Philipp <p.stephani2@gmail.com> schrieb am Mo., 5. Juni 2017 um 21:51 Uhr:

>
> Insert the following into /tmp/rec.el:
>
> ;; -*- lexical-binding: t; -*-
>
> (require 'cl-lib)
>
> (defun recurse (i g)
>   (if (= i 0)
>       (funcall g (cl-gensym))
>     (recurse (1- i) g)))
>
> (recurse 100 (lambda (sym)
>                (message "outer: %s" sym)
>                (mapbacktrace
>                 (lambda (_ _ args _)
>                   (recurse 100 (lambda (sym)
>                                  (message "inner: %s %s" sym args)))))))
>
> Then run
>
>   emacs -Q -batch -l /tmp/rec.el
>
> The printed messages will either be way too short, or Emacs will
> segfault.  Re-running the command a couple of times consistently
> generated a segfault for me.
>
> My guess is that pdlvec got reallocated, but Fmapbacktrace uses pointers
> instead of indices to access its element, so they pointers became
> invalidated and point to garbage.


Fixed with commit 3d9d976aa476b1c1098359a1215ad1cabd022d33.