unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
* bug#16502: segmentation fault with org-capture
@ 2014-01-19 21:15 Nathan Froyd
  2014-01-20  8:20 ` Dmitry Antipov
  0 siblings, 1 reply; 7+ messages in thread
From: Nathan Froyd @ 2014-01-19 21:15 UTC (permalink / raw)
  To: 16502

Given this initialization file, bug-init:

(require 'org)
(require 'org-capture)
(setq org-capture-templates
      '(("m" "memories" plain (file "~/memories") "%t %?")))
(global-set-key [f2] 'org-capture)

and starting emacs (24.x or emacs from git) with:

emacs -Q -l bug-init

and then repeatedly pressing the key sequence:

<F2> m C-c C-k

will eventually cause emacs to crash with a segmentation fault, or
consume vast amounts of memory, and then crash.  It typically takes
5-6 repetitions of that key sequence.

Consuming vast amounts of memory seems slightly more common with emacs
from git than, say, 24.3.

I have seen segmentation faults happen with a couple of different stacks:

Program received signal SIGSEGV, Segmentation fault.
0x000000000059f29d in copy_properties (source=0x1fba2d8, target=0x0)
at /home/froydnj/src/emacs-24.3/src/intervals.c:138
138      COPY_INTERVAL_CACHE (source, target);
(gdb) where
#0  0x000000000059f29d in copy_properties (source=0x1fba2d8,
target=0x0) at /home/froydnj/src/emacs-24.3/src/intervals.c:138
#1  0x000000000059ff39 in graft_intervals_into_buffer
(source=<optimized out>, position=<optimized out>, length=<optimized
out>, buffer=0x2b9dc50, inherit=false) at
/home/froydnj/src/emacs-24.3/src/intervals.c:1721
#2  0x00000000005072c3 in insert_from_string_1 (string=38589297,
pos=0, pos_byte=0, nchars=20, nbytes=20, inherit=false,
before_markers=false) at /home/froydnj/src/emacs-24.3/src/insdel.c:979
#3  0x0000000000508820 in insert_from_string (string=<optimized out>,
pos=<optimized out>, pos_byte=<optimized out>, length=<optimized out>,
length_byte=<optimized out>, inherit=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/insdel.c:871
#4  0x0000000000549672 in general_insert_function
(insert_func=0x508a70 <insert>, insert_from_string_func=0x5087f0
<insert_from_string>, inherit=false, nargs=1, args=0x7fffffffcff8) at
/home/froydnj/src/emacs-24.3/src/editfns.c:2258
#5  0x000000000054982b in Finsert (nargs=<optimized out>,
args=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/editfns.c:2299
#6  0x000000000058a5b7 in exec_byte_code (bytestr=33128262,
vector=140737488343032, maxdepth=0, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x1) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:1486
#7  0x0000000000552b1f in funcall_lambda (fun=33553573,
nargs=<optimized out>, arg_vector=0x7fffffffd1e0) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#8  0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd1d8) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#9  0x0000000000588f43 in exec_byte_code (bytestr=33128262,
vector=140737488343512, maxdepth=0, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x1) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:900
#10 0x0000000000552b1f in funcall_lambda (fun=33551981,
nargs=<optimized out>, arg_vector=0x7fffffffd3c0) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#11 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd3b8) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#12 0x0000000000588f43 in exec_byte_code (bytestr=33128262,
vector=140737488343992, maxdepth=0, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x1) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:900
#13 0x0000000000552517 in eval_sub (form=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/eval.c:2149
#14 0x000000000055529a in internal_lisp_condition_case (var=12103250,
bodyform=33186342, handlers=33185926) at
/home/froydnj/src/emacs-24.3/src/eval.c:1243
#15 0x0000000000589afe in exec_byte_code (bytestr=33128262,
vector=140737488344824, maxdepth=0, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x1) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:1096
#16 0x0000000000552b1f in funcall_lambda (fun=33476477,
nargs=<optimized out>, arg_vector=0x7fffffffd978) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#17 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd970) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#18 0x000000000054f448 in Fcall_interactively (function=16202834,
record_flag=12051570, keys=12086789) at
/home/froydnj/src/emacs-24.3/src/callint.c:852
#19 0x0000000000553035 in Ffuncall (nargs=<optimized out>,
args=0x7fffffffdb40) at /home/froydnj/src/emacs-24.3/src/eval.c:2785
#20 0x0000000000553294 in call3 (fn=<optimized out>, arg1=<optimized
out>, arg2=<optimized out>, arg3=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/eval.c:2603
#21 0x00000000004ec7d3 in command_loop_1 () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1587
#22 0x00000000005513d8 in internal_condition_case (bfun=0x4ec450
<command_loop_1>, handlers=12103250, hfun=0x4e1d40 <cmd_error>) at
/home/froydnj/src/emacs-24.3/src/eval.c:1289
#23 0x00000000004dfede in command_loop_2 (ignore=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1168
#24 0x000000000055129d in internal_catch (tag=2171090632704,
func=0x4dfec0 <command_loop_2>, arg=12051570) at
/home/froydnj/src/emacs-24.3/src/eval.c:1060
#25 0x00000000004e1827 in command_loop () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1147
#26 recursive_edit_1 () at /home/froydnj/src/emacs-24.3/src/keyboard.c:779
#27 0x00000000004e1b54 in Frecursive_edit () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:843
#28 0x00000000004145bf in main (argc=1, argv=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/emacs.c:1528

The line information on this next stack does not appear to be
accurate, as the variable i is usually a null interval, and the crash
happens referencing the interval's plist:

