GNU bug report logs - #11144
temacs segfaults w/MALLOC_PERTURB_!=0 when compiling with gcc-4.8.0

Package: emacs;

Reported by: Jim Meyering <jim <at> meyering.net>

Date: Sun, 1 Apr 2012 09:26:01 UTC

Severity: normal

Merged with 8388, 11662

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 11144 in the body.
You can then email your comments to 11144 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#11144; Package emacs. (Sun, 01 Apr 2012 09:26:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jim Meyering <jim <at> meyering.net>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Sun, 01 Apr 2012 09:26:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: bug-emacs <at> gnu.org, bug-gcc <at> gnu.org
Subject: temacs segfaults w/MALLOC_PERTURB_!=0 when compiling with gcc-4.8.0
Date: Sun, 01 Apr 2012 11:25:02 +0200

I bootstrap emacs from bzr every two or three days, using whatever
gcc happens to be in my PATH.

The last successful build/install was on March 28th.
However, as far as I can see, the new problem is coming
from the tools I'm using, and not from emacs, since attempting
to build that previously-succeeding commit now evokes a segfault.

It's easy to paper over the problem.
My (failing) build procedure does this to cancel the effect
of my always-set MALLOC_CHECK_ envvar:

        make bootstrap RUN_TEMACS='MALLOC_CHECK_=0 ./temacs'

also making it turn off MALLOC_PERTURB_ works around the immediate problem.
With this, the build completes normally:

        make bootstrap RUN_TEMACS='MALLOC_PERTURB_=0 MALLOC_CHECK_=0 ./temacs'

But that probably just masks the real problem.

This is happening on an x86_64 F17 system, when I use built-from-svn
gcc-4.8.0 20120327 or newer (confirmed segfault also with today's
4.8.0 20120401).

However, using the stock gcc, (aka gcc-4.7.0-1.fc17.x86_64),
there is no problem.

Using valgrind the problem does not arise.
Same story when using gdb directly, so below I let
it generate a core file and ran gdb on that.
It suggests that alloc.c's mark_object is dereferencing a freed
pointer, due to the pattern of 0x22 bytes scribbled into the pointer:

  #0  mark_object (arg=<optimized out>) at /h/j/w/co/emacs/trunk/src/alloc.c:5616
  5616            if (ptr->gcmarkbit)

  (gdb) p *ptr
  Cannot access memory at address 0x2222222222222220

I.e., to reproduce this failure, you would run this:

    ./configure CC=/path-to-gcc-4.8.0/bin \
      && env MALLOC_PERTURB_=88 \
        make bootstrap RUN_TEMACS='MALLOC_CHECK_=0 ./temacs'

If no one beats me to it, later in the week I'll bisect gcc until
I find the commit that changes whether ./temacs segfaults.

