Package: emacs;
Reported by: Mat Smiglarski <penthief <at> SDF.ORG>
Date: Sun, 3 Aug 2014 15:05:02 UTC
Severity: normal
Found in version 24.3.92
Fixed in version 24.3.93
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 18180 in the body.
You can then email your comments to 18180 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-gnu-emacs <at> gnu.org:bug#18180; Package emacs.
(Sun, 03 Aug 2014 15:05:03 GMT) Full text and rfc822 format available.Mat Smiglarski <penthief <at> SDF.ORG>:bug-gnu-emacs <at> gnu.org.
(Sun, 03 Aug 2014 15:05:03 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Mat Smiglarski <penthief <at> SDF.ORG> To: bug-gnu-emacs <at> gnu.org Subject: 24.3.92; Segfault in mark_object Date: Sun, 03 Aug 2014 16:03:09 +0100
[Message part 1 (text/plain, inline)]
This is a segfault during GC, in mark_object.
1. Start emacs
$ emacs -Q
2. Call some code which kills and creates a frame between 2 and 25
times.
This segfault is reasonably straightforward to reproduce, I can cause
the crash within 2 minutes of starting emacs.
On the emacs-24 branch, this seems to occur in mark_object. The issue is
also found on the trunk branch so I have supplied details of this also,
however the backtrace is slightly different.
The issue may relate to bugs #15583 and #17168.
Finally, I have a core dumps which I don't mind sharing for both of
these crashes which are ~350MB each, please ask.
Regards,
Mat
System Info:
In GNU Emacs 24.3.92.3 (x86_64-unknown-linux-gnu, GTK+ Version 3.10.8)
of 2014-08-03 on zz
Windowing system distributor `The X.Org Foundation', version
11.0.11501000
System Description: Ubuntu 14.04 LTS
Important settings:
value of $LC_CTYPE: en_US.UTF-8
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: @im=ibus
locale-coding-system: utf-8-unix
Details of the two segfaults:
Crash on emacs-24 branch
(gdb) p Fsymbol_value(intern("emacs-bzr-version"))
$3 = 12112050
Attachment: backtrace.6212 (Output from bt full)
Crash on trunk:
(gdb) p Fsymbol_value(intern("emacs-bzr-version"))
$1 = 12341426
Attachment: backtrace.6069
2 shorter backtraces follow:
6212 - (gdb) bt full 6
#0 mark_object (arg=<optimized out>) at alloc.c:6248
obj = 139640014399843
cdr_count = 0
#1 0x000000000053b8a0 in Fgarbage_collect () at alloc.c:5647
nextb = 0x19a2c10
stack_top_variable = 0 '\000'
i = <optimized out>
message_p = false
retval = <optimized out>
tot_before = 0
#2 0x00000000005534d2 in maybe_gc () at lisp.h:4564
No locals.
#3 Ffuncall (nargs=5, args=0x7fffffffc738) at eval.c:2766
fun = <optimized out>
original_fun = <optimized out>
numargs = 4
val = <optimized out>
internal_args = <optimized out>
i = <optimized out>
#4 0x00000000005878e5 in exec_byte_code (bytestr=3, vector=2866666,
maxdepth=182,
args_template=12112050, nargs=140737488340816, args=0x5) at
bytecode.c:916
targets = {0x58797c <exec_byte_code+988>, 0x58813f
<exec_byte_code+2975>,
0x588144 <exec_byte_code+2980>, 0x588149
<exec_byte_code+2985>,
0x587772 <exec_byte_code+466>, 0x587778 <exec_byte_code+472>,
0x588919 <exec_byte_code+4985>, 0x588956
<exec_byte_code+5046>,
0x5889d8 <exec_byte_code+5176>, 0x5889dd
<exec_byte_code+5181>,
0x5889a7 <exec_byte_code+5127>, 0x5889ac
<exec_byte_code+5132>,
0x5877a9 <exec_byte_code+521>, 0x5877b0 <exec_byte_code+528>,
0x587e17 <exec_byte_code+2167>, 0x5889b1
<exec_byte_code+5137>,
0x587f83 <exec_byte_code+2531>, 0x587f88
<exec_byte_code+2536>,
0x588005 <exec_byte_code+2661>, 0x58800a
<exec_byte_code+2666>,
0x587815 <exec_byte_code+629>, 0x587818 <exec_byte_code+632>,
0x587fb4 <exec_byte_code+2580>, 0x587f8d
<exec_byte_code+2541>,
0x588036 <exec_byte_code+2710>, 0x58803b
<exec_byte_code+2715>,
0x588040 <exec_byte_code+2720>, 0x588045
<exec_byte_code+2725>,
0x587881 <exec_byte_code+737>, 0x587888 <exec_byte_code+744>,
0x587ff0 <exec_byte_code+2640>, 0x58800f
<exec_byte_code+2671>,
0x588091 <exec_byte_code+2801>, 0x588096
<exec_byte_code+2806>,
0x58809b <exec_byte_code+2811>, 0x5880a5
<exec_byte_code+2821>,
0x5878c3 <exec_byte_code+803>, 0x5878c8 <exec_byte_code+808>,
0x588055 <exec_byte_code+2741>, 0x58806a
<exec_byte_code+2762>,
0x5879f2 <exec_byte_code+1106>, 0x5879f7
<exec_byte_code+1111>,
0x5879fc <exec_byte_code+1116>, 0x5880ca
<exec_byte_code+2858>,
0x587905 <exec_byte_code+869>, 0x587908 <exec_byte_code+872>,
0x5880b5 <exec_byte_code+2837>, 0x5879cb
<exec_byte_code+1067>,
0x58881e <exec_byte_code+4734>, 0x588813
<exec_byte_code+4723>,
0x58871f <exec_byte_code+4479>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588b3e <exec_byte_code+5534>, 0x588bcc
<exec_byte_code+5676>,
0x588c03 <exec_byte_code+5731>, 0x588c3a
<exec_byte_code+5786>,
0x588c71 <exec_byte_code+5841>, 0x587eda
<exec_byte_code+2362>,
0x587f14 <exec_byte_code+2420>, 0x588cb2
<exec_byte_code+5906>,
0x587e9f <exec_byte_code+2303>, 0x587f48
<exec_byte_code+2472>,
0x588ce4 <exec_byte_code+5956>, 0x588d18
<exec_byte_code+6008>,
0x588d40 <exec_byte_code+6048>, 0x588d74
<exec_byte_code+6100>,
0x588da9 <exec_byte_code+6153>, 0x588e20
<exec_byte_code+6272>,
0x588e48 <exec_byte_code+6312>, 0x588e7c
<exec_byte_code+6364>,
0x588eb4 <exec_byte_code+6420>, 0x588edc
<exec_byte_code+6460>,
0x588f04 <exec_byte_code+6500>, 0x588f38
<exec_byte_code+6552>,
0x588f6c <exec_byte_code+6604>, 0x588fa0
<exec_byte_code+6656>,
0x588fd8 <exec_byte_code+6712>, 0x58900d
<exec_byte_code+6765>,
0x589042 <exec_byte_code+6818>, 0x5890b9
<exec_byte_code+6937>,
0x5890f2 <exec_byte_code+6994>, 0x58912b
<exec_byte_code+7051>,
0x589244 <exec_byte_code+7332>, 0x5891d2
<exec_byte_code+7218>,
0x58920b <exec_byte_code+7275>, 0x58927d
<exec_byte_code+7389>,
0x5892b6 <exec_byte_code+7446>, 0x5892eb
<exec_byte_code+7499>,
0x58931d <exec_byte_code+7549>, 0x589352
<exec_byte_code+7602>,
