bug#443: [Fwd: emacs installation - segmentation fault during unexec]

bug#443: [Fwd: emacs installation - segmentation fault during unexec]

[esf]

Sorry,

My previous message could not be sent because of mailbox limitation.
The attached file is worth 12MB.

Is there anywhere I can send it ?
If not, here is the backtrace:

(gdb) bt
#0  0x0063c17c in memcpy () from /lib/tls/libc.so.6
#1  0x0817cb56 in unexec (
     new_name=0x85e9e94 
"/tmp/esf_emacs-22.1/generated/work/emacs-22.1/src/emacs",
     old_name=0x85e9ed0 
"/tmp/esf_emacs-22.1/generated/work/emacs-22.1/src/temacs", 
data_start=137480080, bss_start=0, entry_address=0) at unexelf.c:950
#2  0x080eb898 in Fdump_emacs (filename=140594875, symfile=140594859)
     at emacs.c:2277
#3  0x0815326a in Feval (form=138374717) at eval.c:2331
#4  0x0815363f in Fprogn (args=138375061) at eval.c:447
#5  0x08153452 in Feval (form=138379957) at eval.c:2275
#6  0x08153452 in Feval (form=138381677) at eval.c:2275
#7  0x0816ba89 in readevalloop (readcharfun=138194961, stream=0x83f3080,
     sourcename=138356763, evalfun=0x8152ec0 <Feval>, printflag=0,
     unibyte=138127561, readfun=138127561, start=138127561, end=138127561)
     at lread.c:1543
#8  0x0816d05c in Fload (file=Variable "file" is not available.
) at lread.c:1009
#9  0x081532d9 in Feval (form=138112413) at eval.c:2342
#10 0x080f3253 in top_level_2 () at keyboard.c:1338
#11 0x0815280b in internal_condition_case (bfun=0x80f3240 <top_level_2>,
     handlers=138173017, hfun=0x80f6960 <cmd_error>) at eval.c:1481
#12 0x080f5d51 in top_level_1 () at keyboard.c:1346
#13 0x081528cc in internal_catch (tag=138166201,
     func=0x80f5d20 <top_level_1>, arg=138127561) at eval.c:1222
#14 0x080f678a in command_loop () at keyboard.c:1303
#15 0x080f6b38 in recursive_edit_1 () at keyboard.c:1006
#16 0x080f6c25 in Frecursive_edit () at keyboard.c:1067
#17 0x080ecb92 in main (argc=Cannot access memory at address 0xaf800
) at emacs.c:1762
(gdb)



Forgot to indicate that emacs-version is 22.1.1


Thanks for your concern.

Regards,
Pierre-Louis ESCOUFLAIRE


-------- Original Message --------
Subject: emacs installation - segmentation fault during unexec
Date: Wed, 18 Jun 2008 15:40:15 +0200
From: esf@cfmu.eurocontrol.int
To: bug-gnu-emacs@gnu.org


Please write in English if possible, because the Emacs maintainers
usually do not have translators to read other languages for them.

Your bug report will be posted to the bug-gnu-emacs@gnu.org mailing
list, and to the gnu.emacs.bug news group.

Please describe exactly what actions triggered the bug
and the precise symptoms of the bug:



Emacs build core-dumped during unexec() / memcopy().
See attached file 'emacs-22.1-with_coredump.tar.gz'.

The archive contains the coredump at  'emacs-22.1/src/core.433'.
The coredump was generated from       'emacs-22.1/src/temacs'
                     with command       'temacs -batch -l loadup dump'.
More information can be found in      'emacs/pkg_*.log'.

Unfortunately, the bug seems to appear randomly.
I hope the given information is enough.


Thanks for your concern.

Regards,
Pierre-Louis ESCOUFLAIRE


____

This message and any files transmitted with it are legally privileged and intended for the sole use of the individual(s) or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by reply and delete the message and any attachments from your system. Any unauthorised use or disclosure of the content of this message is strictly prohibited and may be unlawful.

Nothing in this e-mail message amounts to a contractual or legal commitment on the part of EUROCONTROL, unless it is confirmed by appropriately signed hard copy.

Any views expressed in this message are those of the sender.

bug#443: [Fwd: emacs installation - segmentation fault during unexec]

[Stefan Monnier]

> Forgot to indicate that emacs-version is 22.1.1

Please try it again with Emacs-22.2 or (even better) with the
Emacs-CVS trunk.

> See attached file 'emacs-22.1-with_coredump.tar.gz'.

Coredumps usually don't make any sense anywhere else than on the
machine on which the executable was built.  Never send them like this to
anyone unless requested to.

OTOH, a useful piece of information would be to indicate if you've
encountered your problem on an Commodore 64, a Cray, or a Mac OS
X machine, maybe also mention the version of the OS, ... or better yet:
use M-x report-emacs-bug which will automatically add this info to
your report.


        Stefan

bug#443: [Fwd: emacs installation - segmentation fault during unexec]

[Nick Roberts]

 > My previous message could not be sent because of mailbox limitation.
 > The attached file is worth 12MB.
 > 
 > Is there anywhere I can send it ?
 > If not, here is the backtrace:

Please don't even _think_ about sending a 12MB to the mailing list.  If someone
asks for it you can send it to them.  Otherwise you could upload it somewhere
and point to the URL.  A 12MB file takes about 40 minutes to download on
dial-up and probably 99% of subscribers won't be interested in seeing the data.

-- 
Nick                                           http://www.inet.net.nz/~nickrob

bug#443: [Fwd: emacs installation - segmentation fault during unexec]

[Richard M Stallman]

    My previous message could not be sent because of mailbox limitation.
    The attached file is worth 12MB.

Please do not email such files over 100k without asking first.

bug#443: [Fwd: emacs installation - segmentation fault during unexec]

[esf]

Hello,

My deepest apologies for trying to send such a mail, I should have 
thought about it first (sometimes, we are doing stupid things).

Anyway, I tried again with emacs-22.2 and the same problem occurs with 
approximatively the same backtrace, i.e:

#0  0x0026a17c in memcpy () from /lib/tls/libc.so.6
#1  0x0817d5a6 in unexec (new_name=0x857d414 
"/tmp/esf_emacs-22.2/generated/work/emacs-22.2/src/emacs",
     old_name=0x857d450 
"/tmp/esf_emacs-22.2/generated/work/emacs-22.2/src/temacs", 
data_start=137491440, bss_start=0, entry_address=0)
     at unexelf.c:951
#2  0x080ec068 in Fdump_emacs (filename=140370971, symfile=140370955) at 
emacs.c:2286
#3  0x08153bca in Feval (form=138175205) at eval.c:2327
#4  0x08153f9f in Fprogn (args=138175541) at eval.c:449
#5  0x08153db2 in Feval (form=138180437) at eval.c:2271
#6  0x08153db2 in Feval (form=138182397) at eval.c:2271
#7  0x0816c429 in readevalloop (readcharfun=137994313, stream=0x83c2088, 
sourcename=138157243, evalfun=0x8153820 <Feval>, printflag=0,
     unibyte=137926857, readfun=137926857, start=137926857, 
end=137926857) at lread.c:1559
#8  0x0816da7c in Fload (file=Variable "file" is not available.
) at lread.c:1027
#9  0x08153c39 in Feval (form=137911717) at eval.c:2338
#10 0x080f3ab3 in top_level_2 () at keyboard.c:1339
#11 0x0815316b in internal_condition_case (bfun=0x80f3aa0 <top_level_2>, 
handlers=137972361, hfun=0x80f71c0 <cmd_error>) at eval.c:1484
#12 0x080f65b1 in top_level_1 () at keyboard.c:1347
#13 0x0815322c in internal_catch (tag=137968545, func=0x80f6580 
<top_level_1>, arg=137926857) at eval.c:1224
#14 0x080f6fea in command_loop () at keyboard.c:1304
#15 0x080f7398 in recursive_edit_1 () at keyboard.c:1007
#16 0x080f7485 in Frecursive_edit () at keyboard.c:1068
#17 0x080ed362 in main (argc=Cannot access memory at address 0xa1c00
) at emacs.c:1770


Here is only the relevant information (to me, the other information is 
clueless since the problem occurs during emacs build) you requested:

In GNU Emacs 22.2.1 (i686-pc-linux-gnu, X toolkit)
  of 2008-06-26 on lxhesf01
Windowing system distributor `The XFree86 Project, Inc', version 
11.0.40300000
configured using `configure  '--prefix=/tmp/esf_emacs-22.2/generated' 
'--exec-prefix=/tmp/esf_emacs-22.2/generated/libexec/emacs-22.2' 
'--mandir=/tmp/esf_emacs-22.2/generated/man' '--with-xpm' 'CFLAGS=-g 
-O2' 'LDFLAGS= 
-L/tmp/esf_emacs-22.2/generated/work/emacs-22.2/xpm-3.4k/lib' 
'CPPFLAGS=-I/tmp/esf_emacs-22.2/generated/work/emacs-22.2/xpm-3.4k ''

Important settings:
   value of $LC_ALL: nil
   value of $LC_COLLATE: nil
   value of $LC_CTYPE: nil
   value of $LC_MESSAGES: nil
   value of $LC_MONETARY: nil
   value of $LC_NUMERIC: nil
   value of $LC_TIME: nil
   value of $LANG: C
   locale-coding-system: nil
   default-enable-multibyte-characters: nil


Hope this information will help.
Also note that the problem seems to appear randomly so you might have to 
run the installation several times if you need to reproduce the problem.


