L-0003bP-Gh; Fri, 22 May 2020 08:48:38 -0400
Date: Fri, 22 May 2020 15:48:40 +0300
Message-Id: <83lflk2l07.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
 (message from Pip Cet on Fri, 22 May 2020 12:39:27 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
 <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Fri, 22 May 2020 12:39:27 +0000
> Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> 
> > Sorry, I don't follow.  "xtype" shows the type of the last result,
> > AFAIK, in this case the type of $29.  If this changed somehow, either
> > we have a bug in .gdbinit or I have been using GDB incorrectly for I
> > don't know how many years.
> 
> I think it's most likely to be a GDB bug, and I can't reproduce it here.
> 
> But it's definitely trying to access memory at address 0x18ac04f8,
> which corresponds to start_marker.

My interpretation of that equality was that both start_marker and the
buffer's overlay chain git invalidated because some code relocated
objects and unmapped the previously referenced memory, perhaps due to
GC.  I don't yet have an explanation for how this could happen, so
maybe this hypothesis is wrong.

>   (gdb) p rvoe_arg.location
>   $35 = (Lisp_Object *) 0x15c9298 <globals+120>
>   (gdb) xtype
>   Lisp_Vectorlike
>   Cannot access memory at address 0x18ac04f8
>   (gdb) p rvoe_arg.errorp
>   $36 = false
> 
> Surely rvoe_arg.location isn't a vectorlike, so that also points to
> GDB not dealing with things correctly.

rvoe_arg.location should be a pointer to the value of
before-change-functions, so yes, it isn't supposed to be vectorlike.
But I very much doubt there's such a blatant bug in GDB: this is the
latest GDB 9.1, and I'm using these commands from .gdbinit all the
time.  I tend to think this is somehow part of the bug that caused the
crash.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 12:40:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 08:40:11 2020
Received: from localhost ([127.0.0.1]:58339 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc6yB-0006w6-Ke
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 08:40:11 -0400
Received: from mail-oi1-f177.google.com ([209.85.167.177]:43009)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jc6y9-0006vk-OV
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 08:40:10 -0400
Received: by mail-oi1-f177.google.com with SMTP id i22so9138070oik.10
 for <41321 <at> debbugs.gnu.org>; Fri, 22 May 2020 05:40:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=0cZlLosrT1wh8dox16BR6Di3FXorI+5qCyGxJJbZTQA=;
 b=jKeABuOw0k4TKgVly0KMk9i3WOU4REo3PX9fua9uoeWsd2brhq7ssZVDRdZYuMmbJm
 GgR0fJ20PXyNjnF1MDEcRZ4tRYi5agPJ0/AsSUbLwAD3YOyXPBD7MehYxH3j4Pv9jjK2
 lOC+Q+O5CdjIBOW8iTNwf0JigsQIJQ9hGkFKwLJfbxeomBGDdLTLYmabmeXLSklb+7xX
 vL5Q+49z+2Cs7k76C9AumwnIwN2vdXjKc/gVEulnEJLlLlAONl6PPGNpnAEcbtxdrqWd
 Pg7ZjXZk5GIp9xrkI++JUH5AIddIPKNAunEJb6fBe0gdRD1B7UEbjPw4x8N6Dts3TO/5
 D8lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=0cZlLosrT1wh8dox16BR6Di3FXorI+5qCyGxJJbZTQA=;
 b=stgHPvrkOJsiL0zkoCbgenWFdofRHsPIeH3s2a0YhPDj0LY0CK8P2CWrrToT+sZJTE
 NYw6uwH+E72dvMGpJuHPMfeSiUfjOF+mErJf6twuXLKbBflEZ41BaJerVBhFor56f+HL
 Zy8hCA1pNrLEtYolPe6T8leulzzFzcqX7ibhC3PYBnY9ncAotzyE3qwfLr+ylnyi1ZZN
 NxLTpy66NcpcpMcQIJTGEImfM8On9yNPC/HduQfss4fRoZ4xrZ/V0KOSxh5oV5a+qAWg
 Ve8pBTPSFFP/0wWfipboETkxwnWRvF4a2zIHPVAxD7tvsClK7C7VFjUVEPgCbpXv2PG8
 Pn6A==
X-Gm-Message-State: AOAM532t/iL+dNgyfbwpZ2expbDIm9fimOrA02C4kyiXaqWLSnaQVVAz
 CB4tdruDv//sD3ilXRO7YazeJYTSLrxJrcRBc/8=
X-Google-Smtp-Source: ABdhPJykumIl4Rc7irumuH2CJGFQfPAD1dRLPQVlBndRNAzWPQln90+IHdAYaoBwAGciv8jVWMBWZ2lcmMQhjLlvu4Y=
X-Received: by 2002:a05:6808:1c8:: with SMTP id
 x8mr2396294oic.30.1590151203910; 
 Fri, 22 May 2020 05:40:03 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 <83tv082mm1.fsf@HIDDEN>
In-Reply-To: <83tv082mm1.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Fri, 22 May 2020 12:39:27 +0000
Message-ID: <CAOqdjBehfP3r===keyPY4se_wCZkZL-=pOXp2GfDp59UmNj2AA@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Fri, May 22, 2020 at 12:13 PM Eli Zaretskii <eliz@HIDDEN> wrote:
> > From: Pip Cet <pipcet@HIDDEN>
> > Date: Fri, 22 May 2020 11:47:03 +0000
> > Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> >
> > On Fri, May 22, 2020 at 7:22 AM Eli Zaretskii <eliz@HIDDEN> wrote:
> > >   (gdb) p current_buffer->overlays_before
> > >   $28 = (struct Lisp_Overlay *) 0x170cb080
> > >   (gdb) p $28->start
> > >   $29 = XIL(0xa0000000170cb040)
> > >   (gdb) xtype
> > >   Lisp_Vectorlike
> > >   Cannot access memory at address 0x18ac04f8
> >
> > Note that didn't try to print $29, but the original invalid marker.
>
> Sorry, I don't follow.  "xtype" shows the type of the last result,
> AFAIK, in this case the type of $29.  If this changed somehow, either
> we have a bug in .gdbinit or I have been using GDB incorrectly for I
> don't know how many years.

I think it's most likely to be a GDB bug, and I can't reproduce it here.

But it's definitely trying to access memory at address 0x18ac04f8,
which corresponds to start_marker.

  (gdb) p rvoe_arg.location
  $35 = (Lisp_Object *) 0x15c9298 <globals+120>
  (gdb) xtype
  Lisp_Vectorlike
  Cannot access memory at address 0x18ac04f8
  (gdb) p rvoe_arg.errorp
  $36 = false

Surely rvoe_arg.location isn't a vectorlike, so that also points to
GDB not dealing with things correctly.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 12:32:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 08:32:59 2020
Received: from localhost ([127.0.0.1]:58324 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc6rC-0006lF-L4
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 08:32:58 -0400
Received: from eggs.gnu.org ([209.51.188.92]:35214)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jc6qx-0006kN-8Z
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 08:32:58 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47257)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jc6qr-0003to-V2; Fri, 22 May 2020 08:32:37 -0400
Received: from [176.228.60.248] (port=2061 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jc6qr-0000yI-Ac; Fri, 22 May 2020 08:32:37 -0400
Date: Fri, 22 May 2020 15:32:42 +0300
Message-Id: <83r1vc2lqt.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 (message from Pip Cet on Fri, 22 May 2020 11:47:03 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Fri, 22 May 2020 11:47:03 +0000
> Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> 
> On Fri, May 22, 2020 at 7:22 AM Eli Zaretskii <eliz@HIDDEN> wrote:
> >   (gdb) p current_buffer->overlays_before
> >   $28 = (struct Lisp_Overlay *) 0x170cb080
> >   (gdb) p $28->start
> >   $29 = XIL(0xa0000000170cb040)
> >   (gdb) xtype
> >   Lisp_Vectorlike
> >   Cannot access memory at address 0x18ac04f8
> 
> Note that didn't try to print $29, but the original invalid marker. In
> particular, I believe 0x170cb040 is a pointer to a valid marker.
> 
> >   (gdb) p $28->next
> >   $30 = (struct Lisp_Overlay *) 0x13050320
> >   (gdb) p $28->next->start
> >   $31 = XIL(0xa000000016172310)
> >   (gdb) xtype
> >   Lisp_Vectorlike
> >   Cannot access memory at address 0x18ac04f8
> 
> Same here.
> 
> If you could disassemble signal_before_change, we'd know whether
> start_marker and end_marker live in callee-saved registers, and thus
> whether this is likely to be Andrea's bug.

