[Bug: 21.5-b15] Gnus crash

================================================================ Dear Bug Team! I had just hit 'E' on a spam message when XEmacs crashed. This XEmacs is an experimental build to see whether I've broken anything recently.:-) It was built on a RedHat 9 machine with RedHat's gcc-3.2.2-5 package, using C++. Here's what XEmacs said on the way out: ------------------------------------------------------------------------ Fatal error: assertion failed, file /usr/src/xemacs/xemacs-21.5/src/print.c, line 1480, abort() Fatal error (6). Your files have been auto-saved. Use `M-x recover-session' to recover them. Your version of XEmacs was distributed with a PROBLEMS file that may describe your crash, and with luck a workaround. Please check it first, but do report the crash anyway. Please report this bug by invoking M-x report-emacs-bug, or by selecting `Send Bug Report' from the Help menu. If that won't work, send ordinary email to `crashes(a)xemacs.org&#39;. *MAKE SURE* to include this entire output from this crash, especially including the Lisp backtrace, as well as the XEmacs configuration from M-x describe-installation (or equivalently, the file `Installation' in the top of the build tree). *Please* try *hard* to obtain a C stack backtrace; without it, we are unlikely to be able to analyze the problem. Locate the core file produced as a result of this crash (often called `core' or `core.<process-id>', and located in the directory in which you started XEmacs or your home directory), and type gdb /usr/local/test/bin/xemacs core then type `where' at the debugger prompt. No GDB on your system? You may have DBX, or XDB, or SDB. (Ask your system administrator if you need help.) If no core file was produced, enable them (often with `ulimit -c unlimited') in case of future recurrance of the crash. Jerry interjects: My system (RedHat, tcsh) has "unlimit", but not "ulimit". Also, I'm pretty sure that "recurrance" should be "recurrence". <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Lisp backtrace follows: # (unwind-protect ...) # (unwind-protect ...) # (unwind-protect ...) # (unwind-protect ...) # (unwind-protect ...) # (unwind-protect ...) # (unwind-protect ...) # (unwind-protect ...) # bind (print-message-label) display-error((wrong-type-argument listp #<EMACS BUG: freed lrecord object 0x8c77adc Save your buffers immediately and please report this bug>) t) # bind (etype debug-on-error inhibit-quit error-object) command-error((wrong-type-argument listp #<EMACS BUG: freed lrecord object 0x8c77adc Save your buffers immediately and please report this bug>)) # (catch top-level ...) [1] Abort /usr/local/test/bin/xemacs (core dumped) ------------------------------------------------------------------------ That's a pretty useless backtrace. Is there some way I can arrange to get a backtrace from the point where the freed lrecord object is detected, instead of the point where the top-level command loop figures out that an error object is not a list? GDB says: ------------------------------------------------------------------------ (gdb) bt #0 0xffffe002 in ?? () #1 <signal handler called> #2 0xffffe002 in ?? () #3 0x42028b93 in abort () from /lib/tls/libc.so.6 #4 0x080e586b in really_abort () at /usr/src/xemacs/xemacs-21.5/src/emacs.c:4365 #5 0x080e46aa in assert_failed ( file=0x82fe5c0 "/usr/src/xemacs/xemacs-21.5/src/print.c", line=6, expr=0x6 <Address 0x6 out of bounds>) at /usr/src/xemacs/xemacs-21.5/src/emacs.c:3701 #6 0x081ed71f in printing_major_badness (printcharfun=0, badness_string=0x6 <Address 0x6 out of bounds>, type=137356736, val=0x6, badness=BADNESS_INTEGER_OBJECT) at /usr/src/xemacs/xemacs-21.5/src/print.c:1480 #7 0x081ed8cd in print_internal (obj=147290844, printcharfun=139642720, escapeflag=1) at /usr/src/xemacs/xemacs-21.5/src/print.c:1709 #8 0x081ebada in print_error_message (error_object=1, stream=139642720) at /usr/src/xemacs/xemacs-21.5/src/print.c:977 #9 0x081ebed0 in Fdisplay_error (error_object=0, stream=0) at /usr/src/xemacs/xemacs-21.5/src/print.c:1035 #10 0x080ece95 in Ffuncall (nargs=3, args=0x1) at /usr/src/xemacs/xemacs-21.5/src/eval.c:3866 #11 0x080a5bcf in execute_optimized_program(unsigned char const*, int, long*) ( program=0x8824880 "Æ\eÇ\032\r¢\034Ç\021Æ\211\020\026\035Ç\026\036\016\037«\004È \210É \210\r\026 ÊÇ!\210ËÇ\fÌa«\037Í\rA＠!«\025Î\rA＠GU¬\rÏ\rA＠ÎH!«\004Ъ\035Ѫ\032\fÒa«\004Òª\022\fÓs«\004Ôª\n\fÕa«\004Öª\002×\"\210Ø\rÆ\"\210Ù «\vÊÚ\016!\"\210ÛÜ!\210+Æ\207\220", stack_depth=2, constants_data=0x408211d4) at /usr/src/xemacs/xemacs-21.5/src/bytecode.c:603 #12 0x080f39bf in funcall_compiled_function (fun=1082847740, nargs=1, args=0xbfffd40c) at opaque.h:36 #13 0x080ecdcc in Ffuncall (nargs=2, args=0xbfffd408) at /usr/src/xemacs/xemacs-21.5/src/eval.c:3881 #14 0x080ee5a6 in call1 (fn=0, arg0=0) at /usr/src/xemacs/xemacs-21.5/src/eval.c:4487 #15 0x080e8931 in condition_case_1 (handlers=0, bfun=0x80b6e5a <command_loop_1>, barg=1081581016, hfun=0x80b6a96 <cmd_error>, harg=1081581016) at /usr/src/xemacs/xemacs-21.5/src/eval.c:1901 #16 0x080b6ba6 in command_loop_3 () at /usr/src/xemacs/xemacs-21.5/src/cmdloop.c:252 #17 0x080b6bc9 in command_loop_2 (dummy=1081581016) at /usr/src/xemacs/xemacs-21.5/src/cmdloop.c:263 #18 0x080e834f in internal_catch (tag=0, func=0x80b6bbe <command_loop_2>, arg=1081581016, threw=0x0, thrown_tag=0x0) at /usr/src/xemacs/xemacs-21.5/src/eval.c:1527 #19 0x080b6ca3 in initial_command_loop(long) (load_me=6) at /usr/src/xemacs/xemacs-21.5/src/cmdloop.c:301 #20 0x080e3123 in xemacs_21_5_b15_i686_pc_linux(int, char**, char**, int) ( argc=1, argv=0xbfffd774, envp=0xbfffd77c, restart=0) at /usr/src/xemacs/xemacs-21.5/src/emacs.c:2375 #21 0x080e3db4 in main (argc=0, argv=0x0, envp=0x0) at /usr/src/xemacs/xemacs-21.5/src/emacs.c:2867 #22 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6 (gdb) print *(struct lrecord_header *)0x8c77adc $2 = {type = 63, mark = 0, c_readonly = 1, lisp_readonly = 1, unused = 1824183} (gdb) x/16xw 0x8c77adc 0x8c77adc: 0xdeadbe3f 0xf73884b7 0xdeadbeef 0xdeadb806 0x8c77aec: 0x4074fbe0 0x40779dd8 0xdeadb806 0x08c91bcc 0x8c77afc: 0x40779dd8 0xdeadb806 0x0000105f 0x00001063 0x8c77b0c: 0xdeadb806 0x00000082 0x08c777d0 0xdeadbe3f ------------------------------------------------------------------------ Those last two commands were to take a peek at the supposedly free object. The first word, which is supposed to be the lrecord_header looked suspicious to me (note all the set bits in the "unused" part), hence the memory dump. It looks to me like it is not an lrecord_header at all, but a former 0xdeadbeef that had two of its bits zeroed. Many of the subsequent words also look like former 0xdeadbeef entries with some twiddled bits. Heap corruption? I'll keep the core file around for awhile in case anybody can think of anything useful I can do with it. ================================================================ System Info to help track down your bug: --------------------------------------- uname -a: Linux diannao.ittc.ku.edu 2.4.20-19.9custom #2 Fri Aug 1 10:41:37 CDT 2003 i686 i686 i386 GNU/Linux ../xemacs-21.5/configure '--xemacs-compiler=g++' '--prefix=/usr/local/test' '--mail-locking=lockf' '--with-pop' '--with-mule' '--with-xfs' '--with-dialogs=athena' '--with-widgets=athena' '--pdump' '--with-wmcommand' '--debug' '--use-kkcc' '--cflags=-march=pentium4 -msse2 -O2 -fno-strict-aliasing -ggdb -pipe' XEmacs 21.5-b15 "celery" (+CVS-20030920) configured for `i686-pc-linux'. Compilation / Installation: Source code location: /usr/src/xemacs/xemacs-21.5 Installation prefix: /usr/local/test Operating system description file: `s/linux.h' Machine description file: `m/intel386.h' Compiler: g++ -Wall -Wno-switch -Winline -Wmissing-prototypes -Wsign-compare -Wundef -Wstrict-prototypes -Wpacked -Weffc++ -march=pentium4 -msse2 -O2 -fno-strict-aliasing -ggdb -pipe Relocating allocator for buffers: no GNU version of malloc: yes - Using Doug Lea's new malloc from the GNU C Library. Window System: Compiling in support for the X window system: - X Windows headers location: /usr/X11R6/include - X Windows libraries location: /usr/X11R6/lib - Handling WM_COMMAND properly. Compiling in support for the Athena widget set: - Athena headers location: X11/Xaw - Athena library to link: Xaw Using Lucid menubars. Using Lucid scrollbars. Using Athena dialog boxes. Using Athena native widgets. TTY: Compiling in support for ncurses. Compiling in support for GPM (General Purpose Mouse). Images: Compiling in support for GIF images (builtin). Compiling in support for XPM images. Compiling in support for PNG images. Compiling in support for JPEG images. Compiling in support for TIFF images. Compiling in support for X-Face message headers. Sound: Compiling in support for sound (native). Databases: Compiling in support for Berkeley database. Compiling in support for LDAP. Compiling in support for PostgreSQL. - Using PostgreSQL header file: libpq-fe.h - Using PostgreSQL V7 bindings. Internationalization: Compiling in support for Mule (multi-lingual Emacs). Compiling in support for XIM (X11R5+ I18N input method). - Using Motif to provide XIM support. Compiling in support for Canna on Mule. Mail: Compiling in support for POP mail retrieval. Compiling in support for "lockf" mail spool file locking method. Other Features: Inhibiting IPv6 canonicalization at startup. Compiling in support for dynamic shared object modules. Using the new GC algorithms. Using the new portable dumper. Compiling in support for extra debugging code. WARNING: --------------------------------------------------------- WARNING: Compiling in support for runtime error checking. WARNING: XEmacs will run noticeably more slowly as a result. WARNING: Error checking is on by default for XEmacs beta releases. WARNING: --------------------------------------------------------- Load-Path Lisp Shadows: ---------------------- (/users/james/emacs/vcard /usr/local/test/lib/xemacs/xemacs-packages/lisp/gnus/vcard /usr/local/test/lib/xemacs/mule-packages/lisp/mule-base/china-util /usr/local/test/lib/xemacs-21.5-b15/lisp/mule/china-util /usr/local/test/lib/xemacs/mule-packages/lisp/mule-base/cyril-util /usr/local/test/lib/xemacs-21.5-b15/lisp/mule/cyril-util /usr/local/test/lib/xemacs/mule-packages/lisp/mule-base/ethio-util /usr/local/test/lib/xemacs-21.5-b15/lisp/mule/ethio-util /usr/local/test/lib/xemacs/mule-packages/lisp/mule-base/japan-util /usr/local/test/lib/xemacs-21.5-b15/lisp/mule/japan-util /usr/local/test/lib/xemacs/mule-packages/lisp/mule-base/korea-util /usr/local/test/lib/xemacs-21.5-b15/lisp/mule/korea-util /usr/local/test/lib/xemacs/mule-packages/lisp/mule-base/viet-util /usr/local/test/lib/xemacs-21.5-b15/lisp/mule/viet-util /usr/local/test/lib/xemacs/xemacs-packages/lisp/build/build-report /usr/local/test/lib/xemacs-21.5-b15/lisp/build-report /usr/local/test/lib/xemacs/mule-packages/lisp/mule-ucs/unicode /usr/local/test/lib/xemacs-21.5-b15/lisp/unicode) Installed XEmacs Packages: ------------------------- ((zenirc:version 1.13 :type regular) (xslt-process :version 1.11 :type regular) (xslide :version 1.08 :type regular) (xemacs-devel :version 1.58 :type single-file) (xemacs-base :version 1.78 :type regular) (x-symbol :version 4.41 :type regular) (w3 :version 1.28 :type regular) (vm :version 7.14 :type regular) (viper :version 1.36 :type regular) (view-process :version 1.12 :type regular) (vhdl :version 1.17 :type regular) (vc-cc :version 1.21 :type regular) (vc :version 1.37 :type regular) (tramp :version 1.16 :type regular) (tpu :version 1.12 :type regular) (tooltalk :version 1.13 :type regular) (tm :version 1.36 :type regular) (time :version 1.13 :type regular) (textools :version 1.14 :type regular) (text-modes :version 1.63 :type single-file) (texinfo :version 1.24 :type regular) (supercite :version 1.19 :type regular) (strokes :version 1.08 :type regular) (speedbar :version 1.26 :type regular) (sounds-wav :version 1.1 :type regular) (sounds-au :version 1.1 :type regular) (sml-mode :version 0.09 :type regular) (slider :version 1.13 :type regular) (sieve :version 1.13 :type regular) (sh-script :version 1.17 :type regular) (sgml :version 1.08 :type regular) (semantic :version 1.17 :type regular) (scheme :version 1.13 :type regular) (sasl :version 1.13 :type regular) (ruby-modes :version 1.01 :type regular) (rmail :version 1.13 :type regular) (reftex :version 1.3 :type regular) (python-modes :version 1.02 :type single-file) (psgml-dtds :version 1.02 :type regular) (psgml :version 1.41 :type regular) (ps-print :version 1.08 :type regular) (prog-modes :version 1 .83 :type single-file) Jerry interjects: What happened there? Overly narrow margins gone wild? <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< (pgg :version 1.03 :type regular) (perl-modes :version 1.04 :type single-file) (pcomplete :version 1.02 :type regular) (pcl-cvs :version 1.64 :type regular) (pc :version 1.25 :type single-file) (os-utils :version 1.32 :type single-file) (oo-browser :version 1.03 :type regular) (ocaml :version 0.04 :type regular) (net-utils :version 1.32 :type single-file) (mmm-mode :version 1.0 :type regular) (misc-games :version 1.16 :type single-file) (mine :version 1.14 :type regular) (mh-e :version 1.23 :type regular) (mew :version 1.17 :type regular) (mailcrypt :version 2.12 :type regular) (mail-lib :version 1.6 :type regular) (liece :version 1.12 :type regular) (jde :version 1.45 :type regular) (ispell :version 1.24 :type regular) (ilisp :version 1.32 :type regular) (igrep :version 1.1 :type regular) (idlwave :version 1.3 :type regular) (ibuffer :version 1.08 :type regular) (hyperbole :version 1.12 :type regular) (hm--html-menus :version 1.21 :type regular) (haskell-mode :version 1.05 :type regular) (gnus :version 1.71 :type regular) (gnats :version 1.15 :type regular) (games :version 1.14 :type regular) (fsf-compat :version 1.12 :type single-file) (frame-icon :version 1.09 :type regular) (fortran-modes :version 1.02 :type single-file) (forms :version 1.14 :type regular) (footnote :version 1.15 :type regular) (eudc :version 1.38 :type regular) (eterm :version 1.13 :type regular) (ess :version 1.04 :type regular) (eshell :version 1.05 :type regular) (emerge :version 1.09 :type regular) (elib :version 1.1 :type single-file) (eieio :version 1.04 :type regular) (efs :version 1.29 :type regular) (edt :version 1.12 :type regular) (edit-utils :version 2.07 :type single-file) (ediff :version 1.47 :type regular) (edebug :version 1.18 :type regular) (ecrypto :version 0.13 :type regular) (ecb :version 1.1 :type regular) (docbookide :version 0.06 :type regular) (dired :version 1.13 :type regular) (dictionary :version 1.12 :type regular) (debug :version 1.16 :type regular) (crisp :version 1.12 :type regular) (cookie :version 1.14 :type regular) (clearcase :version 1.06 :type regular) (cc-mode :version 1.39 :type regular) (calendar :version 1.21 :type regular) (calc :version 1.23 :type regular) (c-support :version 1.16 :type single-file) (build :version 1.1 :type regular) (bbdb :version 1.23 :type regular) (auctex :version 1.35 :type regular) (apel :version 1.26 :type regular) (ada :version 1.13 :type regular) (Sun :version 1.13 :type regular) (skk :version 1.23 :type regular) (mule-ucs :version 1.04 :type regular) (mule-base :version 1.43 :type regular) (lookup :version 1.13 :type regular) (locale :version 1.2 :type regular) (leim :version 1.21 :type regular) (latin-unity :version 1.07 :type regular) (egg-its :version 1.26 :type regular) (edict :version 1.15 :type regular)) Installed Modules: ----------------- Jerry interjects: That's a lie! I have the PostgreSQL and LDAP modules installed! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Features: -------- (xemacsbug shadow gnus-topic byte-optimize bytecomp byte-compile nnml nndraft nnmh time-stamp bbdb-gnus bbdb-snarf mail-extr bbdb-com gnus-agent gnus-srvr gnus-score score-mode nnvirtual gnus-msg nntp gnus-cache gnus-diary gnus-art mm-uu mml2015 pgg pgg-parse pgg-def mm-view nndiary gnus-sum gnus-group gnus-undo nnmail mail-source nnoo bbdb timezone gnus-audio gnus-start gnus-spec gnus-int gnus-range message mml mml-sec mml-smime smime dig mm-decode mm-bodies mm-encode mailcap lpr mail-parse rfc2045 rfc2231 rfc2047 qp ietf-drums mail-abbrevs sendmail rfc822 mailheader canlock gnus-win gnus gnus-ems gnus-xmas messagexmas nnheader nnheaderxm gnus-util netrc time-date parse-time mail-utils mm-util mail-prsvr wid-edit view-less view cc-mode cc-fonts cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs efs-cu gdb debug-toolbar paren blink-paren icomplete font-lock cus-face vc-hooks tramp-smb tramp regexp-opt executable advice advice-preload shell comint ring format-spec timer trampver tex-site ediff-hook jka-compr zenirc-autoloads xslt-process-autoloads xslide-autoloads xemacs-devel-autoloads xemacs-base-autoloads x-symbol-autoloads w3-autoloads vm-autoloads viper-autoloads view-process-autoloads vhdl-autoloads vc-cc-autoloads vc-autoloads tramp-autoloads tpu-autoloads tooltalk-autoloads tm-autoloads time-autoloads textools-autoloads text-modes-autoloads texinfo-autoloads supercite-autoloads strokes-autoloads speedbar-autoloads sounds-wav-autoloads sounds-au-autoloads sml-mode-autoloads slider-autoloads sieve-autoloads sh-script-autoloads sgml-autoloads semantic-autoloads scheme-autoloads sasl-autoloads ruby-modes-autoloads rmail-autoloads reftex-autoloads python-modes-autoloads psgml-dtds-autoloads psgml-autoloads ps-print-autoloads prog-modes-autoloads pgg-autoloads perl-modes-autoloads pcomplete-autoloads pcl-cvs-autoloads pc-autoloads os-utils-autoloads oo-browser-autoloads ocaml-autoloads net-utils-autoloads mmm-mode-autoloads misc-games-autoloads mine-autoloads mh-e-autoloads mew-autoloads mailcrypt-autoloads mail-lib-autoloads liece-autoloads jde-autoloads ispell-autoloads ilisp-autoloads igrep-autoloads idlwave-autoloads ibuffer-autoloads hyperbole-autoloads hm--html-menus-autoloads haskell-mode-autoloads gnus-autoloads gnats-autoloads games-autoloads fsf-compat-autoloads frame-icon-autoloads fortran-modes-autoloads forms-autoloads footnote-autoloads eudc-autoloads eterm-autoloads ess-autoloads eshell-autoloads emerge-autoloads elib-autoloads eieio-autoloads efs-autoloads edt-autoloads edit-utils-autoloads ediff-autoloads edebug-autoloads ecrypto-autoloads ecb-autoloads docbookide-autoloads dired-autoloads dictionary-autoloads debug-autoloads crisp-autoloads cookie-autoloads clearcase-autoloads cc-mode-autoloads calendar-autoloads calc-autoloads c-support-autoloads build-autoloads bbdb-autoloads auctex-autoloads apel-autoloads ada-autoloads Sun-autoloads skk-autoloads mule-ucs-autoloads mule-base-autoloads lookup-autoloads locale-autoloads leim-autoloads latin-unity-autoloads egg-its-autoloads edict-autoloads modules-autoloads mule-autoloads auto-autoloads loadhist rsz-minibuf auto-show fontl-hooks x-iso8859-1 canna-leim tibetan lao devanagari indian slovenian czech romanian ccl code-cmds gutter-items menubar-items x-menubar mode-motion mouse behavior itimer auto-save lisp-mode easymenu iso8859-1 page buff-menu lib-complete cus-file derived newcomment env text-props frame obsolete cus-start custom widget cl-extra mini-cl cl cl-19 packages backquote CANNA unicode lucid-scrollbars cut-buffer lucid-menubars athena-dialogs x c-balloon-help tty-frames tty toolbar native-sound scrollbar unix-processes multicast network-streams subprocesses modules menu-accelerator-support menubar berkeley-db md5 xemacs xim mule gutter tiff png gif jpeg xface xpm xbm lisp-float-type file-coding linux dialog devices window-system base64) Recent keystrokes: ----------------- o C-x C-f M-BS l i s p . BS / d i s a s s SPC SPC RET next next next next prior prior prior next next next C-down C-down C-down up up C-right right C-r C-w C-w C-r C-r C-r C-r C-s C-s C-s C-s C-s C-s C-a next prior prior prior next prior prior prior prior prior prior prior C-home C-x o q u i t RET C-x o C-x k RET C-x k RET C-x k RET C-x k RET C-x k RET C-x k RET C-x 0 C-x b RET button1 button1up misc-user misc-user Recent messages (most recent first): ----------------------------------- Fontifying *mail to XEmacs Beta*... done. Parsing /users/james/.mailrc... done Fontifying *mail to XEmacs Beta*... Parsing /users/james/.mailrc... Loading xemacsbug...done Loading xemacsbug... Loading gnus-topic...done Loading gnus-topic... Checking new news...done Opening nntp server on quimby.gnus.org...done Opening nntp server on quimby.gnus.org... Checking new news... Checking bogus newsgroups...done Reading active file via nnml...done Reading active file via nnml... Reading active file via nnml... Reading active file from news.cc.ku.edu via nntp...done Reading active file from news.cc.ku.edu via nntp... nntp read: 861k nntp read: 861k -- Jerry James http://www.ittc.ku.edu/~james/