Bug#973659: qtdeclarative5-dev-tools: qmlcachegen segfaults on hppa
- To: Dmitry Shachnev <mitya57@debian.org>, 973659@bugs.debian.org
- Subject: Bug#973659: qtdeclarative5-dev-tools: qmlcachegen segfaults on hppa
- From: John David Anglin <dave.anglin@bell.net>
- Date: Mon, 1 Feb 2021 16:47:47 -0500
- Message-id: <[🔎] b91db69c-7888-39b4-f8a3-dfe496167fcc@bell.net>
- Reply-to: John David Anglin <dave.anglin@bell.net>, 973659@bugs.debian.org
- In-reply-to: <20201109183559.GA22588@mitya57.me>
- References: <160435191563.19351.18287185495674581888.reportbug@mx3210> <handler.973659.B.160435192020952.ack@bugs.debian.org> <160435191563.19351.18287185495674581888.reportbug@mx3210> <43f7bf23-bc14-5501-60ee-68b35606bf65@bell.net> <20201105172044.GA155453@mitya57.me> <160435191563.19351.18287185495674581888.reportbug@mx3210> <c7548619-60e6-6515-cf08-ca0377fc1c12@bell.net> <20201107182024.GA8679@mitya57.me> <160435191563.19351.18287185495674581888.reportbug@mx3210> <faf32072-bbbe-f6c3-7bc3-2de86f277825@bell.net> <20201109183559.GA22588@mitya57.me> <160435191563.19351.18287185495674581888.reportbug@mx3210>
On 2020-11-09 1:35 p.m., Dmitry Shachnev wrote:
> I only found one old bug report and it was fixed:
> https://bugreports.qt.io/browse/QTBUG-44268
I think we have to go back to the original backtrace and the test failures.
I thought that for a bit that we might have a problem similar to ia64 and sparc64 but
hppa is currently 32-bit.
Test tst_qjsvalueiterator fails as follows:
dave@mx3210:~/debian/qtdeclarative-opensource-src$
/home/dave/debian/qtdeclarative-opensource-src/qtdeclarative-opensource-src-5.15.2+dfsg/tests/auto/qml/qjsvalueiterator/tst_qjsvalueiterator
********* Start testing of tst_QJSValueIterator *********
Config: Using QtTest library 5.15.2, Qt 5.15.2 (unknown-big_endian-ilp32 shared (dynamic) release build; by GCC 10.2.1 20210110), debian unknown
PASS : tst_QJSValueIterator::initTestCase()
PASS : tst_QJSValueIterator::iterateForward(no properties)
PASS : tst_QJSValueIterator::iterateForward(foo=bar)
PASS : tst_QJSValueIterator::iterateForward(foo=bar, baz=123)
PASS : tst_QJSValueIterator::iterateForward(foo=bar, baz=123, rab=oof)
PASS : tst_QJSValueIterator::iterateArray(no elements)
PASS : tst_QJSValueIterator::iterateArray(0=foo, 1=barr)
PASS : tst_QJSValueIterator::iterateArray(0=foo, 3=barr)
=== Received signal at function time: 70ms, total time: 310ms, dumping stack ===
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "hppa-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
Attaching to process 2844
[New LWP 2845]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/hppa-linux-gnu/libthread_db.so.1".
clone () at ../sysdeps/unix/sysv/linux/hppa/clone.S:83
(gdb)
Thread 2 (Thread 0xef8b3400 (LWP 2845) "QThread"):
#0 0xf594183c in _int_malloc (av=0x0, bytes=4010488392) at malloc.c:4116
p = <optimized out>
iters = <optimized out>
nb = 164456
idx = 1
bin = <optimized out>
victim = 0x28240
size = 210
victim_index = <optimized out>
remainder = 0xffffffff
remainder_size = 4294803050
block = <optimized out>
bit = <optimized out>
map = 0
fwd = <optimized out>
bck = <optimized out>
tcache_unsorted_count = 164424
tcache_nb = 4010488392
tc_idx = 0
return_cached = <optimized out>
__PRETTY_FUNCTION__ = "_int_malloc"
#1 0x00000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
^CDetaching from program:
/home/dave/debian/qtdeclarative-opensource-src/qtdeclarative-opensource-src-5.15.2+dfsg/tests/auto/qml/qjsvalueiterator/tst_qjsvalueiterator,
process 2844
[Inferior 1 (process 2844) detached]
=== End of stack trace ===
QFATAL : tst_QJSValueIterator::iterateString() Received signal 11
Function time: 70ms Total time: 310ms
FAIL! : tst_QJSValueIterator::iterateString() Received a fatal error.
Loc: [Unknown file(0)]
Totals: 8 passed, 1 failed, 0 skipped, 0 blacklisted, 258862ms
********* Finished testing of tst_QJSValueIterator *********
Aborted (core dumped)
dave@mx3210:~/debian/qtdeclarative-opensource-src$ gdb -c core
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "hppa-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
warning: Can't open file /memfd:JSGCHeap:QtQml (deleted) during file-backed mapping note processing
warning: Can't open file /memfd:JSVMStack:QtQml (deleted) during file-backed mapping note processing
[New LWP 2844]
[New LWP 2845]
Core was generated by `/home/dave/debian/qtdeclarative-opensource-src/qtdeclarative-opensource-src-5.1'.
Program terminated with signal SIGABRT, Aborted.
#0 0xf5932b5c in ?? ()
[Current thread is 1 (LWP 2844)]
(gdb) quit
The test again fails because of a stack overflow.
gdb -c tests/auto/qml/qjsvalueiterator/core tests/auto/qml/qjsvalueiterator/tst_qjsvalueiterator
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "hppa-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from tests/auto/qml/qjsvalueiterator/tst_qjsvalueiterator...
warning: Can't open file /memfd:JSGCHeap:QtQml (deleted) during file-backed mapping note processing
warning: Can't open file /memfd:JSVMStack:QtQml (deleted) during file-backed mapping note processing
warning: core file may not match specified executable file.
[New LWP 20351]
[New LWP 20352]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/hppa-linux-gnu/libthread_db.so.1".
Core was generated by `./tst_qjsvalueiterator'.
Program terminated with signal SIGABRT, Aborted.
#0 0xf5d32b5c in __vsnprintf_internal (
--Type <RET> for more, q to quit, c to continue without paging--
string=0x2 <error: Cannot access memory at address 0x2>,
maxlen=4144215688, format=0x0, args=0x8, mode_flags=<optimized out>)
at vsnprintf.c:95
95 vsnprintf.c: No such file or directory.
[Current thread is 1 (Thread 0xf7afa040 (LWP 20351))]
(gdb) bt
#0 0xf5d32b5c in __vsnprintf_internal (
string=0x2 <error: Cannot access memory at address 0x2>,
maxlen=4144215688, format=0x0, args=0x8, mode_flags=<optimized out>)
at vsnprintf.c:95
#1 0xf5cdaa00 in __GI_abort () at abort.c:79
#2 0xf688177c in qt_message_fatal (message=<synthetic pointer>...,
context=...) at global/qlogging.cpp:1914
#3 QMessageLogger::fatal (this=<optimized out>, msg=<optimized out>)
at global/qlogging.cpp:893
#4 0xf7001eb8 in ?? () from /usr/lib/hppa-linux-gnu/libQt5Test.so.5
#5 <signal handler called>
#6 0xf7247d90 in QHash<QString, int>::findNode (this=0xf83b14b8, akey=...,
h=733811337) at /usr/include/hppa-linux-gnu/qt5/QtCore/qhash.h:924
#7 0xf7244acc in QHash<QString, int>::findNode (ahp=0x0, akey=...,
this=0xf83b14b8) at /usr/include/hppa-linux-gnu/qt5/QtCore/qhash.h:950
#8 QHash<QString, int>::constFind (akey=..., this=0xf83b14b8)
at /usr/include/hppa-linux-gnu/qt5/QtCore/qhash.h:907
#9 QV4::Compiler::StringTableGenerator::registerString (this=0xf83b14b8,
str=...) at compiler/qv4compiler.cpp:67
#10 0xf7254f34 in QV4::Compiler::JSUnitGenerator::registerString (str=...,
this=<optimized out>)
at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/compiler/qv4compiler_p.h:118
--Type <RET> for more, q to quit, c to continue without paging--
#11 QV4::Compiler::Codegen::registerString (name=..., this=<optimized out>)
at compiler/qv4codegen_p.h:512
#12 QV4::Compiler::Codegen::Reference::nameAsIndex (this=0xf8badcf8)
at compiler/qv4codegen_p.h:339
#13 QV4::Compiler::Codegen::Reference::loadInAccumulator (this=0xf8badcf8)
at compiler/qv4codegen.cpp:4425
#14 0xf725819c in QV4::Compiler::Codegen::Reference::doStoreOnStack (
this=0xf8badec8, slotIndex=<optimized out>) at compiler/qv4codegen.cpp:4185
#15 0xf725845c in QV4::Compiler::Codegen::Reference::storeOnStack (
this=<optimized out>) at compiler/qv4codegen.cpp:4157
#16 0xf7257eb8 in QV4::Compiler::Codegen::Reference::storeAccumulator (
this=0xf83b1494) at compiler/qv4codegen.cpp:4231
#17 0xf7258038 in QV4::Compiler::Codegen::Reference::storeConsumeAccumulator (
this=<optimized out>) at compiler/qv4codegen.cpp:4130
#18 0xf72581b0 in QV4::Compiler::Codegen::Reference::doStoreOnStack (
this=0xf8badec8, slotIndex=<optimized out>) at compiler/qv4codegen.cpp:4186
#19 0xf725845c in QV4::Compiler::Codegen::Reference::storeOnStack (
this=<optimized out>) at compiler/qv4codegen.cpp:4157
#20 0xf7257eb8 in QV4::Compiler::Codegen::Reference::storeAccumulator (
this=0xf83b1494) at compiler/qv4codegen.cpp:4231
#21 0xf7258038 in QV4::Compiler::Codegen::Reference::storeConsumeAccumulator (
this=<optimized out>) at compiler/qv4codegen.cpp:4130
#22 0xf72581b0 in QV4::Compiler::Codegen::Reference::doStoreOnStack (
--Type <RET> for more, q to quit, c to continue without paging--q
Quit
(gdb) frame 6
#6 0xf7247d90 in QHash<QString, int>::findNode (this=0xf83b14b8, akey=...,
h=733811337) at /usr/include/hppa-linux-gnu/qt5/QtCore/qhash.h:924
924 Q_OUTOFLINE_TEMPLATE typename QHash<Key, T>::Node **QHash<Key, T>::findNode(const Key &akey, uint h) const
(gdb) disass $pc-16,$pc+16
Dump of assembler code from 0xf7247d80 to 0xf7247da0:
0xf7247d80 <_ZN7QVectorIN3QV48Compiler5Class6MethodEED2Ev+96>: ldw -94(sp),rp
0xf7247d84 <_ZN7QVectorIN3QV48Compiler5Class6MethodEED2Ev+100>: bv r0(rp)
0xf7247d88 <_ZN7QVectorIN3QV48Compiler5Class6MethodEED2Ev+104>: ldw,mb -80(sp),r4
0xf7247d8c <_ZNK5QHashI7QStringiE8findNodeERKS0_j+0>: stw rp,-14(sp)
=> 0xf7247d90 <_ZNK5QHashI7QStringiE8findNodeERKS0_j+4>: stw,ma r7,80(sp)
0xf7247d94 <_ZNK5QHashI7QStringiE8findNodeERKS0_j+8>: copy r25,r7
0xf7247d98 <_ZNK5QHashI7QStringiE8findNodeERKS0_j+12>: stw r6,-7c(sp)
0xf7247d9c <_ZNK5QHashI7QStringiE8findNodeERKS0_j+16>: copy r24,r6
The fault occurs in at the beginning of _ZNK5QHashI7QStringiE8findNodeERKS0_j when r7 is saved to the stack.
It looks to me like the problem might be in QHash hash lookup. Something is being called recursively.
Regards,
Dave
--
John David Anglin dave.anglin@bell.net
Reply to: