From unknown Fri Jun 20 05:36:02 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#900 <900@debbugs.gnu.org> To: bug#900 <900@debbugs.gnu.org> Subject: Status: temacs segmentation fault in unexec under Linux 2.6.26 Reply-To: bug#900 <900@debbugs.gnu.org> Date: Fri, 20 Jun 2025 12:36:02 +0000 retitle 900 temacs segmentation fault in unexec under Linux 2.6.26 reassign 900 emacs submitter 900 Ulrich Mueller severity 900 normal tag 900 patch thanks From ulm@kph.uni-mainz.de Fri Sep 5 20:39:39 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-7.0 required=4.0 tests=AWL,BAYES_00,FOURLA, FVGT_m_MULTI_ODD,HAS_PACKAGE,IMPRONONCABLE_1,IMPRONONCABLE_2, MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2,PHONENUMBER,RCVD_IN_DNSWL_LOW autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02 Received: (at submit) by emacsbugs.donarmstrong.com; 6 Sep 2008 03:39:39 +0000 Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m863dWhw011968 for ; Fri, 5 Sep 2008 20:39:33 -0700 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Kboe4-0001QE-3c for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 23:39:32 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Kboe1-0001Pi-DL for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 23:39:31 -0400 Received: from [199.232.76.173] (port=55352 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Kboe1-0001Pf-79 for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 23:39:29 -0400 Received: from a1iwww1.kph.uni-mainz.de ([134.93.134.1]:42667) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Kboe0-0006ia-Eq for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 23:39:29 -0400 Received: from a1i15.kph.uni-mainz.de (a1i15.kph.uni-mainz.de [134.93.134.92]) by a1iwww1.kph.uni-mainz.de (8.14.0/8.13.4) with ESMTP id m863dGb2023942; Sat, 6 Sep 2008 05:39:17 +0200 Received: from a1i15.kph.uni-mainz.de (localhost [127.0.0.1]) by a1i15.kph.uni-mainz.de (8.14.2/8.13.4) with ESMTP id m863dGPw024680; Sat, 6 Sep 2008 05:39:16 +0200 Received: (from ulm@localhost) by a1i15.kph.uni-mainz.de (8.14.2/8.14.2/Submit) id m863dGv9024674; Sat, 6 Sep 2008 05:39:16 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <18625.64355.215907.350751@a1i15.kph.uni-mainz.de> Date: Sat, 6 Sep 2008 05:39:15 +0200 From: Ulrich Mueller To: bug-gnu-emacs@gnu.org CC: emacs@gentoo.org Subject: temacs segmentation fault in unexec under Linux 2.6.26 X-Mailer: VM 8.0.9 under Emacs 22.2.92.1 (i686-pc-linux-gnu) X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 1) Package: emacs Version: 22.3 Building of Emacs 22.3 under Linux 2.6.26 sometimes fails with a segmentation fault of temacs in unexec. Part of the build log and a full backtrace are included at the end of this message. I had already reported this problem (for Emacs 22.2.92) to emacs-devel but got no reply: The problem is related to kernel heap randomisation, see . It doesn't exist under Linux 2.6.24 or earlier. In GNU Emacs 22.3.1 (i686-pc-linux-gnu, GTK+ Version 2.12.11) of 2008-09-06 on a1iulm2 Windowing system distributor `The X.Org Foundation', version 11.0.10402000 configured using `configure '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--program-suffix=-emacs-22' '--infodir=/usr/share/info/emacs-22' '--without-carbon' '--with-sound' '--with-x' '--without-toolkit-scroll-bars' '--with-jpeg' '--with-tiff' '--with-gif' '--with-png' '--with-xpm' '--with-x-toolkit=gtk' '--without-hesiod' '--with-kerberos' '--with-kerberos5' '--build=i686-pc-linux-gnu' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-march=pentium-m -g -O2 -pipe' 'LDFLAGS=-Wl,-O1'' End of the build log: LC_ALL=C ./temacs -batch -l loadup dump Loading loadup.el (source)... Using load-path (/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/lisp) Loading emacs-lisp/byte-run... Loading emacs-lisp/backquote... Loading subr... Loading version.el (source)... Loading widget... Loading custom... Loading emacs-lisp/map-ynp... Loading env... Loading cus-start... Loading international/mule... Loading international/mule-conf.el (source)... Loading format... Loading bindings... Loading files... Loading cus-face... Loading faces... Loading button... Loading startup... Lists of integers (garbage collection statistics) are normal output while building Emacs; they do not indicate a problem. ((11177 . 8431) (4849 . 0) (578 . 6) 16345 20225 (11 . 7) (17 . 0) (832 . 2381)) Loading loaddefs.el (source)... ((29161 . 11860) (7821 . 0) (587 . 10) 42301 20225 (37 . 33) (17 . 0) (3704 . 1462)) Loading simple... Loading help... Loading jka-cmpr-hook... Loading international/mule-cmds... Loading case-table... Loading international/utf-8... Loading international/utf-16... Loading international/characters... Loading international/latin-1.el (source)... Loading international/latin-2.el (source)... Loading international/latin-3.el (source)... Loading international/latin-4.el (source)... Loading international/latin-5.el (source)... Loading international/latin-8.el (source)... Loading international/latin-9.el (source)... Loading language/chinese... Loading language/cyrillic... Loading language/indian... Loading language/devanagari.el (source)... Loading language/malayalam.el (source)... Loading language/tamil.el (source)... Loading language/kannada.el (source)... Loading language/english.el (source)... Loading language/ethiopic... Loading language/european... Loading language/czech.el (source)... Loading language/slovak.el (source)... Loading language/romanian.el (source)... Loading language/greek.el (source)... Loading language/hebrew.el (source)... Loading language/japanese.el (source)... Loading language/korean.el (source)... Loading language/lao.el (source)... Loading language/thai.el (source)... Loading language/tibetan... Loading language/vietnamese... Loading language/misc-lang.el (source)... Loading language/utf-8-lang.el (source)... Loading language/georgian.el (source)... Loading international/ucs-tables... Loading indent... Loading window... Loading frame... Loading term/tty-colors... Loading font-core... Loading facemenu... Loading emacs-lisp/syntax... Loading font-lock... Loading jit-lock... Loading mouse... Loading scroll-bar... Loading select... Loading emacs-lisp/timer... Loading isearch... Loading rfn-eshadow... ((49507 . 18627) (10733 . 0) (622 . 92) 64080 164411 (67 . 4) (18 . 12) (4997 . 1681)) Loading menu-bar... Loading paths.el (source)... Loading emacs-lisp/lisp... Loading textmodes/page... Loading register... Loading textmodes/paragraphs... Loading emacs-lisp/lisp-mode... Loading textmodes/text-mode... Loading textmodes/fill... ((55968 . 12166) (11261 . 0) (624 . 90) 76368 166081 (67 . 4) (18 . 12) (5507 . 1801)) Loading replace... Loading abbrev... Loading buff-menu... Loading fringe... Loading image... Loading international/fontset... Loading dnd... Loading mwheel... Loading tool-bar... Loading x-dnd... ((57901 . 10233) (11774 . 0) (625 . 89) 77920 166663 (69 . 8) (18 . 12) (5601 . 1581)) Loading emacs-lisp/float-sup... ((57933 . 10201) (11778 . 0) (625 . 89) 78085 166663 (70 . 9) (18 . 12) (5606 . 1576)) Loading vc-hooks... Loading ediff-hook... Loading tooltip... ((59259 . 8875) (11935 . 0) (626 . 88) 79285 166714 (72 . 7) (18 . 12) (5676 . 1506)) Finding pointers to doc strings... Finding pointers to doc strings...done Dumping under names emacs and emacs-22.3.1 make[1]: *** [emacs] Segmentation fault (core dumped) make[1]: *** Deleting file `emacs' make[1]: Leaving directory `/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src' make: *** [src] Error 2 Backtrace: GNU gdb 6.8 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... Really redefine built-in command "frame"? (y or n) [answered Y; input not from terminal] Really redefine built-in command "thread"? (y or n) [answered Y; input not from terminal] Really redefine built-in command "start"? (y or n) [answered Y; input not from terminal] Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...done. Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0 Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...done. Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0 Reading symbols from /usr/lib/libatk-1.0.so.0...done. Loaded symbols for /usr/lib/libatk-1.0.so.0 Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...done. Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0 Reading symbols from /usr/lib/libpangocairo-1.0.so.0...done. Loaded symbols for /usr/lib/libpangocairo-1.0.so.0 Reading symbols from /usr/lib/libpango-1.0.so.0...done. Loaded symbols for /usr/lib/libpango-1.0.so.0 Reading symbols from /usr/lib/libcairo.so.2...done. Loaded symbols for /usr/lib/libcairo.so.2 Reading symbols from /usr/lib/libgobject-2.0.so.0...done. Loaded symbols for /usr/lib/libgobject-2.0.so.0 Reading symbols from /usr/lib/libgmodule-2.0.so.0...done. Loaded symbols for /usr/lib/libgmodule-2.0.so.0 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /usr/lib/libglib-2.0.so.0...done. Loaded symbols for /usr/lib/libglib-2.0.so.0 Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /usr/lib/libSM.so.6...done. Loaded symbols for /usr/lib/libSM.so.6 Reading symbols from /usr/lib/libICE.so.6...done. Loaded symbols for /usr/lib/libICE.so.6 Reading symbols from /usr/lib/libtiff.so.3...done. Loaded symbols for /usr/lib/libtiff.so.3 Reading symbols from /usr/lib/libjpeg.so.62...done. Loaded symbols for /usr/lib/libjpeg.so.62 Reading symbols from /usr/lib/libpng12.so.0...done. Loaded symbols for /usr/lib/libpng12.so.0 Reading symbols from /lib/libz.so.1...done. Loaded symbols for /lib/libz.so.1 Reading symbols from /lib/libm.so.6...