Bug 1375382

Summary:	segfault in bool IsMarkedInternal<JSObject>(JSObject**) ()
Product:	[Fedora] Fedora	Reporter:	Hin-Tak Leung <htl10>
Component:	icecat	Assignee:	Antonio T. (sagitter) <anto.trande>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	25	CC:	anto.trande, fedora
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	icecat-45.5.1-2.fc25 icecat-45.5.1-2.fc24 icecat-45.7.0-1.fc25 icecat-45.7.0-1.fc24	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-02-13 22:22:28 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Hin-Tak Leung 2016-09-13 00:36:58 UTC

Description of problem:
Probably related to optimization, and bug 1332926 - this is the first crash since I switched back to fedora builds yesterday - I have been using the upstream binary since July:

https://bugzilla.redhat.com/show_bug.cgi?id=1332926#c32

When I icecat crashed, I was simply opening a few tabs of koji.fedoraproject and switching to the older ones while the new one loads.

backtrace:
(gdb) bt
#0  0x00007f074d773b09 in raise (sig=11) at ../sysdeps/unix/sysv/linux/pt-raise.c:35
#1  0x00007f074a66c833 in nsProfileLock::FatalSignalHandler(int, siginfo_t*, void*) () at /usr/lib64/icecat-45.3.0/libxul.so
#2  0x00007f074af3d41d in AsmJSFaultHandler(int, siginfo_t*, void*) () at /usr/lib64/icecat-45.3.0/libxul.so
#3  0x00007f074d773c30 in <signal handler called> () at /lib64/libpthread.so.0
#4  0x00007f074ae9bf74 in bool IsMarkedInternal<JSObject>(JSObject**) () at /usr/lib64/icecat-45.3.0/libxul.so
#5  0x00007f074aea95f2 in bool js::gc::IsMarked<JSObject*>(js::WriteBarrieredBase<JSObject*>*) () at /usr/lib64/icecat-45.3.0/libxul.so
#6  0x00007f074acc2287 in js::WeakMap<js::RelocatablePtr<JSObject*>, js::RelocatablePtr<JS::Value>, js::MovableCellHasher<js::RelocatablePtr<JSObject*> > >::traceEntries(JSTracer*) () at /usr/lib64/icecat-45.3.0/libxul.so
#7  0x00007f074ae9d461 in js::GCMarker::enterWeakMarkingMode() () at /usr/lib64/icecat-45.3.0/libxul.so
#8  0x00007f074acebbde in void js::gc::GCRuntime::markWeakReferences<js::gc::GCZoneGroupIter>(js::gcstats::Phase) ()
    at /usr/lib64/icecat-45.3.0/libxul.so
#9  0x00007f074acd287b in js::gc::GCRuntime::endMarkingZoneGroup() () at /usr/lib64/icecat-45.3.0/libxul.so
#10 0x00007f074ace19e3 in js::gc::GCRuntime::beginSweepPhase(bool) () at /usr/lib64/icecat-45.3.0/libxul.so
#11 0x00007f074ace8605 in js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason) ()
    at /usr/lib64/icecat-45.3.0/libxul.so
#12 0x00007f074ace9357 in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason) () at /usr/lib64/icecat-45.3.0/libxul.so
#13 0x00007f074ace96fb in js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason) () at /usr/lib64/icecat-45.3.0/libxul.so
#14 0x00007f074ace9c6f in js::gc::GCRuntime::finishGC(JS::gcreason::Reason) () at /usr/lib64/icecat-45.3.0/libxul.so
#15 0x00007f074ace9c8f in JS::FinishIncrementalGC(JSRuntime*, JS::gcreason::Reason) () at /usr/lib64/icecat-45.3.0/libxul.so
#16 0x00007f0748e51328 in FinishAnyIncrementalGC() () at /usr/lib64/icecat-45.3.0/libxul.so
#17 0x00007f0748e513c6 in FireForgetSkippable(unsigned int, bool) () at /usr/lib64/icecat-45.3.0/libxul.so
#18 0x00007f0748e5dd37 in CCTimerFired(nsITimer*, void*) () at /usr/lib64/icecat-45.3.0/libxul.so
#19 0x00007f07481d62e0 in nsTimerImpl::Fire() () at /usr/lib64/icecat-45.3.0/libxul.so
#20 0x00007f07481c5d0a in nsTimerEvent::Run() () at /usr/lib64/icecat-45.3.0/libxul.so
#21 0x00007f07481cd242 in nsThread::ProcessNextEvent(bool, bool*) () at /usr/lib64/icecat-45.3.0/libxul.so
#22 0x00007f07481f1faa in NS_ProcessNextEvent(nsIThread*, bool) () at /usr/lib64/icecat-45.3.0/libxul.so
#23 0x00007f07484790da in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) () at /usr/lib64/icecat-45.3.0/libxul.so
#24 0x00007f074844d4ff in MessageLoop::RunInternal() () at /usr/lib64/icecat-45.3.0/libxul.so
#25 0x00007f074844d795 in MessageLoop::Run() () at /usr/lib64/icecat-45.3.0/libxul.so
---Type <return> to continue, or q <return> to quit---
#26 0x00007f0749e0dca7 in nsBaseAppShell::Run() () at /usr/lib64/icecat-45.3.0/libxul.so
#27 0x00007f074a62bf4b in nsAppStartup::Run() () at /usr/lib64/icecat-45.3.0/libxul.so
#28 0x00007f074a674f48 in XREMain::XRE_mainRun() () at /usr/lib64/icecat-45.3.0/libxul.so
#29 0x00007f074a67580b in XREMain::XRE_main(int, char**, nsXREAppData const*) () at /usr/lib64/icecat-45.3.0/libxul.so
#30 0x00007f074a675b1c in XRE_main () at /usr/lib64/icecat-45.3.0/libxul.so
#31 0x000055fb276944cc in do_main(int, char**, nsIFile*) ()
#32 0x000055fb276945a5 in main ()
(gdb) quit

Version-Release number of selected component (if applicable):
icecat-45.3.0-0.5.beta.fc24.x86_64


How reproducible:
It eventually crashes after days of usage. (20 hours-ish up this time).

Steps to Reproduce:
1. Normal usage
2.
3.

Actual results:
Crash


Expected results:
Don't crash

Additional info:
I tried "downgrading" to icecat-45.3.0-0.5.beta.fc23.x86_64 , but got this:

Error: nothing provides libicudata.so.54()(64bit) needed by icecat-45.3.0-0.5.beta.fc23.x86_64

fc24 ships libicudata.so.56.

Comment 1 Hin-Tak Leung 2016-09-24 09:38:18 UTC

I have a crash on shutdown with the upsteam binary.

Occasionally I get such a crash (i.e. a crash on shutdown) with fedora firefox also. It happens for maybe every other shutdown - ie. half of the time. Often enough, but not every time.


(gdb) bt
#0  0x00007f5b73a3fb09 in raise (sig=11) at ../sysdeps/unix/sysv/linux/pt-raise.c:35
#1  0x00007f5b6ec000c4 in  () at /home/hintak/icecat/libxul.so
#2  0x00007f5b6f683e19 in  () at /home/hintak/icecat/libxul.so
#3  0x00007f5b73a3fc30 in <signal handler called> () at /lib64/libpthread.so.0
#4  0x00007f5b6ebfc061 in  () at /home/hintak/icecat/libxul.so
#5  0x00007f5b726e9408 in  () at /home/hintak/icecat/libnspr4.so
#6  0x00007f5b73a365ca in start_thread (arg=0x7f5a763ff700) at pthread_create.c:333
#7  0x00007f5b72cc3f6d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb)

