Launchpad has imported 5 comments from the remote bug at https://bugzilla.mozilla.org/show_bug.cgi?id=2024326.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2026-03-18T17:22:13+00:00 Alessandro Astone wrote: Steps to reproduce: mozjs (downstream SpiderMonkey in shared-library form) crashes with SIGBUS on armhf due to a memory alignment issue in ConditionVariableImpl stacktrace: #0 0xb5091ffc in __atomic_wide_counter_fetch_add_acquire (c=0x4288bc, val=2) at ../include/atomic_wide_counter.h:50 #1 __condvar_fetch_add_wseq_acquire (cond=0x4288bc, val=2) at pthread_cond_common.c:40 #2 __pthread_cond_wait_common (cond=0x4288bc, mutex=0xb6fc3738 <js::gHelperThreadLock>, clockid=0, abstime=0x0) at pthread_cond_wait.c:350 #3 ___pthread_cond_wait (cond=0x4288bc, mutex=0xb6fc3738 <js::gHelperThreadLock>) at pthread_cond_wait.c:453 #4 0xb5bd99f4 in mozilla::detail::ConditionVariableImpl::wait (this=this@entry=0x4288bc, lock=...) at /usr/src/mozjs140-140.7.0-2/mozglue/misc/ConditionVariable_posix.cpp:106 #5 0xb54f5bd6 in js::ConditionVariable::wait (this=0x4288bc, lock=...) at /usr/src/mozjs140-140.7.0-2/js/src/threading/ConditionVariable.h:52 #6 js::ConditionVariable::wait (this=0x4288bc, lock=...) at /usr/src/mozjs140-140.7.0-2/js/src/threading/ConditionVariable.h:58 #7 js::HelperThread::threadLoop (this=this@entry=0x4288b0, pool=pool@entry=0x4262d0) at /usr/src/mozjs140-140.7.0-2/js/src/vm/InternalThreadPool.cpp:316 #8 0xb54f5c36 in js::HelperThread::ThreadMain (pool=0x4262d0, helper=0x4288b0) at /usr/src/mozjs140-140.7.0-2/js/src/vm/InternalThreadPool.cpp:251 #9 0xb54f06f2 in js::detail::ThreadTrampoline<void (&)(js::InternalThreadPool*, js::HelperThread*), js::InternalThreadPool*&, js::HelperThread*>::callMain<0u, 1u> (this=0x428900) at /usr/src/mozjs140-140.7.0-2/js/src/threading/Thread.h:228 #10 js::detail::ThreadTrampoline<void (&)(js::InternalThreadPool*, js::HelperThread*), js::InternalThreadPool*&, js::HelperThread*>::Start (aPack=0x428900) at /usr/src/mozjs140-140.7.0-2/js/src/threading/Thread.h:217 #11 0xb50926f8 in start_thread (arg=0xb44003a0) at pthread_create.c:454 #12 0xb50e6978 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone3.S:71 from /usr/lib/arm-linux-gnueabihf/libc.so.6 Reply at: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2144310/comments/4 ------------------------------------------------------------------------ On 2026-03-18T17:33:09+00:00 Alessandro Astone wrote: Created attachment 9554282 Bug 2024326 - Mutex,ConditionVariable: Clear up misleading comment about alignment r=jandem,glandium This assert is valuable as it ensure that the platformData_ size does not get truncated because of the integer division sizeof(pthread_cond_t) / sizeof(void*) but it does not actually verify the alignment. Reply at: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2144310/comments/5 ------------------------------------------------------------------------ On 2026-03-18T17:33:23+00:00 Alessandro Astone wrote: Created attachment 9554283 Bug 2024326 - Mutex,ConditionVariable: Ensure alignment of platformData r=jandem,glandium platformData_ is defined as a void*[] but it will be used to hold a pthread_mutex_t/pthread_cond_t. We must ensure that its address is aligned the same way as (or stricter than) a pthread_mutex_t/pthread_cond_t. Reply at: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2144310/comments/6 ------------------------------------------------------------------------ On 2026-03-18T17:42:00+00:00 Release-mgmt-account-bot wrote: The [Bugbug](https://github.com/mozilla/bugbug/) bot thinks this bug should belong to the 'Core::JavaScript Engine' component, and is moving the bug to that component. Please correct in case you think the bot is wrong. Reply at: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2144310/comments/7 ------------------------------------------------------------------------ On 2026-03-18T17:44:40+00:00 Alessandro Astone wrote: I have patches here: https://phabricator.services.mozilla.com/D288470, https://phabricator.services.mozilla.com/D288470 So far untested, waiting for the armhf builders in launchpad.net Reply at: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2144310/comments/8 ** Changed in: firefox Status: Unknown => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2144310 Title: glibc 2.43-2ubuntu1 appears to cause mozjs to segfault on armhf To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/2144310/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