Thanks for your concern.

Regards,
Pierre-Louis ESCOUFLAIRE

____

This message and any files transmitted with it are legally privileged and intended for the sole use of the individual(s) or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by reply and delete the message and any attachments from your system. Any unauthorised use or disclosure of the content of this message is strictly prohibited and may be unlawful.

Nothing in this e-mail message amounts to a contractual or legal commitment on the part of EUROCONTROL, unless it is confirmed by appropriately signed hard copy.

Any views expressed in this message are those of the sender.

bug#443: [Fwd: emacs installation - segmentation fault during unexec]

[Sven Joachim]

On 2008-06-26 09:59 +0200, esf@cfmu.eurocontrol.int wrote:

> Anyway, I tried again with emacs-22.2 and the same problem occurs with
> approximatively the same backtrace, i.e:
>
> #0  0x0026a17c in memcpy () from /lib/tls/libc.so.6
> #1  0x0817d5a6 in unexec (new_name=0x857d414
> "/tmp/esf_emacs-22.2/generated/work/emacs-22.2/src/emacs",
>     old_name=0x857d450
> "/tmp/esf_emacs-22.2/generated/work/emacs-22.2/src/temacs",
> data_start=137491440, bss_start=0, entry_address=0)
>     at unexelf.c:951

Which is your kernel version and what is the value of
/proc/sys/kernel/randomize_va_space?

> Also note that the problem seems to appear randomly so you might have
> to run the installation several times if you need to reproduce the
> problem.

Yes, this is random by nature.  Linux 2.6.25 added a feature called
"brk() randomization" that is enabled if
/proc/sys/kernel/randomize_va_space has the value 2, which is the
default unless you built your kernel with CONFIG_COMPAT_BRK=y.

Setting that value to 1, the default from 2.6.12(?) to 2.6.24, should
make the crashes disappear.  Note that a value of 2 is generally
recommended for security reasons.

See also the section "Dumping" in etc/PROBLEMS for related problems.

Sven

bug#900: temacs segmentation fault in unexec under Linux 2.6.26

[Ulrich Mueller]

Package: emacs
Version: 22.3

Building of Emacs 22.3 under Linux 2.6.26 sometimes fails with a
segmentation fault of temacs in unexec. Part of the build log and a
full backtrace are included at the end of this message.

I had already reported this problem (for Emacs 22.2.92) to emacs-devel
but got no reply:
<http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00165.html>

The problem is related to kernel heap randomisation,
see <http://lkml.org/lkml/2007/10/23/435>. It doesn't exist under
Linux 2.6.24 or earlier.


In GNU Emacs 22.3.1 (i686-pc-linux-gnu, GTK+ Version 2.12.11)
 of 2008-09-06 on a1iulm2
Windowing system distributor `The X.Org Foundation', version 11.0.10402000
configured using `configure  '--prefix=/usr'
 '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man'
 '--infodir=/usr/share/info' '--datadir=/usr/share'
 '--sysconfdir=/etc' '--localstatedir=/var/lib'
 '--program-suffix=-emacs-22' '--infodir=/usr/share/info/emacs-22'
 '--without-carbon' '--with-sound' '--with-x'
 '--without-toolkit-scroll-bars' '--with-jpeg' '--with-tiff'
 '--with-gif' '--with-png' '--with-xpm' '--with-x-toolkit=gtk'
 '--without-hesiod' '--with-kerberos' '--with-kerberos5'
 '--build=i686-pc-linux-gnu' 'build_alias=i686-pc-linux-gnu'
 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-march=pentium-m -g -O2 -pipe'
 'LDFLAGS=-Wl,-O1''


End of the build log:

LC_ALL=C ./temacs -batch -l loadup dump
Loading loadup.el (source)...
Using load-path (/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/lisp)
Loading emacs-lisp/byte-run...
Loading emacs-lisp/backquote...
Loading subr...
Loading version.el (source)...
Loading widget...
Loading custom...
Loading emacs-lisp/map-ynp...
Loading env...
Loading cus-start...
Loading international/mule...
Loading international/mule-conf.el (source)...
Loading format...
Loading bindings...
Loading files...
Loading cus-face...
Loading faces...
Loading button...
Loading startup...
Lists of integers (garbage collection statistics) are normal output
while building Emacs; they do not indicate a problem.
((11177 . 8431) (4849 . 0) (578 . 6) 16345 20225 (11 . 7) (17 . 0) (832 . 2381))
Loading loaddefs.el (source)...
((29161 . 11860) (7821 . 0) (587 . 10) 42301 20225 (37 . 33) (17 . 0) (3704 . 1462))
Loading simple...
Loading help...
Loading jka-cmpr-hook...
Loading international/mule-cmds...
Loading case-table...
Loading international/utf-8...
Loading international/utf-16...
Loading international/characters...
Loading international/latin-1.el (source)...
Loading international/latin-2.el (source)...
Loading international/latin-3.el (source)...
Loading international/latin-4.el (source)...
Loading international/latin-5.el (source)...
Loading international/latin-8.el (source)...
Loading international/latin-9.el (source)...
Loading language/chinese...
Loading language/cyrillic...
Loading language/indian...
Loading language/devanagari.el (source)...
Loading language/malayalam.el (source)...
Loading language/tamil.el (source)...
Loading language/kannada.el (source)...
Loading language/english.el (source)...
Loading language/ethiopic...
Loading language/european...
Loading language/czech.el (source)...
Loading language/slovak.el (source)...
Loading language/romanian.el (source)...
Loading language/greek.el (source)...
Loading language/hebrew.el (source)...
Loading language/japanese.el (source)...
Loading language/korean.el (source)...
Loading language/lao.el (source)...
Loading language/thai.el (source)...
Loading language/tibetan...
Loading language/vietnamese...
Loading language/misc-lang.el (source)...
Loading language/utf-8-lang.el (source)...
Loading language/georgian.el (source)...
Loading international/ucs-tables...
Loading indent...
Loading window...
Loading frame...
Loading term/tty-colors...
Loading font-core...
Loading facemenu...
Loading emacs-lisp/syntax...
Loading font-lock...
Loading jit-lock...
Loading mouse...
Loading scroll-bar...
Loading select...
Loading emacs-lisp/timer...
Loading isearch...
Loading rfn-eshadow...
((49507 . 18627) (10733 . 0) (622 . 92) 64080 164411 (67 . 4) (18 . 12) (4997 . 1681))
Loading menu-bar...
Loading paths.el (source)...
Loading emacs-lisp/lisp...
Loading textmodes/page...
Loading register...
Loading textmodes/paragraphs...
Loading emacs-lisp/lisp-mode...
Loading textmodes/text-mode...
Loading textmodes/fill...
((55968 . 12166) (11261 . 0) (624 . 90) 76368 166081 (67 . 4) (18 . 12) (5507 . 1801))
Loading replace...
Loading abbrev...
Loading buff-menu...
Loading fringe...
Loading image...
Loading international/fontset...
Loading dnd...
Loading mwheel...
Loading tool-bar...
Loading x-dnd...
((57901 . 10233) (11774 . 0) (625 . 89) 77920 166663 (69 . 8) (18 . 12) (5601 . 1581))
Loading emacs-lisp/float-sup...
((57933 . 10201) (11778 . 0) (625 . 89) 78085 166663 (70 . 9) (18 . 12) (5606 . 1576))
Loading vc-hooks...
Loading ediff-hook...
Loading tooltip...
((59259 . 8875) (11935 . 0) (626 . 88) 79285 166714 (72 . 7) (18 . 12) (5676 . 1506))
Finding pointers to doc strings...
Finding pointers to doc strings...done
Dumping under names emacs and emacs-22.3.1
make[1]: *** [emacs] Segmentation fault (core dumped)
make[1]: *** Deleting file `emacs'
make[1]: Leaving directory `/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src'
make: *** [src] Error 2


