[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SIGSEGV on cons_free_list in alloc.c
|
From: |
Juri Linkov |
|
Subject: |
SIGSEGV on cons_free_list in alloc.c |
|
Date: |
Fri, 25 Feb 2005 11:32:32 +0200 |
|
User-agent: |
Gnus/5.110002 (No Gnus v0.2) Emacs/22.0.50 (gnu/linux) |
I started to get crashes on cons_free_list. They happen immediately
after running Emacs. I had two crashes some days ago, but had no time
to debug them. Today I got third such crash, and debugged it.
It occurs when cons_free_list contains a wrong address. But at the point
where it crashes, it is too late to see how the wrong address was added
to the cons_free_list.
These crashes are not easily reproducible. I tried several times to
repeat exactly the same sequence (booting, logging in, starting Emacs),
but Emacs doesn't crash. Maybe this bug is related to Emacs memory
management, and while the kernel allocates memory on different
addresses after every boot, Emacs crashes only on some definite
addresses. And faulty RAM is not the culprit. I tested memory
for errors with memtest86+, and all memory is good.
So the question is how to intercept code that places a wrong
address to cons_free_list. I see that there is a function
check_cons_list with code inside #ifdef GC_CHECK_CONS_LIST,
but there are no places where this function is called.
I see that in
http://lists.gnu.org/archive/html/emacs-pretest-bug/2004-07/msg00102.html
Richard proposed a patch that causes the crash to occur sooner
at four places in eval and funcall.
I guess these check_cons_list function calls should be installed
in CVS inside #ifdef GC_CHECK_CONS_LIST blocks?
So that everyone who get such crashes could set GC_CHECK_CONS_LIST to 1
to try to get them sooner than now.
This crash happened in "GNU Emacs 22.0.50 (i686-pc-linux-gnu) of 2005-02-23"
while loading the tool-bar.elc file. A GDB session is below:
Program received signal SIGSEGV, Segmentation fault.
Fcons (car=0, cdr=0) at alloc.c:2680
2680 cons_free_list = *(struct Lisp_Cons **)&cons_free_list->cdr;
(gdb) xbt
"tool-bar-mode"
"command-line"
"normal-top-level"
(gdb) bt
#0 Fcons (car=0, cdr=0) at alloc.c:2680
#1 0x0815f390 in read_list (flag=0, readcharfun=137430033) at lread.c:3050
#2 0x0815dbab in read1 (readcharfun=137430033, pch=0xbfffe94c,
first_in_list=0) at lread.c:1957
#3 0x0815f358 in read_list (flag=0, readcharfun=137430033) at lread.c:2916
#4 0x0815dbab in read1 (readcharfun=137430033, pch=0xbfffea5c,
first_in_list=0) at lread.c:1957
#5 0x0815f358 in read_list (flag=0, readcharfun=137430033) at lread.c:2916
#6 0x0815dbab in read1 (readcharfun=137430033, pch=0xbfffeb6c,
first_in_list=0) at lread.c:1957
#7 0x0815f358 in read_list (flag=0, readcharfun=137430033) at lread.c:2916
#8 0x0815dbab in read1 (readcharfun=137430033, pch=0xbfffec7c,
first_in_list=0) at lread.c:1957
#9 0x0815f358 in read_list (flag=0, readcharfun=137430033) at lread.c:2916
#10 0x0815dbab in read1 (readcharfun=137430033, pch=0xbfffed8c,
first_in_list=0) at lread.c:1957
#11 0x0815f358 in read_list (flag=0, readcharfun=137430033) at lread.c:2916
#12 0x0815dbab in read1 (readcharfun=137430033, pch=0xbfffee80,
first_in_list=0) at lread.c:1957
#13 0x0815d3a1 in read0 (readcharfun=137350361) at lread.c:1596
#14 0x0815d26d in read_internal_start (stream=137430033, start=137350361,
end=137350361) at lread.c:1579
#15 0x0815ce01 in readevalloop (readcharfun=137430033, stream=0x83e8408,
sourcename=138022395, evalfun=0x8146c40 <Feval>, printflag=0,
unibyte=137350361,
readfun=137350361) at lread.c:1388
#16 0x0815bc81 in Fload (file=138022395, noerror=137350361,
nomessage=137350361, nosuffix=137350361, must_suffix=137350409) at lread.c:916
#17 0x08146b55 in do_autoload (fundef=138072437, funname=138015729) at
eval.c:1975
#18 0x081479ce in Ffuncall (nargs=2, args=0xbffff150) at eval.c:2840
#19 0x08170aae in Fbyte_code (bytestr=139406729, vector=1,
maxdepth=-1073745584) at bytecode.c:686
#20 0x08147f23 in funcall_lambda (fun=136833116, nargs=0,
arg_vector=0xbffff294) at eval.c:2967
#21 0x08147a0d in Ffuncall (nargs=1, args=0xbffff290) at eval.c:2837
#22 0x08170aae in Fbyte_code (bytestr=0, vector=0, maxdepth=-1073745264) at
bytecode.c:686
#23 0x08147f23 in funcall_lambda (fun=136828076, nargs=0,
arg_vector=0xbffff35c) at eval.c:2967
#24 0x08147da8 in apply_lambda (fun=137350361, args=1, eval_flag=1) at
eval.c:2889
#25 0x08146df6 in Feval (form=136828076) at eval.c:2188
#26 0x080e4a53 in top_level_2 () at keyboard.c:1328
#27 0x08145dee in internal_condition_case (bfun=0x80e4a40 <top_level_2>,
handlers=137411353, hfun=0x80e46d0 <cmd_error>) at eval.c:1385
#28 0x080e4a91 in top_level_1 () at keyboard.c:1336
#29 0x0814592b in internal_catch (tag=137350361, func=0x80e4a60 <top_level_1>,
arg=137350361) at eval.c:1144
#30 0x080e49af in command_loop () at keyboard.c:1293
#31 0x080e4434 in recursive_edit_1 () at keyboard.c:991
#32 0x080e4571 in Frecursive_edit () at keyboard.c:1052
#33 0x080e2add in main (argc=3, argv=0xbffffa84) at emacs.c:1766
(gdb) p cons_free_list
$1 = (struct Lisp_Cons *) 0xd9081a9a
(gdb) p *cons_free_list
Cannot access memory at address 0xd9081a9a
(gdb) i local
val = 137591489
(gdb) p val
$5 = 137591489
(gdb) xty
Lisp_Symbol
(gdb) xsy
$6 = (struct Lisp_Symbol *) 0x8337ac0
"epoch::version"
(gdb) fr 16
#16 0x0815bc81 in Fload (file=138022395, noerror=137350361,
nomessage=137350361, nosuffix=137350361, must_suffix=137350409) at lread.c:916
916 readevalloop (Qget_file_char, stream, file, Feval, 0, Qnil, Qnil);
(gdb) p file
$5 = 138022395
(gdb) xty
Lisp_String
(gdb) xstr
$6 = (struct Lisp_String *) 0x83a0df8
"tool-bar"
--
Juri Linkov
http://www.jurta.org/emacs/
- SIGSEGV on cons_free_list in alloc.c,
Juri Linkov <=