Here's the tail of the build log and the temacs backtrace:
-----------------------
cd ../lisp; make -w --jobserver-fds=3,4 - --jobserver-fds=3,4 - --jobserver-fds=3,4 - --jobserver-fds=3,4 -j update-subdirs
make[3]: Entering directory `/t/jt-dzv4F3/emacs/lisp'
cd /h/j/w/co/emacs/trunk/lisp; subdirs=`(find . -type d -print)`; for file in $subdirs; do case $file in */.* | */.*/* | */=* | */cedet* ) ;; *) wins="$wins $file" ;; esac; done; \
for file in $wins; do \
   /h/j/w/co/emacs/trunk/update-subdirs $file; \
done;
make[3]: Leaving directory `/t/jt-dzv4F3/emacs/lisp'
if test "no" = "yes"; then \
  ln -f temacs bootstrap-emacs; \
else \
  MALLOC_CHECK_=0 ./temacs --batch --load loadup bootstrap || exit 1; \
  mv -f emacs bootstrap-emacs; \
fi
Loading loadup.el (source)...
Using load-path (/h/j/w/co/emacs/trunk/lisp /h/j/w/co/emacs/trunk/lisp/emacs-lisp /h/j/w/co/emacs/trunk/lisp/language /h/j/w/co/emacs/trunk/lisp/international /h/j/w/co/emacs/trunk/lisp/textmodes)
Loading emacs-lisp/byte-run (source)...
Loading emacs-lisp/backquote (source)...
Loading subr (source)...
Loading version.el (source)...
Loading widget (source)...
Loading custom (source)...
Loading emacs-lisp/map-ynp (source)...
Loading cus-start (source)...
Loading international/mule (source)...
Loading international/mule-conf (source)...
Loading env (source)...
Loading format (source)...
Loading bindings (source)...
Loading window (source)...
Loading /h/j/w/co/emacs/trunk/lisp/files.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/cus-face.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/faces.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/button.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/startup.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/ldefs-boot.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/minibuffer.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/abbrev.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/simple.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/help.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/jka-cmpr-hook.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/epa-hook.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/international/mule-cmds.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/case-table.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/international/charprop.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/international/characters.el (source)...
/bin/sh: line 5: 22643 Segmentation fault      (core dumped) MALLOC_CHECK_=0 ./temacs --batch --load loadup bootstrap
make[2]: *** [bootstrap-emacs] Error 1
make[2]: Leaving directory `/t/jt-dzv4F3/emacs/src'
make[1]: *** [src] Error 2
make[1]: Leaving directory `/t/jt-dzv4F3/emacs'
make: *** [bootstrap] Error 2
[2]  + exit 2     ( prefix=/p/p/$pkg-$date ; set -e; local cc; cc=gcc ; cc=/usr/bin/gcc ;   ;
$ rlo ioui11
$ rlo iou11
$ pwd
/t/jt-dzv4F3/emacs
$ cvu
$
[Exit 1]
$ cd src
$ ulimit -c unlimited
$ MALLOC_CHECK_=0 ./temacs --batch --load loadup bootstrap
Loading loadup.el (source)...
Using load-path (/h/j/w/co/emacs/trunk/lisp /h/j/w/co/emacs/trunk/lisp/emacs-lisp /h/j/w/co/emacs/trunk/lisp/language /h/j/w/co/emacs/trunk/lisp/international /h/j/w/co/emacs/trunk/lisp/textmodes)
Loading emacs-lisp/byte-run (source)...
Loading emacs-lisp/backquote (source)...
Loading subr (source)...
Loading version.el (source)...
Loading widget (source)...
Loading custom (source)...
Loading emacs-lisp/map-ynp (source)...
Loading cus-start (source)...
Loading international/mule (source)...
Loading international/mule-conf (source)...
Loading env (source)...
Loading format (source)...
Loading bindings (source)...
Loading window (source)...
Loading /h/j/w/co/emacs/trunk/lisp/files.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/cus-face.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/faces.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/button.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/startup.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/ldefs-boot.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/minibuffer.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/abbrev.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/simple.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/help.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/jka-cmpr-hook.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/epa-hook.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/international/mule-cmds.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/case-table.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/international/charprop.el (source)...
Loading /h/j/w/co/emacs/trunk/lisp/international/characters.el (source)...
zsh: segmentation fault (core dumped)  MALLOC_CHECK_=0 ./temacs --batch --load loadup bootstrap
[Exit 139 (SEGV)]
$ gdb --core=core.9304 ./temacs
Reading symbols from /t/jt-dzv4F3/emacs/src/temacs...done.
[New LWP 9304]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `./temacs --batch --load loadup bootstrap'.
Program terminated with signal 11, Segmentation fault.
#0  mark_object (arg=<optimized out>) at /h/j/w/co/emacs/trunk/src/alloc.c:5616
5616            if (ptr->gcmarkbit)
SIGINT is used by the debugger.
Are you sure you want to change it? (y or n) [answered Y; input not from terminal]
DISPLAY = :0
TERM = xterm-256color
Breakpoint 1 at 0x4f4e80: abort. (2 locations)
Temporary breakpoint 2 at 0x510260: file /h/j/w/co/emacs/trunk/src/sysdep.c, line 859.
Missing separate debuginfos, use: debuginfo-install ImageMagick-6.7.1.9-3.fc17.x86_64 atk-2.4.0-1.fc17.x86_64 bzip2-libs-1.0.6-4.fc17.x86_64 expat-2.1.0-1.fc17.x86_64 fontconfig-2.8.0-6.fc17.x86_64 freetype-2.4.8-3.fc17.x86_64 gdk-pixbuf2-2.26.0-1.fc17.x86_64 giflib-4.1.6-5.fc17.x86_64 glib2-2.32.0-1.fc17.x86_64 glibc-2.15-28.fc17.x86_64 gtk2-2.24.10-1.fc17.x86_64 lcms-libs-1.19-5.fc17.x86_64 libICE-1.0.8-1.fc17.x86_64 libSM-1.2.1-1.fc17.x86_64 libX11-1.4.99.1-3.fc17.x86_64 libXau-1.0.6-3.fc17.x86_64 libXcomposite-0.4.3-3.fc17.x86_64 libXcursor-1.1.13-1.fc17.x86_64 libXdamage-1.1.3-3.fc17.x86_64 libXext-1.3.1-1.fc17.x86_64 libXfixes-5.0-2.fc17.x86_64 libXft-2.3.0-2.fc17.x86_64 libXi-1.5.99.2-4.20111222gitae0187c87.fc17.x86_64 libXinerama-1.1.2-1.fc17.x86_64 libXpm-3.5.10-1.fc17.x86_64 libXrandr-1.3.1-3.fc17.x86_64 libXrender-0.9.7-1.fc17.x86_64 libXt-1.1.2-2.fc17.x86_64 libcroco-0.6.5-1.fc17.x86_64 libffi-3.0.10-2.fc17.x86_64 libgcc-4.7.0-1.fc17.x86_64 libgomp-4.7.0-1.fc17.x86_64 libjpeg-turbo-1.2.0-1.fc17.x86_64 libotf-0.9.12-3.fc17.x86_64 libpng-1.5.9-1.fc17.x86_64 librsvg2-2.36.0-1.fc17.x86_64 libselinux-2.1.9-9.fc17.x86_64 libtiff-3.9.5-2.fc17.x86_64 libtool-ltdl-2.4.2-3.fc17.x86_64 libuuid-2.21.1-1.fc17.x86_64 libxcb-1.8-2.fc17.x86_64 libxml2-2.7.8-7.fc17.x86_64 m17n-lib-1.6.3-2.fc17.x86_64 ncurses-libs-5.9-4.20120204.fc17.x86_64 pango-1.30.0-1.fc17.x86_64 pixman-0.24.4-1.fc17.x86_64 zlib-1.2.5-6.fc17.x86_64
(gdb) w
#0  mark_object (arg=<optimized out>) at /h/j/w/co/emacs/trunk/src/alloc.c:5616
#1  0x00000000005566e3 in mark_maybe_pointer (p=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/alloc.c:4249
#2  mark_memory (end=0x7fffffff8758, start=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/alloc.c:4314
#3  mark_stack () at /h/j/w/co/emacs/trunk/src/alloc.c:4560
#4  Fgarbage_collect () at /h/j/w/co/emacs/trunk/src/alloc.c:5148
#5  0x000000000056be64 in eval_sub (form=15423334)
    at /h/j/w/co/emacs/trunk/src/eval.c:2245
#6  0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#7  0x000000000056f820 in Flet (args=15423446)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#8  0x000000000056c450 in eval_sub (form=15392150)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#9  0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#10 0x000000000056c450 in eval_sub (form=15392374)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#11 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#12 0x000000000056f820 in Flet (args=15392390)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#13 0x000000000056c450 in eval_sub (form=15392534)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#14 0x000000000056c697 in Fprogn (args=11926528, args <at> entry=15392838)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#15 0x000000000056f298 in Fwhile (args=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:1142
#16 0x000000000056c450 in eval_sub (form=15393014)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#17 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#18 0x000000000056f820 in Flet (args=15401862)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#19 0x000000000056c450 in eval_sub (form=15402342)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#20 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#21 0x000000000056c9d2 in funcall_lambda (fun=fun <at> entry=15415398,
    nargs=nargs <at> entry=3, arg_vector=arg_vector <at> entry=0x7fffffff9050)
    at /h/j/w/co/emacs/trunk/src/eval.c:3226
#22 0x000000000056bce5 in apply_lambda (fun=15415398, args=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:3110
#23 0x000000000056c0a3 in eval_sub (form=15422598)
    at /h/j/w/co/emacs/trunk/src/eval.c:2414
#24 0x000000000056c184 in eval_sub (form=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2335
#25 0x000000000056f6f2 in Flet (args=15422422)
    at /h/j/w/co/emacs/trunk/src/eval.c:1090
#26 0x000000000056c450 in eval_sub (form=15422694)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#27 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#28 0x000000000056c450 in eval_sub (form=15423254)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#29 0x000000000056f256 in For (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:264
#30 0x000000000056c450 in eval_sub (form=15423334)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#31 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#32 0x000000000056f820 in Flet (args=15423446)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#33 0x000000000056c450 in eval_sub (form=15392150)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#34 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#35 0x000000000056c450 in eval_sub (form=15392374)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#36 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#37 0x000000000056f820 in Flet (args=15392390)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#38 0x000000000056c450 in eval_sub (form=15392534)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#39 0x000000000056c697 in Fprogn (args=11926528, args <at> entry=15392838)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#40 0x000000000056f298 in Fwhile (args=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:1142
#41 0x000000000056c450 in eval_sub (form=15393014)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#42 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#43 0x000000000056f820 in Flet (args=15401862)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#44 0x000000000056c450 in eval_sub (form=15402342)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#45 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#46 0x000000000056c9d2 in funcall_lambda (fun=fun <at> entry=15415398,
    nargs=nargs <at> entry=3, arg_vector=arg_vector <at> entry=0x7fffffff9da0)
    at /h/j/w/co/emacs/trunk/src/eval.c:3226
#47 0x000000000056bce5 in apply_lambda (fun=15415398, args=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:3110
#48 0x000000000056c0a3 in eval_sub (form=15422598)
    at /h/j/w/co/emacs/trunk/src/eval.c:2414
#49 0x000000000056c184 in eval_sub (form=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2335
#50 0x000000000056f6f2 in Flet (args=15422422)
    at /h/j/w/co/emacs/trunk/src/eval.c:1090
#51 0x000000000056c450 in eval_sub (form=15422694)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#52 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#53 0x000000000056c450 in eval_sub (form=15423254)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#54 0x000000000056f256 in For (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:264
#55 0x000000000056c450 in eval_sub (form=15423334)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#56 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#57 0x000000000056f820 in Flet (args=15423446)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#58 0x000000000056c450 in eval_sub (form=15392150)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#59 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#60 0x000000000056c450 in eval_sub (form=15392374)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#61 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#62 0x000000000056f820 in Flet (args=15392390)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#63 0x000000000056c450 in eval_sub (form=15392534)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#64 0x000000000056c697 in Fprogn (args=11926528, args <at> entry=15392838)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#65 0x000000000056f298 in Fwhile (args=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:1142
#66 0x000000000056c450 in eval_sub (form=15393014)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#67 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#68 0x000000000056f820 in Flet (args=15401862)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#69 0x000000000056c450 in eval_sub (form=15402342)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#70 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#71 0x000000000056c9d2 in funcall_lambda (fun=fun <at> entry=15415398,
    nargs=nargs <at> entry=3, arg_vector=arg_vector <at> entry=0x7fffffffaaf0)
    at /h/j/w/co/emacs/trunk/src/eval.c:3226
#72 0x000000000056bce5 in apply_lambda (fun=15415398, args=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:3110
#73 0x000000000056c0a3 in eval_sub (form=15422598)
    at /h/j/w/co/emacs/trunk/src/eval.c:2414
#74 0x000000000056c184 in eval_sub (form=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2335
#75 0x000000000056f6f2 in Flet (args=15422422)
    at /h/j/w/co/emacs/trunk/src/eval.c:1090
#76 0x000000000056c450 in eval_sub (form=15422694)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#77 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#78 0x000000000056c450 in eval_sub (form=15423254)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#79 0x000000000056f256 in For (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:264
#80 0x000000000056c450 in eval_sub (form=15423334)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#81 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#82 0x000000000056f820 in Flet (args=15423446)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#83 0x000000000056c450 in eval_sub (form=15392150)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#84 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#85 0x000000000056c450 in eval_sub (form=15392374)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#86 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#87 0x000000000056f820 in Flet (args=15392390)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#88 0x000000000056c450 in eval_sub (form=15392534)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#89 0x000000000056c697 in Fprogn (args=11926528, args <at> entry=15392838)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#90 0x000000000056f298 in Fwhile (args=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:1142
#91 0x000000000056c450 in eval_sub (form=15393014)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#92 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#93 0x000000000056f820 in Flet (args=15401862)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#94 0x000000000056c450 in eval_sub (form=15402342)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#95 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#96 0x000000000056c9d2 in funcall_lambda (fun=15415398, nargs=nargs <at> entry=1,
    arg_vector=arg_vector <at> entry=0x7fffffffb8d8)
    at /h/j/w/co/emacs/trunk/src/eval.c:3226
#97 0x000000000056cc9b in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=
    0x7fffffffb8d0) at /h/j/w/co/emacs/trunk/src/eval.c:3063
#98 0x000000000056d0ba in call1 (fn=<optimized out>, arg1=arg1 <at> entry=17643681)
    at /h/j/w/co/emacs/trunk/src/eval.c:2771
#99 0x0000000000590b1b in readevalloop (readcharfun=readcharfun <at> entry=21355365,
    stream=stream <at> entry=0x0, sourcename=sourcename <at> entry=17643681, printflag=0,
    unibyte=unibyte <at> entry=11944466, readfun=11944466, start=<optimized out>,
    end=11944466) at /h/j/w/co/emacs/trunk/src/lread.c:1743
#100 0x0000000000590f2c in Feval_buffer (buffer=<optimized out>, printflag=
    11944466, filename=17643681, unibyte=11944466,
    do_allow_print=<optimized out>) at /h/j/w/co/emacs/trunk/src/lread.c:1899
#101 0x000000000056c262 in eval_sub (form=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2364
#102 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#103 0x000000000056f820 in Flet (args=13007382)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#104 0x000000000056c450 in eval_sub (form=13007590)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#105 0x000000000056f595 in Funwind_protect (args=13006262)
    at /h/j/w/co/emacs/trunk/src/eval.c:1371