0x589387 <exec_byte_code+7655>, 0x5893bc
<exec_byte_code+7708>,
0x58945a <exec_byte_code+7866>, 0x58794d <exec_byte_code+941>,
0x589490 <exec_byte_code+7920>, 0x5894b8
<exec_byte_code+7960>,
0x589527 <exec_byte_code+8071>, 0x58955d
<exec_byte_code+8125>,
0x589593 <exec_byte_code+8179>, 0x5895bb
<exec_byte_code+8219>,
0x5895e5 <exec_byte_code+8261>, 0x58960f
<exec_byte_code+8303>,
0x58963c <exec_byte_code+8348>, 0x58797c <exec_byte_code+988>,
0x58966b <exec_byte_code+8395>, 0x589698
<exec_byte_code+8440>,
0x5896c5 <exec_byte_code+8485>, 0x5896f2
<exec_byte_code+8530>,
0x58971f <exec_byte_code+8575>, 0x58974c
<exec_byte_code+8620>,
0x58794d <exec_byte_code+941>, 0x58797c <exec_byte_code+988>,
0x589774 <exec_byte_code+8660>, 0x5897b3
<exec_byte_code+8723>,
0x5897db <exec_byte_code+8763>, 0x589803
<exec_byte_code+8803>,
0x589837 <exec_byte_code+8855>, 0x58986b
<exec_byte_code+8907>,
0x5882f2 <exec_byte_code+3410>, 0x5883c8
<exec_byte_code+3624>,
0x589a74 <exec_byte_code+9428>, 0x589aa8
<exec_byte_code+9480>,
0x5883fc <exec_byte_code+3676>, 0x588429
<exec_byte_code+3721>,
0x58797c <exec_byte_code+988>, 0x58866b <exec_byte_code+4299>,
0x587a05 <exec_byte_code+1125>, 0x587e2c
<exec_byte_code+2188>,
0x587c71 <exec_byte_code+1745>, 0x587b13
<exec_byte_code+1395>,
0x587d73 <exec_byte_code+2003>, 0x5885f7
<exec_byte_code+4183>,
0x58864a <exec_byte_code+4266>, 0x587fc9
<exec_byte_code+2601>,
0x58853c <exec_byte_code+3996>, 0x5884de
<exec_byte_code+3902>,
0x5886b7 <exec_byte_code+4375>, 0x5886e6
<exec_byte_code+4422>,
0x58884d <exec_byte_code+4781>, 0x588899
<exec_byte_code+4857>,
0x5888d1 <exec_byte_code+4913>, 0x588ae8
<exec_byte_code+5448>,
0x5884b1 <exec_byte_code+3857>, 0x588451
<exec_byte_code+3761>,
0x588489 <exec_byte_code+3817>, 0x589893
<exec_byte_code+8947>,
0x5898bb <exec_byte_code+8987>, 0x5898e3
<exec_byte_code+9027>,
0x58990b <exec_byte_code+9067>, 0x58993f
<exec_byte_code+9119>,
0x589973 <exec_byte_code+9171>, 0x5899a7
<exec_byte_code+9223>,
0x5899db <exec_byte_code+9275>, 0x588155
<exec_byte_code+2997>,
0x588189 <exec_byte_code+3049>, 0x5881bd
<exec_byte_code+3101>,
0x5881e5 <exec_byte_code+3141>, 0x588219
<exec_byte_code+3193>,
0x58824d <exec_byte_code+3245>, 0x588285
<exec_byte_code+3301>,
0x5882bd <exec_byte_code+3357>, 0x5893f1
<exec_byte_code+7761>,
0x589426 <exec_byte_code+7814>, 0x5880cf
<exec_byte_code+2863>,
0x58810d <exec_byte_code+2925>, 0x58797c <exec_byte_code+988>,
0x587a99 <exec_byte_code+1273>, 0x587d18
<exec_byte_code+1912>,
0x587b83 <exec_byte_code+1507>, 0x587c0e
<exec_byte_code+1646>,
0x58856b <exec_byte_code+4043>, 0x588dde
<exec_byte_code+6206>,
0x589077 <exec_byte_code+6871>, 0x5894e5
<exec_byte_code+8005>,
0x5889e2 <exec_byte_code+5186>, 0x588a1f
<exec_byte_code+5247>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588a70 <exec_byte_code+5328>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588ab8 <exec_byte_code+5400> <repeats 64 times>}
stack = {
pc = 0xac48b8 <pure+2671224> "\207",
byte_string = 9140745,
byte_string_start = 0xac486b <pure+2671147>
"\303\304\b\t\b\305=\203E",
next = 0x7fffffffc9e0
}
result = 3
type = (unknown: 4294952784)
#5 0x000000000055318f in funcall_lambda (fun=9140701,
nargs=nargs <at> entry=2,
arg_vector=arg_vector <at> entry=0x7fffffffc990) at eval.c:3049
val = <optimized out>
syms_left = 12112050
lexenv = 12112050
i = <optimized out>
optional = <optimized out>
rest = <optimized out>
(More stack frames follow...)
Lisp Backtrace:
"Automatic GC" (0xb73088)
"apply" (0xffffc740)
"face-spec-reset-face" (0xffffc990)
"face-spec-recalc" (0xffffcb40)
"byte-code" (0xffffcc30)
"face-set-after-frame-default" (0xffffcf20)
"x-create-frame-with-faces" (0xffffd0d0)
"make-frame" (0xffffd200)
"let*" (0xffffd3f8)
"setq" (0xffffd4e8)
"stupider-speed-read" (0xffffd6c8)
"call-interactively" (0xffffd8d0)
"command-execute" (0xffffda40)
"execute-extended-command" (0xffffdba8)
"call-interactively" (0xffffde20)
"command-execute" (0xffffdf68)
6069 - (gdb) bt full 6
**** bt full 6
#0 XCAR (c=3255377271362580334) at lisp.h:1052
No locals.
#1 compact_undo_list (list=3255377271362580334) at alloc.c:5506
tail = 3255377271362580334
prev = 0x7fffffffb678
#2 garbage_collect_1 (end=0x7fffffffb668) at alloc.c:5675
nextb = 0x194b800
i = <optimized out>
retval = <optimized out>
stack_top_variable = 0 '\000'
message_p = false
tot_before = 0
#3 Fgarbage_collect () at alloc.c:5896
end = 0x7fffffffb668
#4 0x0000000000558ee2 in maybe_gc () at lisp.h:4547
No locals.
#5 Ffuncall (nargs=2, args=0x7fffffffb7f8) at eval.c:2759
fun = <optimized out>
original_fun = <optimized out>
numargs = 1
val = <optimized out>
internal_args = <optimized out>
i = <optimized out>
(More stack frames follow...)
Lisp Backtrace:
"Automatic GC" (0xbaa970)
"purecopy" (0xffffb800)
"set-face-attribute" (0xffffb9b8)
"apply" (0xffffbbc0)
"face-spec-reset-face" (0xffffbe10)
"face-spec-recalc" (0xffffbfc0)
"byte-code" (0xffffc0b0)
"face-set-after-frame-default" (0xffffc3a0)
"x-create-frame-with-faces" (0xffffc550)
"make-frame" (0xffffc680)
"let*" (0xffffc878)
"setq" (0xffffc968)
"stupider-speed-read" (0xffffcbf0)
"funcall-interactively" (0xffffcbe8)
"call-interactively" (0xffffce20)
"command-execute" (0xffffcf90)
"execute-extended-command" (0xffffd190)
"funcall-interactively" (0xffffd188)
"call-interactively" (0xffffd3f0)
"command-execute" (0xffffd538)
"call-last-kbd-macro" (0xffffd780)
"kmacro-call-macro" (0xffffd970)
"kmacro-end-and-call-macro" (0xffffdc00)
"funcall-interactively" (0xffffdbf8)
"call-interactively" (0xffffde00)
"command-execute" (0xffffdf48)
[backtrace.6212 (text/x-asm, attachment)]
[backtrace.6069 (text/x-asm, attachment)]
bug-gnu-emacs <at> gnu.org:bug#18180; Package emacs.