Comment 2 Fedora Update System 2016-12-02 17:37:11 UTC

icecat-45.5.1-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-43f0b39ed4

Comment 3 Fedora Update System 2016-12-02 17:37:29 UTC

icecat-45.5.1-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0d0f4ed1e

Comment 4 Fedora Update System 2016-12-03 04:38:00 UTC

icecat-45.5.1-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-43f0b39ed4

Comment 5 Fedora Update System 2016-12-03 05:43:37 UTC

icecat-45.5.1-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0d0f4ed1e

Comment 6 Hin-Tak Leung 2016-12-05 18:40:20 UTC

Still crashes on shutdown with icecat-45.5.1-2.fc25:

(gdb) bt
#0  0x00007f149521548f in raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:58
#1  0x00007f149214949b in nsProfileLock::FatalSignalHandler(int, siginfo_t*, void*) () at /usr/lib64/icecat-45.5.1/libxul.so
#2  0x00007f1492a16243 in AsmJSFaultHandler(int, siginfo_t*, void*) () at /usr/lib64/icecat-45.5.1/libxul.so
#3  0x00007f14952155c0 in <signal handler called> () at /lib64/libpthread.so.0
#4  0x00007f1492143521 in mozilla::(anonymous namespace)::RunWatchdog(void*) () at /usr/lib64/icecat-45.5.1/libxul.so
#5  0x00007f148c7645bc in _pt_root () at /lib64/libnspr4.so
#6  0x00007f149520b6ca in start_thread (arg=0x7f1398dff700) at pthread_create.c:333
#7  0x00007f1494499f6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
(gdb)

Comment 7 Hin-Tak Leung 2016-12-09 23:17:56 UTC

icecat-45.5.1-2.fc25.x86_64 crashed while I tried to open a new tab (to http://mail.yahoo.com if that's important):

(gdb) bt
#0  0x00007f68a396b48f in raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:58
#1  0x00007f68a084949b in nsProfileLock::FatalSignalHandler(int, siginfo_t*, void*) () at /usr/lib64/icecat-45.5.1/libxul.so
#2  0x00007f68a1116243 in AsmJSFaultHandler(int, siginfo_t*, void*) () at /usr/lib64/icecat-45.5.1/libxul.so
#3  0x00007f68a396b5c0 in <signal handler called> () at /lib64/libpthread.so.0
#4  0x00007f68a2c3a480 in __memcpy_ssse3 () at ../sysdeps/x86_64/multiarch/memcpy-ssse3.S:130
#5  0x00007f68a1001cdb in js::SCOutput::writeChars(char16_t const*, unsigned long) () at /usr/lib64/icecat-45.5.1/libxul.so
#6  0x00007f68a1001d99 in JSStructuredCloneWriter::writeString(unsigned int, JSString*) () at /usr/lib64/icecat-45.5.1/libxul.so
#7  0x00007f68a101a176 in JSStructuredCloneWriter::startWrite(JS::Handle<JS::Value>) () at /usr/lib64/icecat-45.5.1/libxul.so
#8  0x00007f68a101aecd in JSStructuredCloneWriter::write(JS::Handle<JS::Value>) () at /usr/lib64/icecat-45.5.1/libxul.so
#9  0x00007f68a101b597 in WriteStructuredClone(JSContext*, JS::Handle<JS::Value>, unsigned long**, unsigned long*, JSStructuredCloneCallbacks c
onst*, void*, JS::Value) () at /usr/lib64/icecat-45.5.1/libxul.so
#10 0x00007f68a101b606 in JS_WriteStructuredClone(JSContext*, JS::Handle<JS::Value>, unsigned long**, unsigned long*, JSStructuredCloneCallback
s const*, void*, JS::Handle<JS::Value>) () at /usr/lib64/icecat-45.5.1/libxul.so
#11 0x00007f68a101b663 in JSAutoStructuredCloneBuffer::write(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JSStructuredCloneCallbac
ks const*, void*) () at /usr/lib64/icecat-45.5.1/libxul.so
#12 0x00007f689ef99c38 in mozilla::dom::StructuredCloneHolderBase::Write(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>) ()
    at /usr/lib64/icecat-45.5.1/libxul.so
#13 0x00007f689ef99d2d in mozilla::dom::StructuredCloneHolder::Write(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, mozilla::ErrorRe
sult&) () at /usr/lib64/icecat-45.5.1/libxul.so
#14 0x00007f689fe6bd9f in mozilla::dom::workers::WorkerPrivate::PostMessageToParentInternal(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Op
tional<mozilla::dom::Sequence<JS::Value> > const&, mozilla::ErrorResult&) () at /usr/lib64/icecat-45.5.1/libxul.so
#15 0x00007f689fe6bfe0 in mozilla::dom::workers::DedicatedWorkerGlobalScope::PostMessage(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Optio
nal<mozilla::dom::Sequence<JS::Value> > const&, mozilla::ErrorResult&) () at /usr/lib64/icecat-45.5.1/libxul.so
#16 0x00007f689f747d95 in mozilla::dom::DedicatedWorkerGlobalScopeBinding_workers::postMessage(JSContext*, JS::Handle<JSObject*>, mozilla::dom:
:workers::DedicatedWorkerGlobalScope*, JSJitMethodCallArgs const&) () at /usr/lib64/icecat-45.5.1/libxul.so
#17 0x00007f689f7148ca in mozilla::dom::DedicatedWorkerGlobalScopeBinding_workers::genericMethod(JSContext*, unsigned int, JS::Value*) ()
    at /usr/lib64/icecat-45.5.1/libxul.so
#18 0x00007f68a0fac734 in js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) () at /usr/lib64/icecat-45.5.1/libxul.so
#19 0x00007f68a0fa6767 in Interpret(JSContext*, js::RunState&) () at /usr/lib64/icecat-45.5.1/libxul.so
#20 0x00007f68a0fac4c4 in js::RunScript(JSContext*, js::RunState&) () at /usr/lib64/icecat-45.5.1/libxul.so
#21 0x00007f68a0fac8b9 in js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) () at /usr/lib64/icecat-45.5.1/libxul.so
---Type <return> to continue, or q <return> to quit---
#22 0x00007f68a0fad008 in js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Valu
e>) () at /usr/lib64/icecat-45.5.1/libxul.so
#23 0x00007f68a0e841c7 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS:
:Value>) () at /usr/lib64/icecat-45.5.1/libxul.so
#24 0x00007f689f798e20 in mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS
::Value>, mozilla::ErrorResult&) () at /usr/lib64/icecat-45.5.1/libxul.so
#25 0x00007f689f9d8628 in mozilla::JSEventHandler::HandleEvent(nsIDOMEvent*) () at /usr/lib64/icecat-45.5.1/libxul.so
#26 0x00007f689f9d9e45 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::do
m::EventTarget*) () at /usr/lib64/icecat-45.5.1/libxul.so
#27 0x00007f689f9d9fe4 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom
::EventTarget*, nsEventStatus*) () at /usr/lib64/icecat-45.5.1/libxul.so
#28 0x00007f689f9bd8e2 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPo
stVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) () at /usr/lib64/icecat-45.5.1/libxul.so
#29 0x00007f689f9c2024 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*,
 mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) () at /usr/lib64/icecat-45.5.1/libxul.so
#30 0x00007f689f9c2640 in mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, nsIDOMEvent*, nsPresContext*, nsEvent
Status*) () at /usr/lib64/icecat-45.5.1/libxul.so
#31 0x00007f689f9c274f in mozilla::DOMEventTargetHelper::DispatchDOMEvent(mozilla::WidgetEvent*, nsIDOMEvent*, nsPresContext*, nsEventStatus*) 
() at /usr/lib64/icecat-45.5.1/libxul.so
#32 0x00007f689fe8c87a in (anonymous namespace)::MessageEventRunnable::DispatchDOMEvent(JSContext*, mozilla::dom::workers::WorkerPrivate*, mozi
lla::DOMEventTargetHelper*, bool) () at /usr/lib64/icecat-45.5.1/libxul.so
#33 0x00007f689fe8cf0e in (anonymous namespace)::MessageEventRunnable::WorkerRun(JSContext*, mozilla::dom::workers::WorkerPrivate*) ()
    at /usr/lib64/icecat-45.5.1/libxul.so
#34 0x00007f689fe6b09f in mozilla::dom::workers::WorkerRunnable::Run() () at /usr/lib64/icecat-45.5.1/libxul.so
#35 0x00007f689e3a5338 in nsThread::ProcessNextEvent(bool, bool*) () at /usr/lib64/icecat-45.5.1/libxul.so
#36 0x00007f689e3ca0a0 in NS_ProcessNextEvent(nsIThread*, bool) () at /usr/lib64/icecat-45.5.1/libxul.so
#37 0x00007f689fe82b90 in mozilla::dom::workers::WorkerPrivate::DoRunLoop(JSContext*) () at /usr/lib64/icecat-45.5.1/libxul.so
#38 0x00007f689fe43ced in (anonymous namespace)::WorkerThreadPrimaryRunnable::Run() () at /usr/lib64/icecat-45.5.1/libxul.so
#39 0x00007f689e3a5338 in nsThread::ProcessNextEvent(bool, bool*) () at /usr/lib64/icecat-45.5.1/libxul.so
#40 0x00007f689e3ca0a0 in NS_ProcessNextEvent(nsIThread*, bool) () at /usr/lib64/icecat-45.5.1/libxul.so
#41 0x00007f689e651273 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ()
---Type <return> to continue, or q <return> to quit---
    at /usr/lib64/icecat-45.5.1/libxul.so
#42 0x00007f689e62555d in MessageLoop::RunInternal() () at /usr/lib64/icecat-45.5.1/libxul.so
#43 0x00007f689e6257f3 in MessageLoop::Run() () at /usr/lib64/icecat-45.5.1/libxul.so
#44 0x00007f689e3a2068 in nsThread::ThreadFunc(void*) () at /usr/lib64/icecat-45.5.1/libxul.so
#45 0x00007f689ae645bc in _pt_root () at /lib64/libnspr4.so
#46 0x00007f68a39616ca in start_thread (arg=0x7f685f1ff700) at pthread_create.c:333
#47 0x00007f68a2beff6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
(gdb)

Comment 8 Fedora Update System 2016-12-11 19:27:01 UTC

icecat-45.5.1-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Hin-Tak Leung 2016-12-11 21:14:17 UTC

WTF. Already noted in comment 6 and 7 the then testing upgrade does not fix the issue.

Comment 10 Fedora Update System 2016-12-11 21:54:02 UTC

icecat-45.5.1-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Hin-Tak Leung 2016-12-11 22:22:22 UTC

sigh. WTF. see comment 6, 7, 9.

Comment 12 Fedora Update System 2017-02-05 16:29:49 UTC

icecat-45.7.0-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-60c0fbe111

Comment 13 Fedora Update System 2017-02-05 16:30:00 UTC

icecat-45.7.0-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1df7625d7

Comment 14 Fedora Update System 2017-02-05 21:20:56 UTC

icecat-45.7.0-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1df7625d7

Comment 15 Fedora Update System 2017-02-05 22:20:06 UTC

icecat-45.7.0-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-60c0fbe111

Comment 16 Fedora Update System 2017-02-13 22:22:28 UTC

icecat-45.7.0-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2017-02-13 22:47:53 UTC

icecat-45.7.0-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2017-02-14 15:49:02 UTC

icecat-45.7.0-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.