bug#38912: 27.0.60; PDumper meets segmentation fault when evil is loaded

[Eli Zaretskii]

[Please use "Reply All" to reply, so that the bug address is kept on
the CC list.]

> From: NiwTinray <niwtrx@icloud.com>
> Date: Sun, 5 Jan 2020 13:25:07 +0800
> 
> > I cannot reproduce this from "emacs -Q" because 'use-package' is not a
> > known function.  Can you show a recipe starting from "emacs -Q",
> > please?
> 
> Here. I've attached a minimal script file that helps reproduce this bug.
> 
> (require 'package)
> (package-initialize)
> (add-to-list 'package-archives
>              '("melpa-stable" . "https://stable.melpa.org/packages/";) t)
> (unless (package-installed-p 'evil)
>   (package-refresh-contents)
>   (package-install 'evil))
> (require 'evil)
> (dump-emacs-portable "/tmp/test.pdmp")
> 
> The script downloads the package "evil" from Melpa stable, load the evil 
> package
> and dumps an image to /tmp/test.pdmp.
> 
> > Also, does this happen if you add -Q to the Emacs invocation after
> > dumping?  If not, there's more detail missing in your report: the
> > customizations in your init files.
> 
> 
> Sure. Please download this file, and run the command: 
> 
> emacs --batch -Q --script evil.el
> 
> To see the bug happen, load the test.pdmp file: 
> 
> emacs -Q --dump-file /tmp/test.pdmp
> 
> You should see a segmentation fault:
> 
> [1]    23369 segmentation fault (core dumped)  emacs -Q --dump-file 
> /tmp/test.pdmp
> 
> I run debugger inside src/.gdbinit using the command:
> 
> gdb -x .gdbinit --args ./emacs --dump-file /tmp/test.pdmp
> 
> And logged backtrace. See my second attachment: 
> 
> (base) omnisky :: ~/emacs/src ‹emacs-27*› » gdb -x .gdbinit --args ./emacs 
> --dump-file /tmp/test.pdmp
> GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
> Copyright (C) 2016 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from ./emacs...done.
> warning: File "/home/ntr/emacs/src/.gdbinit" auto-loading has been declined 
> by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
> To enable execution of this file add
>       add-auto-load-safe-path /home/ntr/emacs/src/.gdbinit
> line to your configuration file "/home/ntr/.gdbinit".
> To completely disable this security protection add
>       set auto-load safe-path /
> line to your configuration file "/home/ntr/.gdbinit".
> For more information about this security protection see the
> "Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
>       info "(gdb)Auto-loading safe path"
> SIGINT is used by the debugger.
> Are you sure you want to change it? (y or n) [answered Y; input not from 
> terminal]
> Environment variable "DISPLAY" not defined.
> TERM = xterm-24bits
> Breakpoint 1 at 0x411df0: file emacs.c, line 370.
> Breakpoint 2 at 0x4bfe60: file xterm.c, line 10130.
> (gdb) r
> Starting program: /home/ntr/emacs/src/emacs --dump-file /tmp/test.pdmp
> /home/ntr/emacs/src/emacs: /raid_sdc/home/ntr/anaconda3/lib/libtiff.so.5: no 
> version information available (required by /home/ntr/emacs/src/emacs)
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000004f12d0 in Fcurrent_active_maps (olp=olp@entry=XIL(0x30), 
> position=position@entry=XIL(0)) at keymap.c:1541
> 1541        && NILP (KVAR (current_kboard, Voverriding_terminal_local_map))
> (gdb) xbacktrace
> "key-binding" (0xffffd5c8)
> "turn-on-undo-tree-mode" (0xffffd758)
> "global-undo-tree-mode-enable-in-buffers" (0xffffd948)
> "run-hooks" (0xffffd9e8)
> "run-mode-hooks" (0xffffdbc0)
> "minibuffer-inactive-mode" (0xffffdd40)
> (gdb)

In my debug build of Emacs 27.0.60 I get an assertion violation while
dumping, which probably is already a sign of trouble.

Daniel, any ideas?

Here's the backtrace from the assertion violation, and some data
involved in the assertion:

  dumping fingerprint: 
79862409ba15bcbb091a8b1aa5b942cc3283f12f123a69372f5cfe59de047ba9

  pdumper.c:2684: Emacs fatal error: assertion failed: EQ (expected_value, 
found_value)

  Thread 1 hit Breakpoint 1, terminate_due_to_signal (sig=22,
      backtrace_limit=2147483647) at emacs.c:371
  371       signal (sig, SIG_DFL);
  (gdb) bt
  #0  terminate_due_to_signal (sig=22, backtrace_limit=2147483647)
      at emacs.c:371
  #1  0x01317f22 in die (
      msg=0x19bac5c <WEIGHT_STRONG+2544> "EQ (expected_value, found_value)",
      file=0x19ba210 <dump_magic+16> "pdumper.c", line=2684) at alloc.c:7246
  #2  0x01326817 in check_hash_table_rehash (table_orig=XIL(0xa000000006288090))
      at pdumper.c:2684
  #3  0x01326a6c in dump_hash_table (ctx=0x82d1f0,
      object=XIL(0xa000000006288090), offset=-4) at pdumper.c:2725
  #4  0x013279c5 in dump_vectorlike (ctx=0x82d1f0, lv=XIL(0xa000000006288090),
      offset=-4) at pdumper.c:2991
  #5  0x01327f92 in dump_object (ctx=0x82d1f0, object=XIL(0xa000000006288090))
      at pdumper.c:3127
  #6  0x0132ace3 in dump_drain_deferred_hash_tables (ctx=0x82d1f0)
      at pdumper.c:3977
  #7  0x0132b4ca in Fdump_emacs_portable (filename=XIL(0x8000000006d24008),
      track_referrers=XIL(0)) at pdumper.c:4148
  #8  0x013825de in eval_sub (form=XIL(0xc0000000067b2150)) at eval.c:2276
  #9  0x0137aec2 in Fprogn (body=XIL(0)) at eval.c:462
  #10 0x01382182 in eval_sub (form=XIL(0xc0000000067b2090)) at eval.c:2226
  #11 0x013819e8 in Feval (form=XIL(0xc0000000067b2090), lexical=XIL(0x30))
      at eval.c:2102
  #12 0x01384ecc in funcall_subr (subr=0x1960b00 <Seval>, numargs=2,
      args=0x82d978) at eval.c:2869
  #13 0x013848f9 in Ffuncall (nargs=3, args=0x82d970) at eval.c:2794
  #14 0x01427e37 in exec_byte_code (bytestr=XIL(0x800000000612e1e0),
      vector=XIL(0xa00000000612d0f8), maxdepth=make_fixnum(25),
      args_template=make_fixnum(257), nargs=1, args=0x82e378) at bytecode.c:633
  #15 0x01385a11 in funcall_lambda (fun=XIL(0xa00000000612d0c8), nargs=1,
      arg_vector=0x82e370) at eval.c:2989
  #16 0x01384953 in Ffuncall (nargs=2, args=0x82e368) at eval.c:2796
  #17 0x01427e37 in exec_byte_code (bytestr=XIL(0x8000000006131a80),
      vector=XIL(0xa00000000612e450), maxdepth=make_fixnum(14),
      args_template=make_fixnum(0), nargs=0, args=0x82efa8) at bytecode.c:633
  #18 0x01385a11 in funcall_lambda (fun=XIL(0xa00000000612e420), nargs=0,
      arg_vector=0x82efa8) at eval.c:2989
  #19 0x01384953 in Ffuncall (nargs=1, args=0x82efa0) at eval.c:2796
  #20 0x01427e37 in exec_byte_code (bytestr=XIL(0x8000000006132488),
      vector=XIL(0xa000000006131c20), maxdepth=make_fixnum(12),
      args_template=make_fixnum(0), nargs=0, args=0x82f680) at bytecode.c:633
  #21 0x01385a11 in funcall_lambda (fun=XIL(0xa000000006131bf0), nargs=0,
      arg_vector=0x82f680) at eval.c:2989
  #22 0x01385519 in apply_lambda (fun=XIL(0xa000000006131bf0), args=XIL(0),
      count=4) at eval.c:2926
  #23 0x01382b51 in eval_sub (form=XIL(0xc000000006278198)) at eval.c:2318
  #24 0x013819e8 in Feval (form=XIL(0xc000000006278198), lexical=XIL(0))
      at eval.c:2102
  #25 0x011df7a3 in top_level_2 () at keyboard.c:1100
  #26 0x0137f02d in internal_condition_case (bfun=0x11df76d <top_level_2>,
      handlers=XIL(0x90), hfun=0x11def2f <cmd_error>) at eval.c:1355
  #27 0x011df818 in top_level_1 (ignore=XIL(0)) at keyboard.c:1108
  #28 0x0137e1f8 in internal_catch (tag=XIL(0xdfe0),
      func=0x11df7a9 <top_level_1>, arg=XIL(0)) at eval.c:1116
  #29 0x011df679 in command_loop () at keyboard.c:1069
  #30 0x011de9b7 in recursive_edit_1 () at keyboard.c:714
  #31 0x011dec2d in Frecursive_edit () at keyboard.c:786
  #32 0x011d3547 in main (argc=4, argv=0xa42848) at emacs.c:2054

  Lisp Backtrace:
  "dump-emacs-portable" (0x82d468)
  "progn" (0x82d658)
  "eval" (0x82d978)
  "command-line-1" (0x82e370)
  "command-line" (0x82efa8)
  "normal-top-level" (0x82f680)
  (gdb) fr 5
  #5  0x01327f92 in dump_object (ctx=0x82d1f0, object=XIL(0xa000000006288090))
      at pdumper.c:3127
  3127          offset = dump_vectorlike (ctx, object, offset);
  (gdb) p object
  $1 = XIL(0xa000000006288090)
  (gdb) xtype
  Lisp_Vectorlike
  PVEC_HASH_TABLE
  (gdb) xhashtable
  $2 = (struct Lisp_Hash_Table *) 0x6288090
  (gdb) p *$
  $3 = {
    header = {
      size = 1291882500
    },
    weak = XIL(0),
    hash = XIL(0xa0000000068192c0),
    next = XIL(0xa0000000068194d0),
    index = XIL(0xa0000000068196e0),
    count = 13,
    next_free = 13,
    purecopy = false,
    mutable = true,
    rehash_threshold = 0.8125,
    rehash_size = 0.5,
    key_and_value = XIL(0xa000000005fbe6f8),
    test = {
      name = XIL(0x5610),
      user_hash_function = XIL(0),
      user_cmp_function = XIL(0),
      cmpfn = 0x13a7ffe <cmpfn_equal>,
      hashfn = 0x13a8107 <hashfn_equal>
    },
    next_weak = 0x0
  }
  (gdb) p $2->key_and_value
  $4 = XIL(0xa000000005fbe6f8)
  (gdb) xtype
  Lisp_Vectorlike
  PVEC_NORMAL_VECTOR
  (gdb) xvector
  $5 = (struct Lisp_Vector *) 0x5fbe6f8
  0
  (gdb) p $2->test.name
  $6 = XIL(0x5610)
  (gdb) xtype
  Lisp_Symbol
  (gdb) xsymbol
  $7 = (struct Lisp_Symbol *) 0x1bc74d0 <lispsym+22032>
  "equal"
  (gdb) p expected_value
  $8 = XIL(0xa000000006a527d8)
  (gdb) xtype
  Lisp_Vectorlike
  PVEC_COMPILED
  (gdb) xcompiled
  $9 = (struct Lisp_Vector *) 0x6a527d8
  {make_fixnum(771), XIL(0x8000000006ab8250), XIL(0xa000000006a36558),
    make_fixnum(13), XIL(0x8000000006ab81c0)}
  (gdb) p found_value
  $10 = XIL(0xa000000006c2fc00)
  (gdb) xtype
  Lisp_Vectorlike
  PVEC_COMPILED
  (gdb) xcompiled
  $11 = (struct Lisp_Vector *) 0x6c2fc00
  {make_fixnum(771), XIL(0x80000000069d21b0), XIL(0xa000000006c2fba0),
    make_fixnum(13), XIL(0x8000000006a412b0)}
  (gdb)