On 09/24/2018 10:18 PM, Simon McVittie wrote: > % gdb /home/smcv/mozjs60/debian/build/dist/bin/js js/src/tests/core > Core was generated by `/home/smcv/mozjs60/debian/build/dist/bin/js -f > shell.js -f test262/shell.js -f'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 ContextToPC (context=0x3fff7e7d740) at > ./js/src/wasm/WasmSignalHandlers.cpp:452 > 452 MOZ_CRASH(); > [Current thread is 1 (Thread 0x3ffad574750 (LWP 63693))] > Loading JavaScript value pretty-printers; see js/src/gdb/README. > If they cause trouble, type: disable pretty-printer .* SpiderMonkey > SpiderMonkey unwinder is disabled by default, to enable it type: > enable unwinder .* SpiderMonkey > (gdb) bt > #0 0x0000000112a11e96 in ContextToPC (context=0x3fff7e7d740) at > ./js/src/wasm/WasmSignalHandlers.cpp:452 > #1 0x0000000112a11e96 in HandleFault (info=0x3fff7e7d6c0, ctx=0x3fff7e7d740, > signum=<optimized out>) > at ./js/src/wasm/WasmSignalHandlers.cpp:1399 > #2 0x0000000112a11e96 in WasmFaultHandler(int, siginfo_t*, void*) > (signum=<optimized out>, info=0x3fff7e7d6c0, context=0x3fff7e7d740) at > ./js/src/wasm/WasmSignalHandlers.cpp:1477
The above bits can be avoided with the patch from https://bugzilla.mozilla.org/1464751. However the below remains, and was also hit by someone from SuSE: https://groups.google.com/forum/#!msg/mozilla.dev.platform/wen_xnpCdfo/fU-Ze7QXAwAJ I wouldn't hold out much hope of a quick fix, so removal on s390x makes sense to me. > #3 0x000003fff7e7d6b8 in <signal handler called> () > #4 0x0000000112aa6f04 in > js::ProtectedData<js::CheckZoneGroup<(js::AllowedHelperThread)0>, unsigned > int>::operator++(int) (this=0x7b0) at ./js/src/threading/ProtectedData.h:95 > #5 0x0000000112aa6f04 in js::TenuringTracer::moveToTenured(JSString*) > (this=0x3fff7e7dde8, src=Python Exception <class 'UnicodeEncodeError'> > 'ascii' codec can't encode characters in position 3-4: ordinal not in > range(128): > ) > at ./js/src/gc/Marking.cpp:3226 > #6 0x0000000112aa70d2 in js::TenuringTracer::traverse<JSString>(JSString**) > (this=this@entry=0x3fff7e7dde8, strp=0x11a89d598) at > ./js/src/gc/Marking.cpp:2743 > #7 0x0000000112ab2d68 in > js::gc::StoreBuffer::CellPtrEdge::trace(js::TenuringTracer&) const > (this=this@entry=0x11a608e58, mover=...) at ./js/src/gc/Marking.cpp:2919 > #8 0x0000000112ab2da8 in > js::gc::StoreBuffer::MonoTypeBuffer<js::gc::StoreBuffer::CellPtrEdge>::trace(js::gc::StoreBuffer*, > js::TenuringTracer&) (this=this@entry=0x11a608e40, owner=<error reading > variable: value has been optimized out>, mover=...) at > ./js/src/gc/StoreBuffer.h:236 > #9 0x0000000112ac8c00 in > js::gc::StoreBuffer::traceCells(js::TenuringTracer&) (mover=..., > this=<optimized out>) > at ./js/src/gc/StoreBuffer.h:440 > #10 0x0000000112ac8c00 in js::Nursery::doCollection(JS::gcreason::Reason, > js::gc::TenureCountCache&) (this=this@entry=0x11a608af8, > reason=reason@entry=315707392, tenureCounts=...) at > ./js/src/gc/Nursery.cpp:858 > #11 0x0000000112ac9ffa in js::Nursery::collect(JS::gcreason::Reason) > (this=this@entry=0x11a608af8, > reason=reason@entry=JS::gcreason::DESTROY_RUNTIME) at > ./js/src/gc/Nursery.cpp:724 > #12 0x0000000112a79f76 in js::gc::GCRuntime::minorGC(JS::gcreason::Reason, > js::gcstats::PhaseKind) (this=this@entry=0x11a6069a8, > reason=reason@entry=JS::gcreason::DESTROY_RUNTIME, > phase=phase@entry=js::gcstats::PhaseKind::EVICT_NURSERY_FOR_MAJOR_GC) at > ./js/src/threading/ProtectedData.h:98 > #13 0x0000000112a9f340 in js::gc::GCRuntime::minorGC(JS::gcreason::Reason, > js::gcstats::PhaseKind) > (phase=js::gcstats::PhaseKind::EVICT_NURSERY_FOR_MAJOR_GC, > reason=JS::gcreason::DESTROY_RUNTIME, this=0x11a6069a8) > at ./debian/build/dist/include/mozilla/ThreadLocal.h:223 > #14 0x0000000112a9f340 in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, > JS::gcreason::Reason) (this=this@entry=0x11a6069a8, > nonincrementalByAPI=nonincrementalByAPI@entry=true, budget=..., > reason=reason@entry=JS::gcreason::DESTROY_RUNTIME) at ./js/src/gc/GC.cpp:7365 > #15 0x0000000112a9f73e in js::gc::GCRuntime::collect(bool, js::SliceBudget, > JS::gcreason::Reason) (this=this@entry=0x11a6069a8, > nonincrementalByAPI=nonincrementalByAPI@entry=true, budget=..., > reason=reason@entry=JS::gcreason::DESTROY_RUNTIME) at ./js/src/gc/GC.cpp:7556 > #16 0x0000000112a9f8ac in js::gc::GCRuntime::gc(JSGCInvocationKind, > JS::gcreason::Reason) (this=this@entry=0x11a6069a8, > gckind=gckind@entry=GC_NORMAL, > reason=reason@entry=JS::gcreason::DESTROY_RUNTIME) > at ./debian/build/dist/include/js/SliceBudget.h:61 > #17 0x00000001128e415c in JSRuntime::destroyRuntime() (this=0x11a6064b0) at > ./js/src/vm/Runtime.cpp:316 > #18 0x0000000112875b82 in js::DestroyContext(JSContext*) (cx=0x11a60b130) at > ./js/src/vm/JSContext.h:305 > #19 0x000000011242fb1e in main(int, char**, char**) (argc=<optimized out>, > argv=<optimized out>, envp=<optimized out>) at ./js/src/shell/js.cpp:9431 > For some more context, with a SEGV at ./js/src/gc/Marking.cpp:3226: (gdb) list 3221 MOZ_ASSERT(IsInsideNursery(src)); 3222 MOZ_ASSERT(!src->zone()->usedByHelperThread()); 3223 3224 AllocKind dstKind = src->getAllocKind(); 3225 Zone* zone = src->zone(); 3226 zone->tenuredStrings++; 3227 3228 TenuredCell* t = zone->arenas.allocateFromFreeList(dstKind, Arena::thingSize(dstKind)); 3229 if (!t) { 3230 AutoEnterOOMUnsafeRegion oomUnsafe; (gdb) p zone $3 = (JS::Zone *) 0x0 Cheers, Julien
