* bug#50153: call-with-values outside tail position + backtrace + compilation causes segfault
@ 2021-08-21 18:13 Maxime Devos
[not found] ` <handler.50153.B.16295696024250.ack@debbugs.gnu.org>
0 siblings, 1 reply; 3+ messages in thread
From: Maxime Devos @ 2021-08-21 18:13 UTC (permalink / raw)
To: 50153
[-- Attachment #1: Type: text/plain, Size: 916 bytes --]
Hi guilers,
Write the following to "crash.scm":
> (call-with-values backtrace list)
> #t
(the trailing #t is important) and run
> # --auto-compile works too, but --no-auto-compile doesn't cause a crash
> guile --fresh-auto-compile -l crash.scm
it will segfault during the printing of the backtrace:
> Backtrace:
> In ice-9/boot-9.scm:
> 1752:10 8 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
> In unknown file:
> 7 (apply-smob/0 #<thunk 7f1390524080>)
> In ice-9/boot-9.scm:
> 724:2 6 (call-with-prompt _ _ #<procedure default-prompt-handler (k proc)>)
> In ice-9/eval.scm:
> 619:8 5 (_ #(#(#<directory (guile-user) 7f139052ac80>)))
> In ice-9/boot-9.scm:
> 2835:4 4 (save-module-excursion _)
> 4380:12 3 (_)
> In [...]/crash.scm:
> 36:0 2 (segfault)
> In unknown file:
> Segmentatiefout
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#39954: bug#50153: Acknowledgement (call-with-values outside tail position + backtrace + compilation causes segfault)
[not found] ` <handler.50153.B.16295696024250.ack@debbugs.gnu.org>
@ 2021-08-21 18:30 ` Maxime Devos
2021-08-21 20:17 ` Maxime Devos
1 sibling, 0 replies; 3+ messages in thread
From: Maxime Devos @ 2021-08-21 18:30 UTC (permalink / raw)
To: 50153, 39954
[-- Attachment #1: Type: text/plain, Size: 5396 bytes --]
This looks rather similar to 39954@debbugs.gnu.org,
looking at the backtrace from GDB, maybe the cause is the same?
Thread 1 "guile" received signal SIGSEGV, Segmentation fault.
0x00007ffff7f40f3f in scm_is_values (x=<optimized out>) at values.h:30
30 return SCM_HAS_TYP7 (x, scm_tc7_values);
(gdb) bt
#0 0x00007ffff7f40f3f in scm_is_values (x=<optimized out>) at values.h:30
#1 vm_debug_engine (thread=0x7ffff744cd80) at vm-engine.c:974
#2 0x00007ffff7f45c2d in scm_call_n (proc=0x7ffff49612a0, argv=argv@entry=0x7fffffffc080,
nargs=nargs@entry=4) at vm.c:1608
#3 0x00007ffff7ec1234 in scm_call_4 (proc=<optimized out>, arg1=arg1@entry=0x7ffff35162d0,
arg2=arg2@entry=0x7ffff5ad4600, arg3=arg3@entry=0x7ffff495a0b0, arg4=arg4@entry=0x52) at eval.c:517
#4 0x00007ffff7eb3815 in display_backtrace_body (a=<optimized out>) at backtrace.c:239
#5 0x00007ffff7ec29ea in scm_c_with_exception_handler (type=type@entry=0x404,
handler=handler@entry=0x7ffff7f3aed0 <catch_post_unwind_handler>,
handler_data=handler_data@entry=0x7fffffffc230, thunk=thunk@entry=0x7ffff7f3b010 <catch_body>,
thunk_data=thunk_data@entry=0x7fffffffc230) at exceptions.c:170
#6 0x00007ffff7f3b20d in scm_c_catch (tag=tag@entry=0x404,
body=body@entry=0x7ffff7eb36f0 <display_backtrace_body>, body_data=body_data@entry=0x7fffffffc2a0,
handler=handler@entry=0x7ffff7eb3b20 <error_during_backtrace>,
handler_data=handler_data@entry=0x7ffff5ad4600, pre_unwind_handler=pre_unwind_handler@entry=0x0,
pre_unwind_handler_data=0x0) at throw.c:168
#7 0x00007ffff7f3b22e in scm_internal_catch (tag=tag@entry=0x404,
body=body@entry=0x7ffff7eb36f0 <display_backtrace_body>, body_data=body_data@entry=0x7fffffffc2a0,
handler=handler@entry=0x7ffff7eb3b20 <error_during_backtrace>,
handler_data=handler_data@entry=0x7ffff5ad4600) at throw.c:177
#8 0x00007ffff7eb36e5 in scm_display_backtrace_with_highlights (stack=stack@entry=0x7ffff38604a0,
port=port@entry=0x7ffff5ad4600, first=first@entry=0x4, depth=depth@entry=0x4,
highlights=highlights@entry=0x304) at backtrace.c:277
#9 0x00007ffff7eb3970 in scm_backtrace_with_highlights (highlights=0x304) at backtrace.c:310
#10 0x00007ffff7f40f3b in vm_debug_engine (thread=0x7ffff744cd80) at vm-engine.c:972
#11 0x00007ffff7f45c2d in scm_call_n (proc=0x7ffff5a2e030, argv=argv@entry=0x7fffffffc498,
nargs=nargs@entry=1) at vm.c:1608
#12 0x00007ffff7ec2337 in scm_primitive_eval (exp=<optimized out>, exp@entry=0x7ffff5ba1a40)
at eval.c:671
#13 0x00007ffff7ec2393 in scm_eval (exp=0x7ffff5ba1a40,
module_or_state=module_or_state@entry=0x7ffff5b93c80) at eval.c:705
#14 0x00007ffff7f1b780 in scm_shell (argc=4, argv=0x7fffffffcb08) at script.c:357
#15 0x00007ffff7edb1bd in invoke_main_func (body_data=0x7fffffffc9a0) at init.c:313
#16 0x00007ffff7ebc06a in c_body (d=0x7fffffffc8e0) at continuations.c:430
#17 0x00007ffff7f447d8 in vm_regular_engine (thread=0x7ffff744cd80) at vm-engine.c:972
#18 0x00007ffff7f45c2d in scm_call_n (proc=0x7ffff5b088a0, argv=argv@entry=0x7fffffffc6a0,
nargs=nargs@entry=2) at vm.c:1608
#19 0x00007ffff7ec11da in scm_call_2 (proc=<optimized out>, arg1=<optimized out>, arg2=<optimized out>)
at eval.c:503
#20 0x00007ffff7ec29ea in scm_c_with_exception_handler (type=type@entry=0x404,
handler=handler@entry=0x7ffff7f3aed0 <catch_post_unwind_handler>,
handler_data=handler_data@entry=0x7fffffffc810, thunk=thunk@entry=0x7ffff7f3b010 <catch_body>,
thunk_data=thunk_data@entry=0x7fffffffc810) at exceptions.c:170
#21 0x00007ffff7f3b20d in scm_c_catch (tag=tag@entry=0x404, body=body@entry=0x7ffff7ebc060 <c_body>,
body_data=body_data@entry=0x7fffffffc8e0, handler=handler@entry=0x7ffff7ebc300 <c_handler>,
handler_data=handler_data@entry=0x7fffffffc8e0,
pre_unwind_handler=pre_unwind_handler@entry=0x7ffff7ebc160 <pre_unwind_handler>,
pre_unwind_handler_data=0x7ffff5ad45c0) at throw.c:168
#22 0x00007ffff7ebc603 in scm_i_with_continuation_barrier (body=body@entry=0x7ffff7ebc060 <c_body>,
body_data=body_data@entry=0x7fffffffc8e0, handler=handler@entry=0x7ffff7ebc300 <c_handler>,
handler_data=handler_data@entry=0x7fffffffc8e0,
pre_unwind_handler=pre_unwind_handler@entry=0x7ffff7ebc160 <pre_unwind_handler>,
--Type <RET> for more, q to quit, c to continue without paging--c
pre_unwind_handler_data=0x7ffff5ad45c0) at continuations.c:368
#23 0x00007ffff7ebc695 in scm_c_with_continuation_barrier (func=<optimized out>, data=<optimized out>) at continuations.c:464
#24 0x00007ffff7f39c9f in with_guile (base=0x7fffffffc948, data=0x7fffffffc970) at threads.c:645
#25 0x00007ffff7e16b48 in GC_call_with_stack_base () from /gnu/store/f6kngpp27585xh4564y9rvshqn8hph8v-libgc-8.0.4/lib/libgc.so.1
#26 0x00007ffff7f39fc8 in scm_i_with_guile (dynamic_state=<optimized out>, data=data@entry=0x7fffffffc970, func=func@entry=0x7ffff7edb1a0 <invoke_main_func>) at threads.c:688
#27 scm_with_guile (func=func@entry=0x7ffff7edb1a0 <invoke_main_func>, data=data@entry=0x7fffffffc9a0) at threads.c:694
#28 0x00007ffff7edb332 in scm_boot_guile (argc=argc@entry=4, argv=argv@entry=0x7fffffffcb08, main_func=main_func@entry=0x401230 <inner_main>, closure=closure@entry=0x0) at init.c:296
#29 0x00000000004010f6 in main (argc=4, argv=0x7fffffffcb08) at guile.c:94
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#39954: bug#50153: Acknowledgement (call-with-values outside tail position + backtrace + compilation causes segfault)
[not found] ` <handler.50153.B.16295696024250.ack@debbugs.gnu.org>
2021-08-21 18:30 ` bug#39954: bug#50153: Acknowledgement (call-with-values outside tail position + backtrace + compilation causes segfault) Maxime Devos
@ 2021-08-21 20:17 ` Maxime Devos
1 sibling, 0 replies; 3+ messages in thread
From: Maxime Devos @ 2021-08-21 20:17 UTC (permalink / raw)
To: 50153, 39954
[-- Attachment #1.1: Type: text/plain, Size: 822 bytes --]
I did some debugging on the C side, using 'rr':
LD_LIBRARY_PATH=.libs ../meta/uninstalled-env rr record ./.libs/guile --fresh-auto-compile -l ../crash.scm
it leads to a segfault, as expected. According to #39954, which looks
similar, 'frame-local-ref' returns (SCM)0x0. So I tried some reverse debugging:
rr replay guile-3
break scm_frame_local_ref
reverse-continue
reverse-continue
I noticed "repr" was STACK_ITEM_SCM, and item->as_scm was set to 0x07
(which is invalid). On another run, it was set to 0x09 (also invalid?).
I modified scm_frame_local_ref a bit so it ignores these 0x07 and 0x09
and treats them like SCM_EOF_VAL instead. That allows printing the backtrace,
though I don't see those #<eof> appearing in the output.
Would someone know what's going on here?
Greetings,
Maxime
[-- Attachment #1.2: printf.patch --]
[-- Type: text/x-patch, Size: 781 bytes --]
diff --git a/libguile/frames.c b/libguile/frames.c
index 0bb40579c..87afaec3d 100644
--- a/libguile/frames.c
+++ b/libguile/frames.c
@@ -41,6 +41,7 @@
#include "frames.h"
+#include <stdio.h>
SCM
scm_c_make_frame (enum scm_vm_frame_kind kind, const struct scm_frame *frame)
@@ -272,6 +273,11 @@ scm_frame_local_ref (SCM frame, SCM index, SCM representation)
switch (repr)
{
case STACK_ITEM_SCM:
+ fprintf(stderr, "i: %u SCM: %p\n", (unsigned) i, (void*)item->as_u64);
+ if (item->as_u64 == 0x07)
+ return SCM_EOF_VAL;
+ if (item->as_u64 == 0x09)
+ return SCM_EOF_VAL;
return item->as_scm;
case STACK_ITEM_F64:
return scm_from_double (item->as_f64);
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-21 20:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-21 18:13 bug#50153: call-with-values outside tail position + backtrace + compilation causes segfault Maxime Devos
[not found] ` <handler.50153.B.16295696024250.ack@debbugs.gnu.org>
2021-08-21 18:30 ` bug#39954: bug#50153: Acknowledgement (call-with-values outside tail position + backtrace + compilation causes segfault) Maxime Devos
2021-08-21 20:17 ` Maxime Devos
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).