Backtrace:

GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
Really redefine built-in command "frame"? (y or n) [answered Y; input not from terminal]
Really redefine built-in command "thread"? (y or n) [answered Y; input not from terminal]
Really redefine built-in command "start"? (y or n) [answered Y; input not from terminal]
Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...done.
Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0
Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...done.
Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0
Reading symbols from /usr/lib/libatk-1.0.so.0...done.
Loaded symbols for /usr/lib/libatk-1.0.so.0
Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...done.
Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0
Reading symbols from /usr/lib/libpangocairo-1.0.so.0...done.
Loaded symbols for /usr/lib/libpangocairo-1.0.so.0
Reading symbols from /usr/lib/libpango-1.0.so.0...done.
Loaded symbols for /usr/lib/libpango-1.0.so.0
Reading symbols from /usr/lib/libcairo.so.2...done.
Loaded symbols for /usr/lib/libcairo.so.2
Reading symbols from /usr/lib/libgobject-2.0.so.0...done.
Loaded symbols for /usr/lib/libgobject-2.0.so.0
Reading symbols from /usr/lib/libgmodule-2.0.so.0...done.
Loaded symbols for /usr/lib/libgmodule-2.0.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /usr/lib/libglib-2.0.so.0...done.
Loaded symbols for /usr/lib/libglib-2.0.so.0
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libSM.so.6...done.
Loaded symbols for /usr/lib/libSM.so.6
Reading symbols from /usr/lib/libICE.so.6...done.
Loaded symbols for /usr/lib/libICE.so.6
Reading symbols from /usr/lib/libtiff.so.3...done.
Loaded symbols for /usr/lib/libtiff.so.3
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /usr/lib/libpng12.so.0...done.
Loaded symbols for /usr/lib/libpng12.so.0
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/lib/libgif.so.4...done.
Loaded symbols for /usr/lib/libgif.so.4
Reading symbols from /usr/lib/libXpm.so.4...done.
Loaded symbols for /usr/lib/libXpm.so.4
Reading symbols from /usr/lib/libX11.so.6...done.
Loaded symbols for /usr/lib/libX11.so.6
Reading symbols from /usr/lib/libXft.so.2...done.
Loaded symbols for /usr/lib/libXft.so.2
Reading symbols from /usr/lib/libXrender.so.1...done.
Loaded symbols for /usr/lib/libXrender.so.1
Reading symbols from /usr/lib/libfontconfig.so.1...done.
Loaded symbols for /usr/lib/libfontconfig.so.1
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/libfreetype.so.6
Reading symbols from /usr/lib/libasound.so.2...done.
Loaded symbols for /usr/lib/libasound.so.2
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libuuid.so.1...done.
Loaded symbols for /lib/libuuid.so.1
Reading symbols from /usr/lib/libXrandr.so.2...done.
Loaded symbols for /usr/lib/libXrandr.so.2
Reading symbols from /usr/lib/libXcursor.so.1...done.
Loaded symbols for /usr/lib/libXcursor.so.1
Reading symbols from /usr/lib/libpangoft2-1.0.so.0...done.
Loaded symbols for /usr/lib/libpangoft2-1.0.so.0
Reading symbols from /usr/lib/libXcomposite.so.1...done.
Loaded symbols for /usr/lib/libXcomposite.so.1
Reading symbols from /usr/lib/libXdamage.so.1...done.
Loaded symbols for /usr/lib/libXdamage.so.1
Reading symbols from /usr/lib/libXfixes.so.3...done.
Loaded symbols for /usr/lib/libXfixes.so.3
Reading symbols from /usr/lib/libexpat.so.1...done.
Loaded symbols for /usr/lib/libexpat.so.1
Reading symbols from /usr/lib/libdirectfb-1.2.so.0...done.
Loaded symbols for /usr/lib/libdirectfb-1.2.so.0
Reading symbols from /usr/lib/libfusion-1.2.so.0...done.
Loaded symbols for /usr/lib/libfusion-1.2.so.0
Reading symbols from /usr/lib/libdirect-1.2.so.0...done.
Loaded symbols for /usr/lib/libdirect-1.2.so.0
Reading symbols from /usr/lib/libglitz-glx.so.1...done.
Loaded symbols for /usr/lib/libglitz-glx.so.1
Reading symbols from /usr/lib/libglitz.so.1...done.
Loaded symbols for /usr/lib/libglitz.so.1
Reading symbols from /usr/lib/opengl/xorg-x11/lib/libGL.so.1...done.
Loaded symbols for //usr//lib/opengl/xorg-x11/lib/libGL.so.1
Reading symbols from /usr/lib/libXmu.so.6...done.
Loaded symbols for /usr/lib/libXmu.so.6
Reading symbols from /usr/lib/libXt.so.6...done.
Loaded symbols for /usr/lib/libXt.so.6
Reading symbols from /usr/lib/libXext.so.6...done.
Loaded symbols for /usr/lib/libXext.so.6
Reading symbols from /usr/lib/libXi.so.6...done.
Loaded symbols for /usr/lib/libXi.so.6
Reading symbols from /usr/lib/libXau.so.6...done.
Loaded symbols for /usr/lib/libXau.so.6
Reading symbols from /usr/lib/libXdmcp.so.6...done.
Loaded symbols for /usr/lib/libXdmcp.so.6
Reading symbols from /usr/lib/libpixman-1.so.0...done.
Loaded symbols for /usr/lib/libpixman-1.so.0
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libjbig.so...done.
Loaded symbols for /usr/lib/libjbig.so
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /usr/lib/libXxf86vm.so.1...done.
Loaded symbols for /usr/lib/libXxf86vm.so.1
Reading symbols from /usr/lib/libdrm.so.2...done.
Loaded symbols for /usr/lib/libdrm.so.2
Core was generated by `./temacs -batch -l loadup dump'.
Program terminated with signal 11, Segmentation fault.
[New process 30599]
#0  0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951
951		  memcpy (NEW_SECTION_H (nn).sh_offset + new_base,
DISPLAY = :0.0
TERM = xterm
Breakpoint 1 at 0x80fcb26: file emacs.c, line 432.
Breakpoint 2 at 0x8117246: file sysdep.c, line 1386.
gdb> bt full
#0  0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951
	src = <value optimized out>
	new_file = 0x5
	old_file = 0x4
	old_base = 0x2b890000 "\177ELF\001\001\001"
	new_base = 0x2be8c000 "\177ELF\001\001\001"
	old_file_h = <value optimized out>
	new_file_h = <value optimized out>
	new_program_h = (Elf32_Phdr *) 0x2be8c034
	old_section_h = (Elf32_Shdr *) 0x2be51c10
	new_section_h = (Elf32_Shdr *) 0x2c7eb530
	old_section_names = 0x2be51adb ""
	old_bss_addr = 0x82eb6e0
	new_bss_addr = <value optimized out>
	old_bss_size = <value optimized out>
	new_data2_size = 0x39d920
	new_data2_offset = 0x2a26e0
	n = 0x15
	nn = 0x15
	old_bss_index = 0x15
	old_sbss_index = 0xffffffff
	old_plt_index = 0xffffffff
	old_data_index = 0x14
	new_data2_index = 0x15
	stat_buf = {
  st_dev = 0x307, 
  __pad1 = 0x0, 
  __st_ino = 0x4264, 
  st_mode = 0x81ed, 
