From: Philip Kaludercic <philipk@posteo.net>
To: 61896@debbugs.gnu.org
Subject: bug#61896: 30.0.50; Emacs crashes because of an invalid free
Date: Wed, 01 Mar 2023 20:25:11 +0000 [thread overview]
Message-ID: <87fsaoqkwo.fsf@posteo.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 454 bytes --]
Emacs just crashes out of nowhere, e.g. after I open a my init file.
I have had this device for a while on a device of mine, that I couldn't
reproduce on my main workstation or using emacs -Q. Apparently this
could be related to some faulty byte-code.
The best I could do to detect this issue was to build Emacs using
-fsanitize=address and I managed to reprodce the issue reliably by
invoking package-recompile-all. I collected the following log:
[-- Attachment #2: log.1 --]
[-- Type: text/plain, Size: 5581 bytes --]
$ ./src/emacs
=================================================================
==74401==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7ffe72b89e70 in thread T0
#0 0x7fa972cb76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0x55dbfb6adcb7 in xfree /home/philip/Source/emacs/src/alloc.c:845
#2 0x55dbfb7158cc in safe_free /home/philip/Source/emacs/src/lisp.h:5409
#3 0x55dbfb72486b in apply_lambda /home/philip/Source/emacs/src/eval.c:3111
#4 0x55dbfb7211b3 in eval_sub /home/philip/Source/emacs/src/eval.c:2547
#5 0x55dbfb717052 in Fprogn /home/philip/Source/emacs/src/eval.c:436
#6 0x55dbfb6f889e in Fsave_current_buffer /home/philip/Source/emacs/src/editfns.c:869
#7 0x55dbfb7202af in eval_sub /home/philip/Source/emacs/src/eval.c:2451
#8 0x55dbfb717052 in Fprogn /home/philip/Source/emacs/src/eval.c:436
#9 0x55dbfb7202af in eval_sub /home/philip/Source/emacs/src/eval.c:2451
#10 0x55dbfb716dd8 in Fif /home/philip/Source/emacs/src/eval.c:391
#11 0x55dbfb7202af in eval_sub /home/philip/Source/emacs/src/eval.c:2451
#12 0x55dbfb717052 in Fprogn /home/philip/Source/emacs/src/eval.c:436
#13 0x55dbfb719c61 in Flet /home/philip/Source/emacs/src/eval.c:1026
#14 0x55dbfb7202af in eval_sub /home/philip/Source/emacs/src/eval.c:2451
#15 0x55dbfb717052 in Fprogn /home/philip/Source/emacs/src/eval.c:436
#16 0x55dbfb7250fe in funcall_lambda /home/philip/Source/emacs/src/eval.c:3235
#17 0x55dbfb7231d1 in funcall_general /home/philip/Source/emacs/src/eval.c:2959
#18 0x55dbfb7c0ab9 in exec_byte_code /home/philip/Source/emacs/src/bytecode.c:811
#19 0x55dbfb72446b in fetch_and_exec_byte_code /home/philip/Source/emacs/src/eval.c:3083
#20 0x55dbfb724c00 in funcall_lambda /home/philip/Source/emacs/src/eval.c:3155
#21 0x55dbfb7230ac in funcall_general /home/philip/Source/emacs/src/eval.c:2947
#22 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
#23 0x55dbfb72241c in run_hook_wrapped_funcall /home/philip/Source/emacs/src/eval.c:2775
#24 0x55dbfb72286b in run_hook_with_args /home/philip/Source/emacs/src/eval.c:2856
#25 0x55dbfb7224af in Frun_hook_wrapped /home/philip/Source/emacs/src/eval.c:2790
#26 0x55dbfb7242e9 in funcall_subr /home/philip/Source/emacs/src/eval.c:3061
#27 0x55dbfb7c0a90 in exec_byte_code /home/philip/Source/emacs/src/bytecode.c:809
#28 0x55dbfb72446b in fetch_and_exec_byte_code /home/philip/Source/emacs/src/eval.c:3083
#29 0x55dbfb724c00 in funcall_lambda /home/philip/Source/emacs/src/eval.c:3155
#30 0x55dbfb7230ac in funcall_general /home/philip/Source/emacs/src/eval.c:2947
#31 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
#32 0x55dbfb57b1a5 in call1 /home/philip/Source/emacs/src/lisp.h:3247
#33 0x55dbfb581f85 in Fkill_emacs /home/philip/Source/emacs/src/emacs.c:2884
#34 0x55dbfb723a9e in funcall_subr /home/philip/Source/emacs/src/eval.c:3038
#35 0x55dbfb7c0a90 in exec_byte_code /home/philip/Source/emacs/src/bytecode.c:809
#36 0x55dbfb72446b in fetch_and_exec_byte_code /home/philip/Source/emacs/src/eval.c:3083
#37 0x55dbfb724c00 in funcall_lambda /home/philip/Source/emacs/src/eval.c:3155
#38 0x55dbfb7230ac in funcall_general /home/philip/Source/emacs/src/eval.c:2947
#39 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
#40 0x55dbfb70f126 in Ffuncall_interactively /home/philip/Source/emacs/src/callint.c:250
#41 0x55dbfb7242e9 in funcall_subr /home/philip/Source/emacs/src/eval.c:3061
#42 0x55dbfb723060 in funcall_general /home/philip/Source/emacs/src/eval.c:2943
#43 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
#44 0x55dbfb7130fa in Fcall_interactively /home/philip/Source/emacs/src/callint.c:787
#45 0x55dbfb723b6b in funcall_subr /home/philip/Source/emacs/src/eval.c:3040
#46 0x55dbfb7c0a90 in exec_byte_code /home/philip/Source/emacs/src/bytecode.c:809
#47 0x55dbfb72446b in fetch_and_exec_byte_code /home/philip/Source/emacs/src/eval.c:3083
#48 0x55dbfb724c00 in funcall_lambda /home/philip/Source/emacs/src/eval.c:3155
