GNU bug report logs - #61896
30.0.50; Emacs crashes because of an invalid free

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs; Reported by: Philip Kaludercic <philipk@HIDDEN>; dated Wed, 1 Mar 2023 20:26:02 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 3 Mar 2023 10:53:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 03 05:53:53 2023
Received: from localhost ([127.0.0.1]:59731 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pY32u-0007YT-JV
	for submit <at> debbugs.gnu.org; Fri, 03 Mar 2023 05:53:53 -0500
Received: from sender11-pp-o91.zoho.eu ([31.186.226.249]:25226)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rahguzar@HIDDEN>) id 1pY32s-0007YH-Dt
 for 61896 <at> debbugs.gnu.org; Fri, 03 Mar 2023 05:53:51 -0500
ARC-Seal: i=1; a=rsa-sha256; t=1677840825; cv=none; d=zohomail.eu; s=zohoarc; 
 b=VqJx6AIPFUk2HbFQ6ecgEAeuUeS59MUP8np2MmwE1w4xgIdZDYCw+KSLW9XHh9GzXFtdvRKmr1Yw/ItUFjc5qBkCtNdawbcZHi8+fb/LYEC4Rb7R3H9je+rHrIG+xYEENUPgjK9UGQz6vb+fRss2KE9BUPg99bLMz/qD0g96Mtg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu;
 s=zohoarc; t=1677840825;
 h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To;
 bh=ohh7L3hmwopJBLVSTMfD1dmghf3X4c4zN7GoKbjMvzU=; 
 b=UuWLyZtHzE+aw5JJwfMXmdN86qA1ugXk+py3jKL3TD3gLdWM93Dt4YrqmlkHoNTXl3VvGQEqk21Ai7PesgDhOpLygxTDihHjNIEyBdlGkc8c0y4ms3LE8Ua6VHRik3HbPQBaxSqzJcrGLBtX/5qR7jRedziBNVPXSAa47719Meo=
ARC-Authentication-Results: i=1; mx.zohomail.eu;
 dkim=pass  header.i=zohomail.eu;
 spf=pass  smtp.mailfrom=rahguzar@HIDDEN;
 dmarc=pass header.from=<rahguzar@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1677840825; 
 s=zoho; d=zohomail.eu; i=rahguzar@HIDDEN;
 h=References:From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:In-reply-to:Message-ID:MIME-Version:Content-Type:Message-Id:Reply-To;
 bh=ohh7L3hmwopJBLVSTMfD1dmghf3X4c4zN7GoKbjMvzU=;
 b=tbPvwIZdkf8pwSJ4Rmb5oGbJhN8RTjHrQhG6Gs8rEThK5V5vaZgXR9i767kRbAmc
 jwDXfO7ayzaH2wvf1Umt/YLpDouNt55t3+JubY9JMsk+Pgf7bgdQcj7z2PZPFlUeMcS
 I6Lts10lxQ2aQsIucDx9+r8qcF4Ip2k7PvArDPHI=
Received: from localhost (emp-51-33.eduroam.uu.se [130.238.51.33]) by
 mx.zoho.eu with SMTPS id 1677840823122698.0264240198721;
 Fri, 3 Mar 2023 11:53:43 +0100 (CET)
References: <87cz5rctz2.fsf@HIDDEN> <87356n2zen.fsf@HIDDEN>
User-agent: mu4e 1.8.13; emacs 29.0.60
From: Rah Guzar <rahguzar@HIDDEN>
To: Philip Kaludercic <philipk@HIDDEN>
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
Date: Fri, 03 Mar 2023 11:51:22 +0100
In-reply-to: <87356n2zen.fsf@HIDDEN>
Message-ID: <871qm6hzre.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 61896
Cc: 61896 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

I have never used gdb before so I will need to figure that out. I am traveling
today so this will not happen before Monday or Tuesday. But I will try it
sometime next week.


Philip Kaludercic <philipk@HIDDEN> writes:

> Rah Guzar <rahguzar@HIDDEN> writes:
>
>> I encountered something very similar today after updating emacs.
>> In my case the crash was caused by trying to read an email from mu4e,
>> which I have installed as a systems package.
>>
>> Like you I could everything worked fine with `emacs -Q`. After adding,
>> mu4e to the load path, I could load it and read messages successfully.
>> But with my own configuration it crashed even after removing all mu4e
>> related settings from my config. Emacs crashed and I could see the
>> following on the terminal I launched it from
>>
>> free(): invalid pointer
>> Fatal error 6: Aborted
>>
>> along with a backtrace.
>
> This was exactly the issue I had, though in my case the byte code was
> not from a site directory.
>
> Could you start Emacs using GDB print and run the xbacktrace command
> that is defined in emacs.git's src/.gdbinit file (I believe this is best
> done by starting GDB within the src directory)?
>
>> After finding this thread, I copied the mu4e lisp files to a directory
>> writable by me and byte compiled those. Adding this directory to load-path
>> has fixed my problem.
>>
>> I think the distro provided elc files were compiled by Emacs 28
>> and I am using a build of emacs 29 and some incompatible change
>> recently caused this problem.
>>
>> For now, my fix works but is there a good way to deal with possibly
>> incompatible bytecode in site-lisp directory?
>>
>> Rah Guzar
>>
>> Philip Kaludercic <philipk@HIDDEN> writes:
>>
>>> Emacs just crashes out of nowhere, e.g. after I open a my init file.
>>>
>>> I have had this device for a while on a device of mine, that I couldn't
>>> reproduce on my main workstation or using emacs -Q.  Apparently this
>>> could be related to some faulty byte-code.
>>>
>>> The best I could do to detect this issue was to build Emacs using
>>> -fsanitize=address and I managed to reprodce the issue reliably by
>>> invoking package-recompile-all.  I collected the following log:
>>>
>>>
>>>
>>> I ran the same command in batch mode, and now the issue appears to be
>>> fixed.  This gives me no reassurance, as a few days ago the I had
>>> temporary managed to acchive the same state and then Emacs crashed again
>>> after rebuilding again.
>>>
>>> In GNU Emacs 30.0.50 (build 4, x86_64-pc-linux-gnu, GTK+ Version
>>>  3.24.36, cairo version 1.16.0) of 2023-03-01 built on quetzal
>>> Repository revision: 4b99015e15a23bd5cbec021d53ef9fcca25b2441
>>> Repository branch: master
>>> System Description: Debian GNU/Linux bookworm/sid
>>>
>>> Configured using:
>>>  'configure --with-pgtk 'CFLAGS=-O0 -ggdb3 -fsanitize=address''
>>>
>>> Configured features:
>>> ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
>>> JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 MODULES NOTIFY INOTIFY
>>> PDUMPER PGTK PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
>>> TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM GTK3 ZLIB
>>>
>>> Important settings:
>>>   value of $LC_MONETARY: en_US.UTF-8
>>>   value of $LC_NUMERIC: en_US.UTF-8
>>>   value of $LC_TIME: en_US.UTF-8
>>>   value of $LANG: en_US.UTF-8
>>>   value of $XMODIFIERS: @im=ibus
>>>   locale-coding-system: utf-8-unix
>>>
>>> Major mode: ELisp/l
>>>
>>> Minor modes in effect:
>>>   tooltip-mode: t
>>>   global-eldoc-mode: t
>>>   eldoc-mode: t
>>>   show-paren-mode: t
>>>   electric-indent-mode: t
>>>   mouse-wheel-mode: t
>>>   tool-bar-mode: t
>>>   menu-bar-mode: t
>>>   file-name-shadow-mode: t
>>>   global-font-lock-mode: t
>>>   font-lock-mode: t
>>>   blink-cursor-mode: t
>>>   line-number-mode: t
>>>   transient-mark-mode: t
>>>   auto-composition-mode: t
>>>   auto-encryption-mode: t
>>>   auto-compression-mode: t
>>>
>>> Load-path shadows:
>>> None found.
>>>
>>> Features:
>>> (shadow sort emacsbug mail-extr message mailcap yank-media puny dired
>>> dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
>>> epg-config gnus-util text-property-search time-date subr-x mm-decode
>>> mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
>>> sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils
>>> cus-edit pp cus-start cus-load icons wid-edit misearch multi-isearch
>>> vc-git diff-mode easy-mmode vc-dispatcher cl-loaddefs cl-lib rmc
>>> iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook
>>> vc-hooks lisp-float-type elisp-mode mwheel term/pgtk-win pgtk-win
>>> term/common-win pgtk-dnd tool-bar dnd fontset image regexp-opt fringe
>>> tabulated-list replace newcomment text-mode lisp-mode prog-mode register
>>> page tab-bar menu-bar rfn-eshadow isearch easymenu timer select
>>> scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors
>>> frame minibuffer nadvice seq simple cl-generic indonesian philippine
>>> cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
>>> korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
>>> european ethiopic indian cyrillic chinese composite emoji-zwj charscript
>>> charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
>>> cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp
>>> files window text-properties overlay sha1 md5 base64 format env
>>> code-pages mule custom widget keymap hashtable-print-readable backquote
>>> threads dbusbind inotify dynamic-setting system-font-setting
>>> font-render-setting cairo gtk pgtk lcms2 multi-tty make-network-process
>>> emacs)
>>>
>>> Memory information:
>>> ((conses 16 65648 11383)
>>>  (symbols 48 7380 0)
>>>  (strings 32 19680 1617)
>>>  (string-bytes 1 540967)
>>>  (vectors 16 12795)
>>>  (vector-slots 8 182734 13738)
>>>  (floats 8 32 68)
>>>  (intervals 56 625 8)
>>>  (buffers 984 13))




