Closed Bug 1684389 Opened 4 years ago Closed 4 years ago

firefox -xpcshell segfault

Categories

(Core :: Gecko Profiler, defect, P2)

Product:
Core
Component:
Gecko Profiler
Version:
Firefox 84
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
86 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox84 --- wontfix
firefox85 --- wontfix
firefox86 --- fixed

People

(Reporter: cosinusoidally, Assigned: mozbugz)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1684389 - Move profiler_init/shutdown from shared XRE_XPCShellMain to xpcshell.cpp's main - r?canaltinova
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0

Steps to reproduce:

firefox -xpcshell

Note this is on an x86_64 Ubuntu 18.04 machine. I was also able to reproduce on macos

Actual results:

Segmentation fault (core dumped)

This appears to have started in Firefox 84 due to the patch applied in bug 1673623

Full backtrace:

Thread 1 "firefox-bin" received signal SIGSEGV, Segmentation fault.
0x00005555555a8287 in mozilla::baseprofiler::profiler_init (aStackTop=0x7fffffffca57) at /home/foo/src/ff/firefox-84.0.1/mozglue/baseprofiler/core/platform.cpp:2574
2574 MOZ_RELEASE_ASSERT(!CorePS::Exists());
(gdb) bt
#0 0x00005555555a8287 in mozilla::baseprofiler::profiler_init(void*) (aStackTop=0x7fffffffca57)
at /home/foo/src/ff/firefox-84.0.1/mozglue/baseprofiler/core/platform.cpp:2574
#1 0x00007fffdd44e5e4 in XRE_XPCShellMain(int, char**, char**, XREShellData const*) (argc=1, argv=0x7fffffffdf18, envp=0x7fffffffdf30, aShellData=0x7fffffffcd88)
at /home/foo/src/ff/firefox-84.0.1/js/xpconnect/src/XPCShellImpl.cpp:1056
#2 0x00007fffe3b45b8f in mozilla::BootstrapImpl::XRE_XPCShellMain(int, char**, char**, XREShellData const*) (this=0x7ffff6a566d0, argc=1, argv=0x7fffffffdf18, envp=0x7fffffffdf30, aShellData=0x7fffffffcd88) at /home/foo/src/ff/firefox-84.0.1/toolkit/xre/Bootstrap.cpp:54
#3 0x000055555556a8ef in do_main(int, char**, char**) (argc=1, argv=0x7fffffffdf18, envp=0x7fffffffdf30)
at /home/foo/src/ff/firefox-84.0.1/browser/app/nsBrowserApp.cpp:182
#4 0x000055555556a46b in main(int, char**, char**) (argc=2, argv=0x7fffffffdf18, envp=0x7fffffffdf30)
at /home/foo/src/ff/firefox-84.0.1/browser/app/nsBrowserApp.cpp:336

Expected results:

xpcshell JavaScript repl should run eg with Firefox 83:
$ ./firefox --version
Mozilla Firefox 83.0
$ ./firefox -xpcshell
js> print("hello world");
hello world
js>

Please provide the crash ID from about:crashes :
https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report explains how to do this. When doing so, please also add the keyword "crashreportid" to the "Keywords" field of this report.

Sorry nothing appears in about:crashes . I'm no expert at this, but I assume the lack of a crash report could be something to do with starting firefox as xpcshell using the flag provided by bug 1238769 ?

https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report is giving "page not found". Has that moved to https://firefox-source-docs.mozilla.org/contributing/debugging/stacktrace_report.html ? Either way I don't see anything in about:crashes

Sorry if it wasn't clear above but the provided backtrace was generated by building a copy of firefox 84 and then running it under gdb.

It crashes in the same place with the official release binaries:

$ gdb ./firefox-bin
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./firefox-bin...(no debugging symbols found)...done.
(gdb) run -xpcshell
Starting program: /tmp/ff84/firefox/firefox-bin -xpcshell
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff69ff700 (LWP 2831)]
[Thread 0x7ffff69ff700 (LWP 2831) exited]

Thread 1 "firefox-bin" received signal SIGSEGV, Segmentation fault.
0x00005555555b81fc in mozilla::baseprofiler::profiler_init(void*) ()
(gdb) bt
#0 0x00005555555b81fc in mozilla::baseprofiler::profiler_init(void*) ()
#1 0x00007fffe52dc17b in () at /tmp/ff84/firefox/libxul.so
#2 0x00005555555b029f in _start ()
(gdb)

Simply commenting out the call to mozilla::baseprofiler::profiler_init prevents the startup crash, which implies the crash may have been introduced by bug 1673623 (though it then crashes on shutdown).

Setting a component for this issue in order to get the dev team involved.
If you feel it's an incorrect one please feel free to change it to a more appropriate one.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core

I'm not sure what the correct component would be, but I don't think it has anything to do with Gtk.

Component: Widget: Gtk → Gecko Profiler

It looks like a double call to profiler_init, I will investigate.

Assignee: nobody → gsquelart
Severity: -- → S3
Priority: -- → P2

Bug 1673623 added a call to profiler_init in XRE_XPCShellMain. This was needed to initialize the profiler when running XPCShell tests, which (I believe) start from main in xpcshell.cpp.

However, XRE_XPCShellMain may also be called from main in nsBrowserApp.cpp, which is the one called when running firefox -xpcshell, in which case we end up calling profiler_init twice.

I think the solution would be to move the profiler_init call (and associated profiler_shutdown) from this shared XRE_XPCShellMain to main in xpcshell.cpp; This would mirror the one in nsBrowserApp.cpp, and remove the nested profiler_init.

Keywords: regression
Regressed by: 1673623
Has Regression Range: --- → yes

RE_XPCShellMain is called from either nsBrowserApp.cpp's main (Firefox app) and xpcshell.cpp's main (XPCShell stand-alone app).
Since bug 1673623, XRE_XPCShellMain calls profiler_init and profiler_shutdown, as needed by some other code.
Unfortunately nsBrowserApp.cpp's main already calls profiler_init, the new calls are nested, which is not allowed and triggers an assertion when running firefox -xpcshell.

So the calls to profiler_init/shutdown are now moved out of XRE_XPCShellMain, and up into xpcshell.cpp's main; this way the Base Profiler will be properly initialized&shutdown once in both the Firefox and XPCShell apps.

Pushed by gsquelart@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/87aa6c5c8977 Move profiler_init/shutdown from shared XRE_XPCShellMain to xpcshell.cpp's main - r=canaltinova

https://hg.mozilla.org/mozilla-central/rev/87aa6c5c8977

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
status-firefox86: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch
QA Whiteboard: [qa-86b-p2]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: