Bug#836533: firefox segfault in 48.0-1+b1 but not 48.0-1

Ben Caradoc-Davies ben at transient.nz
Sat Sep 3 21:23:53 UTC 2016 

I am also seeing a similar firefox segfault in 48.0-1+b1 that does not 
occur in 48.0-1. How do I tell what changed in +b1?

The segfault occurs with a variety of web pages, including Twitter and a 
Google Docs sheet.

Segfault does not occur in safe mode, but manually disabling extensions 
and hardware acceleration does not fix. I am using the default theme.

Starting firefox with a completely new profile (no extensions or 
non-default settings) does not fix.

"MOZILLA_DISABLE_PLUGINS=1 firefox" does not fix.

gdb trace attached.

Workaround is to downgrade to 48.0-1.

Kind regards,

-- 
Ben Caradoc-Davies <ben at transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand
-------------- next part --------------
$ gdb --args firefox
GNU gdb (Debian 7.11.1-2) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from firefox...Reading symbols from /usr/lib/debug//usr/lib/firefox/firefox...done.
done.
(gdb) set pagination off
(gdb) run
Starting program: /usr/bin/firefox 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe7e09700 (LWP 25327)]
[Thread 0x7fffe7e09700 (LWP 25327) exited]
[New Thread 0x7fffe7e09700 (LWP 25329)]
[New Thread 0x7fffdd7ff700 (LWP 25330)]
[New Thread 0x7fffdcffe700 (LWP 25331)]
[New Thread 0x7fffdc3f3700 (LWP 25332)]
[New Thread 0x7fffdbbf2700 (LWP 25333)]
[New Thread 0x7fffdb9f1700 (LWP 25334)]
[New Thread 0x7fffdb7f0700 (LWP 25335)]
[New Thread 0x7fffdb5ef700 (LWP 25336)]
[New Thread 0x7fffdb3ee700 (LWP 25337)]
[New Thread 0x7fffdb1ed700 (LWP 25338)]
[New Thread 0x7fffdafec700 (LWP 25339)]
[New Thread 0x7fffdadeb700 (LWP 25340)]
[New Thread 0x7fffd97ff700 (LWP 25341)]
[New Thread 0x7fffd8ffe700 (LWP 25342)]
[New Thread 0x7fffdd996700 (LWP 25345)]
[New Thread 0x7fffd67ff700 (LWP 25346)]
[New Thread 0x7fffd5369700 (LWP 25348)]
[New Thread 0x7fffd4b68700 (LWP 25349)]
[New Thread 0x7fffd3eff700 (LWP 25350)]
[New Thread 0x7fffd2cff700 (LWP 25351)]
[New Thread 0x7fffd13ff700 (LWP 25353)]
[New Thread 0x7fffd058f700 (LWP 25354)]
[New Thread 0x7fffcf8ff700 (LWP 25356)]
[New Thread 0x7fffcf0fe700 (LWP 25357)]
[New Thread 0x7fffce8fd700 (LWP 25358)]
[New Thread 0x7fffce0fc700 (LWP 25359)]
[New Thread 0x7fffcd6ff700 (LWP 25360)]
[New Thread 0x7fffd4367700 (LWP 25361)]
[New Thread 0x7fffccefe700 (LWP 25362)]
[New Thread 0x7fffcc3ff700 (LWP 25363)]
[New Thread 0x7fffcb4ff700 (LWP 25365)]