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 2 Mar 2023 17:41:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 12:41:41 2023
Received: from localhost ([127.0.0.1]:58318 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXmw1-00083Y-Kw
	for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:41:41 -0500
Received: from mout02.posteo.de ([185.67.36.66]:37425)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <philipk@HIDDEN>) id 1pXmw0-00083I-2P
 for 61896 <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:41:40 -0500
Received: from submission (posteo.de [185.67.36.169]) 
 by mout02.posteo.de (Postfix) with ESMTPS id 218C7240717
 for <61896 <at> debbugs.gnu.org>; Thu,  2 Mar 2023 18:41:31 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1677778894; bh=WrL5iyLO1Cs0UKsepxC42d7CxE0k5QTuqS2roZPV61I=;
 h=From:To:Cc:Subject:Date:From;
 b=IvBh17eA04VwNuHBL+2IvJB9X2npNKA83+L+zz+DjwcixaNIN+GJOo3uqrJlAahoj
 xQO+fI6Ix4aTJgaTRh+fTVH5BUTv+pIXbgBN779LqfTs4IOs+OwKJsdb145boGnio9
 Sx/kYua8o4H0QUo7epYb4hzKJsB81X4f7My/oTpfgq7JZ67hYTa48i3v9mgBMimsCK
 zyLUMXCyDWAhQt3fwL9RSKHzA25pCqyU4M6A7SOnSH/5elhllQ/jaebM97+mr1DPPT
 +Kj6ui+sVh1rb4uusTq5h47Hlr4er4qK5V+s+Wck3162dXjogEZAl7RpGiLiUxvvqo
 Zrdxcc+nV7CNw==
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4PSJLf4XnFz9rxN;
 Thu,  2 Mar 2023 18:41:30 +0100 (CET)
From: Philip Kaludercic <philipk@HIDDEN>
To: Mattias =?utf-8?Q?Engdeg=C3=A5rd?= <mattiase@HIDDEN>
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
In-Reply-To: <D35371A6-8A03-42C6-BBB9-562673FB6D20@HIDDEN> ("Mattias
 =?utf-8?Q?Engdeg=C3=A5rd=22's?= message of "Thu, 2 Mar 2023 16:21:12
 +0100")
References: <87fsaoqkwo.fsf@HIDDEN> <83zg8vel1t.fsf@HIDDEN>
 <875ybjcz4t.fsf@HIDDEN>
 <981CDB22-6430-44B5-8316-BD8268B22C83@HIDDEN>
 <D35371A6-8A03-42C6-BBB9-562673FB6D20@HIDDEN>
Date: Thu, 02 Mar 2023 17:41:50 +0000
Message-ID: <87bklb125d.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 61896
Cc: Rah Guzar <rahguzar@HIDDEN>, Eli Zaretskii <eliz@HIDDEN>,
 61896 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Mattias Engdeg=C3=A5rd <mattiase@HIDDEN> writes:

>> These checks do not audit the specpdl balance directly but that would be=
 something to add if you don't make further progress.
>
> You could try this patch if you build with --enable-checking=3Dall:

As I mentioned in my other response, I cannot reproduce the issue for
now.  Rah mentioned that he still has the files that caused the issue,
so perhaps he can help?




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 2 Mar 2023 15:21:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 10:21:22 2023
Received: from localhost ([127.0.0.1]:58109 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXkkD-0004Ex-Up
	for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 10:21:22 -0500
Received: from mail18c50.megamailservers.eu ([91.136.10.28]:45540)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mattiase@HIDDEN>) id 1pXkkB-0004Eo-S9
 for 61896 <at> debbugs.gnu.org; Thu, 02 Mar 2023 10:21:21 -0500
X-Authenticated-User: mattiase@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=megamailservers.eu;
 s=maildub; t=1677770477;
 bh=EDSeKI4ZruDr37tKngpWhICCPY7WSf1b0SQC7HiJIog=;
 h=From:Subject:Date:In-Reply-To:Cc:To:References:From;
 b=eowyyRHvtlKhsZSU8XRn7y/gflANHOrb5/QNwk8yr7FP5jwyrXmwNYFWpG2pmYX+1
 jzhrwSo5uVNXKDlTvRmjQ/if5xiatPLxWwhDm0qC01n3DgIQkXc32Y2WLibrur/5gl
 9fIjKyDETijTxhoONIixVsWS1ecNQymri8jhfgfc=
Feedback-ID: mattiase@HIDDEN
Received: from smtpclient.apple (c188-150-171-209.bredband.tele2.se
 [188.150.171.209]) (authenticated bits=0)
 by mail18c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 322FLDm7028042; 
 Thu, 2 Mar 2023 15:21:15 +0000
From: =?utf-8?Q?Mattias_Engdeg=C3=A5rd?= <mattiase@HIDDEN>
Message-Id: <D35371A6-8A03-42C6-BBB9-562673FB6D20@HIDDEN>
Content-Type: multipart/mixed;
 boundary="Apple-Mail=_8448328E-B3B4-4A75-AF6F-277859A7355F"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.14\))
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
Date: Thu, 2 Mar 2023 16:21:12 +0100
In-Reply-To: <981CDB22-6430-44B5-8316-BD8268B22C83@HIDDEN>
To: Philip Kaludercic <philipk@HIDDEN>
References: <87fsaoqkwo.fsf@HIDDEN> <83zg8vel1t.fsf@HIDDEN>
 <875ybjcz4t.fsf@HIDDEN> <981CDB22-6430-44B5-8316-BD8268B22C83@HIDDEN>
X-Mailer: Apple Mail (2.3654.120.0.1.14)
X-VADE-SPAMSTATE: clean
X-VADE-SPAMSCORE: -100
X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvhedrudeljedgjeefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecujffquffvqffrkfetpdfqfgfvpdfgpfggqdevhedtnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhkfgtggfuffgjvefvfhfosehmtdhmrehhtddvnecuhfhrohhmpeforghtthhirghsucfgnhhguggvghonrhguuceomhgrthhtihgrshgvsegrtghmrdhorhhgqeenucggtffrrghtthgvrhhnpeeiuddvteeuteduleegueektdeguddvgeefteejkedvhedtlefhvdfgheeigeeuheenucfkphepudekkedrudehtddrudejuddrvddtleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedukeekrdduhedtrddujedurddvtdelpdhhvghlohepshhmthhptghlihgvnhhtrdgrphhplhgvpdhmrghilhhfrhhomhepmhgrthhtihgrshgvsegrtghmrdhorhhgpdhnsggprhgtphhtthhopeefpdhrtghpthhtohepphhhihhlihhpkhesphhoshhtvghordhnvghtpdhrtghpthhtohepvghlihiisehgnhhurdhorhhgpdhrtghpthhtohepiedukeelieesuggvsggsuhhgshdrghhnuhdrohhrgh
X-Origin-Country: SE
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 61896
Cc: Eli Zaretskii <eliz@HIDDEN>, 61896 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)


--Apple-Mail=_8448328E-B3B4-4A75-AF6F-277859A7355F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

> These checks do not audit the specpdl balance directly but that would =
be something to add if you don't make further progress.

