GNU bug report logs - #23726
25.0.94; emacs 25.0.94 crashes

Previous Next

Package: emacs;

Reported by: jsynacek <at> redhat.com (Jan Synáček)

Date: Wed, 8 Jun 2016 10:22:01 UTC

Severity: important

Found in version 25.0.94

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #10 received at 23726 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: jsynacek <at> redhat.com (Jan Synáček)
Cc: 23726 <at> debbugs.gnu.org
Subject: Re: bug#23726: 25.0.94; emacs 25.0.94 crashes
Date: Wed, 08 Jun 2016 19:49:43 +0300

> From: jsynacek <at> redhat.com (Jan Synáček)
> Date: Wed, 08 Jun 2016 12:21:30 +0200
> 
> Emacs 25.0.94 crashes on the current (Jun 8) Fedora Rawhide. The crash
> is reproducible with vanilla upstream sources.
> 
> gcc-6.1.1-2.fc25.x86_64
> glibc-2.23.90-19.fc25.x86_64
> 
> Steps to reproduce:
> 1) configure --with-x=no
> 2) make; make install
> 3) emacs (or emacs -Q)
> 
> Note that the crash doesn't always happen. I suspect something fishy
> going on with emacs' memory management, as can be seen from the
> following.
> 
> Valgrind output:
> 
> ==1274== Memcheck, a memory error detector
> ==1274== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
> ==1274== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
> ==1274== Command: /usr/bin/emacs-nox
> ==1274== 
> ==1274== Invalid free() / delete / delete[] / realloc()
> ==1274==    at 0x4C2FC47: realloc (vg_replace_malloc.c:785)
> ==1274==    by 0x5628E0: lrealloc (alloc.c:1427)
> ==1274==    by 0x561FCC: xrealloc (alloc.c:856)
> ==1274==    by 0x5622CB: xpalloc (alloc.c:978)
> ==1274==    by 0x40D34E: realloc_glyph_pool (dispnew.c:1344)
> ==1274==    by 0x40E04D: adjust_frame_glyphs_for_frame_redisplay (dispnew.c:2006)
> ==1274==    by 0x40D87B: adjust_frame_glyphs (dispnew.c:1791)
> ==1274==    by 0x418A89: adjust_frame_size (frame.c:587)
> ==1274==    by 0x4161EE: change_frame_size_1 (dispnew.c:5513)
> ==1274==    by 0x416244: change_frame_size (dispnew.c:5545)
> ==1274==    by 0x4172FD: init_display (dispnew.c:6083)
> ==1274==    by 0x4E76AA: main (emacs.c:1549)
> ==1274==  Address 0xc1b020 is in a rw- mapped file /usr/bin/emacs-25.0.94-nox segment
> ==1274== 
> emacs: Memory exhausted--use M-x save-some-buffers then exit and restart Emacs
> ==1274== 
> ==1274== HEAP SUMMARY:
> ==1274==     in use at exit: 124,222 bytes in 729 blocks
> ==1274==   total heap usage: 1,452 allocs, 723 frees, 678,431 bytes allocated
> ==1274== 
> ==1274== LEAK SUMMARY:
> ==1274==    definitely lost: 0 bytes in 0 blocks
> ==1274==    indirectly lost: 0 bytes in 0 blocks
> ==1274==      possibly lost: 0 bytes in 0 blocks
> ==1274==    still reachable: 124,222 bytes in 729 blocks
> ==1274==         suppressed: 0 bytes in 0 blocks
> ==1274== Rerun with --leak-check=full to see details of leaked memory
> ==1274== 
> ==1274== For counts of detected and suppressed errors, rerun with: -v
> ==1274== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
> 
> 
> GDB full backtrace:
> 
> Starting program: /usr/bin/emacs-nox 
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> 
> Program received signal SIGABRT, Aborted.
> 0x00007ffff58378d5 in __GI_raise (sig=sig <at> entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
> 54	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
> Missing separate debuginfos, use: dnf debuginfo-install alsa-lib-1.1.1-1.fc25.x86_64 dbus-libs-1.11.2-1.fc25.x86_64 gmp-6.1.0-3.fc25.x86_64 gnutls-3.4.12-1.fc25.x86_64 gpm-libs-1.20.7-9.fc24.x86_64 libacl-2.2.52-11.fc24.x86_64 libattr-2.4.47-16.fc24.x86_64 libcap-2.25-2.fc25.x86_64 libffi-3.1-9.fc24.x86_64 libgcc-6.1.1-2.fc25.x86_64 libgcrypt-1.6.4-2.fc24.x86_64 libgpg-error-1.21-3.fc25.x86_64 libidn-1.32-2.fc24.x86_64 libjpeg-turbo-1.4.90-1.fc25.x86_64 libselinux-2.5-6.fc25.x86_64 libtasn1-4.8-1.fc25.x86_64 libxml2-2.9.3-3.fc24.x86_64 lz4-r131-2.fc24.x86_64 ncurses-libs-6.0-5.20160116.fc25.x86_64 nettle-3.2-2.fc24.x86_64 p11-kit-0.23.2-2.fc24.x86_64 pcre-8.39-0.1.RC1.fc25.x86_64 systemd-libs-230-2.fc25.x86_64 xz-libs-5.2.2-2.fc24.x86_64 zlib-1.2.8-10.fc24.x86_64
> #0  0x00007ffff58378d5 in __GI_raise (sig=sig <at> entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
>         resultvar = 0
>         pid = 1204
>         selftid = 1204
> #1  0x00007ffff58394da in __GI_abort () at abort.c:89
>         save_stage = 2
>         act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0, 10, 4160432, 140737488341312, 6096828, 140737488341744, 3, 3086, 30, 114, 140737488340512, 
>               21627284, 16, 21627281, 15, 14}}, sa_flags = -11336, sa_restorer = 0x0}
>         sigs = {__val = {32, 0 <repeats 15 times>}}
> #2  0x00000000005605b8 in re_match_2_internal (bufp=0xba9f18 <searchbufs+2552>, string1=0x0, size1=0, string2=0x14a30e0 "/root/scratch/.", size2=15, pos=14, regs=0x0, stop=15)
>     at ../../src/regex.c:6223

Thanks for the report, but I must say I'm confused wrt what's going on
here.  The backtrace is from a call to 'abort', so it cannot be a
memory problem, at least not directly.  And I'm not sure how valgrind
output is related to that, but in general you need to run temacs under
valgrind, not emacs, to avoid too many false positives.
This bug report was last modified 8 years and 348 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.