Re: Bug#827815: libmozjs-24-0: initialization segfaults on sparc64

To: 827815@bugs.debian.org, debian-sparc@lists.debian.org
Subject: Re: Bug#827815: libmozjs-24-0: initialization segfaults on sparc64
From: Simon McVittie <smcv@debian.org>
Date: Sun, 15 Jan 2017 15:57:59 +0000
Message-id: <[🔎] 20170115155759.blxo4iqrrbsdywoh@perpetual.pseudorandom.co.uk>
In-reply-to: <20160706210031.GB14809@perpetual.pseudorandom.co.uk>
References: <146548294799.27660.17753325622213203284.reportbug@ghostwheel.internal.ucko.debian.net> <20160609182837.GB25090@perpetual.pseudorandom.co.uk> <20160706195808.GA14809@perpetual.pseudorandom.co.uk> <20160706210031.GB14809@perpetual.pseudorandom.co.uk>

Control: retitle 827815 libmozjs-24-0: initialization segfaults on sparc64
Control: user debian-sparc@lists.debian.org
Control: usertags 827815 + sparc64

This is easy to reproduce on the sparc64 porterbox, with or without gjs.
Possibly related to <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824449>
since standalone mozjs (SpiderMonkey) is essentially a fork of the Firefox
JavaScript engine.

Sample backtraces below. The expected result of running either js24 or
gjs-console is an interactive prompt at which you can type
print("hello, world!") and get "hello, world!" printed in response.

mozjs24 currently ignores errors during "make check" because not all
tests are reliable, but it would be great if it tried something simpler
like

    js24 -e 'print("hello, world!")'

and made the package FTBFS if that didn't work - that would avoid dependent
packages like gjs being built, but actually being unusable, on sparc64.

Regards,
    S

--------

With libmozjs-24-bin, libmozjs-24-bin-dbg and libmozjs-24-0-dbg:
> smcv@notker ~ % gdb js24
> ...
> (gdb) run
> Starting program: /usr/bin/js24 
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
> [New Thread 0xffff800101889910 (LWP 250203)]
> [New Thread 0xffff800102089910 (LWP 250204)]
> 
> Thread 1 "js24" received signal SIGSEGV, Segmentation fault.
> js::ObjectImpl::setFlag (this=this@entry=0x102306040, cx=cx@entry=0x53e610, 
>     flag_=flag_@entry=8, generateShape=generateShape@entry=js::ObjectImpl::GENERATE_SHAPE)
>     at ./js/src/vm/Shape.cpp:1116
> 1116	./js/src/vm/Shape.cpp: No such file or directory.
> (gdb) set pagination off
> (gdb) thread apply all bt
> 
> Thread 3 (Thread 0xffff800102089910 (LWP 250204)):
> #0  0xffff8001001365a4 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/sparc64-linux-gnu/libpthread.so.0
> #1  0xffff80010047e5d8 in PR_WaitCondVar () from /usr/lib/sparc64-linux-gnu/libnspr4.so
> #2  0x00000000002d9150 in js::SourceCompressorThread::threadLoop (this=0x521940) at ./js/src/jsscript.cpp:1094
> #3  js::SourceCompressorThread::compressorThread (arg=0x521940) at ./js/src/jsscript.cpp:965
> #4  0xffff800100484620 in ?? () from /usr/lib/sparc64-linux-gnu/libnspr4.so
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)
> 
> Thread 2 (Thread 0xffff800101889910 (LWP 250203)):
> #0  0xffff8001001365a4 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/sparc64-linux-gnu/libpthread.so.0
> #1  0xffff80010047e5d8 in PR_WaitCondVar () from /usr/lib/sparc64-linux-gnu/libnspr4.so
> #2  0x000000000025d9a4 in js::GCHelperThread::threadLoop (this=0x521868) at ./js/src/jsgc.cpp:2266
> #3  0xffff800100484620 in ?? () from /usr/lib/sparc64-linux-gnu/libnspr4.so
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)
> 
> Thread 1 (Thread 0xffff800100030f60 (LWP 250200)):
> #0  js::ObjectImpl::setFlag (this=this@entry=0x102306040, cx=cx@entry=0x53e610, flag_=flag_@entry=8, generateShape=generateShape@entry=js::ObjectImpl::GENERATE_SHAPE) at ./js/src/vm/Shape.cpp:1116
> #1  0x0000000000276b94 in JSObject::setDelegate (cx=0x53e610, this=<optimized out>) at ./jsobjinlines.h:782
> #2  JSCompartment::getNewType (this=0x53efd0, cx=cx@entry=0x53e610, clasp=clasp@entry=0x4f2e10 <JSFunction::class_>, proto_=..., fun_=fun_@entry=0x0) at ./js/src/jsinfer.cpp:6073
> #3  0x0000000000277020 in JSObject::getNewType (this=0x102306040, cx=cx@entry=0x53e610, clasp=clasp@entry=0x4f2e10 <JSFunction::class_>, fun=fun@entry=0x0) at ./js/src/jsinfer.cpp:6134
> #4  0x000000000029f938 in js::NewObjectWithClassProtoCommon (cx=0x53e610, clasp=0x4f2e10 <JSFunction::class_>, protoArg=<optimized out>, parentArg=0xffff800102305020, allocKind=<optimized out>, newKind=<optimized out>) at ./js/src/jsobj.cpp:1383
> #5  0x000000000029fbc4 in js::NewObjectWithClassProtoCommon (cx=cx@entry=0x53e610, clasp=0x7feffffec60, protoArg=0x7feffffec70, protoArg@entry=0x0, parentArg=0x170338 <obj_toSource(JSContext*, unsigned int, JS::Value*)>, allocKind=allocKind@entry=js::gc::FINALIZE_OBJECT4_BACKGROUND, newKind=newKind@entry=js::SingletonObject) at ./js/src/jsobj.cpp:1343
> #6  0x00000000002506b8 in js::NewObjectWithClassProto (newKind=js::SingletonObject, allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, parent=<optimized out>, proto=0x0, clasp=0x4f2e10 <JSFunction::class_>, cx=0x53e610) at ./jsobjinlines.h:1493
> #7  js::NewFunction (newKind=js::SingletonObject, allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, atom=..., parent=..., flags=<optimized out>, nargs=0, native=0x170338 <obj_toSource(JSContext*, unsigned int, JS::Value*)>, funobjArg=..., cx=0x53e610) at ./js/src/jsfun.cpp:1561
> #8  js::DefineFunction (cx=cx@entry=0x53e610, obj=..., id=..., native=0x170338 <obj_toSource(JSContext*, unsigned int, JS::Value*)>, nargs=<optimized out>, flags=0, flags@entry=512, allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, newKind=js::GenericObject) at ./js/src/jsfun.cpp:1688
> #9  0x00000000001fc2a4 in JS_DefineFunctions (cx=cx@entry=0x53e610, objArg=<optimized out>, fs=0x4e6aa8 <js::object_methods>) at ./js/src/jsapi.cpp:4902
> #10 0x00000000001389f4 in js::DefinePropertiesAndBrand (fs=<optimized out>, ps=0x0, obj_=<optimized out>, cx=0x53e610) at ./js/src/vm/GlobalObject.cpp:561
> #11 js::GlobalObject::initFunctionAndObjectClasses (this=<optimized out>, cx=cx@entry=0x53e610) at ./js/src/vm/GlobalObject.cpp:314
> #12 0x0000000000139204 in js::GlobalObject::initStandardClasses (cx=cx@entry=0x53e610, global=...) at ./js/src/vm/GlobalObject.cpp:456
> #13 0x00000000001b116c in JSRuntime::initSelfHosting (this=this@entry=0x520af0, cx=cx@entry=0x53e610) at ./js/src/vm/SelfHosting.cpp:655
> #14 0x0000000000220b08 in js::NewContext (rt=0x520af0, rt@entry=0x0, stackChunkSize=stackChunkSize@entry=8192) at ./js/src/jscntxt.cpp:318
> #15 0x00000000001f18e4 in JS_NewContext (rt=0x0, rt@entry=0x520af0, stackChunkSize=8192) at ./js/src/jsapi.cpp:1229
> #16 0x000000000010bba8 in NewContext (rt=rt@entry=0x520af0) at ./js/src/shell/js.cpp:4762
> #17 0x0000000000106660 in main (argc=<optimized out>, argv=<optimized out>, envp=0x7fefffff6d8) at ./js/src/shell/js.cpp:5364

--------

With gjs, gjs-dbgsym, libgjs0e-dbgsym in addition to the packages mentioned
above:
> smcv@notker ~ % gdb gjs-console
> ...
> (gdb) set pagination off
> (gdb) run
> Starting program: /usr/bin/gjs-console 
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
> (gdb) [New Thread 0xffff800106f43910 (LWP 248917)]
> [New Thread 0xffff800107785910 (LWP 248918)]
> 
> Thread 1 "gjs-console" received signal SIGSEGV, Segmentation fault.
> js::ObjectImpl::setFlag (this=this@entry=0x107a06040, cx=cx@entry=0x246e90, flag_=flag_@entry=8, generateShape=generateShape@entry=js::ObjectImpl::GENERATE_SHAPE) at ./js/src/vm/Shape.cpp:1116
> 1116	./js/src/vm/Shape.cpp: No such file or directory.
> (gdb) bt
> #0  js::ObjectImpl::setFlag (this=this@entry=0x107a06040, cx=cx@entry=0x246e90, flag_=flag_@entry=8, generateShape=generateShape@entry=js::ObjectImpl::GENERATE_SHAPE) at ./js/src/vm/Shape.cpp:1116
> #1  0xffff800102950354 in JSObject::setDelegate (cx=0x246e90, this=<optimized out>) at ./jsobjinlines.h:782
> #2  JSCompartment::getNewType (this=0x247890, cx=cx@entry=0x246e90, clasp=clasp@entry=0xffff800102b852e0 <JSFunction::class_>, proto_=..., fun_=fun_@entry=0x0) at ./js/src/jsinfer.cpp:6073
> #3  0xffff8001029507e0 in JSObject::getNewType (this=0x107a06040, cx=cx@entry=0x246e90, clasp=clasp@entry=0xffff800102b852e0 <JSFunction::class_>, fun=fun@entry=0x0) at ./js/src/jsinfer.cpp:6134
> #4  0xffff8001029790a8 in js::NewObjectWithClassProtoCommon (cx=0x246e90, clasp=0xffff800102b852e0 <JSFunction::class_>, protoArg=<optimized out>, parentArg=0xffff800107a05020, allocKind=<optimized out>, newKind=<optimized out>) at ./js/src/jsobj.cpp:1383
> #5  0xffff800102979334 in js::NewObjectWithClassProtoCommon (cx=cx@entry=0x246e90, clasp=0x7feffffe850, protoArg=0x7feffffe860, protoArg@entry=0x0, parentArg=0xffff800102853a30 <obj_toSource(JSContext*, unsigned int, JS::Value*)>, allocKind=allocKind@entry=js::gc::FINALIZE_OBJECT4_BACKGROUND, newKind=newKind@entry=js::SingletonObject) at ./js/src/jsobj.cpp:1343
> #6  0xffff80010292efe8 in js::NewObjectWithClassProto (newKind=js::SingletonObject, allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, parent=<optimized out>, proto=0x0, clasp=0xffff800102b852e0 <JSFunction::class_>, cx=0x246e90) at ./jsobjinlines.h:1493
> #7  js::NewFunction (newKind=js::SingletonObject, allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, atom=..., parent=..., flags=<optimized out>, nargs=0, native=0xffff800102853a30 <obj_toSource(JSContext*, unsigned int, JS::Value*)>, funobjArg=..., cx=0x246e90) at ./js/src/jsfun.cpp:1561
> #8  js::DefineFunction (cx=cx@entry=0x246e90, obj=..., id=..., native=0xffff800102853a30 <obj_toSource(JSContext*, unsigned int, JS::Value*)>, nargs=<optimized out>, flags=0, flags@entry=512, allocKind=js::gc::FINALIZE_OBJECT4_BACKGROUND, newKind=js::GenericObject) at ./js/src/jsfun.cpp:1688
> #9  0xffff8001028dd31c in JS_DefineFunctions (cx=cx@entry=0x246e90, objArg=<optimized out>, fs=0xffff800102b76c40 <js::object_methods>) at ./js/src/jsapi.cpp:4902
> #10 0xffff80010281c094 in js::DefinePropertiesAndBrand (fs=<optimized out>, ps=0x0, obj_=<optimized out>, cx=0x246e90) at ./js/src/vm/GlobalObject.cpp:561
> #11 js::GlobalObject::initFunctionAndObjectClasses (this=<optimized out>, cx=cx@entry=0x246e90) at ./js/src/vm/GlobalObject.cpp:314
> #12 0xffff80010281c8a4 in js::GlobalObject::initStandardClasses (cx=cx@entry=0x246e90, global=...) at ./js/src/vm/GlobalObject.cpp:456
> #13 0xffff800102891a18 in JSRuntime::initSelfHosting (this=this@entry=0x228000, cx=cx@entry=0x246e90) at ./js/src/vm/SelfHosting.cpp:655
> #14 0xffff8001029008b0 in js::NewContext (rt=0x228000, rt@entry=0x0, stackChunkSize=stackChunkSize@entry=8192) at ./js/src/jscntxt.cpp:318
> #15 0xffff8001028d2a70 in JS_NewContext (rt=0x0, stackChunkSize=stackChunkSize@entry=8192) at ./js/src/jsapi.cpp:1229
> #16 0xffff80010049bdf0 in gjs_context_constructed (object=0x227000) at gjs/context.cpp:419
> #17 0xffff80010013e8e4 in ?? () from /usr/lib/sparc64-linux-gnu/libgobject-2.0.so.0
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Reply to:

Follow-Ups:
- Re: Bug#827815: libmozjs-24-0: initialization segfaults on sparc64
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

Prev by Date: Bug#851176: FTBFS on sparc64: invalid heap expanding (base_length: 89, GC.stat[:heap_eden_pages]: 92)
Next by Date: Re: Bug#827815: libmozjs-24-0: initialization segfaults on sparc64
Previous by thread: Bug#851176: FTBFS on sparc64: invalid heap expanding (base_length: 89, GC.stat[:heap_eden_pages]: 92)
Next by thread: Re: Bug#827815: libmozjs-24-0: initialization segfaults on sparc64
Index(es):
- Date
- Thread