Heap corruption leads to random crashes

  • Done
  • quality assurance status badge
Details
One participant
  • Ludovic Courtès
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
important
Merged with
L
L
Ludovic Courtès wrote on 8 Mar 2020 22:50
[3.0.1] Segfault in GC
(address . bug-guile@gnu.org)
87sgii7bz6.fsf@gnu.org
Hello,

Building ‘guile3.0-guix’ on x86_64-linux from Guix commit
1a30351bf37930222f077cdbcbb6659372f1ea2d leads to a GC segfault. This
can be reproduced with:

guix pull --commit=1a30351bf37930222f077cdbcbb6659372f1ea2d
guix build -K guile3.0-guix

‘guix pull’ also segfaults similarly on x86_64-linux.

The build log for ‘guile3.0-guix’ goes like this:

Toggle snippet (12 lines)
[ 43%] LOAD gnu/services.scm
[ 43%] LOAD gnu/services/admin.scm
[ 43%] LOAD gnu/services/audio.scm
[ 44%] LOAD gnu/services/auditd.scm
[ 44%] LOAD gnu/services/avahi.scm
[ 44%] LOAD gnu/services/base.scm
[ 44%] LOAD gnu/services/certbot.scm
/gnu/store/29jhbbg1hf557x8j53f9sxd9imlmf02a-bash-minimal-5.0.7/bin/bash: line 7: 26114 Segmentation fault XDG_CACHE_HOME=/nowhere host=x86_64-unknown-linux-gnu srcdir="." ./pre-inst-env /gnum
make[2]: *** [Makefile:5785: make-go] Error 139
make[2]: Leaving directory '/tmp/guix-build-guile3.0-guix-1.0.1-14.c2f9ea2.drv-0/source'

The backtrace:

