Date: Sun, 5 Oct 2008 16:32:56 -0700 From: Jos Backus <jos@catnook.com> To: Tim Kientzle <kientzle@freebsd.org> Cc: Andrey Chernov <ache@nagual.pp.ru>, freebsd-current@freebsd.org Subject: Re: firefox3-bin crashes near arc4random_buf() Message-ID: <20081005233256.GB8507@lizzy.catnook.local> In-Reply-To: <48E80F02.4070309@freebsd.org> References: <20081004080511.GA72641@lizzy.catnook.local> <20081004161024.GA67323@nagual.pp.ru> <20081004222249.GA48928@lizzy.catnook.local> <48E80F02.4070309@freebsd.org>
index | next in thread | previous in thread | raw e-mail
On Sat, Oct 04, 2008 at 05:49:06PM -0700, Tim Kientzle wrote:
> First, you need to share the first items in the
> backtrace, as they're more likely to be correct.
> I agree with Andrey that it looks like there's
> some stack corruption, so it's hard to trust
> anything except the first couple of entries.
Attached is a tarball containing firefox3.gdb which has the full output of
`bt'. Unfortunately it doesn't tell me very much more.
> You should also look at several independent core
> dumps and see how much the backtraces have in common.
I watched it crash a bunch more times and the backtraces are the same. That's
good, right? :-)
> It might also be worth running it under ktrace,
> forcing the crash, then sharing the last few dozen
> lines from kdump output.
Also attached is firefox3.kdump. The last few lines look like:
6855 firefox-bin RET clock_gettime 0
6855 firefox-bin CALL _umtx_op(0x8179760,0x8,0x1,0x8179740,0xbf8fdddc)
6855 firefox-bin PSIG SIGSEGV caught handler=0x28237290 mask=0x0 code=0x1
6855 firefox-bin CALL unlink(0x8179600)
6855 firefox-bin NAMI "/home/jos/.mozilla/firefox/tosfxhak.default/lock"
6855 firefox-bin RET unlink 0
6855 firefox-bin CALL sigaction(SIGSEGV,0x2978dfb4,0)
6855 firefox-bin RET sigaction 0
6855 firefox-bin CALL sigprocmask(SIG_UNBLOCK,0xbf4f906c,0)
6855 firefox-bin RET sigprocmask 0
6855 firefox-bin CALL thr_kill(0x1878c,SIGSEGV)
6855 firefox-bin RET thr_kill 0
6855 firefox-bin PSIG SIGSEGV SIG_DFL
6855 firefox-bin NAMI "firefox-bin.core"
6855 firefox-bin RET poll -1 errno 4 Interrupted system call
6855 firefox-bin RET _umtx_op -1 errno 4 Interrupted system call
6855 firefox-bin RET _umtx_op -1 errno 4 Interrupted system call
6855 firefox-bin RET _umtx_op -1 errno 60 Operation timed out
6855 firefox-bin RET _umtx_op -1 errno 4 Interrupted system call
6850 sh RET wait4 6855/0x1ac7
6850 sh CALL write(0x1,0x814e400,0x21)
6850 sh GIO fd 1 wrote 33 bytes
"Segmentation fault (core dumped)
"
6850 sh RET write 33/0x21
6850 sh CALL exit(0x8b)
6846 sh RET wait4 6850/0x1ac2
6846 sh CALL exit(0x8b)
This to me suggests that the segfault happens inside _umtx_op. Am I reading
that correctly?
Thanks for looking into this!
--
Jos Backus
jos at catnook.com
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081005233256.GB8507>