PR# 14456 EIF_MEMORY_SCAVENGE value <= 8184 causes runtime panic

Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2008/06/08
Class: Bug
Severity: Serious
Number: 14456
Release: 6.2.73753
Confidential: No
Status: Open
Responsible:
Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080421 Firefox/2.0.0.14 OpenSolaris 2008.05 on x86
Synopsis: EIF_MEMORY_SCAVENGE value <= 8184 causes runtime panic

Description
Setting environment variable EIF_MEMORY_SCAVENGE to a value <= 8184
(so that final aligned value used by run-time is < 8192) causes execution of
a trivial system to die with a run-time panic in reclaim.  If such small values
do not make sense, the runtime should enforce a minimum value as is done with
other such environment variables.  If these small values are supposed to work,
the bug should be fixed.

Stack trace when run under dbx:

(dbx) where
=>[1] coalesc(0x91ed73c, 0x8fe23b6, 0x0, 0x8ff261a), at 0x8ff2c12 
  [2] xfreeblock(0x91ed73c, 0x88001c58, 0x80475c8, 0x8ff256e), at 0x8ff264d 
  [3] eif_rt_xfree(0x91ed748, 0x91f33e0, 0x90a1a78, 0x8ff31a6), at 0x8ff25b8 
  [4] explode_scavenge_zone(0x91ed1c0), at 0x8ff3277 
  [5] sc_stop(0x804765c, 0x903a144, 0x8047668, 0x80f315f, 0xfeffb7dc, 0x80f30b9), at 0x8ff3340 
  [6] reclaim(0xfeffb7dc, 0x80f30b9, 0x903a144, 0x804765c, 0x8047794, 0x8047668), at 0x8ff3e93 
  [7] main(0x1, 0x80476a0, 0x80476a8, 0x90651a0), at 0x80f315f
To Reproduce
Freeze with attached class and config file (trivial system).
setenv EIF_MEMORY_CHUNK 8184   (or any smaller value).
Execute system.  Dies with panic in final reclaim.
Problem Report Interactions
From:prestoat2000    Date:2011/06/09    Download    
I tried to look into this using dbx, but couldn't understand what was
going on. 

Use "list <start_line_num> <end_line_num>" to see sections of code, in case
you don't remember how to use dbx.

Here is a full stack trace when system seg faults in final `reclaim':

(dbx) where
=>[1] disconnect_free_list(zone = 0x9011d24, i = 71U), line 3327 in "malloc.c"
  [2] coalesc(zone = 0x900e0e0), line 3146 in "malloc.c"
  [3] xfreeblock(zone = 0x900e0e0, r = 2281716792U), line 2700 in "malloc.c"
  [4] eif_rt_xfree(ptr = 0x900e0ec), line 2624 in "malloc.c"
  [5] explode_scavenge_zone(sc = 0x900d8e0), line 3888 in "malloc.c"
  [6] sc_stop(), line 3937 in "malloc.c"
  [7] reclaim(), line 1329 in "garcol.c"
  [8] main(0x1, 0x8047458, 0x8047460, 0x804744c), at 0x8e0a3ea 

Value of `r' in `coalesc' when crashes:

(dbx) print r
r = 32768U

From:prestoat2000    Date:2009/05/13    Download    
Added eweasel test exec312 for this bug.  The panic occurs on OpenSolaris
2009.06 (snv_111a) on x86.  The panic does not occur on Solaris 10 on SPARC.
Big endian versus little endian issue?

From:prestoat2000    Date:2008/06/08    Download    
Attachments for problem report #14456

Attachment: test.e     Size:268
Attachment: test.ecf     Size:644