From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 24 10:14:36 2020 Received: (at submit) by debbugs.gnu.org; 24 Jan 2020 15:14:36 +0000 Received: from localhost ([127.0.0.1]:54603 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iv0fM-0003m2-AL for submit@debbugs.gnu.org; Fri, 24 Jan 2020 10:14:36 -0500 Received: from lists.gnu.org ([209.51.188.17]:52749) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iv0fK-0003lu-0N for submit@debbugs.gnu.org; Fri, 24 Jan 2020 10:14:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51299) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iv0fI-0008W5-9L for bug-Guile@gnu.org; Fri, 24 Jan 2020 10:14:33 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED,BAYES_50 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34160) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1iv0fI-0005WJ-5X for bug-Guile@gnu.org; Fri, 24 Jan 2020 10:14:32 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=38024 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1iv0fH-0003Np-5E for bug-Guile@gnu.org; Fri, 24 Jan 2020 10:14:31 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: bug-Guile@gnu.org Subject: Finalization thread hits wrong-type-arg on weak vector (AArch64) X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 5 =?utf-8?Q?Pluvi=C3=B4se?= an 228 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 24 Jan 2020 16:14:29 +0100 Message-ID: <87tv4kdgyy.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hello! While building the =E2=80=9Cguix-system.drv=E2=80=9D derivation on AArch64,= I got this crash (not fully deterministic but quite frequent). Here the finalization thread gets a wrong-type-arg in =E2=80=98scm_i_weak_car=E2=80= =99 (i.e., accessing a one-element weak vector): --8<---------------cut here---------------start------------->8--- $ ( export out=3D$PWD/build; unset GUILE_LOAD_PATH; unset GUILE_LOAD_COMPIL= ED_PATH; gdb --args "/gnu/store/p8in2npgl5yhliy25ikz7shjbq0gii95-guile-next= -3.0.0/bin/guile" "--no-auto-compile" "-L" "/gnu/store/3qg8l6kr4wa9sbgwy00z= 1mb3p88xf455-module-import" "-C" "/gnu/store/h9qcvg71bmx735fsndagll9y7s72k9= n9-module-import-compiled" guix-system-builder ) [=E2=80=A6] loading 'gnu/services/cups.scm'... Backtrace: [Switching to Thread 0xffffbebec1d0 (LWP 22464)] Thread 2 "guile" hit Breakpoint 3, scm_display_backtrace_with_highlights ( stack=3Dstack@entry=3D"#" =3D {...}, port=3Dport@entry=3D= # 510040>,=20 first=3Dfirst@entry=3D#f, depth=3Ddepth@entry=3D#f, highlights=3Dhighli= ghts@entry=3D()) at backtrace.c:269 269 { (gdb) bt #0 scm_display_backtrace_with_highlights (stack=3Dstack@entry=3D"#" =3D {...},=20 port=3Dport@entry=3D# 510040>, first=3Dfi= rst@entry=3D#f, depth=3Ddepth@entry=3D#f,=20 highlights=3Dhighlights@entry=3D()) at backtrace.c:269 #1 0x0000ffffbf5ef8c4 in print_exception_and_backtrace ( args=3D0x70cef60, tag=3Dwrong-type-arg,=20 port=3D# 510040>) at continuations.c:409 #2 pre_unwind_handler (error_port=3D0x510040, tag=3Dwrong-type-arg,=20 args=3D0x70cef60) at continuations.c:453 #3 0x0000ffffbf672588 in catch_pre_unwind_handler (data=3D0xffffbebeb850,= =20 exn=3D0x70ced40) at throw.c:135 #4 0x0000ffffbf67bdf8 in vm_regular_engine (thread=3D0x475b40) at vm-engin= e.c:972 #5 0x0000ffffbf67d10c in scm_call_n (proc=3Dproc@entry=3D#, argv=3D, nargs=3D5) at vm.c:1589 #6 0x0000ffffbf5f3c10 in scm_apply_0 (proc=3D#, args= =3D()) at eval.c:603 #7 0x0000ffffbf5f4654 in scm_apply_1 (proc=3D, arg1=3Darg1@= entry=3Dwrong-type-arg,=20 args=3Dargs@entry=3D0x70caf80) at eval.c:609 #8 0x0000ffffbf6729e0 in scm_throw (key=3Dkey@entry=3Dwrong-type-arg,=20 args=3D0x70caf80) at throw.c:262 #9 0x0000ffffbf672b44 in scm_ithrow (key=3Dkey@entry=3Dwrong-type-arg, arg= s=3D, no_return=3Dno_return@entry=3D1) at throw.c:457 #10 0x0000ffffbf5f1dec in scm_error_scm (key=3Dkey@entry=3Dwrong-type-arg, = subr=3Dsubr@entry=3D"weak-vector-ref",=20 message=3D,=20 args=3Dargs@entry=3D0x70cafd0,=20 data=3Ddata@entry=3D0x70cafc0) at error.c:90 #11 0x0000ffffbf5f1ea0 in scm_error (key=3Dkey@entry=3Dwrong-type-arg,=20 subr=3Dsubr@entry=3D0xffffbf6a52d8 "weak-vector= -ref",=20 message=3Dmessage@entry=3D0xffffbf696e98 "Wrong type argument in positi= on ~A (expecting ~A): ~S",=20 args=3Dargs@entry=3D0x70cafd0,=20 rest=3D0x70cafc0) at error.c:62 #12 0x0000ffffbf5f22cc in scm_wrong_type_arg_msg ( subr=3Dsubr@entry=3D0xffffbf6a52d8 "weak-vector= -ref", pos=3Dpos@entry=3D1,=20 bad_value=3D0x30ff880,=20 szMessage=3DszMessage@entry=3D0xffffbf6a5300 "weak vector") at error.c:= 282 #13 0x0000ffffbf680050 in scm_c_weak_vector_ref (wv=3D, k=3D= k@entry=3D0) at weak-vector.c:193 #14 0x0000ffffbf67eff4 in scm_i_weak_car ( pair=3D0x30f8830) at weak-list.h:39 #15 scm_i_visit_weak_list (list_loc=3D0xffffbf6c81b0 , vis= it=3D) at weak-list.h:49 #16 vacuum_all_weak_tables () at weak-table.c:494 #17 0x0000ffffbf5fda44 in async_gc_finalizer (ptr=3D0x494ec0, data=3D0x0) a= t finalizers.c:316 #18 0x0000ffffbf549f74 in GC_invoke_finalizers () from /gnu/store/wsqzmim7m23gskpibrpqzx4djadhjz8y-libgc-7.6.12/lib/libgc.= so.1 #19 0x0000ffffbf5fdf64 in scm_run_finalizers () at finalizers.c:398 #20 0x0000ffffbf5fdff4 in finalization_thread_proc (unused=3D) at finalizers.c:233 #21 0x0000ffffbf5ef6e0 in c_body (d=3D0xffffbebeb918) at continuations.c:430 #22 0x0000ffffbf67bdf8 in vm_regular_engine (thread=3D0x475b40) at vm-engin= e.c:972 #23 0x0000ffffbf67d10c in scm_call_n (proc=3D#, argv= =3Dargv@entry=3D0xffffbebeb660,=20 nargs=3Dnargs@entry=3D2) at vm.c:1589 #24 0x0000ffffbf5f3930 in scm_call_2 (proc=3D, arg1=3D, arg2=3D) at eval.c:503 #25 0x0000ffffbf5f4f38 in scm_c_with_exception_handler (type=3Dtype@entry= =3D#t, handler=3D0xffffbebeb670,=20 handler@entry=3D0xffffbf6724b0 , handler_dat= a=3D0x510040,=20 handler_data@entry=3D0xffffbebeb850, thunk=3D0x0, thunk@entry=3D0xffffb= f6725f8 ,=20 thunk_data=3D0x1dce42683dff4d67, thunk_data@entry=3D0xffffbebeb850) at = exceptions.c:170 #26 0x0000ffffbf672850 in scm_c_catch (tag=3Dtag@entry=3D#t, body=3Dbody@en= try=3D0xffffbf5ef6c8 ,=20 body_data=3Dbody_data@entry=3D0xffffbebeb918, handler=3Dhandler@entry= =3D0xffffbf5ef970 ,=20 handler_data=3Dhandler_data@entry=3D0xffffbebeb918,=20 pre_unwind_handler=3Dpre_unwind_handler@entry=3D0xffffbf5ef7b8 ,=20 pre_unwind_handler_data=3Dpre_unwind_handler_data@entry=3D0x510040) at = throw.c:168 #27 0x0000ffffbf5efbf4 in scm_i_with_continuation_barrier (body=3Dbody@entr= y=3D0xffffbf5ef6c8 ,=20 body_data=3Dbody_data@entry=3D0xffffbebeb918, handler=3Dhandler@entry= =3D0xffffbf5ef970 ,=20 handler_data=3Dhandler_data@entry=3D0xffffbebeb918,=20 pre_unwind_handler=3Dpre_unwind_handler@entry=3D0xffffbf5ef7b8 , pre_unwind_handler_data=3D0x510040) at continuations.c:368 #28 0x0000ffffbf5efca0 in scm_c_with_continuation_barrier (func=3D, data=3D) at continuations.c:464 #29 0x0000ffffbf671148 in with_guile (base=3D0xffffbebeb988, data=3D0xffffb= ebeb9a8) at threads.c:645 #30 0x0000ffffbf551618 in GC_call_with_stack_base () from /gnu/store/wsqzmim7m23gskpibrpqzx4djadhjz8y-libgc-7.6.12/lib/libgc.= so.1 #31 0x0000ffffbf6714a8 in scm_i_with_guile (dynamic_state=3D= , data=3D, func=3D) at threads.c:688 #32 scm_with_guile (func=3D, data=3D) at thre= ads.c:694 #33 0x0000ffffbf50e7f4 in start_thread () from /gnu/store/nr1aw4i32h7rmxwmq7d2da0mwcwg551j-glibc-2.29/lib/libpthre= ad.so.0 #34 0x0000ffffbf136edc in thread_start () from /gnu/store/nr1aw4i32h7rmxwmq= 7d2da0mwcwg551j-glibc-2.29/lib/libc.so.6 (gdb) info threads Id Target Id Frame=20 1 Thread 0xffffbf6f4010 (LWP 22463) "guile" resize_table (table=3Dtabl= e@entry=3D0x4a2cb0) at weak-table.c:272 * 2 Thread 0xffffbebec1d0 (LWP 22464) "guile" scm_display_backtrace_with= _highlights ( stack=3Dstack@entry=3D"#" =3D {...}, port=3Dport@entry=3D= # 510040>,=20 first=3Dfirst@entry=3D#f, depth=3Ddepth@entry=3D#f, highlights=3Dhighli= ghts@entry=3D()) at backtrace.c:269 --8<---------------cut here---------------end--------------->8--- The problem appears to be that the type tag of the weak-vector got zeroed: --8<---------------cut here---------------start------------->8--- (gdb) frame 15 #15 scm_i_visit_weak_list (list_loc=3D0xffffbf6c81b0 , vis= it=3D) at weak-list.h:49 49 SCM car =3D scm_i_weak_car (in); (gdb) p in $48 =3D (SCM) = 0x30f8830 (gdb) p *(void**)in $49 =3D (void *) 0x30ff880 (gdb) p ((void**)$49)[0]@2 $50 =3D {0x0, 0x30f8840} (gdb) p (void**)in $51 =3D (void **) 0x30f8830 --8<---------------cut here---------------end--------------->8--- There=E2=80=99s normally no disappearing link registered on the first eleme= nt of the weak vector (type tag + length) so I don=E2=80=99t know how this can ha= ppen. Here=E2=80=99s the other thread (with surprisingly broken stack frames): --8<---------------cut here---------------start------------->8--- (gdb) thread 1 [Switching to thread 1 (Thread 0xffffbf6f4010 (LWP 22463))] #0 resize_table (table=3Dtable@entry=3D0x4a2cb0) at weak-table.c:272 272 scm_t_weak_entry *next =3D entry->next; (gdb) bt #0 resize_table (table=3Dtable@entry=3D0x4a2cb0) at weak-table.c:272 #1 0x0000ffffbf67ef00 in vacuum_weak_table (table=3D0x4a2cb0) at weak-tabl= e.c:318 #2 0x0000ffffbf67f374 in scm_c_weak_table_ref (table=3D, ra= w_hash=3D2016212919028049524,=20 pred=3D0xffffbf67eb10 , closure=3D0x72b6a80, dflt=3D())= at weak-table.c:533 #3 0x0000ffffbf653824 in scm_source_properties (obj=3D) at = srcprop.c:195 #4 0x0000ffffbeebcf14 in ?? () #5 0x0000ffffbf03c130 in ?? () Backtrace stopped: previous frame inner to this frame (corrupt stack?) --8<---------------cut here---------------end--------------->8--- Thoughts? This code is the same as in 2.2. Ludo=E2=80=99.