Toggle snippet (118 lines)
(gdb) bt
#0 GC_clear_fl_marks (q=<optimized out>) at alloc.c:880
#1 0x00007f92ec27d331 in GC_finish_collection () at alloc.c:987
#2 0x00007f92ec27d705 in GC_try_to_collect_inner (
stop_func=0x7f92ec27c8e0 <GC_never_stop_func>) at alloc.c:502
#3 0x00007f92ec27e314 in GC_collect_or_expand (needed_blocks=needed_blocks@entry=1,
ignore_off_page=ignore_off_page@entry=0, retry=retry@entry=0) at alloc.c:1353
#4 0x00007f92ec27e50f in GC_allocobj (gran=gran@entry=1, kind=1) at alloc.c:1445
#5 0x00007f92ec28413f in GC_generic_malloc_inner (lb=lb@entry=16, k=k@entry=1)
at malloc.c:143
#6 0x00007f92ec2854f6 in GC_generic_malloc_many (lb=lb@entry=16, k=k@entry=1,
result=result@entry=0x7f92ec2b0458 <first_thread+312>) at mallocx.c:445
#7 0x00007f92ec290623 in GC_malloc_kind (bytes=16, knd=1) at thread_local_alloc.c:184
#8 0x00007f92ec28463a in GC_malloc (lb=<optimized out>) at malloc.c:294
#9 0x00007f92ec353b73 in scm_cell (cdr=772, car=140268964272160)
at ../libguile/gc.h:161
#10 scm_cons (y=0x304, x=0x7f92e9c9d820) at pairs.h:155
#11 scm_append (args=<optimized out>) at list.c:255
#12 0x00007f92e9a2c7a0 in ?? ()
#13 0x00007f92eb99fd80 in ?? ()
#14 0x00007f92ec418880 in ?? ()
from /gnu/store/gjr8c5qibb1v8clbafsr3a1xn9h4wb9y-guile-next-3.0.1/lib/libguile-3.0.so.1
#15 0x00007f92eb99fd80 in ?? ()
#16 0x00007f92ec352f0b in scm_jit_enter_mcode (thread=0x7f92eb99fd80,
mcode=0x7f92e8b66e70 "H\203\350\060I\211\314I)\304I\203\374@\017\205\263\006")
at jit.c:5777
#17 0x00007f92ec3ae4b9 in vm_regular_engine (thread=0x7f92caf2e5e0) at vm-engine.c:360
#18 0x00007f92ec3af155 in scm_call_n (proc=<optimized out>,
argv=argv@entry=0x7ffec93ceb48, nargs=nargs@entry=1) at vm.c:1600
#19 0x00007f92ec32d207 in scm_primitive_eval (exp=<optimized out>) at eval.c:671
#20 0x00007f92ec354bcb in scm_primitive_load (filename=filename@entry=0x7f92cfa84f40)
at load.c:131
#21 0x00007f92ec356078 in scm_primitive_load_path (args=<optimized out>) at load.c:1267
#22 0x00007f92e96ceef0 in ?? ()
#23 0x00007f92eb99fd80 in ?? ()
#24 0x00007f92ec418880 in ?? ()
from /gnu/store/gjr8c5qibb1v8clbafsr3a1xn9h4wb9y-guile-next-3.0.1/lib/libguile-3.0.so.1
#25 0x00007f92eb99fd80 in ?? ()
#26 0x00007f92ec352f0b in scm_jit_enter_mcode (thread=0x7f92eb99fd80,
mcode=0x7f92e8b66e70 "H\203\350\060I\211\314I)\304I\203\374@\017\205\263\006")
at jit.c:5777
#27 0x00007f92ec3ae4b9 in vm_regular_engine (thread=0x7f92cf24c850) at vm-engine.c:360
#28 0x00007f92ec3af155 in scm_call_n (proc=<optimized out>,
argv=argv@entry=0x7ffec93ceed8, nargs=nargs@entry=1) at vm.c:1600
#29 0x00007f92ec32d207 in scm_primitive_eval (exp=<optimized out>) at eval.c:671
#30 0x00007f92ec354bcb in scm_primitive_load (filename=filename@entry=0x7f92cfa57440)
at load.c:131
#31 0x00007f92ec356078 in scm_primitive_load_path (args=<optimized out>) at load.c:1267
#32 0x00007f92e96ceef0 in ?? ()
#33 0x00007f92eb99fd80 in ?? ()
#34 0x00007f92ec418880 in ?? ()
from /gnu/store/gjr8c5qibb1v8clbafsr3a1xn9h4wb9y-guile-next-3.0.1/lib/libguile-3.0.so.1
#35 0x00007f92eb99fd80 in ?? ()
#36 0x00007f92ec352f0b in scm_jit_enter_mcode (thread=0x7f92eb99fd80,
mcode=0x7f92e39387f0 "I\211\314I)\304I\203\374\020\017\217", <incomplete sequence \344>) at jit.c:5777
#37 0x00007f92ec3ae7a8 in vm_regular_engine (thread=0x7f92cf219410) at vm-engine.c:374
#38 0x00007f92ec3af155 in scm_call_n (proc=<optimized out>,
argv=argv@entry=0x7ffec93cf268, nargs=nargs@entry=1) at vm.c:1600
#39 0x00007f92ec32d207 in scm_primitive_eval (exp=<optimized out>) at eval.c:671
#40 0x00007f92ec354bcb in scm_primitive_load (filename=<optimized out>) at load.c:131
#41 0x00007f92ec3add1c in vm_regular_engine (thread=0x7f92eb99fd80) at vm-engine.c:972
