tcsh crashed with SIGSEGV in __GI___rewinddir()

StacktraceTop:
 __GI___rewinddir (dirp=dirp@entry=0xc43008) at ../sysdeps/posix/rewinddir.c:34
 tw_file_start (dfd=dfd@entry=0xc43008, pat=pat@entry=0x662c58 <STRNULL> L"") at tw.init.c:737
 tw_collect (command=command@entry=RECOGNIZE, looking=looking@entry=4, exp_dir=exp_dir@entry=0x7ffe6714faf0, exp_name=exp_name@entry=0x7ffe6714fb30, target=0xc27188 L"", pat=pat@entry=0x662c58 <STRNULL> L"", flags=64, dir_fd=0xc43008) at tw.parse.c:1360
 t_search (word=word@entry=0x7ffe6714fc40, command=command@entry=RECOGNIZE, looking=4, looking@entry=4095, list_max=list_max@entry=1, pat=0x662c58 <STRNULL> L"", suf=0) at tw.parse.c:1775
 tenematch (inputline=<optimized out>, num_read=num_read@entry=0, command=command@entry=RECOGNIZE) at tw.parse.c:304

Status changed to 'Confirmed' because the bug affects multiple users.

I tested in Lubuntu current daily live i386 and amd64. Only the amd64 version is affected by this bug.

Workaround until 16.10's tcsh is rebuilt with the sysmalloc fix: build your own fixed AMD64 .deb:

a) Pull the Fedora Rawhide src rpm from
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/src/t/tcsh-6.19.00-15.fc26.src.html
wget ftp://fr2.rpmfind.net/linux/fedora/linux/development/rawhide/Everything/source/tree/Packages/t/tcsh-6.19.00-15.fc26.src.rpm

b) extract the contents of the src rpm:
rpm2cpio tcsh-6.19.00-15.fc26.src.rpm > a1.cpio
mkdir t ; cd t
cpio -dmiv < ../a1.cpio
cd ..

c) Pull the current Ubuntu yakkety 16.10 beta tcsh source from packages.ubuntu.com
wget http://archive.ubuntu.com/ubuntu/pool/universe/t/tcsh/tcsh_6.18.01-5.dsc http://archive.ubuntu.com/ubuntu/pool/universe/t/tcsh/tcsh_6.18.01.orig.tar.gz http://archive.ubuntu.com/ubuntu/pool/universe/t/tcsh/tcsh_6.18.01-5.diff.gz

d) Rebuild tcsh with patches from Fedora
mkdir t2 ; cd t2
dpkg-source -x ../tcsh_6.18.01-5.dsc
cd tcsh-6.18.01/
patch -p1 < ../../t/tcsh-6.19.00-024-use-sysmalloc.patch
patch -p1 < ../../t/tcsh-6.19.00-014-do-not-use-union-wait.patch
dpkg-buildpackage -rfakeroot -uc -b
cd ..
sudo dpkg -i tcsh_6.18.01-5_amd64.deb

Works for me, no more tcsh crashes when pressing TAB.

Note that I had to apply the do-not-use-union-wait patch as well. Without it, I can't get the current Ubuntu 16.10 tcsh source to build on 16.10 at all, which is odd. Is the AMD64 .deb on the ubuntu servers not built on 16.10, or is there some other explanation for why it doesn't experience the "sh.proc.c:155:16: error: storage size of ‘w’ isn’t known" that results without do-not-use-union-wait.patch?

