From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 08 06:21:53 2016 Received: (at submit) by debbugs.gnu.org; 8 Jun 2016 10:21:53 +0000 Received: from localhost ([127.0.0.1]:59832 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAacS-0001Lc-UF for submit@debbugs.gnu.org; Wed, 08 Jun 2016 06:21:53 -0400 Received: from eggs.gnu.org ([208.118.235.92]:55011) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAacQ-0001LN-Cq for submit@debbugs.gnu.org; Wed, 08 Jun 2016 06:21:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bAacI-0000aC-RH for submit@debbugs.gnu.org; Wed, 08 Jun 2016 06:21:45 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:37850) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAacI-0000Zz-Ni for submit@debbugs.gnu.org; Wed, 08 Jun 2016 06:21:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45937) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAacF-0000TX-8d for bug-gnu-emacs@gnu.org; Wed, 08 Jun 2016 06:21:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bAacA-0000Yv-Sh for bug-gnu-emacs@gnu.org; Wed, 08 Jun 2016 06:21:38 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40975) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAacA-0000YZ-KN for bug-gnu-emacs@gnu.org; Wed, 08 Jun 2016 06:21:34 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9474612B29 for ; Wed, 8 Jun 2016 10:21:33 +0000 (UTC) Received: from jsynacek-ntb.brq.redhat.com (dhcp-24-131.brq.redhat.com [10.34.24.131]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u58ALVio021235 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 8 Jun 2016 06:21:32 -0400 From: jsynacek@redhat.com (Jan =?utf-8?B?U3luw6HEjWVr?=) To: bug-gnu-emacs@gnu.org Subject: 25.0.94; emacs 25.0.94 crashes Date: Wed, 08 Jun 2016 12:21:30 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 08 Jun 2016 10:21:33 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) Emacs 25.0.94 crashes on the current (Jun 8) Fedora Rawhide. The crash is reproducible with vanilla upstream sources. gcc-6.1.1-2.fc25.x86_64 glibc-2.23.90-19.fc25.x86_64 Steps to reproduce: 1) configure --with-x=3Dno 2) make; make install 3) emacs (or emacs -Q) Note that the crash doesn't always happen. I suspect something fishy going on with emacs' memory management, as can be seen from the following. Valgrind output: =3D=3D1274=3D=3D Memcheck, a memory error detector =3D=3D1274=3D=3D Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward e= t al. =3D=3D1274=3D=3D Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyri= ght info =3D=3D1274=3D=3D Command: /usr/bin/emacs-nox =3D=3D1274=3D=3D=20 =3D=3D1274=3D=3D Invalid free() / delete / delete[] / realloc() =3D=3D1274=3D=3D at 0x4C2FC47: realloc (vg_replace_malloc.c:785) =3D=3D1274=3D=3D by 0x5628E0: lrealloc (alloc.c:1427) =3D=3D1274=3D=3D by 0x561FCC: xrealloc (alloc.c:856) =3D=3D1274=3D=3D by 0x5622CB: xpalloc (alloc.c:978) =3D=3D1274=3D=3D by 0x40D34E: realloc_glyph_pool (dispnew.c:1344) =3D=3D1274=3D=3D by 0x40E04D: adjust_frame_glyphs_for_frame_redisplay (d= ispnew.c:2006) =3D=3D1274=3D=3D by 0x40D87B: adjust_frame_glyphs (dispnew.c:1791) =3D=3D1274=3D=3D by 0x418A89: adjust_frame_size (frame.c:587) =3D=3D1274=3D=3D by 0x4161EE: change_frame_size_1 (dispnew.c:5513) =3D=3D1274=3D=3D by 0x416244: change_frame_size (dispnew.c:5545) =3D=3D1274=3D=3D by 0x4172FD: init_display (dispnew.c:6083) =3D=3D1274=3D=3D by 0x4E76AA: main (emacs.c:1549) =3D=3D1274=3D=3D Address 0xc1b020 is in a rw- mapped file /usr/bin/emacs-2= 5.0.94-nox segment =3D=3D1274=3D=3D=20 emacs: Memory exhausted--use M-x save-some-buffers then exit and restart Em= acs =3D=3D1274=3D=3D=20 =3D=3D1274=3D=3D HEAP SUMMARY: =3D=3D1274=3D=3D in use at exit: 124,222 bytes in 729 blocks =3D=3D1274=3D=3D total heap usage: 1,452 allocs, 723 frees, 678,431 bytes= allocated =3D=3D1274=3D=3D=20 =3D=3D1274=3D=3D LEAK SUMMARY: =3D=3D1274=3D=3D definitely lost: 0 bytes in 0 blocks =3D=3D1274=3D=3D indirectly lost: 0 bytes in 0 blocks =3D=3D1274=3D=3D possibly lost: 0 bytes in 0 blocks =3D=3D1274=3D=3D still reachable: 124,222 bytes in 729 blocks =3D=3D1274=3D=3D suppressed: 0 bytes in 0 blocks =3D=3D1274=3D=3D Rerun with --leak-check=3Dfull to see details of leaked me= mory =3D=3D1274=3D=3D=20 =3D=3D1274=3D=3D For counts of detected and suppressed errors, rerun with: = -v =3D=3D1274=3D=3D ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 fro= m 0) GDB full backtrace: Starting program: /usr/bin/emacs-nox=20 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGABRT, Aborted. 