  st_nlink = 0x1, 
  st_uid = 0x1357, 
  st_gid = 0x119e, 
  st_rdev = 0x0, 
  __pad2 = 0x0, 
  st_size = 0x5fb6c6, 
  st_blksize = 0x1000, 
  st_blocks = 0x2ff8, 
  st_atim = {
    tv_sec = 0x48c1ef81, 
    tv_nsec = 0x0
  }, 
  st_mtim = {
    tv_sec = 0x48c1ef82, 
    tv_nsec = 0x0
  }, 
  st_ctim = {
    tv_sec = 0x48c1ef82, 
    tv_nsec = 0x0
  }, 
  st_ino = 0x4264
}
#1  0x080fc5bd in Fdump_emacs (filename=0x8680308, symfile=0x868048b) at emacs.c:2286
	tem = 0x842d8f9
	symbol = <value optimized out>
#2  0x0816b541 in Feval (form=0x846a175) at eval.c:2327
	numargs = <value optimized out>
	argvals = {0x868049b, 0x868048b, 0x0, 0x842dcb8, 0x7f84ed70, 0x7f84ecf8, 0x7f84ecc0, 0x2}
	args_left = 0x842d8c9
	i = 0x2
	fun = <value optimized out>
	val = <value optimized out>
	original_fun = <value optimized out>
	original_args = 0x846a15d
	funcar = <value optimized out>
	backtrace = {
  next = 0x7f84ed80, 
  function = 0x7f84ed08, 
  args = 0x7f84ecd0, 
  nargs = 0x2, 
  evalargs = 0x1, 
  debug_on_exit = 0x0
}
#3  0x0816b7ff in Fprogn (args=0x348) at eval.c:449
	val = 0xd8000
#4  0x0816b5ff in Feval (form=0x846b765) at eval.c:2271
	numargs = 0x348
	argvals = {0x42d8f9, 0x842bb15, 0x0, 0x7f84ee18, 0x7f84ee00, 0x7f84ed88, 0x7f84ed84, 0xffffffff}
	args_left = 0x846b60d
	i = <value optimized out>
	fun = <value optimized out>
	val = <value optimized out>
	original_fun = <value optimized out>
	original_args = 0x846b60d
	funcar = <value optimized out>
	backtrace = {
  next = 0x7f84ee00, 
  function = 0x7f84ed98, 
  args = 0x7f84ed94, 
  nargs = 0xffffffff, 
  evalargs = 0x0, 
  debug_on_exit = 0x0
}
#5  0x0816b5ff in Feval (form=0x842b97d) at eval.c:2271
	numargs = 0x348
	argvals = {0x846b765, 0x842d8c9, 0x7f84ee28, 0x8180a18, 0x8465c58, 0x843dc19, 0x7f84ee28, 0x816844f}
	args_left = 0x846b76d
	i = <value optimized out>
	fun = <value optimized out>
	val = <value optimized out>
	original_fun = <value optimized out>
	original_args = 0x846b76d
	funcar = <value optimized out>
	backtrace = {
  next = 0x7f84f220, 
  function = 0x7f84ee18, 
  args = 0x7f84ee14, 
  nargs = 0xffffffff, 
  evalargs = 0x0, 
  debug_on_exit = 0x0
}
#6  0x0818364c in readevalloop (readcharfun=0x843dc19, stream=0x8465c58, sourcename=0x84658ab, evalfun=0x816b040 <Feval>, printflag=0x0, unibyte=0x842d8c9, readfun=0x842d8c9, start=0x842d8c9, end=0x842d8c9) at lread.c:1559
	c = <value optimized out>
	val = 0x842b97d
	b = (struct buffer *) 0x0
	continue_reading_p = 0x1
	whole_buffer = 0x0
	first_sexp = 0x0
#7  0x08184947 in Fload (file=0x846582b, noerror=0x842d8c9, nomessage=0x842d8c9, nosuffix=0x842d8c9, must_suffix=0x842d8c9) at lread.c:1027
	stream = <value optimized out>
	fd = 0x3
	found = <value optimized out>
	efound = <value optimized out>
	hist_file_name = 0x84658ab
	newer = 0x0
	compiled = 0x0
	handler = <value optimized out>
	safe_p = 0x1
	tmp = {0x842d8c9, 0x846589b}
#8  0x0816b4e7 in Feval (form=0x842a385) at eval.c:2338
	numargs = <value optimized out>
	argvals = {0x846582b, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0xb, 0x0, 0x0}
	args_left = 0x842d8c9
	i = 0x5
	fun = <value optimized out>
	val = <value optimized out>
	original_fun = <value optimized out>
	original_args = 0x842a37d
	funcar = <value optimized out>
	backtrace = {
  next = 0x0, 
  function = 0x7f84f238, 
  args = 0x7f84f200, 
  nargs = 0x1, 
  evalargs = 0x1, 
  debug_on_exit = 0x0
}
#9  0x08104403 in top_level_2 () at keyboard.c:1339
No locals.
#10 0x08168fa2 in internal_condition_case (bfun=0x81043f0 <top_level_2>, handlers=0x8438a89, hfun=0x8107f80 <cmd_error>) at eval.c:1484
	val = <value optimized out>
	c = {
  tag = 0x842d8c9, 
  val = 0x842d8c9, 
  next = 0x7f84f380, 
  gcpro = 0x0, 
  jmp = {{
      __jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f348, 0x884af267, 0xacb0f488}, 
      __mask_was_saved = 0x0, 
      __saved_mask = {
        __val = {0x7f84f340, 0x2aac7658, 0x804f59a, 0xa8428197, 0x0, 0x0, 0xb <repeats 18 times>, 0x2b4d4c2c, 0x2b318a90, 0xb, 0x69cb120, 0x2aac6fc4, 0x2aac7658, 0x1, 0x7f84f350}
      }
    }}, 
  backlist = 0x0, 
  handlerlist = 0x0, 
  lisp_eval_depth = 0x0, 
  pdlcount = 0x2, 
  poll_suppress_count = 0x1, 
  interrupt_input_blocked = 0x0, 
  byte_stack = 0x0
}
	h = {
  handler = 0x8438a89, 
  var = 0x842d8c9, 
  chosen_clause = 0x1, 
  tag = 0x7f84f26c, 
  next = 0x0
}
#11 0x0810737e in top_level_1 () at keyboard.c:1347
No locals.
#12 0x0816907c in internal_catch (tag=0x8437ba1, func=0x8107330 <top_level_1>, arg=0x842d8c9) at eval.c:1224
	c = {
  tag = 0x8437ba1, 
  val = 0x842d8c9, 
  next = 0x0, 
  gcpro = 0x0, 
  jmp = {{
      __jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f448, 0x8848d267, 0xac8eec88}, 
      __mask_was_saved = 0x0, 
      __saved_mask = {
        __val = {0xb, 0xb, 0xb, 0xb, 0x81d92e0, 0xa, 0x7d0, 0x7f84f3e8, 0x8151e5b, 0x84627cc, 0x82defc1, 0xa, 0x845ada0, 0x8435540, 0x845ada1, 0x7f84f428, 0x815a9a6, 0x845ada1, 0x845a37a, 0x842d8c9, 0x8435540, 0x9, 0x9, 0x842d8e1, 0x2, 0x845a378, 0x845a37a, 0x9, 0x0, 0x845ada1, 0x1, 0x7f84f468}
      }
    }}, 
  backlist = 0x0, 
  handlerlist = 0x0, 
  lisp_eval_depth = 0x0, 
  pdlcount = 0x2, 
  poll_suppress_count = 0x1, 
  interrupt_input_blocked = 0x0, 
  byte_stack = 0x0
}
#13 0x08107dba in command_loop () at keyboard.c:1304
No locals.
#14 0x08108157 in recursive_edit_1 () at keyboard.c:1007
	val = <value optimized out>
#15 0x08108249 in Frecursive_edit () at keyboard.c:1068
	buffer = <value optimized out>
#16 0x080fd96f in main (argc=0x5, argv=0x7f84f864) at emacs.c:1770
	dummy = 0x7f84f7b8
	stack_bottom_variable = 0x8
	do_initial_setlocale = <value optimized out>
	skip_args = 0x3
	rlim = {
  rlim_cur = 0xffffffffffffffff, 
  rlim_max = 0xffffffffffffffff
}
	no_loadup = 0x0
	junk = 0x0

Lisp Backtrace:
"dump-emacs" (0x868049b)
"if" (0x846b60d)
"if" (0x846b76d)
"load" (0x846582b)
gdb> 

bug#900: temacs segmentation fault in unexec under Linux 2.6.26

[Ulrich Mueller]

Tags: patch

I guess the issue boils down to the fact that testing for
(heap_bss_diff > MAX_HEAP_BSS_DIFF) is not a reliable method to
determine if heap randomisation is switched on. "heap_bss_diff" is
random in nature, and will therefore be smaller than MAX_HEAP_BSS_DIFF
in some cases. These lead to the observed segmentation faults.

