From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#12839: 24.3.50; Emacs aborts in GC
Date: Fri, 09 Nov 2012 00:05:28 +0200
Message-ID: <83zk2rzr6f.fsf@gnu.org>
References: <83625g10jw.fsf@gnu.org>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: plane.gmane.org
X-Trace: ger.gmane.org 1352412366 27823 80.91.229.3 (8 Nov 2012 22:06:06 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 8 Nov 2012 22:06:06 +0000 (UTC)
Cc: 12839@debbugs.gnu.org
To: dmantipov@yandex.ru
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Nov 08 23:06:13 2012
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1TWaEm-0004Ne-BF
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 08 Nov 2012 23:06:12 +0100
Original-Received: from localhost ([::1]:37180 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1TWaEd-0001t2-1i
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 08 Nov 2012 17:06:03 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:50916)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1TWaEa-0001st-8A
	for bug-gnu-emacs@gnu.org; Thu, 08 Nov 2012 17:06:01 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1TWaEZ-00047Q-0p
	for bug-gnu-emacs@gnu.org; Thu, 08 Nov 2012 17:06:00 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:46344)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1TWaEY-00047I-SL
	for bug-gnu-emacs@gnu.org; Thu, 08 Nov 2012 17:05:58 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1TWaEc-0002XE-Eb
	for bug-gnu-emacs@gnu.org; Thu, 08 Nov 2012 17:06:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 08 Nov 2012 22:06:02 +0000
Resent-Message-ID: <handler.12839.B12839.13524123339710@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 12839
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 12839-submit@debbugs.gnu.org id=B12839.13524123339710
	(code B ref 12839); Thu, 08 Nov 2012 22:06:02 +0000
Original-Received: (at 12839) by debbugs.gnu.org; 8 Nov 2012 22:05:33 +0000
Original-Received: from localhost ([127.0.0.1]:56595 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1TWaE8-0002WZ-UX
	for submit@debbugs.gnu.org; Thu, 08 Nov 2012 17:05:33 -0500
Original-Received: from mtaout20.012.net.il ([80.179.55.166]:41006)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <eliz@gnu.org>) id 1TWaE6-0002WQ-GB
	for 12839@debbugs.gnu.org; Thu, 08 Nov 2012 17:05:32 -0500
Original-Received: from conversion-daemon.a-mtaout20.012.net.il by
	a-mtaout20.012.net.il (HyperSendmail v2007.08) id
	<0MD600D00VSU5300@a-mtaout20.012.net.il> for
	12839@debbugs.gnu.org; Fri, 09 Nov 2012 00:05:24 +0200 (IST)
Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout20.012.net.il
	(HyperSendmail v2007.08) with ESMTPA id
	<0MD600CZ2W10V6H0@a-mtaout20.012.net.il>;
	Fri, 09 Nov 2012 00:05:24 +0200 (IST)
In-reply-to: <83625g10jw.fsf@gnu.org>
X-012-Sender: halo1@inter.net.il
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:66654
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/66654>

> Date: Thu, 08 Nov 2012 19:12:19 +0200
> From: Eli Zaretskii <eliz@gnu.org>
> 
> With the current trunk, the first GC in the "emacs -Q" session aborts.
> It doesn't matter what triggers the GC.  The backtrace is below.  Let
> me know if I can help finding the problem.
> 
>   #1  0x01233dad in emacs_abort () at w32fns.c:7766
>   #2  0x0100139c in terminate_due_to_signal (sig=22, backtrace_limit=2147483647)
>       at emacs.c:345
>   #3  0x01021d64 in die (
>       msg=0x154362c "assertion failed: (tmp) < VECTOR_MAX_FREE_LIST_INDEX",
>       file=0x1542dd1 "alloc.c", line=2864) at alloc.c:6483
>   #4  0x0101b1a8 in sweep_vectors () at alloc.c:2864

Looks like I'm talking to myself here, but on the faint hope that
someone does or will read this, here's some data:

  (gdb) r -Q
  Starting program: D:\gnu\bzr\emacs\trunk\src\oo\i386\emacs.exe -Q
  [New Thread 7964.0x1eac]
  [New Thread 7964.0x1c24]
  [New Thread 7964.0xdf0]

  alloc.c:2864: Emacs fatal error: assertion failed: (tmp) < VECTOR_MAX_FREE_LIST_INDEX

  Breakpoint 1, terminate_due_to_signal (sig=22, backtrace_limit=2147483647)
      at emacs.c:318
  318       signal (sig, SIG_DFL);
  (gdb) up
  #1  0x01021d64 in die (
      msg=0x154362c "assertion failed: (tmp) < VECTOR_MAX_FREE_LIST_INDEX",
      file=0x1542dd1 "alloc.c", line=2864) at alloc.c:6483
  6483      terminate_due_to_signal (SIGABRT, INT_MAX);
  (gdb) up
  #2  0x0101b1a8 in sweep_vectors () at alloc.c:2864
  2864                      SETUP_ON_FREE_LIST (vector, total_bytes, tmp);
  (gdb) l
  2859                       space was coalesced into the only free vector.  */
  2860                    free_this_block = 1;
  2861                  else
  2862                    {
  2863                      int tmp;
  2864                      SETUP_ON_FREE_LIST (vector, total_bytes, tmp);
  2865                    }
  2866                }
  2867            }
  2868
  (gdb) p total_bytes
  $1 = 223420624
  (gdb) p vector->header_size
  There is no member named header_size.
  (gdb) p vector->header.size
  $2 = 1166225408
  (gdb) p vector->header
  $3 = {
    size = 1166225408
  }

Looks like this vector is complete garbage.  And the same goes for the
first one on vector_blocks:

  (gdb) p (struct Lisp_Vector *)vector_blocks->data
  $5 = (struct Lisp_Vector *) 0x357e000
  (gdb) p ((struct Lisp_Vector *)vector_blocks->data)->header
  $6 = {
    size = 1275068420
  }

Also, a different, but related, crash:

  emacs -Q
  C-x 3
  M-x set-variable RET auto-hscroll-mode RET nil RET

This yields the following crash:

  Program received signal SIGSEGV, Segmentation fault.
  0x010201e5 in mark_object (arg=1325400077) at alloc.c:5722
  5722            if (VECTOR_MARKED_P (ptr))
  (gdb) l
  5717        case Lisp_Vectorlike:
  5718          {
  5719            register struct Lisp_Vector *ptr = XVECTOR (obj);
  5720            register ptrdiff_t pvectype;
  5721
  5722            if (VECTOR_MARKED_P (ptr))
  5723              break;
  5724
  5725    #ifdef GC_CHECK_MARKED_OBJECTS
  5726            m = mem_find (po);
  (gdb) p ptr
  $1 = (struct Lisp_Vector *) 0x4f000008
  (gdb) p *ptr
  Cannot access memory at address 0x4f000008

I hope this will make sense to someone.