Subject: Re: Bug#827815: libmozjs-24-0: initialization
segfaults on sparc64



Control: retitle 827815 libmozjs-24-0: initialization segfaults on sparc64
Control: user [email protected]
Control: usertags 827815 + sparc64

This is easy to reproduce on the sparc64 porterbox, with or without gjs.
Possibly related to <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824449>
since standalone mozjs (SpiderMonkey) is essentially a fork of the Firefox
JavaScript engine.

Sample backtraces below. The expected result of running either js24 or
gjs-console is an interactive prompt at which you can type
print("hello, world!") and get "hello, world!" printed in response.

mozjs24 currently ignores errors during "make check" because not all
tests are reliable, but it would be great if it tried something simpler
like

js24 -e 'print("hello, world!")'

and made the package FTBFS if that didn't work - that would avoid dependent
packages like gjs being built, but actually being unusable, on sparc64.

Regards,
S

--------

With libmozjs-24-bin, libmozjs-24-bin-dbg and libmozjs-24-0-dbg:
> [email protected] ~ % gdb js24
> ...
> (gdb) run
> Starting program: /usr/bin/js24
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
> [New Thread 0xffff800101889910 (LWP 250203)]
> [New Thread 0xffff800102089910 (LWP 250204)]
>
> Thread 1 "js24" received signal SIGSEGV, Segmentation fault.
> js::ObjectImpl::setFlag ([email protected]=0x102306040, [email protected]=0x53e610,
> [email protected]=8,
> [email protected]=js::ObjectImpl::GENERATE_SHAPE)
> at ./js/src/vm/Shape.cpp:1116
> 1116 ./js/src/vm/Shape.cpp: No such file or directory.
> (gdb) set pagination off
> (gdb) thread apply all bt
>
> Thread 3 (Thread 0xffff800102089910 (LWP 250204)):
> #0 0xffff8001001365a4 in pthread_cond_wait@@GLIBC_2.3.2 () from
> /lib/sparc64-linux-gnu/libpthread.so.0
> #1 0xffff80010047e5d8 in PR_WaitCondVar () from
> /usr/lib/sparc64-linux-gnu/libnspr4.so
> #2 0x00000000002d9150 in js::SourceCompressorThread::threadLoop
> (this=0x521940) at ./js/src/jsscript.cpp:1094
> #3 js::SourceCompressorThread::compressorThread (arg=0x521940) at
> ./js/src/jsscript.cpp:965
> #4 0xffff800100484620 in ?? () from /usr/lib/sparc64-linux-gnu/libnspr4.so
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)
>
> Thread 2 (Thread 0xffff800101889910 (LWP 250203)):
> #0 0xffff8001001365a4 in pthread_cond_wait@@GLIBC_2.3.2 () from
> /lib/sparc64-linux-gnu/libpthread.so.0
> #1 0xffff80010047e5d8 in PR_WaitCondVar () from
> /usr/lib/sparc64-linux-gnu/libnspr4.so
> #2 0x000000000025d9a4 in js::GCHelperThread::threadLoop (this=0x521868) at
> ./js/src/jsgc.cpp:2266
> #3 0xffff800100484620 in ?? () from /usr/lib/sparc64-linux-gnu/libnspr4.so
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)
>
> Thread 1 (Thread 0xffff800100030f60 (LWP 250200)):
> #0 js::ObjectImpl::setFlag ([email protected]=0x102306040,
> [email protected]=0x53e610, [email protected]=8,
> [email protected]=js::ObjectImpl::GENERATE_SHAPE) at
> ./js/src/vm/Shape.cpp:1116
> #1 0x0000000000276b94 in JSObject::setDelegate (cx=0x53e610, this=<optimized
> out>) at ./jsobjinlines.h:782