#106 0x000000000056c450 in eval_sub (form=13007606)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#107 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#108 0x000000000056fa40 in FletX (args=13008198)
    at /h/j/w/co/emacs/trunk/src/eval.c:1050
#109 0x000000000056c450 in eval_sub (form=13008630)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#110 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#111 0x000000000056c450 in eval_sub (form=13017334)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#112 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#113 0x000000000056c9d2 in funcall_lambda (fun=13036246, nargs=nargs <at> entry=4,
    arg_vector=arg_vector <at> entry=0x7fffffffc0f8)
    at /h/j/w/co/emacs/trunk/src/eval.c:3226
#114 0x000000000056cc9b in Ffuncall (nargs=nargs <at> entry=5, args=args <at> entry=
    0x7fffffffc0f0) at /h/j/w/co/emacs/trunk/src/eval.c:3063
#115 0x000000000056d039 in call4 (fn=<optimized out>, arg1=arg1 <at> entry=17643681,
    arg2=arg2 <at> entry=17643681, arg3=<optimized out>, arg4=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2820
#116 0x0000000000591379 in Fload (file=17644065, noerror=noerror <at> entry=
    11944514, nomessage=nomessage <at> entry=11944514, nosuffix=nosuffix <at> entry=
    11944514, must_suffix=<optimized out>, must_suffix <at> entry=11944514)
    at /h/j/w/co/emacs/trunk/src/lread.c:1256
#117 0x000000000049c1f8 in uniprop_table (prop=prop <at> entry=18794690)
    at /h/j/w/co/emacs/trunk/src/chartab.c:1333
#118 0x000000000049c239 in Funicode_property_table_internal (prop=18794690)
    at /h/j/w/co/emacs/trunk/src/chartab.c:1361
#119 0x000000000056c2ba in eval_sub (form=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2350
#120 0x000000000056c184 in eval_sub (form=form <at> entry=18684470)
    at /h/j/w/co/emacs/trunk/src/eval.c:2335
#121 0x000000000059082b in readevalloop (readcharfun=readcharfun <at> entry=
    18605285, stream=stream <at> entry=0x0, sourcename=19191473, sourcename <at> entry=
    19227537, printflag=0, unibyte=unibyte <at> entry=11944466, readfun=11944466,
    start=11944466, end=11944466) at /h/j/w/co/emacs/trunk/src/lread.c:1838
#122 0x0000000000590f2c in Feval_buffer (buffer=<optimized out>, printflag=
    11944466, filename=19227537, unibyte=11944466,
    do_allow_print=<optimized out>) at /h/j/w/co/emacs/trunk/src/lread.c:1899
#123 0x000000000056c262 in eval_sub (form=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2364
#124 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#125 0x000000000056f820 in Flet (args=13007382)
    at /h/j/w/co/emacs/trunk/src/eval.c:1120
#126 0x000000000056c450 in eval_sub (form=13007590)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#127 0x000000000056f595 in Funwind_protect (args=13006262)
    at /h/j/w/co/emacs/trunk/src/eval.c:1371
#128 0x000000000056c450 in eval_sub (form=13007606)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#129 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#130 0x000000000056fa40 in FletX (args=13008198)
    at /h/j/w/co/emacs/trunk/src/eval.c:1050
#131 0x000000000056c450 in eval_sub (form=13008630)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#132 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#133 0x000000000056c450 in eval_sub (form=13017334)
    at /h/j/w/co/emacs/trunk/src/eval.c:2298
#134 0x000000000056c697 in Fprogn (args=11926528)
    at /h/j/w/co/emacs/trunk/src/eval.c:364
#135 0x000000000056c9d2 in funcall_lambda (fun=13036246, nargs=nargs <at> entry=4,
    arg_vector=arg_vector <at> entry=0x7fffffffcd08)
    at /h/j/w/co/emacs/trunk/src/eval.c:3226
#136 0x000000000056cc9b in Ffuncall (nargs=nargs <at> entry=5, args=args <at> entry=
    0x7fffffffcd00) at /h/j/w/co/emacs/trunk/src/eval.c:3063
#137 0x000000000056d039 in call4 (fn=<optimized out>, arg1=arg1 <at> entry=19227537,
    arg2=arg2 <at> entry=19227537, arg3=<optimized out>, arg4=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2820
#138 0x0000000000591379 in Fload (file=19228673, noerror=11944466, nomessage=
    11944466, nosuffix=<optimized out>, must_suffix=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/lread.c:1256
#139 0x000000000056c262 in eval_sub (form=form <at> entry=11919446)
    at /h/j/w/co/emacs/trunk/src/eval.c:2364
#140 0x000000000059082b in readevalloop (readcharfun=12061058,
    stream=stream <at> entry=0xbb2830, sourcename=sourcename <at> entry=12264369,
    printflag=printflag <at> entry=0, unibyte=<optimized out>, readfun=11944466,
    start=11944466, end=11944466) at /h/j/w/co/emacs/trunk/src/lread.c:1838
#141 0x000000000059164f in Fload (file=12264113, noerror=<optimized out>,
    nomessage=11944466, nosuffix=<optimized out>, must_suffix=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/lread.c:1316
#142 0x000000000056c262 in eval_sub (form=form <at> entry=12200454)
    at /h/j/w/co/emacs/trunk/src/eval.c:2364
#143 0x000000000056eda8 in Feval (form=12200454, lexical=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/eval.c:2204
#144 0x000000000056b051 in internal_condition_case (bfun=bfun <at> entry=
    0x4f8c60 <top_level_2>, handlers=11996706, hfun=hfun <at> entry=
    0x4fa490 <cmd_error>) at /h/j/w/co/emacs/trunk/src/eval.c:1515
#145 0x00000000004f9196 in top_level_1 (ignore=ignore <at> entry=11944466)
    at /h/j/w/co/emacs/trunk/src/keyboard.c:1177
#146 0x000000000056af4b in internal_catch (tag=2459565876494606882,
    func=func <at> entry=0x4f9130 <top_level_1>, arg=11944466)
    at /h/j/w/co/emacs/trunk/src/eval.c:1272
#147 0x00000000004f9f47 in command_loop ()
    at /h/j/w/co/emacs/trunk/src/keyboard.c:1132
#148 recursive_edit_1 () at /h/j/w/co/emacs/trunk/src/keyboard.c:759
#149 0x00000000004fa28d in Frecursive_edit ()
    at /h/j/w/co/emacs/trunk/src/keyboard.c:823
#150 0x00000000004146dd in main (argc=5, argv=<optimized out>)
    at /h/j/w/co/emacs/trunk/src/emacs.c:1715

