From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gerd =?UTF-8?Q?M=C3=B6llmann?= Newsgroups: gmane.emacs.bugs Subject: bug#68690: Segmentation fault building with native-comp Date: Wed, 24 Jan 2024 20:52:49 +0100 Message-ID: References: <87wmryel78.fsf@pub.pink> <86zfwud5cv.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="20271"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: john muhl , 68690@debbugs.gnu.org, Stefan Monnier To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Jan 24 20:54:28 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rSjKN-0004xk-9i for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 24 Jan 2024 20:54:27 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rSjJv-0008Ac-SW; Wed, 24 Jan 2024 14:53:59 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rSjJt-0008AO-PX for bug-gnu-emacs@gnu.org; Wed, 24 Jan 2024 14:53:57 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rSjJt-0000cs-CT for bug-gnu-emacs@gnu.org; Wed, 24 Jan 2024 14:53:57 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rSjJy-00021B-4s for bug-gnu-emacs@gnu.org; Wed, 24 Jan 2024 14:54:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 24 Jan 2024 19:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68690 X-GNU-PR-Package: emacs Original-Received: via spool by 68690-submit@debbugs.gnu.org id=B68690.17061259867686 (code B ref 68690); Wed, 24 Jan 2024 19:54:02 +0000 Original-Received: (at 68690) by debbugs.gnu.org; 24 Jan 2024 19:53:06 +0000 Original-Received: from localhost ([127.0.0.1]:46657 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rSjJ3-0001zu-G2 for submit@debbugs.gnu.org; Wed, 24 Jan 2024 14:53:06 -0500 Original-Received: from mail-ej1-x62f.google.com ([2a00:1450:4864:20::62f]:42109) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rSjJ0-0001zO-RD for 68690@debbugs.gnu.org; Wed, 24 Jan 2024 14:53:03 -0500 Original-Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-a313b51cf1fso5409266b.0 for <68690@debbugs.gnu.org>; Wed, 24 Jan 2024 11:52:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706125971; x=1706730771; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mc1FiomrlGyHs/6cpyuxQEgoj+wY9woMRAixCXteDkI=; b=OPWUXkyHIQWLRYfWFB5/mqZeyGG3k46sPd/RJsm/fa8/OlaD8tFB2/WtPzg5862JBA 5GuYUomxvGaQ1WdUVlrwtYsGPYYxPFeTFo/huCxd/Wct+btvt+QzkAZlE0uNR46ZNLNI ODER0cl3ybcIZirp02BX9b+4NDgztj7bOSFV9FgTiYoKbFkEFyW9VQN6UfnAD7AokcLP D6fmJDYkXLfVTfGEECn9ddI2S2vrmV1vLWPqW8siSLZhwVS07Io7w1hFYsxBQ3gkDWIw CPfvcnOMS9qqJ0CS4rsNuWsJxBOtPLOiZKMlD1jNAQ0DIREwnh11h+8M4ahV/FKhgV3Q +nUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706125971; x=1706730771; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=mc1FiomrlGyHs/6cpyuxQEgoj+wY9woMRAixCXteDkI=; b=xPRl9+o/bxSM9/nC200Ww/9/nYRJ9AQj80hmZ4ShdmUm7g1oon/XXMNYGRHJ9v1xAL u/lSvVqhlSX+zEtorHaXmVPG4ASs9cWxeqr1BX0TPFgzdU2qvEkb6hNk635xuRHf4UTZ GjQn/xTqL//Kt6hAWZfCtHJiLbp0PcQB1E92yrqaBYIb4EobFoo60XNWZs/agjQYq0n1 nDN45w51wZUGZuqQ6knzssqkuEGz4/Pk6Ux5kbk3X2r8Dteg48LvSouyB8rrXAeNNHM4 cNxAzfb3m2GA8Xdconvp15r+5vSZ0PUvczpJs/546Qi8tASkP8KbfhTegkaiS8CVpa7/ fipA== X-Gm-Message-State: AOJu0YxMHFrsnhrqPtcA6PnL/Ei2cO4p3ZbKH/T3wf/kdpW2Wq/ZYuKA tk8ZnlENN6+cB5cyTZ5jXMC0zI7X/J6WHA4rnJv3FFT0WZNg6XqQeck8j/tR X-Google-Smtp-Source: AGHT+IG0PT++ICyHi3itcqpJs4JKWJN0Q1B8XzuX/idGqoxA1dKkAX8aieRxPk7iQohuWPZcE4sPww== X-Received: by 2002:a17:906:ba87:b0:a31:61ad:c94f with SMTP id cu7-20020a170906ba8700b00a3161adc94fmr149056ejd.12.1706125970944; Wed, 24 Jan 2024 11:52:50 -0800 (PST) Original-Received: from Pro.fritz.box (p4fe3acfb.dip0.t-ipconnect.de. [79.227.172.251]) by smtp.gmail.com with ESMTPSA id nc18-20020a1709071c1200b00a2ca97242d5sm200853ejc.120.2024.01.24.11.52.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 11:52:50 -0800 (PST) In-Reply-To: <86zfwud5cv.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 24 Jan 2024 19:10:56 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:278813 Archived-At: Eli Zaretskii writes: >> Date: Wed, 24 Jan 2024 08:36:15 -0600 >> From: john muhl via "Bug reports for GNU Emacs, >> the Swiss army knife of text editors" >>=20 >> Bisect says 3018c6e7ba5 is the first bad commit. A build using >> =E2=80=98--without-native-compilation=E2=80=99 works fine. The segfault = can be >> reproduced on Fedora 39 and Debian testing. >>=20 >> make bootstrap >> =E2=80=A6 >> make -C ../lisp compile-first EMACS=3D"../src/bootstrap-emacs" >> make[3]: Entering directory '/home/jm/src/emacs-0/lisp' >> ELC+ELN emacs-lisp/macroexp.elc >> ELC+ELN emacs-lisp/cconv.elc >> ELC+ELN emacs-lisp/byte-opt.elc >> ELC+ELN emacs-lisp/bytecomp.elc >> ELC+ELN emacs-lisp/comp.elc >> ELC+ELN emacs-lisp/comp-cstr.elc >> ELC+ELN emacs-lisp/comp-common.elc >> ELC+ELN emacs-lisp/comp-run.elc >> ELC+ELN emacs-lisp/loaddefs-gen.elc >> ELC+ELN emacs-lisp/radix-tree.elc >>=20 >> Backtrace: >> ../src/bootstrap-emacs[0x57863b] >> ../src/bootstrap-emacs[0x42651e] > > Adding Stefan, who installed that commit. FWIW, in an ASAN build, I see an abort. This is with 1f3371b46e8a6a51f88c56785175b48af2a0bed7, on macOS. ELC+ELN emacs-lisp/macroexp.elc =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D32930=3D=3DERROR: AddressSanitizer: heap-use-after-free on address 0x= 60c0000353e0 at pc 0x000102b3fc97 bp 0x7ff7bdaf7250 sp 0x7ff7bdaf7248 READ of size 8 at 0x60c0000353e0 thread T0 #0 0x102b3fc96 in Fmaphash fns.c:5665 #1 0x102b062c8 in funcall_subr eval.c:3092 #2 0x102bf85af in exec_byte_code bytecode.c:815 #3 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135 #4 0x102b0766b in funcall_lambda eval.c:3207 #5 0x102b05b80 in funcall_general eval.c:2972 #6 0x102af5c86 in Ffuncall eval.c:3022 #7 0x102b3fdee in Fmaphash fns.c:5666 #8 0x102b062c8 in funcall_subr eval.c:3092 #9 0x102bf85af in exec_byte_code bytecode.c:815 #10 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135 #11 0x102b0766b in funcall_lambda eval.c:3207 #12 0x102b05b80 in funcall_general eval.c:2972 #13 0x102af5c86 in Ffuncall eval.c:3022 #14 0x102af238f in eval_sub eval.c:2497 #15 0x102af4477 in Fprogn eval.c:432 #16 0x102af429d in Fif eval.c:388 #17 0x102af1ecc in eval_sub eval.c:2476 #18 0x102af4477 in Fprogn eval.c:432 #19 0x102af46ae in Fcond eval.c:412 #20 0x102af1ecc in eval_sub eval.c:2476 #21 0x102af4477 in Fprogn eval.c:432 #22 0x102af908b in FletX eval.c:972 #23 0x102af1ecc in eval_sub eval.c:2476 #24 0x102af4477 in Fprogn eval.c:432 #25 0x102af4754 in prog_ignore eval.c:443 #26 0x102afa345 in Fwhile eval.c:1061 #27 0x102af1ecc in eval_sub eval.c:2476 #28 0x102af4477 in Fprogn eval.c:432 #29 0x102af908b in FletX eval.c:972 #30 0x102af1ecc in eval_sub eval.c:2476 #31 0x102af4477 in Fprogn eval.c:432 #32 0x102af1ecc in eval_sub eval.c:2476 #33 0x102af4244 in Fif eval.c:387 #34 0x102af1ecc in eval_sub eval.c:2476 #35 0x102af4477 in Fprogn eval.c:432 #36 0x102af9d17 in Flet eval.c:1040 #37 0x102af1ecc in eval_sub eval.c:2476 #38 0x102af4477 in Fprogn eval.c:432 #39 0x102af9d17 in Flet eval.c:1040 #40 0x102af1ecc in eval_sub eval.c:2476 #41 0x102af4477 in Fprogn eval.c:432 #42 0x102b07db5 in funcall_lambda eval.c:3287 #43 0x102b03941 in apply_lambda eval.c:3157 #44 0x102af3d68 in eval_sub eval.c:2615 #45 0x102af4477 in Fprogn eval.c:432 #46 0x102af9d17 in Flet eval.c:1040 #47 0x102af1ecc in eval_sub eval.c:2476 #48 0x102af4477 in Fprogn eval.c:432 #49 0x102b07db5 in funcall_lambda eval.c:3287 #50 0x102b03941 in apply_lambda eval.c:3157 #51 0x102af3d68 in eval_sub eval.c:2615 #52 0x102afb992 in Funwind_protect eval.c:1321 #53 0x102af1ecc in eval_sub eval.c:2476 #54 0x102af4477 in Fprogn eval.c:432 #55 0x102af9d17 in Flet eval.c:1040 #56 0x102af1ecc in eval_sub eval.c:2476 #57 0x102af4477 in Fprogn eval.c:432 #58 0x102af429d in Fif eval.c:388 #59 0x102af1ecc in eval_sub eval.c:2476 #60 0x102af4477 in Fprogn eval.c:432 #61 0x102b07db5 in funcall_lambda eval.c:3287 #62 0x102b03941 in apply_lambda eval.c:3157 #63 0x102af3d68 in eval_sub eval.c:2615 #64 0x102b02223 in Feval eval.c:2389 #65 0x1028d087a in top_level_2 keyboard.c:1173 #66 0x102afd8e8 in internal_condition_case eval.c:1537 #67 0x1028d06e0 in top_level_1 keyboard.c:1185 #68 0x102afb4b5 in internal_catch eval.c:1217 #69 0x10288e149 in command_loop keyboard.c:1134 #70 0x10288db6d in recursive_edit_1 keyboard.c:744 #71 0x10288eb2c in Frecursive_edit keyboard.c:827 #72 0x1028867be in main emacs.c:2624 #73 0x7ff808461385 in start+0x795 (dyld:x86_64+0xfffffffffff5c385) 0x60c0000353e0 is located 96 bytes inside of 128-byte region [0x60c00003538= 0,0x60c000035400) freed by thread T0 here: #0 0x1052b0e16 in free+0xa6 (libclang_rt.asan_osx_dynamic.dylib:x86_64h= +0xe0e16) #1 0x102eca876 in rpl_free free.c:48 #2 0x102a567bf in xfree alloc.c:831 #3 0x102a5eada in hash_table_free_bytes alloc.c:5653 #4 0x102b3b781 in maybe_resize_hash_table fns.c:4723 #5 0x102b3ae12 in hash_put fns.c:4864 #6 0x102b3fa6f in Fputhash fns.c:5639 #7 0x102b06416 in funcall_subr eval.c:3094 #8 0x102bf85af in exec_byte_code bytecode.c:815 #9 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135 #10 0x102b0766b in funcall_lambda eval.c:3207 #11 0x102b05b80 in funcall_general eval.c:2972 #12 0x102af5c86 in Ffuncall eval.c:3022 #13 0x102b3fdee in Fmaphash fns.c:5666 #14 0x102b062c8 in funcall_subr eval.c:3092 #15 0x102bf85af in exec_byte_code bytecode.c:815 #16 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135 #17 0x102b0766b in funcall_lambda eval.c:3207 #18 0x102b05b80 in funcall_general eval.c:2972 #19 0x102af5c86 in Ffuncall eval.c:3022 #20 0x102b3fdee in Fmaphash fns.c:5666 #21 0x102b062c8 in funcall_subr eval.c:3092 #22 0x102bf85af in exec_byte_code bytecode.c:815 #23 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135 #24 0x102b0766b in funcall_lambda eval.c:3207 #25 0x102b05b80 in funcall_general eval.c:2972 #26 0x102af5c86 in Ffuncall eval.c:3022 #27 0x102af238f in eval_sub eval.c:2497 #28 0x102af4477 in Fprogn eval.c:432 #29 0x102af429d in Fif eval.c:388 previously allocated by thread T0 here: #0 0x1052b0ccd in malloc+0x9d (libclang_rt.asan_osx_dynamic.dylib:x86_6= 4h+0xe0ccd) #1 0x102a564bd in lmalloc alloc.c:1402 #2 0x102a563d6 in xmalloc alloc.c:772 #3 0x102a5ea87 in hash_table_alloc_bytes alloc.c:5644 #4 0x102b3b295 in maybe_resize_hash_table fns.c:4700 #5 0x102b3ae12 in hash_put fns.c:4864 #6 0x102b3fa6f in Fputhash fns.c:5639 #7 0x102b06416 in funcall_subr eval.c:3094 #8 0x102bf85af in exec_byte_code bytecode.c:815 #9 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135 #10 0x102b0766b in funcall_lambda eval.c:3207 #11 0x102b05b80 in funcall_general eval.c:2972 #12 0x102af5c86 in Ffuncall eval.c:3022 #13 0x102b3fdee in Fmaphash fns.c:5666 #14 0x102b062c8 in funcall_subr eval.c:3092 #15 0x102bf85af in exec_byte_code bytecode.c:815 #16 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135 #17 0x102b0766b in funcall_lambda eval.c:3207 #18 0x102b05b80 in funcall_general eval.c:2972 #19 0x102af5c86 in Ffuncall eval.c:3022 #20 0x102af238f in eval_sub eval.c:2497 #21 0x102af4477 in Fprogn eval.c:432 #22 0x102af429d in Fif eval.c:388 #23 0x102af1ecc in eval_sub eval.c:2476 #24 0x102af4477 in Fprogn eval.c:432 #25 0x102af46ae in Fcond eval.c:412 #26 0x102af1ecc in eval_sub eval.c:2476 #27 0x102af4477 in Fprogn eval.c:432 #28 0x102af908b in FletX eval.c:972 #29 0x102af1ecc in eval_sub eval.c:2476 SUMMARY: AddressSanitizer: heap-use-after-free fns.c:5665 in Fmaphash Shadow bytes around the buggy address: 0x60c000035100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x60c000035180: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x60c000035200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x60c000035280: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x60c000035300: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa =3D>0x60c000035380: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd 0x60c000035400: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x60c000035480: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x60c000035500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x60c000035580: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x60c000035600: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07=20 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb =3D=3D32930=3D=3DABORTING Fatal error 6: Aborted