Program received signal SIGSEGV, Segmentation fault.
0x00000000005a280c in interval_has_some_properties_list
(list=40898438, i=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/textprop.c:273
273      for (tail1 = list; CONSP (tail1); tail1 = XCDR (tail1))
(gdb) where
#0  0x00000000005a280c in interval_has_some_properties_list
(list=40898438, i=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/textprop.c:273
#1  0x00000000005a313d in Fremove_list_of_text_properties
(start=13108, end=13188, list_of_properties=40898438, object=44530229)
at /home/froydnj/src/emacs-24.3/src/textprop.c:1590
#2  0x00000000005a9684 in update_compositions (from=3277, to=3297,
check_mask=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/composite.c:596
#3  0x0000000000549672 in general_insert_function
(insert_func=0x508a70 <insert>, insert_from_string_func=0x5087f0
<insert_from_string>, inherit=false, nargs=1, args=0x7fffffffcff8) at
/home/froydnj/src/emacs-24.3/src/editfns.c:2258
#4  0x000000000054982b in Finsert (nargs=<optimized out>,
args=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/editfns.c:2299
#5  0x000000000058a5b7 in exec_byte_code (bytestr=40898438,
vector=140737488343032, maxdepth=6, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x2700f80) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:1486
#6  0x0000000000552b1f in funcall_lambda (fun=33570629,
nargs=<optimized out>, arg_vector=0x7fffffffd1e0) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#7  0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd1d8) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#8  0x0000000000588f43 in exec_byte_code (bytestr=40898438,
vector=140737488343512, maxdepth=6, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x2700f80) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:900
#9  0x0000000000552b1f in funcall_lambda (fun=33569037,
nargs=<optimized out>, arg_vector=0x7fffffffd3c0) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#10 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd3b8) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#11 0x0000000000588f43 in exec_byte_code (bytestr=40898438,
vector=140737488343992, maxdepth=6, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x2700f80) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:900
#12 0x0000000000552517 in eval_sub (form=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/eval.c:2149
#13 0x000000000055529a in internal_lisp_condition_case (var=12103250,
bodyform=33181206, handlers=33180742) at
/home/froydnj/src/emacs-24.3/src/eval.c:1243
#14 0x0000000000589afe in exec_byte_code (bytestr=40898438,
vector=140737488344824, maxdepth=6, args_template=4611686018695757824,
nargs=4611686018430533632, args=0x2700f80) at
/home/froydnj/src/emacs-24.3/src/bytecode.c:1096
#15 0x0000000000552b1f in funcall_lambda (fun=33493533,
nargs=<optimized out>, arg_vector=0x7fffffffd978) at
/home/froydnj/src/emacs-24.3/src/eval.c:3010
#16 0x0000000000552e7d in Ffuncall (nargs=<optimized out>,
args=0x7fffffffd970) at /home/froydnj/src/emacs-24.3/src/eval.c:2839
#17 0x000000000054f448 in Fcall_interactively (function=16202834,
record_flag=12051570, keys=12086789) at
/home/froydnj/src/emacs-24.3/src/callint.c:852
#18 0x0000000000553035 in Ffuncall (nargs=<optimized out>,
args=0x7fffffffdb40) at /home/froydnj/src/emacs-24.3/src/eval.c:2785
#19 0x0000000000553294 in call3 (fn=<optimized out>, arg1=<optimized
out>, arg2=<optimized out>, arg3=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/eval.c:2603
#20 0x00000000004ec7d3 in command_loop_1 () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1587
#21 0x00000000005513d8 in internal_condition_case (bfun=0x4ec450
<command_loop_1>, handlers=12103250, hfun=0x4e1d40 <cmd_error>) at
/home/froydnj/src/emacs-24.3/src/eval.c:1289
#22 0x00000000004dfede in command_loop_2 (ignore=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1168
#23 0x000000000055129d in internal_catch (tag=2918333087744,
func=0x4dfec0 <command_loop_2>, arg=12051570) at
/home/froydnj/src/emacs-24.3/src/eval.c:1060
#24 0x00000000004e1827 in command_loop () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:1147
#25 recursive_edit_1 () at /home/froydnj/src/emacs-24.3/src/keyboard.c:779
#26 0x00000000004e1b54 in Frecursive_edit () at
/home/froydnj/src/emacs-24.3/src/keyboard.c:843
#27 0x00000000004145bf in main (argc=1, argv=<optimized out>) at
/home/froydnj/src/emacs-24.3/src/emacs.c:1528


Program received signal SIGSEGV, Segmentation fault.
0x0000000000581b93 in balance_an_interval (i=0xc18620) at
/opt/src/repos/emacs.git/src/intervals.c:442
442          new_diff = i->total_length - i->left->total_length
(gdb) where
#0  0x0000000000581b93 in balance_an_interval (i=0xc18620) at
/opt/src/repos/emacs.git/src/intervals.c:442
#1  0x0000000000581d95 in balance_possible_root_interval
(interval=<optimized out>) at
/opt/src/repos/emacs.git/src/intervals.c:482
#2  0x00000000005829a0 in split_interval_left (interval=0x1b9a428,
offset=<optimized out>) at
/opt/src/repos/emacs.git/src/intervals.c:615
#3  0x0000000000582f49 in graft_intervals_into_buffer
(source=0x1ba62c0, position=2, length=<optimized out>,
buffer=0x1b91c30, inherit=false) at
/opt/src/repos/emacs.git/src/intervals.c:1669
#4  0x00000000004fa349 in insert_from_string_1 (string=26897025,
pos=0, pos_byte=0, nchars=20, nbytes=20, inherit=false,
before_markers=false) at /opt/src/repos/emacs.git/src/insdel.c:976
#5  0x00000000004fb815 in insert_from_string (string=<optimized out>,
pos=<optimized out>, pos_byte=<optimized out>, length=<optimized out>,
length_byte=<optimized out>, inherit=<optimized out>) at
/opt/src/repos/emacs.git/src/insdel.c:868
#6  0x00000000005354d3 in general_insert_function
(insert_func=0x4fba10 <insert>, insert_from_string_func=0x4fb7eb
<insert_from_string>, inherit=false, nargs=1, args=0x7fffffffd188) at
/opt/src/repos/emacs.git/src/editfns.c:2248
#7  0x00000000005355b1 in Finsert (nargs=<optimized out>,
args=<optimized out>) at /opt/src/repos/emacs.git/src/editfns.c:2289
#8  0x000000000056fa17 in exec_byte_code (bytestr=<optimized out>,
vector=25746413, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1559
#9  0x000000000053da0a in funcall_lambda (fun=25746629, nargs=0,
arg_vector=0x7fffffffd370) at /opt/src/repos/emacs.git/src/eval.c:3040
#10 0x000000000053dde4 in Ffuncall (nargs=1, args=0x7fffffffd368) at
/opt/src/repos/emacs.git/src/eval.c:2855
#11 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25475869, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#12 0x000000000053da0a in funcall_lambda (fun=25476181, nargs=1,
arg_vector=0x7fffffffd550) at /opt/src/repos/emacs.git/src/eval.c:3040
#13 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffd548) at
/opt/src/repos/emacs.git/src/eval.c:2855
#14 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25915261, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#15 0x0000000000570c7b in Fbyte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:482
#16 0x000000000053d323 in eval_sub (form=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:2182
#17 0x000000000053ff74 in internal_lisp_condition_case (var=11926946,
bodyform=26157926, handlers=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:1314
#18 0x000000000056ea5b in exec_byte_code (bytestr=<optimized out>,
vector=25472645, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1169
#19 0x000000000053da0a in funcall_lambda (fun=25915301, nargs=1,
arg_vector=0x7fffffffda28) at /opt/src/repos/emacs.git/src/eval.c:3040
#20 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffda20) at
/opt/src/repos/emacs.git/src/eval.c:2855
#21 0x000000000053b345 in Fcall_interactively (function=16111442,
record_flag=11875442, keys=11910461) at
/opt/src/repos/emacs.git/src/callint.c:836
#22 0x000000000053dcd0 in Ffuncall (nargs=4, args=0x7fffffffdbe8) at
/opt/src/repos/emacs.git/src/eval.c:2813
#23 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=9353333, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#24 0x000000000053d810 in funcall_lambda (fun=9353253, nargs=1,
arg_vector=0x7fffffffddd8) at /opt/src/repos/emacs.git/src/eval.c:2974
#25 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffddd0) at
/opt/src/repos/emacs.git/src/eval.c:2855
#26 0x000000000053e031 in call1 (fn=<optimized out>, arg1=<optimized
out>) at /opt/src/repos/emacs.git/src/eval.c:2605
#27 0x00000000004e2c17 in command_loop_1 () at
/opt/src/repos/emacs.git/src/keyboard.c:1552
#28 0x000000000053c4a6 in internal_condition_case (bfun=0x4e26ee
<command_loop_1>, handlers=11926946, hfun=0x4d9ac9 <cmd_error>) at
/opt/src/repos/emacs.git/src/eval.c:1345
#29 0x00000000004d91a1 in command_loop_2 (ignore=<optimized out>) at
/opt/src/repos/emacs.git/src/keyboard.c:1170
#30 0x000000000053c38d in internal_catch (tag=11922882, func=0x4d9187
<command_loop_2>, arg=11875442) at
/opt/src/repos/emacs.git/src/eval.c:1109
#31 0x00000000004d96f2 in command_loop () at
/opt/src/repos/emacs.git/src/keyboard.c:1149
#32 recursive_edit_1 () at /opt/src/repos/emacs.git/src/keyboard.c:777
#33 0x00000000004d99f7 in Frecursive_edit () at
/opt/src/repos/emacs.git/src/keyboard.c:841
#34 0x00000000004d5b4f in main (argc=<optimized out>,
argv=0x7fffffffe178) at /opt/src/repos/emacs.git/src/emacs.c:1643
(gdb) p i
$4 = (INTERVAL) 0xc18620
(gdb) p i->left
$5 = (struct interval *) 0x0

This stack is the result of interrupting emacs while it was allocating
gobs of memory:

#0  0x00007ffff398c2dd in _int_malloc (av=0x7ffff3cc4720, bytes=1016)
at malloc.c:3464
#1  0x00007ffff398efc5 in __GI___libc_malloc (bytes=1016) at malloc.c:2924
#2  0x0000000000524fc0 in lisp_malloc (nbytes=1016,
type=MEM_TYPE_NON_LISP) at /opt/src/repos/emacs.git/src/alloc.c:893
#3  0x0000000000525cec in make_interval () at
/opt/src/repos/emacs.git/src/alloc.c:1245
#4  0x000000000058285b in split_interval_right (interval=0xa2ae13c8,
offset=0) at /opt/src/repos/emacs.git/src/intervals.c:546
#5  0x0000000000584db0 in copy_intervals (tree=<optimized out>,
start=<optimized out>, length=2) at
/opt/src/repos/emacs.git/src/intervals.c:2285
#6  0x0000000000584e5f in copy_intervals_to_string (string=27583649,
buffer=<optimized out>, position=<optimized out>, length=<optimized
out>) at /opt/src/repos/emacs.git/src/intervals.c:2300
#7  0x00000000005394d6 in make_buffer_string_both (start=2,
start_byte=<optimized out>, end=4, end_byte=<optimized out>,
props=true) at /opt/src/repos/emacs.git/src/editfns.c:2511
#8  0x00000000004f98e8 in del_range_2 (from=2, from_byte=2, to=4,
to_byte=4, ret_string=114) at
/opt/src/repos/emacs.git/src/insdel.c:1715
#9  0x00000000004fae92 in del_range_1 (from=2, to=4,
prepare=<optimized out>, ret_string=false) at
/opt/src/repos/emacs.git/src/insdel.c:1591
#10 0x00000000004faee6 in del_range (from=<optimized out>,
to=<optimized out>) at /opt/src/repos/emacs.git/src/insdel.c:1559
#11 0x0000000000533618 in Fdelete_region (start=8, end=16) at
/opt/src/repos/emacs.git/src/editfns.c:3232
#12 0x0000000000570189 in exec_byte_code (bytestr=<optimized out>,
vector=25496157, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1728
#13 0x000000000053da0a in funcall_lambda (fun=25496229, nargs=0,
arg_vector=0x7fffffffd170) at /opt/src/repos/emacs.git/src/eval.c:3040
#14 0x000000000053dde4 in Ffuncall (nargs=1, args=0x7fffffffd168) at
/opt/src/repos/emacs.git/src/eval.c:2855
#15 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25495325, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#16 0x000000000053da0a in funcall_lambda (fun=25495541, nargs=0,
arg_vector=0x7fffffffd350) at /opt/src/repos/emacs.git/src/eval.c:3040
#17 0x000000000053dde4 in Ffuncall (nargs=1, args=0x7fffffffd348) at
/opt/src/repos/emacs.git/src/eval.c:2855
#18 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25493701, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#19 0x000000000053da0a in funcall_lambda (fun=25494013, nargs=1,
arg_vector=0x7fffffffd530) at /opt/src/repos/emacs.git/src/eval.c:3040
#20 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffd528) at
/opt/src/repos/emacs.git/src/eval.c:2855
#21 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=25473717, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#22 0x0000000000570c7b in Fbyte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:482
#23 0x000000000053d323 in eval_sub (form=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:2182
#24 0x000000000053ff74 in internal_lisp_condition_case (var=11926946,
bodyform=25460086, handlers=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:1314
#25 0x000000000056ea5b in exec_byte_code (bytestr=<optimized out>,
vector=25473949, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1169
#26 0x000000000053da0a in funcall_lambda (fun=25474533, nargs=1,
arg_vector=0x7fffffffda08) at /opt/src/repos/emacs.git/src/eval.c:3040
#27 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffda00) at
/opt/src/repos/emacs.git/src/eval.c:2855
#28 0x000000000053b345 in Fcall_interactively (function=16111442,
record_flag=11875442, keys=11910461) at
/opt/src/repos/emacs.git/src/callint.c:836
#29 0x000000000053dcd0 in Ffuncall (nargs=4, args=0x7fffffffdbc8) at
/opt/src/repos/emacs.git/src/eval.c:2813
#30 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=9353333, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#31 0x000000000053d810 in funcall_lambda (fun=9353253, nargs=1,
arg_vector=0x7fffffffddb8) at /opt/src/repos/emacs.git/src/eval.c:2974
#32 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffddb0) at
/opt/src/repos/emacs.git/src/eval.c:2855
#33 0x000000000053e031 in call1 (fn=<optimized out>, arg1=<optimized
out>) at /opt/src/repos/emacs.git/src/eval.c:2605
#34 0x00000000004e2c17 in command_loop_1 () at
/opt/src/repos/emacs.git/src/keyboard.c:1552
#35 0x000000000053c4a6 in internal_condition_case (bfun=0x4e26ee
<command_loop_1>, handlers=11926946, hfun=0x4d9ac9 <cmd_error>) at
/opt/src/repos/emacs.git/src/eval.c:1345
#36 0x00000000004d91a1 in command_loop_2 (ignore=<optimized out>) at
/opt/src/repos/emacs.git/src/keyboard.c:1170
#37 0x000000000053c38d in internal_catch (tag=11922882, func=0x4d9187
<command_loop_2>, arg=11875442) at
/opt/src/repos/emacs.git/src/eval.c:1109
#38 0x00000000004d96f2 in command_loop () at
/opt/src/repos/emacs.git/src/keyboard.c:1149
#39 recursive_edit_1 () at /opt/src/repos/emacs.git/src/keyboard.c:777
#40 0x00000000004d99f7 in Frecursive_edit () at
/opt/src/repos/emacs.git/src/keyboard.c:841
#41 0x00000000004d5b4f in main (argc=<optimized out>,
argv=0x7fffffffe158) at /opt/src/repos/emacs.git/src/emacs.c:1643
(gdb)

-Nathan





^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#16502: segmentation fault with org-capture
  2014-01-19 21:15 bug#16502: segmentation fault with org-capture Nathan Froyd
@ 2014-01-20  8:20 ` Dmitry Antipov
  2014-01-20  9:30   ` Dmitry Antipov
  0 siblings, 1 reply; 7+ messages in thread
From: Dmitry Antipov @ 2014-01-20  8:20 UTC (permalink / raw)
  To: Nathan Froyd; +Cc: 16502

On 01/20/2014 01:15 AM, Nathan Froyd wrote:

> Given this initialization file, bug-init:
[...skip...]

Reproduced in trunk (as of r116077). Could you please run undumped (temacs)
under valgrind? With your recipe, I'm seeing nasty memory management error:

valgrind --tool=memcheck ./src/temacs -Q -l /tmp/bug16502.el

==>

==10951== Invalid read of size 8
==10951==    at 0x56142D: PSEUDOVECTOR_TYPEP (lisp.h:2377)
==10951==    by 0x56149C: PSEUDOVECTORP (lisp.h:2391)
==10951==    by 0x561575: BUFFERP (lisp.h:2437)
==10951==    by 0x673C47: find_interval (intervals.c:669)
==10951==    by 0x6796F7: validate_interval_range (textprop.c:212)
==10951==    by 0x67B190: Ftext_properties_at (textprop.c:601)
==10951==    by 0x67B245: Fget_text_property (textprop.c:621)
==10951==    by 0x51FAD4: face_at_buffer_position (xfaces.c:5987)
==10951==    by 0x4439FD: handle_face_prop (xdisp.c:3815)
==10951==    by 0x4427D0: handle_stop (xdisp.c:3319)
==10951==    by 0x44C416: reseat (xdisp.c:6359)
==10951==    by 0x441789: init_iterator (xdisp.c:2975)
==10951==  Address 0x763cb10 is 0 bytes inside a block of size 960 free'd
==10951==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==10951==    by 0x5E1470: lisp_free (alloc.c:931)
==10951==    by 0x5EA618: gc_sweep (alloc.c:6637)
==10951==    by 0x5E8181: Fgarbage_collect (alloc.c:5572)
==10951==    by 0x562277: maybe_gc (lisp.h:4518)
==10951==    by 0x60A36B: eval_sub (eval.c:2075)
==10951==    by 0x6084A3: internal_lisp_condition_case (eval.c:1314)
==10951==    by 0x656A46: exec_byte_code (bytecode.c:1169)
==10951==    by 0x60C8DD: funcall_lambda (eval.c:2974)
==10951==    by 0x60C275: Ffuncall (eval.c:2855)
==10951==    by 0x60AE7C: Fapply (eval.c:2292)
==10951==    by 0x60BF66: Ffuncall (eval.c:2787)

I.e. the buffer is swept by GC and then (de)referenced in find_interval.

Dmitry






^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#16502: segmentation fault with org-capture
  2014-01-20  8:20 ` Dmitry Antipov
@ 2014-01-20  9:30   ` Dmitry Antipov
  2014-01-20 15:29     ` Nathan Froyd
  0 siblings, 1 reply; 7+ messages in thread
From: Dmitry Antipov @ 2014-01-20  9:30 UTC (permalink / raw)
  To: Nathan Froyd; +Cc: 16502

[-- Attachment #1: Type: text/plain, Size: 170 bytes --]

On 01/20/2014 12:20 PM, Dmitry Antipov wrote:

> Could you please run undumped (temacs) under valgrind?

...and please try this patch (for trunk), if possible.

Dmitry



[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: bug16502.patch --]
[-- Type: text/x-patch; name="bug16502.patch", Size: 1740 bytes --]

=== modified file 'src/buffer.c'
--- src/buffer.c	2014-01-01 07:43:34 +0000
+++ src/buffer.c	2014-01-20 09:22:59 +0000
@@ -1867,6 +1867,7 @@
 
   if (b->base_buffer)
     {
+      INTERVAL i;
       /* Unchain all markers that belong to this indirect buffer.
 	 Don't unchain the markers that belong to the base buffer
 	 or its other indirect buffers.  */
@@ -1881,6 +1882,14 @@
 	  else
 	    mp = &m->next;
 	}
+      /* Intervals should be owned by the base buffer (Bug#16502).  */
+      i = buffer_intervals (b);
+      if (i)
+	{
+	  Lisp_Object owner;
+	  XSETBUFFER (owner, b->base_buffer);
+	  set_interval_object (i, owner);
+	}
     }
   else
     {

=== modified file 'src/intervals.c'
--- src/intervals.c	2014-01-01 07:43:34 +0000
+++ src/intervals.c	2014-01-20 09:21:55 +0000
@@ -60,16 +60,7 @@
 \f
 /* Utility functions for intervals.  */
 
-/* Use these functions to set Lisp_Object
-   or pointer slots of struct interval.  */
-
-static void
-set_interval_object (INTERVAL i, Lisp_Object obj)
-{
-  eassert (BUFFERP (obj) || STRINGP (obj));
-  i->up_obj = 1;
-  i->up.obj = obj;
-}
+/* Use these functions to set pointer slots of struct interval.  */
 
 static void
 set_interval_left (INTERVAL i, INTERVAL left)

=== modified file 'src/intervals.h'
--- src/intervals.h	2014-01-01 07:43:34 +0000
+++ src/intervals.h	2014-01-20 09:22:10 +0000
@@ -134,6 +134,14 @@
    or pointer slots of struct interval.  */
 
 INLINE void
+set_interval_object (INTERVAL i, Lisp_Object obj)
+{
+  eassert (BUFFERP (obj) || STRINGP (obj));
+  i->up_obj = 1;
+  i->up.obj = obj;
+}
+
+INLINE void
 set_interval_parent (INTERVAL i, INTERVAL parent)
 {
   i->up_obj = false;


^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#16502: segmentation fault with org-capture
  2014-01-20  9:30   ` Dmitry Antipov
@ 2014-01-20 15:29     ` Nathan Froyd
  2014-01-20 17:13       ` Dmitry Antipov
  0 siblings, 1 reply; 7+ messages in thread
From: Nathan Froyd @ 2014-01-20 15:29 UTC (permalink / raw)
  To: Dmitry Antipov; +Cc: 16502

On Mon, Jan 20, 2014 at 4:30 AM, Dmitry Antipov <dmantipov@yandex.ru> wrote:
> On 01/20/2014 12:20 PM, Dmitry Antipov wrote:
>
>> Could you please run undumped (temacs) under valgrind?
>
>
> ...and please try this patch (for trunk), if possible.

The patch does not seem to make it much better; I can now do a couple
more cycles of <F2> m C-c C-k, but I can still segfault:

Program received signal SIGSEGV, Segmentation fault.
interval_has_some_properties_list (list=<optimized out>, i=0x0) at
/opt/src/repos/emacs.git/src/textprop.c:313
313          for (tail2 = i->plist; CONSP (tail2); tail2 = XCDR (XCDR (tail2)))
(gdb) where
#0  interval_has_some_properties_list (list=<optimized out>, i=0x0) at
/opt/src/repos/emacs.git/src/textprop.c:313
#1  0x00000000005860c6 in Fremove_list_of_text_properties (start=8,
end=88, list_of_properties=35158966, object=35587205) at
/opt/src/repos/emacs.git/src/textprop.c:1675
#2  0x000000000058c332 in update_compositions (from=2, to=<optimized
out>, check_mask=<optimized out>) at
/opt/src/repos/emacs.git/src/composite.c:590
#3  0x00000000004fb84e in insert_from_string (string=<optimized out>,
pos=<optimized out>, pos_byte=<optimized out>, length=<optimized out>,
length_byte=<optimized out>, inherit=<optimized out>) at
/opt/src/repos/emacs.git/src/insdel.c:871
#4  0x00000000005354d3 in general_insert_function
(insert_func=0x4fba10 <insert>, insert_from_string_func=0x4fb7eb
<insert_from_string>, inherit=false, nargs=1, args=0x7fffffffd168) at
/opt/src/repos/emacs.git/src/editfns.c:2248
#5  0x00000000005355b1 in Finsert (nargs=<optimized out>,
args=<optimized out>) at /opt/src/repos/emacs.git/src/editfns.c:2289
#6  0x000000000056fa17 in exec_byte_code (bytestr=<optimized out>,
vector=20010141, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1559
#7  0x000000000053da0a in funcall_lambda (fun=20014517, nargs=0,
arg_vector=0x7fffffffd350) at /opt/src/repos/emacs.git/src/eval.c:3040
#8  0x000000000053dde4 in Ffuncall (nargs=1, args=0x7fffffffd348) at
/opt/src/repos/emacs.git/src/eval.c:2855
#9  0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=20009533, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#10 0x000000000053da0a in funcall_lambda (fun=20001933, nargs=1,
arg_vector=0x7fffffffd530) at /opt/src/repos/emacs.git/src/eval.c:3040
#11 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffd528) at
/opt/src/repos/emacs.git/src/eval.c:2855
#12 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=19985765, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#13 0x0000000000570c7b in Fbyte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:482
#14 0x000000000053d323 in eval_sub (form=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:2182
#15 0x000000000053ff74 in internal_lisp_condition_case (var=11931170,
bodyform=33506902, handlers=<optimized out>) at
/opt/src/repos/emacs.git/src/eval.c:1314
#16 0x000000000056ea5b in exec_byte_code (bytestr=<optimized out>,
vector=19993277, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:1169
#17 0x000000000053da0a in funcall_lambda (fun=19993861, nargs=1,
arg_vector=0x7fffffffda08) at /opt/src/repos/emacs.git/src/eval.c:3040
#18 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffda00) at
/opt/src/repos/emacs.git/src/eval.c:2855
#19 0x000000000053b345 in Fcall_interactively (function=16681218,
record_flag=11879666, keys=11914685) at
/opt/src/repos/emacs.git/src/callint.c:836
#20 0x000000000053dcd0 in Ffuncall (nargs=4, args=0x7fffffffdbc8) at
/opt/src/repos/emacs.git/src/eval.c:2813
#21 0x000000000056dc35 in exec_byte_code (bytestr=<optimized out>,
vector=9353333, maxdepth=<optimized out>, args_template=<optimized
out>, nargs=<optimized out>, args=<optimized out>) at
/opt/src/repos/emacs.git/src/bytecode.c:919
#22 0x000000000053d810 in funcall_lambda (fun=9353253, nargs=1,
arg_vector=0x7fffffffddb8) at /opt/src/repos/emacs.git/src/eval.c:2974
#23 0x000000000053dde4 in Ffuncall (nargs=2, args=0x7fffffffddb0) at
/opt/src/repos/emacs.git/src/eval.c:2855
#24 0x000000000053e031 in call1 (fn=<optimized out>, arg1=<optimized
out>) at /opt/src/repos/emacs.git/src/eval.c:2605
#25 0x00000000004e2c17 in command_loop_1 () at
/opt/src/repos/emacs.git/src/keyboard.c:1552
#26 0x000000000053c4a6 in internal_condition_case (bfun=0x4e26ee
<command_loop_1>, handlers=11931170, hfun=0x4d9ac9 <cmd_error>) at
/opt/src/repos/emacs.git/src/eval.c:1345
#27 0x00000000004d91a1 in command_loop_2 (ignore=<optimized out>) at
/opt/src/repos/emacs.git/src/keyboard.c:1170
#28 0x000000000053c38d in internal_catch (tag=11927106, func=0x4d9187
<command_loop_2>, arg=11879666) at
/opt/src/repos/emacs.git/src/eval.c:1109
#29 0x00000000004d96f2 in command_loop () at
/opt/src/repos/emacs.git/src/keyboard.c:1149
#30 recursive_edit_1 () at /opt/src/repos/emacs.git/src/keyboard.c:777
#31 0x00000000004d99f7 in Frecursive_edit () at
/opt/src/repos/emacs.git/src/keyboard.c:841
#32 0x00000000004d5b4f in main (argc=<optimized out>,
argv=0x7fffffffe158) at /opt/src/repos/emacs.git/src/emacs.c:1643
(gdb)