Here is an attempt of a patch, asking the kernel (via /proc fs) for
the presence of the feature. I've also made the definition of
ADDR_NO_RANDOMIZE conditional, since it is already defined in newer
versions of personality.h.

Patch was tested with 22.3, but also applies cleanly to the CVS trunk
of today.


*** emacs-orig/src/emacs.c	2008-05-12 21:55:52.000000000 +0200
--- emacs/src/emacs.c	2008-09-09 16:26:52.000000000 +0200
***************
*** 73,78 ****
--- 73,81 ----
  
  #ifdef HAVE_PERSONALITY_LINUX32
  #include <sys/personality.h>
+ #ifndef ADDR_NO_RANDOMIZE
+ #define ADDR_NO_RANDOMIZE 0x0040000
+ #endif
  #endif
  
  #ifndef O_RDWR
***************
*** 789,794 ****
--- 792,817 ----
    return count >= 3 ? REPORT_EMACS_BUG_PRETEST_ADDRESS : REPORT_EMACS_BUG_ADDRESS;
  }
  
+ #ifdef HAVE_PERSONALITY_LINUX32
+ /* Get the `randomize_va_space' parameter. A value of 2 (introduced
+    in Linux 2.6.25) indicates that brk() randomization is switched on,
+    which will break unexec. See <http://lkml.org/lkml/2007/10/23/435>. */
+ static int
+ linux_randomize_va_space ()
+ {
+   FILE *fp;
+   int rand, count;
+ 
+   fp = fopen ("/proc/sys/kernel/randomize_va_space", "r");
+   if (!fp)
+     return -1;
+   count = fscanf (fp, "%d", &rand);
+   (void) fclose (fp);
+   if (count != 1)
+     return -1;
+   return rand;
+ }
+ #endif /* HAVE_PERSONALITY_LINUX32 */
  
  /* ARGSUSED */
  int
***************
*** 883,906 ****
    if (!initialized
        && (strcmp (argv[argc-1], "dump") == 0
            || strcmp (argv[argc-1], "bootstrap") == 0)
!       && heap_bss_diff > MAX_HEAP_BSS_DIFF)
      {
!       if (! getenv ("EMACS_HEAP_EXEC"))
!         {
!           /* Set this so we only do this once.  */
!           putenv("EMACS_HEAP_EXEC=true");
! 
! 	  /* A flag to turn off address randomization which is introduced
! 	   in linux kernel shipped with fedora core 4 */
! #define ADD_NO_RANDOMIZE 0x0040000
! 	  personality (PER_LINUX32 | ADD_NO_RANDOMIZE);
! #undef  ADD_NO_RANDOMIZE
! 
!           execvp (argv[0], argv);
! 
!           /* If the exec fails, try to dump anyway.  */
!           perror ("execvp");
!         }
      }
  #endif /* HAVE_PERSONALITY_LINUX32 */
  
--- 906,925 ----
    if (!initialized
        && (strcmp (argv[argc-1], "dump") == 0
            || strcmp (argv[argc-1], "bootstrap") == 0)
!       && !getenv ("EMACS_HEAP_EXEC")
!       && (heap_bss_diff > MAX_HEAP_BSS_DIFF
! 	  || linux_randomize_va_space() >= 2))
      {
!       /* Set this so we only do this once.  */
!       putenv("EMACS_HEAP_EXEC=true");
! 
!       /* Set personality and disable randomization of VA space. */
!       personality (PER_LINUX32 | ADDR_NO_RANDOMIZE);
! 
!       execvp (argv[0], argv);
! 
!       /* If the exec fails, try to dump anyway.  */
!       perror ("execvp");
      }
  #endif /* HAVE_PERSONALITY_LINUX32 */
  

bug#443: marked as done ([Fwd: emacs installation - segmentation fault during unexec])

[Emacs bug Tracking System]

[-- Attachment #1: Type: text/plain, Size: 874 bytes --]


Your message dated Thu, 23 Oct 2008 18:18:59 -0400
with message-id <874p33rm3w.fsf@cyd.mit.edu>
and subject line Re: temacs segmentation fault in unexec under Linux 2.6.26 
has caused the Emacs bug report #443,
regarding [Fwd: emacs installation - segmentation fault during unexec]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact don@donarmstrong.com
immediately.)


-- 
443: http://emacsbugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=443
Emacs Bug Tracking System
Contact don@donarmstrong.com with problems

[-- Attachment #2: Type: message/rfc822, Size: 6242 bytes --]

From: esf@cfmu.eurocontrol.int
To: bug-gnu-emacs@gnu.org
Subject: [Fwd: emacs installation - segmentation fault during unexec]
Date: Wed, 18 Jun 2008 16:24:40 +0200
Message-ID: <48591AA8.5090103@cfmu.eurocontrol.int>

Sorry,

My previous message could not be sent because of mailbox limitation.
The attached file is worth 12MB.

Is there anywhere I can send it ?
If not, here is the backtrace:

(gdb) bt
#0  0x0063c17c in memcpy () from /lib/tls/libc.so.6
#1  0x0817cb56 in unexec (
     new_name=0x85e9e94 
"/tmp/esf_emacs-22.1/generated/work/emacs-22.1/src/emacs",
     old_name=0x85e9ed0 
"/tmp/esf_emacs-22.1/generated/work/emacs-22.1/src/temacs", 
data_start=137480080, bss_start=0, entry_address=0) at unexelf.c:950
#2  0x080eb898 in Fdump_emacs (filename=140594875, symfile=140594859)
     at emacs.c:2277
#3  0x0815326a in Feval (form=138374717) at eval.c:2331
#4  0x0815363f in Fprogn (args=138375061) at eval.c:447
#5  0x08153452 in Feval (form=138379957) at eval.c:2275
#6  0x08153452 in Feval (form=138381677) at eval.c:2275
#7  0x0816ba89 in readevalloop (readcharfun=138194961, stream=0x83f3080,
     sourcename=138356763, evalfun=0x8152ec0 <Feval>, printflag=0,
     unibyte=138127561, readfun=138127561, start=138127561, end=138127561)
     at lread.c:1543
#8  0x0816d05c in Fload (file=Variable "file" is not available.
) at lread.c:1009
#9  0x081532d9 in Feval (form=138112413) at eval.c:2342
#10 0x080f3253 in top_level_2 () at keyboard.c:1338
#11 0x0815280b in internal_condition_case (bfun=0x80f3240 <top_level_2>,
     handlers=138173017, hfun=0x80f6960 <cmd_error>) at eval.c:1481
#12 0x080f5d51 in top_level_1 () at keyboard.c:1346
#13 0x081528cc in internal_catch (tag=138166201,
     func=0x80f5d20 <top_level_1>, arg=138127561) at eval.c:1222
#14 0x080f678a in command_loop () at keyboard.c:1303
#15 0x080f6b38 in recursive_edit_1 () at keyboard.c:1006
#16 0x080f6c25 in Frecursive_edit () at keyboard.c:1067
#17 0x080ecb92 in main (argc=Cannot access memory at address 0xaf800
) at emacs.c:1762
(gdb)



Forgot to indicate that emacs-version is 22.1.1


Thanks for your concern.

Regards,
Pierre-Louis ESCOUFLAIRE


-------- Original Message --------
Subject: emacs installation - segmentation fault during unexec
Date: Wed, 18 Jun 2008 15:40:15 +0200
From: esf@cfmu.eurocontrol.int
To: bug-gnu-emacs@gnu.org


Please write in English if possible, because the Emacs maintainers
usually do not have translators to read other languages for them.

Your bug report will be posted to the bug-gnu-emacs@gnu.org mailing
list, and to the gnu.emacs.bug news group.