(Sun, 03 Aug 2014 21:09:01 GMT) Full text and rfc822 format available.Message #8 received at 18180 <at> debbugs.gnu.org (full text, mbox):
From: Mat Smiglarski <penthief <at> SDF.ORG> To: 18180 <at> debbugs.gnu.org Subject: Re: bug#18180: Acknowledgement (24.3.92; Segfault in mark_object) Date: Sun, 03 Aug 2014 22:08:15 +0100
Perhaps this valgrind output is helpful?
The crash is reproducible within a couple of minutes so perhaps someone
has some advice for running valgrind? (Although --vgdb=yes caused
valgrind to crash!)
This bug also occurs on 24.3.
Regards,
Mat
▶ valgrind --suppressions=valgrind.supp --track-origins=yes ./temacs -Q
==13689== Memcheck, a memory error detector
==13689== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et
al.
==13689== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for
copyright info
==13689== Command: ./temacs -Q
==13689==
Loading loadup.el (source)...
Using load-path (/home/zz/src/emacs/lisp)
Loading emacs-lisp/byte-run...
Loading emacs-lisp/byte-run...done
Loading emacs-lisp/backquote...
Loading emacs-lisp/backquote...done
Loading subr...
Loading subr...done
Loading version...
Loading version...done
Loading widget...
Loading widget...done
Loading custom...
Loading custom...done
Loading emacs-lisp/map-ynp...
Loading emacs-lisp/map-ynp...done
Loading international/mule...
Loading international/mule...done
Loading international/mule-conf...
Loading international/mule-conf...done
Loading env...
Loading env...done
Loading format...
Loading format...done
Loading bindings...
Loading bindings...done
Loading cus-start...
Loading cus-start...done
Loading window...
Loading window...done
Loading files...
Loading files...done
Loading emacs-lisp/macroexp...
Loading emacs-lisp/macroexp...done
Loading cus-face...
Loading cus-face...done
Loading faces...
Loading faces...done
Loading button...
Loading button...done
Loading startup...
Loading startup...done
Loading loaddefs.el (source)...
Loading loaddefs.el (source)...done
Loading emacs-lisp/nadvice...
Loading emacs-lisp/nadvice...done
Loading minibuffer...
Loading minibuffer...done
Loading abbrev...
Loading abbrev...done
Loading simple...
Loading simple...done
Loading help...
Loading help...done
Loading jka-cmpr-hook...
Loading jka-cmpr-hook...done
Loading epa-hook...
Loading epa-hook...done
Loading international/mule-cmds...
Loading international/mule-cmds...done
Loading case-table...
Loading case-table...done
Loading international/charprop.el (source)...
Loading international/charprop.el (source)...done
Loading international/characters...
Loading international/characters...done
Loading composite...
Loading composite...done
Loading language/chinese...
Loading language/chinese...done
Loading language/cyrillic...
Loading language/cyrillic...done
Loading language/indian...
Loading language/indian...done
Loading language/sinhala...
Loading language/sinhala...done
Loading language/english...
Loading language/english...done
Loading language/ethiopic...
Loading language/ethiopic...done
Loading language/european...
Loading language/european...done
Loading language/czech...
Loading language/czech...done
Loading language/slovak...
Loading language/slovak...done
Loading language/romanian...
Loading language/romanian...done
Loading language/greek...
Loading language/greek...done
Loading language/hebrew...
Loading language/hebrew...done
Loading language/japanese...
Loading international/cp51932.el (source)...
Loading international/cp51932.el (source)...done
Loading international/eucjp-ms.el (source)...
Loading international/eucjp-ms.el (source)...done
Loading language/japanese...done
Loading language/korean...
Loading language/korean...done
Loading language/lao...
Loading language/lao...done
Loading language/tai-viet...
Loading language/tai-viet...done
Loading language/thai...
Loading language/thai...done
Loading language/tibetan...
Loading language/tibetan...done
Loading language/vietnamese...
Loading language/vietnamese...done
Loading language/misc-lang...
Loading language/misc-lang...done
Loading language/utf-8-lang...
Loading language/utf-8-lang...done
Loading language/georgian...
Loading language/georgian...done
Loading language/khmer...
Loading language/khmer...done
Loading language/burmese...
Loading language/burmese...done
Loading language/cham...
Loading language/cham...done
Loading indent...
Loading indent...done
Loading frame...
Loading frame...done
Loading term/tty-colors...
Loading term/tty-colors...done
Loading font-core...
Loading font-core...done
Loading facemenu...
Loading facemenu...done
Loading emacs-lisp/syntax...
Loading emacs-lisp/syntax...done
Loading font-lock...
Loading font-lock...done
Loading jit-lock...
Loading jit-lock...done
Loading mouse...
Loading mouse...done
Loading scroll-bar...
Loading scroll-bar...done
Loading select...
Loading select...done
Loading emacs-lisp/timer...
Loading emacs-lisp/timer...done
Loading isearch...
Loading isearch...done
Loading rfn-eshadow...
Loading rfn-eshadow...done
Loading menu-bar...
Loading menu-bar...done
Loading emacs-lisp/lisp...
Loading emacs-lisp/lisp...done
Loading textmodes/page...
Loading textmodes/page...done
Loading register...
Loading register...done
Loading textmodes/paragraphs...
Loading textmodes/paragraphs...done
Loading progmodes/prog-mode...
Loading progmodes/prog-mode...done
Loading emacs-lisp/lisp-mode...
Loading emacs-lisp/lisp-mode...done
Loading textmodes/text-mode...
Loading textmodes/text-mode...done
Loading textmodes/fill...
Loading textmodes/fill...done
Loading newcomment...
Loading newcomment...done
Loading replace...
Loading replace...done
Loading emacs-lisp/tabulated-list...
Loading emacs-lisp/tabulated-list...done
Loading buff-menu...
Loading buff-menu...done
Loading fringe...
Loading fringe...done
Loading emacs-lisp/regexp-opt...
Loading emacs-lisp/regexp-opt...done
Loading image...
Loading image...done
Loading international/fontset...
Loading international/fontset...done
Loading dnd...
Loading dnd...done
Loading tool-bar...
Loading tool-bar...done
Loading dynamic-setting...
Loading dynamic-setting...done
Loading x-dnd...
Loading x-dnd...done
Loading term/common-win...
Loading term/common-win...done
Loading term/x-win...
Loading term/x-win...done
Loading mwheel...
Loading mwheel...done
Loading emacs-lisp/float-sup...
Loading emacs-lisp/float-sup...done
Loading vc/vc-hooks...
Loading vc/vc-hooks...done
Loading vc/ediff-hook...
Loading vc/ediff-hook...done
Loading uniquify...
Loading uniquify...done
Loading electric...
Loading electric...done
Loading tooltip...
Loading tooltip...done
Loading leim/leim-list.el (source)...
Loading leim/leim-list.el (source)...done
Finding pointers to doc strings...