0x00007ffff58378d5 in __GI_raise (sig=3Dsig@entry=3D6) at ../sysdeps/unix/s= ysv/linux/raise.c:54 54 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); Missing separate debuginfos, use: dnf debuginfo-install alsa-lib-1.1.1-1.fc= 25.x86_64 dbus-libs-1.11.2-1.fc25.x86_64 gmp-6.1.0-3.fc25.x86_64 gnutls-3.4= .12-1.fc25.x86_64 gpm-libs-1.20.7-9.fc24.x86_64 libacl-2.2.52-11.fc24.x86_6= 4 libattr-2.4.47-16.fc24.x86_64 libcap-2.25-2.fc25.x86_64 libffi-3.1-9.fc24= .x86_64 libgcc-6.1.1-2.fc25.x86_64 libgcrypt-1.6.4-2.fc24.x86_64 libgpg-err= or-1.21-3.fc25.x86_64 libidn-1.32-2.fc24.x86_64 libjpeg-turbo-1.4.90-1.fc25= .x86_64 libselinux-2.5-6.fc25.x86_64 libtasn1-4.8-1.fc25.x86_64 libxml2-2.9= .3-3.fc24.x86_64 lz4-r131-2.fc24.x86_64 ncurses-libs-6.0-5.20160116.fc25.x8= 6_64 nettle-3.2-2.fc24.x86_64 p11-kit-0.23.2-2.fc24.x86_64 pcre-8.39-0.1.RC= 1.fc25.x86_64 systemd-libs-230-2.fc25.x86_64 xz-libs-5.2.2-2.fc24.x86_64 zl= ib-1.2.8-10.fc24.x86_64 #0 0x00007ffff58378d5 in __GI_raise (sig=3Dsig@entry=3D6) at ../sysdeps/un= ix/sysv/linux/raise.c:54 resultvar =3D 0 pid =3D 1204 selftid =3D 1204 #1 0x00007ffff58394da in __GI_abort () at abort.c:89 save_stage =3D 2 act =3D {__sigaction_handler =3D {sa_handler =3D 0x0, sa_sigaction = =3D 0x0}, sa_mask =3D {__val =3D {0, 10, 4160432, 140737488341312, 6096828,= 140737488341744, 3, 3086, 30, 114, 140737488340512,=20 21627284, 16, 21627281, 15, 14}}, sa_flags =3D -11336, sa_res= torer =3D 0x0} sigs =3D {__val =3D {32, 0 }} #2 0x00000000005605b8 in re_match_2_internal (bufp=3D0xba9f18 , string1=3D0x0, size1=3D0, string2=3D0x14a30e0 "/root/scratch/.", siz= e2=3D15, pos=3D14, regs=3D0x0, stop=3D15) at ../../src/regex.c:6223 mcnt =3D 3 reg =3D 1 end1 =3D 0x0 end2 =3D 0x14a30ef "" end_match_1 =3D 0x0 end_match_2 =3D 0x14a30ef "" d =3D 0x14a30ef "" dend =3D 0x14a30ef "" dfail =3D 0x14a30ee "." p =3D 0x14a0194 "\n;\002\001z\r#" pend =3D 0x14a024b "" translate =3D 2 multibyte =3D 0 '\000' target_multibyte =3D 1 '\001' fail_stack =3D {stack =3D 0x7fffffffc620, size =3D 20, avail =3D 6,= frame =3D 6} num_regs =3D 1 regstart =3D 0x0 regend =3D 0x0 best_regs_set =3D 0 best_regstart =3D 0x0 best_regend =3D 0x0 match_end =3D 0x0 sa_avail =3D 13184 sa_count =3D 5 sa_must_free =3D false #3 0x0000000000559504 in re_search_2 (bufp=3D0xba9f18 , s= tr1=3D0x0, size1=3D0, str2=3D0x14a30e0 "/root/scratch/.", size2=3D15, start= pos=3D14, range=3D1, regs=3D0x0, stop=3D15) at ../../src/regex.c:4446 val =3D 39840 string1 =3D 0x0 string2 =3D 0x14a30e0 "/root/scratch/." fastmap =3D 0xba9f58 "" translate =3D 2 total_size =3D 15 endpos =3D 15 anchored_start =3D 0 '\000' multibyte =3D 1 '\001' #4 0x0000000000558b0b in re_search (bufp=3D0xba9f18 , str= ing=3D0x14a30e0 "/root/scratch/.", size=3D15, startpos=3D0, range=3D15, reg= s=3D0x0) at ../../src/regex.c:4228 No locals. #5 0x00000000005453d8 in fast_string_match_internal (regexp=3D9839060, str= ing=3D20554964, table=3D0) at ../../src/search.c:476 val =3D 140737488345072 bufp =3D 0xba9f18 #6 0x00000000004e3be7 in fast_string_match (regexp=3D9839060, string=3D205= 54964) at ../../src/lisp.h:4008 No locals. #7 0x000000000052bc85 in Ffind_file_name_handler (filename=3D20554964, ope= ration=3D17376) at ../../src/fileio.c:292 string =3D 9839060 match_pos =3D 17376 handler =3D 4750192 operations =3D 16881011 elt =3D 16880035 chain =3D 16880019 inhibited_handlers =3D 0 result =3D 0 pos =3D -1 #8 0x000000000052c865 in Fexpand_file_name (name=3D20554964, default_direc= tory=3D0) at ../../src/fileio.c:809 nm =3D 0xba9ae0 "\260\367I\001" nmlim =3D 0x589b6f "H\211\302H\213E\370= H\211\220\b\001" newdir =3D 0x7fffffffd910 "" newdirlim =3D 0xe target =3D 0x100bd4ff0 tlen =3D 5806737 pw =3D 0x9ba0 length =3D 14 nbytes =3D 20554992 handler =3D 5119553 result =3D 0 handled_name =3D 11820231 multibyte =3D false hdir =3D 21611136 sa_avail =3D 16384 sa_count =3D 5 sa_must_free =3D false #9 0x00000000005899a8 in internal_condition_case_2 (bfun=3D0x52c7f3 , arg1=3D20554964, arg2=3D0, handlers=3D39840, hfun=3D0x590563= ) at ../../src/eval.c:1360 val =3D 5119553 c =3D 0x149c280 #10 0x000000000053a47d in Ffile_attributes (filename=3D20554964, id_format= =3D0) at ../../src/dired.c:902 encoded =3D 5121337 handler =3D 8840264 #11 0x000000000058cd30 in Ffuncall (nargs=3D2, args=3D0x7fffffffdb10) at ..