From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Pip Cet <pipcet@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#42832: 28.0.50;
 "Bus error" when compiling Emacs now on Debian bullseye
Date: Fri, 14 Aug 2020 14:24:48 +0000
Message-ID: <CAOqdjBcq56XCi6ecs-pY-2sM-45n7-nbo2g3cPi6yCOhLvKwHw@mail.gmail.com>
References: <878sejlrfd.fsf@gnus.org> <87zh6zk9m2.fsf@gnus.org>
 <87tux7k97r.fsf@gnus.org> <83364rog0t.fsf@gnu.org> <87lfijk7y4.fsf@gnus.org>
 <87h7t7k6ke.fsf@gnus.org> <87d03vk6am.fsf@gnus.org>
 <50a72536-c274-9a69-2b03-d82154f3e20c@cs.ucla.edu>
 <878sejk2wo.fsf@gnus.org>
 <CAOqdjBdukKOxo5U__QH4GRi8PFETx-9221NsOttAzdh69bbThg@mail.gmail.com>
 <874kp7jzsf.fsf@gnus.org>
 <CAOqdjBdngQ51Mc1jjOup8LKacTbho4bOg5wjvrgyOpQfSLRG9Q@mail.gmail.com>
 <87lfiig8hz.fsf@gnus.org> <87h7t6g8bt.fsf@gnus.org>
 <CAOqdjBcJxPPCBdZ0EJPf+HqxBFEPh3Xv1+eXHw_Q7CvyMVOW0g@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="6382"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 42832@debbugs.gnu.org, Paul Eggert <eggert@cs.ucla.edu>
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Aug 14 16:26:10 2020
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1k6aeo-0001Ym-BA
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 14 Aug 2020 16:26:10 +0200
Original-Received: from localhost ([::1]:37062 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1k6aen-0003jU-E6
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 14 Aug 2020 10:26:09 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36316)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1k6aeg-0003jJ-6k
 for bug-gnu-emacs@gnu.org; Fri, 14 Aug 2020 10:26:02 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:41860)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1k6aef-0008ST-UF
 for bug-gnu-emacs@gnu.org; Fri, 14 Aug 2020 10:26:01 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1k6aef-0000sG-Qz
 for bug-gnu-emacs@gnu.org; Fri, 14 Aug 2020 10:26:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Pip Cet <pipcet@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 14 Aug 2020 14:26:01 +0000
Resent-Message-ID: <handler.42832.B42832.15974151313321@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 42832
X-GNU-PR-Package: emacs
Original-Received: via spool by 42832-submit@debbugs.gnu.org id=B42832.15974151313321
 (code B ref 42832); Fri, 14 Aug 2020 14:26:01 +0000
Original-Received: (at 42832) by debbugs.gnu.org; 14 Aug 2020 14:25:31 +0000
Original-Received: from localhost ([127.0.0.1]:53406 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1k6aeB-0000rV-Jg
 for submit@debbugs.gnu.org; Fri, 14 Aug 2020 10:25:31 -0400
Original-Received: from mail-ot1-f45.google.com ([209.85.210.45]:43307)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@gmail.com>) id 1k6aeA-0000rJ-2W
 for 42832@debbugs.gnu.org; Fri, 14 Aug 2020 10:25:30 -0400
Original-Received: by mail-ot1-f45.google.com with SMTP id r21so7672560ota.10
 for <42832@debbugs.gnu.org>; Fri, 14 Aug 2020 07:25:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=4pqR6QXSij0FxpPntYrFxDmmXuJ5u9KEbWLmqKNIMm8=;
 b=iA0MGGTAUtb1XCXDEMSxN+qkUflvOmuCuCxfWfLX2SMdoDg6NV/P0sbdjVFBA5sGnv
 stHTCn6mujDVlwEp6GXGWX+5TIEC1YnHFOBDXpfVap3d1QHsZsaGvMbDLHt8r7ux6cNZ
 JAfYMYJ0BfzBrEZgPhO+H6l2Yorlds6/TtIefFHfuez4xG0gd5kFkMXsr8ySwqZNI8XR
 bc5DMomeCDvA/LbztZbsxuyGnQsRYY76rq4c+lCfHyNlquZeaFpQl74jJdqIM9ANZqqW
 fUNsl79qDs+9GUIWbhrccrJYapSWO45/UzK2P8hvEl6iHx1tAeMnhSj4kgeIOsDjU8CM
 8alA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=4pqR6QXSij0FxpPntYrFxDmmXuJ5u9KEbWLmqKNIMm8=;
 b=XORnmqBUuvcomvvM5MYhJp3nPG3b+cO1AQSYv/2EzDgN/vspZcvH2IX2ZD8h308t2E
 mf/wdhjpLJcznJTT8FEMa1gT7rQqQf6P4k1G9rnbt6Dk/qKwnp2quDpBoKehi71huiSC
 K87sYYMcrg9zBUNHB1+ZPqDWuFbJHfxVlTmrxLQDwZN24Xx3eAm3XLAuXMUSLTQwpFj0
 FEuFLs6ReeuqBiqL3xNbwfuqxYwzz8THFwsSrqquw7I517n/PqYaBVziiX5Z8O331XGy
 qEG/Og5j0tklmBD5bV8Jw3oeMbTpmaJ2erJ9P1K74W6qex9YWq43ur8/1B8drE84svgo
 lJ1g==
X-Gm-Message-State: AOAM530WrrIGyHIHWmZh0ImZB0QhabRWewsP5YnpesBE1GmFUB4WlLJi
 ojswZVJttL6VRS4QozLzh4zOOZo4QQ6P4miAG7g=
X-Google-Smtp-Source: ABdhPJzBaNhFfl9If1soZc/vRl7XEmZIJGyEvsLysnw5pTfKmq/IbYM8xVBoZ053amc23Q7htT5xjksrgB/AZMoGPbY=
X-Received: by 2002:a05:6830:13d1:: with SMTP id
 e17mr2140711otq.292.1597415124414; 
 Fri, 14 Aug 2020 07:25:24 -0700 (PDT)
In-Reply-To: <CAOqdjBcJxPPCBdZ0EJPf+HqxBFEPh3Xv1+eXHw_Q7CvyMVOW0g@mail.gmail.com>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:185114
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/185114>

On Thu, Aug 13, 2020 at 2:08 PM Pip Cet <pipcet@gmail.com> wrote:
> All that sounds to me like we ought to dig down into the core file and
> figure out what happened, since the issue is likely to remain present
> otherwise and it seems somewhat difficult to track down and reproduce.

I have a theory, and it sounds like a somewhat silly bug.

- there's a hash table h in the dumper image
- h->hash points to dynamically allocated storage (as it always does
after my patch)
- the last reference to the hash table dies
- garbage_collect is called and collects h->hash
- h->hash's storage is reallocated for a different vector with a
different start position
- a word (re)appears on the stack which looks like it's a pointer to h
(it isn't, actually)
- garbage_collect is called and calls mark_maybe_pointer(h)
- h is recognized as a pdumper object
- h->hash is marked
- we're now marking a word in the middle of the new vector that
occupies the space that h->hash used to occupy
- in our case, this word is 0xc000000018000005, which is interpreted
as a tagged pointer, dereferencing of which leads to SIGBUS

Is there something which I'm missing which would prevent this scenario?

If no, any ideas on how to fix it? The obvious fix would be to always
mark all pdumped objects, but that has a performance cost. Less
obvious would be clearing the memory in the pdumper image that belongs
to an object that's being "freed", or keeping track of which pdumper
objects are still valid after GC...