[New Thread 0x7fffcaaff700 (LWP 25367)]
[New Thread 0x7fffca2fe700 (LWP 25368)]
[New Thread 0x7fffc9afd700 (LWP 25369)]
Vector smash protection is enabled.
[New Thread 0x7fffc86bf700 (LWP 25382)]
[New Thread 0x7fffc7ebe700 (LWP 25383)]
[New Thread 0x7fffc76bd700 (LWP 25384)]
[New Thread 0x7fffc6ebc700 (LWP 25385)]
[New Thread 0x7fffc64ff700 (LWP 25386)]
[New Thread 0x7fffc60ff700 (LWP 25387)]
[New Thread 0x7fffc58fe700 (LWP 25388)]
[New Thread 0x7fffc4eff700 (LWP 25389)]
[Thread 0x7fffd3eff700 (LWP 25350) exited]
[Thread 0x7fffc76bd700 (LWP 25384) exited]
[Thread 0x7fffc7ebe700 (LWP 25383) exited]
[New Thread 0x7fffc76bd700 (LWP 25390)]
[Thread 0x7fffc86bf700 (LWP 25382) exited]
[New Thread 0x7fffc86bf700 (LWP 25391)]
[Thread 0x7fffc76bd700 (LWP 25390) exited]
[New Thread 0x7fffc7ebe700 (LWP 25392)]
[New Thread 0x7fffd3eff700 (LWP 25393)]
[New Thread 0x7fffc76bd700 (LWP 25394)]
[New Thread 0x7fffc39ff700 (LWP 25395)]
[Thread 0x7fffc86bf700 (LWP 25391) exited]
[Thread 0x7fffc7ebe700 (LWP 25392) exited]
[Thread 0x7fffc76bd700 (LWP 25394) exited]
[New Thread 0x7fffc76bd700 (LWP 25396)]
[Thread 0x7fffd3eff700 (LWP 25393) exited]
[Thread 0x7fffc76bd700 (LWP 25396) exited]
[New Thread 0x7fffc76bd700 (LWP 25397)]
[Thread 0x7fffc76bd700 (LWP 25397) exited]
[New Thread 0x7fffc76bd700 (LWP 25398)]
[Thread 0x7fffc39ff700 (LWP 25395) exited]
[New Thread 0x7fffc39ff700 (LWP 25399)]
[Thread 0x7fffc76bd700 (LWP 25398) exited]
[New Thread 0x7fffc76bd700 (LWP 25400)]
[Thread 0x7fffc39ff700 (LWP 25399) exited]
[New Thread 0x7fffc39ff700 (LWP 25401)]
[Thread 0x7fffc76bd700 (LWP 25400) exited]
[New Thread 0x7fffc76bd700 (LWP 25402)]
[Thread 0x7fffc39ff700 (LWP 25401) exited]
[New Thread 0x7fffc27ff700 (LWP 25403)]
[New Thread 0x7fffc39ff700 (LWP 25404)]
[Thread 0x7fffc76bd700 (LWP 25402) exited]
[New Thread 0x7fffd3eff700 (LWP 25405)]
[New Thread 0x7fffc7ebe700 (LWP 25406)]
[Thread 0x7fffc39ff700 (LWP 25404) exited]
[Thread 0x7fffc7ebe700 (LWP 25406) exited]
[New Thread 0x7fffc7ebe700 (LWP 25407)]
[New Thread 0x7fffc39ff700 (LWP 25408)]
[New Thread 0x7fffc76bd700 (LWP 25409)]
[New Thread 0x7fffc86bf700 (LWP 25411)]
[New Thread 0x7fffbd8ff700 (LWP 25412)]
[New Thread 0x7fffbceff700 (LWP 25413)]
[New Thread 0x7fffba5f2700 (LWP 25414)]
[New Thread 0x7fffb9df1700 (LWP 25415)]
[New Thread 0x7fffb95f0700 (LWP 25416)]
[New Thread 0x7fffb3dff700 (LWP 26331)]
[New Thread 0x7fffb35fe700 (LWP 26380)]
[New Thread 0x7fffb2dfd700 (LWP 26433)]
[New Thread 0x7fffafeff700 (LWP 26575)]

