Debian Bug report logs - #916626
qbs: FTBFS on hppa: Segmentation fault (core dumped)

Reply or subscribe to this bug.

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: John David Anglin <[email protected]>

To: Debian Bug Tracking System <[email protected]>

Subject: qbs: FTBFS on hppa: Segmentation fault (core dumped)

Date: Sun, 16 Dec 2018 12:54:28 -0500

Source: qbs
Version: 1.12.2+dfsg-1
Severity: normal

Dear Maintainer,

See build log:
https://buildd.debian.org/status/fetch.php?pkg=qbs&arch=hppa&ver=1.12.2%2Bdfsg-1&stamp=1544493575&raw=0

The fault is:
do_page_fault() command='QThread' type=15 address=0xedd80000 in libQt5Script.so.5.11.2[f645d000+214000]
trap #15: Data TLB miss fault, vm_start = 0xedd80000, vm_end = 0xedd81000

The TLB entry for the page is missing.

When the faulting program is run under gdb, we have:
dave@mx3210:~/debian/qbs/qbs-1.12.2+dfsg$ gdb bin/qbs
GNU gdb (Debian 8.2-1) 8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "hppa-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from bin/qbs...done.
(gdb) set args build --settings-dir qbsres/settings -f /home/dave/debian/qbs/qbs-1.12.2+dfsg/qbs.qbs -d qbsres -p 'qbs resources' project.withCode:false project.withDocumentation:false profile:none
(gdb) r
Starting program: /home/dave/debian/qbs/qbs-1.12.2+dfsg/bin/qbs build --settings-dir qbsres/settings -f /home/dave/debian/qbs/qbs-1.12.2+dfsg/qbs.qbs -d qbsres -p 'qbs resources' project.withCode:false project.withDocumentation:false profile:none
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/hppa-linux-gnu/libthread_db.so.1".
[New Thread 0xef7e7440 (LWP 378)]
[New Thread 0xee582440 (LWP 379)]
Restoring build graph from disk
[Detaching after fork from child process 380]
[New Thread 0xedd81440 (LWP 381)]
[Thread 0xee582440 (LWP 379) exited]
Building for configuration default

Thread 4 "QThread" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xedd81440 (LWP 381)]
0xf6521a64 in QTJSC::Heap::markConservatively (this=0xf8b53c78, markStack=...,
    start=<optimized out>, end=<optimized out>)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:805
805     ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp: No such file or directory.
(gdb) disass $pc-16,$pc+16
Dump of assembler code from 0xf6521a54 to 0xf6521a74:
   0xf6521a54 <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+148>:   and ret0,r13,r7
   0xf6521a58 <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+152>:   cmpb,>>= r12,r7,0xf6521ab4 <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+244>
   0xf6521a5c <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+156>:   copy ret0,r9
   0xf6521a60 <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+160>:   cmpb,<>,n r6,r16,0xf6521a44 <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+132>
=> 0xf6521a64 <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+164>:   ldw,ma 4(r6),ret0
   0xf6521a68 <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+168>:   ldw -94(sp),rp
   0xf6521a6c <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+172>:   ldw -74(sp),r18
   0xf6521a70 <QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)+176>:   ldw -70(sp),r17
End of assembler dump.
(gdb) bt
#0  0xf6521a64 in QTJSC::Heap::markConservatively (this=0xf8b53c78,
    markStack=..., start=<optimized out>, end=<optimized out>)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:805
#1  0xf6521d2c in QTJSC::Heap::markCurrentThreadConservativelyInternal (
    this=0xf8b53c8c, markStack=...)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:834
#2  0xf6521df4 in QTJSC::Heap::markCurrentThreadConservatively (
    this=0xf8b53c78, markStack=...)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:856
#3  0xf6522614 in QTJSC::Heap::markStackObjectsConservatively (markStack=...,
    this=0xf8affbd4)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1148
#4  QTJSC::Heap::markRoots (this=0xf8affbd4)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1148
#5  0xf6522a1c in QTJSC::Heap::reset (this=0xf8affbd4)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1269
#6  QTJSC::Heap::allocate (this=0xf8affbd4, s=<optimized out>)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:405
#7  0xf65acd6c in QTJSC::JSCell::operator new (globalData=0xf8affbd4, size=32)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.h:162
#8  QTJSC::jsString (globalData=0xf8affbd4, s=...)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSString.h:445
#9  0xf65e8c28 in QTJSC::jsString (s=..., exec=0xf8b53c8c)
--Type <RET> for more, q to quit, c to continue without paging--
    at ../3rdparty/javascriptcore/JavaScriptCore/interpreter/Register.h:203
#10 QScriptEnginePrivate::arrayFromStringList (exec=0xf8b53c8c, lst=...)
    at api/qscriptengine.cpp:1078
#11 0xf65eb49c in QScriptEnginePrivate::create (exec=0xedd80000,
    type=<optimized out>, ptr=0x1) at api/qscriptengine.cpp:3119
#12 0xf65ebd38 in QScriptEnginePrivate::jscValueFromVariant (v=...,
    exec=0xedd80000) at /usr/include/hppa-linux-gnu/qt5/QtCore/qvariant.h:355
#13 QScriptEnginePrivate::objectFromVariantMap (exec=0xedd80000, vmap=...)
    at api/qscriptengine.cpp:1118
#14 0xf65eb3b8 in QScriptEnginePrivate::create (exec=0xedd80000,
    type=<optimized out>, ptr=0x1) at api/qscriptengine.cpp:3125
#15 0xf65ebe1c in QScriptEngine::create (this=<optimized out>,
    type=<optimized out>, ptr=<optimized out>) at api/qscriptengine.cpp:3071
#16 0xf85e4b14 in qScriptValueFromValue_helper (ptr=
    0x3fde0 <qbs::printStatus(qbs::ProjectData const&)+1632>, type=8,
    engine=0xf8affbd4)
    at /usr/include/hppa-linux-gnu/qt5/QtScript/qscriptengine.h:320
#17 qScriptValueFromValue<QMap<QString, QVariant> > (t=..., engine=0xf8affbd4)
    at /usr/include/hppa-linux-gnu/qt5/QtScript/qscriptengine.h:326
#18 QScriptEngine::toScriptValue<QMap<QString, QVariant> > (value=...,
    this=0xf8affbd4)
    at /usr/include/hppa-linux-gnu/qt5/QtScript/qscriptengine.h:212
#19 qbs::Internal::ModuleProperties::init (artifactObject=...,
--Type <RET> for more, q to quit, c to continue without paging--
    artifact=0xf814f728) at jsextensions/moduleproperties.cpp:257
#20 0xf85ac5d0 in qbs::Internal::Transformer::translateFileConfig (
    scriptEngine=0x4000, artifact=0x1, defaultModuleName=...)
    at buildgraph/transformer.cpp:113
#21 0xf85ad120 in qbs::Internal::Transformer::translateInOutputs (
    scriptEngine=0x4000, artifacts=..., defaultModuleName=...)
    at buildgraph/transformer.cpp:150
#22 0xf85ada44 in qbs::Internal::Transformer::setupOutputs (this=0xf8affbd4,
    targetScriptValue=...) at buildgraph/transformer.cpp:192
#23 0xf859de9c in qbs::Internal::RulesApplicator::doApply (
    this=0x3fd80 <qbs::printStatus(qbs::ProjectData const&)+1536>,
    inputArtifacts=..., prepareScriptContext=...)
    at /usr/include/c++/8/bits/shared_ptr_base.h:998
#24 0xf859fbd8 in qbs::Internal::RulesApplicator::applyRule (this=0xf8affbd4,
    rule=..., inputArtifacts=...) at buildgraph/rulesapplicator.cpp:124
#25 0xf8594c60 in qbs::Internal::RuleNode::apply (this=0xf8950d48, logger=...,
    changedInputs=...,
    productsByName=std::unordered_map with 0 elements<error reading variable: Cannot access memory at address 0x11>, projectsByName=...,
    result=<optimized out>) at buildgraph/rulenode.cpp:176
#26 0xf853e714 in qbs::Internal::Executor::executeRuleNode (this=0xf8b53d10,
    ruleNode=0xedd80000) at buildgraph/executor.cpp:520
#27 0xf853f088 in qbs::Internal::Executor::visit (this=<optimized out>,
--Type <RET> for more, q to quit, c to continue without paging--
    ruleNode=<optimized out>) at buildgraph/executor.cpp:1148
#28 0xf8592fe0 in qbs::Internal::RuleNode::accept (
    this=0x3fde0 <qbs::printStatus(qbs::ProjectData const&)+1632>,
    visitor=0xf8affbd4) at buildgraph/rulenode.cpp:71
#29 0xf853c974 in qbs::Internal::Executor::scheduleJobs (this=0xf8b53c5c)
    at buildgraph/executor.cpp:361
#30 0xf8544c74 in qbs::Internal::Executor::doBuild (this=0x4000)
    at buildgraph/executor.cpp:290
#31 0xf854530c in qbs::Internal::Executor::build (this=0xf8affbd4)
    at buildgraph/executor.cpp:154
#32 0xf8498b40 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (qbs::Internal::Executor::*)()>::call(void (qbs::Internal::Executor::*)(), qbs::Internal::Executor*, void**) (arg=<optimized out>,
    o=<optimized out>, f=<optimized out>)
    at /usr/include/hppa-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:166
#33 QtPrivate::FunctionPointer<void (qbs::Internal::Executor::*)()>::call<QtPrivate::List<>, void>(void (qbs::Internal::Executor::*)(), qbs::Internal::Executor*, void**) (arg=<optimized out>, o=<optimized out>, f=<optimized out>)
    at /usr/include/hppa-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:167
#34 QtPrivate::QSlotObject<void (qbs::Internal::Executor::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (
    which=1, a=<optimized out>, ret=<optimized out>, r=<optimized out>,
    this_=0xf8affbd4)
--Type <RET> for more, q to quit, c to continue without paging--
    at /usr/include/hppa-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:396
#35 QtPrivate::QSlotObject<void (qbs::Internal::Executor::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (
    which=<optimized out>, this_=0xf8affbd4, r=<optimized out>,
    a=<optimized out>, ret=<optimized out>)
    at /usr/include/hppa-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:389
#36 0xf7cb8994 in QMetaObject::activate(QObject*, int, int, void**) ()
   from /usr/lib/hppa-linux-gnu/libQt5Core.so.5
#37 0xf7cb8f14 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/hppa-linux-gnu/libQt5Core.so.5
#38 0xf7a666ac in QThread::started(QThread::QPrivateSignal) ()
   from /usr/lib/hppa-linux-gnu/libQt5Core.so.5
#39 0xf7a7a380 in ?? () from /usr/lib/hppa-linux-gnu/libQt5Core.so.5
#40 0xf77efcc0 in start_thread (arg=0xedd81440) at pthread_create.c:486
#41 0xf68e30c0 in clone () from /lib/hppa-linux-gnu/libc.so.6
(gdb) p/x $r6
$1 = 0xedd80000

The fault occurs loading the return value from QTJSC::Heap::markConservatively.

Possibly, this is bug in libqt5script5.

Regards,
Dave Anglin


-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable')
Architecture: hppa (parisc64)

Kernel: Linux 4.14.88+ (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #10 received at [email protected] (full text, mbox, reply):

From: John David Anglin <[email protected]>

To: [email protected]

Subject: Re: Bug#916626: Acknowledgement (qbs: FTBFS on hppa: Segmentation fault (core dumped))

Date: Sun, 16 Dec 2018 13:21:10 -0500

On 2018-12-16 1:04 p.m., John David Anglin wrote:
> Thread 4 "QThread" hit Breakpoint 1, QTJSC::Heap::markConservatively (
>     this=0xf8b53c78, markStack=..., start=0xed5826c8, end=0xedd81000)
>     at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:791
> 791     ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:
> No such file or directory.
> 
> The address 0xedd81000 is the end of the stack.

void Heap::markConservatively(MarkStack& markStack, void* start, void* end)
{
    if (start > end) {
        void* tmp = start;
        start = end;
        end = tmp;
    }

    ASSERT((static_cast<char*>(end) - static_cast<char*>(start)) <
0x1000000);
    ASSERT(isPointerAligned(start));
    ASSERT(isPointerAligned(end));

    char** p = static_cast<char**>(start);
    char** e = static_cast<char**>(end);

    CollectorBlock** blocks = m_heap.blocks;
    while (p != e) {

It looks to me as if the test "p != e" should be "p < e".

Dave
-- 
John David Anglin  [email protected]

Message #15 received at [email protected] (full text, mbox, reply):

From: John David Anglin <[email protected]>

To: [email protected]

Subject: Re: Bug#916626: Acknowledgement (qbs: FTBFS on hppa: Segmentation fault (core dumped))

Date: Sun, 16 Dec 2018 13:54:57 -0500

On 2018-12-16 1:21 p.m., John David Anglin wrote:
> It looks to me as if the test "p != e" should be "p < e".

On further thought, I think gcc has miscompiled this function.

Dave
-- 
John David Anglin  [email protected]

Message #20 received at [email protected] (full text, mbox, reply):

From: John David Anglin <[email protected]>

To: [email protected]

Subject: Re: Bug#916626: Acknowledgement (qbs: FTBFS on hppa: Segmentation fault (core dumped))

Date: Sun, 16 Dec 2018 13:04:12 -0500

Yes, it's is a bug in libqt5script5:

(gdb) break QTJSC::Heap::markConservatively(QTJSC::MarkStack&, void*, void*)
Breakpoint 1 at 0xf65219c0: file
../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp, line 791.
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/dave/debian/qbs/qbs-1.12.2+dfsg/bin/qbs build
--settings-dir qbsres/settings -f
/home/dave/debian/qbs/qbs-1.12.2+dfsg/qbs.qbs -d qbsres -p 'qbs
resources' project.withCode:false project.withDocumentation:false
profile:none
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/hppa-linux-gnu/libthread_db.so.1".
[New Thread 0xef7e7440 (LWP 1788)]
[New Thread 0xee582440 (LWP 1789)]
Restoring build graph from disk
[Detaching after fork from child process 1790]
[New Thread 0xedd81440 (LWP 1791)]
[Thread 0xee582440 (LWP 1789) exited]
Building for configuration default
[Switching to Thread 0xedd81440 (LWP 1791)]

Thread 4 "QThread" hit Breakpoint 1, QTJSC::Heap::markConservatively (
    this=0xf8b53c78, markStack=..., start=0xed5826c8, end=0xedd81000)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:791
791     ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:
No such file or directory.

The address 0xedd81000 is the end of the stack.

Dave
-- 
John David Anglin  [email protected]

Message #25 received at [email protected] (full text, mbox, reply):

From: John David Anglin <[email protected]>

To: [email protected]

Subject: Re: Bug#916626: Acknowledgement (qbs: FTBFS on hppa: Segmentation fault (core dumped))

Date: Sun, 16 Dec 2018 17:19:46 -0500

On 2018-12-16 1:54 p.m., John David Anglin wrote:
> On 2018-12-16 1:21 p.m., John David Anglin wrote:
>> It looks to me as if the test "p != e" should be "p < e".
> 
> On further thought, I think gcc has miscompiled this function.

No, the bug is in currentThreadStackBase().  The stack grows up on hppa
and the base is incorrectly calculated.

Dave
-- 
John David Anglin  [email protected]

Send a report that this bug log contains spam.