From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail From: Pip Cet Newsgroups: gmane.emacs.bugs Subject: bug#39962: 27.0.90; Crash in Emacs 27.0.90 Date: Tue, 17 Mar 2020 13:54:05 +0000 Message-ID: References: <24162.58107.725366.668639@cochabamba.vanoostrum.org> <83y2s48yn7.fsf@gnu.org> <83zhck6obg.fsf@gnu.org> <83r1xv73ze.fsf@gnu.org> <83imj5bdct.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="00000000000028576905a10d479f" Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202"; logging-data="86519"; mail-complaints-to="usenet@ciao.gmane.io" Cc: eggert@cs.ucla.edu, 39962@debbugs.gnu.org To: Pieter van Oostrum Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Mar 17 14:55:16 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jECgd-000MN5-Va for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 17 Mar 2020 14:55:16 +0100 Original-Received: from localhost ([::1]:33206 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jECgc-0008IW-Pe for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 17 Mar 2020 09:55:14 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:33238) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jECgR-0008HN-U4 for bug-gnu-emacs@gnu.org; Tue, 17 Mar 2020 09:55:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jECgQ-0001Iu-PE for bug-gnu-emacs@gnu.org; Tue, 17 Mar 2020 09:55:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:60565) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jECgQ-0001IR-Ly for bug-gnu-emacs@gnu.org; Tue, 17 Mar 2020 09:55:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jECgQ-0007HN-LN for bug-gnu-emacs@gnu.org; Tue, 17 Mar 2020 09:55:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Pip Cet Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 17 Mar 2020 13:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39962 X-GNU-PR-Package: emacs Original-Received: via spool by 39962-submit@debbugs.gnu.org id=B39962.158445329327950 (code B ref 39962); Tue, 17 Mar 2020 13:55:02 +0000 Original-Received: (at 39962) by debbugs.gnu.org; 17 Mar 2020 13:54:53 +0000 Original-Received: from localhost ([127.0.0.1]:38303 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jECgG-0007Gk-Ku for submit@debbugs.gnu.org; Tue, 17 Mar 2020 09:54:52 -0400 Original-Received: from mail-oi1-f176.google.com ([209.85.167.176]:42720) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jECgD-0007GT-ML for 39962@debbugs.gnu.org; Tue, 17 Mar 2020 09:54:50 -0400 Original-Received: by mail-oi1-f176.google.com with SMTP id 13so12854110oiy.9 for <39962@debbugs.gnu.org>; Tue, 17 Mar 2020 06:54:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xCuLvMn3LKAkMVQ/RdkWxm1qDs2ZycXTdFrD4Fec33M=; b=EhpgXPQdV26kwl5WLHFzICuzcJjYUoIE9dzK8xEXNL3fupwlVsA6nD2WThj5c457M9 mOViKZwn72J/NaSI77jLlkw2pzr4IG/WYbohiy5o6eQpJEvtgxczPUqIzbcRaGWFGYXB i8NyfUSLxWlj0IfmIDzjqNnLqM8CpmetgVi7w6BE5wwTig/cA4moPn4QnyM+qbAGqREh rHNOy7vdsvwryCiB7yICTKDibOh2yHz08ROagn93og+deVee8Wys0V4MnIkv7xuH8ZLA QfUvgPN43T1ps3dvcHiT9DiD7RDTQcxwRtKzNABpqPMGvt/MUZ4RwCpCRAaG0BJpKvxG YSvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xCuLvMn3LKAkMVQ/RdkWxm1qDs2ZycXTdFrD4Fec33M=; b=hvUrNQOERTlKuR2eaBvhqdq1DyiOzSovhK7f7k2CYvo63PpsRtNxgGo0afVgqbTziA vQiiIh03UKfoWyg9T691Knv78AZb6eprsnNPBgjmWMAIqIKeLWow51HsjUFP0B8KDLU5 mtBvOxm4Cun7oyAmWMk8Oi/8TXWrP76lqA/m1MvxhPrFLu5gCSjb5qF/DR1uztba6iy/ HpN1AaO4uFyu3dO++l/2RvIyhWK/aTX6DD0PDB5A9HlFJycsBLB1A0NXXFMcXgM46J08 hUr1Syainh8ArdMTOz+r2M/NCYqGVDaKqxIJvK1nn6P6Fmu6ECgSxBJ+9jyCXSQpAHWV TdMQ== X-Gm-Message-State: ANhLgQ0BsWuhsXPTkLVt3uPW+7XzMJ5MOuGu4uT7sot9v7JL6A14AXiM IswhNLBwj2FA/egQZmzilvkDXnze9IyHBXcH41k= X-Google-Smtp-Source: ADFU+vs7Yzp6w4WM3Ep7SVjxGqDjr4ozNmodPnVYkeoVr7HfMy8XncfcGo7t94smuJsB0FkZZYVKblyze6/JFpWMN6o= X-Received: by 2002:a54:4396:: with SMTP id u22mr3654851oiv.128.1584453284018; Tue, 17 Mar 2020 06:54:44 -0700 (PDT) In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:177450 Archived-At: --00000000000028576905a10d479f Content-Type: text/plain; charset="UTF-8" On Tue, Mar 17, 2020 at 8:45 AM Pieter van Oostrum wrote: > Pip Cet writes: > > On Tue, Mar 17, 2020 at 4:54 AM Pip Cet wrote: > >> m has not been set; it would have been set to 0x12590f570; can you > >> print out the memory at that address? (x/32gx 0x12590f570) > > > > Actually, regardless of whether the pseudovector type is poisoned or > > zero, It's zero. > > it would be good to dump that entire vector block (x/512gx > > 0x12590f000) > 0x12590f3f0: 0x0000000000000006 0x0000000000000000 > 0x12590f400: 0x000000000d4269c0 0x0000000000000000 I'm suspicious about this "symbol". Is 0xd4269c0 a valid lisp value? > 0x12590f430: 0x0000000000000002 0x0000000000008df0 > 0x12590f440: 0x0000000005757688 0xa5a5a5a5a5a5a5a5 This vector is weird. The first entry is a symbol, but the second entry looks invalid to me: all other symbols are aligned to 16-byte boundaries, and I don't think 0x5757688 is even a valid pointer. Can you check which symbol corresponds to 0x8df0 in your build? It should be the one with 757 in its define line in globals.h # define Qlibpng_version builtin_lisp_symbol (757) > 0x12590f520: 0x4000000002002000 0x0000000200000003 > 0x12590f530: 0x000000011de53fc0 0xa5a5a5a5a5a5a5a5 A real-life bignum! Can you print x/2gx 0x11de53fc0 so we figure out what its value is? (And what's creating bignums in your session?) > 0x12590f540: 0x4000000003005000 0x000000015b8a3b30 > 0x12590f550: 0xa5a5a5a5a5a5a5a4 0x000000016082a820 > 0x12590f560: 0x0000000000014ba0 0x0000000000014ba0 > 0x12590f570: 0x0000000000000000 0x000000015b8a3b30 That's our corrupt word. > 0x12590fbf0: 0x00000001079ffc00 0x0000000000000000 And that's the end of the vector block. If you want to, you can try the attached patch and see whether it produces anything poisoned rather than merely corrupt. Thanks again! --00000000000028576905a10d479f Content-Type: text/x-patch; charset="US-ASCII"; name="0001-more-debugging.patch" Content-Disposition: attachment; filename="0001-more-debugging.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_k7vyi6hr0 RnJvbSBiYTYzYTE3NDc5NTE4ODE0OGI1ZjgwYjQ5OWRhNzIxYzI3ZjQ5YzE3IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBQaXAgQ2V0IDxwaXBjZXRAZ21haWwuY29tPgpEYXRlOiBUdWUs IDE3IE1hciAyMDIwIDEzOjUxOjMxICswMDAwClN1YmplY3Q6IFtQQVRDSF0gbW9yZSBkZWJ1Z2dp bmcKCi0tLQogc3JjL2FsbG9jLmMgfCAxMSArKysrKysrKysrLQogMSBmaWxlIGNoYW5nZWQsIDEw IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1naXQgYS9zcmMvYWxsb2MuYyBi L3NyYy9hbGxvYy5jCmluZGV4IDQ2OWM0NDQ1YmIuLjAwMTZkNzU2ODkgMTAwNjQ0Ci0tLSBhL3Ny Yy9hbGxvYy5jCisrKyBiL3NyYy9hbGxvYy5jCkBAIC03MTEsNiArNzExLDggQEAgeG1hbGxvYyAo c2l6ZV90IHNpemUpCiAgIGlmICghdmFsICYmIHNpemUpCiAgICAgbWVtb3J5X2Z1bGwgKHNpemUp OwogICBNQUxMT0NfUFJPQkUgKHNpemUpOworICBpZiAodmFsKQorICAgIG1lbXNldCAodmFsLCAw eGFhLCBzaXplKTsKICAgcmV0dXJuIHZhbDsKIH0KIApAQCAtMTMwMSw3ICsxMzAzLDEwIEBAIGxt YWxsb2MgKHNpemVfdCBzaXplKQogICAgIHsKICAgICAgIHZvaWQgKnAgPSBtYWxsb2MgKHNpemUp OwogICAgICAgaWYgKGxhbGlnbmVkIChwLCBzaXplKSkKLQlyZXR1cm4gcDsKKwl7CisJICBtZW1z ZXQgKHAsIDB4NWEsIHNpemUpOworCSAgcmV0dXJuIHA7CisJfQogICAgICAgZnJlZSAocCk7CiAg ICAgICBzaXplX3QgYmlnZ2VyID0gc2l6ZSArIExJU1BfQUxJR05NRU5UOwogICAgICAgaWYgKHNp emUgPCBiaWdnZXIpCkBAIC0zMDk1LDYgKzMxMDAsNyBAQCBzd2VlcF92ZWN0b3JzICh2b2lkKQog I2lmbmRlZiBHQ19NQUxMT0NfQ0hFQ0sKIAkgIG1lbV9kZWxldGUgKG1lbV9maW5kIChibG9jay0+ ZGF0YSkpOwogI2VuZGlmCisJICBtZW1zZXQgKGJsb2NrLCAweDU1LCBWRUNUT1JfQkxPQ0tfQllU RVMpOwogCSAgeGZyZWUgKGJsb2NrKTsKIAl9CiAgICAgICBlbHNlCkBAIC0zMTQwLDYgKzMxNDYs NyBAQCAjZGVmaW5lIFZFQ1RPUl9FTFRTX01BWCBcCiBzdGF0aWMgc3RydWN0IExpc3BfVmVjdG9y ICoKIGFsbG9jYXRlX3ZlY3Rvcmxpa2UgKHB0cmRpZmZfdCBsZW4pCiB7CisgIGVhc3NlcnQgKCFn Y19pbl9wcm9ncmVzcyk7CiAgIGVhc3NlcnQgKDAgPCBsZW4gJiYgbGVuIDw9IFZFQ1RPUl9FTFRT X01BWCk7CiAgIHB0cmRpZmZfdCBuYnl0ZXMgPSBoZWFkZXJfc2l6ZSArIGxlbiAqIHdvcmRfc2l6 ZTsKICAgc3RydWN0IExpc3BfVmVjdG9yICpwOwpAQCAtNTg2OSw2ICs1ODc2LDggQEAgZ2FyYmFn ZV9jb2xsZWN0ICh2b2lkKQogICBpZiAoZ2FyYmFnZV9jb2xsZWN0aW9uX2luaGliaXRlZCkKICAg ICByZXR1cm47CiAKKyAgZWFzc2VydCAoIWdjX2luX3Byb2dyZXNzKTsKKwogICAvKiBSZWNvcmQg dGhpcyBmdW5jdGlvbiwgc28gaXQgYXBwZWFycyBvbiB0aGUgcHJvZmlsZXIncyBiYWNrdHJhY2Vz LiAgKi8KICAgcmVjb3JkX2luX2JhY2t0cmFjZSAoUUF1dG9tYXRpY19HQywgMCwgMCk7CiAKLS0g CjIuMjUuMQoK --00000000000028576905a10d479f--