[Bug 286155] [NEW] segfault in PL_DHashTableOperate

Brian J. Murrell brian at interlinx.bc.ca
Sun Oct 19 22:50:35 UTC 2008


Public bug reported:

Binary package hint: firefox

I have been seeing many firefox 3 crashes lately.  Finally decided to
hook gdb up to firefox in an effort to figure out where these crashes
are coming from.  Here's what I found:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7c416c0 (LWP 10505)]
0xb7867f94 in PL_DHashTableOperate (table=0xbf816ef8, key=0x8314a00, 
    op=PL_DHASH_ADD) at pldhash.c:588
588	pldhash.c: No such file or directory.
	in pldhash.c
(gdb) thread apply all bt

Thread 71 (Thread 0xb27ffb90 (LWP 13818)):
#0  0xb7f1d430 in __kernel_vsyscall ()
#1  0xb7d19f77 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7b79d8c in _pr_poll_with_poll (pds=0xb27ff2ec, npds=1, 
    timeout=4294967295) at ptio.c:3895
#3  0xb7b80b21 in WaitPidDaemonThread (unused=0x0) at uxproces.c:723
#4  0xb7b7e1e1 in _pt_root (arg=0xafdcd3d8) at ptthread.c:221
#5  0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#6  0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 10 (Thread 0xb1e6bb90 (LWP 10872)):
#0  0xb7f1d430 in __kernel_vsyscall ()
#1  0xb7d19f77 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7b79d8c in _pr_poll_with_poll (pds=0x82a0240, npds=1, 
    timeout=4294967295) at ptio.c:3895
#3  0xb7148a7b in nsSocketTransportService::Poll (this=0x829fd60, wait=1, 
    interval=0xb1e6b1e8) at nsSocketTransportService2.cpp:349
#4  0xb7148f70 in nsSocketTransportService::DoPollIteration (this=0x829fd60, 
    wait=1) at nsSocketTransportService2.cpp:644
#5  0xb714921a in nsSocketTransportService::OnProcessNextEvent (
    this=0x829fd60, thread=0x894e988, mayWait=1, depth=1)
    at nsSocketTransportService2.cpp:523
#6  0xb789d50e in nsThread::ProcessNextEvent (this=0x894e988, mayWait=1, 
    result=0xb1e6b294) at nsThread.cpp:497
#7  0xb786df88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1)
    at nsThreadUtils.cpp:227
#8  0xb7148c93 in nsSocketTransportService::Run (this=0x829fd60)
    at nsSocketTransportService2.cpp:565
#9  0xb789d56c in nsThread::ProcessNextEvent (this=0x894e988, mayWait=1, 
    result=0xb1e6b344) at nsThread.cpp:510
#10 0xb786df88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1)
    at nsThreadUtils.cpp:227
#11 0xb789dcd3 in nsThread::ThreadFunc (arg=0x894e988) at nsThread.cpp:253
#12 0xb7b7e1e1 in _pt_root (arg=0x9a13488) at ptthread.c:221
#13 0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#14 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 8 (Thread 0xb3ff1b90 (LWP 10818)):
#0  0xb7f1d430 in __kernel_vsyscall ()
#1  0xb7ed708b in write () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb77dbfa9 in nsAppShell::ScheduleNativeEventCallback (this=0x82d1708)
    at nsAppShell.cpp:138
#3  0xb77f1294 in nsBaseAppShell::OnDispatchedEvent (this=0x82d1708, 
    thr=0x82286b0) at nsBaseAppShell.cpp:236
#4  0xb789d396 in nsThread::PutEvent (this=0x82286b0, event=0xb56ad470)
    at nsThread.cpp:368
#5  0xb78a1f6a in nsProxyEventObject::CallMethod (this=0xa7c4e448, 
    methodIndex=<value optimized out>, methodInfo=0x8fc4ba0, params=0xb3ff110c)
    at nsProxyEventObject.cpp:238
#6  0xb78a9f04 in PrepareAndDispatch (methodIndex=<value optimized out>, 
    self=0xa7c4e468, args=<value optimized out>)
    at xptcstubs_gcc_x86_unix.cpp:95
#7  0xb76959d3 in nsUrlClassifierDBServiceWorker::GetTables (this=0x926e0f0, 
    c=0xa7c4e468) at nsUrlClassifierDBService.cpp:1756
#8  0xb78a93f9 in NS_InvokeByIndex_P ()
   from /usr/lib/xulrunner-1.9.0.3/libxul.so
#9  0xb78a1789 in nsProxyObjectCallInfo::Run (this=0xa7c4e490)
    at nsProxyEvent.cpp:181
#10 0xb789d56c in nsThread::ProcessNextEvent (this=0x8564a48, mayWait=1, 
    result=0xb3ff1344) at nsThread.cpp:510
#11 0xb786df88 in NS_ProcessNextEvent_P (thread=0xb3ff103f, mayWait=1)
    at nsThreadUtils.cpp:227
#12 0xb789dcd3 in nsThread::ThreadFunc (arg=0x8564a48) at nsThread.cpp:253
#13 0xb7b7e1e1 in _pt_root (arg=0x8b57070) at ptthread.c:221
#14 0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 5 (Thread 0xb515bb90 (LWP 10510)):
#0  0xb7f1d430 in __kernel_vsyscall ()
#1  0xb7ed43a2 in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7b76f9e in pt_TimedWait (cv=0x82283e4, ml=0x8238c38, timeout=45)
    at ptsynch.c:280
#3  0xb7b77dc0 in PR_WaitCondVar (cvar=0x82283e0, timeout=45) at ptsynch.c:407
#4  0xb78a04bc in TimerThread::Run (this=0x8238dd8) at TimerThread.cpp:345
#5  0xb789d56c in nsThread::ProcessNextEvent (this=0x8359800, mayWait=1, 
    result=0xb515b344) at nsThread.cpp:510
#6  0xb786df88 in NS_ProcessNextEvent_P (thread=0x80, mayWait=1)
    at nsThreadUtils.cpp:227
#7  0xb789dcd3 in nsThread::ThreadFunc (arg=0x8359800) at nsThread.cpp:253
#8  0xb7b7e1e1 in _pt_root (arg=0x8359a08) at ptthread.c:221
#9  0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 4 (Thread 0xb47f2b90 (LWP 10521)):
#0  0xb7f1d430 in __kernel_vsyscall ()
#1  0xb7ed4075 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7b77e39 in PR_WaitCondVar (cvar=0x8661580, timeout=4294967295)
    at ptsynch.c:405
#3  0xb76a6266 in nsSSLThread::Run (this=0x86614f8) at nsSSLThread.cpp:964
#4  0xb76a5b9a in nsPSMBackgroundThread::nsThreadRunner (arg=0x86614f8)
    at nsPSMBackgroundThread.cpp:44
#5  0xb7b7e1e1 in _pt_root (arg=0x86615c0) at ptthread.c:221
#6  0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#7  0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (Thread 0xb3785b90 (LWP 10522)):
#0  0xb7f1d430 in __kernel_vsyscall ()
#1  0xb7ed4075 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7b77e39 in PR_WaitCondVar (cvar=0x8661750, timeout=4294967295)
    at ptsynch.c:405
#3  0xb76a72fe in nsCertVerificationThread::Run (this=0x86616a0)
    at nsCertVerificationThread.cpp:138
#4  0xb76a5b9a in nsPSMBackgroundThread::nsThreadRunner (arg=0x86616a0)
    at nsPSMBackgroundThread.cpp:44
#5  0xb7b7e1e1 in _pt_root (arg=0x8661790) at ptthread.c:221
#6  0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#7  0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb7c416c0 (LWP 10505)):
#0  0xb7867f94 in PL_DHashTableOperate (table=0xbf816ef8, key=0x8314a00, 
    op=PL_DHASH_ADD) at pldhash.c:588
#1  0xb78a8304 in GCGraphBuilder::AddNode (this=0xbf816edc, s=0x8314a00, 
    aParticipant=0xb7b43c54) at nsCycleCollector.cpp:1285
#2  0xb710a76a in XPCJSRuntime::AddXPConnectRoots (this=0x82b0d08, 
    cx=0x8516338, cb=@0xbf816edc) at xpcjsruntime.cpp:428
#3  0xb70f75cf in nsXPConnect::BeginCycleCollection (this=0x82b0c70, 
    cb=@0xbf816edc) at nsXPConnect.cpp:624
#4  0xb78a874a in nsCycleCollector::BeginCollection (this=0x824e6b0)
    at nsCycleCollector.cpp:2317
#5  0xb78a87d8 in nsCycleCollector_beginCollection ()
    at nsCycleCollector.cpp:2910
#6  0xb70f76cc in XPCCycleCollectGCCallback (cx=0x8516338, 
    status=JSGC_MARK_END) at nsXPConnect.cpp:440
#7  0xb7bdfd7a in js_GC (cx=0x8516338, gckind=GC_NORMAL) at jsgc.c:3239
#8  0xb7bbc63a in JS_GC (cx=0x8516338) at jsapi.c:2469
#9  0xb70f6950 in nsXPConnect::Collect (this=0x82b0c70) at nsXPConnect.cpp:529
#10 0xb78a88fa in nsCycleCollector::Collect (this=0x824e6b0, aTryCollections=1)
    at nsCycleCollector.cpp:2250
#11 0xb78a8a39 in nsCycleCollector_collect () at nsCycleCollector.cpp:2898
#12 0xb74a3f42 in nsJSContext::CC () at nsJSEnvironment.cpp:3346
#13 0xb74a4227 in nsCCMemoryPressureObserver::Observe (this=0x8515bb0, 
    aSubject=0xb7b523b0, aTopic=0xb79f35f8 "memory-pressure", aData=0xb7a54ac8)
    at nsJSEnvironment.cpp:311
#14 0xb78779a0 in nsObserverList::NotifyObservers (this=0x86a85e8, 
    aSubject=0xb7b523b0, aTopic=0xb79f35f8 "memory-pressure", 
    someData=0xb7a54ac8) at nsObserverList.cpp:128
#15 0xb7877c6e in nsObserverService::NotifyObservers (this=0x82a0fa0, 
    aSubject=0xb7b523b0, aTopic=0xb79f35f8 "memory-pressure", 
    someData=0xb7a54ac8) at nsObserverService.cpp:181
#16 0xb78a4ed9 in nsMemoryImpl::RunFlushers (this=0xb7b523b0, 
    aReason=0xb7a54ac8) at nsMemoryImpl.cpp:253
#17 0xb78a4f1a in nsMemoryImpl::FlushEvent::Run (this=0xb7b523a8)
    at nsMemoryImpl.cpp:268
#18 0xb789d56c in nsThread::ProcessNextEvent (this=0x82286b0, mayWait=1, 
    result=0xbf81b194) at nsThread.cpp:510
#19 0xb786df88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1)
    at nsThreadUtils.cpp:227
#20 0xb77f12c4 in nsBaseAppShell::Run (this=0x82d1708)
    at nsBaseAppShell.cpp:170
#21 0xb7686ab8 in nsAppStartup::Run (this=0x83145b8) at nsAppStartup.cpp:181
#22 0xb70eb508 in XRE_main (argc=2, argv=0xbf81e8f4, aAppData=0x81b3830)
    at nsAppRunner.cpp:3194
#23 0x080491ab in ?? ()
#24 0xb7c59685 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#25 0x08048d11 in ?? ()
(gdb) 

This is using Intrepid from about a week or two ago.

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

-- 
segfault in PL_DHashTableOperate
https://bugs.launchpad.net/bugs/286155
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.




More information about the Ubuntu-mozillateam-bugs mailing list