Segfault in master

Segfault in master

[David Kastrup]

I am getting a segfault in master when building:

CCLD     temacs
/bin/mkdir -p ../etc
: paxctl -r temacs
: setfattr -n user.pax.flags -v er temacs
make -C ../lisp update-subdirs
make[3]: Entering directory '/usr/local/tmp/emacs/lisp'
for file in `find . -type d -print`; do case $file in .*/cedet* | .*/leim* ) ;; *) wins="$wins${wins:+ }$file" ;; esac; done; \
for file in $wins; do \
   ./../build-aux/update-subdirs $file; \
done;
make[3]: Leaving directory '/usr/local/tmp/emacs/lisp'
./temacs --batch --load loadup bootstrap
Makefile:830: recipe for target 'bootstrap-emacs' failed
make[2]: *** [bootstrap-emacs] Segmentation fault (core dumped)
make[2]: Leaving directory '/usr/local/tmp/emacs/src'
Makefile:398: recipe for target 'src' failed
make[1]: *** [src] Error 2
make[1]: Leaving directory '/usr/local/tmp/emacs'
GNUmakefile:61: recipe for target 'default' failed
make: *** [default] Error 2

The responsible commit (according to git bisect) is:

commit b74db6347cf5cac1ebd4c604fd5691c588fd8e32
Author: Paul Eggert <eggert@cs.ucla.edu>
Date:   Tue Feb 24 16:34:13 2015 -0800

    Backtrace after malloc arena is corrupted
    
    Without this change, if the malloc arena is corrupted and then
    'backtrace' is called, the backtrace can crash because 'backtrace'
    calls 'malloc'.  For more, please see:
    https://sourceware.org/ml/libc-alpha/2015-02/msg00678.html
    * emacs.c (main): Initialize tables used by 'backtrace'.
    * sysdep.c (emacs_backtrace): Document the newly used part of the API.

:040000 040000 32e54ad6d01fa190110c2f5012cd411c357ed733 c5a043f2a37944a8c9b48b53ea6b2e2ea37eae2d M	src

This corresponds well with the location of the crash:

Program received signal SIGSEGV, Segmentation fault.
__GI___backtrace (array=0xbfffe758, size=0) at ../sysdeps/i386/backtrace.c:141
141	../sysdeps/i386/backtrace.c: No such file or directory.
(gdb) bt
#0  __GI___backtrace (array=0xbfffe758, size=0)
    at ../sysdeps/i386/backtrace.c:141
#1  0x08136f39 in emacs_backtrace (backtrace_limit=-1)
    at ../../emacs/src/sysdep.c:2177
#2  0x08059692 in main (argc=<optimized out>, argv=0xbffff084)
    at ../../emacs/src/emacs.c:887
(gdb) 

I also have
$ gcc --version
gcc (Ubuntu 4.9.1-16ubuntu6) 4.9.1
$ arch
i686
$ cat /proc/version
Linux version 3.11.0-17-generic (buildd@roseapple) (gcc version 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu8) ) #31-Ubuntu SMP Mon Feb 3 21:53:31 UTC 2014

-- 
David Kastrup

Re: Segfault in master

[Paul Eggert]

[-- Attachment #1: Type: text/plain, Size: 102 bytes --]

That looks like yet another glibc bug we need to work around.  Does the attached 
fix things for you?

[-- Attachment #2: bt.diff --]
[-- Type: text/x-patch, Size: 388 bytes --]

diff --git a/src/sysdep.c b/src/sysdep.c
index cb361ec..c524656 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -2174,7 +2174,7 @@ emacs_backtrace (int backtrace_limit)
   else
     {
       buffer = main_backtrace_buffer;
-      npointers = backtrace (buffer, bounded_limit + 1);
+      npointers = backtrace (buffer, bounded_limit + 1 + (bounded_limit < 0));
     }
 
   if (npointers)

Re: Segfault in master

[Colin Baxter]

Patch worked for me. Thanks David.

Re: Segfault in master

[Thomas Fitzsimmons]

Paul Eggert <eggert@cs.ucla.edu> writes:

> That looks like yet another glibc bug we need to work around.  Does
> the attached fix things for you?

This was filed as 19959:

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19959

Thomas

Re: Segfault in master

[Paul Eggert]

On 03/05/2015 01:31 AM, Colin Baxter wrote:
> Patch worked for me. Thanks David.
>
>

Thanks, I installed a (slightly different) patch as commit 
cbc9d8d4269f2cca7950060b5e37747b27dac1de and am marking Emacs Bug#19959 
as fixed.  I also filed a bug report with the glibc folks (glibc bug 18084).