= /../src/eval.c:2696 internal_argbuf =3D {20554964, 0, 12406768, 1785210630162692608, 0,= 0, 10035109, 50} fun =3D 8840269 original_fun =3D 18192 funcar =3D 0 numargs =3D 1 lisp_numargs =3D 6 val =3D 1 internal_args =3D 0x7fffffffda90 count =3D 4 #12 0x00000000005d13d7 in exec_byte_code (bytestr=3D10035076, vector=3D1003= 5109, maxdepth=3D50, args_template=3D2, nargs=3D0, args=3D0x7fffffffdfc0) a= t ../../src/bytecode.c:880 targets =3D {0x5d52bb , 0x5d531a , 0x5d531c , 0x5d531e , 0x5d5320 ,=20 0x5d5320 , 0x5d5391 ,= 0x5d540c , 0x5d0b86 , 0x5d0b88 = ,=20 0x5d0b8a , 0x5d0b8c , 0= x5d0b8e , 0x5d0b8e , 0x5d0b97 ,=20 0x5d0b4f , 0x5d1097 , 0= x5d1099 , 0x5d109b , 0x5d109d ,=20 0x5d109f , 0x5d109f , 0= x5d10dd , 0x5d10a8 , 0x5d12c2 ,=20 0x5d12c4 , 0x5d12c6 , 0= x5d12c8 , 0x5d12ca , 0x5d12ca ,=20 0x5d1273 , 0x5d128d , 0= x5d1395 , 0x5d1397 , 0x5d1399 ,=20 0x5d139b , 0x5d139d , 0= x5d139d , 0x5d1346 , 0x5d1360 ,=20 0x5d146b , 0x5d146d , 0= x5d146f , 0x5d1471 , 0x5d1473 ,=20 0x5d1473 , 0x5d141c , 0= x5d1436 , 0x5d254f , 0x5d23d7 ,=20 0x5d23cb , 0x5d52bb , = 0x5d52bb , 0x5d52bb , 0x5d52bb = ,=20 0x5d52bb , 0x5d27dd , = 0x5d28e5 , 0x5d2954 , 0x5d29c4 ,=20 0x5d2a38 , 0x5d0ecf , 0= x5d0f5c , 0x5d2ac1 , 0x5d0e12 ,=20 0x5d0fd9 , 0x5d2b38 , 0= x5d2bb5 , 0x5d2c0c , 0x5d2c89 ,=20 0x5d2cea , 0x5d2de2 , 0= x5d2e39 , 0x5d2eb6 , 0x5d2f56 <= exec_byte_code+10361>,=20 0x5d2fad , 0x5d3004 ,= 0x5d3081 , 0x5d30fe , 0x5d317b= ,=20 0x5d321b , 0x5d327c ,= 0x5d32dd , 0x5d33d5 , 0x5d347a= ,=20 0x5d351f , 0x5d37ae ,= 0x5d3830 , 0x5d38b2 , 0x5d3934= ,=20 0x5d39b6 , 0x5d3a17 ,= 0x5d3ac0 , 0x5d3b21 , 0x5d3b82= ,=20 0x5d3be3 , 0x5d3d22 ,= 0x5d2218 , 0x5d3d90 , 0x5d3de7 = ,=20 0x5d3ed7 , 0x5d3f45 ,= 0x5d3fb3 , 0x5d400a , 0x5d4067= ,=20 0x5d40c4 , 0x5d4129 ,= 0x5d52bb , 0x5d4190 , 0x5d41e2= ,=20 0x5d4234 , 0x5d4286 ,= 0x5d42d8 , 0x5d432a , 0x5d2218= ,=20 0x5d52bb , 0x5d4381 ,= 0x5d43e2 , 0x5d4439 , 0x5d4490= ,=20 0x5d450d , 0x5d458a ,= 0x5d45e1 , 0x5d46ec , 0x5d4769= ,=20 0x5d47e6 , 0x5d4863 ,= 0x5d48b5 , 0x5d52bb , 0x5d2131= ,=20 0x5d1537 , 0x5d0caa , 0= x5d166c , 0x5d17d4 , 0x5d1930 ,=20 0x5d20ae , 0x5d20f1 , 0= x5d1211 , 0x5d21c9 , 0x5d2255 ,=20 0x5d22f8 , 0x5d2347 , 0= x5d2599 , 0x5d2630 , 0x5d26d0 ,=20 0x5d2745 , 0x5d14e0 , 0= x5d490c , 0x5d49ac , 0x5d4a03 <= exec_byte_code+17190>,=20 0x5d4a5a , 0x5d4ab1 ,= 0x5d4b08 , 0x5d4b85 , 0x5d4c02= ,=20 0x5d4c7f , 0x5d4cfc ,= 0x5d4e61 , 0x5d4ede , 0x5d4f5b= ,=20 0x5d4fb2 , 0x5d502f ,= 0x5d50ac , 0x5d5111 , 0x5d5176= ,=20 0x5d3c44 , 0x5d3ca5 ,= 0x5d51d7 , 0x5d524b , 0x5d52bb= ,=20 0x5d1a8c , 0x5d1b94 , 0= x5d1cdb , 0x5d1e22 , 0x5d1f68 ,=20 0x5d2d4b , 0x5d333e , = 0x5d3e40 , 0x5d54ae , 0x5d552c = ,=20 0x5d52bb , 0x5d52bb ,= 0x5d55d1 , 0x5d52bb , 0x5d52bb= ,=20 0x5d52bb , 0x5d52bb ,= 0x5d52bb , 0x5d52bb , 0x5d52bb= ,=20 0x5d52bb , 0x5d52bb ,= 0x5d5676 } count =3D 4 op =3D 1 vectorp =3D 0x991fa8 stack =3D { pc =3D 0xad7d00 "\356\357\f!\360P!\232\204-\001\36= 1\362\002P\016D\"\026D\210\016E<\203T\001\r\324=3D\203>\001=D5=82@\001\016C= \331\332\333\334\335\336\006\006!\363\"\340\341%\016E\"\026E\210\f\203_\001= \364\f!\024\202d\001\365\366\367\"\210\016F\332\370\371\335\336\005!\372\"\= 373$\216\374 \210)\210\375\376\377\"\210\201H", byte_string =3D 10035076,=20 byte_string_start =3D 0xad7be7 "\b\203\b", next = =3D 0x0} top =3D 0x7fffffffdb10 result =3D 64288067697 type =3D CATCHER #13 0x000000000058d620 in funcall_lambda (fun=3D10035029, nargs=3D0, arg_ve= ctor=3D0x7fffffffdfc0) at ../../src/eval.c:2855 size =3D 5 val =3D 0 syms_left =3D 2 next =3D 2 lexenv =3D 12406768 count =3D 4 i =3D 140737354130560 optional =3D false rest =3D false #14 0x000000000058d398 in apply_lambda (fun=3D10035029, args=3D0, count=3D3= ) at ../../src/eval.c:2794 args_left =3D 0 i =3D 0 numargs =3D 0 arg_vector =3D 0x7fffffffdfc0 tem =3D 10035029 sa_avail =3D 16384 sa_count =3D 4 sa_must_free =3D false #15 0x000000000058b8dd in eval_sub (form=3D17290403) at ../../src/eval.c:22= 11 fun =3D 10035029 val =3D 17141888 original_fun =3D 8666816 original_args =3D 0 funcar =3D 25104 count =3D 3 argvals =3D {12645440, 12245584, 5119553, 17141888, 140737488347504= , 5824004, 0, 25104} #16 0x000000000058adca in Feval (form=3D17290403, lexical=3D0) at ../../src= /eval.c:1988 count =3D 2 #17 0x00000000004ea3c3 in top_level_2 () at ../../src/keyboard.c:1108 No locals. #18 0x0000000000589869 in internal_condition_case (bfun=3D0x4ea3a0 , handlers=3D16560, hfun=3D0x4e9e3e ) at ../../src/eval.c:1= 309 val =3D 5119553 c =3D 0x149c150 #19 0x00000000004ea408 in top_level_1 (ignore=3D0) at ../../src/keyboard.c:= 1116 No locals. #20 0x0000000000589162 in internal_catch (tag=3D41088, func=3D0x4ea3c5 , arg=3D0) at ../../src/eval.c:1074 val =3D 5119553 c =3D 0x1489540 #21 0x00000000004ea2f2 in command_loop () at ../../src/keyboard.c:1077 No locals. #22 0x00000000004e9a00 in recursive_edit_1 () at ../../src/keyboard.c:684 count =3D 1 val =3D 5824079 #23 0x00000000004e9b96 in Frecursive_edit () at ../../src/keyboard.c:755 count =3D 0 buffer =3D 0 #24 0x00000000004e778b in main (argc=3D1, argv=3D0x7fffffffe4e8) at ../../s= rc/emacs.c:1606 dummy =3D 0 stack_bottom_variable =3D 0 '\000' do_initial_setlocale =3D true dumping =3D false skip_args =3D 0 rlim =3D {rlim_cur =3D 8720000, rlim_max =3D 18446744073709551615} no_loadup =3D false junk =3D 0x0 dname_arg =3D 0x0 ch_to_dir =3D 0x0 original_pwd =3D 0x0 --=20 Jan Synacek Software Engineer, Red Hat From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 08 11:31:57 2016 Received: (at control) by debbugs.gnu.org; 8 Jun 2016 15:31:57 +0000 Received: from localhost ([127.0.0.1]:32986 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAfSX-0002GB-1j for submit@debbugs.gnu.org; Wed, 08 Jun 2016 11:31:57 -0400 Received: from eggs.gnu.org ([208.118.235.92]:55859) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAfSV-0002Fv-UH for control@debbugs.gnu.org; Wed, 08 Jun 2016 11:31:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bAfSQ-0005QC-6i for control@debbugs.gnu.org; Wed, 08 Jun 2016 11:31:50 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:45373) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAfSQ-0005Pc-4L for control@debbugs.gnu.org; Wed, 08 Jun 2016 11:31:50 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1bAfSO-0005eY-OJ for control@debbugs.gnu.org; Wed, 08 Jun 2016 11:31:48 -0400 Subject: control message for bug 19759 To: X-Mailer: mail (GNU Mailutils 2.99.98) Message-Id: From: Glenn Morris Date: Wed, 08 Jun 2016 11:31:48 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) block 19759 by 23726 From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 08 12:49:18 2016 Received: (at 23726) by debbugs.gnu.org; 8 Jun 2016 16:49:18 +0000 Received: from localhost ([127.0.0.1]:33048 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAgfO-0007PD-IV for submit@debbugs.gnu.org; Wed, 08 Jun 2016 12:49:18 -0400 Received: from eggs.gnu.org ([208.118.235.92]:49778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAgfM-0007P0-Jf for 23726@debbugs.gnu.org; Wed, 08 Jun 2016 12:49:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bAgfC-0001Bv-GV for 23726@debbugs.gnu.org; Wed, 08 Jun 2016 12:49:11 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:46819) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAgfC-0001BE-Dv; Wed, 08 Jun 2016 12:49:06 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1383 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1bAgfA-0000la-KT; Wed, 08 Jun 2016 12:49:04 -0400 Date: Wed, 08 Jun 2016 19:49:43 +0300 Message-Id: <83oa7br5g8.fsf@gnu.org> From: Eli Zaretskii To: jsynacek@redhat.com (Jan =?utf-8?B?U3luw6HEjWVr?=) In-reply-to: Subject: Re: bug#23726: 25.0.94; emacs 25.0.94 crashes References: MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: 23726 Cc: 23726@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Eli Zaretskii Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) > From: jsynacek@redhat.com (Jan Synáček) > Date: Wed, 08 Jun 2016 12:21:30 +0200 > > Emacs 25.0.94 crashes on the current (Jun 8) Fedora Rawhide. The crash > is reproducible with vanilla upstream sources. > > gcc-6.1.1-2.fc25.x86_64 > glibc-2.23.90-19.fc25.x86_64 > > Steps to reproduce: > 1) configure --with-x=no > 2) make; make install > 3) emacs (or emacs -Q) > > Note that the crash doesn't always happen. I suspect something fishy > going on with emacs' memory management, as can be seen from the > following. > > Valgrind output: > > ==1274== Memcheck, a memory error detector > ==1274== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==1274== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info > ==1274== Command: /usr/bin/emacs-nox > ==1274== > ==1274== Invalid free() / delete / delete[] / realloc() > ==1274== at 0x4C2FC47: realloc (vg_replace_malloc.c:785) > ==1274== by 0x5628E0: lrealloc (alloc.c:1427) > ==1274== by 0x561FCC: xrealloc (alloc.c:856) > ==1274== by 0x5622CB: xpalloc (alloc.c:978) > ==1274== by 0x40D34E: realloc_glyph_pool (dispnew.c:1344) > ==1274== by 0x40E04D: adjust_frame_glyphs_for_frame_redisplay (dispnew.c:2006) > ==1274== by 0x40D87B: adjust_frame_glyphs (dispnew.c:1791) > ==1274== by 0x418A89: adjust_frame_size (frame.c:587) > ==1274== by 0x4161EE: change_frame_size_1 (dispnew.c:5513) > ==1274== by 0x416244: change_frame_size (dispnew.c:5545) > ==1274== by 0x4172FD: init_display (dispnew.c:6083) > ==1274== by 0x4E76AA: main (emacs.c:1549) > ==1274== Address 0xc1b020 is in a rw- mapped file /usr/bin/emacs-25.0.94-nox segment > ==1274== > emacs: Memory exhausted--use M-x save-some-buffers then exit and restart Emacs > ==1274== > ==1274== HEAP SUMMARY: > ==1274== in use at exit: 124,222 bytes in 729 blocks > ==1274== total heap usage: 1,452 allocs, 723 frees, 678,431 bytes allocated > ==1274== > ==1274== LEAK SUMMARY: > ==1274== definitely lost: 0 bytes in 0 blocks > ==1274== indirectly lost: 0 bytes in 0 blocks > ==1274== possibly lost: 0 bytes in 0 blocks > ==1274== still reachable: 124,222 bytes in 729 blocks > ==1274== suppressed: 0 bytes in 0 blocks > ==1274== Rerun with --leak-check=full to see details of leaked memory > ==1274== > ==1274== For counts of detected and suppressed errors, rerun with: -v > ==1274== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) > > > GDB full backtrace: > > Starting program: /usr/bin/emacs-nox > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > > Program received signal SIGABRT, Aborted. > 0x00007ffff58378d5 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 > 54 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); > Missing separate debuginfos, use: dnf debuginfo-install alsa-lib-1.1.1-1.fc25.x86_64 dbus-libs-1.11.2-1.fc25.x86_64 gmp-6.1.0-3.fc25.x86_64 gnutls-3.4.12-1.fc25.x86_64 gpm-libs-1.20.7-9.fc24.x86_64 libacl-2.2.52-11.fc24.x86_64 libattr-2.4.47-16.fc24.x86_64 libcap-2.25-2.fc25.x86_64 libffi-3.1-9.fc24.x86_64 libgcc-6.1.1-2.fc25.x86_64 libgcrypt-1.6.4-2.fc24.x86_64 libgpg-error-1.21-3.fc25.x86_64 libidn-1.32-2.fc24.x86_64 libjpeg-turbo-1.4.90-1.fc25.x86_64 libselinux-2.5-6.fc25.x86_64 libtasn1-4.8-1.fc25.x86_64 libxml2-2.9.3-3.fc24.x86_64 lz4-r131-2.fc24.x86_64 ncurses-libs-6.0-5.20160116.fc25.x86_64 nettle-3.2-2.fc24.x86_64 p11-kit-0.23.2-2.fc24.x86_64 pcre-8.39-0.1.RC1.fc25.x86_64 systemd-libs-230-2.fc25.x86_64 xz-libs-5.2.2-2.fc24.x86_64 zlib-1.2.8-10.fc24.x86_64 > #0 0x00007ffff58378d5 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 > resultvar = 0 > pid = 1204 > selftid = 1204 > #1 0x00007ffff58394da in __GI_abort () at abort.c:89 > save_stage = 2 > act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0, 10, 4160432, 140737488341312, 6096828, 140737488341744, 3, 3086, 30, 114, 140737488340512, > 21627284, 16, 21627281, 15, 14}}, sa_flags = -11336, sa_restorer = 0x0} > sigs = {__val = {32, 0 }} > #2 0x00000000005605b8 in re_match_2_internal (bufp=0xba9f18 , string1=0x0, size1=0, string2=0x14a30e0 "/root/scratch/.", size2=15, pos=14, regs=0x0, stop=15) > at ../../src/regex.c:6223 Thanks for the report, but I must say I'm confused wrt what's going on here. The backtrace is from a call to 'abort', so it cannot be a memory problem, at least not directly. And I'm not sure how valgrind output is related to that, but in general you need to run temacs under valgrind, not emacs, to avoid too many false positives. From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 08 13:32:17 2016 Received: (at 23726) by debbugs.gnu.org; 8 Jun 2016 17:32:17 +0000 Received: from localhost ([127.0.0.1]:33103 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAhKy-00006U-NS for submit@debbugs.gnu.org; Wed, 08 Jun 2016 13:32:16 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:41792) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAhKx-00006I-EP for 23726@debbugs.gnu.org; Wed, 08 Jun 2016 13:32:16 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 7D0341614AD; Wed, 8 Jun 2016 10:32:09 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id wkT_Ub_YU-Mr; Wed, 8 Jun 2016 10:32:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id E41231614AE; Wed, 8 Jun 2016 10:32:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6gRa9PamEJ7F; Wed, 8 Jun 2016 10:32:07 -0700 (PDT) Received: from penguin.cs.ucla.edu (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id C5E811614AD; Wed, 8 Jun 2016 10:32:07 -0700 (PDT) To: =?UTF-8?B?SmFuIFN5bsOhxI1law==?