[Bug 286366] [NEW] segfault in GCGraphBuilder::AddNode

Brian J. Murrell brian at interlinx.bc.ca
Mon Oct 20 11:41:46 UTC 2008 

Public bug reported:

Binary package hint: firefox-3.0

Firefox 3 sefaulted on me yet again.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7dd66c0 (LWP 31377)]
GCGraphBuilder::AddNode (this=0xbfaab9fc, s=0xda1d520, aParticipant=0x9253c84)
    at nsCycleCollector.cpp:1287
1287	nsCycleCollector.cpp: No such file or directory.
	in nsCycleCollector.cpp
Current language:  auto; currently c++
(gdb) where
#0  GCGraphBuilder::AddNode (this=0xbfaab9fc, s=0xda1d520, aParticipant=0x9253c84)
    at nsCycleCollector.cpp:1287
#1  0xb7a3d401 in GCGraphBuilder::NoteScriptChild (this=0xbfaab9fc, langID=2, child=0xda1d520)
    at nsCycleCollector.cpp:1237
#2  0xb728b6b0 in NoteJSChild (trc=0x1af03e10, thing=0xda1d520, kind=0) at nsXPConnect.cpp:744
#3  0xb7d73df9 in JS_CallTracer (trc=0xbfaab950, thing=0xda1d520, kind=0) at jsgc.c:2449
#4  0xb7d89ecc in js_TraceObject (trc=0xbfaab950, obj=0xda1dd60) at jsobj.c:5082
#5  0xb7d73bba in JS_TraceChildren (trc=0xbfaab950, thing=0xda1dd60, kind=0) at jsgc.c:2233
#6  0xb728b770 in nsXPConnect::Traverse (this=0x9253c70, p=0xda1dd60, cb=@0xbfaab9fc)
    at nsXPConnect.cpp:935
#7  0xb7a3cc84 in GCGraphBuilder::Traverse (this=0xbfaab9fc, aPtrInfo=0xa4d6123c)
    at nsCycleCollector.cpp:1319
#8  0xb7a3cce7 in nsCycleCollector::MarkRoots (this=0x91f16b0, builder=@0xbfaab9fc)
    at nsCycleCollector.cpp:1513
#9  0xb7a3d795 in nsCycleCollector::BeginCollection (this=0x91f16b0) at nsCycleCollector.cpp:2368
#10 0xb7a3d7d8 in nsCycleCollector_beginCollection () at nsCycleCollector.cpp:2910
#11 0xb728c6cc in XPCCycleCollectGCCallback (cx=0x94ba360, status=JSGC_MARK_END)
    at nsXPConnect.cpp:440
#12 0xb7d74d7a in js_GC (cx=0x94ba360, gckind=GC_NORMAL) at jsgc.c:3239
#13 0xb7d5163a in JS_GC (cx=0x94ba360) at jsapi.c:2469
#14 0xb728b950 in nsXPConnect::Collect (this=0x9253c70) at nsXPConnect.cpp:529
#15 0xb7a3d8fa in nsCycleCollector::Collect (this=0x91f16b0, aTryCollections=1)
    at nsCycleCollector.cpp:2250
#16 0xb7a3da39 in nsCycleCollector_collect () at nsCycleCollector.cpp:2898
#17 0xb7638f42 in nsJSContext::CC () at nsJSEnvironment.cpp:3346
#18 0xb7639012 in nsJSContext::MaybeCC (aHigherProbability=1) at nsJSEnvironment.cpp:3397
#19 0xb76393c5 in nsUserActivityObserver::Observe (this=0x94b9bd0, aSubject=0x0, 
    aTopic=0xb7ba4bcc "user-interaction-inactive", aData=0x0) at nsJSEnvironment.cpp:291
#20 0xb7a0c9a0 in nsObserverList::NotifyObservers (this=0x964c608, aSubject=0x0, 
    aTopic=0xb7ba4bcc "user-interaction-inactive", someData=0x0) at nsObserverList.cpp:128
#21 0xb7a0cc6e in nsObserverService::NotifyObservers (this=0x9243fa0, aSubject=0x0, 
    aTopic=0xb7ba4bcc "user-interaction-inactive", someData=0x0) at nsObserverService.cpp:181
#22 0xb75627e6 in nsUITimerCallback::Notify (this=0x95dc450, aTimer=0x95c1730)
    at nsEventStateManager.cpp:210
#23 0xb7a34a42 in nsTimerImpl::Fire (this=0x95c1730) at nsTimerImpl.cpp:403
#24 0xb7a34ab7 in nsTimerEvent::Run (this=0xaf6f7938) at nsTimerImpl.cpp:490
#25 0xb7a3256c in nsThread::ProcessNextEvent (this=0x91cb6b0, mayWait=1, result=0xbfaafd34)
    at nsThread.cpp:510
#26 0xb7a02f88 in NS_ProcessNextEvent_P (thread=0x1af03e10, mayWait=1) at nsThreadUtils.cpp:227
#27 0xb79862c4 in nsBaseAppShell::Run (this=0x9274708) at nsBaseAppShell.cpp:170
#28 0xb781bab8 in nsAppStartup::Run (this=0x92b7620) at nsAppStartup.cpp:181
#29 0xb7280508 in XRE_main (argc=2, argv=0xbfab3494, aAppData=0x9156830) at nsAppRunner.cpp:3194
#30 0x080491ab in ?? ()
#31 0xb7dee685 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#32 0x08048d11 in ?? ()

All threads:

(gdb) thread apply all bt

Thread 259 (Thread 0xae412b90 (LWP 27653)):
#0  0xb80b2430 in __kernel_vsyscall ()
#1  0xb80693a2 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7d0bf9e in pt_TimedWait (cv=0xa995204, ml=0xa9951a0, timeout=60000) at ptsynch.c:280
#3  0xb7d0cdc0 in PR_WaitCondVar (cvar=0xa995200, timeout=60000) at ptsynch.c:407
#4  0xb72e6d4a in nsHostResolver::GetHostToLookup (this=0xaadae90, result=0xae412378)
    at nsHostResolver.cpp:595
#5  0xb72e7412 in nsHostResolver::ThreadFunc (arg=0xaadae90) at nsHostResolver.cpp:690
#6  0xb7d131e1 in _pt_root (arg=0x18035188) at ptthread.c:221
#7  0xb806550f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8  0xb7eb97ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 9 (Thread 0xb5b12b90 (LWP 31505)):
#0  0xb80b2430 in __kernel_vsyscall ()
#1  0xb7eaef77 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7d0ed8c in _pr_poll_with_poll (pds=0x9243240, npds=1, timeout=4294967295) at ptio.c:3895
#3  0xb72dda7b in nsSocketTransportService::Poll (this=0x9242d60, wait=1, interval=0xb5b121e8)
    at nsSocketTransportService2.cpp:349
#4  0xb72ddf70 in nsSocketTransportService::DoPollIteration (this=0x9242d60, wait=1)
    at nsSocketTransportService2.cpp:644
#5  0xb72de21a in nsSocketTransportService::OnProcessNextEvent (this=0x9242d60, thread=0xa9952c8, 
    mayWait=1, depth=1) at nsSocketTransportService2.cpp:523
#6  0xb7a3250e in nsThread::ProcessNextEvent (this=0xa9952c8, mayWait=1, result=0xb5b12294)
    at nsThread.cpp:497
#7  0xb7a02f88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1) at nsThreadUtils.cpp:227
#8  0xb72ddc93 in nsSocketTransportService::Run (this=0x9242d60)
    at nsSocketTransportService2.cpp:565
#9  0xb7a3256c in nsThread::ProcessNextEvent (this=0xa9952c8, mayWait=1, result=0xb5b12344)
    at nsThread.cpp:510
#10 0xb7a02f88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1) at nsThreadUtils.cpp:227
#11 0xb7a32cd3 in nsThread::ThreadFunc (arg=0xa9952c8) at nsThread.cpp:253
#12 0xb7d131e1 in _pt_root (arg=0x9b1f060) at ptthread.c:221
#13 0xb806550f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#14 0xb7eb97ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 7 (Thread 0xb3002b90 (LWP 31480)):
#0  0xb80b2430 in __kernel_vsyscall ()
#1  0xb8069075 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7d0ce39 in PR_WaitCondVar (cvar=0x9c7ee90, timeout=4294967295) at ptsynch.c:405
#3  0xb7d0ceb7 in PR_Wait (mon=0x9594b78, timeout=4294967295) at ptsynch.c:584
#4  0xb7a31791 in nsEventQueue::GetEvent (this=0x95ba0c8, mayWait=1, result=0xb3002304)
    at ../../dist/include/xpcom/nsAutoLock.h:340
#5  0xb7a32540 in nsThread::ProcessNextEvent (this=0x95ba0a8, mayWait=1, result=0xb3002344)
    at nsThread.h:112
#6  0xb7a02f88 in NS_ProcessNextEvent_P (thread=0x80, mayWait=1) at nsThreadUtils.cpp:227
#7  0xb7a32cd3 in nsThread::ThreadFunc (arg=0x95ba0a8) at nsThread.cpp:253
#8  0xb7d131e1 in _pt_root (arg=0x95961c0) at ptthread.c:221
#9  0xb806550f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7eb97ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 5 (Thread 0xb52f0b90 (LWP 31382)):
#0  0xb80b2430 in __kernel_vsyscall ()
#1  0xb80693a2 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7d0bf9e in pt_TimedWait (cv=0x91cb3e4, ml=0x91dbc38, timeout=2328) at ptsynch.c:280
#3  0xb7d0cdc0 in PR_WaitCondVar (cvar=0x91cb3e0, timeout=2328) at ptsynch.c:407
#4  0xb7a354bc in TimerThread::Run (this=0x91dbdd8) at TimerThread.cpp:345
#5  0xb7a3256c in nsThread::ProcessNextEvent (this=0x92fc858, mayWait=1, result=0xb52f0344)
    at nsThread.cpp:510
#6  0xb7a02f88 in NS_ProcessNextEvent_P (thread=0x80, mayWait=1) at nsThreadUtils.cpp:227
#7  0xb7a32cd3 in nsThread::ThreadFunc (arg=0x92fc858) at nsThread.cpp:253
#8  0xb7d131e1 in _pt_root (arg=0x92fca60) at ptthread.c:221
#9  0xb806550f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7eb97ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 4 (Thread 0xb4987b90 (LWP 31386)):
#0  0xb80b2430 in __kernel_vsyscall ()
#1  0xb8069075 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7d0ce39 in PR_WaitCondVar (cvar=0x9605578, timeout=4294967295) at ptsynch.c:405
#3  0xb783b266 in nsSSLThread::Run (this=0x96054f0) at nsSSLThread.cpp:964
#4  0xb783ab9a in nsPSMBackgroundThread::nsThreadRunner (arg=0x96054f0)
    at nsPSMBackgroundThread.cpp:44
#5  0xb7d131e1 in _pt_root (arg=0x96055b8) at ptthread.c:221
#6  0xb806550f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#7  0xb7eb97ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (Thread 0xb391ab90 (LWP 31387)):
#0  0xb80b2430 in __kernel_vsyscall ()
#1  0xb8069075 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7d0ce39 in PR_WaitCondVar (cvar=0x9605748, timeout=4294967295) at ptsynch.c:405
#3  0xb783c2fe in nsCertVerificationThread::Run (this=0x9605698)
    at nsCertVerificationThread.cpp:138
#4  0xb783ab9a in nsPSMBackgroundThread::nsThreadRunner (arg=0x9605698)
    at nsPSMBackgroundThread.cpp:44
#5  0xb7d131e1 in _pt_root (arg=0x9605788) at ptthread.c:221
#6  0xb806550f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#7  0xb7eb97ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb7dd66c0 (LWP 31377)):
#0  GCGraphBuilder::AddNode (this=0xbfaab9fc, s=0xda1d520, aParticipant=0x9253c84)
    at nsCycleCollector.cpp:1287
#1  0xb7a3d401 in GCGraphBuilder::NoteScriptChild (this=0xbfaab9fc, langID=2, child=0xda1d520)
    at nsCycleCollector.cpp:1237
#2  0xb728b6b0 in NoteJSChild (trc=0x1af03e10, thing=0xda1d520, kind=0) at nsXPConnect.cpp:744
#3  0xb7d73df9 in JS_CallTracer (trc=0xbfaab950, thing=0xda1d520, kind=0) at jsgc.c:2449
#4  0xb7d89ecc in js_TraceObject (trc=0xbfaab950, obj=0xda1dd60) at jsobj.c:5082
#5  0xb7d73bba in JS_TraceChildren (trc=0xbfaab950, thing=0xda1dd60, kind=0) at jsgc.c:2233
#6  0xb728b770 in nsXPConnect::Traverse (this=0x9253c70, p=0xda1dd60, cb=@0xbfaab9fc)
    at nsXPConnect.cpp:935
#7  0xb7a3cc84 in GCGraphBuilder::Traverse (this=0xbfaab9fc, aPtrInfo=0xa4d6123c)
    at nsCycleCollector.cpp:1319
#8  0xb7a3cce7 in nsCycleCollector::MarkRoots (this=0x91f16b0, builder=@0xbfaab9fc)
    at nsCycleCollector.cpp:1513
#9  0xb7a3d795 in nsCycleCollector::BeginCollection (this=0x91f16b0) at nsCycleCollector.cpp:2368
#10 0xb7a3d7d8 in nsCycleCollector_beginCollection () at nsCycleCollector.cpp:2910
#11 0xb728c6cc in XPCCycleCollectGCCallback (cx=0x94ba360, status=JSGC_MARK_END)
    at nsXPConnect.cpp:440
#12 0xb7d74d7a in js_GC (cx=0x94ba360, gckind=GC_NORMAL) at jsgc.c:3239
#13 0xb7d5163a in JS_GC (cx=0x94ba360) at jsapi.c:2469
#14 0xb728b950 in nsXPConnect::Collect (this=0x9253c70) at nsXPConnect.cpp:529
#15 0xb7a3d8fa in nsCycleCollector::Collect (this=0x91f16b0, aTryCollections=1)
    at nsCycleCollector.cpp:2250
#16 0xb7a3da39 in nsCycleCollector_collect () at nsCycleCollector.cpp:2898
#17 0xb7638f42 in nsJSContext::CC () at nsJSEnvironment.cpp:3346
#18 0xb7639012 in nsJSContext::MaybeCC (aHigherProbability=1) at nsJSEnvironment.cpp:3397
#19 0xb76393c5 in nsUserActivityObserver::Observe (this=0x94b9bd0, aSubject=0x0, 
    aTopic=0xb7ba4bcc "user-interaction-inactive", aData=0x0) at nsJSEnvironment.cpp:291
#20 0xb7a0c9a0 in nsObserverList::NotifyObservers (this=0x964c608, aSubject=0x0, 
    aTopic=0xb7ba4bcc "user-interaction-inactive", someData=0x0) at nsObserverList.cpp:128
#21 0xb7a0cc6e in nsObserverService::NotifyObservers (this=0x9243fa0, aSubject=0x0, 
    aTopic=0xb7ba4bcc "user-interaction-inactive", someData=0x0) at nsObserverService.cpp:181
#22 0xb75627e6 in nsUITimerCallback::Notify (this=0x95dc450, aTimer=0x95c1730)
    at nsEventStateManager.cpp:210
#23 0xb7a34a42 in nsTimerImpl::Fire (this=0x95c1730) at nsTimerImpl.cpp:403
#24 0xb7a34ab7 in nsTimerEvent::Run (this=0xaf6f7938) at nsTimerImpl.cpp:490
#25 0xb7a3256c in nsThread::ProcessNextEvent (this=0x91cb6b0, mayWait=1, result=0xbfaafd34)
    at nsThread.cpp:510
#26 0xb7a02f88 in NS_ProcessNextEvent_P (thread=0x1af03e10, mayWait=1) at nsThreadUtils.cpp:227
#27 0xb79862c4 in nsBaseAppShell::Run (this=0x9274708) at nsBaseAppShell.cpp:170
#28 0xb781bab8 in nsAppStartup::Run (this=0x92b7620) at nsAppStartup.cpp:181
#29 0xb7280508 in XRE_main (argc=2, argv=0xbfab3494, aAppData=0x9156830) at nsAppRunner.cpp:3194
#30 0x080491ab in ?? ()
#31 0xb7dee685 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#32 0x08048d11 in ?? ()

** Affects: firefox-3.0 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
segfault in GCGraphBuilder::AddNode
https://bugs.launchpad.net/bugs/286366
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list