You could try this patch if you build with --enable-checking=3Dall:


--Apple-Mail=_8448328E-B3B4-4A75-AF6F-277859A7355F
Content-Disposition: attachment;
	filename=bytecode-specpdl-depth-check.diff
Content-Type: application/octet-stream;
	x-unix-mode=0644;
	name="bytecode-specpdl-depth-check.diff"
Content-Transfer-Encoding: 7bit

diff --git a/src/bytecode.c b/src/bytecode.c
index 74a94859aba..8f30fa55829 100644
--- a/src/bytecode.c
+++ b/src/bytecode.c
@@ -382,6 +382,9 @@ #define BC_STACK_SIZE (512 * 1024 * sizeof (Lisp_Object))
   const unsigned char *saved_pc;    /* previous program counter */
 
   Lisp_Object fun;                  /* current function object */
+#ifdef ENABLE_CHECKING
+  specpdl_ref entry_specpdl_depth;  /* specpdl depth at function entry */
+#endif
 
   Lisp_Object next_stack[];	    /* data stack of next frame */
 };
@@ -484,10 +487,6 @@ exec_byte_code (Lisp_Object fun, ptrdiff_t args_template,
  setup_frame: ;
   eassert (!STRING_MULTIBYTE (bytestr));
   eassert (string_immovable_p (bytestr));
-  /* FIXME: in debug mode (!NDEBUG, BYTE_CODE_SAFE or enabled checking),
-     save the specpdl index on function entry and check that it is the same
-     when returning, to detect unwind imbalances.  This would require adding
-     a field to the frame header.  */
 
   Lisp_Object vector = AREF (fun, COMPILED_CONSTANTS);
   Lisp_Object maxdepth = AREF (fun, COMPILED_STACK_DEPTH);
@@ -511,6 +510,9 @@ exec_byte_code (Lisp_Object fun, ptrdiff_t args_template,
   fp->saved_pc = pc;
   fp->saved_fp = bc->fp;
   bc->fp = fp;
+#ifdef ENABLE_CHECKING
+  fp->entry_specpdl_depth = SPECPDL_INDEX ();
+#endif
 
   top = frame_base - 1;
   unsigned char const *bytestr_data = SDATA (bytestr);
@@ -878,6 +880,8 @@ #define DEFINE(name, value) [name] = &&insn_ ## name,
 
 	CASE (Breturn):
 	  {
+	    eassert (specpdl_ref_eq (bc->fp->entry_specpdl_depth,
+				     SPECPDL_INDEX ()));
 	    Lisp_Object *saved_top = bc->fp->saved_top;
 	    if (saved_top)
 	      {

--Apple-Mail=_8448328E-B3B4-4A75-AF6F-277859A7355F--




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 2 Mar 2023 12:20:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 07:20:20 2023
Received: from localhost ([127.0.0.1]:56024 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXhv2-0003sC-EX
	for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 07:20:20 -0500
Received: from mail1451c50.megamailservers.eu ([91.136.14.51]:32988
 helo=mail266c50.megamailservers.eu)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mattiase@HIDDEN>) id 1pXhuy-0003rr-R3
 for 61896 <at> debbugs.gnu.org; Thu, 02 Mar 2023 07:20:18 -0500
X-Authenticated-User: mattiase@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=megamailservers.eu;
 s=maildub; t=1677759610;
 bh=GrIhotebMDhM+05vLF/zLvWta/4iVBhw9VG9KFdlPfc=;
 h=Subject:From:In-Reply-To:Date:Cc:References:To:From;
 b=d5GS+rIsdIH2R8uGD4eLNkct4qu3JeloTiPvIMwM+7XfqlrT3JsIsoXgRCVHlhKQT
 1y+5PBEZI04ZzXQQ8RpXzFCK+ZGn+k+iwnJyfyc2P+pp4FLE/XQ7D68by+rswRcNrv
 +M0byV3m0Q4AGc7ERL9MADKw76nF8GWEnZqMF1zU=
Feedback-ID: mattiase@HIDDEN
Received: from smtpclient.apple (c188-150-171-209.bredband.tele2.se
 [188.150.171.209]) (authenticated bits=0)
 by mail266c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 322CK418008229; 
 Thu, 2 Mar 2023 12:20:06 +0000
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.14\))
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
From: =?utf-8?Q?Mattias_Engdeg=C3=A5rd?= <mattiase@HIDDEN>
In-Reply-To: <875ybjcz4t.fsf@HIDDEN>
Date: Thu, 2 Mar 2023 13:20:03 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <981CDB22-6430-44B5-8316-BD8268B22C83@HIDDEN>
References: <87fsaoqkwo.fsf@HIDDEN> <83zg8vel1t.fsf@HIDDEN>
 <875ybjcz4t.fsf@HIDDEN>
To: Philip Kaludercic <philipk@HIDDEN>
X-Mailer: Apple Mail (2.3654.120.0.1.14)
X-VADE-SPAMSTATE: clean
X-VADE-SPAMSCORE: -100
X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvhedrudeljedgfeejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecujffquffvqffrkfetpdfqfgfvpdfgpfggqdevhedtnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpegtggfuhfgjffevgffkfhfvofesthhqmhdthhdtvdenucfhrhhomhepofgrthhtihgrshcugfhnghguvghgnohrugcuoehmrghtthhirghsvgesrggtmhdrohhrgheqnecuggftrfgrthhtvghrnhepveekffdujefhkeehvdfgffeikefghfefvdekueffleegfeekueelhfejieefkefgnecukfhppedukeekrdduhedtrddujedurddvtdelnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepudekkedrudehtddrudejuddrvddtledphhgvlhhopehsmhhtphgtlhhivghnthdrrghpphhlvgdpmhgrihhlfhhrohhmpehmrghtthhirghsvgesrggtmhdrohhrghdpnhgspghrtghpthhtohepfedprhgtphhtthhopehphhhilhhiphhksehpohhsthgvohdrnhgvthdprhgtphhtthhopegvlhhiiiesghhnuhdrohhrghdprhgtphhtthhopeeiudekleeiseguvggssghughhsrdhgnhhurdhorhhg
X-Origin-Country: SE
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 61896
Cc: Eli Zaretskii <eliz@HIDDEN>, 61896 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

2 mars 2023 kl. 09.53 skrev Philip Kaludercic <philipk@HIDDEN>:

>> Byte-code saw quite a bit of changes on master.  Adding Mattias in
>> case he has some ideas.
>=20
> =46rom what I recall, the address being freed was on the stack.  How =
does
> the byte-code interpreter behave when the input is broken?  Is there
> some way of validating if the byte-code is "coherent"?  If I manually
> modify the byte code and replace random bytes, is the interpreter
> written to expect this kind of issue?