Lisp Backtrace:
"let" (0xffff89d8)
"if" (0xffff8ad8)
"let" (0xffff8c68)
"while" (0xffff8d88)
"let" (0xffff8f18)
"file-truename" (0xffff9050)
"file-name-as-directory" (0xffff9208)
"let" (0xffff9388)
"if" (0xffff9488)
"or" (0xffff9588)
"let" (0xffff9728)
"if" (0xffff9828)
"let" (0xffff99b8)
"while" (0xffff9ad8)
"let" (0xffff9c68)
"file-truename" (0xffff9da0)
"file-name-as-directory" (0xffff9f58)
"let" (0xffffa0d8)
"if" (0xffffa1d8)
"or" (0xffffa2d8)
"let" (0xffffa478)
"if" (0xffffa578)
"let" (0xffffa708)
"while" (0xffffa828)
"let" (0xffffa9b8)
"file-truename" (0xffffaaf0)
"file-name-as-directory" (0xffffaca8)
"let" (0xffffae28)
"if" (0xffffaf28)
"or" (0xffffb028)
"let" (0xffffb1c8)
"if" (0xffffb2c8)
"let" (0xffffb458)
"while" (0xffffb578)
"let" (0xffffb708)
"file-truename" (0xffffb8d8)
"eval-buffer" (0xffffba60)
"let" (0xffffbbc8)
"unwind-protect" (0xffffbcd8)
"let*" (0xffffbe28)
"if" (0xffffbf28)
"load-with-code-conversion" (0xffffc0f8)
"unicode-property-table-internal" (0xffffc390)
"map-char-table" (0xffffc448)
"eval-buffer" (0xffffc670)
"let" (0xffffc7d8)
"unwind-protect" (0xffffc8e8)
"let*" (0xffffca38)
"if" (0xffffcb38)
"load-with-code-conversion" (0xffffcd08)
"load" (0xffffcf70)
"load" (0xffffd2c0)
(gdb) p *ptr
Cannot access memory at address 0x2222222222222220
(gdb)

Reply sent to Jim Meyering <jim <at> meyering.net>:
You have taken responsibility. (Tue, 03 Apr 2012 16:28:02 GMT) Full text and rfc822 format available.

Notification sent to Jim Meyering <jim <at> meyering.net>:
bug acknowledged by developer. (Tue, 03 Apr 2012 16:28:03 GMT) Full text and rfc822 format available.

Message #10 received at 11144-done <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Emacs development discussions <emacs-devel <at> gnu.org>
Cc: 11144-done <at> debbugs.gnu.org
Subject: Re: bootstrap w/gcc-4.8.0 + nonzero MALLOC_PERTURB_ -> ./temacs
	segfault
Date: Tue, 03 Apr 2012 18:27:19 +0200

Jim Meyering wrote:
> Just a heads-up, since release is so near:
>
>     gcc-4.8.0 vs emacs+MALLOC_PERTURB_ = ./temacs segfault
>     http://debbugs.gnu.org/11144
>
> It would be a shame if gcc-4.8.0 (even test a release) were to
> fail to bootstrap emacs with MALLOC_PERTURB_ set to nonzero.

This seems to have been fixed, since with the latest from gcc/svn,
  git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk <at> 186106 138bc75d-0d04-0410-961f-82ee72b054a4
I can now bootstrap the latest emacs.

Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 10 Apr 2012 09:09:02 GMT) Full text and rfc822 format available.

Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#11144; Package emacs. (Tue, 10 Apr 2012 09:15:02 GMT) Full text and rfc822 format available.

Message #15 received at 11144 <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Emacs development discussions <emacs-devel <at> gnu.org>
Cc: 11144 <at> debbugs.gnu.org
Subject: Re: bootstrap w/gcc-4.8.0 + nonzero MALLOC_PERTURB_ -> ./temacs
	segfault
Date: Tue, 10 Apr 2012 11:13:13 +0200

Jim Meyering wrote:
> Jim Meyering wrote:
>> Just a heads-up, since release is so near:
>>
>>     gcc-4.8.0 vs emacs+MALLOC_PERTURB_ = ./temacs segfault
>>     http://debbugs.gnu.org/11144
>>
>> It would be a shame if gcc-4.8.0 (even test a release) were to
>> fail to bootstrap emacs with MALLOC_PERTURB_ set to nonzero.
>
> This seems to have been fixed, since with the latest from gcc/svn,
>   git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk <at> 186106
> 138bc75d-0d04-0410-961f-82ee72b054a4
> I can now bootstrap the latest emacs.

This has struck again, now using gcc version 4.8.0 20120406
I've reopened the bug.

Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#11144; Package emacs. (Tue, 10 Apr 2012 10:23:01 GMT) Full text and rfc822 format available.

Message #18 received at 11144 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Jim Meyering <jim <at> meyering.net>
Cc: 11144 <at> debbugs.gnu.org
Subject: Re: bootstrap w/gcc-4.8.0 + nonzero MALLOC_PERTURB_ ->
	./temacs	segfault
Date: Tue, 10 Apr 2012 13:19:50 +0300

> From: Jim Meyering <jim <at> meyering.net>
> Date: Tue, 10 Apr 2012 11:13:13 +0200
> Cc: 11144 <at> debbugs.gnu.org
> 
> Jim Meyering wrote:
> > Jim Meyering wrote:
> >> Just a heads-up, since release is so near:
> >>
> >>     gcc-4.8.0 vs emacs+MALLOC_PERTURB_ = ./temacs segfault
> >>     http://debbugs.gnu.org/11144
> >>
> >> It would be a shame if gcc-4.8.0 (even test a release) were to
> >> fail to bootstrap emacs with MALLOC_PERTURB_ set to nonzero.
> >
> > This seems to have been fixed, since with the latest from gcc/svn,
> >   git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk <at> 186106
> > 138bc75d-0d04-0410-961f-82ee72b054a4
> > I can now bootstrap the latest emacs.
> 
> This has struck again, now using gcc version 4.8.0 20120406
> I've reopened the bug.