Still can run away allocating memory too.  What I see in valgrind
during a runaway alloc is this:

==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x5840EE: set_point_both (intervals.c:1921)
==17543==    by 0x58469F: set_point (intervals.c:1816)
==17543==    by 0x5363D9: Fgoto_char (editfns.c:239)
==17543==    by 0x56F9D6: exec_byte_code (bytecode.c:1553)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x570C7A: Fbyte_code (bytecode.c:482)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x581DA1: balance_possible_root_interval (lisp.h:2377)
==17543==    by 0x582A0F: find_interval (intervals.c:675)
==17543==    by 0x5840EE: set_point_both (intervals.c:1921)
==17543==    by 0x58469F: set_point (intervals.c:1816)
==17543==    by 0x5363D9: Fgoto_char (editfns.c:239)
==17543==    by 0x56F9D6: exec_byte_code (bytecode.c:1553)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x581DB4: balance_possible_root_interval (buffer.h:1160)
==17543==    by 0x582A0F: find_interval (intervals.c:675)
==17543==    by 0x5840EE: set_point_both (intervals.c:1921)
==17543==    by 0x58469F: set_point (intervals.c:1816)
==17543==    by 0x5363D9: Fgoto_char (editfns.c:239)
==17543==    by 0x56F9D6: exec_byte_code (bytecode.c:1553)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==  Address 0xff05250 is 704 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x584151: set_point_both (intervals.c:1935)
==17543==    by 0x58469F: set_point (intervals.c:1816)
==17543==    by 0x5363D9: Fgoto_char (editfns.c:239)
==17543==    by 0x56F9D6: exec_byte_code (bytecode.c:1553)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x570C7A: Fbyte_code (bytecode.c:482)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x585DA7: validate_interval_range (textprop.c:212)
==17543==    by 0x587705: Ftext_properties_at (textprop.c:601)
==17543==    by 0x587771: Fget_text_property (textprop.c:621)
==17543==    by 0x587B90: get_char_property_and_overlay (textprop.c:688)
==17543==    by 0x587C02: Fget_char_property (textprop.c:702)
==17543==    by 0x535FF3: Fconstrain_to_field (editfns.c:682)
==17543==    by 0x536369: Fline_beginning_position (editfns.c:780)
==17543==    by 0x50B4E7: Fbeginning_of_line (cmds.c:172)
==17543==    by 0x53DC9B: Ffuncall (eval.c:2806)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x58908E: verify_interval_modification (textprop.c:2280)
==17543==    by 0x4F9AEB: prepare_to_modify_buffer_1 (insdel.c:1817)
==17543==    by 0x4F9FFB: prepare_to_modify_buffer (insdel.c:1872)
==17543==    by 0x4FAE3A: del_range_1 (insdel.c:1584)
==17543==    by 0x4FAEE5: del_range (insdel.c:1559)
==17543==    by 0x533617: Fdelete_region (editfns.c:3232)
==17543==    by 0x570188: exec_byte_code (bytecode.c:1728)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x584CC6: copy_intervals (intervals.c:2265)
==17543==    by 0x584E5E: copy_intervals_to_string (intervals.c:2300)
==17543==    by 0x5394D5: make_buffer_string_both (editfns.c:2511)
==17543==    by 0x4F98E7: del_range_2 (insdel.c:1715)
==17543==    by 0x4FAE91: del_range_1 (insdel.c:1591)
==17543==    by 0x4FAEE5: del_range (insdel.c:1559)
==17543==    by 0x533617: Fdelete_region (editfns.c:3232)
==17543==    by 0x570188: exec_byte_code (bytecode.c:1728)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x583F27: offset_intervals (lisp.h:2377)
==17543==    by 0x4F9973: del_range_2 (insdel.c:1734)
==17543==    by 0x4FAE91: del_range_1 (insdel.c:1591)
==17543==    by 0x4FAEE5: del_range (insdel.c:1559)
==17543==    by 0x533617: Fdelete_region (editfns.c:3232)
==17543==    by 0x570188: exec_byte_code (bytecode.c:1728)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x581ECE: delete_interval (lisp.h:2377)
==17543==    by 0x582226: interval_deletion_adjustment (intervals.c:1334)
==17543==    by 0x583F99: offset_intervals (intervals.c:1382)
==17543==    by 0x4F9973: del_range_2 (insdel.c:1734)
==17543==    by 0x4FAE91: del_range_1 (insdel.c:1591)
==17543==    by 0x4FAEE5: del_range (insdel.c:1559)
==17543==    by 0x533617: Fdelete_region (editfns.c:3232)
==17543==    by 0x570188: exec_byte_code (bytecode.c:1728)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x581EE1: delete_interval (buffer.h:1160)
==17543==    by 0x582226: interval_deletion_adjustment (intervals.c:1334)
==17543==    by 0x583F99: offset_intervals (intervals.c:1382)
==17543==    by 0x4F9973: del_range_2 (insdel.c:1734)
==17543==    by 0x4FAE91: del_range_1 (insdel.c:1591)
==17543==    by 0x4FAEE5: del_range (insdel.c:1559)
==17543==    by 0x533617: Fdelete_region (editfns.c:3232)
==17543==    by 0x570188: exec_byte_code (bytecode.c:1728)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==  Address 0xff05250 is 704 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x5848A1: get_property_and_range (intervals.c:2174)
==17543==    by 0x58B462: find_composition (composite.c:431)
==17543==    by 0x58BD5E: update_compositions (composite.c:520)
==17543==    by 0x4FAEBB: del_range_1 (insdel.c:1594)
==17543==    by 0x4FAEE5: del_range (insdel.c:1559)
==17543==    by 0x533617: Fdelete_region (editfns.c:3232)
==17543==    by 0x570188: exec_byte_code (bytecode.c:1728)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x588C74: verify_interval_modification (textprop.c:2179)
==17543==    by 0x4F9B0C: prepare_to_modify_buffer_1 (insdel.c:1823)
==17543==    by 0x4F9FFB: prepare_to_modify_buffer (insdel.c:1872)
==17543==    by 0x4FA168: insert_from_string_1 (insdel.c:919)
==17543==    by 0x4FB814: insert_from_string (insdel.c:868)
==17543==    by 0x5354D2: general_insert_function (editfns.c:2248)
==17543==    by 0x5355B0: Finsert (editfns.c:2289)
==17543==    by 0x56FA16: exec_byte_code (bytecode.c:1559)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x583414: offset_intervals (lisp.h:2377)
==17543==    by 0x4FA304: insert_from_string_1 (insdel.c:968)
==17543==    by 0x4FB814: insert_from_string (insdel.c:868)
==17543==    by 0x5354D2: general_insert_function (editfns.c:2248)
==17543==    by 0x5355B0: Finsert (editfns.c:2289)
==17543==    by 0x56FA16: exec_byte_code (bytecode.c:1559)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x58344D: offset_intervals (intervals.c:864)
==17543==    by 0x4FA304: insert_from_string_1 (insdel.c:968)
==17543==    by 0x4FB814: insert_from_string (insdel.c:868)
==17543==    by 0x5354D2: general_insert_function (editfns.c:2248)
==17543==    by 0x5355B0: Finsert (editfns.c:2289)
==17543==    by 0x56FA16: exec_byte_code (bytecode.c:1559)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543== Invalid read of size 8
==17543==    at 0x581DA1: balance_possible_root_interval (lisp.h:2377)
==17543==    by 0x58362C: offset_intervals (intervals.c:963)
==17543==    by 0x4FA304: insert_from_string_1 (insdel.c:968)
==17543==    by 0x4FB814: insert_from_string (insdel.c:868)
==17543==    by 0x5354D2: general_insert_function (editfns.c:2248)
==17543==    by 0x5355B0: Finsert (editfns.c:2289)
==17543==    by 0x56FA16: exec_byte_code (bytecode.c:1559)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x581DB4: balance_possible_root_interval (buffer.h:1160)
==17543==    by 0x58362C: offset_intervals (intervals.c:963)
==17543==    by 0x4FA304: insert_from_string_1 (insdel.c:968)
==17543==    by 0x4FB814: insert_from_string (insdel.c:868)
==17543==    by 0x5354D2: general_insert_function (editfns.c:2248)
==17543==    by 0x5355B0: Finsert (editfns.c:2289)
==17543==    by 0x56FA16: exec_byte_code (bytecode.c:1559)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==  Address 0xff05250 is 704 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x5829EC: find_interval (lisp.h:2377)
==17543==    by 0x582EE0: graft_intervals_into_buffer (intervals.c:1659)
==17543==    by 0x4FA348: insert_from_string_1 (insdel.c:976)
==17543==    by 0x4FB814: insert_from_string (insdel.c:868)
==17543==    by 0x5354D2: general_insert_function (editfns.c:2248)
==17543==    by 0x5355B0: Finsert (editfns.c:2289)
==17543==    by 0x56FA16: exec_byte_code (bytecode.c:1559)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x581DA1: balance_possible_root_interval (lisp.h:2377)
==17543==    by 0x58299F: split_interval_left (intervals.c:615)
==17543==    by 0x582F48: graft_intervals_into_buffer (intervals.c:1669)
==17543==    by 0x4FA348: insert_from_string_1 (insdel.c:976)
==17543==    by 0x4FB814: insert_from_string (insdel.c:868)
==17543==    by 0x5354D2: general_insert_function (editfns.c:2248)
==17543==    by 0x5355B0: Finsert (editfns.c:2289)
==17543==    by 0x56FA16: exec_byte_code (bytecode.c:1559)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x581DB4: balance_possible_root_interval (buffer.h:1160)
==17543==    by 0x58299F: split_interval_left (intervals.c:615)
==17543==    by 0x582F48: graft_intervals_into_buffer (intervals.c:1669)
==17543==    by 0x4FA348: insert_from_string_1 (insdel.c:976)
==17543==    by 0x4FB814: insert_from_string (insdel.c:868)
==17543==    by 0x5354D2: general_insert_function (editfns.c:2248)
==17543==    by 0x5355B0: Finsert (editfns.c:2289)
==17543==    by 0x56FA16: exec_byte_code (bytecode.c:1559)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==  Address 0xff05250 is 704 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x583414: offset_intervals (lisp.h:2377)
==17543==    by 0x4FA538: insert_1_both (insdel.c:839)
==17543==    by 0x4FB9C0: insert_and_inherit (insdel.c:593)
==17543==    by 0x50B1E9: internal_self_insert (cmds.c:489)
==17543==    by 0x50B490: Fself_insert_command (cmds.c:310)
==17543==    by 0x53DC9B: Ffuncall (eval.c:2806)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53D80F: funcall_lambda (eval.c:2974)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x583F27: offset_intervals (lisp.h:2377)
==17543==    by 0x4FB260: replace_range (insdel.c:1411)
==17543==    by 0x5131C2: Freplace_match (search.c:2622)
==17543==    by 0x53DD19: Ffuncall (eval.c:2822)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x53DA09: funcall_lambda (eval.c:3040)
==17543==    by 0x53DDE3: Ffuncall (eval.c:2855)
==17543==    by 0x56DC34: exec_byte_code (bytecode.c:919)
==17543==    by 0x570C7A: Fbyte_code (bytecode.c:482)
==17543==  Address 0xff04f90 is 0 bytes inside a block of size 960 free'd
==17543==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x52417C: lisp_free (alloc.c:931)
==17543==    by 0x528990: Fgarbage_collect (alloc.c:6637)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)
==17543==    by 0x43A3E4: display_mode_element (xdisp.c:21636)
==17543==    by 0x43A592: display_mode_element (xdisp.c:21717)
==17543==    by 0x43EB91: display_mode_line (xdisp.c:21234)
==17543==    by 0x43EDFD: display_mode_lines (xdisp.c:21177)
==17543==
==17543== Invalid read of size 8
==17543==    at 0x8FD6CA0: memrchr (memrchr.S:349)
==17543==    by 0x516C1C: find_newline (search.c:838)
==17543==    by 0x516E06: find_newline_no_quit (search.c:918)
==17543==    by 0x4407BE: back_to_previous_visible_line_start (xdisp.c:6008)
==17543==    by 0x441023: move_it_vertically_backward (xdisp.c:9174)
==17543==    by 0x45577E: redisplay_window (xdisp.c:16224)
==17543==    by 0x45683E: redisplay_window_0 (xdisp.c:14054)
==17543==    by 0x53C5B2: internal_condition_case_1 (eval.c:1369)
==17543==    by 0x42B95E: redisplay_windows (xdisp.c:14034)
==17543==    by 0x42B92F: redisplay_windows (xdisp.c:14028)
==17543==    by 0x4430C9: redisplay_internal (xdisp.c:13633)
==17543==    by 0x444201: redisplay (xdisp.c:12919)
==17543==  Address 0x1094bcc8 is 0 bytes after a block of size 24 alloc'd
==17543==    at 0x4C2B7B2: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17543==    by 0x524506: xrealloc (alloc.c:717)
==17543==    by 0x4F5FE4: enlarge_buffer_text (buffer.c:5068)
==17543==    by 0x4F905A: make_gap (insdel.c:465)
==17543==    by 0x4F9103: make_gap_1 (insdel.c:503)
==17543==    by 0x4F2894: compact_buffer (buffer.c:1677)
==17543==    by 0x5279AD: Fgarbage_collect (alloc.c:5461)
==17543==    by 0x53DB1E: Ffuncall (lisp.h:4518)
==17543==    by 0x53C7E5: internal_condition_case_n (eval.c:1427)
==17543==    by 0x42FA86: safe_call (xdisp.c:2563)
==17543==    by 0x42FAC9: safe_call1 (xdisp.c:2579)
==17543==    by 0x42FD41: safe_eval (xdisp.c:2587)





^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#16502: segmentation fault with org-capture
  2014-01-20 15:29     ` Nathan Froyd
@ 2014-01-20 17:13       ` Dmitry Antipov
  2014-01-20 17:23         ` Nathan Froyd
  0 siblings, 1 reply; 7+ messages in thread
From: Dmitry Antipov @ 2014-01-20 17:13 UTC (permalink / raw)
  To: Nathan Froyd; +Cc: 16502

On 01/20/2014 07:29 PM, Nathan Froyd wrote:

> The patch does not seem to make it much better; I can now do a couple
> more cycles of <F2> m C-c C-k, but I can still segfault:

Hm...I tried a lot with this patch, and was unable to reproduce again.
IIUC you're running without ENABLE_CHECKING; could you please try to run
debugging version configured with:

CFLAGS='-O0 -g3' ./configure --enable-check-lisp-object-type --enable-checking

Hopefully eassert will be raised somewhere before SIGSEGV; and all debugging
tools works much better with these CFLAGS.

If debugging version doesn't work too, try to obtain core dump and
put your '-O0 -g3' emacs _and_ temacs binaries plus core dump somewhere
on the net - I'll try to look into them.

Dmitry






^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#16502: segmentation fault with org-capture
  2014-01-20 17:13       ` Dmitry Antipov
@ 2014-01-20 17:23         ` Nathan Froyd
  2014-01-21  2:32           ` Dmitry Antipov
  0 siblings, 1 reply; 7+ messages in thread
From: Nathan Froyd @ 2014-01-20 17:23 UTC (permalink / raw)
  To: Dmitry Antipov; +Cc: 16502

On Mon, Jan 20, 2014 at 12:13 PM, Dmitry Antipov <dmantipov@yandex.ru> wrote:
> On 01/20/2014 07:29 PM, Nathan Froyd wrote:
> Hm...I tried a lot with this patch, and was unable to reproduce again.
> IIUC you're running without ENABLE_CHECKING; could you please try to run
> debugging version configured with:
>
> CFLAGS='-O0 -g3' ./configure --enable-check-lisp-object-type
> --enable-checking
>
> Hopefully eassert will be raised somewhere before SIGSEGV; and all debugging
> tools works much better with these CFLAGS.

I apologize, but previously I only patch --dry-run'd the patch and
didn't actually apply it.  With the patch properly applied, I cannot
reproduce the crashes or the runaway memory allocation.  Thank you for
looking into this.





^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#16502: segmentation fault with org-capture
  2014-01-20 17:23         ` Nathan Froyd
@ 2014-01-21  2:32           ` Dmitry Antipov
  0 siblings, 0 replies; 7+ messages in thread
From: Dmitry Antipov @ 2014-01-21  2:32 UTC (permalink / raw)
  To: Nathan Froyd; +Cc: 16502

On 01/20/2014 09:23 PM, Nathan Froyd wrote:

> I apologize, but previously I only patch --dry-run'd the patch and
> didn't actually apply it.  With the patch properly applied, I cannot
> reproduce the crashes or the runaway memory allocation.  Thank you for
> looking into this.

OK, hopefully this should be fixed in r116090.

Dmitry






^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2014-01-21  2:32 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-19 21:15 bug#16502: segmentation fault with org-capture Nathan Froyd
2014-01-20  8:20 ` Dmitry Antipov
2014-01-20  9:30   ` Dmitry Antipov
2014-01-20 15:29     ` Nathan Froyd
2014-01-20 17:13       ` Dmitry Antipov
2014-01-20 17:23         ` Nathan Froyd
2014-01-21  2:32           ` Dmitry Antipov

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).