From unknown Tue Aug 19 03:05:13 2025 X-Loop: help-debbugs@gnu.org Subject: bug#63279: Segfault when printing a call-with-values stack frame in backtrace Resent-From: "Thompson, David" Original-Sender: "Debbugs-submit" Resent-CC: bug-guile@gnu.org Resent-Date: Thu, 04 May 2023 16:30:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 63279 X-GNU-PR-Package: guile X-GNU-PR-Keywords: To: 63279@debbugs.gnu.org X-Debbugs-Original-To: bug-guile@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16832177973831 (code B ref -1); Thu, 04 May 2023 16:30:03 +0000 Received: (at submit) by debbugs.gnu.org; 4 May 2023 16:29:57 +0000 Received: from localhost ([127.0.0.1]:51935 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pubq9-0000zj-4n for submit@debbugs.gnu.org; Thu, 04 May 2023 12:29:57 -0400 Received: from lists.gnu.org ([209.51.188.17]:39644) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pubq7-0000zZ-Dn for submit@debbugs.gnu.org; Thu, 04 May 2023 12:29:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pubq7-0001F9-0c for bug-guile@gnu.org; Thu, 04 May 2023 12:29:55 -0400 Received: from mail-qt1-x836.google.com ([2607:f8b0:4864:20::836]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pubq5-0008Jx-3E for bug-guile@gnu.org; Thu, 04 May 2023 12:29:54 -0400 Received: by mail-qt1-x836.google.com with SMTP id d75a77b69052e-3f1f1a7ecb7so5024871cf.1 for ; Thu, 04 May 2023 09:29:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20221208.gappssmtp.com; s=20221208; t=1683217791; x=1685809791; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=aM81ht5cz9geZ79taULxbtcuH4kSWTreZnmlm+njcwQ=; b=d9KmG2HwDAjJCis/U5xGRKS6xOxBGTsRLeYFtdXoAzHc6N+dOwFgi2tO7mZ6rSq52N DcFvS7pPIxFeRnZOYteq/VQBs8vA30/ccLLlf8SIrPohOsQrIsm5H/5Rc9Z6HfIZmS/K 77vHdn8i3QV0txGjzFqCYgk9mPqwKXYEPlvfpLjHhbMaEXa4sGpcwH1EiUfZVPIIHXD9 PL8pBOLbagg2gq8bC24OLtRGEyTb71xM/ZtMwQNwsEx6syq8G/22GpNkzfEmBOtjIw/C xv8cBwE4LyN3IxFd9lmII+GZTq1cvXx+vQmtsioQemZDoo9STJYkYJuSeFhWYJBkNvIO SQng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683217791; x=1685809791; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=aM81ht5cz9geZ79taULxbtcuH4kSWTreZnmlm+njcwQ=; b=chRjIftMJ9kl1wE9K0svUTfCawpaOhpTSkD30UgjbzUUh4cy1TvbfLPE4SXtVNyXEq pCddW0vlnta9NLF+YD67pbPbYBVCdFzEkPXy5Qlz0Lphc8zsE4j4G8Qz7oJScWKCx2gD bg3u47+8Pj4ZzH1H5JzPwcZIMPIicoW8O2H4ra6lCjP2imrh9hiECFkRRpcJSsUZJ4ce tJQQRASjWPvw0LqXU9pN/e1nKm9+scfzHwJ6cX1TZd6NnTMUwutM5ThecyRW1G1O7qc2 f/OPm3raBuwOzSaQiWQUcWp5RGmlnMCT9HmcQM56D5iTXHoq+PK7IZlZZoL9gNVY4cu9 1dsQ== X-Gm-Message-State: AC+VfDy1YNgsZWkkxXN/VhdmbPVnZFtRjut2IL3Eem8DJJnKlxvJtT20 HrXhAwsCt4hdbGVAFy8CTYpIuZKHQ2spMiDVLcc0+VI/RMnttGzMiVg= X-Google-Smtp-Source: ACHHUZ5uDCcgZYzKO7tHMNRbHtIUs9Jnd7LZlwVQbigeNfp03UjpBo3ymqBuPqjLM6+BCYpQ9AxcklIMnQoILjS0Qss= X-Received: by 2002:ac8:5e0d:0:b0:3ef:6353:2c58 with SMTP id h13-20020ac85e0d000000b003ef63532c58mr6588033qtx.21.1683217791319; Thu, 04 May 2023 09:29:51 -0700 (PDT) MIME-Version: 1.0 From: "Thompson, David" Date: Thu, 4 May 2023 12:29:40 -0400 Message-ID: Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2607:f8b0:4864:20::836; envelope-from=dthompson2@worcester.edu; helo=mail-qt1-x836.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Hello there, Guile seems to segfault when trying to print certain backtraces with a 'call-with-values' stack frame. Here's a minimal reproducer program: (symbol? (call-with-values (lambda () (error 'oh-no)) list)) If you eval this at the REPL and enter ,bt in the debugger, Guile should segfault. Relevant gdb backtrace: #0 0x00007ffff7f43397 in scm_is_values (x=0x0) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/values.h:30 #1 vm_regular_engine (thread=0x7ffff7401900) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/vm-engine.c:974 #2 0x00007ffff7f50db5 in scm_call_n (proc=, argv=, nargs=4) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/vm.c:1615 #3 0x00007ffff7ebb674 in scm_call_4 (proc=, arg1=, arg2=, arg3=, arg4=) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/eval.c:517 #4 0x00007ffff7eb801b in display_backtrace_body (a=0x7fffed68e6a0) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/backtrace.c:239 #5 0x00007ffff7f62092 in scm_c_with_exception_handler.constprop.0 (type=#t, handler_data=handler_data@entry=0x7fffed68e630, thunk_data=thunk_data@entry=0x7fffed68e630, thunk=, handler=) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/exceptions.c:170 >From what I can tell, in vm-engine.c, in the subr-call op, 'scm_apply_subr (sp, idx, FRAME_LOCALS_COUNT ())' is called and returns an SCM object, which is stored in the local variable 'ret'. Then 'scm_is_values (ret)' is called, and the segfault occurs due to a null pointer dereference. At the time of the segfault, 'idx' is 1130, corresponding to the 'frame-local-ref' subr. Makes sense since it's the backtrace printer that crashes Guile. It seems that the data stored in the stack frames for 'call-with-values' calls is incorrect and the backtrace printer wants to display 3 arguments for the call when the procedure only accepts 2 arguments. This can be clearly seen by running another small program that happens to not segfault: (call-with-values (lambda () (error 'oh-no)) list) Check out the backtrace and you'll see a frame like this: (_ #:8:18 ()> # 1) The first 2 arguments are as expected, but why is there a 1 at the end? For another example that doesn't crash but has an even more clearly messed up backtrace, try this: (append '(a b c) (call-with-values (lambda () (error 'oh-no)) list)) You'll see a frame like this: (_ #:10:35 ()> # . #) At Spritely we've reproduced this issue on multiple machines with both Guile 3.0.7 and 3.0.9. - Dave From unknown Tue Aug 19 03:05:13 2025 X-Loop: help-debbugs@gnu.org Subject: bug#63279: Segfault when printing a call-with-values stack frame in backtrace References: In-Reply-To: Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guile@gnu.org Resent-Date: Sun, 07 May 2023 15:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63279 X-GNU-PR-Package: guile X-GNU-PR-Keywords: To: 63279@debbugs.gnu.org, "Thompson, David" Received: via spool by 63279-submit@debbugs.gnu.org id=B63279.168347201432387 (code B ref 63279); Sun, 07 May 2023 15:07:01 +0000 Received: (at 63279) by debbugs.gnu.org; 7 May 2023 15:06:54 +0000 Received: from localhost ([127.0.0.1]:38166 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pvfyP-0008QJ-Vv for submit@debbugs.gnu.org; Sun, 07 May 2023 11:06:54 -0400 Received: from andre.telenet-ops.be ([195.130.132.53]:41854) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pvfyM-0008Q8-Uc for 63279@debbugs.gnu.org; Sun, 07 May 2023 11:06:51 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by andre.telenet-ops.be with bizsmtp id tr6p2900220ykKC01r6pY5; Sun, 07 May 2023 17:06:49 +0200 Message-ID: <13edc1f3-7dfa-81cc-43a3-75e60cf9bf54@telenet.be> Date: Sun, 7 May 2023 17:06:48 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Content-Language: en-US From: Maxime Devos Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------7PZbriWEYWJMD0XadNb0NFnd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r23; t=1683472009; bh=GoiENEOfT44mJZggRQYn6uD6yCcoUZaQTp3QG90f1CI=; h=Date:To:From:Subject; b=IKmMjcVZkdhsdI6GubhHgbE+3wmQ7D25dYgfwQuOf3vpxyxY9sRAnAcfTqq+L/VBh DPdcN3Q6lWjJBREyZ70FRZSLy4oDtz1k0neKKu4T93SJ7n3d0fg4C8Cc/LRPBhCr3q /QceuNEBPu3WolSA0TVgrQJVJaJ4qD164DQ2GL1hrvzeJ6n0QOgnja7w0c++33pMT3 NWRWngwE4n3zyyT/9Pbyy60iPTWcSpnmYT5egTp17yDO2G3NnLz738307oupcGluJY vYsMirWSEyAw6RzrSbXF7Tab9CEynPOe+upvPy2RCIFC1CcyMpE9ewnb8KjbWNA44u R8NIs8KvDbArw== X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------7PZbriWEYWJMD0XadNb0NFnd Content-Type: multipart/mixed; boundary="------------093WIKA93EgB1F3q6NaCNnDs"; protected-headers="v1" From: Maxime Devos To: 63279@debbugs.gnu.org, "Thompson, David" Message-ID: <13edc1f3-7dfa-81cc-43a3-75e60cf9bf54@telenet.be> Subject: Re: Segfault when printing a call-with-values stack frame in backtrace --------------093WIKA93EgB1F3q6NaCNnDs Content-Type: multipart/mixed; boundary="------------DiX0H8KXTJEQ0Nk0e8QMOHhw" --------------DiX0H8KXTJEQ0Nk0e8QMOHhw Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 PiBIZWxsbyB0aGVyZSwNCj4gDQo+IEd1aWxlIHNlZW1zIHRvIHNlZ2ZhdWx0IHdoZW4gdHJ5 aW5nIHRvIHByaW50IGNlcnRhaW4gYmFja3RyYWNlcyB3aXRoIGENCj4gJ2NhbGwtd2l0aC12 YWx1ZXMnIHN0YWNrIGZyYW1lLiAgSGVyZSdzIGEgbWluaW1hbCByZXByb2R1Y2VyIHByb2dy YW06DQo+IA0KPiAoc3ltYm9sPyAoY2FsbC13aXRoLXZhbHVlcyAobGFtYmRhICgpIChlcnJv ciAnb2gtbm8pKSBsaXN0KSkNCg0KDQpIZXJlIGlzIGEgbW9yZSBtaW5pbWFsIHJlcHJvZHVj ZXIsIGZyb20NCjxodHRwczovL2RlYmJ1Z3MuZ251Lm9yZy9jZ2kvYnVncmVwb3J0LmNnaT9i dWc9NTAxNTM+Og0KDQo+IFdyaXRlIHRoZSBmb2xsb3dpbmcgdG8gImNyYXNoLnNjbSI6DQo+ IA0KPj4gKGNhbGwtd2l0aC12YWx1ZXMgYmFja3RyYWNlIGxpc3QpDQo+PiAjdA0KPiANCj4g KHRoZSB0cmFpbGluZyAjdCBpcyBpbXBvcnRhbnQpIGFuZCBydW4NCj4gDQo+PiAjIC0tYXV0 by1jb21waWxlIHdvcmtzIHRvbywgYnV0IC0tbm8tYXV0by1jb21waWxlIGRvZXNuJ3QgY2F1 c2UgYSBjcmFzaA0KPj4gZ3VpbGUgLS1mcmVzaC1hdXRvLWNvbXBpbGUgLWwgY3Jhc2guc2Nt DQoNCihpLmUuLCBpdCBkb2Vzbid0IHNlZW0gdG8gYmUgYSBidWcgaW4gdGhlIGV4Y2VwdGlv biBtZWNoYW5pc20sIGl0c2VsZiANCnJhdGhlciBpdCBzZWVtcyBhIGJ1ZyBpbiBzb21ldGhp bmcgX3VzZWRfIGJ5IHRoZSBleGNlcHRpb24gbWVjaGFuaXNtLikNCg0KSSBkb24ndCBrbm93 IGlmIGl0IGhhcyBleGFjdGx5IHRoZSBzYW1lIGNhdXNlLCBidXQgaXQgbG9va3MgZmFtaWxp YXIuDQoNCkZvciBzb21lIG90aGVyIGJhY2t0cmFjZSBzdXNwaWNpb3VzbmVzcywgc2VlIA0K PGh0dHBzOi8vZGViYnVncy5nbnUub3JnL2NnaS9idWdyZXBvcnQuY2dpP2J1Zz00ODQyMj4s IHRob3VnaCBwb3NzaWJseSANCnRoYXQgaXNzdWUgaGFzIGEgZGlmZmVyZW50IGNhdXNlLg0K DQpCZWNhdXNlIG9mIHRoZSDigJhJdCBzZWVtcyB0aGF0IHRoZSBkYXRhIHN0b3JlZCBpbiB0 