From unknown Thu Jun 19 16:23:56 2025 X-Loop: don@donarmstrong.com Subject: bug#900: temacs segmentation fault in unexec under Linux 2.6.26 Reply-To: Ulrich Mueller , 900@debbugs.gnu.org Resent-From: Ulrich Mueller Resent-To: bug-submit-list@lists.donarmstrong.com Resent-CC: Emacs Bugs Resent-Date: Sat, 06 Sep 2008 03:45:03 +0000 Resent-Message-ID: Resent-Sender: don@donarmstrong.com X-Emacs-PR-Message: report 900 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: Received: via spool by submit@emacsbugs.donarmstrong.com id=B.122067237912078 (code B ref -1); Sat, 06 Sep 2008 03:45:03 +0000 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-7.0 required=4.0 tests=AWL,BAYES_00,FOURLA, FVGT_m_MULTI_ODD,HAS_PACKAGE,IMPRONONCABLE_1,IMPRONONCABLE_2, MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2,PHONENUMBER,RCVD_IN_DNSWL_LOW autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02 Received: (at submit) by emacsbugs.donarmstrong.com; 6 Sep 2008 03:39:39 +0000 Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m863dWhw011968 for ; Fri, 5 Sep 2008 20:39:33 -0700 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Kboe4-0001QE-3c for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 23:39:32 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Kboe1-0001Pi-DL for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 23:39:31 -0400 Received: from [199.232.76.173] (port=55352 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Kboe1-0001Pf-79 for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 23:39:29 -0400 Received: from a1iwww1.kph.uni-mainz.de ([134.93.134.1]:42667) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Kboe0-0006ia-Eq for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 23:39:29 -0400 Received: from a1i15.kph.uni-mainz.de (a1i15.kph.uni-mainz.de [134.93.134.92]) by a1iwww1.kph.uni-mainz.de (8.14.0/8.13.4) with ESMTP id m863dGb2023942; Sat, 6 Sep 2008 05:39:17 +0200 Received: from a1i15.kph.uni-mainz.de (localhost [127.0.0.1]) by a1i15.kph.uni-mainz.de (8.14.2/8.13.4) with ESMTP id m863dGPw024680; Sat, 6 Sep 2008 05:39:16 +0200 Received: (from ulm@localhost) by a1i15.kph.uni-mainz.de (8.14.2/8.14.2/Submit) id m863dGv9024674; Sat, 6 Sep 2008 05:39:16 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <18625.64355.215907.350751@a1i15.kph.uni-mainz.de> Date: Sat, 6 Sep 2008 05:39:15 +0200 From: Ulrich Mueller To: bug-gnu-emacs@gnu.org CC: emacs@gentoo.org X-Mailer: VM 8.0.9 under Emacs 22.2.92.1 (i686-pc-linux-gnu) X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 1) Package: emacs Version: 22.3 Building of Emacs 22.3 under Linux 2.6.26 sometimes fails with a segmentation fault of temacs in unexec. Part of the build log and a full backtrace are included at the end of this message. I had already reported this problem (for Emacs 22.2.92) to emacs-devel but got no reply: The problem is related to kernel heap randomisation, see . It doesn't exist under Linux 2.6.24 or earlier. In GNU Emacs 22.3.1 (i686-pc-linux-gnu, GTK+ Version 2.12.11) of 2008-09-06 on a1iulm2 Windowing system distributor `The X.Org Foundation', version 11.0.10402000 configured using `configure '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--program-suffix=-emacs-22' '--infodir=/usr/share/info/emacs-22' '--without-carbon' '--with-sound' '--with-x' '--without-toolkit-scroll-bars' '--with-jpeg' '--with-tiff' '--with-gif' '--with-png' '--with-xpm' '--with-x-toolkit=gtk' '--without-hesiod' '--with-kerberos' '--with-kerberos5' '--build=i686-pc-linux-gnu' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-march=pentium-m -g -O2 -pipe' 'LDFLAGS=-Wl,-O1'' End of the build log: LC_ALL=C ./temacs -batch -l loadup dump Loading loadup.el (source)... Using load-path (/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/lisp) Loading emacs-lisp/byte-run... Loading emacs-lisp/backquote... Loading subr... Loading version.el (source)... Loading widget... Loading custom... Loading emacs-lisp/map-ynp... Loading env... Loading cus-start... Loading international/mule... Loading international/mule-conf.el (source)... Loading format... Loading bindings... Loading files... Loading cus-face... Loading faces... Loading button... Loading startup... Lists of integers (garbage collection statistics) are normal output while building Emacs; they do not indicate a problem. ((11177 . 8431) (4849 . 0) (578 . 6) 16345 20225 (11 . 7) (17 . 0) (832 . 2381)) Loading loaddefs.el (source)... ((29161 . 11860) (7821 . 0) (587 . 10) 42301 20225 (37 . 33) (17 . 0) (3704 . 1462)) Loading simple... Loading help... Loading jka-cmpr-hook... Loading international/mule-cmds... Loading case-table... Loading international/utf-8... Loading international/utf-16... Loading international/characters... Loading international/latin-1.el (source)... Loading international/latin-2.el (source)... Loading international/latin-3.el (source)... Loading international/latin-4.el (source)... Loading international/latin-5.el (source)... Loading international/latin-8.el (source)... Loading international/latin-9.el (source)... Loading language/chinese... Loading language/cyrillic... Loading language/indian... Loading language/devanagari.el (source)... Loading language/malayalam.el (source)... Loading language/tamil.el (source)... Loading language/kannada.el (source)... Loading language/english.el (source)... Loading language/ethiopic... Loading language/european... Loading language/czech.el (source)... Loading language/slovak.el (source)... Loading language/romanian.el (source)... Loading language/greek.el (source)... Loading language/hebrew.el (source)... Loading language/japanese.el (source)... Loading language/korean.el (source)... Loading language/lao.el (source)... Loading language/thai.el (source)... Loading language/tibetan... Loading language/vietnamese... Loading language/misc-lang.el (source)... Loading language/utf-8-lang.el (source)... Loading language/georgian.el (source)... Loading international/ucs-tables... Loading indent... Loading window... Loading frame... Loading term/tty-colors... Loading font-core... Loading facemenu... Loading emacs-lisp/syntax... Loading font-lock... Loading jit-lock... Loading mouse... Loading scroll-bar... Loading select... Loading emacs-lisp/timer... Loading isearch... Loading rfn-eshadow... ((49507 . 18627) (10733 . 0) (622 . 92) 64080 164411 (67 . 4) (18 . 12) (4997 . 1681)) Loading menu-bar... Loading paths.el (source)... Loading emacs-lisp/lisp... Loading textmodes/page... Loading register... Loading textmodes/paragraphs... Loading emacs-lisp/lisp-mode... Loading textmodes/text-mode... Loading textmodes/fill... ((55968 . 12166) (11261 . 0) (624 . 90) 76368 166081 (67 . 4) (18 . 12) (5507 . 