Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1303323
| Summary: | tcsh: interposed malloc is not ABI-compliant due to lack of alignment | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Joachim Frieben <jfrieben> | ||||||||||||||||||||||||||||
| Component: | tcsh | Assignee: | David Kaspar // Dee'Kej <deekej> | ||||||||||||||||||||||||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||||||||||||||||||
| Severity: | urgent | Docs Contact: | |||||||||||||||||||||||||||||
| Priority: | high | ||||||||||||||||||||||||||||||
| Version: | 24 | CC: | arjun.is, codonell, deekej, dj, fpokorny, fweimer, goeran, herrold, jakub, jared, jchaloup, kdudka, kevin.paetzold, law, marc.c.dionne, mfabian, nalin, ovasik, pfrankli, praiskup, releng, rkollar, siddhesh, yselkowi | ||||||||||||||||||||||||||||
| Target Milestone: | --- | Keywords: | Patch | ||||||||||||||||||||||||||||
| Target Release: | --- | ||||||||||||||||||||||||||||||
| Hardware: | x86_64 | ||||||||||||||||||||||||||||||
| OS: | Linux | ||||||||||||||||||||||||||||||
| URL: | https://retrace.fedoraproject.org/faf/reports/bthash/80466500043e2a67ec01fd560d3941c0635eebb3 | ||||||||||||||||||||||||||||||
| Whiteboard: | abrt_hash:21d2ae42a8b0d74075df03753046e74e359f85f0;VARIANT_ID=workstation; | ||||||||||||||||||||||||||||||
| Fixed In Version: | tcsh-6.19.00-7.fc24 | Doc Type: | Bug Fix | ||||||||||||||||||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||||||||||||||||||
| Clone Of: | Environment: | ||||||||||||||||||||||||||||||
| Last Closed: | 2016-05-12 01:31:21 UTC | Type: | --- | ||||||||||||||||||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||||||||||||||||||
| Documentation: | --- | CRM: | |||||||||||||||||||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||||||||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||||||||||||||
| Embargoed: | |||||||||||||||||||||||||||||||
| Bug Depends On: | |||||||||||||||||||||||||||||||
| Bug Blocks: | 1305208, 1315713 | ||||||||||||||||||||||||||||||
| Attachments: |
|
||||||||||||||||||||||||||||||
|
Description
Joachim Frieben
2016-01-30 19:24:46 UTC
Created attachment 1119658 [details]
File: backtrace
Created attachment 1119659 [details]
File: cgroup
Created attachment 1119660 [details]
File: core_backtrace
Created attachment 1119661 [details]
File: dso_list
Created attachment 1119662 [details]
File: environ
Created attachment 1119663 [details]
File: exploitable
Created attachment 1119664 [details]
File: limits
Created attachment 1119665 [details]
File: maps
Created attachment 1119666 [details]
File: mountinfo
Created attachment 1119667 [details]
File: open_fds
Created attachment 1119668 [details]
File: proc_pid_status
Created attachment 1119669 [details]
File: var_log_messages
The crash occurs every time when the tab key triggering file-name completion is pressed. In case it helps, I started seeing this after updating to glibc-2.22.90-31.fc24. After backing down to 2.22.90-29.fc24, new shells didn't exhibit the problem. This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase * Thu Jan 28 2016 Florian Weimer <fweimer redhat com> - 2.22.90-31 - Add workaround for GCC PR69537. GCC PR69537 was fixed back in gcc-6.0.0-0.7.fc24. Please drop your patch: it is not necessary any longer and breaks the C-Shell by causing a SIGSEV when using file-name completion, thanks! This is a stack misalignment issue, now observable because glibc was recompiled with a different GCC version. I have not fully isolated the cause yet. (In reply to Florian Weimer from comment #17) I see: the switch to GCC6 happened just around that date (Thu Jan 28 2016). It seems that tcsh-6.19.00-5.fc24 later failed the mass rebuild for Fedora 24 which means that tcsh-6.19.00-4.fc24 currently delivered is still the package built with gcc-5.3.1-3.fc24. How about fixing that one? I have to take that back. tcsh interposes its own malloc, but this implementation doesn't follow the x86_64 psABI. It returns pointers which are not aligned to 16 bytes:
Breakpoint 1, malloc (nbytes=256) at tc.alloc.c:177
177 {
(gdb) finish
Run till exit from #0 malloc (nbytes=256) at tc.alloc.c:177
0x00005555555a0729 in Strbuf_store1 (buf=0x7fffffffd630, c=0 L'\000') at tc.str.c:699
699 DO_STRBUF(Strbuf, Char, Strlen);
Value returned is $1 = (void *) 0x555555876008
Please remove this malloc implementation.
*** Bug 1308177 has been marked as a duplicate of this bug. *** Created attachment 1133876 [details] Fix detection of system malloc (#1303323, #1308177) (In reply to Florian Weimer from comment #19) > I have to take that back. tcsh interposes its own malloc, but this > implementation doesn't follow the x86_64 psABI. Thanks for tracking this down. The builtin malloc is intended for systems without their own, and shouldn't be used with glibc, per the following in config_f.h: However, nothing at this point defines __GLIBC__, as it is not a compiler built-in but rather an ordinary define in <features.h>. Patch attached. (In reply to Yaakov Selkowitz from comment #21) > Thanks for tracking this down. The builtin malloc is intended for > systems without their own, and shouldn't be used with glibc, per the > following in config_f.h: #if defined(__MACHTEN__) || defined(PURIFY) || defined(MALLOC_TRACE) || #defined(_OSD_POSIX) || defined(__MVS__) || defined (__CYGWIN__) || #defined(__GLIBC__) || defined(__OpenBSD__) || defined(__APPLE__) # define SYSMALLOC #else # undef SYSMALLOC #endif (Unfortunately git-bz can't tell the difference between a bash comment and a quoted preprocessor directive. :-) FTR, there used to be (or still is) a glibc issue with ASRL, that is why we use SYSMALLOC in el6 now. (In reply to Pavel Raiskup from comment #23) > FTR, there used to be (or still is) a glibc issue with ASRL, that is why we > use SYSMALLOC in el6 now. This doesn't look like a glibc issue. It looks like a kernel VA layout issue, which none of userspace has any control over and needs to be fixed in the kernel. (In reply to Carlos O'Donell from comment #24) > (In reply to Pavel Raiskup from comment #23) > > FTR, there used to be (or still is) a glibc issue with ASRL, that is why we > > use SYSMALLOC in el6 now. > > This doesn't look like a glibc issue. It looks like a kernel VA layout > issue, which none of userspace has any control over and needs to be fixed in > the kernel. If you have any problems with glibc's allocator please file a ticket and we'll be more than happy to investigate. On the glibc team, DJ Delorie has been working on a project to enhance malloc (we have a thread-local cache added now to get performance up to the levels tcmalloc and jemalloc have) and any input on requirements would really help us now. The OP has reported this issue upstream (thanks!) and my patch is now upstream: https://github.com/tcsh-org/tcsh/commit/b2c7dbcf2b32ad5ad6dec5575fb630180677555a *** Bug 1321141 has been marked as a duplicate of this bug. *** Any timeline for getting a fix for this pushed out? As things stand tcsh is basically unusable as an interactive shell in fedora 24. The commit referenced in comment 26 does fix the issue for me, as did changing ROUNDUP to 15 in the builtin allocator to force 16 byte alignment. Hello, I'm currently doing a cleanup of the 'tcsh' package for Fedora 24. Unfortunately, the new package won't be avaiable for beta in time, but I'm dedicating most of my time for it to make it in F24, with some additional important fixes. I am sorry for the inconvenience. Best regards, Dee'Kej (In reply to David Kaspar [Dee'Kej] from comment #29) A preliminary build fixing this crasher bug would be very helpful; less important modifications can be implemented in future builds .. Did someone make a build yet? Seems a simple fix, I guess I should rebuild with the patch? Here's the build for rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=13904702 I will get it into F24 today. tcsh-6.19.00-7.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-2417b6677a tcsh-6.19.00-7.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2417b6677a tcsh-6.19.00-7.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. |