= From: Paul Eggert Subject: Re: Bug#23726: emacs 25.0.94 crashes Organization: UCLA Computer Science Department Message-ID: <489b54c6-1d39-4f47-9c35-36eea32c7b6c@cs.ucla.edu> Date: Wed, 8 Jun 2016 10:32:06 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------6918FFD1B1FDA24365F7085C" X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: 23726 Cc: Florian Weimer , 23726@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.4 (-) This is a multi-part message in MIME format. --------------6918FFD1B1FDA24365F7085C Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Has Rawhide incorporated some of Florian Weimer's malloc patches? If so, this is almost surely causing the problem. I will CC: Florian to give him a heads-up. See: https://sourceware.org/ml/libc-alpha/2016-06/msg00211.html https://sourceware.org/bugzilla/show_bug.cgi?id=19564 I am surprised that you can use valgrind. Valgrind does not work on Emacs in Fedora 23 because it mishandles the way Emacs dumps and restores. I can use Valgrind only on temacs, not on Emacs itself. The fact that you can use Valgrind on a dumped Emacs suggests that some of the malloc patches have been installed on Rawhide. For what it's worth, when I try to use valgrind on Fedora 23, I run into what appears to be a valgrind bug that prevents Emacs from working. I just now filed it here: https://bugzilla.redhat.com/show_bug.cgi?id=1344082 I ran valgrind as follows: valgrind --log-fd=3 --suppressions=valgrind.supp ./temacs 3>/tmp/vg.log with the attached valgrind.supp file, and Emacs (emacs-25 branch, built with 'configure --with-x=no') says "Failed select: Bad address" due to the valgrind bug. How do you use valgrind on Rawhide? --------------6918FFD1B1FDA24365F7085C Content-Type: text/plain; charset=UTF-8; name="valgrind.supp" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="valgrind.supp" IyB2YWxncmluZCBzdXBwcmVzc2lvbiBmaWxlCiMgVXNhZ2U6CiMgICAgdmFsZ3JpbmQgLS1z dXBwcmVzc2lvbnM9dmFsZ3JpbmQuc3VwcCAuL3RlbWFjcwoKIyBDb25zZXJ2YXRpdmUgZ2Fy YmFnZSBjb2xsZWN0aW9uIGluaGVyZW50bHkgbG9va3MgYXQgdW5pbml0aWFsaXplZCB2YWx1 ZXMsCiMgYW5kIEZnYXJiYWdlX2NvbGxlY3QgYW5kIGl0cyBjYWxsZWVzIGFsbCBkZXBlbmQg b24gdGhpcy4KIyBJdCdzIGhhcmQgdG8gc2VwYXJhdGUgb3V0IGV4YWN0bHkgd2hpY2ggY2Fs bGVlcyBuZWVkIHRvIGJlIGxpc3RlZCBoZXJlLAojIHNpbmNlIHRoZSBDIGNvbXBpbGVyIGNh biBpbmxpbmUgdGhlbS4gIEFsc28sIHZhbGdyaW5kIGRvZXNuJ3QgY2FyZQojIGFib3V0IHRo ZSB1c2Ugb2YgdW5pbml0aWFsaXplZCB2YXJpYWJsZXMgZGlyZWN0bHksIG9ubHkgd2hlbiB0 aGVpciB2YWx1ZXMKIyBhcmUgZXZlbnR1YWxseSB1c2VkLiAgU28ganVzdCBsaXN0IEZnYXJi YWdlX2NvbGxlY3QgYW5kIGl0cyBjYWxsZWVzLgp7CiAgIEZnYXJiYWdlX2NvbGxlY3QgQ29u ZCAtIGNvbnNlcnZhdGl2ZSBnYXJiYWdlIGNvbGxlY3Rpb24KICAgTWVtY2hlY2s6Q29uZAog ICAuLi4KICAgZnVuOkZnYXJiYWdlX2NvbGxlY3QKfQp7CiAgIEZnYXJiYWdlX2NvbGxlY3Qg VmFsdWU4IC0gY29uc2VydmF0aXZlIGdhcmJhZ2UgY29sbGVjdGlvbgogICBNZW1jaGVjazpW YWx1ZTgKICAgLi4uCiAgIGZ1bjpGZ2FyYmFnZV9jb2xsZWN0Cn0KIyB2YWxncmluZCBvbmx5 IGxvb2tzIGF0IHRoZSBsYXN0IGZldyBjYWxsZWVzIG9uIHRoZSBzdGFjaywgYnV0CiMgbWFy a19vYmplY3QgY2FuIGNhbGwgaXRzZWxmIHJlY3Vyc2l2ZWx5IGFuZCBkZWVwbHkuICBTbyBs aXN0CiMgaXQgdG9vLCBpbiBjYXNlIEZnYXJiYWdlX2NvbGxlY3QgaXMgYSBsb25nIHdheSBm cm9tIHRoZSBzdGFjayB0b3AuCnsKICAgRmdhcmJhZ2VfY29sbGVjdCBDb25kIC0gY29uc2Vy dmF0aXZlIGdhcmJhZ2UgY29sbGVjdGlvbgogICBNZW1jaGVjazpDb25kCiAgIC4uLgogICBm dW46bWFya19vYmplY3QKfQp7CiAgIEZnYXJiYWdlX2NvbGxlY3QgVmFsdWU4IC0gY29uc2Vy dmF0aXZlIGdhcmJhZ2UgY29sbGVjdGlvbgogICBNZW1jaGVjazpWYWx1ZTgKICAgLi4uCiAg IGZ1bjptYXJrX29iamVjdAp9CgojIE9uIG9uZSBjaXJjYS0yMDExIHg4Ni02NCBHTlUvTGlu dXggcGxhdGZvcm0sIHN0cmxlbiBpcyBpbmxpbmVkIHRvCiMgc29tZXRoaW5nIHRoYXQgbG9h ZHMgNCBieXRlcyBhdCBhIHRpbWUuCnsKICAgaW5pdF9idWZmZXIgb3B0aW1pemVkIHN0cmxl bgogICBNZW1jaGVjazpBZGRyNAogICBmdW46aW5pdF9idWZmZXIKfQo= --------------6918FFD1B1FDA24365F7085C-- From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 08 14:45:18 2016 Received: (at 23726) by debbugs.gnu.org; 8 Jun 2016 18:45:18 +0000 Received: from localhost ([127.0.0.1]:33124 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAiTd-0001qP-Gz for submit@debbugs.gnu.org; Wed, 08 Jun 2016 14:45:18 -0400 Received: from mx1.redhat.com ([209.132.183.28]:32870) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAiJl-0001cM-Tt for 23726@debbugs.gnu.org; Wed, 08 Jun 2016 14:35:07 -0400 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A542B7F6A5; Wed, 8 Jun 2016 18:35:03 +0000 (UTC) Received: from oldenburg.str.redhat.com (ovpn-204-42.brq.redhat.com [10.40.204.42]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u58IYxK5025083 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 8 Jun 2016 14:35:02 -0400 Subject: Re: Bug#23726: emacs 25.0.94 crashes To: Paul Eggert , =?UTF-8?B?SmFuIFN5bsOhxI1law==?= References: <489b54c6-1d39-4f47-9c35-36eea32c7b6c@cs.ucla.edu> From: Florian Weimer Message-ID: <72a0452f-b732-d562-47a7-cedbc9548a39@redhat.com> Date: Wed, 8 Jun 2016 20:34:58 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <489b54c6-1d39-4f47-9c35-36eea32c7b6c@cs.ucla.edu> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 08 Jun 2016 18:35:03 +0000 (UTC) X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: 23726 X-Mailman-Approved-At: Wed, 08 Jun 2016 14:45:16 -0400 Cc: 23726@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) On 06/08/2016 07:32 PM, Paul Eggert wrote: > Has Rawhide incorporated some of Florian Weimer's malloc patches? If so, > this is almost surely causing the problem. I will CC: Florian to give > him a heads-up. See: > > https://sourceware.org/ml/libc-alpha/2016-06/msg00211.html That's not the patch, it's not even in upstream master. If that patch was in, you wouldn't see the problem anymore because Emacs' internal malloc would be used. The problem is that the realloc implementation for dumped chunks is incorrect; that bit is already in glibc master and rawhide. I think I can see what is wrong: The size computation for the old chunk size in realloc is wrong, and the trailing sizeof (size_t) bytes are not copied. Fortunately, it's not a conceptual problem with the heap rewriter. > I am surprised that you can use valgrind. The valgrind failure is typical of what you get with a dumped Emacs. valgrind intercepts realloc and returns 0 because an off-heap pointer is detected. Florian From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 08 14:52:52 2016 Received: (at 23726) by debbugs.gnu.org; 8 Jun 2016 18:52:52 +0000 Received: from localhost ([127.0.0.1]:33128 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAiay-00024x-KB for submit@debbugs.gnu.org; Wed, 08 Jun 2016 14:52:52 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59086) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAiax-00024j-4z for 23726@debbugs.gnu.org; Wed, 08 Jun 2016 14:52:51 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 605688DFEC; Wed, 8 Jun 2016 18:52:45 +0000 (UTC) Received: from oldenburg.str.redhat.com (ovpn-204-42.brq.redhat.com [10.40.204.42]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u58IqgPc028233 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 8 Jun 2016 14:52:44 -0400 Subject: Re: Bug#23726: emacs 25.0.94 crashes To: Paul Eggert , =?UTF-8?B?SmFuIFN5bsOhxI1law==?= References: <489b54c6-1d39-4f47-9c35-36eea32c7b6c@cs.ucla.edu> <72a0452f-b732-d562-47a7-cedbc9548a39@redhat.com> From: Florian Weimer Message-ID: Date: Wed, 8 Jun 2016 20:52:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <72a0452f-b732-d562-47a7-cedbc9548a39@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 08 Jun 2016 18:52:45 +0000 (UTC) X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: 23726 Cc: 23726@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) On 06/08/2016 08:34 PM, Florian Weimer wrote: > The problem is that the realloc implementation for dumped chunks is > incorrect; that bit is already in glibc master and rawhide. I think I > can see what is wrong: The size computation for the old chunk size in > realloc is wrong, and the trailing sizeof (size_t) bytes are not copied. > Fortunately, it's not a conceptual problem with the heap rewriter. glibc patch posted: https://sourceware.org/ml/libc-alpha/2016-06/msg00261.html The same dumped binary crashes before this patch is applied, and works afterwards. Jan, thanks for reporting this. Florian From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 08 14:57:35 2016 Received: (at 23726-done) by debbugs.gnu.org; 8 Jun 2016 18:57:35 +0000 Received: from localhost ([127.0.0.1]:33132 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAifX-0002CQ-7C for submit@debbugs.gnu.org; Wed, 08 Jun 2016 14:57:35 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:49792) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAifV-0002CC-Du for 23726-done@debbugs.gnu.org; Wed, 08 Jun 2016 14:57:33 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 5239F1614B3; Wed, 8 Jun 2016 11:57:27 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id XWEwXGzbrH_y; Wed, 8 Jun 2016 11:57:26 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 4A6491614B6; Wed, 8 Jun 2016 11:57:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id kR9B3quMfw6P; Wed, 8 Jun 2016 11:57:26 -0700 (PDT) Received: from penguin.cs.ucla.edu (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 31B161614B3; Wed, 8 Jun 2016 11:57:26 -0700 (PDT) Subject: Re: Bug#23726: emacs 25.0.94 crashes To: Florian Weimer , =?UTF-8?B?SmFuIFN5bsOhxI1law==?= References: <489b54c6-1d39-4f47-9c35-36eea32c7b6c@cs.ucla.edu> <72a0452f-b732-d562-47a7-cedbc9548a39@redhat.com> From: Paul Eggert Organization: UCLA Computer Science Department Message-ID: <91a674ae-5d40-d5a3-76d5-f345b59b24d8@cs.ucla.edu> Date: Wed, 8 Jun 2016 11:57:26 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: 23726-done Cc: 23726-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.4 (-) On 06/08/2016 11:52 AM, Florian Weimer wrote: > glibc patch posted: > > https://sourceware.org/ml/libc-alpha/2016-06/msg00261.html > > The same dumped binary crashes before this patch is applied, and works > afterwards. Thanks again. Closing Bug#23726, as it's a glibc bug not an Emacs bug. From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 09 02:17:56 2016 Received: (at 23726) by debbugs.gnu.org; 9 Jun 2016 06:17:56 +0000 Received: from localhost ([127.0.0.1]:33281 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAtHw-0006aj-DU for submit@debbugs.gnu.org; Thu, 09 Jun 2016 02:17:56 -0400 Received: from mail-io0-f182.google.com ([209.85.223.182]:33478) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAtHu-0006aU-Ey for 23726@debbugs.gnu.org; Thu, 09 Jun 2016 02:17:55 -0400 Received: by mail-io0-f182.google.com with SMTP id m62so29529085iof.0 for <23726@debbugs.gnu.org>; Wed, 08 Jun 2016 23:17:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=/ECDlqnvmJw0zYWXI6H9pK1h4h0Bvk86XyurFtR2We4=; b=Wu0PocPpBQ1NrBCN+juu2Jz8so03ocvx4MlKfFfPoZnkJ0ynMZiXbSSlBCWpCZWi9g jt/LlC9dSjgmsBOPFldwesjr3S/nNSffhBckZFPgzxibSsQIFrG4gstiALBjz/fkXbVd t1kFKX8eEE0c3bsOTSGlD6ALSSHgnzmXildChSExfUFJBcUsC5bXtMMt0ZEozfJ5W4lg sJxWih0KamwERX/s9eJ3XdJ1TgUoS6xvmHN2olDIpfzTPz/y/PbGo1L4i+bZhF3UGife 6BzFkAU7aZJObrLrcBHjP4lzNSye0GfiY210yIXcGZ2pAN4xDj/R7aYutsH+sKhV3P80 h3ow== X-Gm-Message-State: ALyK8tKySWoJkcfpEc8nfOXyVnsvj6Mo7Hq55UdtLGKieZ8//9BHDru2xyVW1oOR9wsiUFl3+z0gFDNz2R2XAlim MIME-Version: 1.0 X-Received: by 10.107.19.165 with SMTP id 37mr13800710iot.167.1465453068704; Wed, 08 Jun 2016 23:17:48 -0700 (PDT) Received: by 10.107.47.159 with HTTP; Wed, 8 Jun 2016 23:17:48 -0700 (PDT) In-Reply-To: References: <489b54c6-1d39-4f47-9c35-36eea32c7b6c@cs.ucla.edu> <72a0452f-b732-d562-47a7-cedbc9548a39@redhat.com> Date: Thu, 9 Jun 2016 08:17:48 +0200 Message-ID: Subject: Re: Bug#23726: emacs 25.0.94 crashes From: Jan Synacek To: Florian Weimer Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 23726 Cc: Paul Eggert , 23726@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Wed, Jun 8, 2016 at 8:52 PM, Florian Weimer wrote: > On 06/08/2016 08:34 PM, Florian Weimer wrote: > >> The problem is that the realloc implementation for dumped chunks is >> incorrect; that bit is already in glibc master and rawhide. I think I >> can see what is wrong: The size computation for the old chunk size in >> realloc is wrong, and the trailing sizeof (size_t) bytes are not copied. >> Fortunately, it's not a conceptual problem with the heap rewriter. > > > glibc patch posted: > > https://sourceware.org/ml/libc-alpha/2016-06/msg00261.html > > The same dumped binary crashes before this patch is applied, and works > afterwards. > > Jan, thanks for reporting this. Thanks for investigating and the quick fix! -- Jan Synacek Software Engineer, Red Hat From unknown Thu Jun 19 14:03:50 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 07 Jul 2016 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator