From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#16603: 24.3.50; Segfault when viewing a backtrace Date: Fri, 07 Feb 2014 17:23:28 -0800 Message-ID: <87eh3ecs8f.fsf@building.gnus.org> References: <878utw28pl.fsf@building.gnus.org> <52EB4AB4.8040004@yandex.ru> <83eh3o7es6.fsf@gnu.org> <87ha8klgeq.fsf@building.gnus.org> <838utw7dj2.fsf@gnu.org> <878utnk2mr.fsf@building.gnus.org> <8738jvk2do.fsf@building.gnus.org> <52F47397.5030509@yandex.ru> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1391822711 20128 80.91.229.3 (8 Feb 2014 01:25:11 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 8 Feb 2014 01:25:11 +0000 (UTC) Cc: 16603@debbugs.gnu.org To: Dmitry Antipov Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Feb 08 02:25:18 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WBwfW-0007uc-4N for geb-bug-gnu-emacs@m.gmane.org; Sat, 08 Feb 2014 02:25:18 +0100 Original-Received: from localhost ([::1]:44436 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WBwfV-0007tX-L6 for geb-bug-gnu-emacs@m.gmane.org; Fri, 07 Feb 2014 20:25:17 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36627) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WBwfM-0007jF-Iz for bug-gnu-emacs@gnu.org; Fri, 07 Feb 2014 20:25:13 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WBwfH-00037x-Iu for bug-gnu-emacs@gnu.org; Fri, 07 Feb 2014 20:25:08 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:41549) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WBwfH-00037R-Dx for bug-gnu-emacs@gnu.org; Fri, 07 Feb 2014 20:25:03 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WBwfG-0005Sv-HP for bug-gnu-emacs@gnu.org; Fri, 07 Feb 2014 20:25:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 08 Feb 2014 01:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16603 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 16603-submit@debbugs.gnu.org id=B16603.139182269820999 (code B ref 16603); Sat, 08 Feb 2014 01:25:02 +0000 Original-Received: (at 16603) by debbugs.gnu.org; 8 Feb 2014 01:24:58 +0000 Original-Received: from localhost ([127.0.0.1]:55568 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WBwfA-0005SZ-3I for submit@debbugs.gnu.org; Fri, 07 Feb 2014 20:24:58 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:35098) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WBwf5-0005SO-TN for 16603@debbugs.gnu.org; Fri, 07 Feb 2014 20:24:54 -0500 Original-Received: from [204.14.154.233] (helo=building.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1WBwep-0002lz-R6; Sat, 08 Feb 2014 02:24:36 +0100 In-Reply-To: <52F47397.5030509@yandex.ru> (Dmitry Antipov's message of "Fri, 07 Feb 2014 09:48:07 +0400") User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.50 (gnu/linux) X-MailScanner-ID: 1WBwep-0002lz-R6 MailScanner-NULL-Check: 1392427476.94523@xzeMv16G9qf+cvsijYhIVQ X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:84843 Archived-At: Dmitry Antipov writes: > On 02/07/2014 07:50 AM, Lars Ingebrigtsen wrote: > >> Oops. No, it hasn't. Or... uhm... I got a backtrace once (so that's >> fine), but then Emacs segfaulted. > > Doesn't crash for me. At least I can walk through *Backtrace* buffer > and visit functions reported in the backtrace. Yeah, that works fine. But: >> #0 mem_insert (start=start@entry=0x2089000, end=end@entry=0x20893e0, >> type=type@entry=MEM_TYPE_CONS) at alloc.c:3850 > > This probably indicates a heap corruption. Could you please try > to reproduce this crash with temacs under valgrind? I tried two > times and there was nothing suspicious, BTW. If you select Rotem's article three times (jumping out of the backtrace the first two times), Emacs will segfault the third time. It seems to be totally reproducible for me. I don't know how much of the valgrind output to include. It's 15K lines. Before the crash, I get lots of the following: ==13139== Invalid read of size 8 ==13139== at 0x547BA7: unbind_to (eval.c:3299) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f315e8 is 1,352 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== ==13139== Invalid read of size 8 ==13139== at 0x547BBA: unbind_to (eval.c:3334) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f315f0 is 1,360 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== ==13139== Invalid read of size 8 ==13139== at 0x547BF7: unbind_to (eval.c:3313) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f31588 is 1,256 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== ==13139== Invalid read of size 8 ==13139== at 0x547AF7: unbind_to (eval.c:3307) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f31510 is 1,136 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== ==13139== Invalid read of size 8 ==13139== at 0x547AFB: unbind_to (eval.c:3307) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f31508 is 1,128 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== ==13139== Invalid read of size 8 ==13139== at 0x547B4F: unbind_to (eval.c:3299) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f31468 is 968 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== ==13139== Invalid read of size 8 ==13139== at 0x547B53: unbind_to (eval.c:3299) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f31478 is 984 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== ==13139== Invalid read of size 8 ==13139== at 0x547B57: unbind_to (eval.c:3299) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f31470 is 976 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== ==13139== Invalid read of size 8 ==13139== at 0x547C40: unbind_to (eval.c:3299) ==13139== by 0x547CB2: unwind_to_catch (eval.c:1165) ==13139== by 0x549B9E: Fthrow (eval.c:1195) ==13139== by 0x4E14F6: Ftop_level (keyboard.c:1209) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x54528F: Fcall_interactively (callint.c:836) ==13139== by 0x548E27: Ffuncall (eval.c:2820) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x548F89: call1 (eval.c:2612) ==13139== by 0x4E6F5C: command_loop_1 (keyboard.c:1552) ==13139== by 0x5472ED: internal_condition_case (eval.c:1352) ==13139== Address 0x21f313b0 is 784 bytes inside a block of size 65,536 free'd ==13139== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x547AFD: unbind_to (eval.c:3307) ==13139== by 0x48A5C9: decode_coding (coding.c:7468) ==13139== by 0x48EBB1: decode_coding_object (coding.c:8125) ==13139== by 0x490C54: code_convert_string (coding.c:9472) ==13139== by 0x508315: Fexpand_file_name (fileio.c:1178) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x507CD6: Fexpand_file_name (fileio.c:982) ==13139== by 0x567E41: openp (lread.c:1500) ==13139== by 0x56B0B5: Fload (lread.c:1137) ==13139== by 0x54A59F: Fautoload_do_load (eval.c:1968) ==13139== by 0x548BA2: Ffuncall (eval.c:2877) ==13139== Then when it actually crashes, this is what's output: valgrind: m_mallocfree.c:294 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed. valgrind: Heap block lo/hi size mismatch: lo = 65541, hi = 489626271855. This is probably caused by your program erroneously writing past the end of a heap block and corrupting heap metadata. If you fix any invalid writes reported by Memcheck, this assertion failure will probably go away. Please try that before reporting this as a bug. ==13139== at 0x38059B6F: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==13139== by 0x38059CB2: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==13139== by 0x38066556: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==13139== by 0x3802C465: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==13139== by 0x3802CA6B: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==13139== by 0x3802CC32: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==13139== by 0x3809F3AD: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==13139== by 0x380AE0FC: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) sched status: running_tid=1 Thread 1: status = VgTs_Runnable ==13139== at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13139== by 0x52DC0C: xmalloc (alloc.c:677) ==13139== by 0x5640C9: Fprin1 (print.c:560) ==13139== by 0x546D14: Fbacktrace (eval.c:3414) ==13139== by 0x548E4B: Ffuncall (eval.c:2810) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x54A05B: Fapply (eval.c:2352) ==13139== by 0x54A28F: apply1 (eval.c:2586) ==13139== by 0x54A435: call_debugger (eval.c:330) ==13139== by 0x5493AC: Fsignal (eval.c:1731) ==13139== by 0x549578: xsignal (eval.c:1586) ==13139== by 0x549C43: signal_error (eval.c:1641) ==13139== by 0x549CD1: grow_specpdl (eval.c:2030) ==13139== by 0x549DC5: specbind (eval.c:3145) ==13139== by 0x57C7E2: exec_byte_code (bytecode.c:881) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) ==13139== by 0x548C6A: Ffuncall (eval.c:2874) ==13139== by 0x57C81C: exec_byte_code (bytecode.c:919) ==13139== by 0x54890E: funcall_lambda (eval.c:3047) Thread 2: status = VgTs_WaitSys ==13139== at 0x3F49AEB7FD: ??? (in /usr/lib64/libc-2.17.so) ==13139== by 0x3F4BE480E3: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4BE481EB: g_main_context_iteration (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4BE48238: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4BE6C164: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4A207C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==13139== by 0x3F49AF5DBC: clone (in /usr/lib64/libc-2.17.so) Thread 3: status = VgTs_WaitSys ==13139== at 0x3F49AEB7FD: ??? (in /usr/lib64/libc-2.17.so) ==13139== by 0x3F4BE480E3: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4BE48549: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4D2C6DB5: ??? (in /usr/lib64/libgio-2.0.so.0.3600.3) ==13139== by 0x3F4BE6C164: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4A207C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==13139== by 0x3F49AF5DBC: clone (in /usr/lib64/libc-2.17.so) Thread 4: status = VgTs_WaitSys ==13139== at 0x3F49AEB7FD: ??? (in /usr/lib64/libc-2.17.so) ==13139== by 0x3F4BE480E3: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4BE481EB: g_main_context_iteration (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x208B79CC: ??? (in /usr/lib64/gio/modules/libdconfsettings.so) ==13139== by 0x3F4BE6C164: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3) ==13139== by 0x3F4A207C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==13139== by 0x3F49AF5DBC: clone (in /usr/lib64/libc-2.17.so) Note: see also the FAQ in the source distribution. It contains workarounds to several common problems. In particular, if Valgrind aborted or crashed after identifying problems in your program, there's a good chance that fixing those problems will prevent Valgrind aborting or crashing, especially if it happened in m_mallocfree.c. If that doesn't help, please report this bug to: www.valgrind.org In the bug report, send all the above text, the valgrind version, and what OS and version you are using. Thanks. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/