Debugging continues. I think we found either a memory corruption or race
condition within fontconfig. When the following patch
(http://paste.ubuntu.com/203007/) was applied to fontconfig in an
attempt to try and find why FcPatternBuild was returning 0x0, the
backtrace changed dramatically. Here's the new backtrace, but there is
no telling if this segfault is valid if we have a possible memory
corruption issue on fontconfig.
(gdb) r
Starting program:
/home/mcasadevall/src/thunderbird-2.0.0.22+build1+nobinonly/build-tree/mozilla/dist/bin/thunderbird-bin
[Thread debugging using libthread_db enabled]
[New Thread 0x412365f0 (LWP 24364)]
Type Manifest File:
/home/mcasadevall/.mozilla-thunderbird/am3ei364.default/xpti.dat
*** Registering Apprunner components (all right -- a generic module!)
nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: autoregistering succeeded
nsNativeComponentLoader: registering deferred (0)
pldhash: for the table at address 0xb45e0, the given entrySize of 44 probably
favors chaining over double hashing.
[New Thread 0x42291430 (LWP 24365)]
[New Thread 0x435bf430 (LWP 24367)]
GFX: dpi=96 t2p=0.0666667 p2t=15 depth=24
++WEBSHELL == 1
[New Thread 0x4479c430 (LWP 24368)]
++DOMWINDOW == 1
Returning 3477808
++DOMWINDOW == 2
###!!! ASSERTION: id differs from id in atom table!: 'd_val == idval', file
xpcwrappednativejsops.cpp, line 1046
Break: at file xpcwrappednativejsops.cpp, line 1046
###!!! ASSERTION: Can't get globalObject.Object.prototype: 'Error', file
xpcwrappednativescope.cpp, line 200
Break: at file xpcwrappednativescope.cpp, line 200
###!!! ASSERTION: Can't get globalObject.Function.prototype: 'Error', file
xpcwrappednativescope.cpp, line 212
Break: at file xpcwrappednativescope.cpp, line 212
###!!! ASSERTION: XPConnect is being called on a scope without a 'Components'
property!
This is pretty much always bad. It usually means that native code is
making a callback to an interface implemented in JavaScript, but the
document where the JS object was created has already been cleared and the
global properties of that document's window are *gone*. Generally this
indicates a problem that should be addressed in the design and use of the
callback code.
: 'Error', file xpcwrappednativescope.cpp, line 574
Break: at file xpcwrappednativescope.cpp, line 574
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x412365f0 (LWP 24364)]
0x40033e04 in JS_GetClass (cx=0x2e6eb0, obj=0x0) at jsapi.c:2288
2288 JSVAL_TO_PRIVATE(GC_AWARE_GET_SLOT(cx, obj, JSSLOT_CLASS));
(gdb) bt full
#0 0x40033e04 in JS_GetClass (cx=0x2e6eb0, obj=0x0) at jsapi.c:2288
No locals.
#1 0x43c0a23c in nsDOMClassInfo::PostCreate (this=0x31ecc0, wrapper=0x45c550,
cx=0x2e6eb0, obj=0x455508) at nsDOMClassInfo.cpp:3229
proto_proto = (JSObject *) 0x0
val = 4572496
sSupportsIID = (const nsIID *) 0x43d27f14
proto = (JSObject *) Cannot access memory at address 0xfffffff8
(gdb) bt
#0 0x40033e04 in JS_GetClass (cx=0x2e6eb0, obj=0x0) at jsapi.c:2288
#1 0x43c0a23c in nsDOMClassInfo::PostCreate (this=0x31ecc0, wrapper=0x45c550,
cx=0x2e6eb0, obj=0x455508) at nsDOMClassInfo.cpp:3229
#2 0x418c7250 in XPCWrappedNative::GetNewOrUsed (ccx=<value optimized out>,
Object=<value optimized out>, Scope=<value optimized out>, Interface=0x16c510,
isGlobal=4533528, resultWrapper=0xbeeabac8) at xpcwrappednative.cpp:466
#3 0x418a6d74 in XPCConvert::NativeInterface2JSObject (c...@0xbeeabb20,
dest=0xbeeabbc8, src=0x452e0c, iid=0x43d27f14, scope=0xbeeabbb4,
allowNativeWrapper=0, isGlobal=1, pErr=0xbeeabbc4) at xpcconvert.cpp:1078
#4 0x4188d720 in nsXPConnect::InitClassesWithNewWrappedGlobal (this=<value
optimized out>, aJSContext=0x2e6eb0, aCOMObj=0x452e0c, aIID=<value optimized
out>, aFlags=3203054828, _retval=0x43bec6d4) at nsXPConnect.cpp:534
#5 0x43bec6d4 in nsGlobalWindow::SetNewDocument (this=0x2e6200,
aDocument=0x33d2b0, aState=0x0, aRemoveEventListeners=<value optimized out>,
aClearScopeHint=1, aIsInternalCall=1136576800) at nsGlobalWindow.cpp:1199
#6 0x43bec920 in nsGlobalWindow::SetNewDocument (this=0x2e6eb0, aDocument=0x0,
aState=0x4, aRemoveEventListeners=4575348, aClearScopeHint=1) at
nsGlobalWindow.cpp:918
#7 0x4386b38c in DocumentViewerImpl::InitInternal (this=0x343b10,
aParentWidget=<value optimized out>, aState=<value optimized out>,
aDeviceContext=<value optimized out>, aboun...@0xbeeabf54, aDoCreation=1,
aInPrintPreview=-1091911852) at nsDocumentViewer.cpp:854
#8 0x4386bbbc in DocumentViewerImpl::Init (this=0x2e6eb0, aParentWidget=0x0,
aDeviceContext=0x4386bbbc, aBounds=<value optimized out>) at
nsDocumentViewer.cpp:637
#9 0x424920d8 in nsDocShell::SetupNewViewer (this=0x2624a0, aNewViewer=<value
optimized out>) at nsDocShell.cpp:6155
#10 0x4248afc4 in nsDocShell::Embed (this=0x2624a0, aContentViewer=0x343b10,
aCommand=<value optimized out>, aExtraInfo=<value optimized out>) at
nsDocShell.cpp:4660
#11 0x42494760 in nsDocShell::CreateAboutBlankContentViewer (this=0x2624a0) at
nsDocShell.cpp:5065
#12 0x424950dc in nsDocShell::EnsureContentViewer (this=0x2624a0) at
nsDocShell.cpp:4944
#13 0x4249d744 in nsDocShell::GetInterface (this=0x2624a0, ai...@0x43d2f760,
aSink=0xbeeac188) at nsDocShell.cpp:428
#14 0x401455b4 in nsGetInterface::operator() (this=0xbeeac1a4,
ai...@0x43d2f760, aInstancePtr=0xbeeac188) at nsIInterfaceRequestorUtils.cpp:53
#15 0x439c9320 in nsCOMPtr<nsIDOMDocument>::assign_from_helper
(this=0xbeeac1b0, helper=<value optimized out>, aIID=<value optimized out>) at
../../../dist/include/xpcom/nsCOMPtr.h:1292
#16 0x439ca1b8 in nsCOMPtr (this=0xbeeac1b0, help...@0xbeeac1a4) at
../../../dist/include/xpcom/nsCOMPtr.h:694
#17 0x43bd4bc8 in nsGlobalWindow::GetDocument (this=<value optimized out>,
aDocument=0xbeeac1d4) at nsGlobalWindow.cpp:1970
#18 0x42d38ac4 in nsWindowWatcher::URIfromURL (aURL=0x33cbc0
"chrome://messenger/content/", aParent=<value optimized out>, aURI=0xbeeac518)
at nsWindowWatcher.cpp:1329
#19 0x42d392a4 in nsWindowWatcher::OpenWindowJSInternal (this=<value optimized
out>, aParent=0x0, aUrl=0x33cbc0 "chrome://messenger/content/", aName=0x33cbf8
"_blank", aFeatures=0x33d160 "chrome,dialog=no,all", aDialog=1, argc=1,
argv=0x3407a4, aCalledFromJS=0, _retval=0x3407a4) at nsWindowWatcher.cpp:577
#20 0x42d3a914 in nsWindowWatcher::OpenWindow (this=0x159038, aParent=0x0,
aUrl=0x33cbc0 "chrome://messenger/content/", aName=0x33cbf8 "_blank",
aFeatures=0x33d160 "chrome,dialog=no,all", aArguments=0x401ca2f4,
_retval=0xbeeac730) at nsWindowWatcher.cpp:478
#21 0x401ca2f4 in XPTC_InvokeByIndex (that=<value optimized out>,
methodIndex=0, paramCount=4, params=0x45d074) at xptcinvoke_arm.cpp:217
#22 0xbeeac784 in ?? ()
Cannot access memory at address 0x0
(gdb) thread apply all bt
Thread 4 (Thread 0x4479c430 (LWP 24368)):
#0 0x402a35d8 in pthread_cond_timedwait@@GLIBC_2.4 () from
/lib/vfp/libpthread.so.0
#1 0x402782d4 in ?? () from /usr/lib/libnspr4.so
#2 0x40278dd8 in PR_WaitCondVar () from /usr/lib/libnspr4.so
#3 0x41976948 in nsIOThreadPool::ThreadFunc (arg=<value optimized out>) at
nsIOThreadPool.cpp:254
#4 0x4027e58c in ?? () from /usr/lib/libnspr4.so
#5 0x4029e30c in start_thread () from /lib/vfp/libpthread.so.0
#6 0x40f29ec8 in clone () from /lib/vfp/libc.so.6
Backtrace stopped: frame did not save the PC
Thread 3 (Thread 0x435bf430 (LWP 24367)):
#0 0x402a35d8 in pthread_cond_timedwait@@GLIBC_2.4 () from
/lib/vfp/libpthread.so.0
#1 0x402782d4 in ?? () from /usr/lib/libnspr4.so
#2 0x40278dd8 in PR_WaitCondVar () from /usr/lib/libnspr4.so
#3 0x401adab0 in TimerThread::Run (this=0x63570) at TimerThread.cpp:318
#4 0x401aaa88 in nsThread::Main (arg=<value optimized out>) at nsThread.cpp:118
#5 0x4027e58c in ?? () from /usr/lib/libnspr4.so
#6 0x4029e30c in start_thread () from /lib/vfp/libpthread.so.0
#7 0x40f29ec8 in clone () from /lib/vfp/libc.so.6
Backtrace stopped: frame did not save the PC
Thread 2 (Thread 0x42291430 (LWP 24365)):
#0 0x40f20664 in poll () from /lib/vfp/libc.so.6
#1 0x4027a94c in ?? () from /usr/lib/libnspr4.so
#2 0x419adc14 in nsSocketTransportService::Poll (this=<value optimized out>,
interval=0x42290d5c) at nsSocketTransportService2.cpp:361
#3 0x419adf54 in nsSocketTransportService::Run (this=0xfde98) at
nsSocketTransportService2.cpp:578
#4 0x401aaa88 in nsThread::Main (arg=<value optimized out>) at nsThread.cpp:118
#5 0x4027e58c in ?? () from /usr/lib/libnspr4.so
#6 0x4029e30c in start_thread () from /lib/vfp/libpthread.so.0
#7 0x40f29ec8 in clone () from /lib/vfp/libc.so.6
Backtrace stopped: frame did not save the PC
Thread 1 (Thread 0x412365f0 (LWP 24364)):
#0 0x40033e04 in JS_GetClass (cx=0x2e6eb0, obj=0x0) at jsapi.c:2288
#1 0x43c0a23c in nsDOMClassInfo::PostCreate (this=0x31ecc0, wrapper=0x45c550,
cx=0x2e6eb0, obj=0x455508) at nsDOMClassInfo.cpp:3229
#2 0x418c7250 in XPCWrappedNative::GetNewOrUsed (ccx=<value optimized out>,
Object=<value optimized out>, Scope=<value optimized out>, Interface=0x16c510,
isGlobal=4533528, resultWrapper=0xbeeabac8) at xpcwrappednative.cpp:466
#3 0x418a6d74 in XPCConvert::NativeInterface2JSObject (c...@0xbeeabb20,
dest=0xbeeabbc8, src=0x452e0c, iid=0x43d27f14, scope=0xbeeabbb4,
allowNativeWrapper=0, isGlobal=1, pErr=0xbeeabbc4) at xpcconvert.cpp:1078
#4 0x4188d720 in nsXPConnect::InitClassesWithNewWrappedGlobal (this=<value
optimized out>, aJSContext=0x2e6eb0, aCOMObj=0x452e0c, aIID=<value optimized
out>, aFlags=3203054828, _retval=0x43bec6d4) at nsXPConnect.cpp:534
#5 0x43bec6d4 in nsGlobalWindow::SetNewDocument (this=0x2e6200,
aDocument=0x33d2b0, aState=0x0, aRemoveEventListeners=<value optimized out>,
aClearScopeHint=1, aIsInternalCall=1136576800) at nsGlobalWindow.cpp:1199
#6 0x43bec920 in nsGlobalWindow::SetNewDocument (this=0x2e6eb0, aDocument=0x0,
aState=0x4, aRemoveEventListeners=4575348, aClearScopeHint=1) at
nsGlobalWindow.cpp:918
#7 0x4386b38c in DocumentViewerImpl::InitInternal (this=0x343b10,
aParentWidget=<value optimized out>, aState=<value optimized out>,
aDeviceContext=<value optimized out>, aboun...@0xbeeabf54, aDoCreation=1,
aInPrintPreview=-1091911852) at nsDocumentViewer.cpp:854
#8 0x4386bbbc in DocumentViewerImpl::Init (this=0x2e6eb0, aParentWidget=0x0,
aDeviceContext=0x4386bbbc, aBounds=<value optimized out>) at
nsDocumentViewer.cpp:637
#9 0x424920d8 in nsDocShell::SetupNewViewer (this=0x2624a0, aNewViewer=<value
optimized out>) at nsDocShell.cpp:6155
#10 0x4248afc4 in nsDocShell::Embed (this=0x2624a0, aContentViewer=0x343b10,
aCommand=<value optimized out>, aExtraInfo=<value optimized out>) at
nsDocShell.cpp:4660
#11 0x42494760 in nsDocShell::CreateAboutBlankContentViewer (this=0x2624a0) at
nsDocShell.cpp:5065
#12 0x424950dc in nsDocShell::EnsureContentViewer (this=0x2624a0) at
nsDocShell.cpp:4944
#13 0x4249d744 in nsDocShell::GetInterface (this=0x2624a0, ai...@0x43d2f760,
aSink=0xbeeac188) at nsDocShell.cpp:428
#14 0x401455b4 in nsGetInterface::operator() (this=0xbeeac1a4,
ai...@0x43d2f760, aInstancePtr=0xbeeac188) at nsIInterfaceRequestorUtils.cpp:53
#15 0x439c9320 in nsCOMPtr<nsIDOMDocument>::assign_from_helper
(this=0xbeeac1b0, helper=<value optimized out>, aIID=<value optimized out>) at
../../../dist/include/xpcom/nsCOMPtr.h:1292
#16 0x439ca1b8 in nsCOMPtr (this=0xbeeac1b0, help...@0xbeeac1a4) at
../../../dist/include/xpcom/nsCOMPtr.h:694
#17 0x43bd4bc8 in nsGlobalWindow::GetDocument (this=<value optimized out>,
aDocument=0xbeeac1d4) at nsGlobalWindow.cpp:1970
#18 0x42d38ac4 in nsWindowWatcher::URIfromURL (aURL=0x33cbc0
"chrome://messenger/content/", aParent=<value optimized out>, aURI=0xbeeac518)
at nsWindowWatcher.cpp:1329
#19 0x42d392a4 in nsWindowWatcher::OpenWindowJSInternal (this=<value optimized
out>, aParent=0x0, aUrl=0x33cbc0 "chrome://messenger/content/", aName=0x33cbf8
"_blank", aFeatures=0x33d160 "chrome,dialog=no,all", aDialog=1, argc=1,
argv=0x3407a4, aCalledFromJS=0, _retval=0x3407a4) at nsWindowWatcher.cpp:577
#20 0x42d3a914 in nsWindowWatcher::OpenWindow (this=0x159038, aParent=0x0,
aUrl=0x33cbc0 "chrome://messenger/content/", aName=0x33cbf8 "_blank",
aFeatures=0x33d160 "chrome,dialog=no,all", aArguments=0x401ca2f4,
_retval=0xbeeac730) at nsWindowWatcher.cpp:478
#21 0x401ca2f4 in XPTC_InvokeByIndex (that=<value optimized out>,
methodIndex=0, paramCount=4, params=0x45d074) at xptcinvoke_arm.cpp:217
#22 0xbeeac784 in ?? ()
Cannot access memory at address 0x0
(gdb) info registers
r0 0x2e6eb0 3042992
r1 0x0 0
r2 0x4 4
r3 0x45d074 4575348
r4 0xde1e8 909800
r5 0x43f5d8a0 1140185248
r6 0xbeeab998 3203053976
r7 0x31ecc0 3271872
r8 0x45c550 4572496
r9 0x455508 4543752
r10 0x2e6eb0 3042992
r11 0x16c510 1492240
r12 0x43f533a4 1140143012
sp 0xbeeab93c 0xbeeab93c
lr 0x43c0a23c 1136697916
pc 0x40033e04 0x40033e04 <JS_GetClass+8>
fps 0x0 0
cpsr 0x60000010 1610612752
(gdb)
--
[armel] thunderbird-bin crashed with SIGSEGVI
https://bugs.launchpad.net/bugs/385325
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