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /usr/lib/libgif.so.4...done. Loaded symbols for /usr/lib/libgif.so.4 Reading symbols from /usr/lib/libXpm.so.4...done. Loaded symbols for /usr/lib/libXpm.so.4 Reading symbols from /usr/lib/libX11.so.6...done. Loaded symbols for /usr/lib/libX11.so.6 Reading symbols from /usr/lib/libXft.so.2...done. Loaded symbols for /usr/lib/libXft.so.2 Reading symbols from /usr/lib/libXrender.so.1...done. Loaded symbols for /usr/lib/libXrender.so.1 Reading symbols from /usr/lib/libfontconfig.so.1...done. Loaded symbols for /usr/lib/libfontconfig.so.1 Reading symbols from /usr/lib/libfreetype.so.6...done. Loaded symbols for /usr/lib/libfreetype.so.6 Reading symbols from /usr/lib/libasound.so.2...done. Loaded symbols for /usr/lib/libasound.so.2 Reading symbols from /lib/libncurses.so.5...done. Loaded symbols for /lib/libncurses.so.5 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libuuid.so.1...done. Loaded symbols for /lib/libuuid.so.1 Reading symbols from /usr/lib/libXrandr.so.2...done. Loaded symbols for /usr/lib/libXrandr.so.2 Reading symbols from /usr/lib/libXcursor.so.1...done. Loaded symbols for /usr/lib/libXcursor.so.1 Reading symbols from /usr/lib/libpangoft2-1.0.so.0...done. Loaded symbols for /usr/lib/libpangoft2-1.0.so.0 Reading symbols from /usr/lib/libXcomposite.so.1...done. Loaded symbols for /usr/lib/libXcomposite.so.1 Reading symbols from /usr/lib/libXdamage.so.1...done. Loaded symbols for /usr/lib/libXdamage.so.1 Reading symbols from /usr/lib/libXfixes.so.3...done. Loaded symbols for /usr/lib/libXfixes.so.3 Reading symbols from /usr/lib/libexpat.so.1...done. Loaded symbols for /usr/lib/libexpat.so.1 Reading symbols from /usr/lib/libdirectfb-1.2.so.0...done. Loaded symbols for /usr/lib/libdirectfb-1.2.so.0 Reading symbols from /usr/lib/libfusion-1.2.so.0...done. Loaded symbols for /usr/lib/libfusion-1.2.so.0 Reading symbols from /usr/lib/libdirect-1.2.so.0...done. Loaded symbols for /usr/lib/libdirect-1.2.so.0 Reading symbols from /usr/lib/libglitz-glx.so.1...done. Loaded symbols for /usr/lib/libglitz-glx.so.1 Reading symbols from /usr/lib/libglitz.so.1...done. Loaded symbols for /usr/lib/libglitz.so.1 Reading symbols from /usr/lib/opengl/xorg-x11/lib/libGL.so.1...done. Loaded symbols for //usr//lib/opengl/xorg-x11/lib/libGL.so.1 Reading symbols from /usr/lib/libXmu.so.6...done. Loaded symbols for /usr/lib/libXmu.so.6 Reading symbols from /usr/lib/libXt.so.6...done. Loaded symbols for /usr/lib/libXt.so.6 Reading symbols from /usr/lib/libXext.so.6...done. Loaded symbols for /usr/lib/libXext.so.6 Reading symbols from /usr/lib/libXi.so.6...done. Loaded symbols for /usr/lib/libXi.so.6 Reading symbols from /usr/lib/libXau.so.6...done. Loaded symbols for /usr/lib/libXau.so.6 Reading symbols from /usr/lib/libXdmcp.so.6...done. Loaded symbols for /usr/lib/libXdmcp.so.6 Reading symbols from /usr/lib/libpixman-1.so.0...done. Loaded symbols for /usr/lib/libpixman-1.so.0 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/libjbig.so...done. Loaded symbols for /usr/lib/libjbig.so Reading symbols from /lib/librt.so.1...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /usr/lib/libXxf86vm.so.1...done. Loaded symbols for /usr/lib/libXxf86vm.so.1 Reading symbols from /usr/lib/libdrm.so.2...done. Loaded symbols for /usr/lib/libdrm.so.2 Core was generated by `./temacs -batch -l loadup dump'. Program terminated with signal 11, Segmentation fault. [New process 30599] #0 0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951 951 memcpy (NEW_SECTION_H (nn).sh_offset + new_base, DISPLAY = :0.0 TERM = xterm Breakpoint 1 at 0x80fcb26: file emacs.c, line 432. Breakpoint 2 at 0x8117246: file sysdep.c, line 1386. gdb> bt full #0 0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951 src = new_file = 0x5 old_file = 0x4 old_base = 0x2b890000 "\177ELF\001\001\001" new_base = 0x2be8c000 "\177ELF\001\001\001" old_file_h = new_file_h = new_program_h = (Elf32_Phdr *) 0x2be8c034 old_section_h = (Elf32_Shdr *) 0x2be51c10 new_section_h = (Elf32_Shdr *) 0x2c7eb530 old_section_names = 0x2be51adb "" old_bss_addr = 0x82eb6e0 new_bss_addr = old_bss_size = new_data2_size = 0x39d920 new_data2_offset = 0x2a26e0 n = 0x15 nn = 0x15 old_bss_index = 0x15 old_sbss_index = 0xffffffff old_plt_index = 0xffffffff old_data_index = 0x14 new_data2_index = 0x15 stat_buf = { st_dev = 0x307, __pad1 = 0x0, __st_ino = 0x4264, st_mode = 0x81ed, st_nlink = 0x1, st_uid = 0x1357, st_gid = 0x119e, st_rdev = 0x0, __pad2 = 0x0, st_size = 0x5fb6c6, st_blksize = 0x1000, st_blocks = 0x2ff8, st_atim = { tv_sec = 0x48c1ef81, tv_nsec = 0x0 }, st_mtim = { tv_sec = 0x48c1ef82, tv_nsec = 0x0 }, st_ctim = { tv_sec = 0x48c1ef82, tv_nsec = 0x0 }, st_ino = 0x4264 } #1 0x080fc5bd in Fdump_emacs (filename=0x8680308, symfile=0x868048b) at emacs.c:2286 tem = 0x842d8f9 symbol = #2 0x0816b541 in Feval (form=0x846a175) at eval.c:2327 numargs = argvals = {0x868049b, 0x868048b, 0x0, 0x842dcb8, 0x7f84ed70, 0x7f84ecf8, 0x7f84ecc0, 0x2} args_left = 0x842d8c9 i = 0x2 fun = val = original_fun = original_args = 0x846a15d funcar = backtrace = { next = 0x7f84ed80, function = 0x7f84ed08, args = 0x7f84ecd0, nargs = 0x2, evalargs = 0x1, debug_on_exit = 0x0 } #3 0x0816b7ff in Fprogn (args=0x348) at eval.c:449 val = 0xd8000 #4 0x0816b5ff in Feval (form=0x846b765) at eval.c:2271 numargs = 0x348 argvals = {0x42d8f9, 0x842bb15, 0x0, 0x7f84ee18, 0x7f84ee00, 0x7f84ed88, 0x7f84ed84, 0xffffffff} args_left = 0x846b60d i = fun = val = original_fun = original_args = 0x846b60d funcar = backtrace = { next = 0x7f84ee00, function = 0x7f84ed98, args = 0x7f84ed94, nargs = 0xffffffff, evalargs = 0x0, debug_on_exit = 0x0 } #5 0x0816b5ff in Feval (form=0x842b97d) at eval.c:2271 numargs = 0x348 argvals = {0x846b765, 0x842d8c9, 0x7f84ee28, 0x8180a18, 0x8465c58, 0x843dc19, 0x7f84ee28, 0x816844f} args_left = 0x846b76d i = fun = val = original_fun = original_args = 0x846b76d funcar = backtrace = { next = 0x7f84f220, function = 0x7f84ee18, args = 0x7f84ee14, nargs = 0xffffffff, evalargs = 0x0, debug_on_exit = 0x0 } #6 0x0818364c in readevalloop (readcharfun=0x843dc19, stream=0x8465c58, sourcename=0x84658ab, evalfun=0x816b040 , printflag=0x0, unibyte=0x842d8c9, readfun=0x842d8c9, start=0x842d8c9, end=0x842d8c9) at lread.c:1559 c = val = 0x842b97d b = (struct buffer *) 0x0 continue_reading_p = 0x1 whole_buffer = 0x0 first_sexp = 0x0 #7 0x08184947 in Fload (file=0x846582b, noerror=0x842d8c9, nomessage=0x842d8c9, nosuffix=0x842d8c9, must_suffix=0x842d8c9) at lread.c:1027 stream = fd = 0x3 found = efound = hist_file_name = 0x84658ab newer = 0x0 compiled = 0x0 handler = safe_p = 0x1 tmp = {0x842d8c9, 0x846589b} #8 0x0816b4e7 in Feval (form=0x842a385) at eval.c:2338 numargs = argvals = {0x846582b, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0xb, 0x0, 0x0} args_left = 0x842d8c9 i = 0x5 fun = val = original_fun = original_args = 0x842a37d funcar = backtrace = { next = 0x0, function = 0x7f84f238, args = 0x7f84f200, nargs = 0x1, evalargs = 0x1, debug_on_exit = 0x0 } #9 0x08104403 in top_level_2 () at keyboard.c:1339 No locals. #10 0x08168fa2 in internal_condition_case (bfun=0x81043f0 , handlers=0x8438a89, hfun=0x8107f80 ) at eval.c:1484 val = c = { tag = 0x842d8c9, val = 0x842d8c9, next = 0x7f84f380, gcpro = 0x0, jmp = {{ __jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f348, 0x884af267, 0xacb0f488}, __mask_was_saved = 0x0, __saved_mask = { __val = {0x7f84f340, 0x2aac7658, 0x804f59a, 0xa8428197, 0x0, 0x0, 0xb , 0x2b4d4c2c, 0x2b318a90, 0xb, 0x69cb120, 0x2aac6fc4, 0x2aac7658, 0x1, 0x7f84f350} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0x0, pdlcount = 0x2, poll_suppress_count = 0x1, interrupt_input_blocked = 0x0, byte_stack = 0x0 } h = { handler = 0x8438a89, var = 0x842d8c9, chosen_clause = 0x1, tag = 0x7f84f26c, next = 0x0 } #11 0x0810737e in top_level_1 () at keyboard.c:1347 No locals. #12 0x0816907c in internal_catch (tag=0x8437ba1, func=0x8107330 , arg=0x842d8c9) at eval.c:1224 c = { tag = 0x8437ba1, val = 0x842d8c9, next = 0x0, gcpro = 0x0, jmp = {{ __jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f448, 0x8848d267, 0xac8eec88}, __mask_was_saved = 0x0, __saved_mask = { __val = {0xb, 0xb, 0xb, 0xb, 0x81d92e0, 0xa, 0x7d0, 0x7f84f3e8, 0x8151e5b, 0x84627cc, 0x82defc1, 0xa, 0x845ada0, 0x8435540, 0x845ada1, 0x7f84f428, 0x815a9a6, 0x845ada1, 0x845a37a, 0x842d8c9, 0x8435540, 0x9, 0x9, 0x842d8e1, 0x2, 0x845a378, 0x845a37a, 0x9, 0x0, 0x845ada1, 0x1, 0x7f84f468} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0x0, pdlcount = 0x2, poll_suppress_count = 0x1, interrupt_input_blocked = 0x0, byte_stack = 0x0 } #13 0x08107dba in command_loop () at keyboard.c:1304 No locals. #14 0x08108157 in recursive_edit_1 () at keyboard.c:1007 val = #15 0x08108249 in Frecursive_edit () at keyboard.c:1068 buffer = #16 0x080fd96f in main (argc=0x5, argv=0x7f84f864) at emacs.c:1770 dummy = 0x7f84f7b8 stack_bottom_variable = 0x8 do_initial_setlocale = skip_args = 0x3 rlim = { rlim_cur = 0xffffffffffffffff, rlim_max = 0xffffffffffffffff } no_loadup = 0x0 junk = 0x0 Lisp Backtrace: "dump-emacs" (0x868049b) "if" (0x846b60d) "if" (0x846b76d) "load" (0x846582b) gdb> From svenjoac@gmx.de Sat Sep 6 05:31:05 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-4.3 required=4.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02 Received: (at control) by emacsbugs.donarmstrong.com; 6 Sep 2008 12:31:05 +0000 Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with SMTP id m86CV18j002053 for ; Sat, 6 Sep 2008 05:31:02 -0700 Received: (qmail invoked by alias); 06 Sep 2008 12:30:55 -0000 Received: from p54863C2D.dip.t-dialin.net (EHLO debian) [84.134.60.45] by mail.gmx.net (mp021) with SMTP; 06 Sep 2008 14:30:55 +0200 X-Authenticated: #28250155 X-Provags-ID: V01U2FsdGVkX18lsGQZKkMlAKyeFj7I0mQmaT5VXbRV378pH2nJLI XgkfaVtl85vzN9 From: Sven Joachim To: control@debbugs.gnu.org Subject: Merging bootstrap failure bugs Date: Sat, 06 Sep 2008 14:30:48 +0200 Message-ID: <87bpz1a22v.fsf@gmx.