> #2 JSCompartment::getNewType (this=0x53efd0, [email protected]=0x53e610,
> [email protected]=0x4f2e10 <JSFunction::class_>, proto_=...,
> [email protected]=0x0) at ./js/src/jsinfer.cpp:6073
> #3 0x0000000000277020 in JSObject::getNewType (this=0x102306040,
> [email protected]=0x53e610, [email protected]=0x4f2e10 <JSFunction::class_>,
> [email protected]=0x0) at ./js/src/jsinfer.cpp:6134
> #4 0x000000000029f938 in js::NewObjectWithClassProtoCommon (cx=0x53e610,
> clasp=0x4f2e10 <JSFunction::class_>, protoArg=<optimized out>,
> parentArg=0xffff800102305020, allocKind=<optimized out>, newKind=<optimized
> out>) at ./js/src/jsobj.cpp:1383
> #5 0x000000000029fbc4 in js::NewObjectWithClassProtoCommon
> ([email protected]=0x53e610, clasp=0x7feffffec60, protoArg=0x7feffffec70,
> [email protected]=0x0, parentArg=0x170338 <obj_toSource(JSContext*, unsigned
> int, JS::Value*)>,
> [email protected]=js::gc::FINALIZE_OBJECT4_BACKGROUND,
> [email protected]=js::SingletonObject) at ./js/src/jsobj.cpp:1343
> #6 0x00000000002506b8 in js::NewObjectWithClassProto
> (newKind=js::SingletonObject, allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND,
> parent=<optimized out>, proto=0x0, clasp=0x4f2e10 <JSFunction::class_>,
> cx=0x53e610) at ./jsobjinlines.h:1493
> #7 js::NewFunction (newKind=js::SingletonObject,
> allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, atom=..., parent=...,
> flags=<optimized out>, nargs=0, native=0x170338 <obj_toSource(JSContext*,
> unsigned int, JS::Value*)>, funobjArg=..., cx=0x53e610) at
> ./js/src/jsfun.cpp:1561
> #8 js::DefineFunction ([email protected]=0x53e610, obj=..., id=...,
> native=0x170338 <obj_toSource(JSContext*, unsigned int, JS::Value*)>,
> nargs=<optimized out>, flags=0, [email protected]=512,
> allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, newKind=js::GenericObject) at
> ./js/src/jsfun.cpp:1688
> #9 0x00000000001fc2a4 in JS_DefineFunctions ([email protected]=0x53e610,
> objArg=<optimized out>, fs=0x4e6aa8 <js::object_methods>) at
> ./js/src/jsapi.cpp:4902
> #10 0x00000000001389f4 in js::DefinePropertiesAndBrand (fs=<optimized out>,
> ps=0x0, obj_=<optimized out>, cx=0x53e610) at ./js/src/vm/GlobalObject.cpp:561
> #11 js::GlobalObject::initFunctionAndObjectClasses (this=<optimized out>,
> [email protected]=0x53e610) at ./js/src/vm/GlobalObject.cpp:314
> #12 0x0000000000139204 in js::GlobalObject::initStandardClasses
> ([email protected]=0x53e610, global=...) at ./js/src/vm/GlobalObject.cpp:456
> #13 0x00000000001b116c in JSRuntime::initSelfHosting
> ([email protected]=0x520af0, [email protected]=0x53e610) at
> ./js/src/vm/SelfHosting.cpp:655
> #14 0x0000000000220b08 in js::NewContext (rt=0x520af0, [email protected]=0x0,
> [email protected]=8192) at ./js/src/jscntxt.cpp:318
> #15 0x00000000001f18e4 in JS_NewContext (rt=0x0, [email protected]=0x520af0,
> stackChunkSize=8192) at ./js/src/jsapi.cpp:1229
> #16 0x000000000010bba8 in NewContext ([email protected]=0x520af0) at
> ./js/src/shell/js.cpp:4762
> #17 0x0000000000106660 in main (argc=<optimized out>, argv=<optimized out>,
> envp=0x7fefffff6d8) at ./js/src/shell/js.cpp:5364

--------

With gjs, gjs-dbgsym, libgjs0e-dbgsym in addition to the packages mentioned
above:
> [email protected] ~ % gdb gjs-console
> ...
> (gdb) set pagination off
> (gdb) run
> Starting program: /usr/bin/gjs-console
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
> (gdb) [New Thread 0xffff800106f43910 (LWP 248917)]
> [New Thread 0xffff800107785910 (LWP 248918)]
>
> Thread 1 "gjs-console" received signal SIGSEGV, Segmentation fault.
> js::ObjectImpl::setFlag ([email protected]=0x107a06040, [email protected]=0x246e90,
> [email protected]=8,
> [email protected]=js::ObjectImpl::GENERATE_SHAPE) at
> ./js/src/vm/Shape.cpp:1116
> 1116 ./js/src/vm/Shape.cpp: No such file or directory.
> (gdb) bt
> #0 js::ObjectImpl::setFlag ([email protected]=0x107a06040,
> [email protected]=0x246e90, [email protected]=8,
> [email protected]=js::ObjectImpl::GENERATE_SHAPE) at
> ./js/src/vm/Shape.cpp:1116
> #1 0xffff800102950354 in JSObject::setDelegate (cx=0x246e90, this=<optimized
> out>) at ./jsobjinlines.h:782
> #2 JSCompartment::getNewType (this=0x247890, [email protected]=0x246e90,
> [email protected]=0xffff800102b852e0 <JSFunction::class_>, proto_=...,
> [email protected]=0x0) at ./js/src/jsinfer.cpp:6073
> #3 0xffff8001029507e0 in JSObject::getNewType (this=0x107a06040,
> [email protected]=0x246e90, [email protected]=0xffff800102b852e0
> <JSFunction::class_>, [email protected]=0x0) at ./js/src/jsinfer.cpp:6134
> #4 0xffff8001029790a8 in js::NewObjectWithClassProtoCommon (cx=0x246e90,
> clasp=0xffff800102b852e0 <JSFunction::class_>, protoArg=<optimized out>,
> parentArg=0xffff800107a05020, allocKind=<optimized out>, newKind=<optimized
> out>) at ./js/src/jsobj.cpp:1383
> #5 0xffff800102979334 in js::NewObjectWithClassProtoCommon
> ([email protected]=0x246e90, clasp=0x7feffffe850, protoArg=0x7feffffe860,
> [email protected]=0x0, parentArg=0xffff800102853a30 <obj_toSource(JSContext*,
> unsigned int, JS::Value*)>,
> [email protected]=js::gc::FINALIZE_OBJECT4_BACKGROUND,
> [email protected]=js::SingletonObject) at ./js/src/jsobj.cpp:1343
> #6 0xffff80010292efe8 in js::NewObjectWithClassProto
> (newKind=js::SingletonObject, allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND,
> parent=<optimized out>, proto=0x0, clasp=0xffff800102b852e0
> <JSFunction::class_>, cx=0x246e90) at ./jsobjinlines.h:1493
> #7 js::NewFunction (newKind=js::SingletonObject,
> allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, atom=..., parent=...,
> flags=<optimized out>, nargs=0, native=0xffff800102853a30
> <obj_toSource(JSContext*, unsigned int, JS::Value*)>, funobjArg=...,
> cx=0x246e90) at ./js/src/jsfun.cpp:1561
> #8 js::DefineFunction ([email protected]=0x246e90, obj=..., id=...,
> native=0xffff800102853a30 <obj_toSource(JSContext*, unsigned int,
> JS::Value*)>, nargs=<optimized out>, flags=0, [email protected]=512,
> allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, newKind=js::GenericObject) at
> ./js/src/jsfun.cpp:1688
> #9 0xffff8001028dd31c in JS_DefineFunctions ([email protected]=0x246e90,
> objArg=<optimized out>, fs=0xffff800102b76c40 <js::object_methods>) at
> ./js/src/jsapi.cpp:4902
> #10 0xffff80010281c094 in js::DefinePropertiesAndBrand (fs=<optimized out>,
> ps=0x0, obj_=<optimized out>, cx=0x246e90) at ./js/src/vm/GlobalObject.cpp:561
> #11 js::GlobalObject::initFunctionAndObjectClasses (this=<optimized out>,
> [email protected]=0x246e90) at ./js/src/vm/GlobalObject.cpp:314
> #12 0xffff80010281c8a4 in js::GlobalObject::initStandardClasses
> ([email protected]=0x246e90, global=...) at ./js/src/vm/GlobalObject.cpp:456
> #13 0xffff800102891a18 in JSRuntime::initSelfHosting
> ([email protected]=0x228000, [email protected]=0x246e90) at
> ./js/src/vm/SelfHosting.cpp:655
> #14 0xffff8001029008b0 in js::NewContext (rt=0x228000, [email protected]=0x0,
> [email protected]=8192) at ./js/src/jscntxt.cpp:318
> #15 0xffff8001028d2a70 in JS_NewContext (rt=0x0,
> [email protected]=8192) at ./js/src/jsapi.cpp:1229
> #16 0xffff80010049bdf0 in gjs_context_constructed (object=0x227000) at
> gjs/context.cpp:419
> #17 0xffff80010013e8e4 in ?? () from
> /usr/lib/sparc64-linux-gnu/libgobject-2.0.so.0
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)



Programming list archiving by: Enterprise Git Hosting