Package: emacs;
Reported by: Mat Smiglarski <penthief <at> SDF.ORG>
Date: Sun, 3 Aug 2014 15:05:02 UTC
Severity: normal
Found in version 24.3.92
Fixed in version 24.3.93
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Mat Smiglarski <penthief <at> SDF.ORG> To: bug-gnu-emacs <at> gnu.org Subject: 24.3.92; Segfault in mark_object Date: Sun, 03 Aug 2014 16:03:09 +0100
[Message part 1 (text/plain, inline)]
This is a segfault during GC, in mark_object.
1. Start emacs
$ emacs -Q
2. Call some code which kills and creates a frame between 2 and 25
times.
This segfault is reasonably straightforward to reproduce, I can cause
the crash within 2 minutes of starting emacs.
On the emacs-24 branch, this seems to occur in mark_object. The issue is
also found on the trunk branch so I have supplied details of this also,
however the backtrace is slightly different.
The issue may relate to bugs #15583 and #17168.
Finally, I have a core dumps which I don't mind sharing for both of
these crashes which are ~350MB each, please ask.
Regards,
Mat
System Info:
In GNU Emacs 24.3.92.3 (x86_64-unknown-linux-gnu, GTK+ Version 3.10.8)
of 2014-08-03 on zz
Windowing system distributor `The X.Org Foundation', version
11.0.11501000
System Description: Ubuntu 14.04 LTS
Important settings:
value of $LC_CTYPE: en_US.UTF-8
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: @im=ibus
locale-coding-system: utf-8-unix
Details of the two segfaults:
Crash on emacs-24 branch
(gdb) p Fsymbol_value(intern("emacs-bzr-version"))
$3 = 12112050
Attachment: backtrace.6212 (Output from bt full)
Crash on trunk:
(gdb) p Fsymbol_value(intern("emacs-bzr-version"))
$1 = 12341426
Attachment: backtrace.6069
2 shorter backtraces follow:
6212 - (gdb) bt full 6
#0 mark_object (arg=<optimized out>) at alloc.c:6248
obj = 139640014399843
cdr_count = 0
#1 0x000000000053b8a0 in Fgarbage_collect () at alloc.c:5647
nextb = 0x19a2c10
stack_top_variable = 0 '\000'
i = <optimized out>
message_p = false
retval = <optimized out>
tot_before = 0
#2 0x00000000005534d2 in maybe_gc () at lisp.h:4564
No locals.
#3 Ffuncall (nargs=5, args=0x7fffffffc738) at eval.c:2766
fun = <optimized out>
original_fun = <optimized out>
numargs = 4
val = <optimized out>
internal_args = <optimized out>
i = <optimized out>
#4 0x00000000005878e5 in exec_byte_code (bytestr=3, vector=2866666,
maxdepth=182,
args_template=12112050, nargs=140737488340816, args=0x5) at
bytecode.c:916
targets = {0x58797c <exec_byte_code+988>, 0x58813f
<exec_byte_code+2975>,
0x588144 <exec_byte_code+2980>, 0x588149
<exec_byte_code+2985>,
0x587772 <exec_byte_code+466>, 0x587778 <exec_byte_code+472>,
0x588919 <exec_byte_code+4985>, 0x588956
<exec_byte_code+5046>,
0x5889d8 <exec_byte_code+5176>, 0x5889dd
<exec_byte_code+5181>,
0x5889a7 <exec_byte_code+5127>, 0x5889ac
<exec_byte_code+5132>,
0x5877a9 <exec_byte_code+521>, 0x5877b0 <exec_byte_code+528>,
0x587e17 <exec_byte_code+2167>, 0x5889b1
<exec_byte_code+5137>,