#42 0x00007f92ec3af155 in scm_call_n (proc=<optimized out>,
argv=argv@entry=0x7ffec93cf438, nargs=nargs@entry=1) at vm.c:1600
#43 0x00007f92ec32d207 in scm_primitive_eval (exp=<optimized out>,
exp@entry=0x7f92e98c4fe0) at eval.c:671
#44 0x00007f92ec32d263 in scm_eval (exp=0x7f92e98c4fe0,
module_or_state=module_or_state@entry=0x7f92e98a7f00) at eval.c:705
#45 0x00007f92ec385080 in scm_shell (argc=834, argv=0x7ffec93cfa98) at script.c:357
#46 0x00007f92ec344c0d in invoke_main_func (body_data=0x7ffec93cf940) at init.c:308
#47 0x00007f92ec327e5a in c_body (d=0x7ffec93cf880) at continuations.c:430
#48 0x00007f92ec3add1c in vm_regular_engine (thread=0x7f92eb99fd80) at vm-engine.c:972
#49 0x00007f92ec3af155 in scm_call_n (proc=<optimized out>,
argv=argv@entry=0x7ffec93cf640, nargs=nargs@entry=2) at vm.c:1600
#50 0x00007f92ec32c09a in scm_call_2 (proc=<optimized out>, arg1=<optimized out>,
arg2=<optimized out>) at eval.c:503
#51 0x00007f92ec32d89a in scm_c_with_exception_handler (type=type@entry=0x404,
handler=handler@entry=0x7f92ec3a4580 <catch_post_unwind_handler>,
handler_data=handler_data@entry=0x7ffec93cf7b0,
thunk=thunk@entry=0x7f92ec3a46c0 <catch_body>,
thunk_data=thunk_data@entry=0x7ffec93cf7b0) at exceptions.c:170
#52 0x00007f92ec3a48bd in scm_c_catch (tag=tag@entry=0x404,
body=body@entry=0x7f92ec327e50 <c_body>, body_data=body_data@entry=0x7ffec93cf880,
handler=handler@entry=0x7f92ec3280f0 <c_handler>,
handler_data=handler_data@entry=0x7ffec93cf880,
pre_unwind_handler=pre_unwind_handler@entry=0x7f92ec327f50 <pre_unwind_handler>,
pre_unwind_handler_data=0x7f92e9c763c0) at throw.c:168
#53 0x00007f92ec328403 in scm_i_with_continuation_barrier (
body=body@entry=0x7f92ec327e50 <c_body>, body_data=body_data@entry=0x7ffec93cf880,
handler=handler@entry=0x7f92ec3280f0 <c_handler>,
handler_data=handler_data@entry=0x7ffec93cf880,
pre_unwind_handler=pre_unwind_handler@entry=0x7f92ec327f50 <pre_unwind_handler>,
pre_unwind_handler_data=0x7f92e9c763c0) at continuations.c:368
#54 0x00007f92ec328495 in scm_c_with_continuation_barrier (func=<optimized out>,
data=<optimized out>) at continuations.c:464
#55 0x00007f92ec3a335f in with_guile (base=base@entry=0x7ffec93cf8e8,
data=data@entry=0x7ffec93cf910) at threads.c:645
#56 0x00007f92ec289a68 in GC_call_with_stack_base (
fn=fn@entry=0x7f92ec3a3310 <with_guile>, arg=arg@entry=0x7ffec93cf910)
at misc.c:1941
#57 0x00007f92ec3a3678 in scm_i_with_guile (dynamic_state=<optimized out>,
data=data@entry=0x7ffec93cf910, func=func@entry=0x7f92ec344bf0 <invoke_main_func>)
at threads.c:688
#58 scm_with_guile (func=func@entry=0x7f92ec344bf0 <invoke_main_func>,
data=data@entry=0x7ffec93cf940) at threads.c:694
#59 0x00007f92ec344d82 in scm_boot_guile (argc=argc@entry=834,
argv=argv@entry=0x7ffec93cfa98, main_func=main_func@entry=0x401240 <inner_main>,
closure=closure@entry=0x0) at init.c:291
#60 0x0000000000401100 in main (argc=834, argv=0x7ffec93cfa98) at guile.c:95
(gdb) info threads
Id Target Id Frame
* 1 Thread 0x7f92ebcc3b80 (LWP 6259) GC_clear_fl_marks (q=<optimized out>) at alloc.c:880
2 Thread 0x7f92ea67b700 (LWP 6266) 0x00007f92ec257efc in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
3 Thread 0x7f92e79fd700 (LWP 6276) 0x00007f92ec25b344 in read () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
4 Thread 0x7f92e9623700 (LWP 6271) 0x00007f92ec25b344 in read () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
5 Thread 0x7f92eb00c700 (LWP 6265) 0x00007f92ec257efc in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
6 Thread 0x7f92eb99d700 (LWP 6264) 0x00007f92ec257efc in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0

Setting GUILE_JIT_THRESHOLD=-1, the thing goes further without
segfaulting, but then it hangs with:

Toggle snippet (11 lines)
[ 50%] LOAD guix/store/ssh.scm
[ 50%] LOAD guix/scripts/offload.scm
Backtrace:
[ 50%] LOAD guix/store/database.scm
[ 50%] LOAD guix/store/deduplication.scm
[ 50%] LOAD guix/store/roots.scm
[ 50%] LOAD guix/config.scm
[ 50%] LOAD guix/tests.scm
[ 50%] LOAD guix/tests/http.scm

Apparently a deadlock on ‘all_weak_tables_lock’:

Toggle snippet (41 lines)
(gdb) bt
#0 0x00007f9a51bc00bc in __lll_lock_wait () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
#1 0x00007f9a51bb9674 in pthread_mutex_lock () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
#2 0x00007f9a51d1624f in scm_c_make_weak_table (k=<optimized out>, kind=SCM_WEAK_TABLE_KIND_KEY) at weak-table.c:505
#3 0x00007f9a51d12d1c in vm_regular_engine (thread=0x7f9a51304d80) at vm-engine.c:972
#4 0x00007f9a51d14155 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7ffc439d27d8, nargs=nargs@entry=1) at vm.c:1600
#5 0x00007f9a51c92207 in scm_primitive_eval (exp=<optimized out>) at eval.c:671
#6 0x00007f9a51cb9bcb in scm_primitive_load (filename=<optimized out>) at load.c:131
#7 0x00007f9a51d12d1c in vm_regular_engine (thread=0x7f9a51304d80) at vm-engine.c:972
#8 0x00007f9a51d14155 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7ffc439d29a8, nargs=nargs@entry=1) at vm.c:1600
#9 0x00007f9a51c92207 in scm_primitive_eval (exp=<optimized out>, exp@entry=0x7f9a4f269fe0) at eval.c:671
#10 0x00007f9a51c92263 in scm_eval (exp=0x7f9a4f269fe0, module_or_state=module_or_state@entry=0x7f9a4f24cf00) at eval.c:705
#11 0x00007f9a51cea080 in scm_shell (argc=834, argv=0x7ffc439d3008) at script.c:357
#12 0x00007f9a51ca9c0d in invoke_main_func (body_data=0x7ffc439d2eb0) at init.c:308
#13 0x00007f9a51c8ce5a in c_body (d=0x7ffc439d2df0) at continuations.c:430
#14 0x00007f9a51d12d1c in vm_regular_engine (thread=0x7f9a51304d80) at vm-engine.c:972
#15 0x00007f9a51d14155 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7ffc439d2bb0, nargs=nargs@entry=2) at vm.c:1600
#16 0x00007f9a51c9109a in scm_call_2 (proc=<optimized out>, arg1=<optimized out>, arg2=<optimized out>) at eval.c:503
#17 0x00007f9a51c9289a in scm_c_with_exception_handler (type=type@entry=0x404, handler=handler@entry=0x7f9a51d09580 <catch_post_unwind_handler>, handler_data=handler_data@entry=0x7ffc439d2d20,
thunk=thunk@entry=0x7f9a51d096c0 <catch_body>, thunk_data=thunk_data@entry=0x7ffc439d2d20) at exceptions.c:170
#18 0x00007f9a51d098bd in scm_c_catch (tag=tag@entry=0x404, body=body@entry=0x7f9a51c8ce50 <c_body>, body_data=body_data@entry=0x7ffc439d2df0, handler=handler@entry=0x7f9a51c8d0f0 <c_handler>,
handler_data=handler_data@entry=0x7ffc439d2df0, pre_unwind_handler=pre_unwind_handler@entry=0x7f9a51c8cf50 <pre_unwind_handler>, pre_unwind_handler_data=0x7f9a4f5db3c0) at throw.c:168
#19 0x00007f9a51c8d403 in scm_i_with_continuation_barrier (body=body@entry=0x7f9a51c8ce50 <c_body>, body_data=body_data@entry=0x7ffc439d2df0, handler=handler@entry=0x7f9a51c8d0f0 <c_handler>,
handler_data=handler_data@entry=0x7ffc439d2df0, pre_unwind_handler=pre_unwind_handler@entry=0x7f9a51c8cf50 <pre_unwind_handler>, pre_unwind_handler_data=0x7f9a4f5db3c0) at continuations.c:368
#20 0x00007f9a51c8d495 in scm_c_with_continuation_barrier (func=<optimized out>, data=<optimized out>) at continuations.c:464
#21 0x00007f9a51d0835f in with_guile (base=base@entry=0x7ffc439d2e58, data=data@entry=0x7ffc439d2e80) at threads.c:645
#22 0x00007f9a51beea68 in GC_call_with_stack_base (fn=fn@entry=0x7f9a51d08310 <with_guile>, arg=arg@entry=0x7ffc439d2e80) at misc.c:1941
#23 0x00007f9a51d08678 in scm_i_with_guile (dynamic_state=<optimized out>, data=data@entry=0x7ffc439d2e80, func=func@entry=0x7f9a51ca9bf0 <invoke_main_func>) at threads.c:688
#24 scm_with_guile (func=func@entry=0x7f9a51ca9bf0 <invoke_main_func>, data=data@entry=0x7ffc439d2eb0) at threads.c:694
#25 0x00007f9a51ca9d82 in scm_boot_guile (argc=argc@entry=834, argv=argv@entry=0x7ffc439d3008, main_func=main_func@entry=0x401240 <inner_main>, closure=closure@entry=0x0) at init.c:291
#26 0x0000000000401100 in main (argc=834, argv=0x7ffc439d3008) at guile.c:95
(gdb) info threads
Id Target Id Frame
* 1 Thread 0x7f9a51628b80 (LWP 7003) "guile" 0x00007f9a51bc00bc in __lll_lock_wait () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
2 Thread 0x7f9a51302700 (LWP 7006) "guile" 0x00007f9a51bbcefc in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
3 Thread 0x7f9a50971700 (LWP 7007) "guile" 0x00007f9a51bbcefc in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
4 Thread 0x7f9a4ffe0700 (LWP 7008) "guile" 0x00007f9a51bbcefc in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
5 Thread 0x7f9a4f008700 (LWP 7009) "guile" 0x00007f9a51bbcefc in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
6 Thread 0x7f9a4d522700 (LWP 7010) "guile" 0x00007f9a51bc0344 in read () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0

To be continued…

Ludo’.
L
L
Ludovic Courtès wrote on 9 Mar 2020 09:20
control message for bug #39988
(address . control@debbugs.gnu.org)
87y2sa547t.fsf@gnu.org
severity 39988 important
quit
L
L
Ludovic Courtès wrote on 9 Mar 2020 10:11
Re: bug#39988: [3.0.1] Segfault in GC
87mu8p6gf4.fsf@gnu.org
Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (2 lines)
> Apparently a deadlock on ‘all_weak_tables_lock’:

I reproduced the deadlock:

Toggle snippet (196 lines)
(gdb) thread 1
[Switching to thread 1 (Thread 0x7faee3633b80 (LWP 5809))]
#0 0x00007faee3bcb0bc in __lll_lock_wait ()
from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
(gdb) bt
#0 0x00007faee3bcb0bc in __lll_lock_wait ()
from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
#1 0x00007faee3bc4674 in pthread_mutex_lock ()
from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
#2 0x00007faee3d22a2f in scm_c_make_weak_table (k=<optimized out>, kind=SCM_WEAK_TABLE_KIND_KEY)
at weak-table.c:505
#3 0x00007faee139814b in ?? ()
#4 0x00007faee330fd80 in ?? ()
#5 0x00007faee3d89860 in ?? ()
from /gnu/store/s5p2yja08zcg6j56y1wfvnm6nxiyllz1-guile-next-3.0.1/lib/libguile-3.0.so.1
#6 0x00007faee330fd80 in ?? ()
#7 0x00007faee3cc46eb in scm_jit_enter_mcode (thread=0x7faee330fd80,
mcode=0x7faedb2a87f0 "I\211\314I)\304I\203\374\020\017\217", <incomplete sequence \344>) at jit.c:5725
#8 0x00007faee3d1ff88 in vm_regular_engine (thread=0x7faed63eab30) at vm-engine.c:374
#9 0x00007faee3d20935 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7fff3f56ce98, nargs=nargs@entry=1)
at vm.c:1600
#10 0x00007faee3c9d1e7 in scm_primitive_eval (exp=<optimized out>) at eval.c:671
#11 0x00007faee3cc63ab in scm_primitive_load (filename=<optimized out>) at load.c:131
#12 0x00007faee3d1f4fc in vm_regular_engine (thread=0x7faee330fd80) at vm-engine.c:972
#13 0x00007faee3d20935 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7fff3f56d068, nargs=nargs@entry=1)
at vm.c:1600
#14 0x00007faee3c9d1e7 in scm_primitive_eval (exp=<optimized out>,
exp@entry=((@ (ice-9 control) %) (begin (set! %load-path (cons "." %load-path)) (set! %load-path (cons "." %load-path)) ((@@ (ice-9 command-line) load/lang) "./build-aux/compile-all.scm") (quit)))) at eval.c:671
#15 0x00007faee3c9d243 in scm_eval (
exp=((@ (ice-9 control) %) (begin (set! %load-path (cons "." %load-path)) (set! %load-path (cons "." %load-path)) ((@@ (ice-9 command-line) load/lang) "./build-aux/compile-all.scm") (quit))),
module_or_state=module_or_state@entry="#<struct module>" = {...}) at eval.c:705
#16 0x00007faee3cf6860 in scm_shell (argc=834, argv=0x7fff3f56d6c8) at script.c:357
#17 0x00007faee3cb4bed in invoke_main_func (body_data=0x7fff3f56d570) at init.c:308
#18 0x00007faee3c97e3a in c_body (d=0x7fff3f56d4b0) at continuations.c:430
#19 0x00007faee3d1f4fc in vm_regular_engine (thread=0x7faee330fd80) at vm-engine.c:972
#20 0x00007faee3d20935 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7fff3f56d270, nargs=nargs@entry=2)
at vm.c:1600
#21 0x00007faee3c9c07a in scm_call_2 (proc=<optimized out>, arg1=<optimized out>, arg2=<optimized out>)
at eval.c:503
#22 0x00007faee3c9d87a in scm_c_with_exception_handler (type=type@entry=#t,
handler=handler@entry=0x7faee3d15d60 <catch_post_unwind_handler>,
handler_data=handler_data@entry=0x7fff3f56d3e0, thunk=thunk@entry=0x7faee3d15ea0 <catch_body>,
thunk_data=thunk_data@entry=0x7fff3f56d3e0) at exceptions.c:170
#23 0x00007faee3d1609d in scm_c_catch (tag=tag@entry=#t, body=body@entry=0x7faee3c97e30 <c_body>,
body_data=body_data@entry=0x7fff3f56d4b0, handler=handler@entry=0x7faee3c980d0 <c_handler>,
handler_data=handler_data@entry=0x7fff3f56d4b0,
pre_unwind_handler=pre_unwind_handler@entry=0x7faee3c97f30 <pre_unwind_handler>,
pre_unwind_handler_data=0x7faee15e63c0) at throw.c:168
#24 0x00007faee3c983e3 in scm_i_with_continuation_barrier (body=body@entry=0x7faee3c97e30 <c_body>,
body_data=body_data@entry=0x7fff3f56d4b0, handler=handler@entry=0x7faee3c980d0 <c_handler>,
handler_data=handler_data@entry=0x7fff3f56d4b0,
pre_unwind_handler=pre_unwind_handler@entry=0x7faee3c97f30 <pre_unwind_handler>,