Please describe exactly what actions triggered the bug
and the precise symptoms of the bug:



Emacs build core-dumped during unexec() / memcopy().
See attached file 'emacs-22.1-with_coredump.tar.gz'.

The archive contains the coredump at  'emacs-22.1/src/core.433'.
The coredump was generated from       'emacs-22.1/src/temacs'
                     with command       'temacs -batch -l loadup dump'.
More information can be found in      'emacs/pkg_*.log'.

Unfortunately, the bug seems to appear randomly.
I hope the given information is enough.


Thanks for your concern.

Regards,
Pierre-Louis ESCOUFLAIRE


____

This message and any files transmitted with it are legally privileged and intended for the sole use of the individual(s) or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by reply and delete the message and any attachments from your system. Any unauthorised use or disclosure of the content of this message is strictly prohibited and may be unlawful.

Nothing in this e-mail message amounts to a contractual or legal commitment on the part of EUROCONTROL, unless it is confirmed by appropriately signed hard copy.

Any views expressed in this message are those of the sender.





[-- Attachment #3: Type: message/rfc822, Size: 998 bytes --]

From: Chong Yidong <cyd@stupidchicken.com>
To: 443-done@emacsbugs.donarmstrong.com, 900-done@emacsbugs.donarmstrong.com
Subject: Re: temacs segmentation fault in unexec under Linux 2.6.26
Date: Thu, 23 Oct 2008 18:18:59 -0400
Message-ID: <874p33rm3w.fsf@cyd.mit.edu>

Since Jan has fixed this in the trunk (2008-10-21 checkin), I'm closing
this bug.

bug#900: marked as done (temacs segmentation fault in unexec under Linux 2.6.26)

[Emacs bug Tracking System]

[-- Attachment #1: Type: text/plain, Size: 868 bytes --]


Your message dated Thu, 23 Oct 2008 18:18:59 -0400
with message-id <874p33rm3w.fsf@cyd.mit.edu>
and subject line Re: temacs segmentation fault in unexec under Linux 2.6.26 
has caused the Emacs bug report #443,
regarding temacs segmentation fault in unexec under Linux 2.6.26
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact don@donarmstrong.com
immediately.)


-- 
443: http://emacsbugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=443
Emacs Bug Tracking System
Contact don@donarmstrong.com with problems

[-- Attachment #2: Type: message/rfc822, Size: 21071 bytes --]

From: Ulrich Mueller <ulm@gentoo.org>
To: bug-gnu-emacs@gnu.org
Cc: emacs@gentoo.org
Subject: temacs segmentation fault in unexec under Linux 2.6.26
Date: Sat, 6 Sep 2008 05:39:15 +0200
Message-ID: <18625.64355.215907.350751@a1i15.kph.uni-mainz.de>

Package: emacs
Version: 22.3

Building of Emacs 22.3 under Linux 2.6.26 sometimes fails with a
segmentation fault of temacs in unexec. Part of the build log and a
full backtrace are included at the end of this message.

I had already reported this problem (for Emacs 22.2.92) to emacs-devel
but got no reply:
<http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00165.html>

The problem is related to kernel heap randomisation,
see <http://lkml.org/lkml/2007/10/23/435>. It doesn't exist under
Linux 2.6.24 or earlier.


In GNU Emacs 22.3.1 (i686-pc-linux-gnu, GTK+ Version 2.12.11)
 of 2008-09-06 on a1iulm2
Windowing system distributor `The X.Org Foundation', version 11.0.10402000
configured using `configure  '--prefix=/usr'
 '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man'
 '--infodir=/usr/share/info' '--datadir=/usr/share'
 '--sysconfdir=/etc' '--localstatedir=/var/lib'
 '--program-suffix=-emacs-22' '--infodir=/usr/share/info/emacs-22'
 '--without-carbon' '--with-sound' '--with-x'
 '--without-toolkit-scroll-bars' '--with-jpeg' '--with-tiff'
 '--with-gif' '--with-png' '--with-xpm' '--with-x-toolkit=gtk'
 '--without-hesiod' '--with-kerberos' '--with-kerberos5'
 '--build=i686-pc-linux-gnu' 'build_alias=i686-pc-linux-gnu'
 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-march=pentium-m -g -O2 -pipe'
 'LDFLAGS=-Wl,-O1''


End of the build log:

LC_ALL=C ./temacs -batch -l loadup dump
Loading loadup.el (source)...
Using load-path (/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/lisp)
Loading emacs-lisp/byte-run...
Loading emacs-lisp/backquote...
Loading subr...
Loading version.el (source)...
Loading widget...
Loading custom...
Loading emacs-lisp/map-ynp...
Loading env...
Loading cus-start...
Loading international/mule...
Loading international/mule-conf.el (source)...
Loading format...
Loading bindings...
Loading files...
Loading cus-face...
Loading faces...
Loading button...
Loading startup...
Lists of integers (garbage collection statistics) are normal output
while building Emacs; they do not indicate a problem.
((11177 . 8431) (4849 . 0) (578 . 6) 16345 20225 (11 . 7) (17 . 0) (832 . 2381))
Loading loaddefs.el (source)...
((29161 . 11860) (7821 . 0) (587 . 10) 42301 20225 (37 . 33) (17 . 0) (3704 . 1462))
Loading simple...
Loading help...
Loading jka-cmpr-hook...
Loading international/mule-cmds...
Loading case-table...
Loading international/utf-8...
Loading international/utf-16...
Loading international/characters...
Loading international/latin-1.el (source)...
Loading international/latin-2.el (source)...
Loading international/latin-3.el (source)...
Loading international/latin-4.el (source)...
Loading international/latin-5.el (source)...
Loading international/latin-8.el (source)...
Loading international/latin-9.el (source)...
Loading language/chinese...
Loading language/cyrillic...
Loading language/indian...
Loading language/devanagari.el (source)...
Loading language/malayalam.el (source)...
Loading language/tamil.el (source)...
Loading language/kannada.el (source)...
Loading language/english.el (source)...
Loading language/ethiopic...
Loading language/european...
Loading language/czech.el (source)...
Loading language/slovak.el (source)...
Loading language/romanian.el (source)...
Loading language/greek.el (source)...
Loading language/hebrew.el (source)...
Loading language/japanese.el (source)...
Loading language/korean.el (source)...
Loading language/lao.el (source)...
Loading language/thai.el (source)...
Loading language/tibetan...
Loading language/vietnamese...
Loading language/misc-lang.el (source)...
Loading language/utf-8-lang.el (source)...
Loading language/georgian.el (source)...
Loading international/ucs-tables...
Loading indent...
Loading window...
Loading frame...
Loading term/tty-colors...
Loading font-core...
Loading facemenu...
Loading emacs-lisp/syntax...
Loading font-lock...
Loading jit-lock...
Loading mouse...
Loading scroll-bar...
Loading select...
Loading emacs-lisp/timer...
Loading isearch...
Loading rfn-eshadow...
((49507 . 18627) (10733 . 0) (622 . 92) 64080 164411 (67 . 4) (18 . 12) (4997 . 1681))
Loading menu-bar...
Loading paths.el (source)...
Loading emacs-lisp/lisp...
Loading textmodes/page...
Loading register...
Loading textmodes/paragraphs...
Loading emacs-lisp/lisp-mode...
Loading textmodes/text-mode...
Loading textmodes/fill...
((55968 . 12166) (11261 . 0) (624 . 90) 76368 166081 (67 . 4) (18 . 12) (5507 . 1801))
Loading replace...
Loading abbrev...
Loading buff-menu...
Loading fringe...
Loading image...
Loading international/fontset...
Loading dnd...
Loading mwheel...
Loading tool-bar...
Loading x-dnd...
((57901 . 10233) (11774 . 0) (625 . 89) 77920 166663 (69 . 8) (18 . 12) (5601 . 1581))
Loading emacs-lisp/float-sup...
((57933 . 10201) (11778 . 0) (625 . 89) 78085 166663 (70 . 9) (18 . 12) (5606 . 1576))
Loading vc-hooks...
Loading ediff-hook...
Loading tooltip...
((59259 . 8875) (11935 . 0) (626 . 88) 79285 166714 (72 . 7) (18 . 12) (5676 . 1506))
Finding pointers to doc strings...
Finding pointers to doc strings...done
Dumping under names emacs and emacs-22.3.1
make[1]: *** [emacs] Segmentation fault (core dumped)
make[1]: *** Deleting file `emacs'
make[1]: Leaving directory `/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src'
make: *** [src] Error 2