aGUgc3RhY2sgZnJhbWVzIGZvcg0KJ2NhbGwtd2l0aC12YWx1ZXMnIGNhbGxzIGlzIGluY29y cmVjdCBbLi4uXeKAmSBpdCBzZWVtcyBwbGF1c2libGUgDQpzb21ldGhpbmcgc2ltaWxhciBp cyBnb2luZyBvbiBpbiANCjxodHRwczovL2RlYmJ1Z3MuZ251Lm9yZy9jZ2kvYnVncmVwb3J0 LmNnaT9idWc9NDYyMzI+LCB0aG91Z2ggcG9zc2libHkgDQp0aGF0IGlzIHVucmVsYXRlZC4N Cg0KR3JlZWl0bmdzLA0KTWF4aW1lLg0K --------------DiX0H8KXTJEQ0Nk0e8QMOHhw Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------DiX0H8KXTJEQ0Nk0e8QMOHhw-- --------------093WIKA93EgB1F3q6NaCNnDs-- --------------7PZbriWEYWJMD0XadNb0NFnd Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCZFe+iAUDAAAAAAAKCRBJ4+4iGRcl7gr2 AQC/uFyKvKLjsRvGKrNNvCpZUeiL8rdXMWqZXML5lZtGcQD9F67xx0ZOK3fw7T+GvYX6dwj0hbHH D+ze4HYQZP8mFw0= =M8Rw -----END PGP SIGNATURE----- --------------7PZbriWEYWJMD0XadNb0NFnd-- From unknown Tue Aug 19 03:05:13 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: "Thompson, David" Subject: bug#63279: closed (Segfault when printing a call-with-values stack frame in backtrace) Message-ID: References: X-Gnu-PR-Message: they-closed 63279 X-Gnu-PR-Package: guile Reply-To: 63279@debbugs.gnu.org Date: Mon, 08 May 2023 14:16:01 +0000 Content-Type: multipart/mixed; boundary="----------=_1683555361-3744-1" This is a multi-part message in MIME format... ------------=_1683555361-3744-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #63279: Segfault when printing a call-with-values stack frame in backtrace which was filed against the guile package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 63279@debbugs.gnu.org. --=20 63279: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D63279 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1683555361-3744-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 63279-done) by debbugs.gnu.org; 8 May 2023 14:15:27 +0000 Received: from localhost ([127.0.0.1]:41262 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pw1eB-0008Fs-DU for submit@debbugs.gnu.org; Mon, 08 May 2023 10:15:27 -0400 Received: from mail-qk1-f174.google.com ([209.85.222.174]:52459) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pw1e5-0007hk-De for 63279-done@debbugs.gnu.org; Mon, 08 May 2023 10:15:25 -0400 Received: by mail-qk1-f174.google.com with SMTP id af79cd13be357-74e4f839ae4so224878585a.0 for <63279-done@debbugs.gnu.org>; Mon, 08 May 2023 07:15:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20221208.gappssmtp.com; s=20221208; t=1683555315; x=1686147315; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=uP0RuFAlMay+CPqDREaA9udkYsk3Qwsh4l2Y2hbtp34=; b=oEZrNeV/gQugvhxO/1f52rkShbAw67ez/4L1geb0TDEBIQ0a0bst5rS2hy0codM9q/ gGlr+nWh6fFFSv4UoF3SniS8yH1jNBFDDFRomCc9o+AOUbg9mH4jBW3dBpYjCP/NQdCI KJJzipomDVXjDfolcGRPK1FCXrO0TSucIrH/mzvPK9q6MT0oTmyJwssl7oW9qaUSXhkW wQ9cd/cXXOvZ5bQ3jkE8RxzEqMCm18VBEDbO6d3wmcD+uMotG8QjxgutjdiqCPIg9thD w4bKvR3JCf3wXbrS4Su8im3hcwYUJgCLeO8einEqbofi8LD/KfHUtwv5pY36q0KfKIxX 5/Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683555315; x=1686147315; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=uP0RuFAlMay+CPqDREaA9udkYsk3Qwsh4l2Y2hbtp34=; b=Gv1r4xvytyXEtiLZbdDeU0utPDMZRrnBLGLfbrE2vx6BN2yqbJkTe0CpJIRAz5p3+M 