Skip Menu |
Report information
Id: 127774
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: mauke- <l.mai [at] web.de>
Cc:
AdminCc:

Operating System: Linux
PatchStatus: (no value)
Severity: low
Type:
Perl Version: 5.22.1
Fixed In: 5.24.0



To: perlbug [...] perl.org
Subject: segfault in caller()
From: l.mai [...] web.de
Date: Thu, 24 Mar 2016 01:24:45 +0100
Download (untitled) / with headers
text/plain 3.6k
This is a bug report for perl from l.mai@web.de, generated with the help of perlbug 1.40 running under perl 5.22.1. ----------------------------------------------------------------- [Please describe your issue here] $ perl -e 'END { caller 1 } eval("sub { die }")->()' Died at (eval 1) line 1. Segmentation fault (core dumped) A threaded/debugging 5.22.1 segfaults at pp_ctl.c:1797: assert(CopSTASH(cx->blk_oldcop)); because oldcop is NULL. This seems to be fixed in blead (probably due to the context stack overhaul?). If I used bisect.pl right, the crash was introduced with commit 515abc43ad7e359e9f2f1fedb73378c13fd16348 (Set PL_curcop to NULL in op.c:S_cop_free) between 5.18 and 5.20. ("Introduced" is probably wrong; more like "exposed".) It seems to consistently crash 5.20 and 5.22. ... Taking a closer look, it also crashes 5.16.3 (with threads) and 5.8.9. 5.10.1, 5.12.5, 5.14.4, 5.18.2, and 5.16.3 (debugging, no threads) seem to be OK. [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=core severity=low --- Site configuration information for perl 5.22.1: Configured by mauke at Tue Dec 29 15:36:05 CET 2015. Summary of my perl5 (revision 5 version 22 subversion 1) configuration: Platform: osname=linux, osvers=4.2.5-1-arch, archname=i686-linux uname='linux simplicio 4.2.5-1-arch #1 smp preempt tue oct 27 08:28:41 cet 2015 i686 gnulinux ' config_args='' hint=recommended, useposix=true, d_sigaction=define useithreads=undef, usemultiplicity=undef use64bitint=undef, use64bitall=undef, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O2', cppflags='-fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' ccversion='', gccversion='5.3.0', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234, doublekind=3 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12, longdblkind=3 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='cc', ldflags =' -fstack-protector-strong -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/gcc/i686-pc-linux-gnu/5.3.0/include-fixed /usr/lib /lib libs=-lpthread -lnsl -lnm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat perllibs=-lpthread -lnsl -lnm -ldl -lm -lcrypt -lutil -lc libc=libc-2.22.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.22' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector-strong' --- @INC for perl 5.22.1: /home/mauke/usr/lib/perl5/site_perl/5.22.1/i686-linux /home/mauke/usr/lib/perl5/site_perl/5.22.1 /home/mauke/usr/lib/perl5/5.22.1/i686-linux /home/mauke/usr/lib/perl5/5.22.1 . --- Environment for perl 5.22.1: HOME=/home/mauke LANG=en_US.UTF-8 LANGUAGE=en_US LC_COLLATE=C LC_MONETARY=de_DE.UTF-8 LC_TIME=de_DE.UTF-8 LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/mauke/perl5/perlbrew/bin:/home/mauke/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl PERLBREW_BASHRC_VERSION=0.73 PERLBREW_HOME=/home/mauke/.perlbrew PERLBREW_ROOT=/home/mauke/perl5/perlbrew PERL_BADLANG (unset) PERL_UNICODE=SAL SHELL=/bin/bash
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 660b
On Wed Mar 23 17:25:11 2016, mauke- wrote: Show quoted text