#49 0x55dbfb7230ac in funcall_general /home/philip/Source/emacs/src/eval.c:2947
#50 0x55dbfb723553 in Ffuncall /home/philip/Source/emacs/src/eval.c:2997
#51 0x55dbfb58481a in call1 /home/philip/Source/emacs/src/lisp.h:3247
#52 0x55dbfb58b2d4 in command_loop_1 /home/philip/Source/emacs/src/keyboard.c:1494
#53 0x55dbfb71b9c0 in internal_condition_case /home/philip/Source/emacs/src/eval.c:1474
#54 0x55dbfb58985d in command_loop_2 /home/philip/Source/emacs/src/keyboard.c:1124
#55 0x55dbfb71a346 in internal_catch /home/philip/Source/emacs/src/eval.c:1197
#56 0x55dbfb589785 in command_loop /home/philip/Source/emacs/src/keyboard.c:1102
#57 0x55dbfb5880eb in recursive_edit_1 /home/philip/Source/emacs/src/keyboard.c:711
#58 0x55dbfb5884af in Frecursive_edit /home/philip/Source/emacs/src/keyboard.c:794
#59 0x55dbfb580b41 in main /home/philip/Source/emacs/src/emacs.c:2530
#60 0x7fa970438189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#61 0x7fa970438244 in __libc_start_main_impl ../csu/libc-start.c:381
#62 0x55dbfb280830 in _start (/home/philip/Source/emacs/src/emacs+0x132830)
Address 0x7ffe72b89e70 is located in stack of thread T0
SUMMARY: AddressSanitizer: bad-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52 in __interceptor_free
==74401==ABORTING
[-- Attachment #3: Type: text/plain, Size: 3374 bytes --]
I ran the same command in batch mode, and now the issue appears to be
fixed. This gives me no reassurance, as a few days ago the I had
temporary managed to acchive the same state and then Emacs crashed again
after rebuilding again.
In GNU Emacs 30.0.50 (build 4, x86_64-pc-linux-gnu, GTK+ Version
3.24.36, cairo version 1.16.0) of 2023-03-01 built on quetzal
Repository revision: 4b99015e15a23bd5cbec021d53ef9fcca25b2441
Repository branch: master
System Description: Debian GNU/Linux bookworm/sid
Configured using:
'configure --with-pgtk 'CFLAGS=-O0 -ggdb3 -fsanitize=address''
Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 MODULES NOTIFY INOTIFY
PDUMPER PGTK PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM GTK3 ZLIB
Important settings:
value of $LC_MONETARY: en_US.UTF-8
value of $LC_NUMERIC: en_US.UTF-8
value of $LC_TIME: en_US.UTF-8
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: @im=ibus
locale-coding-system: utf-8-unix
Major mode: ELisp/l
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
show-paren-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
line-number-mode: t
transient-mark-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Load-path shadows:
None found.
Features:
(shadow sort emacsbug mail-extr message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils
cus-edit pp cus-start cus-load icons wid-edit misearch multi-isearch
vc-git diff-mode easy-mmode vc-dispatcher cl-loaddefs cl-lib rmc
iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook
vc-hooks lisp-float-type elisp-mode mwheel term/pgtk-win pgtk-win
term/common-win pgtk-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode lisp-mode prog-mode register
page tab-bar menu-bar rfn-eshadow isearch easymenu timer select
scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors
frame minibuffer nadvice seq simple cl-generic indonesian philippine
cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese composite emoji-zwj charscript
charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp
files window text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget keymap hashtable-print-readable backquote
threads dbusbind inotify dynamic-setting system-font-setting
font-render-setting cairo gtk pgtk lcms2 multi-tty make-network-process
emacs)
Memory information:
((conses 16 65648 11383)
(symbols 48 7380 0)
(strings 32 19680 1617)
(string-bytes 1 540967)
(vectors 16 12795)
(vector-slots 8 182734 13738)
(floats 8 32 68)
(intervals 56 625 8)
(buffers 984 13))
next reply other threads:[~2023-03-01 20:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-01 20:25 Philip Kaludercic [this message]
2023-03-02 6:15 ` bug#61896: 30.0.50; Emacs crashes because of an invalid free Eli Zaretskii
2023-03-02 8:53 ` Philip Kaludercic
2023-03-02 9:41 ` Eli Zaretskii
2023-03-02 12:20 ` Mattias Engdegård
2023-03-02 15:21 ` Mattias Engdegård
2023-03-02 17:41 ` Philip Kaludercic
2023-03-02 10:30 ` Rah Guzar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2023-03-02 10:58 ` Philip Kaludercic
2023-03-03 10:51 ` Rah Guzar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2023-03-03 18:00 ` Philip Kaludercic
2023-03-06 19:52 ` Rah Guzar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2023-09-06 0:02 ` Stefan Kangas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fsaoqkwo.fsf@posteo.net \
--to=philipk@posteo.net \
--cc=61896@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).