Package: emacs;
Reported by: Nathan Froyd <froydnj <at> gmail.com>
Date: Mon, 20 Jan 2014 00:09:03 UTC
Severity: normal
Fixed in version 24.4
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 16502 in the body.
You can then email your comments to 16502 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-gnu-emacs <at> gnu.org:bug#16502; Package emacs.
(Mon, 20 Jan 2014 00:09:03 GMT) Full text and rfc822 format available.Nathan Froyd <froydnj <at> gmail.com>:bug-gnu-emacs <at> gnu.org.
(Mon, 20 Jan 2014 00:09:04 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Nathan Froyd <froydnj <at> gmail.com> To: bug-gnu-emacs <at> gnu.org Subject: segmentation fault with org-capture Date: Sun, 19 Jan 2014 16:15:38 -0500
Given this initialization file, bug-init:
(require 'org)
(require 'org-capture)
(setq org-capture-templates
'(("m" "memories" plain (file "~/memories") "%t %?")))
(global-set-key [f2] 'org-capture)
and starting emacs (24.x or emacs from git) with:
emacs -Q -l bug-init
and then repeatedly pressing the key sequence:
<F2> m C-c C-k
will eventually cause emacs to crash with a segmentation fault, or
consume vast amounts of memory, and then crash. It typically takes
5-6 repetitions of that key sequence.
Consuming vast amounts of memory seems slightly more common with emacs
from git than, say, 24.3.
I have seen segmentation faults happen with a couple of different stacks:
Program received signal SIGSEGV, Segmentation fault.
0x000000000059f29d in copy_properties (source=0x1fba2d8, target=0x0)
at /home/froydnj/src/emacs-24.3/src/intervals.c:138
138 COPY_INTERVAL_CACHE (source, target);
(gdb) where
#0 0x000000000059f29d in copy_properties (source=0x1fba2d8,
target=0x0) at /home/froydnj/src/emacs-24.3/src/intervals.c:138
#1 0x000000000059ff39 in graft_intervals_into_buffer
(source=<optimized out>, position=<optimized out>, length=<optimized
out>, buffer=0x2b9dc50, inherit=false) at
/home/froydnj/src/emacs-24.3/src/intervals.c:1721
#2 0x00000000005072c3 in insert_from_string_1 (string=38589297,
pos=0, pos_byte=0, nchars=20, nbytes=20, inherit=false,
before_markers=false) at /home/froydnj/src/emacs-24.3/src/insdel.c:979
#3 0x0000000000508820 in insert_from_string (string=<optimized out>,
pos=<optimized out>, pos_byte=<optimized out>, length=<optimized out>,
length_byte=<optimized out>, inherit=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/insdel.c:871
#4 0x0000000000549672 in general_insert_function
(insert_func=0x508a70 <insert>, insert_from_string_func=0x5087f0
<insert_from_string>, inherit=false, nargs=1, args=0x7fffffffcff8) at
/home/froydnj/src/emacs-24.3/src/editfns.c:2258
#5 0x000000000054982b in Finsert (nargs=<optimized out>,
args=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/editfns.c:2299
#6 0x000000000058a5b7 in exec_byte_code (bytestr=33128262,
vector=140737488343032, maxdepth=0, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x1) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:1486
#7 0x0000000000552b1f in funcall_lambda (fun=33553573,
nargs=<optimized out>, arg_vector=0x7fffffffd1e0) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#8 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd1d8) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#9 0x0000000000588f43 in exec_byte_code (bytestr=33128262,
vector=140737488343512, maxdepth=0, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x1) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:900
#10 0x0000000000552b1f in funcall_lambda (fun=33551981,
nargs=<optimized out>, arg_vector=0x7fffffffd3c0) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#11 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd3b8) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#12 0x0000000000588f43 in exec_byte_code (bytestr=33128262,
vector=140737488343992, maxdepth=0, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x1) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:900
#13 0x0000000000552517 in eval_sub (form=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/eval.c:2149
#14 0x000000000055529a in internal_lisp_condition_case (var=12103250,
bodyform=33186342, handlers=33185926) at
/home/froydnj/src/emacs-24.3/src/eval.c:1243
#15 0x0000000000589afe in exec_byte_code (bytestr=33128262,
vector=140737488344824, maxdepth=0, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x1) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:1096
#16 0x0000000000552b1f in funcall_lambda (fun=33476477,
nargs=<optimized out>, arg_vector=0x7fffffffd978) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#17 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd970) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#18 0x000000000054f448 in Fcall_interactively (function=16202834,
record_flag=12051570, keys=12086789) at
/home/froydnj/src/emacs-24.3/src/callint.c:852
#19 0x0000000000553035 in Ffuncall (nargs=<optimized out>,
args=0x7fffffffdb40) at /home/froydnj/src/emacs-24.3/src/eval.c:2785
#20 0x0000000000553294 in call3 (fn=<optimized out>, arg1=<optimized
out>, arg2=<optimized out>, arg3=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/eval.c:2603
#21 0x00000000004ec7d3 in command_loop_1 () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1587
#22 0x00000000005513d8 in internal_condition_case (bfun=0x4ec450
<command_loop_1>, handlers=12103250, hfun=0x4e1d40 <cmd_error>) at
/home/froydnj/src/emacs-24.3/src/eval.c:1289
#23 0x00000000004dfede in command_loop_2 (ignore=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1168
#24 0x000000000055129d in internal_catch (tag=2171090632704,
func=0x4dfec0 <command_loop_2>, arg=12051570) at
/home/froydnj/src/emacs-24.3/src/eval.c:1060
#25 0x00000000004e1827 in command_loop () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1147
#26 recursive_edit_1 () at /home/froydnj/src/emacs-24.3/src/keyboard.c:779
#27 0x00000000004e1b54 in Frecursive_edit () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:843
#28 0x00000000004145bf in main (argc=1, argv=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/emacs.c:1528
The line information on this next stack does not appear to be
accurate, as the variable i is usually a null interval, and the crash
happens referencing the interval's plist:
Program received signal SIGSEGV, Segmentation fault.
0x00000000005a280c in interval_has_some_properties_list
(list=40898438, i=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/textprop.c:273
273 for (tail1 = list; CONSP (tail1); tail1 = XCDR (tail1))
(gdb) where
#0 0x00000000005a280c in interval_has_some_properties_list
(list=40898438, i=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/textprop.c:273
#1 0x00000000005a313d in Fremove_list_of_text_properties
(start=13108, end=13188, list_of_properties=40898438, object=44530229)
at /home/froydnj/src/emacs-24.3/src/textprop.c:1590
#2 0x00000000005a9684 in update_compositions (from=3277, to=3297,
check_mask=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/composite.c:596
#3 0x0000000000549672 in general_insert_function
(insert_func=0x508a70 <insert>, insert_from_string_func=0x5087f0
<insert_from_string>, inherit=false, nargs=1, args=0x7fffffffcff8) at
/home/froydnj/src/emacs-24.3/src/editfns.c:2258
#4 0x000000000054982b in Finsert (nargs=<optimized out>,
args=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/editfns.c:2299
#5 0x000000000058a5b7 in exec_byte_code (bytestr=40898438,
vector=140737488343032, maxdepth=6, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x2700f80) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:1486
#6 0x0000000000552b1f in funcall_lambda (fun=33570629,
nargs=<optimized out>, arg_vector=0x7fffffffd1e0) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#7 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd1d8) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#8 0x0000000000588f43 in exec_byte_code (bytestr=40898438,
vector=140737488343512, maxdepth=6, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x2700f80) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:900
#9 0x0000000000552b1f in funcall_lambda (fun=33569037,
nargs=<optimized out>, arg_vector=0x7fffffffd3c0) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#10 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd3b8) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#11 0x0000000000588f43 in exec_byte_code (bytestr=40898438,
vector=140737488343992, maxdepth=6, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x2700f80) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:900
#12 0x0000000000552517 in eval_sub (form=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/eval.c:2149
#13 0x000000000055529a in internal_lisp_condition_case (var=12103250,
bodyform=33181206, handlers=33180742) at
/home/froydnj/src/emacs-24.3/src/eval.c:1243
#14 0x0000000000589afe in exec_byte_code (bytestr=40898438,
vector=140737488344824, maxdepth=6, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x2700f80) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:1096
#15 0x0000000000552b1f in funcall_lambda (fun=33493533,
nargs=<optimized out>, arg_vector=0x7fffffffd978) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#16 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd970) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#17 0x000000000054f448 in Fcall_interactively (function=16202834,
record_flag=12051570, keys=12086789) at
/home/froydnj/src/emacs-24.3/src/callint.c:852
#18 0x0000000000553035 in Ffuncall (nargs=<optimized out>,
args=0x7fffffffdb40) at /home/froydnj/src/emacs-24.3/src/eval.c:2785
#19 0x0000000000553294 in call3 (fn=<optimized out>, arg1=<optimized
out>, arg2=<optimized out>, arg3=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/eval.c:2603
#20 0x00000000004ec7d3 in command_loop_1 () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1587
#21 0x00000000005513d8 in internal_condition_case (bfun=0x4ec450
<command_loop_1>, handlers=12103250, hfun=0x4e1d40 <cmd_error>) at
/home/froydnj/src/emacs-24.3/src/eval.c:1289
#22 0x00000000004dfede in command_loop_2 (ignore=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1168
#23 0x000000000055129d in internal_catch (tag=2918333087744,
func=0x4dfec0 <command_loop_2>, arg=12051570) at
/home/froydnj/src/emacs-24.3/src/eval.c:1060
#24 0x00000000004e1827 in command_loop () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1147
#25 recursive_edit_1 () at /home/froydnj/src/emacs-24.3/src/keyboard.c:779
#26 0x00000000004e1b54 in Frecursive_edit () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:843
#27 0x00000000004145bf in main (argc=1, argv=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/emacs.c:1528
Program received signal SIGSEGV, Segmentation fault.
0x0000000000581b93 in balance_an_interval (i=0xc18620) at
/opt/src/repos/emacs.git/src/intervals.c:442
442 new_diff = i->total_length - i->left->total_length
(gdb) where
#0 0x0000000000581b93 in balance_an_interval (i=0xc18620) at
/opt/src/repos/emacs.git/src/intervals.c:442
#1 0x0000000000581d95 in balance_possible_root_interval
(interval=<optimized out>) at
/opt/src/repos/emacs.git/src/intervals.c:482
#2 0x00000000005829a0 in split_interval_left (interval=0x1b9a428,
offset=<optimized out>) at
/opt/src/repos/emacs.git/src/intervals.c:615
#3 0x0000000000582f49 in graft_intervals_into_buffer
(source=0x1ba62c0, position=2, length=<optimized out>,
buffer=0x1b91c30, inherit=false) at
/opt/src/repos/emacs.git/src/intervals.c:1669
#4 0x00000000004fa349 in insert_from_string_1 (string=26897025,
pos=0, pos_byte=0, nchars=20, nbytes=20, inherit=false,
before_markers=false) at /opt/src/repos/emacs.git/src/insdel.c:976
#5 0x00000000004fb815 in insert_from_string (string=<optimized out>,
pos=<optimized out>, pos_byte=<optimized out>, length=<optimized out>,
length_byte=<optimized out>, inherit=<optimized out>) at
/opt/src/repos/emacs.git/src/insdel.c:868