Backtrace:

GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
Really redefine built-in command "frame"? (y or n) [answered Y; input not from terminal]
Really redefine built-in command "thread"? (y or n) [answered Y; input not from terminal]
Really redefine built-in command "start"? (y or n) [answered Y; input not from terminal]
Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...done.
Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0
Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...done.
Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0
Reading symbols from /usr/lib/libatk-1.0.so.0...done.
Loaded symbols for /usr/lib/libatk-1.0.so.0
Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...done.
Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0
Reading symbols from /usr/lib/libpangocairo-1.0.so.0...done.
Loaded symbols for /usr/lib/libpangocairo-1.0.so.0
Reading symbols from /usr/lib/libpango-1.0.so.0...done.
Loaded symbols for /usr/lib/libpango-1.0.so.0
Reading symbols from /usr/lib/libcairo.so.2...done.
Loaded symbols for /usr/lib/libcairo.so.2
Reading symbols from /usr/lib/libgobject-2.0.so.0...done.
Loaded symbols for /usr/lib/libgobject-2.0.so.0
Reading symbols from /usr/lib/libgmodule-2.0.so.0...done.
Loaded symbols for /usr/lib/libgmodule-2.0.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /usr/lib/libglib-2.0.so.0...done.
Loaded symbols for /usr/lib/libglib-2.0.so.0
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libSM.so.6...done.
Loaded symbols for /usr/lib/libSM.so.6
Reading symbols from /usr/lib/libICE.so.6...done.
Loaded symbols for /usr/lib/libICE.so.6
Reading symbols from /usr/lib/libtiff.so.3...done.
Loaded symbols for /usr/lib/libtiff.so.3
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /usr/lib/libpng12.so.0...done.
Loaded symbols for /usr/lib/libpng12.so.0
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/lib/libgif.so.4...done.
Loaded symbols for /usr/lib/libgif.so.4
Reading symbols from /usr/lib/libXpm.so.4...done.
Loaded symbols for /usr/lib/libXpm.so.4
Reading symbols from /usr/lib/libX11.so.6...done.
Loaded symbols for /usr/lib/libX11.so.6
Reading symbols from /usr/lib/libXft.so.2...done.
Loaded symbols for /usr/lib/libXft.so.2
Reading symbols from /usr/lib/libXrender.so.1...done.
Loaded symbols for /usr/lib/libXrender.so.1
Reading symbols from /usr/lib/libfontconfig.so.1...done.
Loaded symbols for /usr/lib/libfontconfig.so.1
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/libfreetype.so.6
Reading symbols from /usr/lib/libasound.so.2...done.
Loaded symbols for /usr/lib/libasound.so.2
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libuuid.so.1...done.
Loaded symbols for /lib/libuuid.so.1
Reading symbols from /usr/lib/libXrandr.so.2...done.
Loaded symbols for /usr/lib/libXrandr.so.2
Reading symbols from /usr/lib/libXcursor.so.1...done.
Loaded symbols for /usr/lib/libXcursor.so.1
Reading symbols from /usr/lib/libpangoft2-1.0.so.0...done.
Loaded symbols for /usr/lib/libpangoft2-1.0.so.0
Reading symbols from /usr/lib/libXcomposite.so.1...done.
Loaded symbols for /usr/lib/libXcomposite.so.1
Reading symbols from /usr/lib/libXdamage.so.1...done.
Loaded symbols for /usr/lib/libXdamage.so.1
Reading symbols from /usr/lib/libXfixes.so.3...done.
Loaded symbols for /usr/lib/libXfixes.so.3
Reading symbols from /usr/lib/libexpat.so.1...done.
Loaded symbols for /usr/lib/libexpat.so.1
Reading symbols from /usr/lib/libdirectfb-1.2.so.0...done.
Loaded symbols for /usr/lib/libdirectfb-1.2.so.0
Reading symbols from /usr/lib/libfusion-1.2.so.0...done.
Loaded symbols for /usr/lib/libfusion-1.2.so.0
Reading symbols from /usr/lib/libdirect-1.2.so.0...done.
Loaded symbols for /usr/lib/libdirect-1.2.so.0
Reading symbols from /usr/lib/libglitz-glx.so.1...done.
Loaded symbols for /usr/lib/libglitz-glx.so.1
Reading symbols from /usr/lib/libglitz.so.1...done.
Loaded symbols for /usr/lib/libglitz.so.1
Reading symbols from /usr/lib/opengl/xorg-x11/lib/libGL.so.1...done.
Loaded symbols for //usr//lib/opengl/xorg-x11/lib/libGL.so.1
Reading symbols from /usr/lib/libXmu.so.6...done.
Loaded symbols for /usr/lib/libXmu.so.6
Reading symbols from /usr/lib/libXt.so.6...done.
Loaded symbols for /usr/lib/libXt.so.6
Reading symbols from /usr/lib/libXext.so.6...done.
Loaded symbols for /usr/lib/libXext.so.6
Reading symbols from /usr/lib/libXi.so.6...done.
Loaded symbols for /usr/lib/libXi.so.6
Reading symbols from /usr/lib/libXau.so.6...done.
Loaded symbols for /usr/lib/libXau.so.6
Reading symbols from /usr/lib/libXdmcp.so.6...done.
Loaded symbols for /usr/lib/libXdmcp.so.6
Reading symbols from /usr/lib/libpixman-1.so.0...done.
Loaded symbols for /usr/lib/libpixman-1.so.0
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libjbig.so...done.
Loaded symbols for /usr/lib/libjbig.so
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /usr/lib/libXxf86vm.so.1...done.
Loaded symbols for /usr/lib/libXxf86vm.so.1
Reading symbols from /usr/lib/libdrm.so.2...done.
Loaded symbols for /usr/lib/libdrm.so.2
Core was generated by `./temacs -batch -l loadup dump'.
Program terminated with signal 11, Segmentation fault.
[New process 30599]
#0  0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951
951		  memcpy (NEW_SECTION_H (nn).sh_offset + new_base,
DISPLAY = :0.0
TERM = xterm
Breakpoint 1 at 0x80fcb26: file emacs.c, line 432.
Breakpoint 2 at 0x8117246: file sysdep.c, line 1386.
gdb> bt full
#0  0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951
	src = <value optimized out>
	new_file = 0x5
	old_file = 0x4
	old_base = 0x2b890000 "\177ELF\001\001\001"
	new_base = 0x2be8c000 "\177ELF\001\001\001"
	old_file_h = <value optimized out>
	new_file_h = <value optimized out>
	new_program_h = (Elf32_Phdr *) 0x2be8c034
	old_section_h = (Elf32_Shdr *) 0x2be51c10
	new_section_h = (Elf32_Shdr *) 0x2c7eb530
	old_section_names = 0x2be51adb ""
	old_bss_addr = 0x82eb6e0
	new_bss_addr = <value optimized out>
	old_bss_size = <value optimized out>
	new_data2_size = 0x39d920
	new_data2_offset = 0x2a26e0
	n = 0x15
	nn = 0x15
	old_bss_index = 0x15
	old_sbss_index = 0xffffffff
	old_plt_index = 0xffffffff
	old_data_index = 0x14
	new_data2_index = 0x15
	stat_buf = {
  st_dev = 0x307, 
  __pad1 = 0x0, 
  __st_ino = 0x4264, 
  st_mode = 0x81ed, 
  st_nlink = 0x1, 
  st_uid = 0x1357, 
  st_gid = 0x119e, 
  st_rdev = 0x0, 
  __pad2 = 0x0, 
  st_size = 0x5fb6c6, 
  st_blksize = 0x1000, 
  st_blocks = 0x2ff8, 
  st_atim = {
    tv_sec = 0x48c1ef81, 
    tv_nsec = 0x0
  }, 
  st_mtim = {
    tv_sec = 0x48c1ef82, 
    tv_nsec = 0x0
  }, 
  st_ctim = {
    tv_sec = 0x48c1ef82, 
    tv_nsec = 0x0
  }, 
  st_ino = 0x4264
}
#1  0x080fc5bd in Fdump_emacs (filename=0x8680308, symfile=0x868048b) at emacs.c:2286
	tem = 0x842d8f9
	symbol = <value optimized out>
#2  0x0816b541 in Feval (form=0x846a175) at eval.c:2327
	numargs = <value optimized out>
	argvals = {0x868049b, 0x868048b, 0x0, 0x842dcb8, 0x7f84ed70, 0x7f84ecf8, 0x7f84ecc0, 0x2}
	args_left = 0x842d8c9
	i = 0x2
	fun = <value optimized out>
	val = <value optimized out>
	original_fun = <value optimized out>
	original_args = 0x846a15d
	funcar = <value optimized out>
	backtrace = {
  next = 0x7f84ed80, 
  function = 0x7f84ed08, 
  args = 0x7f84ecd0, 
  nargs = 0x2, 
  evalargs = 0x1, 
  debug_on_exit = 0x0
}
#3  0x0816b7ff in Fprogn (args=0x348) at eval.c:449
	val = 0xd8000
#4  0x0816b5ff in Feval (form=0x846b765) at eval.c:2271
	numargs = 0x348
	argvals = {0x42d8f9, 0x842bb15, 0x0, 0x7f84ee18, 0x7f84ee00, 0x7f84ed88, 0x7f84ed84, 0xffffffff}
	args_left = 0x846b60d
	i = <value optimized out>
	fun = <value optimized out>
	val = <value optimized out>
	original_fun = <value optimized out>
	original_args = 0x846b60d
	funcar = <value optimized out>
	backtrace = {
  next = 0x7f84ee00, 
  function = 0x7f84ed98, 
  args = 0x7f84ed94, 
  nargs = 0xffffffff, 
  evalargs = 0x0, 
  debug_on_exit = 0x0
}
#5  0x0816b5ff in Feval (form=0x842b97d) at eval.c:2271
	numargs = 0x348
	argvals = {0x846b765, 0x842d8c9, 0x7f84ee28, 0x8180a18, 0x8465c58, 0x843dc19, 0x7f84ee28, 0x816844f}
	args_left = 0x846b76d
	i = <value optimized out>
	fun = <value optimized out>
	val = <value optimized out>
	original_fun = <value optimized out>
	original_args = 0x846b76d
	funcar = <value optimized out>
	backtrace = {
  next = 0x7f84f220, 
  function = 0x7f84ee18, 
  args = 0x7f84ee14, 
  nargs = 0xffffffff, 
  evalargs = 0x0, 
  debug_on_exit = 0x0
}
#6  0x0818364c in readevalloop (readcharfun=0x843dc19, stream=0x8465c58, sourcename=0x84658ab, evalfun=0x816b040 <Feval>, printflag=0x0, unibyte=0x842d8c9, readfun=0x842d8c9, start=0x842d8c9, end=0x842d8c9) at lread.c:1559
	c = <value optimized out>
	val = 0x842b97d
	b = (struct buffer *) 0x0
	continue_reading_p = 0x1
	whole_buffer = 0x0
	first_sexp = 0x0
#7  0x08184947 in Fload (file=0x846582b, noerror=0x842d8c9, nomessage=0x842d8c9, nosuffix=0x842d8c9, must_suffix=0x842d8c9) at lread.c:1027
	stream = <value optimized out>
	fd = 0x3
	found = <value optimized out>
	efound = <value optimized out>
	hist_file_name = 0x84658ab
	newer = 0x0
	compiled = 0x0
	handler = <value optimized out>
	safe_p = 0x1
	tmp = {0x842d8c9, 0x846589b}
#8  0x0816b4e7 in Feval (form=0x842a385) at eval.c:2338
	numargs = <value optimized out>
	argvals = {0x846582b, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0xb, 0x0, 0x0}
	args_left = 0x842d8c9
	i = 0x5
	fun = <value optimized out>
	val = <value optimized out>
	original_fun = <value optimized out>
	original_args = 0x842a37d
	funcar = <value optimized out>
	backtrace = {
  next = 0x0, 
  function = 0x7f84f238, 
  args = 0x7f84f200, 
  nargs = 0x1, 
  evalargs = 0x1, 
  debug_on_exit = 0x0
}
#9  0x08104403 in top_level_2 () at keyboard.c:1339
No locals.
#10 0x08168fa2 in internal_condition_case (bfun=0x81043f0 <top_level_2>, handlers=0x8438a89, hfun=0x8107f80 <cmd_error>) at eval.c:1484
	val = <value optimized out>
	c = {
  tag = 0x842d8c9, 
  val = 0x842d8c9, 
  next = 0x7f84f380, 
  gcpro = 0x0, 
  jmp = {{
      __jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f348, 0x884af267, 0xacb0f488}, 
      __mask_was_saved = 0x0, 
      __saved_mask = {
        __val = {0x7f84f340, 0x2aac7658, 0x804f59a, 0xa8428197, 0x0, 0x0, 0xb <repeats 18 times>, 0x2b4d4c2c, 0x2b318a90, 0xb, 0x69cb120, 0x2aac6fc4, 0x2aac7658, 0x1, 0x7f84f350}
      }
    }}, 
  backlist = 0x0, 
  handlerlist = 0x0, 
  lisp_eval_depth = 0x0, 
  pdlcount = 0x2, 
  poll_suppress_count = 0x1, 
  interrupt_input_blocked = 0x0, 
  byte_stack = 0x0
}
	h = {
  handler = 0x8438a89, 
  var = 0x842d8c9, 
  chosen_clause = 0x1, 
  tag = 0x7f84f26c, 
  next = 0x0
}
#11 0x0810737e in top_level_1 () at keyboard.c:1347
No locals.
#12 0x0816907c in internal_catch (tag=0x8437ba1, func=0x8107330 <top_level_1>, arg=0x842d8c9) at eval.c:1224
	c = {
  tag = 0x8437ba1, 
  val = 0x842d8c9, 
  next = 0x0, 
  gcpro = 0x0, 
  jmp = {{
      __jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f448, 0x8848d267, 0xac8eec88}, 
      __mask_was_saved = 0x0, 
      __saved_mask = {
        __val = {0xb, 0xb, 0xb, 0xb, 0x81d92e0, 0xa, 0x7d0, 0x7f84f3e8, 0x8151e5b, 0x84627cc, 0x82defc1, 0xa, 0x845ada0, 0x8435540, 0x845ada1, 0x7f84f428, 0x815a9a6, 0x845ada1, 0x845a37a, 0x842d8c9, 0x8435540, 0x9, 0x9, 0x842d8e1, 0x2, 0x845a378, 0x845a37a, 0x9, 0x0, 0x845ada1, 0x1, 0x7f84f468}
      }
    }}, 
  backlist = 0x0, 
  handlerlist = 0x0, 
  lisp_eval_depth = 0x0, 
  pdlcount = 0x2, 
  poll_suppress_count = 0x1, 
  interrupt_input_blocked = 0x0, 
  byte_stack = 0x0
}
#13 0x08107dba in command_loop () at keyboard.c:1304
No locals.
#14 0x08108157 in recursive_edit_1 () at keyboard.c:1007
	val = <value optimized out>
#15 0x08108249 in Frecursive_edit () at keyboard.c:1068
	buffer = <value optimized out>
#16 0x080fd96f in main (argc=0x5, argv=0x7f84f864) at emacs.c:1770
	dummy = 0x7f84f7b8
	stack_bottom_variable = 0x8
	do_initial_setlocale = <value optimized out>
	skip_args = 0x3
	rlim = {
  rlim_cur = 0xffffffffffffffff, 
  rlim_max = 0xffffffffffffffff
}
	no_loadup = 0x0
	junk = 0x0

Lisp Backtrace:
"dump-emacs" (0x868049b)
"if" (0x846b60d)
"if" (0x846b76d)
"load" (0x846582b)
gdb> 




[-- Attachment #3: Type: message/rfc822, Size: 998 bytes --]

From: Chong Yidong <cyd@stupidchicken.com>
To: 443-done@emacsbugs.donarmstrong.com, 900-done@emacsbugs.donarmstrong.com
Subject: Re: temacs segmentation fault in unexec under Linux 2.6.26
Date: Thu, 23 Oct 2008 18:18:59 -0400
Message-ID: <874p33rm3w.fsf@cyd.mit.edu>

Since Jan has fixed this in the trunk (2008-10-21 checkin), I'm closing
this bug.