Thread 1 "firefox" received signal SIGSEGV, Segmentation fault.
0x00007fffdc6d0860 in ?? ()
(gdb) bt full
#0  0x00007fffdc6d0860 in ?? ()
No symbol table info available.
#1  0x00007ffff4cc3397 in js::jit::SnapshotIterator::numAllocations (this=0x7fffffff4600) at /build/firefox-DAd6ul/firefox-48.0/js/src/jit/JitFrames.cpp:2022
No locals.
#2  js::jit::IonFrameStackDepthOp::IonFrameStackDepthOp (frame=..., this=<optimized out>) at /build/firefox-DAd6ul/firefox-48.0/js/src/jit/JitFrames.cpp:359
        si = {snapshot_ = {reader_ = {buffer_ = 0x7fffae2ecbd1 "\004", end_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004"}, allocReader_ = {buffer_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004", end_ = 0x7fffae2ecbe4 "\345\345\345\345\004"}, allocTable_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004", bailoutKind_ = js::jit::Bailout_DuringVMCall, allocRead_ = 0, recoverOffset_ = 106}, recover_ = {reader_ = {buffer_ = 0x7fffae2ecc57 "\345 p\201\255\377\177", end_ = 0x7fffae2ecc57 "\345 p\201\255\377\177"}, numInstructions_ = 1, numInstructionsRead_ = 1, resumeAfter_ = true, rawData_ = {u = {mBytes = "\250.g\366\377\177\000\000\346\000\000\000\003\000\000", mDummy = 140737327345320}}}, fp_ = 0x7fffffff4af0, machine_ = 0x7fffffff4800, ionScript_ = 0x7fffae2ec800, instructionResults_ = 0x0}
#3  js::jit::TryNoteIterIon::TryNoteIterIon (frame=..., cx=0x7fffc0f25000, this=0x7fffffff45c0) at /build/firefox-DAd6ul/firefox-48.0/js/src/jit/JitFrames.cpp:369
No locals.
#4  js::jit::HandleExceptionIon (overrecursed=0x7fffffff44af, rfe=0x7fffffff4a68, frame=..., cx=0x7fffc0f25000) at /build/firefox-DAd6ul/firefox-48.0/js/src/jit/JitFrames.cpp:416
        tni = {<js::TryNoteIter<js::jit::IonFrameStackDepthOp>> = {script_ = {<js::RootedBase<JSScript*>> = {<No data fields>}, stack = 0x7fffffff45e8, prev = 0x2a9ed50d2d2a8b00, ptr = 0x7ffff7e1cb38}, pcOffset_ = 4294919696, tn_ = 0x2, tnEnd_ = 0x7fffc0f25000, getStackDepth_ = {depth_ = 2938936744}}, <No data fields>}
        script = {<js::RootedBase<JSScript*>> = {<No data fields>}, stack = 0x7fffc0f25040, prev = 0x7fffffff47d8, ptr = 0x7fffaf879d90}
#5  js::jit::HandleException (rfe=0x7fffffff4a68) at /build/firefox-DAd6ul/firefox-48.0/js/src/jit/JitFrames.cpp:791
        frames = {frame_ = 0x7fffffff4580, start_ = {snapshot_ = {reader_ = {buffer_ = 0x7fffae2ecbd1 "\004", end_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004"}, allocReader_ = {buffer_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004", end_ = 0x7fffae2ecbe4 "\345\345\345\345\004"}, allocTable_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004", bailoutKind_ = js::jit::Bailout_DuringVMCall, allocRead_ = 0, recoverOffset_ = 106}, recover_ = {reader_ = {buffer_ = 0x7fffae2ecc57 "\345 p\201\255\377\177", end_ = 0x7fffae2ecc57 "\345 p\201\255\377\177"}, numInstructions_ = 1, numInstructionsRead_ = 1, resumeAfter_ = true, rawData_ = {u = {mBytes = "\250.g\366\377\177\000\000\346\000\000\000\003\000\000", mDummy = 140737327345320}}}, fp_ = 0x7fffffff4af0, machine_ = 0x7fffffff4800, ionScript_ = 0x7fffae2ec800, instructionResults_ = 0x0}, si_ = {snapshot_ = {reader_ = {buffer_ = 0x7fffae2ecbd1 "\004", end_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004"}, allocReader_ = {buffer_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004", end_ = 0x7fffae2ecbe4 "\345\345\345\345\004"}, allocTable_ = 0x7fffae2ecbd4 "\001\177\a\201(@( \a\200\006\001\a\240 \240\345\345\345\345\004", bailoutKind_ = js::jit::Bailout_DuringVMCall, allocRead_ = 0, recoverOffset_ = 106}, recover_ = {reader_ = {buffer_ = 0x7fffae2ecc57 "\345 p\201\255\377\177", end_ = 0x7fffae2ecc57 "\345 p\201\255\377\177"}, numInstructions_ = 1, numInstructionsRead_ = 1, resumeAfter_ = true, rawData_ = {u = {mBytes = "\250.g\366\377\177\000\000\346\000\000\000\003\000\000", mDummy = 140737327345320}}}, fp_ = 0x7fffffff4af0, machine_ = 0x7fffffff4800, ionScript_ = 0x7fffae2ec800, instructionResults_ = 0x0}, framesRead_ = 1, frameCount_ = 1, calleeTemplate_ = {<js::RootedBase<JSFunction*>> = {<No data fields>}, stack = 0x7fffc0f25030, prev = 0x7fffffff4d30, ptr = 0x7fffda0eea10}, calleeRVA_ = {mode_ = js::jit::RValueAllocation::INVALID, arg1_ = {index = 32767, stackOffset = 32767, gpr = {reg_ = 32767}, fpu = {data = 32767}, type = 255}, arg2_ = {index = 0, stackOffset = 0, gpr = {reg_ = js::jit::X86Encoding::rax}, fpu = {data = 0}, type = JSVAL_TYPE_DOUBLE}}, script_ = {<js::RootedBase<JSScript*>> = {<No data fields>}, stack = 0x7fffc0f25040, prev = 0x7fffffff53d8, ptr = 0x7fffaf879d90}, pc_ = 0x7fffafa60c32 "p\231 \200", numActualArgs_ = 12245933, machine_ = {regs_ = {mArr = {0x100, 0x101, 0x102, 0x103, 0x104, 0x105, 0x106, 0x107, 0x108, 0x109, 0x10a, 0x10b, 0x10c, 0x10d, 0x10e, 0x10f}}, fpregs_ = {mArr = {0x200, 0x201, 0x202, 0x203, 0x204, 0x205, 0x206, 0x207, 0x208, 0x209, 0x20a, 0x20b, 0x20c, 0x20d, 0x20e, 0x20f, 0x210, 0x211, 0x212, 0x213, 0x214, 0x215, 0x216, 0x217, 0x218, 0x219, 0x21a, 0x21b, 0x21c, 0x21d, 0x21e, 0x21f, 0x220, 0x221, 0x222, 0x223, 0x224, 0x225, 0x226, 0x227, 0x228, 0x229, 0x22a, 0x22b, 0x22c, 0x22d, 0x22e, 0x22f}}}}
        ionScript = 0x0
        invalidated = <optimized out>
        overrecursed = false
        current = <optimized out>
        logger = <optimized out>
        profFrameReset = {cx = 0x7fffc0f25000, rfe = 0x7fffffff4a68}
        iter = {<js::jit::JitFrameIterator> = {current_ = 0x7fffffff4af0 "\264\310b\314\377\177", type_ = js::jit::JitFrame_IonJS, returnAddressToFp_ = 0x7fffc50b9171 "H\203\304\060Ð\220\220\220\220\220\220\220I\273", frameSize_ = 56, cachedSafepointIndex_ = 0x7fffae2ec9a0, activation_ = 0x7fffffff4ce0}, stack = 0x7fffc0f25208, prev = 0x0}
#6  0x00007ffff7f10162 in ?? ()
No symbol table info available.
#7  0x00007fffc0f25030 in ?? ()
No symbol table info available.
#8  0x00007fffffff4a68 in ?? ()
No symbol table info available.
#9  0x00007fffda0eec20 in ?? ()
No symbol table info available.
#10 0x2a9ed50d2d2a8b00 in ?? ()
No symbol table info available.
#11 0xfffc7fffb68abc00 in ?? ()
No symbol table info available.
#12 0x00007ffff7f14d12 in ?? ()
No symbol table info available.
#13 0x00007fff00000000 in ?? ()
No symbol table info available.
#14 0x00007fffffff4a98 in ?? ()
No symbol table info available.
#15 0x00007fffffff4eb8 in ?? ()
No symbol table info available.
#16 0x00007ffff6867d60 in js::jit::BitNotInfo () from /usr/lib/firefox/libxul.so
No symbol table info available.
#17 0x00007ffff7e603a0 in ?? ()
No symbol table info available.
#18 0x00007fffc50b9171 in ?? ()
No symbol table info available.
#19 0x0000000000003820 in ?? ()
No symbol table info available.
#20 0xfffc7fffb6e99c00 in ?? ()
No symbol table info available.
#21 0x0000000000000000 in ?? ()
No symbol table info available.

More information about the pkg-mozilla-maintainers mailing list