PR# 14456 EIF_MEMORY_SCAVENGE value <= 8184 causes runtime panic
Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2008/06/08
Class: Bug
Severity: Serious
Number: 14456
Release: 6.2.73753
Confidential: No
Status: Open
Responsible:
Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080421 Firefox/2.0.0.14
OpenSolaris 2008.05 on x86
Synopsis: EIF_MEMORY_SCAVENGE value <= 8184 causes runtime panic
Description
Setting environment variable EIF_MEMORY_SCAVENGE to a value <= 8184 (so that final aligned value used by run-time is < 8192) causes execution of a trivial system to die with a run-time panic in reclaim. If such small values do not make sense, the runtime should enforce a minimum value as is done with other such environment variables. If these small values are supposed to work, the bug should be fixed. Stack trace when run under dbx: (dbx) where =>[1] coalesc(0x91ed73c, 0x8fe23b6, 0x0, 0x8ff261a), at 0x8ff2c12 [2] xfreeblock(0x91ed73c, 0x88001c58, 0x80475c8, 0x8ff256e), at 0x8ff264d [3] eif_rt_xfree(0x91ed748, 0x91f33e0, 0x90a1a78, 0x8ff31a6), at 0x8ff25b8 [4] explode_scavenge_zone(0x91ed1c0), at 0x8ff3277 [5] sc_stop(0x804765c, 0x903a144, 0x8047668, 0x80f315f, 0xfeffb7dc, 0x80f30b9), at 0x8ff3340 [6] reclaim(0xfeffb7dc, 0x80f30b9, 0x903a144, 0x804765c, 0x8047794, 0x8047668), at 0x8ff3e93 [7] main(0x1, 0x80476a0, 0x80476a8, 0x90651a0), at 0x80f315f
To Reproduce
Freeze with attached class and config file (trivial system). setenv EIF_MEMORY_CHUNK 8184 (or any smaller value). Execute system. Dies with panic in final reclaim.
Problem Report Interactions
I tried to look into this using dbx, but couldn't understand what was going on. Use "list <start_line_num> <end_line_num>" to see sections of code, in case you don't remember how to use dbx. Here is a full stack trace when system seg faults in final `reclaim': (dbx) where =>[1] disconnect_free_list(zone = 0x9011d24, i = 71U), line 3327 in "malloc.c" [2] coalesc(zone = 0x900e0e0), line 3146 in "malloc.c" [3] xfreeblock(zone = 0x900e0e0, r = 2281716792U), line 2700 in "malloc.c" [4] eif_rt_xfree(ptr = 0x900e0ec), line 2624 in "malloc.c" [5] explode_scavenge_zone(sc = 0x900d8e0), line 3888 in "malloc.c" [6] sc_stop(), line 3937 in "malloc.c" [7] reclaim(), line 1329 in "garcol.c" [8] main(0x1, 0x8047458, 0x8047460, 0x804744c), at 0x8e0a3ea Value of `r' in `coalesc' when crashes: (dbx) print r r = 32768U
Added eweasel test exec312 for this bug. The panic occurs on OpenSolaris 2009.06 (snv_111a) on x86. The panic does not occur on Solaris 10 on SPARC. Big endian versus little endian issue?