Bug#768360: iceweasel: crashes with Illegal instruction at startup

Mike Hommey mh at glandium.org
Sat Nov 8 23:30:58 UTC 2014 

On Sat, Nov 08, 2014 at 01:22:04PM +0100, Ondrej Zary wrote:
> 
> 
> On Saturday 08 November 2014 08:04:08 Mike Hommey wrote:
> > On Sat, Nov 08, 2014 at 12:04:09AM +0100, Ondrej Zary wrote:
> > > On Friday 07 November 2014 23:32:55 Mike Hommey wrote:
> > > > On Fri, Nov 07, 2014 at 09:24:23PM +0100, Ondrej Zary wrote:
> > > > > Program received signal SIGILL, Illegal instruction.
> > > > > [Switching to Thread 0xab7feb70 (LWP 7670)]
> > > > > 0xad42fbf2 in ?? ()
> > > > > (gdb) disassemble
> > > > > No function contains program counter for selected frame.
> > > > > (gdb) 
> > > > 
> > > > Try disassemble 0xad42fbf2,+10 (adapting to whatever new address you get
> > > > on next attempt)
> > > 
> > > 
> > > Thanks, it looks good now:
> > > 
> > > Program received signal SIGILL, Illegal instruction.
> > > [Switching to Thread 0xab7feb70 (LWP 12776)]
> > > 0xaec24272 in ?? ()
> > > (gdb) disassemble 0xaec24272,+10
> > > Dump of assembler code from 0xaec24272 to 0xaec2427c:
> > > => 0xaec24272:  xorpd  %xmm0,%xmm0
> > >    0xaec24276:  cvtsi2sd %edx,%xmm0
> > >    0xaec2427a:  jmp    0xaec2428a
> > > End of assembler dump.
> > > 
> > > xorpd is a SSE instruction :(. I wonder if this is just a compiler flag problem or this crap is generated by Firefox JIT compiler?
> > 
> > Could you give a try to version 33.0, 34.0 and/or 35.0 from
> > mozilla.debian.net?
> 
> 33.0-2~bpo70+1 crashes the same way even in safe mode:
> 
> Program received signal SIGILL, Illegal instruction.
> [Switching to Thread 0xaaefeb70 (LWP 14874)]
> 0xac6350b2 in ?? ()
> (gdb) disassemble 0xac6350b2,+10
> Dump of assembler code from 0xac6350b2 to 0xac6350bc:
> => 0xac6350b2:  xorpd  %xmm0,%xmm0
>    0xac6350b6:  cvtsi2sd %edx,%xmm0
>    0xac6350ba:  jmp    0xac6350ca
> End of assembler dump.
> 
> 
> 34.0~b1-1~bpo70+1 works in safe mode but crashes in normal mode:
> 
> Program received signal SIGILL, Illegal instruction.
> 0xb0d09a16 in ?? ()
> (gdb) disassemble 0xb0d09a16,+10
> Dump of assembler code from 0xb0d09a16 to 0xb0d09a20:
> => 0xb0d09a16:  movsd  %xmm7,0x38(%esp)
>    0xb0d09a1c:  movsd  %xmm6,0x30(%esp)
> End of assembler dump.
> 
> 
> 35.0~a2+20141017004001-1~bpo70+1 works in safe mode but crashes in normal mode:
> 
> Program received signal SIGILL, Illegal instruction.
> 0xafe0d4b7 in ?? ()
> (gdb) disassemble 0xafe0d4b7,+10
> Dump of assembler code from 0xafe0d4b7 to 0xafe0d4c1:
> => 0xafe0d4b7:  unpcklps %xmm7,%xmm0
>    0xafe0d4ba:  cmp    $0xffffff80,%eax
>    0xafe0d4bd:  jb     0xafe0d4d9
> End of assembler dump.
> 
> (~/.mozilla removed before each run)

Okay, so despite all the changes in the related code, this was not
fixed. I now need to know if this is a bug in cpu detection or in the
code deciding what to JIT features to enabled based on the cpu
detection.

In gdb, after the crash, with version 31, could you report what the
following command prints out?

gdb> print JSC::MacroAssemblerX86Common::s_sseCheckState

Thanks

Mike

More information about the pkg-mozilla-maintainers mailing list