From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Thomas Fitzsimmons Newsgroups: gmane.emacs.bugs Subject: bug#33174: 27.0.50; Dump fails on GNU/Linux ppc64le Date: Mon, 29 Oct 2018 22:44:16 -0400 Message-ID: References: <39df62a1-58fb-0e5c-88a6-3eaae4e865d4@cs.ucla.edu> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1540867026 4751 195.159.176.226 (30 Oct 2018 02:37:06 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 30 Oct 2018 02:37:06 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: 33174@debbugs.gnu.org To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Oct 30 03:37:02 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gHJtu-0001AN-7t for geb-bug-gnu-emacs@m.gmane.org; Tue, 30 Oct 2018 03:37:02 +0100 Original-Received: from localhost ([::1]:50373 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gHJw0-0001OS-MZ for geb-bug-gnu-emacs@m.gmane.org; Mon, 29 Oct 2018 22:39:12 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38857) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gHJvu-0001MQ-Hz for bug-gnu-emacs@gnu.org; Mon, 29 Oct 2018 22:39:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gHJvq-00042b-FA for bug-gnu-emacs@gnu.org; Mon, 29 Oct 2018 22:39:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:48417) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gHJvq-00042U-8T for bug-gnu-emacs@gnu.org; Mon, 29 Oct 2018 22:39:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gHJvq-0006EQ-63 for bug-gnu-emacs@gnu.org; Mon, 29 Oct 2018 22:39:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Thomas Fitzsimmons Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 30 Oct 2018 02:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33174 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 33174-submit@debbugs.gnu.org id=B33174.154086713023935 (code B ref 33174); Tue, 30 Oct 2018 02:39:02 +0000 Original-Received: (at 33174) by debbugs.gnu.org; 30 Oct 2018 02:38:50 +0000 Original-Received: from localhost ([127.0.0.1]:52675 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gHJvd-0006Dy-T7 for submit@debbugs.gnu.org; Mon, 29 Oct 2018 22:38:50 -0400 Original-Received: from mail-it1-f195.google.com ([209.85.166.195]:54691) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gHJvb-0006Di-IO for 33174@debbugs.gnu.org; Mon, 29 Oct 2018 22:38:48 -0400 Original-Received: by mail-it1-f195.google.com with SMTP id d6so6490388itl.4 for <33174@debbugs.gnu.org>; Mon, 29 Oct 2018 19:38:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fitzsim-org.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=6Y5uoDm1CCqEPMgDWptNrRCCBUqn9DlarWpNWNbZ2UA=; b=ZuqKicM/mStF3zvSijO4fsn2T96PcTgwnf/d2PYBjgaGofR6VRu8nlx3apSMvYm14S Kpe0JOxSBjQwYbm90rBokz6IIQ3HWw28iePbHifmW0YSbM8loKWzIMysqtnKyjSQENAM uKZ6eO4V6v/L+WD8mV4kX8GRqs2yKMZa3hzcKTWl9OmebR1JFy267HEu26LuBlaT1r2v gMWC20qSwoqb8QkPgRgJ45EmVvFr4NBQaRSaNiWx2Ivce561iiYc4HfcCkwMeg5003Ur 1SSrtKekl8LYsgw3ERMFbHoackGAtszrEyCagLMIN3KXHu/iYbOqtDF2zAOqVB1Dk8h4 J2Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=6Y5uoDm1CCqEPMgDWptNrRCCBUqn9DlarWpNWNbZ2UA=; b=ijxV1ITiGA9MDoIq2VdQuXBjWvTs1DAA8xQZlE99qlR78wgu6lbSTH+0xARGKznhGY 076958qEUxUou0GnHYhJRv2MhWd6HYCm4pJgwuF/ZAwjAcN7mvJiETDVKA6vyAWhFssg BurtyonLAm462L4EsBn1uagB0qq9sw7TiMLfrg3pMepnKFP1pw3hPmekpNj/Wqq0oqZz Ps5pzzQowyCAoMRKyIbO/JLijm+J1AHzoRtYCR27uEOqlVLX8YyijRT835f+IIQYYGTJ 6473m6jFQuIjccVEzAkN0RS41b4mhP5VJlHMh88jqdSFqwz/V1GNwugLtuStzWxY96Ae z72g== X-Gm-Message-State: AGRZ1gIsz2tp6bKPeNYHgWyg61SGrV2dgdwlXulIe7mhHyIOYPP5+U/c ihqpLtwLp9mofoFxFoNAV4bzq6jPSni/jxag X-Google-Smtp-Source: AJdET5fn+31QdCAxJTA4DLhSFbnT1p9qACOlUYDL+YrypBpvi6SmccZLsi20fYvsrGUjJo+elCoSZw== X-Received: by 2002:a02:3b2c:: with SMTP id c44-v6mr12427960jaa.31.1540867121232; Mon, 29 Oct 2018 19:38:41 -0700 (PDT) Original-Received: from localhost.localdomain (69-165-165-189.dsl.teksavvy.com. [69.165.165.189]) by smtp.gmail.com with ESMTPSA id v15sm5979172itk.12.2018.10.29.19.38.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Oct 2018 19:38:40 -0700 (PDT) In-Reply-To: <39df62a1-58fb-0e5c-88a6-3eaae4e865d4@cs.ucla.edu> (Paul Eggert's message of "Mon, 29 Oct 2018 00:22:15 -0700") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:151801 Archived-At: Paul Eggert writes: > Thomas Fitzsimmons wrote: >> Paul Eggert writes: >> >>> Wonderful. Yet another reason we need to get the pdumper branch working. Anyway: >>> >>> 1. Can you use strace and/or GDB to investigate how ./temacs is >>> disabling address randomization? In the emacs-26 branch, if you run >>> this command in src: >>> >>> strace -f -o /tmp/tr ./temacs --batch --load loadup bootstrap >>> >>> the output file /tmp/tr should contain something like this: >>> >>> 18406 personality(0xffffffff) = 0 (PER_LINUX) >>> 18406 personality(PER_LINUX|ADDR_NO_RANDOMIZE) = 0 (PER_LINUX) >>> 18406 personality(0xffffffff) = 0x40000 (PER_LINUX|ADDR_NO_RANDOMIZE) >> >> I see the above personality calls exactly as you've shown them. >> >> strace never gets to the next execve; the crash happens before the next >> execve is run, see below. >> >>> 18406 execve("./temacs", ["./temacs", "--batch", "--load", "loadup", >>> "bootstrap"], 0xc521b0 /* 80 vars */) = 0 > > So there are no more system calls after personality(0xffffffff)? That > is, the crash happens immediately before any other system calls? There are many more syscalls before the crash. 58215 personality(0xffffffff) = 0 (PER_LINUX) 58215 personality(PER_LINUX|ADDR_NO_RANDOMIZE) = 0 (PER_LINUX) 58215 personality(0xffffffff) = 0x40000 (PER_LINUX|ADDR_NO_RANDOMIZE) 58215 brk(NULL) = 0x27070000 58215 dup2(0, 0) = 0 58215 dup2(1, 1) = 1 58215 dup2(2, 2) = 2 58215 ugetrlimit(RLIMIT_STACK, {rlim_cur=9792*1024, rlim_max=RLIM64_INFINITY}) = 0 58215 open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 58215 fstat(3, {st_mode=S_IFREG|0644, st_size=1679776, ...}) = 0 58215 mmap(NULL, 1679776, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fffb6ed0000 58215 close(3) = 0 58215 open("/usr/lib/powerpc64le-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 3 58215 fstat(3, {st_mode=S_IFREG|0644, st_size=26264, ...}) = 0 58215 mmap(NULL, 26264, PROT_READ, MAP_SHARED, 3, 0) = 0x7fffbbd00000 58215 close(3) = 0 58215 futex(0x7fffba001ab8, FUTEX_WAKE_PRIVATE, 2147483647) = 0 58215 timerfd_create(CLOCK_REALTIME, TFD_CLOEXEC|TFD_NONBLOCK) = 3 58215 rt_sigaction(SIGALRM, {sa_handler=0x10209280, sa_mask=[ALRM CHLD PROF WINCH], sa_flags=SA_RESTART}, NULL, 8) = 0 58215 open("/dev/urandom", O_RDONLY|O_CLOEXEC) = 4 58215 read(4, "\315\276O\225", 4) = 4 58215 close(4) = 0 [...] > What does 'strace' say about the crash? [...] 58215 write(2, "Dumping under the name emacs", 28) = 28 58215 write(2, "\n", 1) = 1 58215 stat("/a/b/c/emacs/src/emacs", {st_mode=S_IFREG|0755, st_size=57908416, ...}) = 0 58215 unlink("/a/b/c/emacs/src/emacs") = 0 58215 write(2, "********************************"..., 51) = 51 58215 write(2, "Warning: Your system has a gap b"..., 51) = 51 58215 write(2, "heap (346093672 bytes). This us"..., 61) = 61 58215 write(2, "or something similar is in effec"..., 49) = 49 58215 write(2, "fail because of this. See the s"..., 45) = 45 58215 write(2, "exec-shield in etc/PROBLEMS for "..., 50) = 50 58215 write(2, "********************************"..., 51) = 51 58215 write(2, "22440720 of 33554432 static heap"..., 43) = 43 58215 write(2, "\n", 1) = 1 58215 open("/a/b/c/emacs/src/temacs", O_RDONLY|O_CLOEXEC) = 5 58215 fstat(5, {st_mode=S_IFREG|0755, st_size=23687896, ...}) = 0 58215 mmap(NULL, 23687896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffb3980000 58215 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0\25\0\1\0\0\0,\207\1\20\0\0\0\0"..., 23687896) = 23687896 58215 open("/a/b/c/emacs/src/emacs", O_RDWR|O_CREAT|O_CLOEXEC, 0777) = 6 58215 ftruncate(6, 403938496) = 0 58215 mmap(NULL, 403938496, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fff9b840000 58215 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x12670000} --- 58215 +++ killed by SIGSEGV +++ I could attach the whole strace output but it's pretty big. > For me, the execve is the first syscall after the > 'personality(0xffffffff) = 0x40000'. If you're seeing some other > syscall there (or are seeing a crash), please investigate why, > presumably with GDB. It seems like it's crashing when trying to memcpy over the BSS area, on this line in unexelf.c (see below): /* Copy over what we have in memory now for the bss area. */ memcpy (new_base + new_data2_offset, (caddr_t) old_bss_addr, bss_size_growth); >> When I run the command under gdb, it succeeds, so I had to enable core >> dumps to get the backtrace: > > Core dumps won't help us much I'm afraid. Instead, when debugging > ./temacs, please use the GDB command "set disable-randomization off" > before issuing the GDB command "run --batch --load loadup bootstrap". (memcpy.S below might not be quite the right version; the Debian libc6-dbg 2.24 package doesn't seem to have that file, so I pointed gdb to a copy within a glibc 2.24 git checkout instead.) [...] Dumping under the name emacs ************************************************** Warning: Your system has a gap between BSS and the heap (652277864 bytes). This usually means that exec-shield or something similar is in effect. The dump may fail because of this. See the section about exec-shield in etc/PROBLEMS for more information. ************************************************** 22440720 of 33554432 static heap bytes used Program received signal SIGSEGV, Segmentation fault. __memcpy_power7 () at ../sysdeps/powerpc/powerpc64/power7/memcpy.S:111 warning: Source file is more recent than executable. 111 lxvd2x 8,src,7 (gdb) thread apply all bt Thread 1 (Thread 0x7fffb0f47be0 (LWP 23958)): #0 __memcpy_power7 () at ../sysdeps/powerpc/powerpc64/power7/memcpy.S:111 #1 0x00000000101ec178 in memcpy (__len=686434792, __src=, __dest=) at /usr/include/powerpc64le-linux-gnu/bits/string3.h:53 #2 unexec (new_name=0x11b934f8 "/a/b/c/emacs/src/emacs", old_name=0x11b93528 "/a/b/c/emacs/src/temacs") at unexelf.c:410 #3 0x0000000010110bec in Fdump_emacs (filename=XIL(0x11b945a4), symfile=XIL(0x11b94584)) at emacs.c:2224 #4 0x00000000101a7cb8 in eval_sub (form=...) at eval.c:2244 #5 0x00000000101a8194 in Fprogn (body=XIL(0x107656d3)) at eval.c:459 #6 0x00000000101a7d6c in eval_sub (form=...) at eval.c:2193 #7 0x00000000101ab8bc in Fif (args=...) at eval.c:414 #8 0x00000000101a7d6c in eval_sub (form=...) at eval.c:2193 #9 0x00000000101d8a98 in readevalloop (readcharfun=XIL(0x68d0), infile0=0x7fffffa503a0, sourcename=XIL(0x10721684), printflag=false, unibyte=..., readfun=XIL(0), start=XIL(0), end=XIL(0)) at lread.c:2048 #10 0x00000000101d90bc in Fload (file=XIL(0x10721584), noerror=..., nomessage=XIL(0), nosuffix=..., must_suffix=...) at lread.c:1435 #11 0x00000000101a7c34 in eval_sub (form=...) at eval.c:2255 #12 0x00000000101acd18 in Feval (form=XIL(0x10727f03), lexical=...) at eval.c:2061 #13 0x00000000101188f8 in top_level_2 () at keyboard.c:1119 #14 0x00000000101a6410 in internal_condition_case (bfun=0x101188d0 , handlers=..., hfun=0x1011f030 ) at eval.c:1336 #15 0x00000000101188a8 in top_level_1 (ignore=...) at keyboard.c:1127 #16 0x00000000101a6364 in internal_catch (tag=..., func=0x10118800 , arg=XIL(0)) at eval.c:1101 #17 0x000000001011873c in command_loop () at keyboard.c:1088 #18 0x000000001011e89c in recursive_edit_1 () at keyboard.c:695 #19 0x000000001011eeb4 in Frecursive_edit () at keyboard.c:766 #20 0x0000000010017804 in main (argc=, argv=0x7fffffa50d58) at emacs.c:1717 Lisp Backtrace: "dump-emacs" (0xffa4fee0) "progn" (0xffa50060) "if" (0xffa501a0) "load" (0xffa505a0) BTW, let me know if you don't think it's useful to debug this further. I'm OK just disabling randomization when I build Emacs for the time being and waiting until the portable dumper work lands, but I'm happy to continue if you think it will lead to a general fix. Thanks, Thomas