Re: firefox3-bin crashes near arc4random_buf()

From: Jos Backus <jos_at_catnook.com> Date: Sun, 5 Oct 2008 16:32:56 -0700 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:36 UTC

On Sat, Oct 04, 2008 at 05:49:06PM -0700, Tim Kientzle wrote:
> First, you need to share the first items in the
> backtrace, as they're more likely to be correct.
> I agree with Andrey that it looks like there's
> some stack corruption, so it's hard to trust
> anything except the first couple of entries.

Attached is a tarball containing firefox3.gdb which has the full output of
`bt'. Unfortunately it doesn't tell me very much more.

> You should also look at several independent core
> dumps and see how much the backtraces have in common.

I watched it crash a bunch more times and the backtraces are the same. That's
good, right? :-)

> It might also be worth running it under ktrace,
> forcing the crash, then sharing the last few dozen
> lines from kdump output.

Also attached is firefox3.kdump. The last few lines look like:

  6855 firefox-bin RET   clock_gettime 0
  6855 firefox-bin CALL  _umtx_op(0x8179760,0x8,0x1,0x8179740,0xbf8fdddc)
  6855 firefox-bin PSIG  SIGSEGV caught handler=0x28237290 mask=0x0 code=0x1
  6855 firefox-bin CALL  unlink(0x8179600)
  6855 firefox-bin NAMI  "/home/jos/.mozilla/firefox/tosfxhak.default/lock"
  6855 firefox-bin RET   unlink 0
  6855 firefox-bin CALL  sigaction(SIGSEGV,0x2978dfb4,0)
  6855 firefox-bin RET   sigaction 0
  6855 firefox-bin CALL  sigprocmask(SIG_UNBLOCK,0xbf4f906c,0)
  6855 firefox-bin RET   sigprocmask 0
  6855 firefox-bin CALL  thr_kill(0x1878c,SIGSEGV)
  6855 firefox-bin RET   thr_kill 0
  6855 firefox-bin PSIG  SIGSEGV SIG_DFL
  6855 firefox-bin NAMI  "firefox-bin.core"
  6855 firefox-bin RET   poll -1 errno 4 Interrupted system call
  6855 firefox-bin RET   _umtx_op -1 errno 4 Interrupted system call
  6855 firefox-bin RET   _umtx_op -1 errno 4 Interrupted system call
  6855 firefox-bin RET   _umtx_op -1 errno 60 Operation timed out
  6855 firefox-bin RET   _umtx_op -1 errno 4 Interrupted system call
  6850 sh       RET   wait4 6855/0x1ac7
  6850 sh       CALL  write(0x1,0x814e400,0x21)
  6850 sh       GIO   fd 1 wrote 33 bytes
       "Segmentation fault (core dumped)
       "
  6850 sh       RET   write 33/0x21
  6850 sh       CALL  exit(0x8b)
  6846 sh       RET   wait4 6850/0x1ac2
  6846 sh       CALL  exit(0x8b)

This to me suggests that the segfault happens inside _umtx_op. Am I reading
that correctly?

Thanks for looking into this!

-- 
Jos Backus
jos at catnook.com