0x587f83 <exec_byte_code+2531>, 0x587f88
<exec_byte_code+2536>,
0x588005 <exec_byte_code+2661>, 0x58800a
<exec_byte_code+2666>,
0x587815 <exec_byte_code+629>, 0x587818 <exec_byte_code+632>,
0x587fb4 <exec_byte_code+2580>, 0x587f8d
<exec_byte_code+2541>,
0x588036 <exec_byte_code+2710>, 0x58803b
<exec_byte_code+2715>,
0x588040 <exec_byte_code+2720>, 0x588045
<exec_byte_code+2725>,
0x587881 <exec_byte_code+737>, 0x587888 <exec_byte_code+744>,
0x587ff0 <exec_byte_code+2640>, 0x58800f
<exec_byte_code+2671>,
0x588091 <exec_byte_code+2801>, 0x588096
<exec_byte_code+2806>,
0x58809b <exec_byte_code+2811>, 0x5880a5
<exec_byte_code+2821>,
0x5878c3 <exec_byte_code+803>, 0x5878c8 <exec_byte_code+808>,
0x588055 <exec_byte_code+2741>, 0x58806a
<exec_byte_code+2762>,
0x5879f2 <exec_byte_code+1106>, 0x5879f7
<exec_byte_code+1111>,
0x5879fc <exec_byte_code+1116>, 0x5880ca
<exec_byte_code+2858>,
0x587905 <exec_byte_code+869>, 0x587908 <exec_byte_code+872>,
0x5880b5 <exec_byte_code+2837>, 0x5879cb
<exec_byte_code+1067>,
0x58881e <exec_byte_code+4734>, 0x588813
<exec_byte_code+4723>,
0x58871f <exec_byte_code+4479>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588b3e <exec_byte_code+5534>, 0x588bcc
<exec_byte_code+5676>,
0x588c03 <exec_byte_code+5731>, 0x588c3a
<exec_byte_code+5786>,
0x588c71 <exec_byte_code+5841>, 0x587eda
<exec_byte_code+2362>,
0x587f14 <exec_byte_code+2420>, 0x588cb2
<exec_byte_code+5906>,
0x587e9f <exec_byte_code+2303>, 0x587f48
<exec_byte_code+2472>,
0x588ce4 <exec_byte_code+5956>, 0x588d18
<exec_byte_code+6008>,
0x588d40 <exec_byte_code+6048>, 0x588d74
<exec_byte_code+6100>,
0x588da9 <exec_byte_code+6153>, 0x588e20
<exec_byte_code+6272>,
0x588e48 <exec_byte_code+6312>, 0x588e7c
<exec_byte_code+6364>,
0x588eb4 <exec_byte_code+6420>, 0x588edc
<exec_byte_code+6460>,
0x588f04 <exec_byte_code+6500>, 0x588f38
<exec_byte_code+6552>,
0x588f6c <exec_byte_code+6604>, 0x588fa0
<exec_byte_code+6656>,
0x588fd8 <exec_byte_code+6712>, 0x58900d
<exec_byte_code+6765>,
0x589042 <exec_byte_code+6818>, 0x5890b9
<exec_byte_code+6937>,
0x5890f2 <exec_byte_code+6994>, 0x58912b
<exec_byte_code+7051>,
0x589244 <exec_byte_code+7332>, 0x5891d2
<exec_byte_code+7218>,
0x58920b <exec_byte_code+7275>, 0x58927d
<exec_byte_code+7389>,
0x5892b6 <exec_byte_code+7446>, 0x5892eb
<exec_byte_code+7499>,
0x58931d <exec_byte_code+7549>, 0x589352
<exec_byte_code+7602>,
0x589387 <exec_byte_code+7655>, 0x5893bc
<exec_byte_code+7708>,
0x58945a <exec_byte_code+7866>, 0x58794d <exec_byte_code+941>,
0x589490 <exec_byte_code+7920>, 0x5894b8
<exec_byte_code+7960>,
0x589527 <exec_byte_code+8071>, 0x58955d
<exec_byte_code+8125>,
0x589593 <exec_byte_code+8179>, 0x5895bb
<exec_byte_code+8219>,
0x5895e5 <exec_byte_code+8261>, 0x58960f
<exec_byte_code+8303>,
0x58963c <exec_byte_code+8348>, 0x58797c <exec_byte_code+988>,
0x58966b <exec_byte_code+8395>, 0x589698
<exec_byte_code+8440>,
0x5896c5 <exec_byte_code+8485>, 0x5896f2
<exec_byte_code+8530>,
0x58971f <exec_byte_code+8575>, 0x58974c
<exec_byte_code+8620>,
0x58794d <exec_byte_code+941>, 0x58797c <exec_byte_code+988>,
0x589774 <exec_byte_code+8660>, 0x5897b3
<exec_byte_code+8723>,
0x5897db <exec_byte_code+8763>, 0x589803
<exec_byte_code+8803>,
0x589837 <exec_byte_code+8855>, 0x58986b
<exec_byte_code+8907>,
0x5882f2 <exec_byte_code+3410>, 0x5883c8
<exec_byte_code+3624>,
0x589a74 <exec_byte_code+9428>, 0x589aa8
<exec_byte_code+9480>,
0x5883fc <exec_byte_code+3676>, 0x588429
<exec_byte_code+3721>,
0x58797c <exec_byte_code+988>, 0x58866b <exec_byte_code+4299>,
0x587a05 <exec_byte_code+1125>, 0x587e2c
<exec_byte_code+2188>,
0x587c71 <exec_byte_code+1745>, 0x587b13
<exec_byte_code+1395>,
0x587d73 <exec_byte_code+2003>, 0x5885f7
<exec_byte_code+4183>,
0x58864a <exec_byte_code+4266>, 0x587fc9
<exec_byte_code+2601>,
0x58853c <exec_byte_code+3996>, 0x5884de
<exec_byte_code+3902>,
0x5886b7 <exec_byte_code+4375>, 0x5886e6
<exec_byte_code+4422>,
0x58884d <exec_byte_code+4781>, 0x588899
<exec_byte_code+4857>,
0x5888d1 <exec_byte_code+4913>, 0x588ae8
<exec_byte_code+5448>,
0x5884b1 <exec_byte_code+3857>, 0x588451
<exec_byte_code+3761>,
0x588489 <exec_byte_code+3817>, 0x589893
<exec_byte_code+8947>,
0x5898bb <exec_byte_code+8987>, 0x5898e3
<exec_byte_code+9027>,
0x58990b <exec_byte_code+9067>, 0x58993f
<exec_byte_code+9119>,
0x589973 <exec_byte_code+9171>, 0x5899a7
<exec_byte_code+9223>,
0x5899db <exec_byte_code+9275>, 0x588155
<exec_byte_code+2997>,
0x588189 <exec_byte_code+3049>, 0x5881bd
<exec_byte_code+3101>,
0x5881e5 <exec_byte_code+3141>, 0x588219
<exec_byte_code+3193>,
0x58824d <exec_byte_code+3245>, 0x588285
<exec_byte_code+3301>,
0x5882bd <exec_byte_code+3357>, 0x5893f1
<exec_byte_code+7761>,
0x589426 <exec_byte_code+7814>, 0x5880cf
<exec_byte_code+2863>,
0x58810d <exec_byte_code+2925>, 0x58797c <exec_byte_code+988>,
0x587a99 <exec_byte_code+1273>, 0x587d18
<exec_byte_code+1912>,
0x587b83 <exec_byte_code+1507>, 0x587c0e
<exec_byte_code+1646>,
0x58856b <exec_byte_code+4043>, 0x588dde
<exec_byte_code+6206>,
0x589077 <exec_byte_code+6871>, 0x5894e5
<exec_byte_code+8005>,
0x5889e2 <exec_byte_code+5186>, 0x588a1f
<exec_byte_code+5247>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588a70 <exec_byte_code+5328>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x58797c <exec_byte_code+988>, 0x58797c <exec_byte_code+988>,
0x588ab8 <exec_byte_code+5400> <repeats 64 times>}
stack = {
pc = 0xac48b8 <pure+2671224> "\207",
byte_string = 9140745,
byte_string_start = 0xac486b <pure+2671147>
"\303\304\b\t\b\305=\203E",
next = 0x7fffffffc9e0
}
result = 3
type = (unknown: 4294952784)
#5 0x000000000055318f in funcall_lambda (fun=9140701,
nargs=nargs <at> entry=2,
arg_vector=arg_vector <at> entry=0x7fffffffc990) at eval.c:3049
val = <optimized out>
syms_left = 12112050
lexenv = 12112050
i = <optimized out>
optional = <optimized out>
rest = <optimized out>
(More stack frames follow...)
Lisp Backtrace:
"Automatic GC" (0xb73088)
"apply" (0xffffc740)
"face-spec-reset-face" (0xffffc990)
"face-spec-recalc" (0xffffcb40)
"byte-code" (0xffffcc30)
"face-set-after-frame-default" (0xffffcf20)
"x-create-frame-with-faces" (0xffffd0d0)
"make-frame" (0xffffd200)
"let*" (0xffffd3f8)
"setq" (0xffffd4e8)
"stupider-speed-read" (0xffffd6c8)
"call-interactively" (0xffffd8d0)
"command-execute" (0xffffda40)
"execute-extended-command" (0xffffdba8)
"call-interactively" (0xffffde20)
"command-execute" (0xffffdf68)
6069 - (gdb) bt full 6
**** bt full 6
#0 XCAR (c=3255377271362580334) at lisp.h:1052
No locals.
#1 compact_undo_list (list=3255377271362580334) at alloc.c:5506
tail = 3255377271362580334
prev = 0x7fffffffb678
#2 garbage_collect_1 (end=0x7fffffffb668) at alloc.c:5675
nextb = 0x194b800
i = <optimized out>
retval = <optimized out>
stack_top_variable = 0 '\000'
message_p = false
tot_before = 0
#3 Fgarbage_collect () at alloc.c:5896
end = 0x7fffffffb668
#4 0x0000000000558ee2 in maybe_gc () at lisp.h:4547
No locals.
#5 Ffuncall (nargs=2, args=0x7fffffffb7f8) at eval.c:2759
fun = <optimized out>
original_fun = <optimized out>
numargs = 1
val = <optimized out>
internal_args = <optimized out>
i = <optimized out>
(More stack frames follow...)
Lisp Backtrace:
"Automatic GC" (0xbaa970)
"purecopy" (0xffffb800)
"set-face-attribute" (0xffffb9b8)
"apply" (0xffffbbc0)
"face-spec-reset-face" (0xffffbe10)
"face-spec-recalc" (0xffffbfc0)
"byte-code" (0xffffc0b0)
"face-set-after-frame-default" (0xffffc3a0)
"x-create-frame-with-faces" (0xffffc550)
"make-frame" (0xffffc680)
"let*" (0xffffc878)
"setq" (0xffffc968)
"stupider-speed-read" (0xffffcbf0)
"funcall-interactively" (0xffffcbe8)
"call-interactively" (0xffffce20)
"command-execute" (0xffffcf90)
"execute-extended-command" (0xffffd190)
"funcall-interactively" (0xffffd188)
"call-interactively" (0xffffd3f0)
"command-execute" (0xffffd538)
"call-last-kbd-macro" (0xffffd780)
"kmacro-call-macro" (0xffffd970)
"kmacro-end-and-call-macro" (0xffffdc00)
"funcall-interactively" (0xffffdbf8)
"call-interactively" (0xffffde00)
"command-execute" (0xffffdf48)
[backtrace.6212 (text/x-asm, attachment)]
[backtrace.6069 (text/x-asm, attachment)]
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.