Opened 6 months ago

Last modified 6 months ago

#28606 new defect

TB 8.5a4 Sig 11 core dump

Reported by: jb.1234abcd Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-crash
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Arch Linux
tor-browser-linux64-8.5a4_en-US
Full core dump file (*.lz4) is available as 115MB file on request.
Not reproducible.

$ coredumpctl gdb 3718

PID: 3718 (firefox.real)
UID: 1000 (jb)
GID: 1000 (jb)

Signal: 11 (SEGV)

Timestamp: Fri 2018-11-23 20:25:05 CET (12h ago)

Command Line: ./firefox.real --class Tor Browser -profile TorBrowser/Data/Browser/profile.default

Executable: /home/jb/tor-browser_en-US/Browser/firefox.real

Control Group: /user.slice/user-1000.slice/session-1.scope

Unit: session-1.scope

Slice: user-1000.slice

Session: 1

Owner UID: 1000 (jb)

Boot ID: 6416156c324e4cc1b4b51d51fd336068

Machine ID: e464cf23e765494294ab3515a8e2efd0

Hostname: myhost

Storage: /var/lib/systemd/coredump/core.firefox\x2ereal.1000.6416156c324e4cc1b4b51d51fd336068.3718.1543001105000000.lz4
Message: Process 3718 (firefox.real) of user 1000 dumped core.


Stack trace of thread 3718:
#0 0x00007fa50f71825f raise (libpthread.so.0)
#1 0x00007fa505b67b0f n/a (libxul.so)

GNU gdb (GDB) 8.2
...
Reading symbols from /home/jb/tor-browser_en-US/Browser/firefox.real...Reading symbols from /home/jb/tor-browser_en-US/Browser/.debug/firefox.real...done.
done.
[New LWP 3718]
[New LWP 3728]
[New LWP 3735]
[New LWP 3935]
[New LWP 3727]
[New LWP 3732]
[New LWP 3736]
[New LWP 3767]
[New LWP 3786]
[New LWP 3944]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `./firefox.real --class Tor Browser -profile TorBrowser/Data/Browser/profile.def'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fa50f71825f in raise () from /usr/lib/libpthread.so.0
[Current thread is 1 (Thread 0x7fa50f0d8b80 (LWP 3718))]
(gdb) info reg
rax 0x0 0
rbx 0xb 11
rcx 0x7fa50f71825f 140346905428575
rdx 0x0 0
rsi 0x7fffb028a160 140736148840800
rdi 0x2 2
rbp 0xb 0xb
rsp 0x7fffb028a160 0x7fffb028a160
r8 0x0 0
r9 0x7fffb028a160 140736148840800
r10 0x8 8
r11 0x246 582
r12 0x7fffb028a4f0 140736148841712
r13 0x7fffb028a3c0 140736148841408
r14 0x7fffb028a4f0 140736148841712
r15 0x7fa4f116d800 140346396170240
rip 0x7fa50f71825f 0x7fa50f71825f <raise+271>
eflags 0x246 [ PF ZF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) bt
#0 0x00007fa50f71825f in raise () at /usr/lib/libpthread.so.0
#1 0x00007fa505b67b0f in () at /home/jb/tor-browser_en-US/Browser/libxul.so
#2 0x0000000000000400 in ()
#3 0x0000000000000000 in ()
(gdb) info threads

Id Target Id Frame

  • 1 Thread 0x7fa50f0d8b80 (LWP 3718) 0x00007fa50f71825f in raise () from /usr/lib/libpthread.so.0 2 Thread 0x7fa502601700 (LWP 3728) 0x00007fa50f2f8c21 in poll () from /usr/lib/libc.so.6 3 Thread 0x7fa4fddff700 (LWP 3735) 0x00007fa50f2fe4ed in syscall () from /usr/lib/libc.so.6 4 Thread 0x7fa4fd9fd700 (LWP 3935) 0x00007fa50f2f8c21 in poll () from /usr/lib/libc.so.6 5 Thread 0x7fa5088b5700 (LWP 3727) 0x00007fa50f2f8c21 in poll () from /usr/lib/libc.so.6 6 Thread 0x7fa4feeff700 (LWP 3732) 0x00007fa50f713e5b in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0 7 Thread 0x7fa4fdbfe700 (LWP 3736) 0x00007fa50f2fe4ed in syscall () from /usr/lib/libc.so.6 8 Thread 0x7fa4f39fe700 (LWP 3767) 0x00007fa50f2f8c21 in poll () from /usr/lib/libc.so.6 9 Thread 0x7fa4caefb700 (LWP 3786) 0x00007fa50f718057 in recvmsg () from /usr/lib/libpthread.so.0 10 Thread 0x7fa4c8c4b700 (LWP 3944) 0x00007fa50f2d06a8 in nanosleep () from /usr/lib/libc.so.6

(gdb) thread apply all bt

Thread 10 (Thread 0x7fa4c8c4b700 (LWP 3944)):
#0 0x00007fa50f2d06a8 in nanosleep () at /usr/lib/libc.so.6
#1 0x00007fa50f2fbd08 in usleep () at /usr/lib/libc.so.6
#2 0x00007fa5048edd6a in js::gc::detail::GetGCThingZone (addr=<optimized out>)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/HeapAPI.h:365

#3 0x00007fa5048edd6a in JS::GetTenuredGCThingZone (thing=...) at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/HeapAPI.h:469
#4 0x00007fa5048edd6a in js::gc::IsIncrementalBarrierNeededOnTenuredGCThing (thing=...)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/HeapAPI.h:553

#5 0x00007fa5048edd6a in js::gc::ExposeGCThingToActiveJS (thing=...)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/HeapAPI.h:571

#6 0x00007fa5048edd6a in JS::ExposeObjectToActiveJS (obj=<optimized out>)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/HeapAPI.h:616

#7 0x00007fa5048edd6a in js::BarrierMethods<JSObject*>::exposeToJS(JSObject*) (obj=<optimized out>)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/RootingAPI.h:652

#8 0x00007fa5048edd6a in JS::Heap<JSObject*>::exposeToActiveJS() const (this=0xf98)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/RootingAPI.h:274

#9 0x00007fa5048edd6a in JS::Heap<JSObject*>::get() const (this=0xf98)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/RootingAPI.h:277

#10 0x00007fa5048edd6a in JS::Heap<JSObject*>::operator JSObject* const&() const (this=0xf98)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/RootingAPI.h:268

#11 0x00007fa5048edd6a in JS::ObjectPtr::operator JSObject*() const (this=0xf98)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/js/RootingAPI.h:1381

#12 0x00007fa5048edd6a in XPCWrappedNativeScope::GetGlobalJSObject() const (this=0xf68)

at /var/tmp/build/firefox-d60cb3854f94/js/xpconnect/src/xpcprivate.h:894

#13 0x00007fa5048edd6a in XPCWrappedNativeScope::AttachComponentsObject(JSContext*) (this=0xf68, aCx=0x3f)

at /var/tmp/build/firefox-d60cb3854f94/js/xpconnect/src/XPCWrappedNativeScope.cpp:211

#14 0x6237e26e84317fb1 in ()
#15 0x0000000000000000 in ()

Thread 9 (Thread 0x7fa4caefb700 (LWP 3786)):
#0 0x00007fa50f718057 in recvmsg () at /usr/lib/libpthread.so.0
#1 0x00007fa5071fb04a in nsTHashtable<nsBaseHashtableET<nsUint32HashKey, nsTArray<mozilla::Pair<char const*, nsTArray<mozilla::Pair<nsTString<char>, nsCOMPtr<nsIVariant> > > > > > >::nsTHashtable() (this=0xfffffffffffffe00)

at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/nsTHashtable.h:86

#2 0x00007fa5071fb04a in nsBaseHashtable<nsUint32HashKey, nsTArray<mozilla::Pair<char const*, nsTArray<mozilla::Pair<nsTString<char>, nsCOMPtr<nsIVariant> > > > >, nsTArray<mozilla::Pair<char const*, nsTArray<mozilla::Pair<nsTString<char>, nsCOMPtr<nsIVariant> > > > > >::nsBaseHashtable()

(this=0xfffffffffffffe00) at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/nsBaseHashtable.h:64

--Type <RET> for more, q to quit, c to continue without paging--c
#3 0x00007fa5071fb04a in nsDataHashtable<nsUint32HashKey, nsTArray<mozilla::Pair<char const*, nsTArray<mozilla::Pair<nsTString<char>, nsCOMPtr<nsIVariant> > > > > >::nsDataHashtable() (this=0xfffffffffffffe00) at /var/tmp/build/firefox-d60cb3854f94/obj-x86_64-pc-linux-gnu/dist/include/nsDataHashtable.h:33
#4 0x00007fa5071fb04a in TelemetryScalar::CreateKeyedSnapshots(unsigned int, bool, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) (aDataset=2, aClearScalars=228, aCx=0x7fa4caef5e70, optional_argc=<optimized out>, aResult=...) at /var/tmp/build/firefox-d60cb3854f94/toolkit/components/telemetry/TelemetryScalar.cpp:2286
#5 0x0000000000000000 in ()

Thread 8 (Thread 0x7fa4f39fe700 (LWP 3767)):
#0 0x00007fa50f2f8c21 in poll () at /usr/lib/libc.so.6
#1 0x00007fa4f75e2673 in () at /usr/lib/libpulse.so.0
#2 0x00007fa4f75d3990 in pa_mainloop_poll () at /usr/lib/libpulse.so.0
#3 0x00007fa4f75d3fe0 in pa_mainloop_iterate () at /usr/lib/libpulse.so.0
#4 0x00007fa4f75d4091 in pa_mainloop_run () at /usr/lib/libpulse.so.0
#5 0x00007fa4f75e25ae in () at /usr/lib/libpulse.so.0
#6 0x00007fa4f73819fc in () at /usr/lib/pulseaudio/libpulsecommon-12.2.so
#7 0x00007fa50f70da9d in start_thread () at /usr/lib/libpthread.so.0
#8 0x00007fa50f303b23 in clone () at /usr/lib/libc.so.6

Thread 7 (Thread 0x7fa4fdbfe700 (LWP 3736)):
#0 0x00007fa50f2fe4ed in syscall () at /usr/lib/libc.so.6
#1 0x00007fa5058ae73a in sh::UniformHLSL::assignUniformRegister(sh::TType const&, sh::ImmutableString const&, unsigned int*) (this=0x7fa4fdbfdb10, type=..., name=..., outRegisterCount=0x7) at /var/tmp/build/firefox-d60cb3854f94/gfx/angle/checkout/src/compiler/translator/UniformHLSL.cpp:157
#2 0x0000000000000000 in ()

Thread 6 (Thread 0x7fa4feeff700 (LWP 3732)):
#0 0x00007fa50f713e5b in pthread_cond_timedwait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1 0x00007fa50f09bb53 in PR_GetIPNodeByName (name=0x7fa501c54800 "\270\276\300\n\245\177", af=<optimized out>, flags=1000, buf=<optimized out>, bufsize=<optimized out>, hp=0xffffffff) at /var/tmp/build/firefox-d60cb3854f94/nsprpub/pr/src/misc/prnetdb.c:860
#2 0x0000000000000000 in ()

Thread 5 (Thread 0x7fa5088b5700 (LWP 3727)):
#0 0x00007fa50f2f8c21 in poll () at /usr/lib/libc.so.6
#1 0x00007fa50d7e7ee0 in () at /usr/lib/libglib-2.0.so.0
#2 0x00007fa50d7e7fce in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#3 0x00007fa50d7e8022 in () at /usr/lib/libglib-2.0.so.0
#4 0x00007fa50d7b13eb in () at /usr/lib/libglib-2.0.so.0
#5 0x00007fa50f70da9d in start_thread () at /usr/lib/libpthread.so.0
#6 0x00007fa50f303b23 in clone () at /usr/lib/libc.so.6

Thread 4 (Thread 0x7fa4fd9fd700 (LWP 3935)):
#0 0x00007fa50f2f8c21 in poll () at /usr/lib/libc.so.6
#1 0x00007fa4f75e2673 in () at /usr/lib/libpulse.so.0
#2 0x00007fa4f75d3990 in pa_mainloop_poll () at /usr/lib/libpulse.so.0
#3 0x00007fa4f75d3fe0 in pa_mainloop_iterate () at /usr/lib/libpulse.so.0
#4 0x00007fa4f75d4091 in pa_mainloop_run () at /usr/lib/libpulse.so.0
#5 0x00007fa4f75e25ae in () at /usr/lib/libpulse.so.0
#6 0x00007fa4f73819fc in () at /usr/lib/pulseaudio/libpulsecommon-12.2.so
#7 0x00007fa50f70da9d in start_thread () at /usr/lib/libpthread.so.0
#8 0x00007fa50f303b23 in clone () at /usr/lib/libc.so.6

Thread 3 (Thread 0x7fa4fddff700 (LWP 3735)):
#0 0x00007fa50f2fe4ed in syscall () at /usr/lib/libc.so.6
#1 0x00007fa5058ae73a in sh::UniformHLSL::assignUniformRegister(sh::TType const&, sh::ImmutableString const&, unsigned int*) (this=0x7fa4fddfeb10, type=..., name=..., outRegisterCount=0x7fa50ef00000) at /var/tmp/build/firefox-d60cb3854f94/gfx/angle/checkout/src/compiler/translator/UniformHLSL.cpp:157
#2 0x00007fa50615e40a in () at /home/jb/tor-browser_en-US/Browser/libxul.so
#3 0x0000000000000000 in ()

Thread 2 (Thread 0x7fa502601700 (LWP 3728)):
#0 0x00007fa50f2f8c21 in poll () at /usr/lib/libc.so.6
#1 0x00007fa50d7e7ee0 in () at /usr/lib/libglib-2.0.so.0
#2 0x00007fa50d7e8f62 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#3 0x00007fa50da7ac28 in () at /usr/lib/libgio-2.0.so.0
#4 0x00007fa50d7b13eb in () at /usr/lib/libglib-2.0.so.0
#5 0x00007fa50f70da9d in start_thread () at /usr/lib/libpthread.so.0
#6 0x00007fa50f303b23 in clone () at /usr/lib/libc.so.6

Thread 1 (Thread 0x7fa50f0d8b80 (LWP 3718)):
#0 0x00007fa50f71825f in raise () at /usr/lib/libpthread.so.0
#1 0x00007fa505b67b0f in () at /home/jb/tor-browser_en-US/Browser/libxul.so
#2 0x0000000000000400 in ()
#3 0x0000000000000000 in ()
(gdb)

Child Tickets

Change History (1)

comment:1 Changed 6 months ago by gk

Component: ApplicationsApplications/Tor Browser
Keywords: tbb-crash added
Owner: set to tbb-team
Note: See TracTickets for help on using tickets.