Dan

Re #8:

During

 dpkg-buildpackage -rfakeroot -uc -b

I get

gcc -c -g -O2 -fdebug-prefix-map=/home/lucier/programs/t2/tcsh-6.18.01=. -fstack-protector-strong -Wformat -Werror=format-security -D_FILE_OFFSET_BITS=64 -I. -I. -D_PATH_TCSHELL='"/usr/bin/tcsh"' -Wdate-time -D_FORTIFY_SOURCE=2 sh.proc.c
In file included from /usr/include/signal.h:28:0,
                 from sh.h:39,
                 from sh.proc.c:33:
/usr/include/features.h:148:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
 # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
   ^~~~~~~
sh.proc.c: In function 'pchild':
sh.proc.c:155:16: error: storage size of 'w' isn't known
     union wait w;
                ^
Makefile:465: recipe for target 'sh.proc.o' failed
make[2]: *** [sh.proc.o] Error 1
make[2]: Leaving directory '/home/lucier/programs/t2/tcsh-6.18.01'
debian/rules:22: recipe for target 'override_dh_auto_build' failed
make[1]: *** [override_dh_auto_build] Error 2
make[1]: Leaving directory '/home/lucier/programs/t2/tcsh-6.18.01'
debian/rules:12: recipe for target 'build' failed
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2

Suggestions?

Brad

Ah, I just read the rest of the comment.

I guess I didn't manage to download the patches while I thought I was following your instructions, sorry.

Brad

No worries, hope it works for you.

Dan

On Thu, Oct 20, 2016 at 2:18 PM, <email address hidden> <
<email address hidden>> wrote:

> Ah, I just read the rest of the comment.
>
> I guess I didn't manage to download the patches while I thought I was
> following your instructions, sorry.
>
> Brad
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1618803
>
> Title:
> tcsh crashed with SIGSEGV in __GI___rewinddir()
>
> Status in tcsh:
> Unknown
> Status in tcsh package in Ubuntu:
> Confirmed
>
> Bug description:
> After upgrading to 16.10, hitting "tab" crashes tcsh.
>
> ProblemType: Crash
> DistroRelease: Ubuntu 16.10
> Package: tcsh 6.18.01-5
> ProcVersionSignature: Ubuntu 4.4.0-9136.55-generic 4.4.16
> Uname: Linux 4.4.0-9136-generic x86_64
> NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia
> ApportVersion: 2.20.3-0ubuntu7
> Architecture: amd64
> CurrentDesktop: Unity
> Date: Wed Aug 31 11:45:01 2016
> Dependencies:
> gcc-6-base 6.2.0-1ubuntu12
> libc6 2.24-0ubuntu1
> libgcc1 1:6.2.0-1ubuntu12
> libtinfo5 6.0+20160625-1ubuntu1
> ExecutablePath: /usr/bin/tcsh
> InstallationDate: Installed on 2013-11-28 (1006 days ago)
> InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64
> (20131016.1)
> ProcCmdline: -usr/bin/tcsh
> Signal: 11
> SourcePackage: tcsh
> StacktraceTop:
> __GI___rewinddir (dirp=0xc43008) at ../sysdeps/posix/rewinddir.c:34
> ?? ()
> ?? ()
> ?? ()
> ?? ()
> Title: tcsh crashed with SIGSEGV in __GI___rewinddir()
> UpgradeStatus: Upgraded to yakkety on 2016-08-31 (0 days ago)
> UserGroups: adm cdrom dip disk kismet lp lpadmin plugdev sambashare
> saned scanner sudo vboxusers video
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/tcsh/+bug/1618803/+subscriptions
>

Thank you, your instructions worked for me.

But good grief, shipping a shell that crashes when using <tab> for argument completion ... I guess, because I use tcsh (obviously), I'd say the importance is high!

Brad

Last time I checked it wasn't fixed in Debian either, otherwise we could have asked to update the Ubuntu package. As far as I know it is fixed in the development version of Fedora.

Apologies for comment #13. Just replying to what at first glance seemed to be a private email thread, since it showed up as being from "<email address hidden>". Didn't intend that blunt a wording in a public forum.

Status changed to 'Confirmed' because the bug affects multiple users.

I've uploaded this to the SRU queue for yakkety, while the test case is rather obvious it would be helpful if someone were to update the description per the SRU process. Thanks in advance!

http://wiki.ubuntu.com/StableReleaseUpdates

This bug was fixed in the package tcsh - 6.18.01-5ubuntu1

---------------
tcsh (6.18.01-5ubuntu1) zesty; urgency=medium

  * Add debian/patches/014-do-not-use-union-wait.patch to fix FTBFS
    and 024-use-sysmalloc.patch to resolve crash when using tab.
    (LP: #1618803)

 -- Brian Murray <email address hidden> Wed, 26 Oct 2016 15:21:59 -0700

Another way to reproduce the crash, easier to automate without having to deal with ptys:

    /bin/tcsh -c "ls-F"

I tried #19 in a bash shell and I didn't get a crash, it just worked.

#19 does crash for me, both in bash and tcsh:

arcturus ~ > /bin/tcsh -c "ls-F"
Segmentation fault (core dumped)

ralph@arcturus:~$ /bin/tcsh -c "ls-F"
Segmentation fault (core dumped)

I also get a crash with `/bin/tcsh -c "ls-F"`:

```
(gdb) bt
#0 0x00007f84413711d8 in rewinddir () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x0000000000427985 in ?? ()
#2 0x0000000000429431 in ?? ()
#3 0x000000000042a8bb in ?? ()
#4 0x00000000004409e8 in ?? ()
#5 0x0000000000422cb9 in ?? ()
#6 0x00000000004228ff in ?? ()
#7 0x0000000000405afb in ?? ()
#8 0x000000000040495a in ?? ()
#9 0x00007f84412c93f1 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x0000000000404ee9 in ?? ()
```

I tested this on xenial and it doesn't seem affected.

@brian-murray

The regression was introduced in yakkety, not xenial.

I take comment #20 back, I was introducing a space after "ls". The test case also works for me.

Same here:

~> lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.10
Release: 16.10
Codename: yakkety

The workaround at #8 worked perfectly for me, thanks!!

I followed the steps in #8 (& put the whole thing into a script!) and it worked on one system, but not on another. Both are Ubuntu 16.10 x86_64.

% uname -a
Linux green76 4.8.0-26-generic #28-Ubuntu SMP Tue Oct 18 14:39:52 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

% dpkg-buildpackage -rfakeroot -uc -b

ends with:
| configure: exit 0

debian/rules:35: recipe for target 'override_dh_auto_test' failed
make[1]: *** [override_dh_auto_test] Error 1
make[1]: Leaving directory '/var/local/src/tcsh/t2/tcsh-6.18.01'
debian/rules:12: recipe for target 'build' failed
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2

Hello Walter, or anyone else affected,

Accepted tcsh into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/tcsh/6.18.01-5ubuntu0.16.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

I tested:
tcsh:
  Installed: 6.18.01-5ubuntu0.16.10.1
  Candidate: 6.18.01-5ubuntu0.16.10.1
  Version table:
 *** 6.18.01-5ubuntu0.16.10.1 400
        400 http://archive.ubuntu.com/ubuntu yakkety-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     6.18.01-5 500
        500 http://archive.ubuntu.com/ubuntu yakkety/universe amd64 Packages

Everything works both in interactive and non-interactive mode.

Yepp, tcsh_6.18.01-5ubuntu0.16.10.1_amd64.deb seems to work.

tcsh_6.18.01-5ubuntu0.16.10.1_amd64.deb works for me.

This bug was fixed in the package tcsh - 6.18.01-5ubuntu0.16.10.1

---------------
tcsh (6.18.01-5ubuntu0.16.10.1) yakkety; urgency=medium

  * Add debian/patches/014-do-not-use-union-wait.patch to fix FTBFS
    and 024-use-sysmalloc.patch to resolve crash when using tab.
    (LP: #1618803)

 -- Brian Murray <email address hidden> Wed, 26 Oct 2016 15:21:59 -0700

The verification of the Stable Release Update for tcsh has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.