pre_unwind_handler_data=0x7faee15e63c0) at continuations.c:368
#25 0x00007faee3c98475 in scm_c_with_continuation_barrier (func=<optimized out>, data=<optimized out>)
at continuations.c:464
#26 0x00007faee3d14b3f in with_guile (base=base@entry=0x7fff3f56d518, data=data@entry=0x7fff3f56d540)
at threads.c:645
#27 0x00007faee3bf9a68 in GC_call_with_stack_base (fn=fn@entry=0x7faee3d14af0 <with_guile>,
arg=arg@entry=0x7fff3f56d540) at misc.c:1941
#28 0x00007faee3d14e58 in scm_i_with_guile (dynamic_state=<optimized out>, data=data@entry=0x7fff3f56d540,
func=func@entry=0x7faee3cb4bd0 <invoke_main_func>) at threads.c:688
#29 scm_with_guile (func=func@entry=0x7faee3cb4bd0 <invoke_main_func>, data=data@entry=0x7fff3f56d570)
at threads.c:694
#30 0x00007faee3cb4d62 in scm_boot_guile (argc=argc@entry=834, argv=argv@entry=0x7fff3f56d6c8,
main_func=main_func@entry=0x401240 <inner_main>, closure=closure@entry=0x0) at init.c:291
#31 0x0000000000401100 in main (argc=834, argv=0x7fff3f56d6c8) at guile.c:95
(gdb) thread 5
[Switching to thread 5 (Thread 0x7faee0f93700 (LWP 5815))]
#0 0x00007faee3bc7efc in pthread_cond_wait@@GLIBC_2.3.2 ()
from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
(gdb) bt
#0 0x00007faee3bc7efc in pthread_cond_wait@@GLIBC_2.3.2 ()
from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
#1 0x00007faee3d15355 in scm_pthread_cond_wait (cond=<optimized out>, mutex=<optimized out>) at threads.c:1605
#2 0x00007faee3d15523 in block_self (queue=((#<unmatched-tag 277>) #<unmatched-tag 277>),
mutex=mutex@entry=0x7faee1201f80, waittime=waittime@entry=0x0) at threads.c:312
#3 0x00007faee3d15657 in lock_mutex (current_thread=0x7faee330fb40, waittime=0x0, m=0x7faee1201f80,
kind=SCM_MUTEX_RECURSIVE) at threads.c:1021
#4 scm_timed_lock_mutex (mutex=#<unmatched-tag 10377>, timeout=<optimized out>) at threads.c:1085
#5 0x00007faee13a663f in ?? ()
#6 0x00007faee330fb40 in ?? ()
#7 0x00007faee3d89860 in ?? ()
from /gnu/store/s5p2yja08zcg6j56y1wfvnm6nxiyllz1-guile-next-3.0.1/lib/libguile-3.0.so.1
#8 0x00007faee330fb40 in ?? ()
#9 0x00007faee3cc46eb in scm_jit_enter_mcode (thread=0x7faee330fb40,
mcode=0x7faee1396410 "I\211\314I)\304I\203\374\020\017\214\272\002") at jit.c:5725
#10 0x00007faee3d1fc99 in vm_regular_engine (thread=0x7faee155ace8) at vm-engine.c:360
#11 0x00007faee3d20935 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7faee0f92090, nargs=nargs@entry=3)
at vm.c:1600
#12 0x00007faee3c9c09f in scm_call_3 (proc=<optimized out>, arg1=arg1@entry=(guile), arg2=<optimized out>,
arg3=arg3@entry=#f) at eval.c:510
#13 0x00007faee3ccbf2f in scm_maybe_resolve_module (name=name@entry=(guile)) at modules.c:195
#14 0x00007faee3cb8898 in resolve_module (name=(guile), public_p=<optimized out>) at intrinsics.c:317
#15 0x00007faee3d1ef94 in vm_regular_engine (thread=0x7faee330fb40) at vm-engine.c:1583
#16 0x00007faee3d20935 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7faee0f92278, nargs=nargs@entry=1)
at vm.c:1600
#17 0x00007faee3c9c058 in scm_call_1 (proc=<optimized out>, arg1=<optimized out>) at eval.c:496
#18 0x00007faee3d1f4fc in vm_regular_engine (thread=0x7faee330fb40) at vm-engine.c:972
#19 0x00007faee3d20935 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7faee0f92420, nargs=nargs@entry=4)
at vm.c:1600
#20 0x00007faee3c9c0d4 in scm_call_4 (proc=<optimized out>, arg1=arg1@entry="#<vector>" = {...},
arg2=arg2@entry=#<port #<port-type file 7faee159ab40> 7faee15e63c0>, arg3=arg3@entry=#:count,
arg4=arg4@entry=20) at eval.c:517
#21 0x00007faee3c8f5f9 in display_backtrace_body (a=<optimized out>) at backtrace.c:239
#22 0x00007faee3c9d87a in scm_c_with_exception_handler (type=type@entry=#t,