#6 0x00000000005354d3 in general_insert_function
(insert_func=0x4fba10 <insert>, insert_from_string_func=0x4fb7eb
<insert_from_string>, inherit=false, nargs=1, args=0x7fffffffd188) at
/opt/src/repos/emacs.git/src/editfns.c:2248
#7 0x00000000005355b1 in Finsert (nargs=<optimized out>,
args=<optimized out>) at /opt/src/repos/emacs.git/src/editfns.c:2289
#8 0x000000000056fa17 in exec_byte_code (bytestr=<optimized out>,
vector=25746413, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1559
#9 0x000000000053da0a in funcall_lambda (fun=25746629, nargs=0,
arg_vector=0x7fffffffd370) at /opt/src/repos/emacs.git/src/eval.c:3040
#10 0x000000000053dde4 in Ffuncall (nargs=1, args=0x7fffffffd368) at
/opt/src/repos/emacs.git/src/eval.c:2855
#11 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25475869, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#12 0x000000000053da0a in funcall_lambda (fun=25476181, nargs=1,
arg_vector=0x7fffffffd550) at /opt/src/repos/emacs.git/src/eval.c:3040
#13 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffd548) at
/opt/src/repos/emacs.git/src/eval.c:2855
#14 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25915261, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#15 0x0000000000570c7b in Fbyte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:482
#16 0x000000000053d323 in eval_sub (form=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:2182
#17 0x000000000053ff74 in internal_lisp_condition_case (var=11926946,
bodyform=26157926, handlers=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:1314
#18 0x000000000056ea5b in exec_byte_code (bytestr=<optimized out>,
vector=25472645, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1169
#19 0x000000000053da0a in funcall_lambda (fun=25915301, nargs=1,
arg_vector=0x7fffffffda28) at /opt/src/repos/emacs.git/src/eval.c:3040
#20 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffda20) at
/opt/src/repos/emacs.git/src/eval.c:2855
#21 0x000000000053b345 in Fcall_interactively (function=16111442,
record_flag=11875442, keys=11910461) at
/opt/src/repos/emacs.git/src/callint.c:836
#22 0x000000000053dcd0 in Ffuncall (nargs=4, args=0x7fffffffdbe8) at
/opt/src/repos/emacs.git/src/eval.c:2813
#23 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=9353333, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#24 0x000000000053d810 in funcall_lambda (fun=9353253, nargs=1,
arg_vector=0x7fffffffddd8) at /opt/src/repos/emacs.git/src/eval.c:2974
#25 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffddd0) at
/opt/src/repos/emacs.git/src/eval.c:2855
#26 0x000000000053e031 in call1 (fn=<optimized out>, arg1=<optimized
out>) at /opt/src/repos/emacs.git/src/eval.c:2605
#27 0x00000000004e2c17 in command_loop_1 () at
/opt/src/repos/emacs.git/src/keyboard.c:1552
#28 0x000000000053c4a6 in internal_condition_case (bfun=0x4e26ee
<command_loop_1>, handlers=11926946, hfun=0x4d9ac9 <cmd_error>) at
/opt/src/repos/emacs.git/src/eval.c:1345
#29 0x00000000004d91a1 in command_loop_2 (ignore=<optimized out>) at
/opt/src/repos/emacs.git/src/keyboard.c:1170
#30 0x000000000053c38d in internal_catch (tag=11922882, func=0x4d9187
<command_loop_2>, arg=11875442) at
/opt/src/repos/emacs.git/src/eval.c:1109
#31 0x00000000004d96f2 in command_loop () at
/opt/src/repos/emacs.git/src/keyboard.c:1149
#32 recursive_edit_1 () at /opt/src/repos/emacs.git/src/keyboard.c:777
#33 0x00000000004d99f7 in Frecursive_edit () at
/opt/src/repos/emacs.git/src/keyboard.c:841
#34 0x00000000004d5b4f in main (argc=<optimized out>,
argv=0x7fffffffe178) at /opt/src/repos/emacs.git/src/emacs.c:1643
(gdb) p i
$4 = (INTERVAL) 0xc18620
(gdb) p i->left
$5 = (struct interval *) 0x0
This stack is the result of interrupting emacs while it was allocating
gobs of memory:
#0 0x00007ffff398c2dd in _int_malloc (av=0x7ffff3cc4720, bytes=1016)
at malloc.c:3464
#1 0x00007ffff398efc5 in __GI___libc_malloc (bytes=1016) at malloc.c:2924
#2 0x0000000000524fc0 in lisp_malloc (nbytes=1016,
type=MEM_TYPE_NON_LISP) at /opt/src/repos/emacs.git/src/alloc.c:893
#3 0x0000000000525cec in make_interval () at
/opt/src/repos/emacs.git/src/alloc.c:1245
#4 0x000000000058285b in split_interval_right (interval=0xa2ae13c8,
offset=0) at /opt/src/repos/emacs.git/src/intervals.c:546
#5 0x0000000000584db0 in copy_intervals (tree=<optimized out>,
start=<optimized out>, length=2) at
/opt/src/repos/emacs.git/src/intervals.c:2285
#6 0x0000000000584e5f in copy_intervals_to_string (string=27583649,
buffer=<optimized out>, position=<optimized out>, length=<optimized
out>) at /opt/src/repos/emacs.git/src/intervals.c:2300
#7 0x00000000005394d6 in make_buffer_string_both (start=2,
start_byte=<optimized out>, end=4, end_byte=<optimized out>,
props=true) at /opt/src/repos/emacs.git/src/editfns.c:2511
#8 0x00000000004f98e8 in del_range_2 (from=2, from_byte=2, to=4,
to_byte=4, ret_string=114) at
/opt/src/repos/emacs.git/src/insdel.c:1715
#9 0x00000000004fae92 in del_range_1 (from=2, to=4,
prepare=<optimized out>, ret_string=false) at
/opt/src/repos/emacs.git/src/insdel.c:1591
#10 0x00000000004faee6 in del_range (from=<optimized out>,
to=<optimized out>) at /opt/src/repos/emacs.git/src/insdel.c:1559
#11 0x0000000000533618 in Fdelete_region (start=8, end=16) at
/opt/src/repos/emacs.git/src/editfns.c:3232
#12 0x0000000000570189 in exec_byte_code (bytestr=<optimized out>,
vector=25496157, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1728
#13 0x000000000053da0a in funcall_lambda (fun=25496229, nargs=0,
arg_vector=0x7fffffffd170) at /opt/src/repos/emacs.git/src/eval.c:3040
#14 0x000000000053dde4 in Ffuncall (nargs=1, args=0x7fffffffd168) at
/opt/src/repos/emacs.git/src/eval.c:2855
#15 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25495325, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#16 0x000000000053da0a in funcall_lambda (fun=25495541, nargs=0,
arg_vector=0x7fffffffd350) at /opt/src/repos/emacs.git/src/eval.c:3040
#17 0x000000000053dde4 in Ffuncall (nargs=1, args=0x7fffffffd348) at
/opt/src/repos/emacs.git/src/eval.c:2855
#18 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25493701, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#19 0x000000000053da0a in funcall_lambda (fun=25494013, nargs=1,
arg_vector=0x7fffffffd530) at /opt/src/repos/emacs.git/src/eval.c:3040
#20 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffd528) at
/opt/src/repos/emacs.git/src/eval.c:2855
#21 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25473717, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#22 0x0000000000570c7b in Fbyte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:482
#23 0x000000000053d323 in eval_sub (form=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:2182
#24 0x000000000053ff74 in internal_lisp_condition_case (var=11926946,
bodyform=25460086, handlers=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:1314
#25 0x000000000056ea5b in exec_byte_code (bytestr=<optimized out>,
vector=25473949, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1169
#26 0x000000000053da0a in funcall_lambda (fun=25474533, nargs=1,
arg_vector=0x7fffffffda08) at /opt/src/repos/emacs.git/src/eval.c:3040
#27 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffda00) at
/opt/src/repos/emacs.git/src/eval.c:2855
#28 0x000000000053b345 in Fcall_interactively (function=16111442,
record_flag=11875442, keys=11910461) at
/opt/src/repos/emacs.git/src/callint.c:836
#29 0x000000000053dcd0 in Ffuncall (nargs=4, args=0x7fffffffdbc8) at
/opt/src/repos/emacs.git/src/eval.c:2813
#30 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=9353333, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#31 0x000000000053d810 in funcall_lambda (fun=9353253, nargs=1,
arg_vector=0x7fffffffddb8) at /opt/src/repos/emacs.git/src/eval.c:2974
#32 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffddb0) at
/opt/src/repos/emacs.git/src/eval.c:2855
#33 0x000000000053e031 in call1 (fn=<optimized out>, arg1=<optimized
out>) at /opt/src/repos/emacs.git/src/eval.c:2605
#34 0x00000000004e2c17 in command_loop_1 () at
/opt/src/repos/emacs.git/src/keyboard.c:1552
#35 0x000000000053c4a6 in internal_condition_case (bfun=0x4e26ee
<command_loop_1>, handlers=11926946, hfun=0x4d9ac9 <cmd_error>) at
/opt/src/repos/emacs.git/src/eval.c:1345
#36 0x00000000004d91a1 in command_loop_2 (ignore=<optimized out>) at
/opt/src/repos/emacs.git/src/keyboard.c:1170
#37 0x000000000053c38d in internal_catch (tag=11922882, func=0x4d9187
<command_loop_2>, arg=11875442) at
/opt/src/repos/emacs.git/src/eval.c:1109
#38 0x00000000004d96f2 in command_loop () at
/opt/src/repos/emacs.git/src/keyboard.c:1149
#39 recursive_edit_1 () at /opt/src/repos/emacs.git/src/keyboard.c:777
#40 0x00000000004d99f7 in Frecursive_edit () at
/opt/src/repos/emacs.git/src/keyboard.c:841
#41 0x00000000004d5b4f in main (argc=<optimized out>,
argv=0x7fffffffe158) at /opt/src/repos/emacs.git/src/emacs.c:1643
(gdb)
-Nathan
bug-gnu-emacs <at> gnu.org:bug#16502; Package emacs.
(Mon, 20 Jan 2014 08:22:02 GMT) Full text and rfc822 format available.Message #8 received at 16502 <at> debbugs.gnu.org (full text, mbox):
From: Dmitry Antipov <dmantipov <at> yandex.ru> To: Nathan Froyd <froydnj <at> gmail.com> Cc: 16502 <at> debbugs.gnu.org Subject: Re: bug#16502: segmentation fault with org-capture Date: Mon, 20 Jan 2014 12:20:59 +0400
On 01/20/2014 01:15 AM, Nathan Froyd wrote: > Given this initialization file, bug-init: [...skip...] Reproduced in trunk (as of r116077). Could you please run undumped (temacs) under valgrind? With your recipe, I'm seeing nasty memory management error: valgrind --tool=memcheck ./src/temacs -Q -l /tmp/bug16502.el ==> ==10951== Invalid read of size 8 ==10951== at 0x56142D: PSEUDOVECTOR_TYPEP (lisp.h:2377) ==10951== by 0x56149C: PSEUDOVECTORP (lisp.h:2391) ==10951== by 0x561575: BUFFERP (lisp.h:2437) ==10951== by 0x673C47: find_interval (intervals.c:669) ==10951== by 0x6796F7: validate_interval_range (textprop.c:212) ==10951== by 0x67B190: Ftext_properties_at (textprop.c:601) ==10951== by 0x67B245: Fget_text_property (textprop.c:621) ==10951== by 0x51FAD4: face_at_buffer_position (xfaces.c:5987) ==10951== by 0x4439FD: handle_face_prop (xdisp.c:3815) ==10951== by 0x4427D0: handle_stop (xdisp.c:3319) ==10951== by 0x44C416: reseat (xdisp.c:6359) ==10951== by 0x441789: init_iterator (xdisp.c:2975) ==10951== Address 0x763cb10 is 0 bytes inside a block of size 960 free'd ==10951== at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==10951== by 0x5E1470: lisp_free (alloc.c:931) ==10951== by 0x5EA618: gc_sweep (alloc.c:6637) ==10951== by 0x5E8181: Fgarbage_collect (alloc.c:5572) ==10951== by 0x562277: maybe_gc (lisp.h:4518) ==10951== by 0x60A36B: eval_sub (eval.c:2075) ==10951== by 0x6084A3: internal_lisp_condition_case (eval.c:1314) ==10951== by 0x656A46: exec_byte_code (bytecode.c:1169) ==10951== by 0x60C8DD: funcall_lambda (eval.c:2974) ==10951== by 0x60C275: Ffuncall (eval.c:2855) ==10951== by 0x60AE7C: Fapply (eval.c:2292) ==10951== by 0x60BF66: Ffuncall (eval.c:2787) I.e. the buffer is swept by GC and then (de)referenced in find_interval. Dmitry
bug-gnu-emacs <at> gnu.org:bug#16502; Package emacs.
(Mon, 20 Jan 2014 09:31:01 GMT) Full text and rfc822 format available.Message #11 received at 16502 <at> debbugs.gnu.org (full text, mbox):
From: Dmitry Antipov <dmantipov <at> yandex.ru> To: Nathan Froyd <froydnj <at> gmail.com> Cc: 16502 <at> debbugs.gnu.org Subject: Re: bug#16502: segmentation fault with org-capture Date: Mon, 20 Jan 2014 13:30:47 +0400
[Message part 1 (text/plain, inline)]
On 01/20/2014 12:20 PM, Dmitry Antipov wrote: > Could you please run undumped (temacs) under valgrind? ...and please try this patch (for trunk), if possible. Dmitry
[bug16502.patch (text/x-patch, attachment)]
bug-gnu-emacs <at> gnu.org:bug#16502; Package emacs.
(Mon, 20 Jan 2014 15:30:03 GMT) Full text and rfc822 format available.Message #14 received at 16502 <at> debbugs.gnu.org (full text, mbox):
From: Nathan Froyd <froydnj <at> gmail.com> To: Dmitry Antipov <dmantipov <at> yandex.ru> Cc: 16502 <at> debbugs.gnu.org Subject: Re: bug#16502: segmentation fault with org-capture Date: Mon, 20 Jan 2014 10:29:32 -0500
On Mon, Jan 20, 2014 at 4:30 AM, Dmitry Antipov <dmantipov <at> yandex.ru> wrote: > On 01/20/2014 12:20 PM, Dmitry Antipov wrote: > >> Could you please run undumped (temacs) under valgrind? > > > ...and please try this patch (for trunk), if possible. The patch does not seem to make it much better; I can now do a couple more cycles of <F2> m C-c C-k, but I can still segfault: Program received signal SIGSEGV, Segmentation fault. interval_has_some_properties_list (list=<optimized out>, i=0x0) at /opt/src/repos/emacs.git/src/textprop.c:313 313 for (tail2 = i->plist; CONSP (tail2); tail2 = XCDR (XCDR (tail2))) (gdb) where #0 interval_has_some_properties_list (list=<optimized out>, i=0x0) at /opt/src/repos/emacs.git/src/textprop.c:313 #1 0x00000000005860c6 in Fremove_list_of_text_properties (start=8, end=88, list_of_properties=35158966, object=35587205) at /opt/src/repos/emacs.git/src/textprop.c:1675 #2 0x000000000058c332 in update_compositions (from=2, to=<optimized out>, check_mask=<optimized out>) at /opt/src/repos/emacs.git/src/composite.c:590 #3 0x00000000004fb84e in insert_from_string (string=<optimized out>, pos=<optimized out>, pos_byte=<optimized out>, length=<optimized out>, length_byte=<optimized out>, inherit=<optimized out>) at /opt/src/repos/emacs.git/src/insdel.c:871 #4 0x00000000005354d3 in general_insert_function (insert_func=0x4fba10 <insert>, insert_from_string_func=0x4fb7eb <insert_from_string>, inherit=false, nargs=1, args=0x7fffffffd168) at /opt/src/repos/emacs.git/src/editfns.c:2248 #5 0x00000000005355b1 in Finsert (nargs=<optimized out>, args=<optimized out>) at /opt/src/repos/emacs.git/src/editfns.c:2289 #6 0x000000000056fa17 in exec_byte_code (bytestr=<optimized out>, vector=20010141, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at /opt/src/repos/emacs.git/src/bytecode.c:1559 #7 0x000000000053da0a in funcall_lambda (fun=20014517, nargs=0, arg_vector=0x7fffffffd350) at /opt/src/repos/emacs.git/src/eval.c:3040 #8 0x000000000053dde4 in Ffuncall (nargs=1, args=0x7fffffffd348) at /opt/src/repos/emacs.git/src/eval.c:2855 #9 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>, vector=20009533, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at /opt/src/repos/emacs.git/src/bytecode.c:919 #10 0x000000000053da0a in funcall_lambda (fun=20001933, nargs=1, arg_vector=0x7fffffffd530) at /opt/src/repos/emacs.git/src/eval.c:3040 #11 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffd528) at /opt/src/repos/emacs.git/src/eval.c:2855 #12 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>, vector=19985765, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at /opt/src/repos/emacs.git/src/bytecode.c:919 #13 0x0000000000570c7b in Fbyte_code (bytestr=<optimized out>, vector=<optimized out>, maxdepth=<optimized out>) at /opt/src/repos/emacs.git/src/bytecode.c:482 #14 0x000000000053d323 in eval_sub (form=<optimized out>) at /opt/src/repos/emacs.git/src/eval.c:2182 #15 0x000000000053ff74 in internal_lisp_condition_case (var=11931170, bodyform=33506902, handlers=<optimized out>) at /opt/src/repos/emacs.git/src/eval.c:1314 #16 0x000000000056ea5b in exec_byte_code (bytestr=<optimized out>, vector=19993277, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at /opt/src/repos/emacs.git/src/bytecode.c:1169 #17 0x000000000053da0a in funcall_lambda (fun=19993861, nargs=1, arg_vector=0x7fffffffda08) at /opt/src/repos/emacs.git/src/eval.c:3040 #18 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffda00) at /opt/src/repos/emacs.git/src/eval.c:2855 #19 0x000000000053b345 in Fcall_interactively (function=16681218, record_flag=11879666, keys=11914685) at /opt/src/repos/emacs.git/src/callint.c:836 #20 0x000000000053dcd0 in Ffuncall (nargs=4, args=0x7fffffffdbc8) at /opt/src/repos/emacs.git/src/eval.c:2813 #21 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>, vector=9353333, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at /opt/src/repos/emacs.git/src/bytecode.c:919 #22 0x000000000053d810 in funcall_lambda (fun=9353253, nargs=1, arg_vector=0x7fffffffddb8) at /opt/src/repos/emacs.git/src/eval.c:2974 #23 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffddb0) at /opt/src/repos/emacs.git/src/eval.c:2855 #24 0x000000000053e031 in call1 (fn=<optimized out>, arg1=<optimized out>) at /opt/src/repos/emacs.git/src/eval.c:2605 #25 0x00000000004e2c17 in command_loop_1 () at /opt/src/repos/emacs.git/src/keyboard.c:1552 #26 0x000000000053c4a6 in internal_condition_case (bfun=0x4e26ee <command_loop_1>, handlers=11931170, hfun=0x4d9ac9 <cmd_error>) at /opt/src/repos/emacs.git/src/eval.c:1345 #27 0x00000000004d91a1 in command_loop_2 (ignore=<optimized out>) at /opt/src/repos/emacs.git/src/keyboard.c:1170 #28 0x000000000053c38d in internal_catch (tag=11927106, func=0x4d9187 <command_loop_2>, arg=11879666) at /opt/src/repos/emacs.git/src/eval.c:1109 #29 0x00000000004d96f2 in command_loop () at /opt/src/repos/emacs.git/src/keyboard.c:1149 #30 recursive_edit_1 () at /opt/src/repos/emacs.git/src/keyboard.c:777 #31 0x00000000004d99f7 in Frecursive_edit () at /opt/src/repos/emacs.git/src/keyboard.c:841 #32 0x00000000004d5b4f in main (argc=<optimized out>, argv=0x7fffffffe158) at /opt/src/repos/emacs.git/src/emacs.c:1643 (gdb) Still can run away allocating memory too. What I see in valgrind during a runaway alloc is this: ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x5840EE: set_point_both (intervals.c:1921) ==17543== by 0x58469F: set_point (intervals.c:1816) ==17543== by 0x5363D9: Fgoto_char (editfns.c:239) ==17543== by 0x56F9D6: exec_byte_code (bytecode.c:1553) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x570C7A: Fbyte_code (bytecode.c:482) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x581DA1: balance_possible_root_interval (lisp.h:2377) ==17543== by 0x582A0F: find_interval (intervals.c:675) ==17543== by 0x5840EE: set_point_both (intervals.c:1921) ==17543== by 0x58469F: set_point (intervals.c:1816) ==17543== by 0x5363D9: Fgoto_char (editfns.c:239) ==17543== by 0x56F9D6: exec_byte_code (bytecode.c:1553) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x581DB4: balance_possible_root_interval (buffer.h:1160) ==17543== by 0x582A0F: find_interval (intervals.c:675) ==17543== by 0x5840EE: set_point_both (intervals.c:1921) ==17543== by 0x58469F: set_point (intervals.c:1816) ==17543== by 0x5363D9: Fgoto_char (editfns.c:239) ==17543== by 0x56F9D6: exec_byte_code (bytecode.c:1553) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== Address 0xff05250 is 704 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x584151: set_point_both (intervals.c:1935) ==17543== by 0x58469F: set_point (intervals.c:1816) ==17543== by 0x5363D9: Fgoto_char (editfns.c:239) ==17543== by 0x56F9D6: exec_byte_code (bytecode.c:1553) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x570C7A: Fbyte_code (bytecode.c:482) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x585DA7: validate_interval_range (textprop.c:212) ==17543== by 0x587705: Ftext_properties_at (textprop.c:601) ==17543== by 0x587771: Fget_text_property (textprop.c:621) ==17543== by 0x587B90: get_char_property_and_overlay (textprop.c:688) ==17543== by 0x587C02: Fget_char_property (textprop.c:702) ==17543== by 0x535FF3: Fconstrain_to_field (editfns.c:682) ==17543== by 0x536369: Fline_beginning_position (editfns.c:780) ==17543== by 0x50B4E7: Fbeginning_of_line (cmds.c:172) ==17543== by 0x53DC9B: Ffuncall (eval.c:2806) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x58908E: verify_interval_modification (textprop.c:2280) ==17543== by 0x4F9AEB: prepare_to_modify_buffer_1 (insdel.c:1817) ==17543== by 0x4F9FFB: prepare_to_modify_buffer (insdel.c:1872) ==17543== by 0x4FAE3A: del_range_1 (insdel.c:1584) ==17543== by 0x4FAEE5: del_range (insdel.c:1559) ==17543== by 0x533617: Fdelete_region (editfns.c:3232) ==17543== by 0x570188: exec_byte_code (bytecode.c:1728) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x584CC6: copy_intervals (intervals.c:2265) ==17543== by 0x584E5E: copy_intervals_to_string (intervals.c:2300) ==17543== by 0x5394D5: make_buffer_string_both (editfns.c:2511) ==17543== by 0x4F98E7: del_range_2 (insdel.c:1715) ==17543== by 0x4FAE91: del_range_1 (insdel.c:1591) ==17543== by 0x4FAEE5: del_range (insdel.c:1559) ==17543== by 0x533617: Fdelete_region (editfns.c:3232) ==17543== by 0x570188: exec_byte_code (bytecode.c:1728) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x583F27: offset_intervals (lisp.h:2377) ==17543== by 0x4F9973: del_range_2 (insdel.c:1734) ==17543== by 0x4FAE91: del_range_1 (insdel.c:1591) ==17543== by 0x4FAEE5: del_range (insdel.c:1559) ==17543== by 0x533617: Fdelete_region (editfns.c:3232) ==17543== by 0x570188: exec_byte_code (bytecode.c:1728) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x581ECE: delete_interval (lisp.h:2377) ==17543== by 0x582226: interval_deletion_adjustment (intervals.c:1334) ==17543== by 0x583F99: offset_intervals (intervals.c:1382) ==17543== by 0x4F9973: del_range_2 (insdel.c:1734) ==17543== by 0x4FAE91: del_range_1 (insdel.c:1591) ==17543== by 0x4FAEE5: del_range (insdel.c:1559) ==17543== by 0x533617: Fdelete_region (editfns.c:3232) ==17543== by 0x570188: exec_byte_code (bytecode.c:1728) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x581EE1: delete_interval (buffer.h:1160) ==17543== by 0x582226: interval_deletion_adjustment (intervals.c:1334) ==17543== by 0x583F99: offset_intervals (intervals.c:1382) ==17543== by 0x4F9973: del_range_2 (insdel.c:1734) ==17543== by 0x4FAE91: del_range_1 (insdel.c:1591) ==17543== by 0x4FAEE5: del_range (insdel.c:1559) ==17543== by 0x533617: Fdelete_region (editfns.c:3232) ==17543== by 0x570188: exec_byte_code (bytecode.c:1728) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== Address 0xff05250 is 704 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x5848A1: get_property_and_range (intervals.c:2174) ==17543== by 0x58B462: find_composition (composite.c:431) ==17543== by 0x58BD5E: update_compositions (composite.c:520) ==17543== by 0x4FAEBB: del_range_1 (insdel.c:1594) ==17543== by 0x4FAEE5: del_range (insdel.c:1559) ==17543== by 0x533617: Fdelete_region (editfns.c:3232) ==17543== by 0x570188: exec_byte_code (bytecode.c:1728) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x588C74: verify_interval_modification (textprop.c:2179) ==17543== by 0x4F9B0C: prepare_to_modify_buffer_1 (insdel.c:1823) ==17543== by 0x4F9FFB: prepare_to_modify_buffer (insdel.c:1872) ==17543== by 0x4FA168: insert_from_string_1 (insdel.c:919) ==17543== by 0x4FB814: insert_from_string (insdel.c:868) ==17543== by 0x5354D2: general_insert_function (editfns.c:2248) ==17543== by 0x5355B0: Finsert (editfns.c:2289) ==17543== by 0x56FA16: exec_byte_code (bytecode.c:1559) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x583414: offset_intervals (lisp.h:2377) ==17543== by 0x4FA304: insert_from_string_1 (insdel.c:968) ==17543== by 0x4FB814: insert_from_string (insdel.c:868) ==17543== by 0x5354D2: general_insert_function (editfns.c:2248) ==17543== by 0x5355B0: Finsert (editfns.c:2289) ==17543== by 0x56FA16: exec_byte_code (bytecode.c:1559) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x58344D: offset_intervals (intervals.c:864) ==17543== by 0x4FA304: insert_from_string_1 (insdel.c:968) ==17543== by 0x4FB814: insert_from_string (insdel.c:868) ==17543== by 0x5354D2: general_insert_function (editfns.c:2248) ==17543== by 0x5355B0: Finsert (editfns.c:2289) ==17543== by 0x56FA16: exec_byte_code (bytecode.c:1559) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== Invalid read of size 8 ==17543== at 0x581DA1: balance_possible_root_interval (lisp.h:2377) ==17543== by 0x58362C: offset_intervals (intervals.c:963) ==17543== by 0x4FA304: insert_from_string_1 (insdel.c:968) ==17543== by 0x4FB814: insert_from_string (insdel.c:868) ==17543== by 0x5354D2: general_insert_function (editfns.c:2248) ==17543== by 0x5355B0: Finsert (editfns.c:2289) ==17543== by 0x56FA16: exec_byte_code (bytecode.c:1559) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x581DB4: balance_possible_root_interval (buffer.h:1160) ==17543== by 0x58362C: offset_intervals (intervals.c:963) ==17543== by 0x4FA304: insert_from_string_1 (insdel.c:968) ==17543== by 0x4FB814: insert_from_string (insdel.c:868) ==17543== by 0x5354D2: general_insert_function (editfns.c:2248) ==17543== by 0x5355B0: Finsert (editfns.c:2289) ==17543== by 0x56FA16: exec_byte_code (bytecode.c:1559) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== Address 0xff05250 is 704 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x5829EC: find_interval (lisp.h:2377) ==17543== by 0x582EE0: graft_intervals_into_buffer (intervals.c:1659) ==17543== by 0x4FA348: insert_from_string_1 (insdel.c:976) ==17543== by 0x4FB814: insert_from_string (insdel.c:868) ==17543== by 0x5354D2: general_insert_function (editfns.c:2248) ==17543== by 0x5355B0: Finsert (editfns.c:2289) ==17543== by 0x56FA16: exec_byte_code (bytecode.c:1559) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x581DA1: balance_possible_root_interval (lisp.h:2377) ==17543== by 0x58299F: split_interval_left (intervals.c:615) ==17543== by 0x582F48: graft_intervals_into_buffer (intervals.c:1669) ==17543== by 0x4FA348: insert_from_string_1 (insdel.c:976) ==17543== by 0x4FB814: insert_from_string (insdel.c:868) ==17543== by 0x5354D2: general_insert_function (editfns.c:2248) ==17543== by 0x5355B0: Finsert (editfns.c:2289) ==17543== by 0x56FA16: exec_byte_code (bytecode.c:1559) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x581DB4: balance_possible_root_interval (buffer.h:1160) ==17543== by 0x58299F: split_interval_left (intervals.c:615) ==17543== by 0x582F48: graft_intervals_into_buffer (intervals.c:1669) ==17543== by 0x4FA348: insert_from_string_1 (insdel.c:976) ==17543== by 0x4FB814: insert_from_string (insdel.c:868) ==17543== by 0x5354D2: general_insert_function (editfns.c:2248) ==17543== by 0x5355B0: Finsert (editfns.c:2289) ==17543== by 0x56FA16: exec_byte_code (bytecode.c:1559) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== Address 0xff05250 is 704 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x583414: offset_intervals (lisp.h:2377) ==17543== by 0x4FA538: insert_1_both (insdel.c:839) ==17543== by 0x4FB9C0: insert_and_inherit (insdel.c:593) ==17543== by 0x50B1E9: internal_self_insert (cmds.c:489) ==17543== by 0x50B490: Fself_insert_command (cmds.c:310) ==17543== by 0x53DC9B: Ffuncall (eval.c:2806) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53D80F: funcall_lambda (eval.c:2974) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x583F27: offset_intervals (lisp.h:2377) ==17543== by 0x4FB260: replace_range (insdel.c:1411) ==17543== by 0x5131C2: Freplace_match (search.c:2622) ==17543== by 0x53DD19: Ffuncall (eval.c:2822) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x53DA09: funcall_lambda (eval.c:3040) ==17543== by 0x53DDE3: Ffuncall (eval.c:2855) ==17543== by 0x56DC34: exec_byte_code (bytecode.c:919) ==17543== by 0x570C7A: Fbyte_code (bytecode.c:482) ==17543== Address 0xff04f90 is 0 bytes inside a block of size 960 free'd ==17543== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x52417C: lisp_free (alloc.c:931) ==17543== by 0x528990: Fgarbage_collect (alloc.c:6637) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587) ==17543== by 0x43A3E4: display_mode_element (xdisp.c:21636) ==17543== by 0x43A592: display_mode_element (xdisp.c:21717) ==17543== by 0x43EB91: display_mode_line (xdisp.c:21234) ==17543== by 0x43EDFD: display_mode_lines (xdisp.c:21177) ==17543== ==17543== Invalid read of size 8 ==17543== at 0x8FD6CA0: memrchr (memrchr.S:349) ==17543== by 0x516C1C: find_newline (search.c:838) ==17543== by 0x516E06: find_newline_no_quit (search.c:918) ==17543== by 0x4407BE: back_to_previous_visible_line_start (xdisp.c:6008) ==17543== by 0x441023: move_it_vertically_backward (xdisp.c:9174) ==17543== by 0x45577E: redisplay_window (xdisp.c:16224) ==17543== by 0x45683E: redisplay_window_0 (xdisp.c:14054) ==17543== by 0x53C5B2: internal_condition_case_1 (eval.c:1369) ==17543== by 0x42B95E: redisplay_windows (xdisp.c:14034) ==17543== by 0x42B92F: redisplay_windows (xdisp.c:14028) ==17543== by 0x4430C9: redisplay_internal (xdisp.c:13633) ==17543== by 0x444201: redisplay (xdisp.c:12919) ==17543== Address 0x1094bcc8 is 0 bytes after a block of size 24 alloc'd ==17543== at 0x4C2B7B2: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17543== by 0x524506: xrealloc (alloc.c:717) ==17543== by 0x4F5FE4: enlarge_buffer_text (buffer.c:5068) ==17543== by 0x4F905A: make_gap (insdel.c:465) ==17543== by 0x4F9103: make_gap_1 (insdel.c:503) ==17543== by 0x4F2894: compact_buffer (buffer.c:1677) ==17543== by 0x5279AD: Fgarbage_collect (alloc.c:5461) ==17543== by 0x53DB1E: Ffuncall (lisp.h:4518) ==17543== by 0x53C7E5: internal_condition_case_n (eval.c:1427) ==17543== by 0x42FA86: safe_call (xdisp.c:2563) ==17543== by 0x42FAC9: safe_call1 (xdisp.c:2579) ==17543== by 0x42FD41: safe_eval (xdisp.c:2587)
bug-gnu-emacs <at> gnu.org:bug#16502; Package emacs.
(Mon, 20 Jan 2014 17:14:01 GMT) Full text and rfc822 format available.Message #17 received at 16502 <at> debbugs.gnu.org (full text, mbox):
From: Dmitry Antipov <dmantipov <at> yandex.ru> To: Nathan Froyd <froydnj <at> gmail.com> Cc: 16502 <at> debbugs.gnu.org Subject: Re: bug#16502: segmentation fault with org-capture Date: Mon, 20 Jan 2014 21:13:35 +0400
On 01/20/2014 07:29 PM, Nathan Froyd wrote: > The patch does not seem to make it much better; I can now do a couple > more cycles of <F2> m C-c C-k, but I can still segfault: Hm...I tried a lot with this patch, and was unable to reproduce again. IIUC you're running without ENABLE_CHECKING; could you please try to run debugging version configured with: CFLAGS='-O0 -g3' ./configure --enable-check-lisp-object-type --enable-checking Hopefully eassert will be raised somewhere before SIGSEGV; and all debugging tools works much better with these CFLAGS. If debugging version doesn't work too, try to obtain core dump and put your '-O0 -g3' emacs _and_ temacs binaries plus core dump somewhere on the net - I'll try to look into them. Dmitry
bug-gnu-emacs <at> gnu.org:bug#16502; Package emacs.
(Mon, 20 Jan 2014 17:24:02 GMT) Full text and rfc822 format available.Message #20 received at 16502 <at> debbugs.gnu.org (full text, mbox):
From: Nathan Froyd <froydnj <at> gmail.com> To: Dmitry Antipov <dmantipov <at> yandex.ru> Cc: 16502 <at> debbugs.gnu.org Subject: Re: bug#16502: segmentation fault with org-capture Date: Mon, 20 Jan 2014 12:23:53 -0500
On Mon, Jan 20, 2014 at 12:13 PM, Dmitry Antipov <dmantipov <at> yandex.ru> wrote: > On 01/20/2014 07:29 PM, Nathan Froyd wrote: > Hm...I tried a lot with this patch, and was unable to reproduce again. > IIUC you're running without ENABLE_CHECKING; could you please try to run > debugging version configured with: > > CFLAGS='-O0 -g3' ./configure --enable-check-lisp-object-type > --enable-checking > > Hopefully eassert will be raised somewhere before SIGSEGV; and all debugging > tools works much better with these CFLAGS. I apologize, but previously I only patch --dry-run'd the patch and didn't actually apply it. With the patch properly applied, I cannot reproduce the crashes or the runaway memory allocation. Thank you for looking into this.
bug-gnu-emacs <at> gnu.org:bug#16502; Package emacs.
(Tue, 21 Jan 2014 02:33:01 GMT) Full text and rfc822 format available.Message #23 received at 16502 <at> debbugs.gnu.org (full text, mbox):
From: Dmitry Antipov <dmantipov <at> yandex.ru> To: Nathan Froyd <froydnj <at> gmail.com> Cc: 16502 <at> debbugs.gnu.org Subject: Re: bug#16502: segmentation fault with org-capture Date: Tue, 21 Jan 2014 06:32:29 +0400
On 01/20/2014 09:23 PM, Nathan Froyd wrote: > I apologize, but previously I only patch --dry-run'd the patch and > didn't actually apply it. With the patch properly applied, I cannot > reproduce the crashes or the runaway memory allocation. Thank you for > looking into this. OK, hopefully this should be fixed in r116090. Dmitry
Glenn Morris <rgm <at> gnu.org>
to control <at> debbugs.gnu.org.
(Mon, 27 Jan 2014 20:21:02 GMT) Full text and rfc822 format available.Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Tue, 25 Feb 2014 12:24:03 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.