Source: mozjs60
Version: 60.2.1-1
Severity: serious
Tags: ftbfs help
X-Debbugs-Cc: debian-s390@lists.debian.org
User: debian-s390@lists.debian.org
Usertags: s390x

Most of the test cases provided with mozjs60 crash:

grep '^TEST-' s390x.log | cut -d' ' -f1 | sort | uniq -c
   1714 TEST-KNOWN-FAIL
   6923 TEST-PASS
  28635 TEST-UNEXPECTED-FAIL

See 
https://buildd.debian.org/status/fetch.php?pkg=mozjs60&arch=s390x&ver=60.2.1-1&stamp=1537442189&raw=0
for a full log. You'll see that the result of many tests is "rc = -11"
(I think that's signal 11, or SIGSEGV).

After reproducing this on the porterbox zelenka, a backtrace from one
such crash is below. The js interpreter seems to be crashing during a
garbage collection pass triggered during process shutdown.

This is a regression since mozjs52, in which only a few tests failed
(#878286). I'm willing to ignore a few isolated test failures, but when
80% of the tests fail, I don't think we can be confident that mozjs60
is at all usable on s390x.

We can't upgrade gjs to a version that uses mozjs60 until either this is
fixed somehow, or gjs and its dependencies (notably GNOME Shell) are
removed from s390x. The architecture-specific removal seems a more likely
short term solution; if this is done I'll downgrade this bug to important.

Thanks,
    smcv

% gdb /home/smcv/mozjs60/debian/build/dist/bin/js js/src/tests/core
Core was generated by `/home/smcv/mozjs60/debian/build/dist/bin/js -f shell.js 
-f test262/shell.js -f'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  ContextToPC (context=0x3fff7e7d740) at 
./js/src/wasm/WasmSignalHandlers.cpp:452
452         MOZ_CRASH();
[Current thread is 1 (Thread 0x3ffad574750 (LWP 63693))]
Loading JavaScript value pretty-printers; see js/src/gdb/README.
If they cause trouble, type: disable pretty-printer .* SpiderMonkey
SpiderMonkey unwinder is disabled by default, to enable it type:
        enable unwinder .* SpiderMonkey
(gdb) bt
#0  0x0000000112a11e96 in ContextToPC (context=0x3fff7e7d740) at 
./js/src/wasm/WasmSignalHandlers.cpp:452
#1  0x0000000112a11e96 in HandleFault (info=0x3fff7e7d6c0, ctx=0x3fff7e7d740, 
signum=<optimized out>)
    at ./js/src/wasm/WasmSignalHandlers.cpp:1399
#2  0x0000000112a11e96 in WasmFaultHandler(int, siginfo_t*, void*) 
(signum=<optimized out>, info=0x3fff7e7d6c0, context=0x3fff7e7d740) at 
./js/src/wasm/WasmSignalHandlers.cpp:1477
#3  0x000003fff7e7d6b8 in <signal handler called> ()
#4  0x0000000112aa6f04 in 
js::ProtectedData<js::CheckZoneGroup<(js::AllowedHelperThread)0>, unsigned 
int>::operator++(int) (this=0x7b0) at ./js/src/threading/ProtectedData.h:95
#5  0x0000000112aa6f04 in js::TenuringTracer::moveToTenured(JSString*) 
(this=0x3fff7e7dde8, src=Python Exception <class 'UnicodeEncodeError'> 'ascii' 
codec can't encode characters in position 3-4: ordinal not in range(128):
)
    at ./js/src/gc/Marking.cpp:3226
#6  0x0000000112aa70d2 in js::TenuringTracer::traverse<JSString>(JSString**) 
(this=this@entry=0x3fff7e7dde8, strp=0x11a89d598) at 
./js/src/gc/Marking.cpp:2743
#7  0x0000000112ab2d68 in 
js::gc::StoreBuffer::CellPtrEdge::trace(js::TenuringTracer&) const 
(this=this@entry=0x11a608e58, mover=...) at ./js/src/gc/Marking.cpp:2919
#8  0x0000000112ab2da8 in 
js::gc::StoreBuffer::MonoTypeBuffer<js::gc::StoreBuffer::CellPtrEdge>::trace(js::gc::StoreBuffer*,
 js::TenuringTracer&) (this=this@entry=0x11a608e40, owner=<error reading 
variable: value has been optimized out>, mover=...) at 
./js/src/gc/StoreBuffer.h:236
#9  0x0000000112ac8c00 in js::gc::StoreBuffer::traceCells(js::TenuringTracer&) 
(mover=..., this=<optimized out>)
    at ./js/src/gc/StoreBuffer.h:440
#10 0x0000000112ac8c00 in js::Nursery::doCollection(JS::gcreason::Reason, 
js::gc::TenureCountCache&) (this=this@entry=0x11a608af8, 
reason=reason@entry=315707392, tenureCounts=...) at ./js/src/gc/Nursery.cpp:858
#11 0x0000000112ac9ffa in js::Nursery::collect(JS::gcreason::Reason) 
(this=this@entry=0x11a608af8, 
reason=reason@entry=JS::gcreason::DESTROY_RUNTIME) at 
./js/src/gc/Nursery.cpp:724
#12 0x0000000112a79f76 in js::gc::GCRuntime::minorGC(JS::gcreason::Reason, 
js::gcstats::PhaseKind) (this=this@entry=0x11a6069a8, 
reason=reason@entry=JS::gcreason::DESTROY_RUNTIME, 
phase=phase@entry=js::gcstats::PhaseKind::EVICT_NURSERY_FOR_MAJOR_GC) at 
./js/src/threading/ProtectedData.h:98
#13 0x0000000112a9f340 in js::gc::GCRuntime::minorGC(JS::gcreason::Reason, 
js::gcstats::PhaseKind) 
(phase=js::gcstats::PhaseKind::EVICT_NURSERY_FOR_MAJOR_GC, 
reason=JS::gcreason::DESTROY_RUNTIME, this=0x11a6069a8)
    at ./debian/build/dist/include/mozilla/ThreadLocal.h:223
#14 0x0000000112a9f340 in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, 
JS::gcreason::Reason) (this=this@entry=0x11a6069a8, 
nonincrementalByAPI=nonincrementalByAPI@entry=true, budget=..., 
reason=reason@entry=JS::gcreason::DESTROY_RUNTIME) at ./js/src/gc/GC.cpp:7365
#15 0x0000000112a9f73e in js::gc::GCRuntime::collect(bool, js::SliceBudget, 
JS::gcreason::Reason) (this=this@entry=0x11a6069a8, 
nonincrementalByAPI=nonincrementalByAPI@entry=true, budget=..., 
reason=reason@entry=JS::gcreason::DESTROY_RUNTIME) at ./js/src/gc/GC.cpp:7556
#16 0x0000000112a9f8ac in js::gc::GCRuntime::gc(JSGCInvocationKind, 
JS::gcreason::Reason) (this=this@entry=0x11a6069a8, 
gckind=gckind@entry=GC_NORMAL, 
reason=reason@entry=JS::gcreason::DESTROY_RUNTIME)
    at ./debian/build/dist/include/js/SliceBudget.h:61
#17 0x00000001128e415c in JSRuntime::destroyRuntime() (this=0x11a6064b0) at 
./js/src/vm/Runtime.cpp:316
#18 0x0000000112875b82 in js::DestroyContext(JSContext*) (cx=0x11a60b130) at 
./js/src/vm/JSContext.h:305
#19 0x000000011242fb1e in main(int, char**, char**) (argc=<optimized out>, 
argv=<optimized out>, envp=<optimized out>) at ./js/src/shell/js.cpp:9431

Reply via email to