Why should we consider this an Emacs bug?  Is there any evidence that
it's not a GCC bug, especially since it is coming and going depending
on GCC commits, and that you are using unreleased version of GCC?

P.S.  Please don't CC emacs-devel on bug reports, it causes problems
with the bug tracker, which sometimes creates bogus new bugs.

Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#11144; Package emacs. (Tue, 10 Apr 2012 11:09:02 GMT) Full text and rfc822 format available.

Message #21 received at 11144 <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 11144 <at> debbugs.gnu.org
Subject: Re: bootstrap w/gcc-4.8.0 + nonzero MALLOC_PERTURB_ ->
	./temacs	segfault
Date: Tue, 10 Apr 2012 13:07:27 +0200

Eli Zaretskii wrote:
>> From: Jim Meyering <jim <at> meyering.net>
>> Date: Tue, 10 Apr 2012 11:13:13 +0200
>> Cc: 11144 <at> debbugs.gnu.org
>>
>> Jim Meyering wrote:
>> > Jim Meyering wrote:
>> >> Just a heads-up, since release is so near:
>> >>
>> >>     gcc-4.8.0 vs emacs+MALLOC_PERTURB_ = ./temacs segfault
>> >>     http://debbugs.gnu.org/11144
>> >>
>> >> It would be a shame if gcc-4.8.0 (even test a release) were to
>> >> fail to bootstrap emacs with MALLOC_PERTURB_ set to nonzero.
>> >
>> > This seems to have been fixed, since with the latest from gcc/svn,
>> >   git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk <at> 186106
>> > 138bc75d-0d04-0410-961f-82ee72b054a4
>> > I can now bootstrap the latest emacs.
>>
>> This has struck again, now using gcc version 4.8.0 20120406
>> I've reopened the bug.
>
> Why should we consider this an Emacs bug?  Is there any evidence that
> it's not a GCC bug, especially since it is coming and going depending
> on GCC commits, and that you are using unreleased version of GCC?

I do not know enough about this to claim it is due to a bug in gcc or in
emacs.  However, note that this report shows a probable use of freed memory
in temacs, and that generally implicates the application, not the compiler.

One additional data point: I've just built today's gcc version 4.8.0 20120410,
and have used it to bootstrap emacs(trunk) four times with no such failure.

Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#11144; Package emacs. (Tue, 10 Apr 2012 16:39:02 GMT) Full text and rfc822 format available.

Message #24 received at 11144 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Jim Meyering <jim <at> meyering.net>
Cc: 11144 <at> debbugs.gnu.org
Subject: Re: bootstrap w/gcc-4.8.0 + nonzero MALLOC_PERTURB_ -> ./temacs
	segfault
Date: Tue, 10 Apr 2012 09:36:53 -0700

On 04/10/2012 02:13 AM, Jim Meyering wrote:

> This has struck again, now using gcc version 4.8.0 20120406
> I've reopened the bug.

This is in an area of Emacs code that is sensitive to
minor details in how the C compiler works, and it's
quite possible that the bug is in Emacs, not in GCC.
Certainly I've seen similar tracebacks which came
from Emacs bugs.

If you're bisecting, you might want to look at Emacs
trunk bzr 107789, which I committed three days ago, and
which affects this part of the code.  I don't offhand
see why it would cause the problem (though perhaps
it might *fix* the problem :-).

Merged 11144 11662. Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Sat, 09 Jun 2012 23:51:02 GMT) Full text and rfc822 format available.

Disconnected #11144 from all other report(s). Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Sun, 10 Jun 2012 04:38:02 GMT) Full text and rfc822 format available.

Forcibly Merged 8388 11144 11662. Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Fri, 08 Feb 2013 00:50:02 GMT) Full text and rfc822 format available.

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 08 Mar 2013 12:24:04 GMT) Full text and rfc822 format available.

This bug report was last modified 11 years and 45 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #11144 temacs segfaults w/MALLOC_PERTURB_!=0 when compiling with gcc-4.8.0

GNU bug report logs - #11144
temacs segfaults w/MALLOC_PERTURB_!=0 when compiling with gcc-4.8.0