Since $28 is neither start_marker nor end_marker, but the first
overlay on the buffer's overlay chain, how could it be affected by
whether start_marker or end_marker are in a callee-saved register?
What am I missing here?

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 12:14:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 08:14:03 2020
Received: from localhost ([127.0.0.1]:58260 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc6Ys-0006Dw-TP
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 08:14:03 -0400
Received: from eggs.gnu.org ([209.51.188.92]:60972)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jc6Yr-0006Cw-I9
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 08:14:01 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:46669)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jc6Yl-00009F-W7; Fri, 22 May 2020 08:13:56 -0400
Received: from [176.228.60.248] (port=4877 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jc6Yl-0008Pc-7y; Fri, 22 May 2020 08:13:55 -0400
Date: Fri, 22 May 2020 15:13:58 +0300
Message-Id: <83tv082mm1.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
 (message from Pip Cet on Fri, 22 May 2020 11:47:03 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
 <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Fri, 22 May 2020 11:47:03 +0000
> Cc: Stefan Monnier <monnier@HIDDEN>, 41321 <at> debbugs.gnu.org
> 
> On Fri, May 22, 2020 at 7:22 AM Eli Zaretskii <eliz@HIDDEN> wrote:
> >   (gdb) p current_buffer->overlays_before
> >   $28 = (struct Lisp_Overlay *) 0x170cb080
> >   (gdb) p $28->start
> >   $29 = XIL(0xa0000000170cb040)
> >   (gdb) xtype
> >   Lisp_Vectorlike
> >   Cannot access memory at address 0x18ac04f8
> 
> Note that didn't try to print $29, but the original invalid marker.

Sorry, I don't follow.  "xtype" shows the type of the last result,
AFAIK, in this case the type of $29.  If this changed somehow, either
we have a bug in .gdbinit or I have been using GDB incorrectly for I
don't know how many years.

What am I missing?

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 11:47:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 07:47:48 2020
Received: from localhost ([127.0.0.1]:58206 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc69U-0005Yt-1c
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 07:47:48 -0400
Received: from mail-oo1-f52.google.com ([209.85.161.52]:40500)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jc69R-0005Yf-Hb
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 07:47:45 -0400
Received: by mail-oo1-f52.google.com with SMTP id r1so2102636oog.7
 for <41321 <at> debbugs.gnu.org>; Fri, 22 May 2020 04:47:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=UsTgJfvVJULqy6F7BSNWHIxYFwklxCAvmwyX0yVsWCg=;
 b=eWX27rNkA55GtERdDvd71GrU1iEnxgjpPpYv9rH4JSTvVSvnkQWj519qLcsAL3LDk5
 ErUg/XZI1+aRgbnzmk9HgQxIHRVQeORFjduScFI8Vg9pgFDBMrW5CLOrjTwAx73USHcP
 xBP96IV+1+oiBiB/fIVE0KelzORI7PbTNSEL9+Ty9t83RNx+UFu0QrUEJX7O+0UMGaDu
 UHm6mLscMpudQKjYO2aXLTj9g4PtOo2q/Isc8ViWFnBlTt/gJRSD9SjrAzZWA9c1JHaY
 VyAtVk76ONWvcygOYKl2Tw/8hvrIRXLdHAFg5aKUKkQEm4icqj8S3/WlhzDQF0lGTpD6
 vy6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=UsTgJfvVJULqy6F7BSNWHIxYFwklxCAvmwyX0yVsWCg=;
 b=N1HSqqw+36oxOvdFjU64AZk8mIuMd6yNqN9RHmIo2uOfAkDAhTWIfZRab0Q4dCDbcw
 fUQY7gbUxFIOKjgUsih8VuDZ0esS0pyZS923f7ikUQ5y4zvlptDnQjL4sqF3vspgCykj
 c8aZ6wuezmhi9JTcmnMYlb/6AsQFW59bPRrjj2l1QvysqMOMVsRRyJViqcEl3Vw4IZaB
 GPVMZYoT7EIWbHFXEmU1Ma3pXeTGMjPMTcpyTwVM63ZbHMmDyfYNdJXUga8e2WjYYtey
 5jr1i9hJ5svNNEBY6BW5YJykeZwBwkEQfUVZLnHJ/9SD8od6kJxs4cvec/Tz/6pxE266
 hDAg==
X-Gm-Message-State: AOAM533gFK8LmFtIAbMyVwW/L58ZVxce4sth6UXqEc3ykhnLzvKO3JQC
 PpFgzXby33Ln7rcYmBHIWBYy3qmquJbSPTRovgzVr+Uz
X-Google-Smtp-Source: ABdhPJx0036TRs2A0zV00buIbVoBfkPv3sOQbh2YUgaSZhL51FoIzH31zXzmFjUDBcvQXrXl+yRiic48QHDTVQEkVi8=
X-Received: by 2002:a4a:9704:: with SMTP id u4mr2679917ooi.88.1590148059726;
 Fri, 22 May 2020 04:47:39 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
In-Reply-To: <831rncjuwf.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Fri, 22 May 2020 11:47:03 +0000
Message-ID: <CAOqdjBftuHcQR5xh8=J1sxH+Tqeoe8X19owj9ZGmhryMO1cDXQ@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Fri, May 22, 2020 at 7:22 AM Eli Zaretskii <eliz@HIDDEN> wrote:
>   (gdb) p current_buffer->overlays_before
>   $28 = (struct Lisp_Overlay *) 0x170cb080
>   (gdb) p $28->start
>   $29 = XIL(0xa0000000170cb040)
>   (gdb) xtype
>   Lisp_Vectorlike
>   Cannot access memory at address 0x18ac04f8

Note that didn't try to print $29, but the original invalid marker. In
particular, I believe 0x170cb040 is a pointer to a valid marker.

>   (gdb) p $28->next
>   $30 = (struct Lisp_Overlay *) 0x13050320
>   (gdb) p $28->next->start
>   $31 = XIL(0xa000000016172310)
>   (gdb) xtype
>   Lisp_Vectorlike
>   Cannot access memory at address 0x18ac04f8

Same here.

If you could disassemble signal_before_change, we'd know whether
start_marker and end_marker live in callee-saved registers, and thus
whether this is likely to be Andrea's bug.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 11:04:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 07:04:09 2020
Received: from localhost ([127.0.0.1]:58151 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc5TE-0002Nf-OK
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 07:04:08 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53100)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jc5TC-0002NH-Nh
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 07:04:07 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:41080)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jc5T5-0003ez-Qk; Fri, 22 May 2020 07:03:59 -0400
Received: from [176.228.60.248] (port=4546 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jc5T5-0003mF-77; Fri, 22 May 2020 07:03:59 -0400
Date: Fri, 22 May 2020 14:04:03 +0300
Message-Id: <835zco44f0.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Andrea Corallo <akrl@HIDDEN>
In-Reply-To: <xjfy2pkwems.fsf@HIDDEN> (message from Andrea Corallo on Fri, 22
 May 2020 08:35:55 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN> <xjfy2pkwems.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, monnier@HIDDEN, pipcet@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Andrea Corallo <akrl@HIDDEN>
> Cc: pipcet@HIDDEN, Stefan Monnier <monnier@HIDDEN>,
>         41321 <at> debbugs.gnu.org
> Date: Fri, 22 May 2020 08:35:55 +0000
> 
> I'be curious of the outcome if you had a look to your 'garbage_collect'
> assembly to investigate the possible relation with 41357 as suggested
> here
> https://lists.gnu.org/archive/html/bug-gnu-emacs/2020-05/msg01095.html

Sorry, I'm not sure I understand what you mean by the above.  Did you
mean whether I disassembled garbage_collect and looked at the code?
If so, the answer is NO, I didn't yet have time for that.

However, given the latest findings, I now doubt even more that the
issue you identified can have any relation to this problem.  As seen
by the backtrace I've shown in my last message, the buffer's overlay
list has invalid overlay objects at the point of the crash.  The 2
pointers to the overlay lists of a buffer are unconditionally marked
in mark_buffer, so I don't see how problems in GC with Lisp objects in
registers could interfere in this case.  Am I missing something?

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 10:54:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 06:54:08 2020
Received: from localhost ([127.0.0.1]:58147 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc5JX-0008R2-SM
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 06:54:08 -0400
Received: from eggs.gnu.org ([209.51.188.92]:52276)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jc5JW-0008Qq-Ux
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 06:54:07 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:40433)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jc5JR-0002QI-Kn; Fri, 22 May 2020 06:54:01 -0400
Received: from [176.228.60.248] (port=3931 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jc5JP-0002Yk-Gt; Fri, 22 May 2020 06:54:01 -0400
Date: Fri, 22 May 2020 13:54:02 +0300
Message-Id: <837dx444vp.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Stefan Monnier <monnier@HIDDEN>
In-Reply-To: <831rncjuwf.fsf@HIDDEN> (message from Eli Zaretskii on Fri, 22
 May 2020 10:22:56 +0300)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN> <831rncjuwf.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, pipcet@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> Date: Fri, 22 May 2020 10:22:56 +0300
> From: Eli Zaretskii <eliz@HIDDEN>
> Cc: 41321 <at> debbugs.gnu.org
> 
> Since the previous call to before-change-functions already used the
> same overlay markers, I suspect that the call to
> before-change-functions caused the memory to be unmapped (perhaps due
> to GC).

FTR: I am now running the 27.0.91 pretest with the patch for bug#40661
applied.  It's a long shot, since the problem here is not with
pointers to buffer text, but I just want to be sure I didn't
rediscover a complicated way to reproduce that bug ;-)

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 08:36:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 04:36:02 2020
Received: from localhost ([127.0.0.1]:58022 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc39u-0002id-0X
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 04:36:02 -0400
Received: from mx.sdf.org ([205.166.94.20]:60718)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <akrl@HIDDEN>) id 1jc39s-0002iM-6a
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 04:36:00 -0400
Received: from sdf.org (ma.sdf.org [205.166.94.33])
 by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 04M8ZuKk025730
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO);
 Fri, 22 May 2020 08:35:57 GMT
Received: (from akrl@localhost)
 by sdf.org (8.15.2/8.12.8/Submit) id 04M8ZtrJ015172;
 Fri, 22 May 2020 08:35:55 GMT
From: Andrea Corallo <akrl@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
 <831rncjuwf.fsf@HIDDEN>
Date: Fri, 22 May 2020 08:35:55 +0000
In-Reply-To: <831rncjuwf.fsf@HIDDEN> (Eli Zaretskii's message of "Fri, 22 May
 2020 10:22:56 +0300")
Message-ID: <xjfy2pkwems.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>,
 pipcet@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

> FETCH_END calls marker-position, and that segfaults because the marker
> points to invalid memory, which was probably unmapped from the process
> address space (so I guess this is w32-specific, as GNU systems don't
> really return memory to the system).  The start_marker is also
> invalid, it's just that FETCH_END is called first.
>
> Since the previous call to before-change-functions already used the
> same overlay markers, I suspect that the call to
> before-change-functions caused the memory to be unmapped (perhaps due
> to GC).  As you see below, the value of before-change-functions is
>
>   (t syntax-ppss-flush-cache)
>
> So the prime suspect is what happens when syntax-ppss-flush-cache
> runs, and thus I CC Stefan.  The main question to answer now from my
> POV is how come a marker on buffer position 3116 which was valid
> before before-change-functions was called became invalid as result of
> some Lisp, in particular as result of calling before-change-functions.
>
> Here's the backtrace; ideas for further debugging are welcome.

Hi Eli,

I'be curious of the outcome if you had a look to your 'garbage_collect'
assembly to investigate the possible relation with 41357 as suggested
here
https://lists.gnu.org/archive/html/bug-gnu-emacs/2020-05/msg01095.html

Hope it helps

  Andrea

-- 
akrl@HIDDEN

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 22 May 2020 07:23:06 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 22 03:23:06 2020
Received: from localhost ([127.0.0.1]:57922 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jc21J-0000y5-Jo
	for submit <at> debbugs.gnu.org; Fri, 22 May 2020 03:23:06 -0400
Received: from eggs.gnu.org ([209.51.188.92]:33750)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jc21H-0000xO-AU
 for 41321 <at> debbugs.gnu.org; Fri, 22 May 2020 03:23:03 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:59227)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jc21B-0007Ip-MK; Fri, 22 May 2020 03:22:57 -0400
Received: from [176.228.60.248] (port=2917 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jc21B-0007U7-2H; Fri, 22 May 2020 03:22:57 -0400
Date: Fri, 22 May 2020 10:22:56 +0300
Message-Id: <831rncjuwf.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: pipcet@HIDDEN, Stefan Monnier <monnier@HIDDEN>
In-Reply-To: <83imgublku.fsf@HIDDEN> (message from Eli Zaretskii on Sun, 17
 May 2020 18:57:53 +0300)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN> <83imgublku.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> Date: Sun, 17 May 2020 18:57:53 +0300
> From: Eli Zaretskii <eliz@HIDDEN>
> Cc: 41321 <at> debbugs.gnu.org
> 
> > Date: Sun, 17 May 2020 18:28:04 +0300
> > From: Eli Zaretskii <eliz@HIDDEN>
> > Cc: 41321 <at> debbugs.gnu.org
> > 
> > I'm already running with such a breakpoint, let's how it will catch
> > something.                                        ^^^
> 
> Should have been "hope".  Sorry.

It happened again, and now insert-file-contents wasn't involved, so I
guess it's off the hook.  The command which triggered the problem was
self-insert-command, as shown in the backtrace below.  The problem
seems to be with handling overlays when buffer text changes.

The backtrace below, as well as some tinkering with values of relevant
variables, indicate that the buffer has two overlays, both of which
point to invalid memory.  The crash happens here:

  /* Now run the before-change-functions if any.  */
  if (!NILP (Vbefore_change_functions))
    {
      rvoe_arg.location = &Vbefore_change_functions;
      rvoe_arg.errorp = 1;

      PRESERVE_VALUE;
      PRESERVE_START_END;

      /* Mark before-change-functions to be reset to nil in case of error.  */
      record_unwind_protect_ptr (reset_var_on_error, &rvoe_arg);

      /* Actually run the hook functions.  */
      CALLN (Frun_hook_with_args, Qbefore_change_functions,
	     FETCH_START, FETCH_END);

      /* There was no error: unarm the reset_on_error.  */
      rvoe_arg.errorp = 0;
    }

  if (buffer_has_overlays ())
    {
      PRESERVE_VALUE;
      report_overlay_modification (FETCH_START, FETCH_END, 0,  <<<<<<<<<<<<
				   FETCH_START, FETCH_END, Qnil);
    }

FETCH_END calls marker-position, and that segfaults because the marker
points to invalid memory, which was probably unmapped from the process
address space (so I guess this is w32-specific, as GNU systems don't
really return memory to the system).  The start_marker is also
invalid, it's just that FETCH_END is called first.

Since the previous call to before-change-functions already used the
same overlay markers, I suspect that the call to
before-change-functions caused the memory to be unmapped (perhaps due
to GC).  As you see below, the value of before-change-functions is

  (t syntax-ppss-flush-cache)

So the prime suspect is what happens when syntax-ppss-flush-cache
runs, and thus I CC Stefan.  The main question to answer now from my
POV is how come a marker on buffer position 3116 which was valid
before before-change-functions was called became invalid as result of
some Lisp, in particular as result of calling before-change-functions.

Here's the backtrace; ideas for further debugging are welcome.

  Thread 1 received signal SIGSEGV, Segmentation fault.
  PSEUDOVECTORP (code=<optimized out>, a=<optimized out>) at lisp.h:1720
  1720          return PSEUDOVECTOR_TYPEP (XUNTAG (a, Lisp_Vectorlike,
  (gdb) bt
  #0  PSEUDOVECTORP (code=<optimized out>, a=<optimized out>) at lisp.h:1720
  #1  MARKERP (x=<optimized out>) at lisp.h:2618
  #2  CHECK_MARKER (x=XIL(0xa000000018ac0518)) at marker.c:133
  #3  0x010f073c in Fmarker_position (marker=XIL(0xa000000018ac0518))
      at marker.c:452
  #4  0x010edd34 in signal_before_change (preserve_ptr=0x0, end_int=3116,
      start_int=3116) at insdel.c:2179
  #5  prepare_to_modify_buffer_1 (start=start@entry=3116, end=end@entry=3116,
      preserve_ptr=preserve_ptr@entry=0x0) at insdel.c:2007
  #6  0x010ee27d in prepare_to_modify_buffer (start=3116, end=3116,
      preserve_ptr=preserve_ptr@entry=0x0) at insdel.c:2018
  #7  0x010ee54d in insert_1_both (string=string@entry=0x82ef1b "r",
      nchars=nchars@entry=1, nbytes=nbytes@entry=1, inherit=inherit@entry=true,
      prepare=prepare@entry=true, before_markers=before_markers@entry=false)
      at insdel.c:896
  #8  0x010ef005 in insert_1_both (before_markers=false, prepare=true,
      inherit=true, nbytes=1, nchars=1, string=0x82ef1b "r") at insdel.c:697
  #9  insert_and_inherit (string=string@entry=0x82ef1b "r",
      nbytes=nbytes@entry=1) at insdel.c:692
  #10 0x01107160 in internal_self_insert (c=114, n=<optimized out>)
      at cmds.c:477
  #11 0x01107804 in Fself_insert_command (n=make_fixnum(1), c=<optimized out>)
      at cmds.c:302
  #12 0x0114fb6c in funcall_subr (subr=<optimized out>,
      numargs=<optimized out>, numargs@entry=2, args=<optimized out>,
      args@entry=0x82f120) at eval.c:2869
  #13 0x0114d9fd in Ffuncall (nargs=nargs@entry=3, args=args@entry=0x82f118)
      at eval.c:2794
  #14 0x01148f7d in Ffuncall_interactively (nargs=3, args=0x82f118)
      at callint.c:254
  #15 0x0114d9fd in Ffuncall (nargs=4, args=0x82f110) at eval.c:2794
  #16 0x0114dca3 in Fapply (nargs=<optimized out>, nargs@entry=3,
      args=<optimized out>, args@entry=0x82f288) at eval.c:2424
  #17 0x0114aecb in Fcall_interactively (function=XIL(0x43b3350),
      record_flag=<optimized out>, keys=XIL(0xa000000016a31530))
      at callint.c:342
  #18 0x0114fb99 in funcall_subr (subr=<optimized out>,
      numargs=<optimized out>, numargs@entry=3, args=<optimized out>,
      args@entry=0x82f430) at eval.c:2872
  #19 0x0114d9fd in Ffuncall (nargs=4, args=args@entry=0x82f428) at eval.c:2794
  #20 0x0118eaf7 in exec_byte_code (bytestr=<optimized out>,
      vector=<optimized out>, maxdepth=<optimized out>,
      args_template=<optimized out>, nargs=<optimized out>, nargs@entry=1,
      args=<optimized out>, args@entry=0x82f7b8) at bytecode.c:633
  #21 0x0115125f in funcall_lambda (fun=<optimized out>, nargs=nargs@entry=1,
      arg_vector=arg_vector@entry=0x82f7b8) at eval.c:2989
  #22 0x0114d953 in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x82f7b0)
      at eval.c:2808
  #23 0x0114db2c in call1 (fn=XIL(0x3f30), arg1=XIL(0x43b3350)) at eval.c:2654
  #24 0x010d0efe in command_loop_1 () at keyboard.c:1463
  #25 0x0114c91f in internal_condition_case (
      bfun=bfun@entry=0x10d0a0e <command_loop_1>, handlers=XIL(0x90),
      hfun=hfun@entry=0x10c5049 <cmd_error>) at eval.c:1355
  #26 0x010bdbda in command_loop_2 (ignore=XIL(0)) at keyboard.c:1091
  #27 0x0114c8a6 in internal_catch (tag=XIL(0xdfb0),
      func=func@entry=0x10bdbb3 <command_loop_2>, arg=XIL(0)) at eval.c:1116
  #28 0x010bdb5d in command_loop () at keyboard.c:1070
  #29 0x010c4bf3 in recursive_edit_1 () at keyboard.c:714
  #30 0x010c4f0c in Frecursive_edit () at keyboard.c:786
  #31 0x0124a4a4 in main (argc=<optimized out>, argv=<optimized out>)
      at emacs.c:2054

  Lisp Backtrace:
  "self-insert-command" (0x82f120)
  "funcall-interactively" (0x82f118)
  "call-interactively" (0x82f430)
  "command-execute" (0x82f7b8)
  (gdb) fr 3
  #3  CHECK_MARKER (x=XIL(0xa000000018ac0518)) at marker.c:133
  133       CHECK_TYPE (MARKERP (x), Qmarkerp, x);
  (gdb) up
  #4  0x010f073c in Fmarker_position (marker=XIL(0xa000000018ac0518))
      at marker.c:452
  452       CHECK_MARKER (marker);
  (gdb) p marker
  $3 = XIL(0xa000000018ac0518)
  (gdb) xtype
  Lisp_Vectorlike
  Cannot access memory at address 0x18ac0518
  (gdb) p marker+0
  $4 = -6917529027227155176
  (gdb) p/x marker+0
  $5 = 0xa000000018ac0518
  (gdb) up
  #5  0x010edd34 in signal_before_change (preserve_ptr=0x0, end_int=3116,
      start_int=3116) at insdel.c:2179
  2179          report_overlay_modification (FETCH_START, FETCH_END, 0,
  (gdb) p Vbefore_change_functions
  $6 = XIL(0xc000000018dbef20)
  (gdb) xtype
  Lisp_Cons
  (gdb) xcar
  $7 = 0x30
  (gdb) xtype
  Lisp_Symbol
  (gdb) xsymbol
  $8 = (struct Lisp_Symbol *) 0x15ca210 <lispsym+48>
  "t"
  (gdb) p Vbefore_change_functions
  $9 = XIL(0xc000000018dbef20)
  (gdb) xcdr
  $10 = 0xc000000018dbf410
  (gdb) xcar
  $11 = 0xd5c0
  (gdb) xtype
  Lisp_Symbol
  (gdb) xsym
  xsymbol   xsymname
  (gdb) xsymbol
  $12 = (struct Lisp_Symbol *) 0x15d77a0 <lispsym+54720>
  "syntax-ppss-flush-cache"
  (gdb) p Vbefore_change_functions
  $13 = XIL(0xc000000018dbef20)
  (gdb) xcdr
  $14 = 0xc000000018dbf410
  (gdb) xcdr
  $15 = 0x0
  (gdb) p start
  $16 = <optimized out>
  (gdb) p start_int
  $17 = 3116
  (gdb) p end_int
  $18 = 3116
  (gdb) p start_marker
  $19 = XIL(0xa000000018ac04f8)
  (gdb) p end_marker
  $20 = XIL(0xa000000018ac0518)
  (gdb) p start_marker
  $21 = XIL(0xa000000018ac04f8)
  (gdb) xtype
  Lisp_Vectorlike
  Cannot access memory at address 0x18ac04f8
  (gdb) p preserve_ptr
  $22 = (ptrdiff_t *) 0x0
  (gdb) p *(current_buffer->text->beg+3000)
  $23 = 115 's'
  (gdb) p *(current_buffer->text->beg+3000)@200
  $24 = "sense would then\nsuggest us that the feature should be extended to other means of\ndkispaying messages in the echo a", '\000' <repeats 84 times>
  (gdb) p *(current_buffer->text->beg+3116)
  $25 = 0 '\000'
  (gdb) p GPT
  $26 = 3116
  (gdb) p GPT_ADDR
  $27 = (unsigned char *) 0x7d80c2b ""
  (gdb) p current_buffer->overlays_before
  $28 = (struct Lisp_Overlay *) 0x170cb080
  (gdb) p $28->start
  $29 = XIL(0xa0000000170cb040)
  (gdb) xtype
  Lisp_Vectorlike
  Cannot access memory at address 0x18ac04f8
  (gdb) p $28->next
  $30 = (struct Lisp_Overlay *) 0x13050320
  (gdb) p $28->next->start
  $31 = XIL(0xa000000016172310)
  (gdb) xtype
  Lisp_Vectorlike
  Cannot access memory at address 0x18ac04f8
  (gdb) p current_buffer->overlays_after
  $32 = (struct Lisp_Overlay *) 0x0
  (gdb) p $28->next->next
  $33 = (struct Lisp_Overlay *) 0x0
  (gdb) p rvoe_arg.location
  $35 = (Lisp_Object *) 0x15c9298 <globals+120>
  (gdb) xtype
  Lisp_Vectorlike
  Cannot access memory at address 0x18ac04f8
  (gdb) p rvoe_arg.errorp
  $36 = false

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 17 May 2020 15:58:15 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 17 11:58:15 2020
Received: from localhost ([127.0.0.1]:44401 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jaLg7-0005hr-EL
	for submit <at> debbugs.gnu.org; Sun, 17 May 2020 11:58:15 -0400
Received: from eggs.gnu.org ([209.51.188.92]:44726)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jaLg6-0005he-87
 for 41321 <at> debbugs.gnu.org; Sun, 17 May 2020 11:58:14 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:33191)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jaLg0-0007mi-Sf; Sun, 17 May 2020 11:58:08 -0400
Received: from [176.228.60.248] (port=4684 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jaLfs-0006in-L3; Sun, 17 May 2020 11:58:01 -0400
Date: Sun, 17 May 2020 18:57:53 +0300
Message-Id: <83imgublku.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: pipcet@HIDDEN
In-Reply-To: <83r1vibmyj.fsf@HIDDEN> (message from Eli Zaretskii on Sun, 17
 May 2020 18:28:04 +0300)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 <83r1vibmyj.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> Date: Sun, 17 May 2020 18:28:04 +0300
> From: Eli Zaretskii <eliz@HIDDEN>
> Cc: 41321 <at> debbugs.gnu.org
> 
> I'm already running with such a breakpoint, let's how it will catch
> something.                                        ^^^

Should have been "hope".  Sorry.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 17 May 2020 15:28:19 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 17 11:28:19 2020
Received: from localhost ([127.0.0.1]:44323 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jaLD9-0004nS-Jm
	for submit <at> debbugs.gnu.org; Sun, 17 May 2020 11:28:19 -0400
Received: from eggs.gnu.org ([209.51.188.92]:39876)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jaLD7-0004nE-Tb
 for 41321 <at> debbugs.gnu.org; Sun, 17 May 2020 11:28:18 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:60581)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jaLD2-0008Nr-MP; Sun, 17 May 2020 11:28:12 -0400
Received: from [176.228.60.248] (port=2849 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jaLD1-0001wK-N4; Sun, 17 May 2020 11:28:12 -0400
Date: Sun, 17 May 2020 18:28:04 +0300
Message-Id: <83r1vibmyj.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Pip Cet <pipcet@HIDDEN>
In-Reply-To: <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
 (message from Pip Cet on Sun, 17 May 2020 10:56:28 +0000)
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
References: <83zha8cgpi.fsf@HIDDEN>
 <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Pip Cet <pipcet@HIDDEN>
> Date: Sun, 17 May 2020 10:56:28 +0000
> Cc: 41321 <at> debbugs.gnu.org
> 
> What I would do next is run with a breakpoint on wrong_type_argument
> (if that's impossible, change the code in CHECK_MARKER to abort upon
> encountering a PVEC_FREE vector) to see where the reference to the
> freed pseudovector came from. An undo list, maybe?

I'm already running with such a breakpoint, let's how it will catch
something.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 17 May 2020 10:57:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 17 06:57:12 2020
Received: from localhost ([127.0.0.1]:42406 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jaGym-0001o7-6S
	for submit <at> debbugs.gnu.org; Sun, 17 May 2020 06:57:12 -0400
Received: from mail-ot1-f43.google.com ([209.85.210.43]:37902)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@HIDDEN>) id 1jaGyk-0001nu-SL
 for 41321 <at> debbugs.gnu.org; Sun, 17 May 2020 06:57:11 -0400
Received: by mail-ot1-f43.google.com with SMTP id w22so5639900otp.5
 for <41321 <at> debbugs.gnu.org>; Sun, 17 May 2020 03:57:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=fmFsaWgSwVRHH+lCxrbSoa/tv6zNnIIoTL2Mnnk+uqQ=;
 b=fpgktwIzbp3d8H7LrH0RilSnwT93Zx3qR0lFK2q9CT1DziZJlmVFYa7FEBRT9JMAXg
 r41lY3zi21fTHbycBVNScnayu6+VNUayY1LtUjkwVQ1/LlLB7OH2ggbf5lMjYXXsXZWf
 MmNrm3MewWLT6HNX98v6Go2dCpqhxSrE5cOQ1fMgTolgjr3XEiyOntL9CxZNb2X1Wp7a
 lYYxg0kr7GKevivhdXbevxCBBlKwPqY2HhFNeQKpUvWDF9taMq0AbMFsUTgHy7Odc1CB
 sSxZx+mj/WTWqU/hifepebbMHIwOYsWfX8ocjJy8BpEqTuWX0/L7nd4/8A3nF9ND3TcJ
 a2rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=fmFsaWgSwVRHH+lCxrbSoa/tv6zNnIIoTL2Mnnk+uqQ=;
 b=TLRwSgv60HU82YjvVQVI8qX2KtMvyja0CKQi2F1CxZQVCkoxuJd20mkisCpfbLOSfE
 VQqppB8UHzPMirc7XYFg/GN0SSSiraPbpH6HCjnnVtTp10bAHn36REIu28BnS0UI85Vf
 4yOsFmtRvi8rUYuIYSuGSk4U6/mPCb1s25hYAQGskkAzhFc/JE9oiwZMG0exm0v731qE
 6pkIxKhWwSAa1l3/WiQoRwpimdBM3C9nvFb1P401LpMcCMU23ze4DebC2sFMCdlf2IWt
 gswSwBDNjZNJfxbdUey3vOYreXxRaX91fATbtgiPbenIpl/BD7s7al/NF1ieiCUyGbhM
 /O1g==
X-Gm-Message-State: AOAM530cc2luJT54oDrdAaM8hoz1AaPMdSUhrRm+7yPuQTwrhIU6BxKR
 WJ8aTOpERxoYx2jl2lhEVtx6MPJqScLwB94rL7lPfuLA
X-Google-Smtp-Source: ABdhPJx6PR9JPl3N7C99lllOl/oee2BmqucIyDmD6gaqvEmWbcWe0VYLVAfrZ0F2BZZFRmoAvEi4QHNTu0N7KRrPGMM=
X-Received: by 2002:a9d:6a44:: with SMTP id h4mr4008615otn.287.1589713025005; 
 Sun, 17 May 2020 03:57:05 -0700 (PDT)
MIME-Version: 1.0
References: <83zha8cgpi.fsf@HIDDEN>
In-Reply-To: <83zha8cgpi.fsf@HIDDEN>
From: Pip Cet <pipcet@HIDDEN>
Date: Sun, 17 May 2020 10:56:28 +0000
Message-ID: <CAOqdjBf5WThscN54Tg2ef4Hrxkc9P2UWfKRrptSDsd=X7WrRbg@HIDDEN>
Subject: Re: bug#41321: 27.0.91;
 Emacs aborts due to invalid pseudovector objects
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Sat, May 16, 2020 at 10:34 AM Eli Zaretskii <eliz@HIDDEN> wrote:
> So far, I've seen this in a C Mode buffer reverted because "git pull"
> brought a modified version, and in an Info mode buffer reverted
> because the manual was rebuilt after the Texinfo sources were
> modified.  In the latter case I captured a backtrace, see below.
>
> The problem seem to involve invalid markers, perhaps markers that were
> unchained and put on the free list

Even unchained markers shouldn't be put on the free list as long as
they're still reachable, so I suspect the problem is more likely to be
caused by that.

> (witness the PVEC_FREE object that
> caused the abort in the backtrace below, where Emacs seems to be
> trying to display an error message about an invalid marker).

What I would do next is run with a breakpoint on wrong_type_argument
(if that's impossible, change the code in CHECK_MARKER to abort upon
encountering a PVEC_FREE vector) to see where the reference to the
freed pseudovector came from. An undo list, maybe?

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 16 May 2020 16:47:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 16 12:47:48 2020
Received: from localhost ([127.0.0.1]:41614 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jZzyW-0001f3-HM
	for submit <at> debbugs.gnu.org; Sat, 16 May 2020 12:47:48 -0400
Received: from eggs.gnu.org ([209.51.188.92]:37806)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jZzyU-0001eX-CB
 for 41321 <at> debbugs.gnu.org; Sat, 16 May 2020 12:47:46 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:44497)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1jZzyO-00081J-0U; Sat, 16 May 2020 12:47:40 -0400
Received: from [176.228.60.248] (port=3117 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jZzyN-0005Sk-HO; Sat, 16 May 2020 12:47:39 -0400
Date: Sat, 16 May 2020 19:47:29 +0300
Message-Id: <83d073ddy6.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Paul Eggert <eggert@HIDDEN>
In-Reply-To: <a493b7a3-21b9-24ac-0ce5-9dd21175744f@HIDDEN> (message from
 Paul Eggert on Sat, 16 May 2020 09:33:35 -0700)
Subject: Re: 27.0.91; Emacs aborts due to invalid pseudovector objects
References: <a493b7a3-21b9-24ac-0ce5-9dd21175744f@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> Cc: 41321 <at> debbugs.gnu.org
> From: Paul Eggert <eggert@HIDDEN>
> Date: Sat, 16 May 2020 09:33:35 -0700
> 
> I fooled around a bit with emacs-27 on Ubuntu 18.04.4 (compiled in 32-bit mode
> --with-wide-int) and couldn't reproduce it. I'll keep trying.

Yes, I didn't succeed reproducing it on purpose, either.  Not sure
why, maybe there's some other factor that is at work, e.g. how many
markers are there in the buffer.

> Could you give more details about the failures you observed? That might help
> attempts at reproducing. How did you revert your info buffer - was it by typing
> "M-x revert-buffer"? Are you using auto-revert-mode? That sort of thing.

Just "M-x revert-buffer RET" followed by 'y'.  I don't use
auto-revert-mode.

In the Git case, I would usually switch to a buffer visiting the file,
perhaps via "M-.", and Emacs would ask me whether to re-read the file
into its buffer, I'd say yes, and then I see an error about a bad
marker; the next command would abort Emacs.

Message received at 41321 <at> debbugs.gnu.org:

Received: (at 41321) by debbugs.gnu.org; 16 May 2020 16:33:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 16 12:33:44 2020
Received: from localhost ([127.0.0.1]:41574 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jZzku-0001BV-GN
	for submit <at> debbugs.gnu.org; Sat, 16 May 2020 12:33:44 -0400
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:35480)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eggert@HIDDEN>) id 1jZzks-0001BI-TL
 for 41321 <at> debbugs.gnu.org; Sat, 16 May 2020 12:33:43 -0400
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 68E701600DA;
 Sat, 16 May 2020 09:33:37 -0700 (PDT)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id p-nN_3GxQsEh; Sat, 16 May 2020 09:33:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id AE2751600DE;
 Sat, 16 May 2020 09:33:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id fZMwt_EjSu4B; Sat, 16 May 2020 09:33:36 -0700 (PDT)
Received: from [192.168.1.9] (cpe-23-242-74-103.socal.res.rr.com
 [23.242.74.103])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 7544C1600DA;
 Sat, 16 May 2020 09:33:36 -0700 (PDT)
To: Eli Zaretskii <eliz@HIDDEN>
From: Paul Eggert <eggert@HIDDEN>
Subject: Re: 27.0.91; Emacs aborts due to invalid pseudovector objects
Autocrypt: addr=eggert@HIDDEN; prefer-encrypt=mutual; keydata=
 LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkV5QWNtUUJFQURB
 QXlIMnhvVHU3cHBHNUQzYThGTVpFb243NGRDdmM0K3ExWEEySjJ0QnkycHdhVHFmCmhweHhk
 R0E5Smo1MFVKM1BENGJTVUVnTjh0TFowc2FuNDdsNVhUQUZMaTI0NTZjaVNsNW04c0thSGxH
 ZHQ5WG0KQUF0bVhxZVpWSVlYL1VGUzk2ZkR6ZjR4aEVtbS95N0xiWUVQUWRVZHh1NDd4QTVL
 aFRZcDVibHRGM1dZRHoxWQpnZDdneDA3QXV3cDdpdzdlTnZub0RUQWxLQWw4S1lEWnpiRE5D
 UUdFYnBZM2VmWkl2UGRlSStGV1FONFcra2doCnkrUDZhdTZQcklJaFlyYWV1YTdYRGRiMkxT
 MWVuM1NzbUUzUWpxZlJxSS9BMnVlOEpNd3N2WGUvV0szOEV6czYKeDc0aVRhcUkzQUZINmls
 QWhEcXBNbmQvbXNTRVNORnQ3NkRpTzFaS1FNcjlhbVZQa25qZlBtSklTcWRoZ0IxRApsRWR3
 MzRzUk9mNlY4bVp3MHhmcVQ2UEtFNDZMY0ZlZnpzMGtiZzRHT1JmOHZqRzJTZjF0azVlVThN
 Qml5Ti9iClowM2JLTmpOWU1wT0REUVF3dVA4NGtZTGtYMndCeHhNQWhCeHdiRFZadWR6eERa
 SjFDMlZYdWpDT0pWeHEya2wKakJNOUVUWXVVR3FkNzVBVzJMWHJMdzYrTXVJc0hGQVlBZ1Jy
 NytLY3dEZ0JBZndoUEJZWDM0blNTaUhsbUxDKwpLYUhMZUNMRjVaSTJ2S20zSEVlQ1R0bE9n
 N3haRU9OZ3d6TCtmZEtvK0Q2U29DOFJSeEpLczhhM3NWZkk0dDZDCm5yUXp2SmJCbjZneGRn
 Q3U1aTI5SjFRQ1lyQ1l2cWwyVXlGUEFLK2RvOTkvMWpPWFQ0bTI4MzZqMXdBUkFRQUIKdENC
 UVlYVnNJRVZuWjJWeWRDQThaV2RuWlhKMFFHTnpMblZqYkdFdVpXUjFQb2tDUGdRVEFRSUFL
 QVVDVElCeQpaQUliQXdVSkVzd0RBQVlMQ1FnSEF3SUdGUWdDQ1FvTEJCWUNBd0VDSGdFQ0Y0
 QUFDZ2tRN1pmcERtS3FmalJSCkd3LytJajAzZGhZZllsL2dYVlJpdXpWMWdHcmJIayt0bmZy
 SS9DN2ZBZW9GelE1dFZnVmluU2hhUGtabzBIVFAKZjE4eDZJREVkQWlPOE1xbzF5cDBDdEht
 ekdNQ0o1MG80R3JnZmpscjZnLyt2dEVPS2JobGVzek4yWHBKdnB3TQoyUWdHdm4vbGFUTFV1
 OFBIOWFSV1RzN3FKSlpLS0tBYjRzeFljOTJGZWhQdTZGT0QwZERpeWhsREFxNGxPVjJtCmRC
 cHpRYmlvam9aelFMTVF3anBnQ1RLMjU3MmVLOUVPRVF5U1VUaFhyU0l6NkFTZW5wNE5ZVEZI
 czl0dUpRdlgKazlnWkRkUFNsM2JwKzQ3ZEd4bHhFV0xwQklNN3pJT053NGtzNGF6Z1Q4bnZE
 WnhBNUlaSHR2cUJsSkxCT2JZWQowTGU2MVdwMHkzVGxCRGgycWRLOGVZTDQyNlc0c2NFTVN1
 aWc1Z2I4T0F0UWlCVzZrMnNHVXh4ZWl2OG92V3U4CllBWmdLSmZ1b1dJK3VSbk1FZGRydVk4
 SnNvTTU0S2FLdlppa2tLczJiZzFuZHRMVnpIcEo2cUZaQzdRVmplSFUKaDYvQm1ndmRqV1Ba
 WUZUdE4rS0E5Q1dYM0dRS0tnTjN1dTk4OHl6bkQ3TG5COThUNEVVSDFIQS9HbmZCcU1WMQpn
 cHpUdlBjNHFWUWluQ21Ja0VGcDgzemwrRzVmQ2pKSjNXN2l2ekNuWW80S2hLTHBGVW05N29r
 VEtSMkxXM3haCnpFVzRjTFNXTzM4N01USzNDekRPeDVxZTZzNGE5MVp1Wk0vai9UUWRUTERh
 cU5uODNrQTRIcTQ4VUhYWXhjSWgKK05kOGsvM3c2bEZ1b0swd3JPRml5d2pMeCswdXI1am1t
 YmVjQkdIYzF4ZGhBRkc1QWcwRVRJQnlaQUVRQUthRgo2NzhUOXd5SDR3alRyVjFQejNjREVv
 U25WLzBaVXJPVDM3cDFkY0d5ai9JWHExeDY3MEhSVmFoQW1rMHNacFljCjI1UEY5RDVHUFlI
 RldsTmp1UFU5NnJEbmRYQjNoZWRtQlJoTGRDNGJBWGpJNERWK2JtZFZlK3EvSU1ubFpSYVYK
 bG05RWlNQ1ZBUjZ3MTNzUmV1N3FYa1c5cjNSd1kyQXpYc2twL3RBZTRCUktyMVptYnZpMm5i
 blE2ZXBFQzQycgpSYngwQjFFaGpiSVFaNUpIR2syNGlQVDdMZEJnbk5tb3M1d1lqendObGtN
 UUQ1VDBZZHpoazdKK1V4d0E1bTQ2Cm1PaFJEQzJyRlYvQTBnbTVUTHk4RFhqdi9Fc2M0Z1lu
 WWFpNlNRcW5VRVZoNUx1VjhZQ0pCbmlqcytUaXc3MXgKMWljbW42eEdJNDVFdWdKT2dlYyty
 THlwWWdwVnA0eDBISTVUODhxQlJZQ2t4SDNLZzhRbytFV05BOUE0TFJROQpEWDhuam9uYTBn
 ZjBzMDN0b2NLOGtCTjY2VW9xcVB0SEJuYzRlTWdCeW1DZmxLMTJlS2ZkMllZeG55ZzljWmF6
 CldBNVZzbHZUeHBtNzZoYmc1b2lBRUgvVmcvOE14SHlBblBoZnJnd3lQcm1KRWNWQmFmZHNw
 Sm5ZUXhCWU5jbzIKTEZQSWhsT3ZXaDhyNGF0K3MrTTNMYjI2b1VUY3psZ2RXMVNmM1NEQTc3
 Qk1SbkYwRlF5RSs3QXpWNzlNQk40eQpraXFhZXpReHRhRjFGeS90dmtoZmZTbzh1K2R3RzBF
 Z0poK3RlMzhnVGNJU1ZyMEdJUHBsTHo2WWhqcmJIclBSCkYxQ041VXVMOURCR2p4dU4zNVJM
 TlZFZnRhNlJVRmxSNk5jdFRqdnJBQkVCQUFHSkFpVUVHQUVDQUE4RkFreUEKY21RQ0d3d0ZD
 UkxNQXdBQUNna1E3WmZwRG1LcWZqU3JIQS8rS3pBS3ZUeFJoQTlNV05MeEl5SjdTNXVKMTZn
 cwpUM29DalpyQktHRWhLTU9HWDRPMEdBNlZPRXJ5TzdRUkNDWWFoM294U0czOElBbk5laXdK
 WGdVOUJ6a2s4NVVHCmJQRWQ3SEdGL1ZTZUhDUXdXb3U2anFVRFRTRHZuOVloTlRkRzBLWFBN
 NzRhQyt4cjJab3cxTzJtaFhpaGdXS0QKMER3KzBMWVBuVU9zUTBLT0Z4SFhYWUhtUnJTMU9a
 UFU1OUJMdmMrVFJoSWhhZlNIS0x3YlhLKzZja2t4Qng2aAo4ejVjY3BHMFFzNGJGaGRGWW5G
 ckVpZURMb0dtbkUyWUxoZFY2c3dKOVZOQ1M2cExpRW9oVDNmbTdhWG0xNXRaCk9JeXpNWmhI
 UlNBUGJsWHhRMFpTV2pxOG9ScmNZTkZ4YzRXMVVScEFrQkNPWUpvWHZRZkQ1TDNscUFsOFRD
 cUQKVXpZeGhIL3RKaGJEZEhycUhINzY3amFEYVRCMStUYWxwLzJBTUt3Y1hOT2Rpa2xHeGJt
 SFZHNllHbDZnOExyYgpzdTlOWkVJNHlMbEh6dWlrdGhKV2d6KzN2WmhWR3lObHQrSE5Jb0Y2
 Q2pETDJvbXU1Y0VxNFJESE00NFFxUGs2Cmw3TzBwVXZOMW1UNEIrUzFiMDhSS3BxbS9mZjAx
 NUUzN0hOVi9waUl2Smx4R0FZejhQU2Z1R0NCMXRoTVlxbG0KZ2RoZDkvQmFiR0ZiR0dZSEE2
 VTQvVDV6cVUrZjZ4SHkxU3NBUVoxTVNLbEx3ZWtCSVQrNC9jTFJHcUNIam5WMApxNUgvVDZh
 N3Q1bVBrYnpTck9MU280cHVqK0lUb05qWXlZSURCV3pobEExOWF2T2ErcnZVam1IdEQzc0ZO
 N2NYCld0a0dvaThidU5jYnk0VT0KPUFMNm8KLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxP
 Q0stLS0tLQo=
Organization: UCLA Computer Science Department
Message-ID: <a493b7a3-21b9-24ac-0ce5-9dd21175744f@HIDDEN>
Date: Sat, 16 May 2020 09:33:35 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 41321
Cc: 41321 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

I fooled around a bit with emacs-27 on Ubuntu 18.04.4 (compiled in 32-bit mode
--with-wide-int) and couldn't reproduce it. I'll keep trying.

Could you give more details about the failures you observed? That might help
attempts at reproducing. How did you revert your info buffer - was it by typing
"M-x revert-buffer"? Are you using auto-revert-mode? That sort of thing.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 16 May 2020 10:33:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 16 06:33:31 2020
Received: from localhost ([127.0.0.1]:39842 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jZu8J-0006W5-4Q
	for submit <at> debbugs.gnu.org; Sat, 16 May 2020 06:33:31 -0400
Received: from lists.gnu.org ([209.51.188.17]:41768)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jZu8E-0006Vv-Kf
 for submit <at> debbugs.gnu.org; Sat, 16 May 2020 06:33:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36220)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1jZu8E-0003wQ-EP
 for bug-gnu-emacs@HIDDEN; Sat, 16 May 2020 06:33:26 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:39925)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>) id 1jZu8E-0000Aw-5q
 for bug-gnu-emacs@HIDDEN; Sat, 16 May 2020 06:33:26 -0400
Received: from [176.228.60.248] (port=3758 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>) id 1jZu8D-0000z3-IW
 for bug-gnu-emacs@HIDDEN; Sat, 16 May 2020 06:33:25 -0400
Date: Sat, 16 May 2020 13:33:13 +0300
Message-Id: <83zha8cgpi.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: bug-gnu-emacs@HIDDEN
Subject: 27.0.91; Emacs aborts due to invalid pseudovector objects
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

I don't have a reproducible recipe, unfortunately.

What happens is that Emacs aborts a short time after reverting a
buffer (reverted because the file it is visiting was changed on disk).
So far, I've seen this in a C Mode buffer reverted because "git pull"
brought a modified version, and in an Info mode buffer reverted
because the manual was rebuilt after the Texinfo sources were
modified.  In the latter case I captured a backtrace, see below.

The problem seem to involve invalid markers, perhaps markers that were
unchained and put on the free list (witness the PVEC_FREE object that
caused the abort in the backtrace below, where Emacs seems to be
trying to display an error message about an invalid marker).

I don't think I saw such problems in Emacs 27.0.90, so I walked
through all the changes since then till 27.0.91 release, but didn't
see anything that could explain the problem.

Needless to say, this is a serious problem, so I'd like to ask
everyone to please run the latest pretest under a debugger and report
any similar problems with all the details they can provide.

Here's the backtrace and some additional information from the session
where it happened last:

Thread 1 hit Breakpoint 3, 0x77c36bb3 in msvcrt!abort ()
   from C:\WINDOWS\system32\msvcrt.dll
(gdb) bt
#0  0x77c36bb3 in msvcrt!abort () from C:\WINDOWS\system32\msvcrt.dll
#1  0x011cfdd8 in emacs_abort () at w32fns.c:10893
#2  0x01175f3a in print_vectorlike (obj=<optimized out>,
    printcharfun=XIL(0x30), escapeflag=escapeflag@entry=true,
    buf=buf@entry=0x82f07a "") at print.c:1830
#3  0x01172055 in print_object (obj=<optimized out>, printcharfun=XIL(0x30),
    escapeflag=true) at print.c:2148
#4  0x01172f04 in print (obj=<optimized out>, printcharfun=<optimized out>,
    escapeflag=<optimized out>, escapeflag@entry=true) at print.c:1147
#5  0x01173355 in Fprin1 (object=XIL(0xa00000001c9866d8),
    printcharfun=<optimized out>) at print.c:653
#6  0x0117483b in print_error_message (data=<optimized out>,
    stream=<optimized out>, context=<optimized out>, caller=<optimized out>)
    at print.c:979
#7  0x010c13c5 in Fcommand_error_default_function (
    data=XIL(0xc000000000ff92e0), context=XIL(0x80000000058e9118),
    sys_signal=XIL(0x5d72548)) at keyboard.c:1029
#8  0x0114fb99 in funcall_subr (subr=<optimized out>,
    numargs=<optimized out>, numargs@entry=3, args=<optimized out>,
    args@entry=0x82f498) at eval.c:2872
#9  0x0114d9fd in Ffuncall (nargs=4, args=0x82f490) at eval.c:2794
#10 0x0114dca3 in Fapply (nargs=<optimized out>, args=<optimized out>)
    at eval.c:2424
#11 0x0114d9fd in Ffuncall (nargs=3, args=args@entry=0x82f590) at eval.c:2794
#12 0x0118eaf7 in exec_byte_code (bytestr=<optimized out>,
    vector=<optimized out>, maxdepth=<optimized out>,
    args_template=<optimized out>, nargs=<optimized out>, nargs@entry=3,
    args=<optimized out>, args@entry=0x82f888) at bytecode.c:633
#13 0x0115125f in funcall_lambda (fun=<optimized out>, nargs=nargs@entry=3,
    arg_vector=arg_vector@entry=0x82f888) at eval.c:2989
#14 0x0114d953 in Ffuncall (nargs=nargs@entry=4, args=args@entry=0x82f880)
    at eval.c:2808
#15 0x01151d29 in call3 (fn=XIL(0xa000000005e00b20),
    arg1=XIL(0xc000000000ff92e0), arg2=XIL(0x80000000058e9118),
    arg3=XIL(0x5d72548)) at eval.c:2668
#16 0x010c5020 in cmd_error_internal (data=XIL(0xc000000000ff92e0),
    context=context@entry=0x82f92e "") at keyboard.c:984
#17 0x010c51e6 in cmd_error (data=XIL(0xc000000000ff92e0)) at keyboard.c:953
#18 0x0114c952 in internal_condition_case (
    bfun=bfun@entry=0x10d0a0e <command_loop_1>, handlers=XIL(0x90),
    hfun=hfun@entry=0x10c5049 <cmd_error>) at eval.c:1351
#19 0x010bdbda in command_loop_2 (ignore=XIL(0)) at keyboard.c:1091
#20 0x0114c8a6 in internal_catch (tag=XIL(0xdfb0),
    func=func@entry=0x10bdbb3 <command_loop_2>, arg=XIL(0)) at eval.c:1116
#21 0x010bdb5d in command_loop () at keyboard.c:1070
#22 0x010c4bf3 in recursive_edit_1 () at keyboard.c:714
#23 0x010c4f0c in Frecursive_edit () at keyboard.c:786
#24 0x0124a4a4 in main (argc=<optimized out>, argv=<optimized out>)
    at emacs.c:2054

Lisp Backtrace:
"command-error-default-function" (0x82f498)
"apply" (0x82f598)
0x5e00b20 PVEC_COMPILED
(gdb) fr 2
#2  0x01175f3a in print_vectorlike (obj=<optimized out>,
    printcharfun=XIL(0x30), escapeflag=escapeflag@entry=true,
    buf=buf@entry=0x82f07a "") at print.c:1830
1830          emacs_abort ();
(gdb) fr 7
#7  0x010c13c5 in Fcommand_error_default_function (
    data=XIL(0xc000000000ff92e0), context=XIL(0x80000000058e9118),
    sys_signal=XIL(0x5d72548)) at keyboard.c:1029
1029          print_error_message (data, Qt, SSDATA (context), signal);
(gdb) p data
$1 = XIL(0xc000000000ff92e0)
(gdb) xtype
Lisp_Cons
(gdb) xcar
$2 = 0xfd80
(gdb) xtype
Lisp_Symbol
(gdb) xsym
xsymbol   xsymname
(gdb) xsymbol
$3 = (struct Lisp_Symbol *) 0x15d9f60 <lispsym+64896>
"wrong-type-argument"
(gdb) p data
$4 = XIL(0xc000000000ff92e0)
(gdb) xcdr
$5 = 0xc000000000ff9300
(gdb) xtype
Lisp_Cons
(gdb) xcar
$6 = 0x9810
(gdb) xtype
Lisp_Symbol
(gdb) xsymbol
$7 = (struct Lisp_Symbol *) 0x15d39f0 <lispsym+38928>
"markerp"
(gdb) p data
$8 = XIL(0xc000000000ff92e0)
(gdb) xcdr
$9 = 0xc000000000ff9300
(gdb) xcdr
$10 = 0xc000000000ff9310
(gdb) xtype
Lisp_Cons
(gdb) xcar
$11 = 0xa00000001c9866d8
(gdb) xtype
Lisp_Vectorlike
PVEC_FREE
(gdb) fr 17
#17 0x010c51e6 in cmd_error (data=XIL(0xc000000000ff92e0)) at keyboard.c:953
953       cmd_error_internal (data, macroerror);

In GNU Emacs 27.0.91 (build 1, i686-pc-mingw32)
 of 2020-04-18 built on HOME-C4E4A596F7
Windowing system distributor 'Microsoft Corp.', version 5.1.2600
System Description: Microsoft Windows XP Service Pack 3 (v5.1.0.2600)

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Configured using:
 'configure --prefix=/d/usr --with-wide-int --with-modules 'CFLAGS=-O2
 -gdwarf-4 -g3''

Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY W32NOTIFY ACL GNUTLS LIBXML2
HARFBUZZ ZLIB TOOLKIT_SCROLL_BARS MODULES THREADS JSON PDUMPER LCMS2 GMP

Important settings:
  value of $LANG: ENU
  locale-coding-system: cp1255

Major mode: Lisp Interaction

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message rmc puny dired dired-loaddefs
format-spec rfc822 mml easymenu mml-sec password-cache epa derived epg
epg-config gnus-util rmail rmail-loaddefs text-property-search time-date
subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode mm-bodies
mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs
cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils
tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type
mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars
term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote threads w32notify w32 lcms2 multi-tty make-network-process
emacs)

Memory information:
((conses 16 50536 10936)
 (symbols 48 7172 1)
 (strings 16 18837 2268)
 (string-bytes 1 532938)
 (vectors 16 9527)
 (vector-slots 8 127687 7318)
 (floats 8 21 170)
 (intervals 40 254 84)
 (buffers 888 11))