> > This is a bug report for perl from l.mai@web.de, > generated with the help of perlbug 1.40 running under perl 5.22.1. > > > ----------------------------------------------------------------- > [Please describe your issue here] > > $ perl -e 'END { caller 1 } eval("sub { die }")->()' > Died at (eval 1) line 1. > Segmentation fault (core dumped) > > A threaded/debugging 5.22.1 segfaults at pp_ctl.c:1797: > assert(CopSTASH(cx->blk_oldcop)); > because oldcop is NULL. >
Segfaults in plain vanilla 5.22.0 as well (no threads, no debugging). Same error output as above. -- James E Keenan (jkeenan@cpan.org)
RT-Send-CC: perl5-porters [...] perl.org
On Wed Mar 23 17:25:11 2016, mauke- wrote: Show quoted text
> > This is a bug report for perl from l.mai@web.de, > generated with the help of perlbug 1.40 running under perl 5.22.1. > > > ----------------------------------------------------------------- > [Please describe your issue here] > > $ perl -e 'END { caller 1 } eval("sub { die }")->()' > Died at (eval 1) line 1. > Segmentation fault (core dumped) > > A threaded/debugging 5.22.1 segfaults at pp_ctl.c:1797: > assert(CopSTASH(cx->blk_oldcop)); > because oldcop is NULL. > > This seems to be fixed in blead (probably due to the context stack > overhaul?). >
Confirmed that blead looks okay on non-threaded, non-debugging builds. ##### $ ./perl -v | head -2 | tail -1 This is perl 5, version 23, subversion 10 (v5.23.10 (v5.23.9-14-g2ebde1c)) built for x86_64-linux $ ./perl -e 'END { caller 1 } eval("sub { die }")->()' Died at (eval 1) line 1. ##### Show quoted text
> If I used bisect.pl right, the crash was introduced with commit > 515abc43ad7e359e9f2f1fedb73378c13fd16348 (Set PL_curcop to NULL in > op.c:S_cop_free) between 5.18 and 5.20. ("Introduced" is probably > wrong; more > like "exposed".) > > It seems to consistently crash 5.20 and 5.22. >
Ditto for me (unthreaded, non-debugging) Show quoted text
> [Please do not change anything below this line] > ----------------------------------------------------------------- > --- > Flags: > category=core > severity=low > --- > Site configuration information for perl 5.22.1: > > Configured by mauke at Tue Dec 29 15:36:05 CET 2015. > > Summary of my perl5 (revision 5 version 22 subversion 1) > configuration: > > Platform: > osname=linux, osvers=4.2.5-1-arch, archname=i686-linux > uname='linux simplicio 4.2.5-1-arch #1 smp preempt tue oct 27 > 08:28:41 cet 2015 i686 gnulinux ' > config_args='' > hint=recommended, useposix=true, d_sigaction=define > useithreads=undef, usemultiplicity=undef > use64bitint=undef, use64bitall=undef, uselongdouble=undef > usemymalloc=n, bincompat5005=undef > Compiler: > cc='cc', ccflags ='-fwrapv -fno-strict-aliasing -pipe -fstack- > protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64', > optimize='-O2', > cppflags='-fwrapv -fno-strict-aliasing -pipe -fstack-protector- > strong -I/usr/local/include' > ccversion='', gccversion='5.3.0', gccosandvers='' > intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234, > doublekind=3 > d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12, > longdblkind=3 > ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', > lseeksize=8 > alignbytes=4, prototype=define > Linker and Libraries: > ld='cc', ldflags =' -fstack-protector-strong -L/usr/local/lib' > libpth=/usr/local/lib /usr/lib/gcc/i686-pc-linux-gnu/5.3.0/include- > fixed /usr/lib /lib > libs=-lpthread -lnsl -lnm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc > -lgdbm_compat > perllibs=-lpthread -lnsl -lnm -ldl -lm -lcrypt -lutil -lc > libc=libc-2.22.so, so=so, useshrplib=false, libperl=libperl.a > gnulibc_version='2.22' > Dynamic Linking: > dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' > cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack- > protector-strong' > > > --- > @INC for perl 5.22.1: > /home/mauke/usr/lib/perl5/site_perl/5.22.1/i686-linux > /home/mauke/usr/lib/perl5/site_perl/5.22.1 > /home/mauke/usr/lib/perl5/5.22.1/i686-linux > /home/mauke/usr/lib/perl5/5.22.1 > . > > --- > Environment for perl 5.22.1: > HOME=/home/mauke > LANG=en_US.UTF-8 > LANGUAGE=en_US > LC_COLLATE=C > LC_MONETARY=de_DE.UTF-8 > LC_TIME=de_DE.UTF-8 > LD_LIBRARY_PATH (unset) > LOGDIR (unset) > PATH=/home/mauke/perl5/perlbrew/bin:/home/mauke/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl > PERLBREW_BASHRC_VERSION=0.73 > PERLBREW_HOME=/home/mauke/.perlbrew > PERLBREW_ROOT=/home/mauke/perl5/perlbrew > PERL_BADLANG (unset) > PERL_UNICODE=SAL > SHELL=/bin/bash
-- James E Keenan (jkeenan@cpan.org)
Subject: Re: [perl #127774] segfault in caller()
To: perl5-porters [...] perl.org
From: Dave Mitchell <davem [...] iabyn.com>
Date: Thu, 24 Mar 2016 13:04:52 +0000
Download (untitled) / with headers
text/plain 687b
On Wed, Mar 23, 2016 at 05:25:11PM -0700, l.mai@web.de wrote: Show quoted text
> This seems to be fixed in blead (probably due to the context stack overhaul?).
Well it bisects to this, but it's not immediately obvious to me why that fixed it: commit b042e3289b4fb004aeb597fff6026d9df30aee80 Author: David Mitchell <davem@iabyn.com> Date: Thu Oct 15 11:34:41 2015 +0100 do PL_tmps_floor restore in POPBLOCK Currently every individual POPFOO type does PL_tmps_floor = cx->cx_u.cx_blk.blku_old_tmpsfloor as its last action. Move all these into POPBLOCK instead, which always immediately follows the POPFOO. -- My get-up-and-go just got up and went.
To: perl5-porters [...] perl.org
From: Dave Mitchell <davem [...] iabyn.com>
Subject: Re: [perl #127774] segfault in caller()
Date: Fri, 17 Jun 2016 12:06:44 +0100
Download (untitled) / with headers
text/plain 1.7k
On Thu, Mar 24, 2016 at 01:04:52PM +0000, Dave Mitchell wrote: Show quoted text
> On Wed, Mar 23, 2016 at 05:25:11PM -0700, l.mai@web.de wrote:
> > This seems to be fixed in blead (probably due to the context stack overhaul?).
> > Well it bisects to this, but it's not immediately obvious to me why that > fixed it: > > commit b042e3289b4fb004aeb597fff6026d9df30aee80 > Author: David Mitchell <davem@iabyn.com> > Date: Thu Oct 15 11:34:41 2015 +0100 > > do PL_tmps_floor restore in POPBLOCK > > Currently every individual POPFOO type does > > PL_tmps_floor = cx->cx_u.cx_blk.blku_old_tmpsfloor > > as its last action. > > Move all these into POPBLOCK instead, which always immediately follows > the POPFOO.
Having now looked this in more depth, that commit fixed it by a chance side-effect; however this later commit in the context stack overhaul work properly fixed it: commit fc6e609e613c36ececcd37d4c7f023be35a36578 Author: David Mitchell <davem@iabyn.com> AuthorDate: Thu Dec 24 19:44:05 2015 +0000 dounwind(): do a POPBLOCK for final cx frame. The issue was that when code dies without being trapped by an eval, all savestack and context stack frames are popped, but the saved variables in the context stack (PL_curpm, PL_tmps_floor etc) weren't necessarily getting restored (or restored at the right time). This meant that in this: END { caller 1 } eval("sub { die }")->() the temporary anon sub was getting freed while PL_curcop still pointed at the OP_NEXTSTATE within the sub. When freeing the optree associated with the sub, it sets PL_curcop to NULL if points to an op that's about to be freed. Later, caller() is called and it expects PL_curcop to be non-null. -- Monto Blanco... scorchio!


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org