The very first thing is to make sure you don't have any lingering *.elc =
files generated during the period of incompatibility regarding =
`save-restriction`. That issue should have been resolved by now; let's =
not chase ghosts. The indication of a specpdl imbalance does point to =
this being a possible cause.

The byte-code interpreter normally assumes the code to be correct and =
performs few checks since every cycle counts here. There are some =
additional checks to be enabled: the general --enable-checking=3Dall, =
and/or compiling with -DBYTE_CODE_SAFE=3D1 (or just adding

#define BYTE_CODE_SAFE 1

early in bytecode.c, which is what I tend to do).

These checks do not audit the specpdl balance directly but that would be =
something to add if you don't make further progress.





Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 2 Mar 2023 10:58:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 05:58:00 2023
Received: from localhost ([127.0.0.1]:55942 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXgdM-0001aR-57
	for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 05:58:00 -0500
Received: from mout01.posteo.de ([185.67.36.65]:49163)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <philipk@HIDDEN>) id 1pXgdK-0001aC-0h
 for 61896 <at> debbugs.gnu.org; Thu, 02 Mar 2023 05:57:59 -0500
Received: from submission (posteo.de [185.67.36.169]) 
 by mout01.posteo.de (Postfix) with ESMTPS id ECC5B240609
 for <61896 <at> debbugs.gnu.org>; Thu,  2 Mar 2023 11:57:49 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1677754672; bh=hsWIBBRuMg0ybzfHXFzLeLCrL/xEqjA6kec7I+8cNYo=;
 h=From:To:Cc:Subject:Date:From;
 b=K0rSFZm6ecT2sRzaCe9GKn2IVolEH8pnzSxA5wZ17GTMae+qzZnLUJj3yTtcO1ZdR
 WPVdLg31HW+txeOo8Qo3WZcOS4hYO8w3oVoj+MgF8c7KgW8+mX5rgSSJjoE2LxDObS
 N0to25sIo2Gsbami3xba7SLLzUeeCrpwxCq1oOAIVdgudgEkpiPse5dVHQjlrNE+z0
 +T+rZFnzFpwIuh/Vap5r17qU2yW6UTSN/PvxWG1NqOOm356M4jhpG8BuJGgtIIILeb
 zmzsJx16MWwqStmn4iocx7QszY7N1Bu4yqWIiXEKKtLxdnhUA4SbuQmm6F9/PfqKMn
 UulGmv6zxAXGA==
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4PS7Ns0RFNz9rxM;
 Thu,  2 Mar 2023 11:57:48 +0100 (CET)
From: Philip Kaludercic <philipk@HIDDEN>
To: Rah Guzar <rahguzar@HIDDEN>
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
In-Reply-To: <87cz5rctz2.fsf@HIDDEN> (Rah Guzar's message of "Thu, 02 Mar
 2023 11:30:40 +0100")
References: <87cz5rctz2.fsf@HIDDEN>
Date: Thu, 02 Mar 2023 10:58:08 +0000
Message-ID: <87356n2zen.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 61896
Cc: 61896 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Rah Guzar <rahguzar@HIDDEN> writes:

> I encountered something very similar today after updating emacs.
> In my case the crash was caused by trying to read an email from mu4e,
> which I have installed as a systems package.
>
> Like you I could everything worked fine with `emacs -Q`. After adding,
> mu4e to the load path, I could load it and read messages successfully.
> But with my own configuration it crashed even after removing all mu4e
> related settings from my config. Emacs crashed and I could see the
> following on the terminal I launched it from
>
> free(): invalid pointer
> Fatal error 6: Aborted
>
> along with a backtrace.

This was exactly the issue I had, though in my case the byte code was
not from a site directory.

Could you start Emacs using GDB print and run the xbacktrace command
that is defined in emacs.git's src/.gdbinit file (I believe this is best
done by starting GDB within the src directory)?

> After finding this thread, I copied the mu4e lisp files to a directory
> writable by me and byte compiled those. Adding this directory to load-path
> has fixed my problem.
>
> I think the distro provided elc files were compiled by Emacs 28
> and I am using a build of emacs 29 and some incompatible change
> recently caused this problem.
>
> For now, my fix works but is there a good way to deal with possibly
> incompatible bytecode in site-lisp directory?
>
> Rah Guzar
>
> Philip Kaludercic <philipk@HIDDEN> writes:
>
>> Emacs just crashes out of nowhere, e.g. after I open a my init file.
>>
>> I have had this device for a while on a device of mine, that I couldn't
>> reproduce on my main workstation or using emacs -Q.  Apparently this
>> could be related to some faulty byte-code.
>>
>> The best I could do to detect this issue was to build Emacs using
>> -fsanitize=address and I managed to reprodce the issue reliably by
>> invoking package-recompile-all.  I collected the following log:
>>
>>
>>
>> I ran the same command in batch mode, and now the issue appears to be
>> fixed.  This gives me no reassurance, as a few days ago the I had
>> temporary managed to acchive the same state and then Emacs crashed again
>> after rebuilding again.
>>
>> In GNU Emacs 30.0.50 (build 4, x86_64-pc-linux-gnu, GTK+ Version
>>  3.24.36, cairo version 1.16.0) of 2023-03-01 built on quetzal
>> Repository revision: 4b99015e15a23bd5cbec021d53ef9fcca25b2441
>> Repository branch: master
>> System Description: Debian GNU/Linux bookworm/sid
>>
>> Configured using:
>>  'configure --with-pgtk 'CFLAGS=-O0 -ggdb3 -fsanitize=address''
>>
>> Configured features:
>> ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
>> JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 MODULES NOTIFY INOTIFY
>> PDUMPER PGTK PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
>> TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM GTK3 ZLIB
>>
>> Important settings:
>>   value of $LC_MONETARY: en_US.UTF-8
>>   value of $LC_NUMERIC: en_US.UTF-8
>>   value of $LC_TIME: en_US.UTF-8
>>   value of $LANG: en_US.UTF-8
>>   value of $XMODIFIERS: @im=ibus
>>   locale-coding-system: utf-8-unix
>>
>> Major mode: ELisp/l
>>
>> Minor modes in effect:
>>   tooltip-mode: t
>>   global-eldoc-mode: t
>>   eldoc-mode: t
>>   show-paren-mode: t
>>   electric-indent-mode: t
>>   mouse-wheel-mode: t
>>   tool-bar-mode: t
>>   menu-bar-mode: t
>>   file-name-shadow-mode: t
>>   global-font-lock-mode: t
>>   font-lock-mode: t
>>   blink-cursor-mode: t
>>   line-number-mode: t
>>   transient-mark-mode: t
>>   auto-composition-mode: t
>>   auto-encryption-mode: t
>>   auto-compression-mode: t
>>
>> Load-path shadows:
>> None found.
>>
>> Features:
>> (shadow sort emacsbug mail-extr message mailcap yank-media puny dired
>> dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
>> epg-config gnus-util text-property-search time-date subr-x mm-decode
>> mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
>> sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils
>> cus-edit pp cus-start cus-load icons wid-edit misearch multi-isearch
>> vc-git diff-mode easy-mmode vc-dispatcher cl-loaddefs cl-lib rmc
>> iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook
>> vc-hooks lisp-float-type elisp-mode mwheel term/pgtk-win pgtk-win
>> term/common-win pgtk-dnd tool-bar dnd fontset image regexp-opt fringe
>> tabulated-list replace newcomment text-mode lisp-mode prog-mode register
>> page tab-bar menu-bar rfn-eshadow isearch easymenu timer select
>> scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors
>> frame minibuffer nadvice seq simple cl-generic indonesian philippine
>> cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
>> korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
>> european ethiopic indian cyrillic chinese composite emoji-zwj charscript
>> charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
>> cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp
>> files window text-properties overlay sha1 md5 base64 format env
>> code-pages mule custom widget keymap hashtable-print-readable backquote
>> threads dbusbind inotify dynamic-setting system-font-setting
>> font-render-setting cairo gtk pgtk lcms2 multi-tty make-network-process
>> emacs)
>>
>> Memory information:
>> ((conses 16 65648 11383)
>>  (symbols 48 7380 0)
>>  (strings 32 19680 1617)
>>  (string-bytes 1 540967)
>>  (vectors 16 12795)
>>  (vector-slots 8 182734 13738)
>>  (floats 8 32 68)
>>  (intervals 56 625 8)
>>  (buffers 984 13))