9jL2K59VR/iBYyP/rXwlRCfW7/dNnVp1by2MEFkKg19wys10/yR07hK+IEAcK+IKjJjP FgPjAF+Xq7cz93WSJqkSKUZ0tSf1meAc8ZtNoERYus0B53rDvp4nGxIfX8N+nvWuwm1i +iwD4A811/dxjjeFsr10ECBnmYMDfg6zKnSciV0NKaeeTEsg3ydtaezdHPx5CBh5BeFB oylLKpxI3WmFrS0lBHn7+Iy1suAPvWrAycsAQtFLnGKPqGOVslfXP5/LlJznGMJiC5zd k4MQ== X-Gm-Message-State: AC+VfDzVpyeFqmh27XRuKBAR08oBaZQi0r2ka4UZnwuNZihue1no9jhZ UxChm/bIUtu7CUl9sNSeTU0wChyJB4IyyRlKbj693Qkk3HYz9advTPY= X-Google-Smtp-Source: ACHHUZ6gmS+60zsX3HjC1kWwxSlm0D8jG5T8LupFean4wpyuEEqMrTKPIjByQbRBuN9sjtzR/uR8VVE7x/RvWJOPH84= X-Received: by 2002:a05:622a:1703:b0:3f3:8ac9:997a with SMTP id h3-20020a05622a170300b003f38ac9997amr6734855qtk.59.1683555315251; Mon, 08 May 2023 07:15:15 -0700 (PDT) MIME-Version: 1.0 From: "Thompson, David" Date: Mon, 8 May 2023 10:15:04 -0400 Message-ID: Subject: Segfault when printing a call-with-values stack frame in backtrace To: 63279-done@debbugs.gnu.org Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 63279-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Andy fixed this in commit 6efc0b8159f0fc74c0eafec988fe5434fb4d9f51. Thank you, Andy! Closing. - Dave ------------=_1683555361-3744-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 4 May 2023 16:29:57 +0000 Received: from localhost ([127.0.0.1]:51935 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pubq9-0000zj-4n for submit@debbugs.gnu.org; Thu, 04 May 2023 12:29:57 -0400 Received: from lists.gnu.org ([209.51.188.17]:39644) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pubq7-0000zZ-Dn for submit@debbugs.gnu.org; Thu, 04 May 2023 12:29:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pubq7-0001F9-0c for bug-guile@gnu.org; Thu, 04 May 2023 12:29:55 -0400 Received: from mail-qt1-x836.google.com ([2607:f8b0:4864:20::836]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pubq5-0008Jx-3E for bug-guile@gnu.org; Thu, 04 May 2023 12:29:54 -0400 Received: by mail-qt1-x836.google.com with SMTP id d75a77b69052e-3f1f1a7ecb7so5024871cf.1 for ; Thu, 04 May 2023 09:29:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20221208.gappssmtp.com; s=20221208; t=1683217791; x=1685809791; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=aM81ht5cz9geZ79taULxbtcuH4kSWTreZnmlm+njcwQ=; b=d9KmG2HwDAjJCis/U5xGRKS6xOxBGTsRLeYFtdXoAzHc6N+dOwFgi2tO7mZ6rSq52N DcFvS7pPIxFeRnZOYteq/VQBs8vA30/ccLLlf8SIrPohOsQrIsm5H/5Rc9Z6HfIZmS/K 77vHdn8i3QV0txGjzFqCYgk9mPqwKXYEPlvfpLjHhbMaEXa4sGpcwH1EiUfZVPIIHXD9 PL8pBOLbagg2gq8bC24OLtRGEyTb71xM/ZtMwQNwsEx6syq8G/22GpNkzfEmBOtjIw/C xv8cBwE4LyN3IxFd9lmII+GZTq1cvXx+vQmtsioQemZDoo9STJYkYJuSeFhWYJBkNvIO SQng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683217791; x=1685809791; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=aM81ht5cz9geZ79taULxbtcuH4kSWTreZnmlm+njcwQ=; b=chRjIftMJ9kl1wE9K0svUTfCawpaOhpTSkD30UgjbzUUh4cy1TvbfLPE4SXtVNyXEq pCddW0vlnta9NLF+YD67pbPbYBVCdFzEkPXy5Qlz0Lphc8zsE4j4G8Qz7oJScWKCx2gD bg3u47+8Pj4ZzH1H5JzPwcZIMPIicoW8O2H4ra6lCjP2imrh9hiECFkRRpcJSsUZJ4ce tJQQRASjWPvw0LqXU9pN/e1nKm9+scfzHwJ6cX1TZd6NnTMUwutM5ThecyRW1G1O7qc2 f/OPm3raBuwOzSaQiWQUcWp5RGmlnMCT9HmcQM56D5iTXHoq+PK7IZlZZoL9gNVY4cu9 1dsQ== X-Gm-Message-State: AC+VfDy1YNgsZWkkxXN/VhdmbPVnZFtRjut2IL3Eem8DJJnKlxvJtT20 HrXhAwsCt4hdbGVAFy8CTYpIuZKHQ2spMiDVLcc0+VI/RMnttGzMiVg= X-Google-Smtp-Source: ACHHUZ5uDCcgZYzKO7tHMNRbHtIUs9Jnd7LZlwVQbigeNfp03UjpBo3ymqBuPqjLM6+BCYpQ9AxcklIMnQoILjS0Qss= X-Received: by 2002:ac8:5e0d:0:b0:3ef:6353:2c58 with SMTP id h13-20020ac85e0d000000b003ef63532c58mr6588033qtx.21.1683217791319; Thu, 04 May 2023 09:29:51 -0700 (PDT) MIME-Version: 1.0 From: "Thompson, David" Date: Thu, 4 May 2023 12:29:40 -0400 Message-ID: Subject: Segfault when printing a call-with-values stack frame in backtrace To: bug-guile@gnu.org Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2607:f8b0:4864:20::836; envelope-from=dthompson2@worcester.edu; helo=mail-qt1-x836.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Hello there, Guile seems to segfault when trying to print certain backtraces with a 'call-with-values' stack frame. Here's a minimal reproducer program: (symbol? (call-with-values (lambda () (error 'oh-no)) list)) If you eval this at the REPL and enter ,bt in the debugger, Guile should segfault. Relevant gdb backtrace: #0 0x00007ffff7f43397 in scm_is_values (x=0x0) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/values.h:30 #1 vm_regular_engine (thread=0x7ffff7401900) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/vm-engine.c:974 #2 0x00007ffff7f50db5 in scm_call_n (proc=, argv=, nargs=4) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/vm.c:1615 #3 0x00007ffff7ebb674 in scm_call_4 (proc=, arg1=, arg2=, arg3=, arg4=) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/eval.c:517 #4 0x00007ffff7eb801b in display_backtrace_body (a=0x7fffed68e6a0) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/backtrace.c:239 #5 0x00007ffff7f62092 in scm_c_with_exception_handler.constprop.0 (type=#t, handler_data=handler_data@entry=0x7fffed68e630, thunk_data=thunk_data@entry=0x7fffed68e630, thunk=, handler=) at /tmp/guix-build-guile-3.0.9.drv-0/guile-3.0.9/libguile/exceptions.c:170 >From what I can tell, in vm-engine.c, in the subr-call op, 'scm_apply_subr (sp, idx, FRAME_LOCALS_COUNT ())' is called and returns an SCM object, which is stored in the local variable 'ret'. Then 'scm_is_values (ret)' is called, and the segfault occurs due to a null pointer dereference. At the time of the segfault, 'idx' is 1130, corresponding to the 'frame-local-ref' subr. Makes sense since it's the backtrace printer that crashes Guile. It seems that the data stored in the stack frames for 'call-with-values' calls is incorrect and the backtrace printer wants to display 3 arguments for the call when the procedure only accepts 2 arguments. This can be clearly seen by running another small program that happens to not segfault: (call-with-values (lambda () (error 'oh-no)) list) Check out the backtrace and you'll see a frame like this: (_ #:8:18 ()> # 1) The first 2 arguments are as expected, but why is there a 1 at the end? For another example that doesn't crash but has an even more clearly messed up backtrace, try this: (append '(a b c) (call-with-values (lambda () (error 'oh-no)) list)) You'll see a frame like this: (_ #:10:35 ()> # . #) At Spritely we've reproduced this issue on multiple machines with both Guile 3.0.7 and 3.0.9. - Dave ------------=_1683555361-3744-1--