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Y-GMX-Trusted: 0 X-FuHaFi: 0.00 merge 443 900 thanks From ulm@kph.uni-mainz.de Tue Sep 9 08:02:15 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-4.9 required=4.0 tests=AWL,BAYES_00,FOURLA, IMPRONONCABLE_1,MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD2 autolearn=no version=3.2.3-bugs.debian.org_2005_01_02 Received: (at 900) by emacsbugs.donarmstrong.com; 9 Sep 2008 15:02:16 +0000 Received: from a1iwww1.kph.uni-mainz.de (a1iwww1.kph.uni-mainz.de [134.93.134.1]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m89F2Blj024448 for <900@emacsbugs.donarmstrong.com>; Tue, 9 Sep 2008 08:02:13 -0700 Received: from a1i15.kph.uni-mainz.de (a1i15.kph.uni-mainz.de [134.93.134.92]) by a1iwww1.kph.uni-mainz.de (8.14.0/8.13.4) with ESMTP id m89F25kT018692; Tue, 9 Sep 2008 17:02:05 +0200 Received: from a1i15.kph.uni-mainz.de (localhost [127.0.0.1]) by a1i15.kph.uni-mainz.de (8.14.2/8.13.4) with ESMTP id m89F25NA003687; Tue, 9 Sep 2008 17:02:05 +0200 Received: (from ulm@localhost) by a1i15.kph.uni-mainz.de (8.14.2/8.14.2/Submit) id m89F25uf003681; Tue, 9 Sep 2008 17:02:05 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <18630.36844.764754.85790@a1i15.kph.uni-mainz.de> Date: Tue, 9 Sep 2008 17:02:04 +0200 From: Ulrich Mueller To: 900@debbugs.gnu.org Cc: emacs@gentoo.org Subject: Re: temacs segmentation fault in unexec under Linux 2.6.26 References: <18625.64355.215907.350751@a1i15.kph.uni-mainz.de> X-Mailer: VM 8.0.9 under Emacs 22.2.1 (i686-pc-linux-gnu) Tags: patch I guess the issue boils down to the fact that testing for (heap_bss_diff > MAX_HEAP_BSS_DIFF) is not a reliable method to determine if heap randomisation is switched on. "heap_bss_diff" is random in nature, and will therefore be smaller than MAX_HEAP_BSS_DIFF in some cases. These lead to the observed segmentation faults. Here is an attempt of a patch, asking the kernel (via /proc fs) for the presence of the feature. I've also made the definition of ADDR_NO_RANDOMIZE conditional, since it is already defined in newer versions of personality.h. Patch was tested with 22.3, but also applies cleanly to the CVS trunk of today. *** emacs-orig/src/emacs.c 2008-05-12 21:55:52.000000000 +0200 --- emacs/src/emacs.c 2008-09-09 16:26:52.000000000 +0200 *************** *** 73,78 **** --- 73,81 ---- #ifdef HAVE_PERSONALITY_LINUX32 #include + #ifndef ADDR_NO_RANDOMIZE + #define ADDR_NO_RANDOMIZE 0x0040000 + #endif #endif #ifndef O_RDWR *************** *** 789,794 **** --- 792,817 ---- return count >= 3 ? REPORT_EMACS_BUG_PRETEST_ADDRESS : REPORT_EMACS_BUG_ADDRESS; } + #ifdef HAVE_PERSONALITY_LINUX32 + /* Get the `randomize_va_space' parameter. A value of 2 (introduced + in Linux 2.6.25) indicates that brk() randomization is switched on, + which will break unexec. See . */ + static int + linux_randomize_va_space () + { + FILE *fp; + int rand, count; + + fp = fopen ("/proc/sys/kernel/randomize_va_space", "r"); + if (!fp) + return -1; + count = fscanf (fp, "%d", &rand); + (void) fclose (fp); + if (count != 1) + return -1; + return rand; + } + #endif /* HAVE_PERSONALITY_LINUX32 */ /* ARGSUSED */ int *************** *** 883,906 **** if (!initialized && (strcmp (argv[argc-1], "dump") == 0 || strcmp (argv[argc-1], "bootstrap") == 0) ! && heap_bss_diff > MAX_HEAP_BSS_DIFF) { ! if (! getenv ("EMACS_HEAP_EXEC")) ! { ! /* Set this so we only do this once. */ ! putenv("EMACS_HEAP_EXEC=true"); ! ! /* A flag to turn off address randomization which is introduced ! in linux kernel shipped with fedora core 4 */ ! #define ADD_NO_RANDOMIZE 0x0040000 ! personality (PER_LINUX32 | ADD_NO_RANDOMIZE); ! #undef ADD_NO_RANDOMIZE ! ! execvp (argv[0], argv); ! ! /* If the exec fails, try to dump anyway. */ ! perror ("execvp"); ! } } #endif /* HAVE_PERSONALITY_LINUX32 */ --- 906,925 ---- if (!initialized && (strcmp (argv[argc-1], "dump") == 0 || strcmp (argv[argc-1], "bootstrap") == 0) ! && !getenv ("EMACS_HEAP_EXEC") ! && (heap_bss_diff > MAX_HEAP_BSS_DIFF ! || linux_randomize_va_space() >= 2)) { ! /* Set this so we only do this once. */ ! putenv("EMACS_HEAP_EXEC=true"); ! ! /* Set personality and disable randomization of VA space. */ ! personality (PER_LINUX32 | ADDR_NO_RANDOMIZE); ! ! execvp (argv[0], argv); ! ! /* If the exec fails, try to dump anyway. */ ! perror ("execvp"); } #endif /* HAVE_PERSONALITY_LINUX32 */ From ulm@kph.uni-mainz.de Wed Sep 10 08:22:59 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-6.0 required=4.0 tests=BAYES_00,MURPHY_DRUGS_REL8, VALID_BTS_CONTROL autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02 Received: (at control) by emacsbugs.donarmstrong.com; 10 Sep 2008 15:22:59 +0000 Received: from a1iwww1.kph.uni-mainz.de (a1iwww1.kph.uni-mainz.de [134.93.134.1]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m8AFMtFx021491 for ; Wed, 10 Sep 2008 08:22:57 -0700 Received: from a1i15.kph.uni-mainz.de (a1i15.kph.uni-mainz.de [134.93.134.92]) by a1iwww1.kph.uni-mainz.de (8.14.0/8.13.4) with ESMTP id m8AFMnoU032442 for ; Wed, 10 Sep 2008 17:22:49 +0200 Received: from a1i15.kph.uni-mainz.de (localhost [127.0.0.1]) by a1i15.kph.uni-mainz.de (8.14.2/8.13.4) with ESMTP id m8AFMnwW004194; Wed, 10 Sep 2008 17:22:49 +0200 Received: (from ulm@localhost) by a1i15.kph.uni-mainz.de (8.14.2/8.14.2/Submit) id m8AFMnSn004188; Wed, 10 Sep 2008 17:22:49 +0200 From: Ulrich Mueller MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <18631.58953.634443.516130@a1i15.kph.uni-mainz.de> Date: Wed, 10 Sep 2008 17:22:49 +0200 To: control@debbugs.gnu.org Subject: Re: temacs segmentation fault in unexec under Linux 2.6.26 X-Mailer: VM 8.0.9 under Emacs 22.2.1 (i686-pc-linux-gnu) tags 900 = patch thank you From cyd@stupidchicken.com Thu Oct 23 15:19:04 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-3.9 required=4.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02 Received: (at 900-done) by emacsbugs.donarmstrong.com; 23 Oct 2008 22:19:04 +0000 Received: from cyd.mit.edu (CYD.MIT.EDU [18.115.2.24]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m9NMIu41005540; Thu, 23 Oct 2008 15:18:57 -0700 Received: by cyd.mit.edu (Postfix, from userid 1000) id 2CCD557E055; Thu, 23 Oct 2008 18:18:59 -0400 (EDT) From: Chong Yidong To: 443-done@debbugs.gnu.org, 900-done@debbugs.gnu.org Subject: Re: temacs segmentation fault in unexec under Linux 2.6.26 Date: Thu, 23 Oct 2008 18:18:59 -0400 Message-ID: <874p33rm3w.fsf@cyd.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-CrossAssassin-Score: 2 Since Jan has fixed this in the trunk (2008-10-21 checkin), I'm closing this bug. From unknown Fri Jun 20 05:36:02 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: $requester Subject: Internal Control Message-Id: bug archived. Date: Fri, 21 Nov 2008 15:24:04 +0000 User-Agent: Fakemail v42.6.9 # A New Hope # A log time ago, in a galaxy far, far away # something happened. # # Magically this resulted in the following # action being taken, but this fake control # message doesn't tell you why it happened # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator