From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail From: Pip Cet Newsgroups: gmane.emacs.bugs Subject: bug#39962: 27.0.90; Crash in Emacs 27.0.90 Date: Mon, 16 Mar 2020 17:19:52 +0000 Message-ID: References: <24162.58107.725366.668639@cochabamba.vanoostrum.org> <83y2s48yn7.fsf@gnu.org> <83zhck6obg.fsf@gnu.org> <83r1xv73ze.fsf@gnu.org> <83imj5bdct.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="0000000000003e1b2005a0fc09d5" Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202"; logging-data="35485"; mail-complaints-to="usenet@ciao.gmane.io" Cc: eggert@cs.ucla.edu, 39962@debbugs.gnu.org To: Pieter van Oostrum Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Mar 16 18:41:27 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jDtjx-00097r-TF for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 16 Mar 2020 18:41:26 +0100 Original-Received: from localhost ([::1]:44648 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jDtjw-0001XN-T0 for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 16 Mar 2020 13:41:24 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43462) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jDtQG-0007Cp-Gk for bug-gnu-emacs@gnu.org; Mon, 16 Mar 2020 13:21:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jDtQF-0004yg-Bs for bug-gnu-emacs@gnu.org; Mon, 16 Mar 2020 13:21:04 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:60094) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jDtQF-0004tP-60 for bug-gnu-emacs@gnu.org; Mon, 16 Mar 2020 13:21:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jDtQE-0004co-0r for bug-gnu-emacs@gnu.org; Mon, 16 Mar 2020 13:21:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Pip Cet Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 16 Mar 2020 17:21:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39962 X-GNU-PR-Package: emacs Original-Received: via spool by 39962-submit@debbugs.gnu.org id=B39962.158437923817722 (code B ref 39962); Mon, 16 Mar 2020 17:21:01 +0000 Original-Received: (at 39962) by debbugs.gnu.org; 16 Mar 2020 17:20:38 +0000 Original-Received: from localhost ([127.0.0.1]:37834 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jDtPp-0004bk-Vu for submit@debbugs.gnu.org; Mon, 16 Mar 2020 13:20:38 -0400 Original-Received: from mail-oi1-f178.google.com ([209.85.167.178]:34184) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jDtPo-0004bS-BU for 39962@debbugs.gnu.org; Mon, 16 Mar 2020 13:20:36 -0400 Original-Received: by mail-oi1-f178.google.com with SMTP id j5so2622298oij.1 for <39962@debbugs.gnu.org>; Mon, 16 Mar 2020 10:20:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ViCJmnoxPfkUNnsWfrr4sSkrttiqzGtJGayNbIo+wrI=; b=t8jB6esOo71sDBPvUxSkwV6v6if+/mUTRLO3eN2fg2qkXfAOEebNBQCBZPwBCmMyT+ KznX7ceG1CwWF5Ouv4MkslIRae/SZJjh+EjJlNIfwHNodOaHr3zqG/ngikCurIOOhNtT xWPxhVZnHMfeyVxPsvo3fyNt/8wUDUUNfB8SqWfnTfAlj+mX0z4cJO9i1s+HuuX3U2SI JymGy+3GqneF/YlesuOf0PHtiUoYI/6DqD2dE4PZqpGti1KkOzHbnj6AVHzC08Sludwp 58sqs2LK7H2XaOTN0G395/MzivvpvV9GHVzMVG4DD+uqTu9T7RxunFodeIFn3nyXPeZ2 QBGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ViCJmnoxPfkUNnsWfrr4sSkrttiqzGtJGayNbIo+wrI=; b=h2eTA47o0clHLDaZx7hmJbNjhA2+wVHqwDdQVv2jdUa6TJRS9f9mbmcr9H8UNm5XKt w7jxxnxcMIqxIRQCCYeGykRSqYT09EYW4DmM+p4Sx78nKfgW+2KefS9m+MogBsqV6HBe Z2tGc8MuIczcA6oCM85Ah5SGcWS7QboVZPfjLVIjL6zg4/ZnHozV+C9Pm2CwpH9U1BNi XJml0ugfa+pCMxtLYGpBR5DrgypUY59TcV9lpaSAGYuFwhWMUNCrJMz0/JGdwziqYlLb 4EUe+Cn50SofxGOyyz3ewOY/j025f/gnBsqtrbmDqM4zf5PkqW0IbhU1jkNr/LM77AQO T/lQ== X-Gm-Message-State: ANhLgQ38SJw60BH7peYbubB58SiDKkRyVFV3iVqLkvctBNPqpcSnLHV8 IKZIW3aeSH1wn/e4gf5SteZEFT5t+lanwOWLZuA= X-Google-Smtp-Source: ADFU+vutXvYjBUeAsYrFDjv9z6pRueapvr5jMxYujgGoMxpeHqNTDs271dzEwgnH9pde2TakMrq3W4AMWNJgjV5WYcE= X-Received: by 2002:aca:bb83:: with SMTP id l125mr416952oif.122.1584379230811; Mon, 16 Mar 2020 10:20:30 -0700 (PDT) In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:177420 Archived-At: --0000000000003e1b2005a0fc09d5 Content-Type: text/plain; charset="UTF-8" On Mon, Mar 16, 2020 at 3:33 PM Pip Cet wrote: > On Mon, Mar 16, 2020 at 10:44 AM Pieter van Oostrum > wrote: > > Pieter van Oostrum writes: > > > > (gdb) f 3 > > #3 0x00000001002b56e7 in mark_overlay (ptr=0x12c489030) at alloc.c:6213 > > 6213 set_vectorlike_marked (&XMARKER (ptr->end)->header); > > (gdb) p *ptr > > $9 = { > > header = { > > size = -4611686018360274941 > > }, > > start = XIL(0x12c488fc5), > > end = XIL(0), > > plist = XIL(0x11dc4e263), > > next = 0x12c488f30 > > } > > Can you show the entire small vector block containing 0x12c488fc0? > Something like > > x/1024gx 0x12c488000 > > should work. > > What I think happened is that the vector free list got corrupted > somehow, and two vectors believed they owned the memory location > 0x12c489040. Another thing we could try is poisoning the memory area used by a vector when we put it on the free list. Something like the attached patch might work. --0000000000003e1b2005a0fc09d5 Content-Type: text/x-patch; charset="US-ASCII"; name="0001-poison-memory-of-vectors-put-on-the-free-list.patch" Content-Disposition: attachment; filename="0001-poison-memory-of-vectors-put-on-the-free-list.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_k7uqfxtf0 RnJvbSA4MGYxM2I5MjYwMjA3OTYxNjUwOGJjMTcyNWQ1MzAyYmQ1M2U3MTk1IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBQaXAgQ2V0IDxwaXBjZXRAZ21haWwuY29tPgpEYXRlOiBNb24s IDE2IE1hciAyMDIwIDE3OjE4OjQ0ICswMDAwClN1YmplY3Q6IFtQQVRDSF0gcG9pc29uIG1lbW9y eSBvZiB2ZWN0b3JzIHB1dCBvbiB0aGUgZnJlZSBsaXN0CgotLS0KIHNyYy9hbGxvYy5jIHwgMSAr CiAxIGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRpb24oKykKCmRpZmYgLS1naXQgYS9zcmMvYWxsb2Mu YyBiL3NyYy9hbGxvYy5jCmluZGV4IDFjNmI2NjRiMjIuLjQ2OWM0NDQ1YmIgMTAwNjQ0Ci0tLSBh L3NyYy9hbGxvYy5jCisrKyBiL3NyYy9hbGxvYy5jCkBAIC0yODQyLDYgKzI4NDIsNyBAQCBzZXR1 cF9vbl9mcmVlX2xpc3QgKHN0cnVjdCBMaXNwX1ZlY3RvciAqdiwgcHRyZGlmZl90IG5ieXRlcykK ICAgZWFzc3VtZSAoaGVhZGVyX3NpemUgPD0gbmJ5dGVzKTsKICAgcHRyZGlmZl90IG53b3JkcyA9 IChuYnl0ZXMgLSBoZWFkZXJfc2l6ZSkgLyB3b3JkX3NpemU7CiAgIFhTRVRQVkVDVFlQRVNJWkUg KHYsIFBWRUNfRlJFRSwgMCwgbndvcmRzKTsKKyAgbWVtc2V0ICh2LT5jb250ZW50cywgMHhhNSwg bmJ5dGVzIC0gaGVhZGVyX3NpemUpOwogICBlYXNzZXJ0IChuYnl0ZXMgJSByb3VuZHVwX3NpemUg PT0gMCk7CiAgIHB0cmRpZmZfdCB2aW5kZXggPSBWSU5ERVggKG5ieXRlcyk7CiAgIGVhc3NlcnQg KHZpbmRleCA8IFZFQ1RPUl9NQVhfRlJFRV9MSVNUX0lOREVYKTsKLS0gCjIuMjUuMQoK --0000000000003e1b2005a0fc09d5--