1801)) Loading replace... Loading abbrev... Loading buff-menu... Loading fringe... Loading image... Loading international/fontset... Loading dnd... Loading mwheel... Loading tool-bar... Loading x-dnd... ((57901 . 10233) (11774 . 0) (625 . 89) 77920 166663 (69 . 8) (18 . 12) (5601 . 1581)) Loading emacs-lisp/float-sup... ((57933 . 10201) (11778 . 0) (625 . 89) 78085 166663 (70 . 9) (18 . 12) (5606 . 1576)) Loading vc-hooks... Loading ediff-hook... Loading tooltip... ((59259 . 8875) (11935 . 0) (626 . 88) 79285 166714 (72 . 7) (18 . 12) (5676 . 1506)) Finding pointers to doc strings... Finding pointers to doc strings...done Dumping under names emacs and emacs-22.3.1 make[1]: *** [emacs] Segmentation fault (core dumped) make[1]: *** Deleting file `emacs' make[1]: Leaving directory `/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src' make: *** [src] Error 2 Backtrace: GNU gdb 6.8 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... Really redefine built-in command "frame"? (y or n) [answered Y; input not from terminal] Really redefine built-in command "thread"? (y or n) [answered Y; input not from terminal] Really redefine built-in command "start"? (y or n) [answered Y; input not from terminal] Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...done. Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0 Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...done. Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0 Reading symbols from /usr/lib/libatk-1.0.so.0...done. Loaded symbols for /usr/lib/libatk-1.0.so.0 Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...done. Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0 Reading symbols from /usr/lib/libpangocairo-1.0.so.0...done. Loaded symbols for /usr/lib/libpangocairo-1.0.so.0 Reading symbols from /usr/lib/libpango-1.0.so.0...done. Loaded symbols for /usr/lib/libpango-1.0.so.0 Reading symbols from /usr/lib/libcairo.so.2...done. Loaded symbols for /usr/lib/libcairo.so.2 Reading symbols from /usr/lib/libgobject-2.0.so.0...done. Loaded symbols for /usr/lib/libgobject-2.0.so.0 Reading symbols from /usr/lib/libgmodule-2.0.so.0...done. Loaded symbols for /usr/lib/libgmodule-2.0.so.0 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /usr/lib/libglib-2.0.so.0...done. Loaded symbols for /usr/lib/libglib-2.0.so.0 Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /usr/lib/libSM.so.6...done. Loaded symbols for /usr/lib/libSM.so.6 Reading symbols from /usr/lib/libICE.so.6...done. Loaded symbols for /usr/lib/libICE.so.6 Reading symbols from /usr/lib/libtiff.so.3...done. Loaded symbols for /usr/lib/libtiff.so.3 Reading symbols from /usr/lib/libjpeg.so.62...done. Loaded symbols for /usr/lib/libjpeg.so.62 Reading symbols from /usr/lib/libpng12.so.0...done. Loaded symbols for /usr/lib/libpng12.so.0 Reading symbols from /lib/libz.so.1...done. Loaded symbols for /lib/libz.so.1 Reading symbols from /lib/libm.so.6...