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 2 Mar 2023 10:45:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 05:45:30 2023
Received: from localhost ([127.0.0.1]:55915 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXgRF-0001Da-WC
	for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 05:45:30 -0500
Received: from sender11-pp-o93.zoho.eu ([31.186.226.251]:25811)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rahguzar@HIDDEN>) id 1pXgRD-0001DQ-VJ
 for 61896 <at> debbugs.gnu.org; Thu, 02 Mar 2023 05:45:28 -0500
ARC-Seal: i=1; a=rsa-sha256; t=1677753924; cv=none; d=zohomail.eu; s=zohoarc; 
 b=SBoAnPVYqff5ovKMC/TE8LOYbUC6aTYUKr17Fj79FPvIeJGJ0J3f4i/Z8GbfwqjOK6edqsgjdUUEZJuPMGMconMiyL3/ACbcmaZfbspA2VaQPJGzOLgyVxPtC8zT5Gky2sIsDhvQBukKQ9uLMj1bmdCu6oOei94nKeYHEw5ZK9M=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu;
 s=zohoarc; 
 t=1677753924; h=Content-Type:Cc:Date:From:MIME-Version:Message-ID:Subject:To; 
 bh=iFlIBgLF+U8zVwzwmtWQyOeICq8ddAYRQDE4t0V8DEg=; 
 b=hdBlt4ECZZtBETMlNp/QT71dAhQvdqSrkun+LJFSA7TDyU+TuI0BSGLTdaT14Fq4zti+FySP3erIuhNAnBEQp1rB7ko0revrM8EdkvfVds3OjFiQ1mcgq/FD3IRfIf1gzJQaWnuafte3pUjyF0vnHCi5r2NepFvs9IlpELxdWpg=
ARC-Authentication-Results: i=1; mx.zohomail.eu;
 dkim=pass  header.i=zohomail.eu;
 spf=pass  smtp.mailfrom=rahguzar@HIDDEN;
 dmarc=pass header.from=<rahguzar@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1677753924; 
 s=zoho; d=zohomail.eu; i=rahguzar@HIDDEN;
 h=From:From:To:To:Subject:Subject:Date:Date:CC:Message-ID:MIME-Version:Content-Type:Message-Id:Reply-To:Cc;
 bh=iFlIBgLF+U8zVwzwmtWQyOeICq8ddAYRQDE4t0V8DEg=;
 b=umKrN3Gs/WUwrFg1tRX4mL33kOu+z6tvSzaaNkN9zlGGkThFNRu/TDNQKeRNb7mz
 FPqtUcBykzBl5eWfeqiLh55roGUDooduB/rUukoD3r6g9/T8jM817O5Gg1saVv2lmw3
 RW/Y0T4Ey81dZVBLTQv95CzThqrSHlv19GXOv1ZA=
Received: from localhost (emp-49-17.eduroam.uu.se [130.238.49.17]) by
 mx.zoho.eu with SMTPS id 1677753922965365.9358038545871;
 Thu, 2 Mar 2023 11:45:22 +0100 (CET)
User-agent: mu4e 1.8.13; emacs 29.0.60
From: Rah Guzar <rahguzar@HIDDEN>
To: 61896 <at> debbugs.gnu.org
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
Date: Thu, 02 Mar 2023 11:30:40 +0100
Message-ID: <87cz5rctz2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-ZohoMailClient: External
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  I encountered something very similar today after updating
 emacs. In my case the crash was caused by trying to read an email from mu4e,
 which I have installed as a systems package. Like you I could everything
 worked fine with `emacs -Q`. After adding, mu4e to the load path, I could
 load it and read messages successfully. But with my own configuration it
 crashed even after removi [...] 
 Content analysis details:   (1.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 1.3 RCVD_IN_VALIDITY_RPBL  RBL: Relay in Validity RPBL,
 https://senderscore.org/blocklistlookup/
 [31.186.226.251 listed in bl.score.senderscore.com]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [31.186.226.251 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
X-Debbugs-Envelope-To: 61896
Cc: Philip Kaludercic <philipk@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)


I encountered something very similar today after updating emacs.
In my case the crash was caused by trying to read an email from mu4e,
which I have installed as a systems package.

Like you I could everything worked fine with `emacs -Q`. After adding,
mu4e to the load path, I could load it and read messages successfully.
But with my own configuration it crashed even after removing all mu4e
related settings from my config. Emacs crashed and I could see the
following on the terminal I launched it from

free(): invalid pointer
Fatal error 6: Aborted

along with a backtrace.

After finding this thread, I copied the mu4e lisp files to a directory
writable by me and byte compiled those. Adding this directory to load-path
has fixed my problem.

I think the distro provided elc files were compiled by Emacs 28
and I am using a build of emacs 29 and some incompatible change
recently caused this problem.

For now, my fix works but is there a good way to deal with possibly
incompatible bytecode in site-lisp directory?

Rah Guzar

Philip Kaludercic <philipk@HIDDEN> writes:

> Emacs just crashes out of nowhere, e.g. after I open a my init file.
>
> I have had this device for a while on a device of mine, that I couldn't
> reproduce on my main workstation or using emacs -Q.  Apparently this
> could be related to some faulty byte-code.
>
> The best I could do to detect this issue was to build Emacs using
> -fsanitize=address and I managed to reprodce the issue reliably by
> invoking package-recompile-all.  I collected the following log:
>
>
>
> I ran the same command in batch mode, and now the issue appears to be
> fixed.  This gives me no reassurance, as a few days ago the I had
> temporary managed to acchive the same state and then Emacs crashed again
> after rebuilding again.
>
> In GNU Emacs 30.0.50 (build 4, x86_64-pc-linux-gnu, GTK+ Version
>  3.24.36, cairo version 1.16.0) of 2023-03-01 built on quetzal
> Repository revision: 4b99015e15a23bd5cbec021d53ef9fcca25b2441
> Repository branch: master
> System Description: Debian GNU/Linux bookworm/sid
>
> Configured using:
>  'configure --with-pgtk 'CFLAGS=-O0 -ggdb3 -fsanitize=address''
>
> Configured features:
> ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
> JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 MODULES NOTIFY INOTIFY
> PDUMPER PGTK PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
> TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM GTK3 ZLIB
>
> Important settings:
>   value of $LC_MONETARY: en_US.UTF-8
>   value of $LC_NUMERIC: en_US.UTF-8
>   value of $LC_TIME: en_US.UTF-8
>   value of $LANG: en_US.UTF-8
>   value of $XMODIFIERS: @im=ibus
>   locale-coding-system: utf-8-unix
>
> Major mode: ELisp/l
>
> Minor modes in effect:
>   tooltip-mode: t
>   global-eldoc-mode: t
>   eldoc-mode: t
>   show-paren-mode: t
>   electric-indent-mode: t
>   mouse-wheel-mode: t
>   tool-bar-mode: t
>   menu-bar-mode: t
>   file-name-shadow-mode: t
>   global-font-lock-mode: t
>   font-lock-mode: t
>   blink-cursor-mode: t
>   line-number-mode: t
>   transient-mark-mode: t
>   auto-composition-mode: t
>   auto-encryption-mode: t
>   auto-compression-mode: t
>
> Load-path shadows:
> None found.
>
> Features:
> (shadow sort emacsbug mail-extr message mailcap yank-media puny dired
> dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
> epg-config gnus-util text-property-search time-date subr-x mm-decode
> mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
> sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils
> cus-edit pp cus-start cus-load icons wid-edit misearch multi-isearch
> vc-git diff-mode easy-mmode vc-dispatcher cl-loaddefs cl-lib rmc
> iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook
> vc-hooks lisp-float-type elisp-mode mwheel term/pgtk-win pgtk-win
> term/common-win pgtk-dnd tool-bar dnd fontset image regexp-opt fringe
> tabulated-list replace newcomment text-mode lisp-mode prog-mode register
> page tab-bar menu-bar rfn-eshadow isearch easymenu timer select
> scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors
> frame minibuffer nadvice seq simple cl-generic indonesian philippine
> cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
> korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
> european ethiopic indian cyrillic chinese composite emoji-zwj charscript
> charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
> cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp
> files window text-properties overlay sha1 md5 base64 format env
> code-pages mule custom widget keymap hashtable-print-readable backquote
> threads dbusbind inotify dynamic-setting system-font-setting
> font-render-setting cairo gtk pgtk lcms2 multi-tty make-network-process
> emacs)
>
> Memory information:
> ((conses 16 65648 11383)
>  (symbols 48 7380 0)
>  (strings 32 19680 1617)
>  (string-bytes 1 540967)
>  (vectors 16 12795)
>  (vector-slots 8 182734 13738)
>  (floats 8 32 68)
>  (intervals 56 625 8)
>  (buffers 984 13))




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 2 Mar 2023 09:40:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 04:40:57 2023
Received: from localhost ([127.0.0.1]:55803 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXfQn-0007xg-4d
	for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 04:40:57 -0500
Received: from eggs.gnu.org ([209.51.188.92]:43344)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1pXfQm-0007xR-1r
 for 61896 <at> debbugs.gnu.org; Thu, 02 Mar 2023 04:40:56 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1pXfQf-0002S3-Jm; Thu, 02 Mar 2023 04:40:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=jiwXyH+ADec8bL1K4uaScJyzjOwAR0hyeuK2VAcyiIo=; b=Mcx5aCGSXtQuYoEFmbMF
 O0iWtWc6TMM4chsEGLf/pg3hbNlXfH2w03OPzH4axBTZlWvwTDGo/57aZMPksEx/wazVU4uG7EOrE
 /iqn3jEWxwOxO2uaZrPqJzJisNLjekFp7+TmuNsmdbMjLt0f3ycx1OF8IxSYdRINLWMprrFY4/3ZP
 elnHvHiTbc/joa9E4Z3mzUOR7BLeByUvJkoRiEHHZswHMpwfhb9/CZBB7+4i+KuvgSxl+Xl4XZ19x
 XTk/Jugm4/P7WnewWwaUYoRVU5HcJ6+SJzKsiW11HvdPji7FTFaAq3zzZdqPTFv8iqU68yIdOWZO7
 0zVkxfH0zlNktA==;
Received: from [87.69.77.57] (helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1pXfQf-0006WG-3G; Thu, 02 Mar 2023 04:40:49 -0500
Date: Thu, 02 Mar 2023 11:41:05 +0200
Message-Id: <83mt4vebin.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Philip Kaludercic <philipk@HIDDEN>
In-Reply-To: <875ybjcz4t.fsf@HIDDEN> (message from Philip Kaludercic on
 Thu, 02 Mar 2023 08:53:54 +0000)
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
References: <87fsaoqkwo.fsf@HIDDEN> <83zg8vel1t.fsf@HIDDEN>
 <875ybjcz4t.fsf@HIDDEN>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 61896
Cc: mattiase@HIDDEN, 61896 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Philip Kaludercic <philipk@HIDDEN>
> Cc: Mattias EngdegÄrd <mattiase@HIDDEN>,
>   61896 <at> debbugs.gnu.org
> Date: Thu, 02 Mar 2023 08:53:54 +0000
> 
> >From what I recall, the address being freed was on the stack.  How does
> the byte-code interpreter behave when the input is broken?  Is there
> some way of validating if the byte-code is "coherent"?  If I manually
> modify the byte code and replace random bytes, is the interpreter
> written to expect this kind of issue?

Sorry, I don't understand the questions.  Maybe Mattias will.

My interpretation of this problem is that some corruption happened to
the specpdl stuff, which causes SAFE_FREE decide that some data should
be 'free'd when it was actually allocated off the stack.  The question
is how could that happen.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 2 Mar 2023 08:53:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 03:53:42 2023
Received: from localhost ([127.0.0.1]:55714 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXeh3-0006nT-NS
	for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 03:53:42 -0500
Received: from mout01.posteo.de ([185.67.36.65]:59523)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <philipk@HIDDEN>) id 1pXeh2-0006nH-JK
 for 61896 <at> debbugs.gnu.org; Thu, 02 Mar 2023 03:53:41 -0500
Received: from submission (posteo.de [185.67.36.169]) 
 by mout01.posteo.de (Postfix) with ESMTPS id 18D6124061C
 for <61896 <at> debbugs.gnu.org>; Thu,  2 Mar 2023 09:53:34 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1677747215; bh=GtxFODkFffYgzzGT4goeohhk+2pk13wo9sYXXvyuLL0=;
 h=From:To:Cc:Subject:Date:From;
 b=FSd0HIxfQZOVFEI8H6s64OQuwtiSXzEB5IJMpX/e/svKV1kRhAPeGzn4jOL6CmNjR
 Uh56Q+1dQvh80f7V8NMoGD/E9RTbxhE63dF2ELNI3a95XUm5sgnSI899u6UxkyE0zR
 G58sQ2E4FXdiq6nZOFZuKo+l8JqPICSr5ore7GbuFxMVMoIfrjtf0txfcJ74vo9t6r
 jwGizO2/wsyB21tzLwGiZ7IhOpMrxa/PpbdBze6Qkg0mxwvrhIywXvwwZCzdF5QVlr
 99br/pQjbmtQXVOYEtc/54WqmM8FSeBGm+SVd+L1O1klcB249EEfVIykel/NpwmWVX
 9+XOrDasrLw2w==
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4PS4dV2dZzz6trW;
 Thu,  2 Mar 2023 09:53:33 +0100 (CET)
From: Philip Kaludercic <philipk@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
In-Reply-To: <83zg8vel1t.fsf@HIDDEN> (Eli Zaretskii's message of "Thu, 02 Mar
 2023 08:15:10 +0200")
References: <87fsaoqkwo.fsf@HIDDEN> <83zg8vel1t.fsf@HIDDEN>
Date: Thu, 02 Mar 2023 08:53:54 +0000
Message-ID: <875ybjcz4t.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 61896
Cc: Mattias =?utf-8?Q?Engdeg=C3=A5rd?= <mattiase@HIDDEN>,
 61896 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Eli Zaretskii <eliz@HIDDEN> writes:

>> From: Philip Kaludercic <philipk@HIDDEN>
>> Date: Wed, 01 Mar 2023 20:25:11 +0000
>> 
>> Emacs just crashes out of nowhere, e.g. after I open a my init file.
>
> It would help if you could run Emacs under GDB and show the backtrace
> from one of those crashes, including the Lisp backtrace (the
> "xbacktrace" command defined on src/.gdbinit).

I tried debugging it using GDB, but didn't know about xbacktrace.  Sadly
I cannot reproduce the issue any more (at least for now).

>> I have had this device for a while on a device of mine, that I couldn't
>> reproduce on my main workstation or using emacs -Q.  Apparently this
>> could be related to some faulty byte-code.
>> 
>> The best I could do to detect this issue was to build Emacs using
>> -fsanitize=address and I managed to reprodce the issue reliably by
>> invoking package-recompile-all.  I collected the following log:
>
> Byte-code saw quite a bit of changes on master.  Adding Mattias in
> case he has some ideas.

From what I recall, the address being freed was on the stack.  How does
the byte-code interpreter behave when the input is broken?  Is there
some way of validating if the byte-code is "coherent"?  If I manually
modify the byte code and replace random bytes, is the interpreter
written to expect this kind of issue?




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at 61896 <at> debbugs.gnu.org:


Received: (at 61896) by debbugs.gnu.org; 2 Mar 2023 06:15:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 01:15:02 2023
Received: from localhost ([127.0.0.1]:55560 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXcDW-0000OA-As
	for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 01:15:02 -0500
Received: from eggs.gnu.org ([209.51.188.92]:41324)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1pXcDV-0000Ne-27
 for 61896 <at> debbugs.gnu.org; Thu, 02 Mar 2023 01:15:01 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1pXcDP-0006nb-BZ; Thu, 02 Mar 2023 01:14:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=Z6fc6HMNUu+BePj2JO5k/D27XUB42q6sI0AUpqdN8ao=; b=EN0ksgf6LuKtahpVTEGW
 2BMcPM8xs/H0ivMJoFvSUrCDVVlWMW99oibfg+2ZXKlLwuL+h6P2WMI9LRKV1592c6F+guD7114HP
 +/hS1cDUyT+Su9lKqMBQyDwYlmgsLQowbYwA13r681b7sFOYm0VNn04WzPB7cgYei6b52FJbTIKe1
 t34Tna2EAdGDaXr0inRNeYsb3IBATJL2EQYmENsxGWnKHGB/xXz2SjRwKbBMeU7+gp8/9/UjkDc1V
 DbymMVwCy967KaCO+q2KQkGFQ8PiKESomsrAWLUolgGB0RqDFYpx30VFLBgym1VLcie0Dye8FL6H+
 karJ06UnMidfvw==;
Received: from [87.69.77.57] (helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1pXcDO-0003TP-PN; Thu, 02 Mar 2023 01:14:55 -0500
Date: Thu, 02 Mar 2023 08:15:10 +0200
Message-Id: <83zg8vel1t.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Philip Kaludercic <philipk@HIDDEN>, Mattias =?utf-8?Q?Engdeg=C3=A5?=
 =?utf-8?Q?rd?= <mattiase@HIDDEN>
In-Reply-To: <87fsaoqkwo.fsf@HIDDEN> (message from Philip Kaludercic on
 Wed, 01 Mar 2023 20:25:11 +0000)
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
References: <87fsaoqkwo.fsf@HIDDEN>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 61896
Cc: 61896 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Philip Kaludercic <philipk@HIDDEN>
> Date: Wed, 01 Mar 2023 20:25:11 +0000
> 
> Emacs just crashes out of nowhere, e.g. after I open a my init file.

It would help if you could run Emacs under GDB and show the backtrace
from one of those crashes, including the Lisp backtrace (the
"xbacktrace" command defined on src/.gdbinit).

> I have had this device for a while on a device of mine, that I couldn't
> reproduce on my main workstation or using emacs -Q.  Apparently this
> could be related to some faulty byte-code.
> 
> The best I could do to detect this issue was to build Emacs using
> -fsanitize=address and I managed to reprodce the issue reliably by
> invoking package-recompile-all.  I collected the following log:

Byte-code saw quite a bit of changes on master.  Adding Mattias in
case he has some ideas.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 1 Mar 2023 20:25:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 01 15:25:02 2023
Received: from localhost ([127.0.0.1]:54951 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pXT0Y-0007Yj-1A
	for submit <at> debbugs.gnu.org; Wed, 01 Mar 2023 15:25:02 -0500
Received: from lists.gnu.org ([209.51.188.17]:46234)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <philipk@HIDDEN>) id 1pXT0W-0007YU-Hm
 for submit <at> debbugs.gnu.org; Wed, 01 Mar 2023 15:25:01 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <philipk@HIDDEN>)
 id 1pXT0V-0003dH-P5
 for bug-gnu-emacs@HIDDEN; Wed, 01 Mar 2023 15:25:00 -0500
Received: from mout02.posteo.de ([185.67.36.66])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <philipk@HIDDEN>)
 id 1pXT0T-00078X-9X
 for bug-gnu-emacs@HIDDEN; Wed, 01 Mar 2023 15:24:59 -0500
Received: from submission (posteo.de [185.67.36.169]) 
 by mout02.posteo.de (Postfix) with ESMTPS id 3AE0B2407B1
 for <bug-gnu-emacs@HIDDEN>; Wed,  1 Mar 2023 21:24:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1677702294; bh=eK7UeKfrWuAWjEXossM2K9izb9Hvf1+JN1mA3rvR1jw=;
 h=From:To:Subject:Date:From;
 b=d9NL+6Y9aEfcbr9dp8MVEGLtWeIne3xGzrLM4vnSzhUvgbyJkiz0qCYkcqy9h8iN8
 yFYT7Q7uN/Bd6DvPMnBBKVyVJbxsUehTt1eUFCXkHV50rm6KbRty/EHzO21pwNS853
 IChxwbVOiXGjuvB3RJF6VgjvmjDaU7uQJT23DACwW+8oG/Ao0mZcUor0xH/sk7b6aN
 W8oygUh4Ee1/QiUpBCuuoV4AiP9VCw2bEQClI8lrvO3DQWH/HoWVSj0++MYH4Oklut
 dZccy5I6Sb8rKphUeq9jdaqyFj9mT70SLrNIqcKdXhm/+f6pqMGgEWmejFd9DxpY6z
 8+8XlnwyZYRfQ==
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4PRm1d5cwWz6tqw
 for <bug-gnu-emacs@HIDDEN>; Wed,  1 Mar 2023 21:24:53 +0100 (CET)
From: Philip Kaludercic <philipk@HIDDEN>
To: bug-gnu-emacs@HIDDEN
Subject: 30.0.50; Emacs crashes because of an invalid free
Date: Wed, 01 Mar 2023 20:25:11 +0000
Message-ID: <87fsaoqkwo.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Received-SPF: pass client-ip=185.67.36.66; envelope-from=philipk@HIDDEN;
 helo=mout02.posteo.de
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

--=-=-=
Content-Type: text/plain


Emacs just crashes out of nowhere, e.g. after I open a my init file.

I have had this device for a while on a device of mine, that I couldn't
reproduce on my main workstation or using emacs -Q.  Apparently this
could be related to some faulty byte-code.

The best I could do to detect this issue was to build Emacs using
-fsanitize=address and I managed to reprodce the issue reliably by
invoking package-recompile-all.  I collected the following log:


--=-=-=
Content-Type: text/plain
Content-Disposition: attachment; filename=log.1

$ ./src/emacs
=================================================================
==74401==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7ffe72b89e70 in thread T0
    #0 0x7fa972cb76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x55dbfb6adcb7 in xfree /home/philip/Source/emacs/src/alloc.c:845
    #2 0x55dbfb7158cc in safe_free /home/philip/Source/emacs/src/lisp.h:5409
    #3 0x55dbfb72486b in apply_lambda /home/philip/Source/emacs/src/eval.c:3111
    #4 0x55dbfb7211b3 in eval_sub /home/philip/Source/emacs/src/eval.c:2547
    #5 0x55dbfb717052 in Fprogn /home/philip/Source/emacs/src/eval.c:436
    #6 0x55dbfb6f889e in Fsave_current_buffer /home/philip/Source/emacs/src/editfns.c:869
    #7 0x55dbfb7202af in eval_sub /home/philip/Source/emacs/src/eval.c:2451
    #8 0x55dbfb717052 in Fprogn /home/philip/Source/emacs/src/eval.c:436
    #9 0x55dbfb7202af in eval_sub /home/philip/Source/emacs/src/eval.c:2451
    #10 0x55dbfb716dd8 in Fif /home/philip/Source/emacs/src/eval.c:391
    #11 0x55dbfb7202af in eval_sub /home/philip/Source/emacs/src/eval.c:2451
    #12 0x55dbfb717052 in Fprogn /home/philip/Source/emacs/src/eval.c:436
    #13 0x55dbfb719c61 in Flet /home/philip/Source/emacs/src/eval.c:1026
    #14 0x55dbfb7202af in eval_sub /home/philip/Source/emacs/src/eval.c:2451
    #15 0x55dbfb717052 in Fprogn /home/philip/Source/emacs/src/eval.c:436
    #16 0x55dbfb7250fe in funcall_lambda /home/philip/Source/emacs/src/eval.c:3235
    #17 0x55dbfb7231d1 in funcall_general /home/philip/Source/emacs/src/eval.c:2959
    #18 0x55dbfb7c0ab9 in exec_byte_code /home/philip/Source/emacs/src/bytecode.c:811
    #19 0x55dbfb72446b in fetch_and_exec_byte_code /home/philip/Source/emacs/src/eval.c:3083
    #20 0x55dbfb724c00 in funcall_lambda /home/philip/Source/emacs/src/eval.c:3155
    #21 0x55dbfb7230ac in funcall_general /home/philip/Source/emacs/src/eval.c:2947
    #22 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
    #23 0x55dbfb72241c in run_hook_wrapped_funcall /home/philip/Source/emacs/src/eval.c:2775
    #24 0x55dbfb72286b in run_hook_with_args /home/philip/Source/emacs/src/eval.c:2856
    #25 0x55dbfb7224af in Frun_hook_wrapped /home/philip/Source/emacs/src/eval.c:2790
    #26 0x55dbfb7242e9 in funcall_subr /home/philip/Source/emacs/src/eval.c:3061
    #27 0x55dbfb7c0a90 in exec_byte_code /home/philip/Source/emacs/src/bytecode.c:809
    #28 0x55dbfb72446b in fetch_and_exec_byte_code /home/philip/Source/emacs/src/eval.c:3083
    #29 0x55dbfb724c00 in funcall_lambda /home/philip/Source/emacs/src/eval.c:3155
    #30 0x55dbfb7230ac in funcall_general /home/philip/Source/emacs/src/eval.c:2947
    #31 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
    #32 0x55dbfb57b1a5 in call1 /home/philip/Source/emacs/src/lisp.h:3247
    #33 0x55dbfb581f85 in Fkill_emacs /home/philip/Source/emacs/src/emacs.c:2884
    #34 0x55dbfb723a9e in funcall_subr /home/philip/Source/emacs/src/eval.c:3038
    #35 0x55dbfb7c0a90 in exec_byte_code /home/philip/Source/emacs/src/bytecode.c:809
    #36 0x55dbfb72446b in fetch_and_exec_byte_code /home/philip/Source/emacs/src/eval.c:3083
    #37 0x55dbfb724c00 in funcall_lambda /home/philip/Source/emacs/src/eval.c:3155
    #38 0x55dbfb7230ac in funcall_general /home/philip/Source/emacs/src/eval.c:2947
    #39 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
    #40 0x55dbfb70f126 in Ffuncall_interactively /home/philip/Source/emacs/src/callint.c:250
    #41 0x55dbfb7242e9 in funcall_subr /home/philip/Source/emacs/src/eval.c:3061
    #42 0x55dbfb723060 in funcall_general /home/philip/Source/emacs/src/eval.c:2943
    #43 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
    #44 0x55dbfb7130fa in Fcall_interactively /home/philip/Source/emacs/src/callint.c:787
    #45 0x55dbfb723b6b in funcall_subr /home/philip/Source/emacs/src/eval.c:3040
    #46 0x55dbfb7c0a90 in exec_byte_code /home/philip/Source/emacs/src/bytecode.c:809
    #47 0x55dbfb72446b in fetch_and_exec_byte_code /home/philip/Source/emacs/src/eval.c:3083
    #48 0x55dbfb724c00 in funcall_lambda /home/philip/Source/emacs/src/eval.c:3155
    #49 0x55dbfb7230ac in funcall_general /home/philip/Source/emacs/src/eval.c:2947
    #50 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
    #51 0x55dbfb58481a in call1 /home/philip/Source/emacs/src/lisp.h:3247
    #52 0x55dbfb58b2d4 in command_loop_1 /home/philip/Source/emacs/src/keyboard.c:1494
    #53 0x55dbfb71b9c0 in internal_condition_case /home/philip/Source/emacs/src/eval.c:1474
    #54 0x55dbfb58985d in command_loop_2 /home/philip/Source/emacs/src/keyboard.c:1124
    #55 0x55dbfb71a346 in internal_catch /home/philip/Source/emacs/src/eval.c:1197
    #56 0x55dbfb589785 in command_loop /home/philip/Source/emacs/src/keyboard.c:1102
    #57 0x55dbfb5880eb in recursive_edit_1 /home/philip/Source/emacs/src/keyboard.c:711
    #58 0x55dbfb5884af in Frecursive_edit /home/philip/Source/emacs/src/keyboard.c:794
    #59 0x55dbfb580b41 in main /home/philip/Source/emacs/src/emacs.c:2530
    #60 0x7fa970438189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #61 0x7fa970438244 in __libc_start_main_impl ../csu/libc-start.c:381
    #62 0x55dbfb280830 in _start (/home/philip/Source/emacs/src/emacs+0x132830)

Address 0x7ffe72b89e70 is located in stack of thread T0
SUMMARY: AddressSanitizer: bad-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52 in __interceptor_free
==74401==ABORTING


--=-=-=
Content-Type: text/plain


I ran the same command in batch mode, and now the issue appears to be
fixed.  This gives me no reassurance, as a few days ago the I had
temporary managed to acchive the same state and then Emacs crashed again
after rebuilding again.

In GNU Emacs 30.0.50 (build 4, x86_64-pc-linux-gnu, GTK+ Version
 3.24.36, cairo version 1.16.0) of 2023-03-01 built on quetzal
Repository revision: 4b99015e15a23bd5cbec021d53ef9fcca25b2441
Repository branch: master
System Description: Debian GNU/Linux bookworm/sid

Configured using:
 'configure --with-pgtk 'CFLAGS=-O0 -ggdb3 -fsanitize=address''

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 MODULES NOTIFY INOTIFY
PDUMPER PGTK PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM GTK3 ZLIB

Important settings:
  value of $LC_MONETARY: en_US.UTF-8
  value of $LC_NUMERIC: en_US.UTF-8
  value of $LC_TIME: en_US.UTF-8
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix

Major mode: ELisp/l

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  show-paren-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  line-number-mode: t
  transient-mark-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t

Load-path shadows:
None found.

Features:
(shadow sort emacsbug mail-extr message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils
cus-edit pp cus-start cus-load icons wid-edit misearch multi-isearch
vc-git diff-mode easy-mmode vc-dispatcher cl-loaddefs cl-lib rmc
iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook
vc-hooks lisp-float-type elisp-mode mwheel term/pgtk-win pgtk-win
term/common-win pgtk-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode lisp-mode prog-mode register
page tab-bar menu-bar rfn-eshadow isearch easymenu timer select
scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors
frame minibuffer nadvice seq simple cl-generic indonesian philippine
cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese composite emoji-zwj charscript
charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp
files window text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget keymap hashtable-print-readable backquote
threads dbusbind inotify dynamic-setting system-font-setting
font-render-setting cairo gtk pgtk lcms2 multi-tty make-network-process
emacs)

Memory information:
((conses 16 65648 11383)
 (symbols 48 7380 0)
 (strings 32 19680 1617)
 (string-bytes 1 540967)
 (vectors 16 12795)
 (vector-slots 8 182734 13738)
 (floats 8 32 68)
 (intervals 56 625 8)
 (buffers 984 13))

--=-=-=--




Acknowledgement sent to Philip Kaludercic <philipk@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN:
bug#61896; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 3 Mar 2023 11:00:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.