Finding pointers to doc strings...done
Pure-hashed: 23777 strings, 3453 vectors, 37160 conses, 3245 bytecodes,
82 others
==13689== Conditional jump or move depends on uninitialised value(s)
==13689== at 0xD69EF74: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689== by 0xD6848AB: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689== by 0xD639840: pixman_image_composite32 (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689== by 0x7028C56: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x7069E23: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x705CCBB: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x705D69A: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x705E596: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x701CB26: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x702CE5E: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x7061503: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x702458B: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== Uninitialised value was created by a stack allocation
==13689== at 0xD684640: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689==
==13689== Conditional jump or move depends on uninitialised value(s)
==13689== at 0x83FB337: ??? (in
/usr/lib/x86_64-linux-gnu/librsvg-2.so.2.40.2)
==13689== by 0x83FBF07: rsvg_handle_get_pixbuf_sub (in
/usr/lib/x86_64-linux-gnu/librsvg-2.so.2.40.2)
==13689== by 0x27120E45: ??? (in
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so)
==13689== by 0x6B91211: ??? (in
/usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.3000.7)
==13689== by 0x6B92B41: gdk_pixbuf_new_from_file (in
/usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.3000.7)
==13689== by 0x4C6DE3: xg_set_icon (xfns.c:456)
==13689== by 0x4BB5AE: x_bitmap_icon (xterm.c:7363)
==13689== by 0x4C2D9F: x_set_icon_type (xfns.c:907)
==13689== by 0x423A79: x_set_frame_parameters (frame.c:2932)
==13689== by 0x426293: x_default_parameter (frame.c:4035)
==13689== by 0x4C7FB7: Fx_create_frame (xfns.c:3206)
==13689== by 0x5536E3: Ffuncall (eval.c:2815)
==13689== Uninitialised value was created by a stack allocation
==13689== at 0xD684640: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689==
==13689== Conditional jump or move depends on uninitialised value(s)
==13689== at 0xD69EC6C: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689== by 0xD6848AB: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689== by 0xD639840: pixman_image_composite32 (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689== by 0x7028C56: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x7069E23: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x705CCBB: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x705D69A: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x705E2B6: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x701CA63: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x702CE22: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x7061411: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== by 0x70241E1: ??? (in
/usr/lib/x86_64-linux-gnu/libcairo.so.2.11301.0)
==13689== Uninitialised value was created by a stack allocation
==13689== at 0xD684640: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689==
==13689== Conditional jump or move depends on uninitialised value(s)
==13689== at 0x83FB337: ??? (in
/usr/lib/x86_64-linux-gnu/librsvg-2.so.2.40.2)
==13689== by 0x83FBF07: rsvg_handle_get_pixbuf_sub (in
/usr/lib/x86_64-linux-gnu/librsvg-2.so.2.40.2)
==13689== by 0x27120E45: ??? (in
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so)
==13689== by 0x6B951FA: gdk_pixbuf_loader_close (in
/usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.3000.7)
==13689== by 0x6B91434: ??? (in
/usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.3000.7)
==13689== by 0x6B9307C: gdk_pixbuf_new_from_stream_at_scale (in
/usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.3000.7)
==13689== by 0x5FCF84A: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5FD2FE9: gtk_icon_info_load_icon (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5FD327B: gtk_icon_theme_load_icon_for_scale (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5EEE264: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5EEE6AD: gtk_icon_set_render_icon_surface (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5FCC9FF: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== Uninitialised value was created by a stack allocation
==13689== at 0xD684640: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689==
==13689== Conditional jump or move depends on uninitialised value(s)
==13689== at 0x659B161: gdk_pixbuf_get_from_surface (in
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1000.8)
==13689== by 0x60D59F0: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5EEE2D5: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5EEE6AD: gtk_icon_set_render_icon_surface (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5FCC9FF: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5FCD588: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5FCD725: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5FDF7B1: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x5FDF8F6: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x607ED65: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x607EF72: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== by 0x607F2A7:
gtk_widget_get_preferred_height_and_baseline_for_width (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.1000.8)
==13689== Uninitialised value was created by a stack allocation
==13689== at 0xD684640: ??? (in
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.30.2)
==13689==
ZZ Initial frame is now visible
==13689== Invalid read of size 8
==13689== at 0x53B84E: Fgarbage_collect (lisp.h:1054)
==13689== by 0x5534D1: Ffuncall (lisp.h:4564)
==13689== by 0x5878E4: exec_byte_code (bytecode.c:916)
==13689== by 0x55318E: funcall_lambda (eval.c:3049)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x55491B: Fapply (eval.c:2354)
==13689== by 0x5535D9: Ffuncall (eval.c:2796)
==13689== by 0x5878E4: exec_byte_code (bytecode.c:916)
==13689== by 0x55318E: funcall_lambda (eval.c:3049)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x5878E4: exec_byte_code (bytecode.c:916)
==13689== by 0x55318E: funcall_lambda (eval.c:3049)
==13689== Address 0x279100002870 is not stack'd, malloc'd or (recently)
free'd
==13689==
==13689== Syscall param rt_sigaction(signum) contains uninitialised
byte(s)
==13689== at 0xA5180FA: __libc_sigaction (sigaction.c:64)
==13689== by 0xA517F05: signal (signal.c:47)
==13689== by 0x4E2576: terminate_due_to_signal (emacs.c:351)
==13689== by 0x4FA79D: handle_fatal_signal (sysdep.c:1630)
==13689== by 0x4FA9A2: deliver_fatal_thread_signal (sysdep.c:1604)
==13689== by 0xA2D333F: ??? (in
/lib/x86_64-linux-gnu/libpthread-2.19.so)
==13689== by 0x53B84D: Fgarbage_collect (lisp.h:704)
==13689== by 0x5534D1: Ffuncall (lisp.h:4564)
==13689== by 0x5878E4: exec_byte_code (bytecode.c:916)
==13689== by 0x55318E: funcall_lambda (eval.c:3049)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x55491B: Fapply (eval.c:2354)
==13689== Uninitialised value was created by a heap allocation
==13689== at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13689== by 0x53845E: lisp_malloc (alloc.c:907)
==13689== by 0x5393C2: allocate_buffer (alloc.c:3140)
==13689== by 0x502477: Fmake_indirect_buffer (buffer.c:779)
==13689== by 0x552BC6: eval_sub (eval.c:2191)
==13689== by 0x5553EB: Fsetq (eval.c:545)
==13689== by 0x552CDA: eval_sub (eval.c:2133)
==13689== by 0x552EF4: Fprogn (eval.c:468)
==13689== by 0x55328B: funcall_lambda (eval.c:3042)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x54FACF: Fcall_interactively (callint.c:836)
==13689== by 0x5536C7: Ffuncall (eval.c:2822)
==13689==
==13689== Syscall param rt_sigaction(act->sa_mask) points to
uninitialised byte(s)
==13689== at 0xA5180FA: __libc_sigaction (sigaction.c:64)
==13689== by 0xA517F05: signal (signal.c:47)
==13689== by 0x4E2576: terminate_due_to_signal (emacs.c:351)
==13689== by 0x4FA79D: handle_fatal_signal (sysdep.c:1630)
==13689== by 0x4FA9A2: deliver_fatal_thread_signal (sysdep.c:1604)
==13689== by 0xA2D333F: ??? (in
/lib/x86_64-linux-gnu/libpthread-2.19.so)
==13689== by 0x53B84D: Fgarbage_collect (lisp.h:704)
==13689== by 0x5534D1: Ffuncall (lisp.h:4564)
==13689== by 0x5878E4: exec_byte_code (bytecode.c:916)
==13689== by 0x55318E: funcall_lambda (eval.c:3049)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x55491B: Fapply (eval.c:2354)
==13689== Address 0xffeffc528 is on thread 1's stack
==13689== Uninitialised value was created by a heap allocation
==13689== at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13689== by 0x53845E: lisp_malloc (alloc.c:907)
==13689== by 0x5393C2: allocate_buffer (alloc.c:3140)
==13689== by 0x502477: Fmake_indirect_buffer (buffer.c:779)
==13689== by 0x552BC6: eval_sub (eval.c:2191)
==13689== by 0x5553EB: Fsetq (eval.c:545)
==13689== by 0x552CDA: eval_sub (eval.c:2133)
==13689== by 0x552EF4: Fprogn (eval.c:468)
==13689== by 0x55328B: funcall_lambda (eval.c:3042)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x54FACF: Fcall_interactively (callint.c:836)
==13689== by 0x5536C7: Ffuncall (eval.c:2822)
==13689==
Fatal error 11: Segmentation fault
Backtrace:
./temacs[0x4fb82b]
./temacs[0x4e25ae]
./temacs[0x4fa79e]
./temacs[0x4fa9a3]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x10340)[0xa2d3340]
./temacs[0x53b84e]
./temacs[0x5534d2]
./temacs[0x5878e5]
./temacs[0x55318f]
./temacs[0x5534fb]
./temacs[0x55491c]
./temacs[0x5535da]
./temacs[0x5878e5]
./temacs[0x55318f]
./temacs[0x5534fb]
./temacs[0x5878e5]
./temacs[0x55318f]
./temacs[0x5534fb]
./temacs[0x5878e5]
./temacs[0x552bc7]
./temacs[0x555e79]
./temacs[0x5888ad]
./temacs[0x55318f]
./temacs[0x5534fb]
./temacs[0x5878e5]
./temacs[0x55318f]
./temacs[0x5534fb]
./temacs[0x5878e5]
./temacs[0x55318f]
./temacs[0x552664]
./temacs[0x5529ee]
./temacs[0x552ef5]
./temacs[0x55582e]
./temacs[0x552cdb]
./temacs[0x5553ec]
./temacs[0x552cdb]
./temacs[0x552ef5]
./temacs[0x55328c]
./temacs[0x5534fb]
./temacs[0x54fad0]
./temacs[0x5536c8]
...
==13689== Syscall param rt_sigprocmask(set) points to uninitialised
byte(s)
==13689== at 0xA2D05AA: pthread_sigmask (pthread_sigmask.c:53)
==13689== by 0x4E25CE: terminate_due_to_signal (emacs.c:374)
==13689== by 0x4FA79D: handle_fatal_signal (sysdep.c:1630)
==13689== by 0x4FA9A2: deliver_fatal_thread_signal (sysdep.c:1604)
==13689== by 0xA2D333F: ??? (in
/lib/x86_64-linux-gnu/libpthread-2.19.so)
==13689== by 0x53B84D: Fgarbage_collect (lisp.h:704)
==13689== by 0x5534D1: Ffuncall (lisp.h:4564)
==13689== by 0x5878E4: exec_byte_code (bytecode.c:916)
==13689== by 0x55318E: funcall_lambda (eval.c:3049)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x55491B: Fapply (eval.c:2354)
==13689== by 0x5535D9: Ffuncall (eval.c:2796)
==13689== Address 0xffeffc7b0 is on thread 1's stack
==13689== Uninitialised value was created by a heap allocation
==13689== at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13689== by 0x53845E: lisp_malloc (alloc.c:907)
==13689== by 0x5393C2: allocate_buffer (alloc.c:3140)
==13689== by 0x502477: Fmake_indirect_buffer (buffer.c:779)
==13689== by 0x552BC6: eval_sub (eval.c:2191)
==13689== by 0x5553EB: Fsetq (eval.c:545)
==13689== by 0x552CDA: eval_sub (eval.c:2133)
==13689== by 0x552EF4: Fprogn (eval.c:468)
==13689== by 0x55328B: funcall_lambda (eval.c:3042)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x54FACF: Fcall_interactively (callint.c:836)
==13689== by 0x5536C7: Ffuncall (eval.c:2822)
==13689==
==13689== Syscall param tgkill(sig) contains uninitialised byte(s)
==13689== at 0xA2D320B: raise (pt-raise.c:37)
==13689== by 0x4E25D5: terminate_due_to_signal (emacs.c:378)
==13689== by 0x4FA79D: handle_fatal_signal (sysdep.c:1630)
==13689== by 0x4FA9A2: deliver_fatal_thread_signal (sysdep.c:1604)
==13689== by 0xA2D333F: ??? (in
/lib/x86_64-linux-gnu/libpthread-2.19.so)
==13689== by 0x53B84D: Fgarbage_collect (lisp.h:704)
==13689== by 0x5534D1: Ffuncall (lisp.h:4564)
==13689== by 0x5878E4: exec_byte_code (bytecode.c:916)
==13689== by 0x55318E: funcall_lambda (eval.c:3049)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x55491B: Fapply (eval.c:2354)
==13689== by 0x5535D9: Ffuncall (eval.c:2796)
==13689== Uninitialised value was created by a heap allocation
==13689== at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13689== by 0x53845E: lisp_malloc (alloc.c:907)
==13689== by 0x5393C2: allocate_buffer (alloc.c:3140)
==13689== by 0x502477: Fmake_indirect_buffer (buffer.c:779)
==13689== by 0x552BC6: eval_sub (eval.c:2191)
==13689== by 0x5553EB: Fsetq (eval.c:545)
==13689== by 0x552CDA: eval_sub (eval.c:2133)
==13689== by 0x552EF4: Fprogn (eval.c:468)
==13689== by 0x55328B: funcall_lambda (eval.c:3042)
==13689== by 0x5534FA: Ffuncall (eval.c:2876)
==13689== by 0x54FACF: Fcall_interactively (callint.c:836)
==13689== by 0x5536C7: Ffuncall (eval.c:2822)
==13689==
==13689==
==13689== HEAP SUMMARY:
==13689== in use at exit: 20,334,516 bytes in 92,065 blocks
==13689== total heap usage: 882,254 allocs, 790,189 frees, 263,955,382
bytes allocated
==13689==
==13689== LEAK SUMMARY:
==13689== definitely lost: 7,928 bytes in 60 blocks
==13689== indirectly lost: 25,685 bytes in 870 blocks
==13689== possibly lost: 371,224 bytes in 4,970 blocks
==13689== still reachable: 18,976,287 bytes in 82,851 blocks
==13689== suppressed: 0 bytes in 0 blocks
==13689== Rerun with --leak-check=full to see details of leaked memory
==13689==
==13689== For counts of detected and suppressed errors, rerun with: -v
==13689== ERROR SUMMARY: 1842 errors from 10 contexts (suppressed:
190248 from 753)
[1] 13689 killed valgrind --suppressions=valgrind.supp
--track-origins=yes ./temacs -Q
Here is a similar backtrace from temacs.
(gdb) bt full 6
#0 mark_object (arg=<optimized out>) at alloc.c:6191
ptr = <optimized out>
ptrx = <optimized out>
obj = 8388355822696755058
cdr_count = 0
#1 0x000000000053b8a0 in Fgarbage_collect () at alloc.c:5647
nextb = 0x1d45000
stack_top_variable = 0 '\000'
i = <optimized out>
message_p = false
retval = <optimized out>
tot_before = 0
#2 0x00000000005534d2 in maybe_gc () at lisp.h:4564
No locals.
#3 Ffuncall (nargs=2, args=0x7fffffffcf18) at eval.c:2766
fun = <optimized out>
original_fun = <optimized out>
numargs = 1
val = <optimized out>
internal_args = <optimized out>
i = <optimized out>
#4 0x00000000005878e5 in exec_byte_code (bytestr=2, vector=2866666,
maxdepth=238,
args_template=12116274, nargs=140737488342800, args=0x2) at
bytecode.c:916
targets = {0x58797c <exec_byte_code+988>, 0x58813f
<exec_byte_code+2975>,
0x588144 <exec_byte_code+2980>, 0x588149
<exec_byte_code+2985>,
0x587772 <exec_byte_code+466>, 0x587778 <exec_byte_code+472>,
0x588919 <exec_byte_code+4985>, 0x588956
<exec_byte_code+5046>,
0x5889d8 <exec_byte_code+5176>, 0x5889dd
<exec_byte_code+5181>,
0x5889a7 <exec_byte_code+5127>, 0x5889ac
<exec_byte_code+5132>,
0x5877a9 <exec_byte_code+521>, 0x5877b0 <exec_byte_code+528>,
0x587e17 <exec_byte_code+2167>, 0x5889b1
<exec_byte_code+5137>,
0x587f83 <exec_byte_code+2531>, 0x587f88
<exec_byte_code+2536>,
0x588005 <exec_byte_code+2661>, 0x58800a
<exec_byte_code+2666>,
0x587815 <exec_byte_code+629>, 0x587818 <exec_byte_code+632>,
0x587fb4 <exec_byte_code+2580>, 0x587f8d
<exec_byte_code+2541>,
0x588036 <exec_byte_code+2710>, 0x58803b
<exec_byte_code+2715>,
0x588040 <exec_byte_code+2720>, 0x588045
<exec_byte_code+2725>,
0x587881 <exec_byte_code+737>, 0x587888 <exec_byte_code+744>,
0x587ff0 <exec_byte_code+2640>, 0x58800f
<exec_byte_code+2671>,
0x588091 <exec_byte_code+2801>, 0x588096
<exec_byte_code+2806>,
0x58809b <exec_byte_code+2811>, 0x5880a5
<exec_byte_code+2821>,
0x5878c3 <exec_byte_code+803>, 0x5878c8 <exec_byte_code+808>,
0x588055 <exec_byte_code+2741>, 0x58806a
<exec_byte_code+2762>,
0x5879f2 <exec_byte_code+1106>, 0x5879f7
<exec_byte_code+1111>,
0x5879fc <exec_byte_code+1116>, 0x5880ca
<exec_byte_code+2858>,
0x587905 <exec_byte_code+869>, 0x587908 <exec_byte_code+872>,
0x5880b5 <exec_byte_code+2837>, 0x5879cb
<exec_byte_code+1067>,
0x58881e <exec_byte_code+4734>, 0x588813
<exec_byte_code+4723>,
0x58871f <exec_byte_code+4479>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588b3e <exec_byte_code+5534>, 0x588bcc
<exec_byte_code+5676>,
0x588c03 <exec_byte_code+5731>, 0x588c3a
<exec_byte_code+5786>,
0x588c71 <exec_byte_code+5841>, 0x587eda
<exec_byte_code+2362>,
0x587f14 <exec_byte_code+2420>, 0x588cb2
<exec_byte_code+5906>,
0x587e9f <exec_byte_code+2303>, 0x587f48
<exec_byte_code+2472>,
0x588ce4 <exec_byte_code+5956>, 0x588d18
<exec_byte_code+6008>,
0x588d40 <exec_byte_code+6048>, 0x588d74
<exec_byte_code+6100>,
0x588da9 <exec_byte_code+6153>, 0x588e20
<exec_byte_code+6272>,
0x588e48 <exec_byte_code+6312>, 0x588e7c
<exec_byte_code+6364>,
0x588eb4 <exec_byte_code+6420>, 0x588edc
<exec_byte_code+6460>,
0x588f04 <exec_byte_code+6500>, 0x588f38
<exec_byte_code+6552>,
0x588f6c <exec_byte_code+6604>, 0x588fa0
<exec_byte_code+6656>,
0x588fd8 <exec_byte_code+6712>, 0x58900d
<exec_byte_code+6765>,
0x589042 <exec_byte_code+6818>, 0x5890b9
<exec_byte_code+6937>,
0x5890f2 <exec_byte_code+6994>, 0x58912b
<exec_byte_code+7051>,
0x589244 <exec_byte_code+7332>, 0x5891d2
<exec_byte_code+7218>,
0x58920b <exec_byte_code+7275>, 0x58927d
<exec_byte_code+7389>,
0x5892b6 <exec_byte_code+7446>, 0x5892eb
<exec_byte_code+7499>,
0x58931d <exec_byte_code+7549>, 0x589352
<exec_byte_code+7602>,
0x589387 <exec_byte_code+7655>, 0x5893bc
<exec_byte_code+7708>,
0x58945a <exec_byte_code+7866>, 0x58794d <exec_byte_code+941>,
0x589490 <exec_byte_code+7920>, 0x5894b8
<exec_byte_code+7960>,
0x589527 <exec_byte_code+8071>, 0x58955d
<exec_byte_code+8125>,
0x589593 <exec_byte_code+8179>, 0x5895bb
<exec_byte_code+8219>,
0x5895e5 <exec_byte_code+8261>, 0x58960f
<exec_byte_code+8303>,
0x58963c <exec_byte_code+8348>, 0x58797c <exec_byte_code+988>,
0x58966b <exec_byte_code+8395>, 0x589698
<exec_byte_code+8440>,
0x5896c5 <exec_byte_code+8485>, 0x5896f2
<exec_byte_code+8530>,
0x58971f <exec_byte_code+8575>, 0x58974c
<exec_byte_code+8620>,
0x58794d <exec_byte_code+941>, 0x58797c <exec_byte_code+988>,
0x589774 <exec_byte_code+8660>, 0x5897b3
<exec_byte_code+8723>,
0x5897db <exec_byte_code+8763>, 0x589803
<exec_byte_code+8803>,
0x589837 <exec_byte_code+8855>, 0x58986b
<exec_byte_code+8907>,
0x5882f2 <exec_byte_code+3410>, 0x5883c8
<exec_byte_code+3624>,
0x589a74 <exec_byte_code+9428>, 0x589aa8
<exec_byte_code+9480>,
0x5883fc <exec_byte_code+3676>, 0x588429
<exec_byte_code+3721>,
0x58797c <exec_byte_code+988>, 0x58866b <exec_byte_code+4299>,
0x587a05 <exec_byte_code+1125>, 0x587e2c
<exec_byte_code+2188>,
0x587c71 <exec_byte_code+1745>, 0x587b13
<exec_byte_code+1395>,
0x587d73 <exec_byte_code+2003>, 0x5885f7
<exec_byte_code+4183>,
0x58864a <exec_byte_code+4266>, 0x587fc9
<exec_byte_code+2601>,
0x58853c <exec_byte_code+3996>, 0x5884de
<exec_byte_code+3902>,
0x5886b7 <exec_byte_code+4375>, 0x5886e6
<exec_byte_code+4422>,
0x58884d <exec_byte_code+4781>, 0x588899
<exec_byte_code+4857>,
0x5888d1 <exec_byte_code+4913>, 0x588ae8
<exec_byte_code+5448>,
0x5884b1 <exec_byte_code+3857>, 0x588451
<exec_byte_code+3761>,
0x588489 <exec_byte_code+3817>, 0x589893
<exec_byte_code+8947>,
0x5898bb <exec_byte_code+8987>, 0x5898e3
<exec_byte_code+9027>,
0x58990b <exec_byte_code+9067>, 0x58993f
<exec_byte_code+9119>,
0x589973 <exec_byte_code+9171>, 0x5899a7
<exec_byte_code+9223>,
0x5899db <exec_byte_code+9275>, 0x588155
<exec_byte_code+2997>,
0x588189 <exec_byte_code+3049>, 0x5881bd
<exec_byte_code+3101>,
0x5881e5 <exec_byte_code+3141>, 0x588219
<exec_byte_code+3193>,
0x58824d <exec_byte_code+3245>, 0x588285
<exec_byte_code+3301>,
0x5882bd <exec_byte_code+3357>, 0x5893f1
<exec_byte_code+7761>,
0x589426 <exec_byte_code+7814>, 0x5880cf
<exec_byte_code+2863>,
0x58810d <exec_byte_code+2925>, 0x58797c <exec_byte_code+988>,
0x587a99 <exec_byte_code+1273>, 0x587d18
<exec_byte_code+1912>,
0x587b83 <exec_byte_code+1507>, 0x587c0e
<exec_byte_code+1646>,
0x58856b <exec_byte_code+4043>, 0x588dde
<exec_byte_code+6206>,
0x589077 <exec_byte_code+6871>, 0x5894e5
<exec_byte_code+8005>,
0x5889e2 <exec_byte_code+5186>, 0x588a1f
<exec_byte_code+5247>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588a70 <exec_byte_code+5328>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588ab8 <exec_byte_code+5400> <repeats 64 times>}
stack = {
pc = 0xac400c <pure+2669004>
"\210\320\f\b\"\210\321\f\322\"\210\323\f\b\"\210\n\204W",
byte_string = 9147665,
byte_string_start = 0xac3fd0 <pure+2668944>
"\306\b!\020\307\b!\031\310\b\236\032\311\033ʉ\034\035\v\312\036\026\211\036\027\203\060",
next = 0x7fffffffd120
}
result = 2
type = (unknown: 4294954768)
#5 0x000000000055318f in funcall_lambda (fun=9147605,
nargs=nargs <at> entry=1,
arg_vector=arg_vector <at> entry=0x7fffffffd0d0) at eval.c:3049
val = <optimized out>
syms_left = 12116274
lexenv = 12116274
i = <optimized out>
optional = <optimized out>
rest = <optimized out>
(More stack frames follow...)
Lisp Backtrace:
"Automatic GC" (0xb73088)
"x-setup-function-keys" (0xffffcf20)
"x-create-frame-with-faces" (0xffffd0d0)
"make-frame" (0xffffd200)
"let*" (0xffffd3f8)
"setq" (0xffffd4e8)
"stupider-speed-read" (0xffffd6c8)
"call-interactively" (0xffffd8d0)
"command-execute" (0xffffda40)
"execute-extended-command" (0xffffdba8)
"call-interactively" (0xffffde20)
"command-execute" (0xffffdf68)
bug-gnu-emacs <at> gnu.org:bug#18180; Package emacs.
(Mon, 04 Aug 2014 04:23:02 GMT) Full text and rfc822 format available.Message #11 received at 18180 <at> debbugs.gnu.org (full text, mbox):
From: Dmitry Antipov <dmantipov <at> yandex.ru> To: Mat Smiglarski <penthief <at> SDF.ORG> Cc: 18180 <at> debbugs.gnu.org Subject: Re: bug#18180: 24.3.92; Segfault in mark_object Date: Mon, 04 Aug 2014 08:22:45 +0400
On 08/03/2014 07:03 PM, Mat Smiglarski wrote:
> 2. Call some code which kills and creates a frame between 2 and 25 times.
This doesn't look specific and useful. Do you create frame(s) with
some non-default parameters? After making changes in frame-related
code, I usually do something like this:
(defun frame-test ()
(interactive)
(dotimes (i 10)
(let ((frame-list nil))
(dotimes (j 10)
(setq frame-list (cons (make-frame) frame-list)))
(mapcar #'delete-frame frame-list))))
Can you reproduce your crash with this?
Dmitry
bug-gnu-emacs <at> gnu.org:bug#18180; Package emacs.
(Mon, 04 Aug 2014 04:40:03 GMT) Full text and rfc822 format available.Message #14 received at 18180 <at> debbugs.gnu.org (full text, mbox):
From: Dmitry Antipov <dmantipov <at> yandex.ru> To: Mat Smiglarski <penthief <at> SDF.ORG> Cc: 18180 <at> debbugs.gnu.org Subject: Re: bug#18180: 24.3.92; Segfault in mark_object Date: Mon, 04 Aug 2014 08:39:45 +0400
On 08/03/2014 07:03 PM, Mat Smiglarski wrote: > $ emacs -Q [...skip...] > "stupider-speed-read" (0xffffd6c8) What's this? This doesn't look like a feature comes from standard Lisp code. I'm just curious how you get into this by running with -Q... Dmitry
bug-gnu-emacs <at> gnu.org:bug#18180; Package emacs.
(Mon, 04 Aug 2014 06:47:02 GMT) Full text and rfc822 format available.Message #17 received at 18180 <at> debbugs.gnu.org (full text, mbox):
From: Mat Smiglarski <penthief <at> SDF.ORG> To: Dmitry Antipov <dmantipov <at> yandex.ru> Cc: 18180 <at> debbugs.gnu.org Subject: Re: bug#18180: 24.3.92; Segfault in mark_object Date: Mon, 04 Aug 2014 07:46:32 +0100
On 2014-08-04 05:22, Dmitry Antipov wrote:
> On 08/03/2014 07:03 PM, Mat Smiglarski wrote:
>
>> 2. Call some code which kills and creates a frame between 2 and 25
>> times.
>
> This doesn't look specific and useful. Do you create frame(s) with
> some non-default parameters? After making changes in frame-related
> code, I usually do something like this:
>
> (defun frame-test ()
> (interactive)
> (dotimes (i 10)
> (let ((frame-list nil))
> (dotimes (j 10)
> (setq frame-list (cons (make-frame) frame-list)))
> (mapcar #'delete-frame frame-list))))
>
> Can you reproduce your crash with this?
No that works fine.
On 2014-08-04 05:39, Dmitry Antipov wrote:
> On 08/03/2014 07:03 PM, Mat Smiglarski wrote:
>
>> $ emacs -Q
>
> [...skip...]
>
>> "stupider-speed-read" (0xffffd6c8)
>
> What's this? This doesn't look like a feature comes from
> standard Lisp code. I'm just curious how you get into
> this by running with -Q...
That is the code being used as a stress test; the code that I call
between 2 and 25 times.
Perhaps you need to see the code, which has been slightly renamed. It
can be made shorter by removing the comments and some key mappings but
that doesn't seem very helpful.
1. Create stress-test.el with the following
(require 'cl)
(defvar stress-buffer-name "stress" "The name of the buffer created by
`stress'.")
(defvar pause-time 0.1)
(defvar stress-map
(let ((km (make-sparse-keymap)))
(define-key km (kbd "q") 'stress-quit)
(define-key km (kbd "SPC") 'stress-toggle-pause)
(define-key km (kbd "n") 'stress-tick)
km)
"Keymap for `stress-speed-read'.")
(defun stress-speed-read (source-buffer)
"Create and run a speed reading frame for `SOURCE-BUFFER'.
Words from BUFFER are displayed individually and progressed by an
adjustable timer."
(interactive "bCreate stress-speed-reader for source buffer: ")
(stress-quit) ; Ensure that it is starting from a clean state.
(setq min-pause-time 0.1)
(setq tokeniser "[^ \n]+")
(setq *source-buffer* (make-indirect-buffer source-buffer "source
buffer"))
(setq stress-frame
(let* ((width 200)
(left (- (/ (- (x-display-pixel-width) ; center frame
width) 2)
8)))
(make-frame `((height . 1)
(left . ,left)
(top . 100)
(mode-line-format . nil)
(cursor-type . nil)
(minibuffer . nil)
(left-margin . 0)
(left-fringe . 0)
(right-fringe . 0)
(tool-bar-lines . 0)
(menu-bar-lines . 0)
(line-spacing . 0)
(unsplittable . t)
(fill-column . 30)))))
(setq stress-buffer (get-buffer-create stress-buffer-name))
(with-current-buffer *source-buffer*
(goto-char (point-min))
(with-selected-frame stress-frame
(display-buffer stress-buffer '((display-buffer-same-window)))
(stress--do
(fundamental-mode)
(setq buffer-read-only t)
(use-local-map stress-map)
(set-frame-font (font-spec :size 50))))
(stress--start)))
(defmacro stress--do (&rest body)
"Do something in the speed reading frame."
`(with-selected-frame stress-frame
(with-current-buffer stress-buffer
,@body)))
(defun stress-running-p ()
"Is the speed reader running."
(and (get-buffer stress-buffer-name) t))
(defun stress-toggle-pause ()
"Pause or unpause."
(interactive)
(if (timerp resume-timer)
(stress--stop)
(stress--start)))
(defun stress--start ()
"Start, and then continue on a timer."
(stress-tick)
(stress--resume pause-time))
(defun stress--resume (delay)
"Iterate after a delay of `DELAY' seconds."
(if (> delay 0)
(setq resume-timer
(run-at-time
(format "%2f seconds" delay)
nil #'stress-tick))
(stress-quit)))
(defun stress--stop ()
"Stop. Well more of a pause than a stop, really."
(when (and (boundp 'resume-timer) (timerp resume-timer))
(cancel-timer resume-timer)
(setq resume-timer nil)))
(defun stress-quit ()
"Quit the speed reader."
(interactive)
(stress--stop)
(when (and (boundp 'stress-buffer)
(buffer-live-p stress-buffer))
(kill-buffer stress-buffer)
(setq stress-buffer nil))
(when (buffer-live-p (get-buffer "source buffer"))
(kill-buffer "source buffer")
(setq *source-buffer* nil))
(when (and (boundp 'stress-frame)
(frame-live-p stress-frame))
(delete-frame stress-frame)
(setq stress-frame nil)))
(defun stress-tick ()
"Progress the reading.
This function handles being called either during manual or automatic
iteration,
whether paused or not."
(interactive)
(let ((was-running-p (and (boundp 'resume-timer) (timerp
resume-timer)))
(s (with-current-buffer *source-buffer*
(and (search-forward-regexp tokeniser nil t)
(match-string-no-properties 0)))))
(stress--stop) ; ensure stopped
(if s
(let ((center (max (/ (length s) 2) 1)))
(stress--do
(setq buffer-read-only nil)
(put-text-property 0 (length s) 'face '(foreground-color .
"DeepSkyBlue") s)
(put-text-property (- center 1) center 'face
'(foreground-color . "tomato") s)
(goto-char (point-min))
(loop repeat
(max (- (/ 30 2) center) 0)
do (insert " "))
(insert s)
(delete-region (point) (point-max))
(setq buffer-read-only t)
(when was-running-p
(stress--resume (* (stress--punctuation-weighting s)
pause-time)))))
(stress-quit))))
(defun stress--punctuation-weighting (str)
"Returns the punctuation delay modifier for `STR', where 0 is a
request to stop."
(if str
(case (last (car (last (string-to-list str))))
(?, 1.4)
(?\; 1.6)
(?. 2)
(?\: 2.2)
(t 1))
0))
(defun stress--log ()
"User feedback."
(message (format "Pause-time: %.2f" pause-time)))
2. Start emacs
$ emacs -Q -l stress-test.el
3. Setup a macro
C-x ( M-x stress-speed-read RET C-x )
4. Delete and restart the frame and time 20 times, although 4 or 5 times
is usually enough on this laptop.
Note that q is bound in the code above.
q C-x e q C-x e q C-x e q C-x e q C-x e q C-x e q C-x e q C-x e q C-x e
q C-x e
q C-x e q C-x e q C-x e q C-x e q C-x e q C-x e q C-x e q C-x e q C-x e
q C-x e
5. See it crash.
Program received signal SIGSEGV, Segmentation fault.
0x00000000005b9d1a in mark_object (arg=140737253503599) at alloc.c:6318
6318 FLOAT_MARK (XFLOAT (obj));
I have not been able to reproduce this by automating the calls to
stress-speed-read.
Increasing stress-pause-time makes the crash more difficult to
reproduce.
Isolating the make-frame call, and running that 20 times does not cause
the crash.
Regards,
Mat
bug-gnu-emacs <at> gnu.org:bug#18180; Package emacs.
(Mon, 04 Aug 2014 09:17:02 GMT) Full text and rfc822 format available.Message #20 received at 18180 <at> debbugs.gnu.org (full text, mbox):
From: Dmitry Antipov <dmantipov <at> yandex.ru> To: Mat Smiglarski <penthief <at> SDF.ORG> Cc: 18180 <at> debbugs.gnu.org Subject: Re: bug#18180: 24.3.92; Segfault in mark_object Date: Mon, 04 Aug 2014 13:15:32 +0400
On 08/04/2014 10:46 AM, Mat Smiglarski wrote: > I have not been able to reproduce this by automating the calls to stress-speed-read. Reproduced with (dotimes (i 100) (stress-speed-read (current-buffer)))). Ugh, it seems that we never initialize undo-list of indirect buffer. You can use this trivial fix just to avoid crash: === modified file 'src/buffer.c' --- src/buffer.c 2014-07-27 13:21:30 +0000 +++ src/buffer.c 2014-08-04 09:06:08 +0000 @@ -825,6 +825,7 @@ name = Fcopy_sequence (name); set_string_intervals (name, NULL); bset_name (b, name); + bset_undo_list (b, BVAR (b->base_buffer, undo_list)); reset_buffer (b); reset_buffer_local_variables (b, 1); But this bug raises an interesting question: should an indirect buffer's undo list be always the same as the one of its base buffer? Dmitry
bug-gnu-emacs <at> gnu.org:bug#18180; Package emacs.
(Wed, 06 Aug 2014 17:30:03 GMT) Full text and rfc822 format available.Message #23 received at 18180 <at> debbugs.gnu.org (full text, mbox):
From: Stefan Monnier <monnier <at> iro.umontreal.ca> To: Dmitry Antipov <dmantipov <at> yandex.ru> Cc: Mat Smiglarski <penthief <at> SDF.ORG>, 18180 <at> debbugs.gnu.org Subject: Re: bug#18180: 24.3.92; Segfault in mark_object Date: Wed, 06 Aug 2014 13:29:05 -0400
> But this bug raises an interesting question: should an indirect
> buffer's undo list be always the same as the one of its base buffer?
Very much so, yes!
Stefan
Glenn Morris <rgm <at> gnu.org>
to control <at> debbugs.gnu.org.
(Tue, 12 Aug 2014 05:43:01 GMT) Full text and rfc822 format available.Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Tue, 09 Sep 2014 11:24:06 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.