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /usr/lib/libgif.so.4...done. Loaded symbols for /usr/lib/libgif.so.4 Reading symbols from /usr/lib/libXpm.so.4...done. Loaded symbols for /usr/lib/libXpm.so.4 Reading symbols from /usr/lib/libX11.so.6...done. Loaded symbols for /usr/lib/libX11.so.6 Reading symbols from /usr/lib/libXft.so.2...done. Loaded symbols for /usr/lib/libXft.so.2 Reading symbols from /usr/lib/libXrender.so.1...done. Loaded symbols for /usr/lib/libXrender.so.1 Reading symbols from /usr/lib/libfontconfig.so.1...done. Loaded symbols for /usr/lib/libfontconfig.so.1 Reading symbols from /usr/lib/libfreetype.so.6...done. Loaded symbols for /usr/lib/libfreetype.so.6 Reading symbols from /usr/lib/libasound.so.2...done. Loaded symbols for /usr/lib/libasound.so.2 Reading symbols from /lib/libncurses.so.5...done. Loaded symbols for /lib/libncurses.so.5 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libuuid.so.1...done. Loaded symbols for /lib/libuuid.so.1 Reading symbols from /usr/lib/libXrandr.so.2...done. Loaded symbols for /usr/lib/libXrandr.so.2 Reading symbols from /usr/lib/libXcursor.so.1...done. Loaded symbols for /usr/lib/libXcursor.so.1 Reading symbols from /usr/lib/libpangoft2-1.0.so.0...done. Loaded symbols for /usr/lib/libpangoft2-1.0.so.0 Reading symbols from /usr/lib/libXcomposite.so.1...done. Loaded symbols for /usr/lib/libXcomposite.so.1 Reading symbols from /usr/lib/libXdamage.so.1...done. Loaded symbols for /usr/lib/libXdamage.so.1 Reading symbols from /usr/lib/libXfixes.so.3...done. Loaded symbols for /usr/lib/libXfixes.so.3 Reading symbols from /usr/lib/libexpat.so.1...done. Loaded symbols for /usr/lib/libexpat.so.1 Reading symbols from /usr/lib/libdirectfb-1.2.so.0...done. Loaded symbols for /usr/lib/libdirectfb-1.2.so.0 Reading symbols from /usr/lib/libfusion-1.2.so.0...done. Loaded symbols for /usr/lib/libfusion-1.2.so.0 Reading symbols from /usr/lib/libdirect-1.2.so.0...done. Loaded symbols for /usr/lib/libdirect-1.2.so.0 Reading symbols from /usr/lib/libglitz-glx.so.1...done. Loaded symbols for /usr/lib/libglitz-glx.so.1 Reading symbols from /usr/lib/libglitz.so.1...done. Loaded symbols for /usr/lib/libglitz.so.1 Reading symbols from /usr/lib/opengl/xorg-x11/lib/libGL.so.1...done. Loaded symbols for //usr//lib/opengl/xorg-x11/lib/libGL.so.1 Reading symbols from /usr/lib/libXmu.so.6...done. Loaded symbols for /usr/lib/libXmu.so.6 Reading symbols from /usr/lib/libXt.so.6...done. Loaded symbols for /usr/lib/libXt.so.6 Reading symbols from /usr/lib/libXext.so.6...done. Loaded symbols for /usr/lib/libXext.so.6 Reading symbols from /usr/lib/libXi.so.6...done. Loaded symbols for /usr/lib/libXi.so.6 Reading symbols from /usr/lib/libXau.so.6...done. Loaded symbols for /usr/lib/libXau.so.6 Reading symbols from /usr/lib/libXdmcp.so.6...done. Loaded symbols for /usr/lib/libXdmcp.so.6 Reading symbols from /usr/lib/libpixman-1.so.0...done. Loaded symbols for /usr/lib/libpixman-1.so.0 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/libjbig.so...done. Loaded symbols for /usr/lib/libjbig.so Reading symbols from /lib/librt.so.1...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /usr/lib/libXxf86vm.so.1...done. Loaded symbols for /usr/lib/libXxf86vm.so.1 Reading symbols from /usr/lib/libdrm.so.2...done. Loaded symbols for /usr/lib/libdrm.so.2 Core was generated by `./temacs -batch -l loadup dump'. Program terminated with signal 11, Segmentation fault. [New process 30599] #0 0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951 951 memcpy (NEW_SECTION_H (nn).sh_offset + new_base, DISPLAY = :0.0 TERM = xterm Breakpoint 1 at 0x80fcb26: file emacs.c, line 432. Breakpoint 2 at 0x8117246: file sysdep.c, line 1386. gdb> bt full #0 0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951 src = new_file = 0x5 old_file = 0x4 old_base = 0x2b890000 "\177ELF\001\001\001" new_base = 0x2be8c000 "\177ELF\001\001\001" old_file_h = new_file_h = new_program_h = (Elf32_Phdr *) 0x2be8c034 old_section_h = (Elf32_Shdr *) 0x2be51c10 new_section_h = (Elf32_Shdr *) 0x2c7eb530 old_section_names = 0x2be51adb "" old_bss_addr = 0x82eb6e0 new_bss_addr = old_bss_size = new_data2_size = 0x39d920 new_data2_offset = 0x2a26e0 n = 0x15 nn = 0x15 old_bss_index = 0x15 old_sbss_index = 0xffffffff old_plt_index = 0xffffffff old_data_index = 0x14 new_data2_index = 0x15 stat_buf = { st_dev = 0x307, __pad1 = 0x0, __st_ino = 0x4264, st_mode = 0x81ed, st_nlink = 0x1, st_uid = 0x1357, st_gid = 0x119e, st_rdev = 0x0, __pad2 = 0x0, st_size = 0x5fb6c6, st_blksize = 0x1000, st_blocks = 0x2ff8, st_atim = { tv_sec = 0x48c1ef81, tv_nsec = 0x0 }, st_mtim = { tv_sec = 0x48c1ef82, tv_nsec = 0x0 }, st_ctim = { tv_sec = 0x48c1ef82, tv_nsec = 0x0 }, st_ino = 0x4264 } #1 0x080fc5bd in Fdump_emacs (filename=0x8680308, symfile=0x868048b) at emacs.c:2286 tem = 0x842d8f9 symbol = #2 0x0816b541 in Feval (form=0x846a175) at eval.c:2327 numargs = argvals = {0x868049b, 0x868048b, 0x0, 0x842dcb8, 0x7f84ed70, 0x7f84ecf8, 0x7f84ecc0, 0x2} args_left = 0x842d8c9 i = 0x2 fun = val = original_fun = original_args = 0x846a15d funcar = backtrace = { next = 0x7f84ed80, function = 0x7f84ed08, args = 0x7f84ecd0, nargs = 0x2, evalargs = 0x1, debug_on_exit = 0x0 } #3 0x0816b7ff in Fprogn (args=0x348) at eval.c:449 val = 0xd8000 #4 0x0816b5ff in Feval (form=0x846b765) at eval.c:2271 numargs = 0x348 argvals = {0x42d8f9, 0x842bb15, 0x0, 0x7f84ee18, 0x7f84ee00, 0x7f84ed88, 0x7f84ed84, 0xffffffff} args_left = 0x846b60d i = fun = val = original_fun = original_args = 0x846b60d funcar = backtrace = { next = 0x7f84ee00, function = 0x7f84ed98, args = 0x7f84ed94, nargs = 0xffffffff, evalargs = 0x0, debug_on_exit = 0x0 } #5 0x0816b5ff in Feval (form=0x842b97d) at eval.c:2271 numargs = 0x348 argvals = {0x846b765, 0x842d8c9, 0x7f84ee28, 0x8180a18, 0x8465c58, 0x843dc19, 0x7f84ee28, 0x816844f} args_left = 0x846b76d i = fun = val = original_fun = original_args = 0x846b76d funcar = backtrace = { next = 0x7f84f220, function = 0x7f84ee18, args = 0x7f84ee14, nargs = 0xffffffff, evalargs = 0x0, debug_on_exit = 0x0 } #6 0x0818364c in readevalloop (readcharfun=0x843dc19, stream=0x8465c58, sourcename=0x84658ab, evalfun=0x816b040 , printflag=0x0, unibyte=0x842d8c9, readfun=0x842d8c9, start=0x842d8c9, end=0x842d8c9) at lread.c:1559 c = val = 0x842b97d b = (struct buffer *) 0x0 continue_reading_p = 0x1 whole_buffer = 0x0 first_sexp = 0x0 #7 0x08184947 in Fload (file=0x846582b, noerror=0x842d8c9, nomessage=0x842d8c9, nosuffix=0x842d8c9, must_suffix=0x842d8c9) at lread.c:1027 stream = fd = 0x3 found = efound = hist_file_name = 0x84658ab newer = 0x0 compiled = 0x0 handler = safe_p = 0x1 tmp = {0x842d8c9, 0x846589b} #8 0x0816b4e7 in Feval (form=0x842a385) at eval.c:2338 numargs = argvals = {0x846582b, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0xb, 0x0, 0x0} args_left = 0x842d8c9 i = 0x5 fun = val = original_fun = original_args = 0x842a37d funcar = backtrace = { next = 0x0, function = 0x7f84f238, args = 0x7f84f200, nargs = 0x1, evalargs = 0x1, debug_on_exit = 0x0 } #9 0x08104403 in top_level_2 () at keyboard.c:1339 No locals. #10 0x08168fa2 in internal_condition_case (bfun=0x81043f0 , handlers=0x8438a89, hfun=0x8107f80 ) at eval.c:1484 val = c = { tag = 0x842d8c9, val = 0x842d8c9, next = 0x7f84f380, gcpro = 0x0, jmp = {{ __jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f348, 0x884af267, 0xacb0f488}, __mask_was_saved = 0x0, __saved_mask = { __val = {0x7f84f340, 0x2aac7658, 0x804f59a, 0xa8428197, 0x0, 0x0, 0xb , 0x2b4d4c2c, 0x2b318a90, 0xb, 0x69cb120, 0x2aac6fc4, 0x2aac7658, 0x1, 0x7f84f350} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0x0, pdlcount = 0x2, poll_suppress_count = 0x1, interrupt_input_blocked = 0x0, byte_stack = 0x0 } h = { handler = 0x8438a89, var = 0x842d8c9, chosen_clause = 0x1, tag = 0x7f84f26c, next = 0x0 } #11 0x0810737e in top_level_1 () at keyboard.c:1347 No locals. #12 0x0816907c in internal_catch (tag=0x8437ba1, func=0x8107330 , arg=0x842d8c9) at eval.c:1224 c = { tag = 0x8437ba1, val = 0x842d8c9, next = 0x0, gcpro = 0x0, jmp = {{ __jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f448, 0x8848d267, 0xac8eec88}, __mask_was_saved = 0x0, __saved_mask = { __val = {0xb, 0xb, 0xb, 0xb, 0x81d92e0, 0xa, 0x7d0, 0x7f84f3e8, 0x8151e5b, 0x84627cc, 0x82defc1, 0xa, 0x845ada0, 0x8435540, 0x845ada1, 0x7f84f428, 0x815a9a6, 0x845ada1, 0x845a37a, 0x842d8c9, 0x8435540, 0x9, 0x9, 0x842d8e1, 0x2, 0x845a378, 0x845a37a, 0x9, 0x0, 0x845ada1, 0x1, 0x7f84f468} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0x0, pdlcount = 0x2, poll_suppress_count = 0x1, interrupt_input_blocked = 0x0, byte_stack = 0x0 } #13 0x08107dba in command_loop () at keyboard.c:1304 No locals. #14 0x08108157 in recursive_edit_1 () at keyboard.c:1007 val = #15 0x08108249 in Frecursive_edit () at keyboard.c:1068 buffer = #16 0x080fd96f in main (argc=0x5, argv=0x7f84f864) at emacs.c:1770 dummy = 0x7f84f7b8 stack_bottom_variable = 0x8 do_initial_setlocale = skip_args = 0x3 rlim = { rlim_cur = 0xffffffffffffffff, rlim_max = 0xffffffffffffffff } no_loadup = 0x0 junk = 0x0 Lisp Backtrace: "dump-emacs" (0x868049b) "if" (0x846b60d) "if" (0x846b76d) "load" (0x846582b) gdb> From unknown Thu Jun 19 16:23:56 2025 X-Loop: don@donarmstrong.com Subject: bug#900: temacs segmentation fault in unexec under Linux 2.6.26 Reply-To: Ulrich Mueller , 900@debbugs.gnu.org Resent-From: Ulrich Mueller Resent-To: bug-submit-list@lists.donarmstrong.com Resent-CC: Emacs Bugs Resent-Date: Tue, 09 Sep 2008 15:10:04 +0000 Resent-Message-ID: Resent-Sender: don@donarmstrong.com X-Emacs-PR-Message: report 900 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: moreinfo Received: via spool by 900-submit@emacsbugs.donarmstrong.com id=B900.122097253624454 (code B ref 900); Tue, 09 Sep 2008 15:10:04 +0000 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-4.9 required=4.0 tests=AWL,BAYES_00,FOURLA, IMPRONONCABLE_1,MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD2 autolearn=no version=3.2.3-bugs.debian.org_2005_01_02 Received: (at 900) by emacsbugs.donarmstrong.com; 9 Sep 2008 15:02:16 +0000 Received: from a1iwww1.kph.uni-mainz.de (a1iwww1.kph.uni-mainz.de [134.93.134.1]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m89F2Blj024448 for <900@emacsbugs.donarmstrong.com>; Tue, 9 Sep 2008 08:02:13 -0700 Received: from a1i15.kph.uni-mainz.de (a1i15.kph.uni-mainz.de [134.93.134.92]) by a1iwww1.kph.uni-mainz.de (8.14.0/8.13.4) with ESMTP id m89F25kT018692; Tue, 9 Sep 2008 17:02:05 +0200 Received: from a1i15.kph.uni-mainz.de (localhost [127.0.0.1]) by a1i15.kph.uni-mainz.de (8.14.2/8.13.4) with ESMTP id m89F25NA003687; Tue, 9 Sep 2008 17:02:05 +0200 Received: (from ulm@localhost) by a1i15.kph.uni-mainz.de (8.14.2/8.14.2/Submit) id m89F25uf003681; Tue, 9 Sep 2008 17:02:05 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <18630.36844.764754.85790@a1i15.kph.uni-mainz.de> Date: Tue, 9 Sep 2008 17:02:04 +0200 From: Ulrich Mueller To: 900@debbugs.gnu.org Cc: emacs@gentoo.org References: <18625.64355.215907.350751@a1i15.kph.uni-mainz.de> X-Mailer: VM 8.0.9 under Emacs 22.2.1 (i686-pc-linux-gnu) Tags: patch I guess the issue boils down to the fact that testing for (heap_bss_diff > MAX_HEAP_BSS_DIFF) is not a reliable method to determine if heap randomisation is switched on. "heap_bss_diff" is random in nature, and will therefore be smaller than MAX_HEAP_BSS_DIFF in some cases. These lead to the observed segmentation faults. Here is an attempt of a patch, asking the kernel (via /proc fs) for the presence of the feature. I've also made the definition of ADDR_NO_RANDOMIZE conditional, since it is already defined in newer versions of personality.h. Patch was tested with 22.3, but also applies cleanly to the CVS trunk of today. *** emacs-orig/src/emacs.c 2008-05-12 21:55:52.000000000 +0200 --- emacs/src/emacs.c 2008-09-09 16:26:52.000000000 +0200 *************** *** 73,78 **** --- 73,81 ---- #ifdef HAVE_PERSONALITY_LINUX32 #include + #ifndef ADDR_NO_RANDOMIZE + #define ADDR_NO_RANDOMIZE 0x0040000 + #endif #endif #ifndef O_RDWR *************** *** 789,794 **** --- 792,817 ---- return count >= 3 ? REPORT_EMACS_BUG_PRETEST_ADDRESS : REPORT_EMACS_BUG_ADDRESS; } + #ifdef HAVE_PERSONALITY_LINUX32 + /* Get the `randomize_va_space' parameter. A value of 2 (introduced + in Linux 2.6.25) indicates that brk() randomization is switched on, + which will break unexec. See . */ + static int + linux_randomize_va_space () + { + FILE *fp; + int rand, count; + + fp = fopen ("/proc/sys/kernel/randomize_va_space", "r"); + if (!fp) + return -1; + count = fscanf (fp, "%d", &rand); + (void) fclose (fp); + if (count != 1) + return -1; + return rand; + } + #endif /* HAVE_PERSONALITY_LINUX32 */ /* ARGSUSED */ int *************** *** 883,906 **** if (!initialized && (strcmp (argv[argc-1], "dump") == 0 || strcmp (argv[argc-1], "bootstrap") == 0) ! && heap_bss_diff > MAX_HEAP_BSS_DIFF) { ! if (! getenv ("EMACS_HEAP_EXEC")) ! { ! /* Set this so we only do this once. */ ! putenv("EMACS_HEAP_EXEC=true"); ! ! /* A flag to turn off address randomization which is introduced ! in linux kernel shipped with fedora core 4 */ ! #define ADD_NO_RANDOMIZE 0x0040000 ! personality (PER_LINUX32 | ADD_NO_RANDOMIZE); ! #undef ADD_NO_RANDOMIZE ! ! execvp (argv[0], argv); ! ! /* If the exec fails, try to dump anyway. */ ! perror ("execvp"); ! } } #endif /* HAVE_PERSONALITY_LINUX32 */ --- 906,925 ---- if (!initialized && (strcmp (argv[argc-1], "dump") == 0 || strcmp (argv[argc-1], "bootstrap") == 0) ! && !getenv ("EMACS_HEAP_EXEC") ! && (heap_bss_diff > MAX_HEAP_BSS_DIFF ! || linux_randomize_va_space() >= 2)) { ! /* Set this so we only do this once. */ ! putenv("EMACS_HEAP_EXEC=true"); ! ! /* Set personality and disable randomization of VA space. */ ! personality (PER_LINUX32 | ADDR_NO_RANDOMIZE); ! ! execvp (argv[0], argv); ! ! /* If the exec fails, try to dump anyway. */ ! perror ("execvp"); } #endif /* HAVE_PERSONALITY_LINUX32 */