From: "Gerd Möllmann" <gerd.moellmann@gmail.com>
To: Eli Zaretskii <eliz@gnu.org>
Cc: john muhl <jm@pub.pink>,
68690@debbugs.gnu.org, Stefan Monnier <monnier@iro.umontreal.ca>
Subject: bug#68690: Segmentation fault building with native-comp
Date: Wed, 24 Jan 2024 20:52:49 +0100 [thread overview]
Message-ID: <m2bk9abjam.fsf@Pro.fritz.box> (raw)
In-Reply-To: <86zfwud5cv.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 24 Jan 2024 19:10:56 +0200")
Eli Zaretskii <eliz@gnu.org> writes:
>> Date: Wed, 24 Jan 2024 08:36:15 -0600
>> From: john muhl via "Bug reports for GNU Emacs,
>> the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
>>
>> Bisect says 3018c6e7ba5 is the first bad commit. A build using
>> ‘--without-native-compilation’ works fine. The segfault can be
>> reproduced on Fedora 39 and Debian testing.
>>
>> make bootstrap
>> …
>> make -C ../lisp compile-first EMACS="../src/bootstrap-emacs"
>> make[3]: Entering directory '/home/jm/src/emacs-0/lisp'
>> ELC+ELN emacs-lisp/macroexp.elc
>> ELC+ELN emacs-lisp/cconv.elc
>> ELC+ELN emacs-lisp/byte-opt.elc
>> ELC+ELN emacs-lisp/bytecomp.elc
>> ELC+ELN emacs-lisp/comp.elc
>> ELC+ELN emacs-lisp/comp-cstr.elc
>> ELC+ELN emacs-lisp/comp-common.elc
>> ELC+ELN emacs-lisp/comp-run.elc
>> ELC+ELN emacs-lisp/loaddefs-gen.elc
>> ELC+ELN emacs-lisp/radix-tree.elc
>>
>> Backtrace:
>> ../src/bootstrap-emacs[0x57863b]
>> ../src/bootstrap-emacs[0x42651e]
>
> Adding Stefan, who installed that commit.
FWIW, in an ASAN build, I see an abort. This is with
1f3371b46e8a6a51f88c56785175b48af2a0bed7, on macOS.
ELC+ELN emacs-lisp/macroexp.elc
=================================================================
==32930==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000353e0 at pc 0x000102b3fc97 bp 0x7ff7bdaf7250 sp 0x7ff7bdaf7248
READ of size 8 at 0x60c0000353e0 thread T0
#0 0x102b3fc96 in Fmaphash fns.c:5665
#1 0x102b062c8 in funcall_subr eval.c:3092
#2 0x102bf85af in exec_byte_code bytecode.c:815
#3 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135
#4 0x102b0766b in funcall_lambda eval.c:3207
#5 0x102b05b80 in funcall_general eval.c:2972
#6 0x102af5c86 in Ffuncall eval.c:3022
#7 0x102b3fdee in Fmaphash fns.c:5666
#8 0x102b062c8 in funcall_subr eval.c:3092
#9 0x102bf85af in exec_byte_code bytecode.c:815
#10 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135
#11 0x102b0766b in funcall_lambda eval.c:3207
#12 0x102b05b80 in funcall_general eval.c:2972
#13 0x102af5c86 in Ffuncall eval.c:3022
#14 0x102af238f in eval_sub eval.c:2497
#15 0x102af4477 in Fprogn eval.c:432
#16 0x102af429d in Fif eval.c:388
#17 0x102af1ecc in eval_sub eval.c:2476
#18 0x102af4477 in Fprogn eval.c:432
#19 0x102af46ae in Fcond eval.c:412
#20 0x102af1ecc in eval_sub eval.c:2476
#21 0x102af4477 in Fprogn eval.c:432
#22 0x102af908b in FletX eval.c:972
#23 0x102af1ecc in eval_sub eval.c:2476
#24 0x102af4477 in Fprogn eval.c:432
#25 0x102af4754 in prog_ignore eval.c:443
#26 0x102afa345 in Fwhile eval.c:1061
#27 0x102af1ecc in eval_sub eval.c:2476
#28 0x102af4477 in Fprogn eval.c:432
#29 0x102af908b in FletX eval.c:972
#30 0x102af1ecc in eval_sub eval.c:2476
#31 0x102af4477 in Fprogn eval.c:432
#32 0x102af1ecc in eval_sub eval.c:2476
#33 0x102af4244 in Fif eval.c:387
#34 0x102af1ecc in eval_sub eval.c:2476
#35 0x102af4477 in Fprogn eval.c:432
#36 0x102af9d17 in Flet eval.c:1040
#37 0x102af1ecc in eval_sub eval.c:2476
#38 0x102af4477 in Fprogn eval.c:432
#39 0x102af9d17 in Flet eval.c:1040
#40 0x102af1ecc in eval_sub eval.c:2476
#41 0x102af4477 in Fprogn eval.c:432
#42 0x102b07db5 in funcall_lambda eval.c:3287
#43 0x102b03941 in apply_lambda eval.c:3157
#44 0x102af3d68 in eval_sub eval.c:2615
#45 0x102af4477 in Fprogn eval.c:432
#46 0x102af9d17 in Flet eval.c:1040
#47 0x102af1ecc in eval_sub eval.c:2476
#48 0x102af4477 in Fprogn eval.c:432
#49 0x102b07db5 in funcall_lambda eval.c:3287
#50 0x102b03941 in apply_lambda eval.c:3157
#51 0x102af3d68 in eval_sub eval.c:2615
#52 0x102afb992 in Funwind_protect eval.c:1321
#53 0x102af1ecc in eval_sub eval.c:2476
#54 0x102af4477 in Fprogn eval.c:432
#55 0x102af9d17 in Flet eval.c:1040
#56 0x102af1ecc in eval_sub eval.c:2476
#57 0x102af4477 in Fprogn eval.c:432
#58 0x102af429d in Fif eval.c:388
#59 0x102af1ecc in eval_sub eval.c:2476
#60 0x102af4477 in Fprogn eval.c:432
#61 0x102b07db5 in funcall_lambda eval.c:3287
#62 0x102b03941 in apply_lambda eval.c:3157
#63 0x102af3d68 in eval_sub eval.c:2615
#64 0x102b02223 in Feval eval.c:2389
#65 0x1028d087a in top_level_2 keyboard.c:1173
#66 0x102afd8e8 in internal_condition_case eval.c:1537
#67 0x1028d06e0 in top_level_1 keyboard.c:1185
#68 0x102afb4b5 in internal_catch eval.c:1217
#69 0x10288e149 in command_loop keyboard.c:1134
#70 0x10288db6d in recursive_edit_1 keyboard.c:744
#71 0x10288eb2c in Frecursive_edit keyboard.c:827
#72 0x1028867be in main emacs.c:2624
#73 0x7ff808461385 in start+0x795 (dyld:x86_64+0xfffffffffff5c385)
0x60c0000353e0 is located 96 bytes inside of 128-byte region [0x60c000035380,0x60c000035400)
freed by thread T0 here:
#0 0x1052b0e16 in free+0xa6 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0xe0e16)
#1 0x102eca876 in rpl_free free.c:48
#2 0x102a567bf in xfree alloc.c:831
#3 0x102a5eada in hash_table_free_bytes alloc.c:5653
#4 0x102b3b781 in maybe_resize_hash_table fns.c:4723
#5 0x102b3ae12 in hash_put fns.c:4864
#6 0x102b3fa6f in Fputhash fns.c:5639
#7 0x102b06416 in funcall_subr eval.c:3094
#8 0x102bf85af in exec_byte_code bytecode.c:815
#9 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135
#10 0x102b0766b in funcall_lambda eval.c:3207
#11 0x102b05b80 in funcall_general eval.c:2972
#12 0x102af5c86 in Ffuncall eval.c:3022
#13 0x102b3fdee in Fmaphash fns.c:5666
#14 0x102b062c8 in funcall_subr eval.c:3092
#15 0x102bf85af in exec_byte_code bytecode.c:815
#16 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135
#17 0x102b0766b in funcall_lambda eval.c:3207
#18 0x102b05b80 in funcall_general eval.c:2972
#19 0x102af5c86 in Ffuncall eval.c:3022
#20 0x102b3fdee in Fmaphash fns.c:5666
#21 0x102b062c8 in funcall_subr eval.c:3092
#22 0x102bf85af in exec_byte_code bytecode.c:815
#23 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135
#24 0x102b0766b in funcall_lambda eval.c:3207
#25 0x102b05b80 in funcall_general eval.c:2972
#26 0x102af5c86 in Ffuncall eval.c:3022
#27 0x102af238f in eval_sub eval.c:2497
#28 0x102af4477 in Fprogn eval.c:432
#29 0x102af429d in Fif eval.c:388
previously allocated by thread T0 here:
#0 0x1052b0ccd in malloc+0x9d (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0xe0ccd)
#1 0x102a564bd in lmalloc alloc.c:1402
#2 0x102a563d6 in xmalloc alloc.c:772
#3 0x102a5ea87 in hash_table_alloc_bytes alloc.c:5644
#4 0x102b3b295 in maybe_resize_hash_table fns.c:4700
#5 0x102b3ae12 in hash_put fns.c:4864
#6 0x102b3fa6f in Fputhash fns.c:5639
#7 0x102b06416 in funcall_subr eval.c:3094
#8 0x102bf85af in exec_byte_code bytecode.c:815
#9 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135
#10 0x102b0766b in funcall_lambda eval.c:3207
#11 0x102b05b80 in funcall_general eval.c:2972
#12 0x102af5c86 in Ffuncall eval.c:3022
#13 0x102b3fdee in Fmaphash fns.c:5666
#14 0x102b062c8 in funcall_subr eval.c:3092
#15 0x102bf85af in exec_byte_code bytecode.c:815
#16 0x102b0fd66 in fetch_and_exec_byte_code eval.c:3135
#17 0x102b0766b in funcall_lambda eval.c:3207
#18 0x102b05b80 in funcall_general eval.c:2972
#19 0x102af5c86 in Ffuncall eval.c:3022
#20 0x102af238f in eval_sub eval.c:2497
#21 0x102af4477 in Fprogn eval.c:432
#22 0x102af429d in Fif eval.c:388
#23 0x102af1ecc in eval_sub eval.c:2476
#24 0x102af4477 in Fprogn eval.c:432
#25 0x102af46ae in Fcond eval.c:412
#26 0x102af1ecc in eval_sub eval.c:2476
#27 0x102af4477 in Fprogn eval.c:432
#28 0x102af908b in FletX eval.c:972
#29 0x102af1ecc in eval_sub eval.c:2476
SUMMARY: AddressSanitizer: heap-use-after-free fns.c:5665 in Fmaphash
Shadow bytes around the buggy address:
0x60c000035100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x60c000035180: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x60c000035200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x60c000035280: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x60c000035300: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x60c000035380: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
0x60c000035400: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x60c000035480: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x60c000035500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x60c000035580: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x60c000035600: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==32930==ABORTING
Fatal error 6: Aborted
next prev parent reply other threads:[~2024-01-24 19:52 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-24 14:36 bug#68690: Segmentation fault building with native-comp john muhl via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-24 17:10 ` Eli Zaretskii
2024-01-24 19:52 ` Gerd Möllmann [this message]
2024-01-24 19:56 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-24 20:27 ` Eli Zaretskii
2024-01-24 23:59 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-25 10:26 ` Eli Zaretskii
2024-01-26 2:43 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-26 8:40 ` Eli Zaretskii
2024-01-26 9:26 ` Gerd Möllmann
2024-01-26 13:48 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-26 14:36 ` Eli Zaretskii
2024-01-26 15:51 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-26 14:30 ` Eli Zaretskii
2024-01-26 14:47 ` Gerd Möllmann
2024-01-26 14:55 ` Eli Zaretskii
2024-01-27 0:08 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-27 4:07 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-27 7:50 ` Eli Zaretskii
2024-01-27 14:45 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-26 10:18 ` Andreas Schwab
2024-01-26 13:49 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-26 14:50 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-25 5:33 ` Gerd Möllmann
2024-01-25 8:33 ` Gerd Möllmann
2024-01-25 15:58 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-25 18:12 ` Mattias Engdegård
2024-01-25 22:39 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-26 16:07 ` Mattias Engdegård
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2bk9abjam.fsf@Pro.fritz.box \
--to=gerd.moellmann@gmail.com \
--cc=68690@debbugs.gnu.org \
--cc=eliz@gnu.org \
--cc=jm@pub.pink \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.