handler=handler@entry=0x7faee3d15d60 <catch_post_unwind_handler>,
handler_data=handler_data@entry=0x7faee0f925d0, thunk=thunk@entry=0x7faee3d15ea0 <catch_body>,
thunk_data=thunk_data@entry=0x7faee0f925d0) at exceptions.c:170
#23 0x00007faee3d1609d in scm_c_catch (tag=tag@entry=#t, body=body@entry=0x7faee3c8f4d0 <display_backtrace_body>,
body_data=body_data@entry=0x7faee0f92640, handler=handler@entry=0x7faee3c8f8b0 <error_during_backtrace>,
handler_data=handler_data@entry=0x7faee15e63c0, pre_unwind_handler=pre_unwind_handler@entry=0x0,
pre_unwind_handler_data=0x0) at throw.c:168
#24 0x00007faee3d160be in scm_internal_catch (tag=tag@entry=#t,
body=body@entry=0x7faee3c8f4d0 <display_backtrace_body>, body_data=body_data@entry=0x7faee0f92640,
handler=handler@entry=0x7faee3c8f8b0 <error_during_backtrace>, handler_data=handler_data@entry=0x7faee15e63c0)
at throw.c:177
#25 0x00007faee3c8f4c5 in scm_display_backtrace_with_highlights (stack=stack@entry="#<struct stack>" = {...},
port=port@entry=#<port #<port-type file 7faee159ab40> 7faee15e63c0>, first=first@entry=#f,
depth=depth@entry=#f, highlights=highlights@entry=()) at backtrace.c:277
#26 0x00007faee3c9801f in print_exception_and_backtrace (
args=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee11f7f50, tag=wrong-type-arg,
port=#<port #<port-type file 7faee159ab40> 7faee15e63c0>) at continuations.c:409
#27 pre_unwind_handler (error_port=0x7faee15e63c0, tag=wrong-type-arg,
args=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee11f7f50)
at continuations.c:453
#28 0x00007faee3d15e1b in catch_pre_unwind_handler (data=0x7faee0f92d80,
exn=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee11f7980) at throw.c:135
#29 0x00007faee3d1f4fc in vm_regular_engine (thread=0x7faee330fb40) at vm-engine.c:972
#30 0x00007faee3d20935 in scm_call_n (proc=proc@entry=#<unmatched-tag 10045>, argv=<optimized out>, nargs=5)
at vm.c:1600
#31 0x00007faee3c9c3d4 in scm_apply_0 (proc=#<unmatched-tag 10045>, args=()) at eval.c:603
#32 0x00007faee3c9d07d in scm_apply_1 (proc=<optimized out>, arg1=arg1@entry=wrong-type-arg,
args=args@entry=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee10d5610)
at eval.c:609
#33 0x00007faee3d16259 in scm_throw (key=key@entry=wrong-type-arg,
args=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee10d5610) at throw.c:262
#34 0x00007faee3d163a9 in scm_ithrow (key=key@entry=wrong-type-arg, args=<optimized out>,
no_return=no_return@entry=1) at throw.c:457
#35 0x00007faee3c9a585 in scm_error_scm (key=key@entry=wrong-type-arg, subr=<optimized out>,
message=message@entry="Wrong type argument in position ~A (expecting ~A): ~S",
args=args@entry=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee10d59a0,
data=data@entry=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee10d5ab0)
at error.c:90
#36 0x00007faee3c9a61f in scm_error (key=wrong-type-arg,
subr=subr@entry=0x7faee3d4bf60 <s_scm_weak_vector_ref> "weak-vector-ref",
message=message@entry=0x7faee3d3d490 "Wrong type argument in position ~A (expecting ~A): ~S",
args=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee10d59a0,
rest=rest@entry=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faee10d5ab0)
at error.c:62
#37 0x00007faee3c9a9e0 in scm_wrong_type_arg_msg (
subr=subr@entry=0x7faee3d4bf60 <s_scm_weak_vector_ref> "weak-vector-ref", pos=pos@entry=1,
bad_value=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faec8cc8980,
szMessage=szMessage@entry=0x7faee3d4bee0 "weak vector") at error.c:282
#38 0x00007faee3d23716 in scm_c_weak_vector_ref (wv=<optimized out>, k=k@entry=0) at weak-vector.c:193
#39 0x00007faee3d22838 in scm_i_weak_car (
pair=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7faec7c7d7e0) at weak-list.h:39
#40 scm_i_visit_weak_list (list_loc=0x7faee3d8a868 <all_weak_tables>, visit=<optimized out>) at weak-list.h:49
#41 vacuum_all_weak_tables () at weak-table.c:494
#42 0x00007faee3ca5f2e in async_gc_finalizer (ptr=0x7faee3312ea0, data=0x0) at finalizers.c:316
#43 0x00007faee3bf26ef in GC_invoke_finalizers () at finalize.c:1276
#44 0x00007faee3ca63c9 in scm_run_finalizers () at finalizers.c:398
#45 0x00007faee3ca643d in finalization_thread_proc (unused=<optimized out>) at finalizers.c:233
#46 0x00007faee3c97e3a in c_body (d=0x7faee0f92e50) at continuations.c:430
#47 0x00007faee3d1f4fc in vm_regular_engine (thread=0x7faee330fb40) at vm-engine.c:972
#48 0x00007faee3d20935 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7faee0f92c10, nargs=nargs@entry=2)
at vm.c:1600
#49 0x00007faee3c9c07a in scm_call_2 (proc=<optimized out>, arg1=<optimized out>, arg2=<optimized out>)
at eval.c:503
#50 0x00007faee3c9d87a in scm_c_with_exception_handler (type=type@entry=#t,
handler=handler@entry=0x7faee3d15d60 <catch_post_unwind_handler>,
handler_data=handler_data@entry=0x7faee0f92d80, thunk=thunk@entry=0x7faee3d15ea0 <catch_body>,
thunk_data=thunk_data@entry=0x7faee0f92d80) at exceptions.c:170
#51 0x00007faee3d1609d in scm_c_catch (tag=tag@entry=#t, body=body@entry=0x7faee3c97e30 <c_body>,
body_data=body_data@entry=0x7faee0f92e50, handler=handler@entry=0x7faee3c980d0 <c_handler>,
handler_data=handler_data@entry=0x7faee0f92e50,
pre_unwind_handler=pre_unwind_handler@entry=0x7faee3c97f30 <pre_unwind_handler>,
pre_unwind_handler_data=0x7faee15e63c0) at throw.c:168
#52 0x00007faee3c983e3 in scm_i_with_continuation_barrier (body=body@entry=0x7faee3c97e30 <c_body>,
body_data=body_data@entry=0x7faee0f92e50, handler=handler@entry=0x7faee3c980d0 <c_handler>,
handler_data=handler_data@entry=0x7faee0f92e50,
pre_unwind_handler=pre_unwind_handler@entry=0x7faee3c97f30 <pre_unwind_handler>,
pre_unwind_handler_data=0x7faee15e63c0) at continuations.c:368
#53 0x00007faee3c98475 in scm_c_with_continuation_barrier (func=<optimized out>, data=<optimized out>)
at continuations.c:464
#54 0x00007faee3d14b3f in with_guile (base=base@entry=0x7faee0f92eb8, data=data@entry=0x7faee0f92ee0)
at threads.c:645
#55 0x00007faee3bf9a68 in GC_call_with_stack_base (fn=fn@entry=0x7faee3d14af0 <with_guile>,
arg=arg@entry=0x7faee0f92ee0) at misc.c:1941
#56 0x00007faee3d14e58 in scm_i_with_guile (dynamic_state=<optimized out>, data=<optimized out>,
func=<optimized out>) at threads.c:688
#57 scm_with_guile (func=<optimized out>, data=<optimized out>) at threads.c:694
#58 0x00007faee3bc2015 in start_thread ()
from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libpthread.so.0
#59 0x00007faee372891f in clone () from /gnu/store/ahqgl4h89xqj695lgqvsaf6zh2nhy4pj-glibc-2.29/lib/libc.so.6

It stems from the bug described in

Ludo’.
L
L
Ludovic Courtès wrote on 10 Mar 2020 18:23
control message for bug #39266
(address . control@debbugs.gnu.org)
87k13st98e.fsf@gnu.org
merge 39266 39988
quit
L
L
Ludovic Courtès wrote on 11 Mar 2020 21:21
(address . control@debbugs.gnu.org)
87v9nafxr4.fsf@gnu.org
retitle 39266 Heap corruption leads to random crashes
quit
L
L
Ludovic Courtès wrote on 12 Mar 2020 16:59
(address . control@debbugs.gnu.org)
87eetxsgwj.fsf@gnu.org
merge 39266 36811
quit
L
L
Ludovic Courtès wrote on 12 Mar 2020 17:01
(address . control@debbugs.gnu.org)
878sk5sgt1.fsf@gnu.org
merge 39266 39208
quit
?
Your comment

This issue is archived.

To comment on this conversation send an email to 39988@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 39988
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch