Closed Bug 1117023 Opened 10 years ago Closed 10 years ago

Firefox 34 segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980)

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Version:
34 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 680547

People

(Reporter: u209627, Unassigned)

Details

(Keywords: crash) 

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0
Build ID: 20141204230807

Steps to reproduce:

I compiled it with gcc 4.9.2 and the following options:
-march=native -O3 -pipe -floop-interchange -floop-strip-mine -floop-block

and when I ran it, I get:

Program received signal SIGSEGV, Segmentation fault.
XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980) at /home/fraga/src/mozilla/js/xpconnect/src/XPCInlines.h:59
59          CHECK_STATE(HAVE_CONTEXT);
(gdb) 
(gdb) bt
#0  XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980) at /home/fraga/src/mozilla/js/xpconnect/src/XPCInlines.h:59
#1  0x00007ffff28262a1 in operator JSContext* (this=<optimized out>) at /home/fraga/src/mozilla/js/xpconnect/src/xpcprivate.h:863
#2  CallMethodHelper::Call (this=0x7fffffff8780) at /home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:1733
#3  0x00007ffff2823a67 in XPCWrappedNative::CallMethod (ccx=..., mode=mode@entry=XPCWrappedNative::CALL_METHOD) at /home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:1698
#4  0x00007ffff282b9dd in XPC_WN_CallMethod (cx=0x7fffe66148c0, argc=<optimized out>, vp=0x7fffe321e2c0) at /home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1288
#5  0x00007ffff46f2b64 in js::CallJSNative (cx=0x7fffe66148c0, native=0x7ffff282b7e6 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, args=...)
    at /home/fraga/src/mozilla/js/src/jscntxtinlines.h:231
#6  0x00007ffff46f048f in js::Invoke (cx=0x7fffe66148c0, args=..., construct=js::NO_CONSTRUCT) at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:481
#7  0x00007ffff46eb549 in Interpret (cx=0x7fffe66148c0, state=...) at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:2563
#8  0x00007ffff46f0247 in js::RunScript (cx=cx@entry=0x7fffe66148c0, state=...) at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:428
#9  0x00007ffff46f1c8e in js::ExecuteKernel (cx=cx@entry=0x7fffe66148c0, script=..., script@entry=0x7fffd66328f8, scopeChainArg=(JSObject &) @0x7fffe3e20d20 [object Object], thisv=..., 
    type=type@entry=js::EXECUTE_GLOBAL, evalInFrame=evalInFrame@entry=..., result=0x7fffffff96c0) at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:636
#10 0x00007ffff42fbcf0 in js::ExecuteInGlobalAndReturnScope (cx=0x7fffe66148c0, global=..., global@entry=(JSObject * const) 0x7fffdff27b00 [object ContentFrameMessageManager] delegate, 
    scriptArg=..., scriptArg@entry=0x7fffd66328f8, scopeArg=..., scopeArg@entry=0x0) at /home/fraga/src/mozilla/js/src/builtin/Eval.cpp:513
#11 0x00007ffff3534710 in nsFrameScriptExecutor::LoadFrameScriptInternal (this=this@entry=0x7fffd6370770, aURL=..., aRunInGlobalScope=aRunInGlobalScope@entry=false)
    at /home/fraga/src/mozilla/content/base/src/nsFrameMessageManager.cpp:1447
#12 0x00007ffff3548fa1 in nsInProcessTabChildGlobal::LoadFrameScript (this=this@entry=0x7fffd6370720, aURL=..., aRunInGlobalScope=<optimized out>)
    at /home/fraga/src/mozilla/content/base/src/nsInProcessTabChildGlobal.cpp:354
#13 0x00007ffff3529881 in nsFrameLoader::DoLoadFrameScript (this=<optimized out>, aURL=..., aRunInGlobalScope=false) at /home/fraga/src/mozilla/content/base/src/nsFrameLoader.cpp:2175
#14 0x00007ffff35331ae in nsFrameMessageManager::LoadFrameScript (this=0x7fffd63fe340, aURL=..., aAllowDelayedLoad=aAllowDelayedLoad@entry=false, 
    aRunInGlobalScope=aRunInGlobalScope@entry=false) at /home/fraga/src/mozilla/content/base/src/nsFrameMessageManager.cpp:450
#15 0x00007ffff3533211 in nsFrameMessageManager::LoadFrameScript (this=0x7fffd63fe2a0, aURL=..., aAllowDelayedLoad=<optimized out>, aRunInGlobalScope=false)
    at /home/fraga/src/mozilla/content/base/src/nsFrameMessageManager.cpp:460
#16 0x00007ffff22fb72e in NS_InvokeByIndex (that=<optimized out>, methodIndex=<optimized out>, paramCount=<optimized out>, params=<optimized out>)
    at /home/fraga/src/mozilla/xpcom/reflect/xptcall/md/unix/xptcinvoke_x86_64_unix.cpp:164
#17 0x00007ffff2826296 in Invoke (this=0x7fffffff9ac0) at /home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:2370
#18 CallMethodHelper::Call (this=0x7fffffff9ac0) at /home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:1731
#19 0x00007ffff2823a67 in XPCWrappedNative::CallMethod (ccx=..., mode=mode@entry=XPCWrappedNative::CALL_METHOD) at /home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:1698
#20 0x00007ffff282b9dd in XPC_WN_CallMethod (cx=0x7fffe661a580, argc=<optimized out>, vp=0x7fffe321e160) at /home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1288
#21 0x00007ffff46f2b64 in js::CallJSNative (cx=0x7fffe661a580, native=0x7ffff282b7e6 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, args=...)
    at /home/fraga/src/mozilla/js/src/jscntxtinlines.h:231
#22 0x00007ffff46f048f in js::Invoke (cx=0x7fffe661a580, args=..., construct=js::NO_CONSTRUCT) at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:481
#23 0x00007ffff46eb549 in Interpret (cx=0x7fffe661a580, state=...) at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:2563
#24 0x00007ffff46f0247 in js::RunScript (cx=cx@entry=0x7fffe661a580, state=...) at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:428
#25 0x00007ffff46f0673 in js::Invoke (cx=cx@entry=0x7fffe661a580, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:500
#26 0x00007ffff46f0b84 in js::Invoke (cx=cx@entry=0x7fffe661a580, thisv=..., fval=..., argc=<optimized out>, argv=0x7fffffffb060, rval=JSVAL_VOID)
    at /home/fraga/src/mozilla/js/src/vm/Interpreter.cpp:537
#27 0x00007ffff4546b08 in JS::Call (cx=cx@entry=0x7fffe661a580, thisv=thisv@entry=$jsval((JSObject *) 0x7fffdff87080 [object Proxy]), fval=..., 
    fval@entry=$jsval((JSObject *) 0x7fffdffe91c0 [object Function "onload"]), args=..., rval=..., rval@entry=JSVAL_VOID) at /home/fraga/src/mozilla/js/src/jsapi.cpp:4994
#28 0x00007ffff2de684a in mozilla::dom::EventHandlerNonNull::Call (this=this@entry=0x7fffdf174cd0, cx=0x7fffe661a580, aThisVal=..., 
    aThisVal@entry=$jsval((JSObject *) 0x7fffdff87080 [object Proxy]), event=..., aRetVal=JSVAL_VOID, aRv=...) at /home/fraga/src/firefox/dom/bindings/EventHandlerBinding.cpp:36
#29 0x00007ffff31ca969 in mozilla::dom::EventHandlerNonNull::Call<nsISupports*> (this=this@entry=0x7fffdf174cd0, thisObjPtr=@0x7fffdf174c28: 0x7fffdfdc9000, event=..., aRetVal=..., 
    aRetVal@entry=JSVAL_VOID, aRv=..., aExceptionHandling=aExceptionHandling@entry=mozilla::dom::CallbackObject::eReportExceptions) at ../../dist/include/mozilla/dom/EventHandlerBinding.h:62
#30 0x00007ffff31ca507 in mozilla::JSEventHandler::HandleEvent (this=0x7fffdf174c10, aEvent=0x7fffd645eb80) at /home/fraga/src/mozilla/dom/events/JSEventHandler.cpp:215
#31 0x00007ffff31be31f in mozilla::EventListenerManager::HandleEventSubType (this=this@entry=0x7fffdfbfee90, aListener=<optimized out>, aListener@entry=0x7fffd6143a08, 
    aDOMEvent=0x7fffd645eb80, aCurrentTarget=aCurrentTarget@entry=0x7fffdfdc9000) at /home/fraga/src/mozilla/dom/events/EventListenerManager.cpp:948
#32 0x00007ffff31be54a in mozilla::EventListenerManager::HandleEventInternal (this=0x7fffdfbfee90, aPresContext=aPresContext@entry=0x7fffdfb17000, aEvent=aEvent@entry=0x7fffffffb918, 
    aDOMEvent=aDOMEvent@entry=0x7fffffffb800, aCurrentTarget=aCurrentTarget@entry=0x7fffdfdc9000, aEventStatus=aEventStatus@entry=0x7fffffffb808)
    at /home/fraga/src/mozilla/dom/events/EventListenerManager.cpp:1009
#33 0x00007ffff31baa6e in HandleEvent (aEventStatus=0x7fffffffb808, aCurrentTarget=0x7fffdfdc9000, aDOMEvent=0x7fffffffb800, aEvent=0x7fffffffb918, aPresContext=0x7fffdfb17000, 
    this=<optimized out>) at ../../dist/include/mozilla/EventListenerManager.h:329
#34 mozilla::EventTargetChainItem::HandleEvent (this=0x7fffe0ead008, aVisitor=..., aCd=...) at /home/fraga/src/mozilla/dom/events/EventDispatcher.cpp:203
#35 0x00007ffff31b9a01 in mozilla::EventTargetChainItem::HandleEventTargetChain (aChain=..., aVisitor=..., aCallback=aCallback@entry=0x0, aCd=...)
    at /home/fraga/src/mozilla/dom/events/EventDispatcher.cpp:293
#36 0x00007ffff31ba442 in mozilla::EventDispatcher::Dispatch (aTarget=<optimized out>, aPresContext=<optimized out>, aEvent=aEvent@entry=0x7fffffffb918, aDOMEvent=aDOMEvent@entry=0x0, 
    aEventStatus=aEventStatus@entry=0x7fffffffb8e4, aCallback=aCallback@entry=0x0, aTargets=0x0) at /home/fraga/src/mozilla/dom/events/EventDispatcher.cpp:607
#37 0x00007ffff391ba89 in nsDocumentViewer::LoadComplete (this=0x7fffe0379c60, aStatus=<optimized out>) at /home/fraga/src/mozilla/layout/base/nsDocumentViewer.cpp:1009
#38 0x00007ffff3c92ddb in nsDocShell::EndPageLoad (this=0x7fffdfb03000, aChannel=0x7fffe00fc530, aStatus=tag_nsresult::NS_OK, aProgress=<optimized out>)
    at /home/fraga/src/mozilla/docshell/base/nsDocShell.cpp:7120
#39 0x00007ffff3c93d34 in nsDocShell::OnStateChange (this=0x7fffdfb03000, aProgress=0x7fffdfb03028, aRequest=0x7fffe00fc530, aStateFlags=131088, aStatus=tag_nsresult::NS_OK)
    at /home/fraga/src/mozilla/docshell/base/nsDocShell.cpp:6938
#40 0x00007ffff29b6f0b in nsDocLoader::DoFireOnStateChange (this=0x7fffdfb03000, aProgress=aProgress@entry=0x7fffdfb03028, aRequest=aRequest@entry=0x7fffe00fc530, 
    aStateFlags=@0x7fffffffbebc: 131088, aStatus=aStatus@entry=tag_nsresult::NS_OK) at /home/fraga/src/mozilla/uriloader/base/nsDocLoader.cpp:1269
#41 0x00007ffff29b7b40 in nsDocLoader::doStopDocumentLoad (this=this@entry=0x7fffdfb03000, request=0x7fffe00fc530, aStatus=tag_nsresult::NS_OK)
    at /home/fraga/src/mozilla/uriloader/base/nsDocLoader.cpp:850
#42 0x00007ffff29b7ee5 in nsDocLoader::DocLoaderIsEmpty (this=0x7fffdfb03000, aFlushLayout=<optimized out>) at /home/fraga/src/mozilla/uriloader/base/nsDocLoader.cpp:740
#43 0x00007ffff29b87ab in nsDocLoader::OnStopRequest (this=0x7fffdfb03000, aRequest=0x7fffe03265c0, aCtxt=<optimized out>, aStatus=tag_nsresult::NS_OK)
    at /home/fraga/src/mozilla/uriloader/base/nsDocLoader.cpp:624
#44 0x00007ffff2382676 in nsLoadGroup::RemoveRequest (this=0x7fffe01e4020, request=0x7fffe03265c0, ctxt=0x0, aStatus=tag_nsresult::NS_OK)
    at /home/fraga/src/mozilla/netwerk/base/src/nsLoadGroup.cpp:689
#45 0x00007ffff347a10f in nsDocument::DoUnblockOnload (this=0x7fffe033c000) at /home/fraga/src/mozilla/content/base/src/nsDocument.cpp:8820
#46 0x00007ffff3493df7 in nsUnblockOnloadEvent::Run (this=<optimized out>) at /home/fraga/src/mozilla/content/base/src/nsDocument.cpp:8773
#47 0x00007ffff22f2b7b in nsThread::ProcessNextEvent (this=0x7fffe660c220, aMayWait=<optimized out>, aResult=0x7fffffffc2cf) at /home/fraga/src/mozilla/xpcom/threads/nsThread.cpp:823
#48 0x00007ffff230fce8 in NS_ProcessNextEvent (aThread=<optimized out>, aMayWait=aMayWait@entry=false) at /home/fraga/src/mozilla/xpcom/glue/nsThreadUtils.cpp:265
#49 0x00007ffff25813cc in mozilla::ipc::MessagePump::Run (this=0x7ffff6afaf40, aDelegate=0x7fffe661b1c0) at /home/fraga/src/mozilla/ipc/glue/MessagePump.cpp:99
#50 0x00007ffff255a6b8 in MessageLoop::RunInternal (this=this@entry=0x7fffe661b1c0) at /home/fraga/src/mozilla/ipc/chromium/src/base/message_loop.cc:234
#51 0x00007ffff255a6ea in RunHandler (this=0x7fffe661b1c0) at /home/fraga/src/mozilla/ipc/chromium/src/base/message_loop.cc:227
#52 MessageLoop::Run (this=0x7fffe661b1c0) at /home/fraga/src/mozilla/ipc/chromium/src/base/message_loop.cc:201
#53 0x00007ffff3426d51 in nsBaseAppShell::Run (this=0x7fffe56f1350) at /home/fraga/src/mozilla/widget/xpwidgets/nsBaseAppShell.cpp:164
#54 0x00007ffff3e73e3b in nsAppStartup::Run (this=0x7fffe2821060) at /home/fraga/src/mozilla/toolkit/components/startup/nsAppStartup.cpp:280
#55 0x00007ffff3eb960e in XREMain::XRE_mainRun (this=this@entry=0x7fffffffc5c0) at /home/fraga/src/mozilla/toolkit/xre/nsAppRunner.cpp:4128
#56 0x00007ffff3eb9828 in XREMain::XRE_main (this=this@entry=0x7fffffffc5c0, argc=argc@entry=1, argv=argv@entry=0x7fffffffda48, aAppData=aAppData@entry=0x7fffffffc7c0)
    at /home/fraga/src/mozilla/toolkit/xre/nsAppRunner.cpp:4201
#57 0x00007ffff3eb9a55 in XRE_main (argc=1, argv=0x7fffffffda48, aAppData=0x7fffffffc7c0, aFlags=<optimized out>) at /home/fraga/src/mozilla/toolkit/xre/nsAppRunner.cpp:4415
#58 0x0000000000403db4 in do_main (argc=argc@entry=1, argv=argv@entry=0x7fffffffda48, xreDirectory=0x7ffff6a49600) at /home/fraga/src/mozilla/browser/app/nsBrowserApp.cpp:287
#59 0x00000000004036ef in main (argc=1, argv=0x7fffffffda48) at /home/fraga/src/mozilla/browser/app/nsBrowserApp.cpp:652

Any hints?
The workaround is to compile it with:

-march=nehalem (which doesn't have AVX instruction set).

Ps: and yes, I tried with a new profile (without add-ons) and I get the same crash.
Summary: Segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980) → Firefox 34 segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980)
Component: Untriaged → XPConnect
Product: Firefox → Core
Severity: normal → critical
Keywords: crash
I reported to the GCC bugzilla also, just in case someone is interested:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

I was told it's in fact a compiler bug... who knows?
I'm marking this as RESOLVED since the following patch fixes the problem:

https://hg.mozilla.org/integration/mozilla-inbound/rev/3023f9390942
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Resolution: WORKSFORME → DUPLICATE
You need to log in before you can comment on or make changes to this bug.