I have no experience with gdb, I hope it helps

LANG=C gdb firefox
GNU gdb (Gentoo 7.10.1 vanilla) 7.10.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from firefox...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/firefox 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe5378700 (LWP 12001)]
[Thread 0x7fffe5378700 (LWP 12001) exited]
[New Thread 0x7fffe5378700 (LWP 12003)]
[New Thread 0x7fffe36c5700 (LWP 12004)]
[New Thread 0x7ffff7fef700 (LWP 12005)]
[New Thread 0x7fffe2ec4700 (LWP 12006)]
[New Thread 0x7fffe24a1700 (LWP 12007)]
[New Thread 0x7fffe22a0700 (LWP 12008)]
[New Thread 0x7fffe209f700 (LWP 12009)]
[New Thread 0x7fffe1e9e700 (LWP 12010)]
[New Thread 0x7fffe1c9d700 (LWP 12011)]
[New Thread 0x7fffe1a9c700 (LWP 12012)]
[New Thread 0x7fffe189b700 (LWP 12013)]
[New Thread 0x7fffe169a700 (LWP 12014)]
[New Thread 0x7fffe1499700 (LWP 12015)]
[New Thread 0x7fffe1298700 (LWP 12016)]
[New Thread 0x7fffe1097700 (LWP 12017)]
[New Thread 0x7fffe0e96700 (LWP 12018)]
[New Thread 0x7fffdfbff700 (LWP 12019)]
[New Thread 0x7fffdf1ff700 (LWP 12020)]
[New Thread 0x7fffde9fe700 (LWP 12021)]
[New Thread 0x7fffdd6ff700 (LWP 12026)]
[New Thread 0x7ffff7f60700 (LWP 12027)]
[New Thread 0x7fffdb950700 (LWP 12028)]
[New Thread 0x7fffdb14f700 (LWP 12029)]
[New Thread 0x7fffda0ff700 (LWP 12030)]
[New Thread 0x7fffd98fe700 (LWP 12031)]
[New Thread 0x7fffd8dff700 (LWP 12032)]
[New Thread 0x7fffd7eff700 (LWP 12033)]
[New Thread 0x7fffd76fe700 (LWP 12034)]
[New Thread 0x7fffd6efd700 (LWP 12035)]
[New Thread 0x7fffd66fc700 (LWP 12036)]
[New Thread 0x7fffd5efb700 (LWP 12037)]
[New Thread 0x7fffd56fa700 (LWP 12038)]
[New Thread 0x7fffd4ef9700 (LWP 12039)]
[New Thread 0x7fffd46f8700 (LWP 12040)]
[New Thread 0x7fffd3ef7700 (LWP 12041)]
[New Thread 0x7fffd36f6700 (LWP 12042)]
[New Thread 0x7fffd2ef5700 (LWP 12043)]
[New Thread 0x7fffd1dff700 (LWP 12044)]
[New Thread 0x7fffd15fe700 (LWP 12045)]
[New Thread 0x7fffd0bff700 (LWP 12046)]
[New Thread 0x7fffd01ff700 (LWP 12047)]
[Thread 0x7fffd98fe700 (LWP 12031) exited]
[Thread 0x7fffd0bff700 (LWP 12046) exited]
[New Thread 0x7fffcf5ff700 (LWP 12048)]
[New Thread 0x7fffd0bff700 (LWP 12049)]
[Thread 0x7fffd0bff700 (LWP 12049) exited]
[New Thread 0x7fffd0bff700 (LWP 12050)]
[Thread 0x7fffd01ff700 (LWP 12047) exited]
[New Thread 0x7fffce6ff700 (LWP 12051)]
[New Thread 0x7fffd01ff700 (LWP 12052)]
[New Thread 0x7fffd98fe700 (LWP 12053)]
[Thread 0x7fffd98fe700 (LWP 12053) exited]
[Thread 0x7fffd0bff700 (LWP 12050) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffcf5ff700 (LWP 12048)]
0x00007ffff40f1383 in ?? () from /usr/lib64/firefox/libxul.so


(gdb) backtrace
#0  0x00007ffff40f1383 in ?? () from /usr/lib64/firefox/libxul.so
#1  0x00007ffff40f500b in ?? () from /usr/lib64/firefox/libxul.so
#2  0x00007ffff402b8a9 in ?? () from /usr/lib64/firefox/libxul.so
#3  0x00007ffff404f504 in ?? () from /usr/lib64/firefox/libxul.so
#4  0x00007ffff4040869 in ?? () from /usr/lib64/firefox/libxul.so
#5  0x00007ffff4043c51 in ?? () from /usr/lib64/firefox/libxul.so
#6  0x00007ffff4043fc1 in ?? () from /usr/lib64/firefox/libxul.so
#7  0x00007ffff404ab38 in ?? () from /usr/lib64/firefox/libxul.so
#8  0x00007ffff4036963 in ?? () from /usr/lib64/firefox/libxul.so
#9  0x00007ffff4043c51 in ?? () from /usr/lib64/firefox/libxul.so
#10 0x00007ffff4043fc1 in ?? () from /usr/lib64/firefox/libxul.so
#11 0x00007ffff40449b1 in ?? () from /usr/lib64/firefox/libxul.so
#12 0x00007ffff3eb05ed in ?? () from /usr/lib64/firefox/libxul.so
#13 0x00007ffff27075fe in ?? () from /usr/lib64/firefox/libxul.so
#14 0x00007ffff291aef7 in ?? () from /usr/lib64/firefox/libxul.so
#15 0x00007ffff2910e73 in ?? () from /usr/lib64/firefox/libxul.so
#16 0x00007ffff291129e in ?? () from /usr/lib64/firefox/libxul.so
#17 0x00007ffff28ef395 in ?? () from /usr/lib64/firefox/libxul.so
#18 0x00007ffff28f3ec5 in ?? () from /usr/lib64/firefox/libxul.so
#19 0x00007ffff28f41a5 in ?? () from /usr/lib64/firefox/libxul.so
#20 0x00007ffff2df1378 in ?? () from /usr/lib64/firefox/libxul.so
#21 0x00007ffff2df14b2 in ?? () from /usr/lib64/firefox/libxul.so
#22 0x00007ffff2dde53d in ?? () from /usr/lib64/firefox/libxul.so
#23 0x00007ffff13ce67b in ?? () from /usr/lib64/firefox/libxul.so
---Type <return> to continue, or q <return> to quit---
#24 0x00007ffff13fa189 in ?? () from /usr/lib64/firefox/libxul.so
#25 0x00007ffff2de1eb7 in ?? () from /usr/lib64/firefox/libxul.so
#26 0x00007ffff2dadc42 in ?? () from /usr/lib64/firefox/libxul.so
#27 0x00007ffff13ce67b in ?? () from /usr/lib64/firefox/libxul.so
#28 0x00007ffff13fa189 in ?? () from /usr/lib64/firefox/libxul.so
#29 0x00007ffff16ced41 in ?? () from /usr/lib64/firefox/libxul.so
#30 0x00007ffff167b190 in ?? () from /usr/lib64/firefox/libxul.so
#31 0x00007ffff13d0904 in ?? () from /usr/lib64/firefox/libxul.so
#32 0x00007ffff00b369f in ?? () from /usr/lib64/libnspr4.so
#33 0x00007ffff7bc44dc in start_thread () from /lib64/libpthread.so.0
#34 0x00007ffff6eb948d in clone () from /lib64/libc.so.6

Comment 2 Michael Palimaka (kensington) 2016-03-10 18:08:40 UTC

Created attachment 427908 [details]
backtrace with symbols

Same issue here, segmentation fault during start-up. The strange thing is that firefox-45.0 was working earlier today, right after I installed it. The only differences between working and segfault (as far as I remember) are a newer kernel (4.4.4->4.4.5) and a reboot. Strange.

Created attachment 427938 [details]
different backtrace

I (consistently) get a different backtrace, but the fault is also in some JS code.

Comment 5 Agostino Sarubbo 2016-03-11 16:32:37 UTC

Created attachment 427980 [details]
another backtrace

Comment 6 Ian Stakenvicius (RETIRED) 2016-03-11 16:37:44 UTC

Does everyone here have USE="jit" disabled?  I noticed both kensington and Frank are on hardened profiles, which means yes;l ago's backtrace info says so as well..

(In reply to Agostino Sarubbo from comment #5)
> Created attachment 427980 [details]
> another backtrace

SIG38 is a real-time event and also appears under normal operation of firefox. I remember this from the last time I run firefox in gdb, but I can't find the source right now. You can use "handle SIG38 noprint" to ignore that signal in gdb. IIRC there was a second signal (SIG37? SIG39?) that should also be ignored.


(In reply to Ian Stakenvicius from comment #6)
> Does everyone here have USE="jit" disabled?  I noticed both kensington and
> Frank are on hardened profiles, which means yes;l ago's backtrace info says
> so as well..

I am also on a hardened profile, jit disabled.


# emerge -pqv =www-client/firefox-45.0::gentoo 
[ebuild     U ] www-client/firefox-45.0 [44.0.2] USE="dbus ffmpeg gstreamer hardened hwaccel jemalloc3 startup-notification system-cairo system-icu system-jpeg system-libvpx system-sqlite {test} -bindist -custom-cflags -custom-optimization -debug (-gmp-autoupdate) -gstreamer-0 -gtk3 -jit (-neon) (-pgo) -pulseaudio (-selinux) -system-libevent -wifi" LINGUAS="-af -ar -as -ast -be -bg -bn_BD -bn_IN -br -bs -ca -cs -cy -da -de -el -en_GB -en_ZA -eo -es_AR -es_CL -es_ES -es_MX -et -eu -fa -fi -fr -fy_NL -ga_IE -gd -gl -gu_IN -he -hi_IN -hr -hu -hy_AM -id -is -it -ja -kk -km -kn -ko -lt -lv -mai -mk -ml -mr -nb_NO -nl -nn_NO -or -pa_IN -pl -pt_BR -pt_PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv_SE -ta -te -th -tr -uk -vi -xh -zh_CN -zh_TW" 

 # emerge --info
Portage 2.2.28 (python 3.4.3-final-0, hardened/linux/amd64/no-multilib, gcc-5.3.0, glibc-2.22-r2, 4.4.5 x86_64)
=================================================================
System uname: Linux-4.4.5-x86_64-Intel-R-_Core-TM-_i7-3720QM_CPU_@_2.60GHz-with-gentoo-2.2
KiB Mem:    16399572 total,  10219368 free
KiB Swap:   17825788 total,  17825788 free
Timestamp of repository gentoo: Fri, 11 Mar 2016 16:30:01 +0000
sh bash 4.3_p42-r2
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
app-shells/bash:          4.3_p42-r2::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.22.1::gentoo
dev-lang/python:          2.7.11-r2::gentoo, 3.4.3-r7::gentoo
dev-util/cmake:           3.5.0::gentoo
dev-util/pkgconfig:       0.29.1::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.20.5::gentoo
sys-apps/sandbox:         2.10-r1::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r2::gentoo
sys-devel/automake:       1.14.1-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo
sys-devel/gcc:            4.7.4::gentoo, 4.9.3::gentoo, 5.3.0::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r2::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc:           2.22-r2::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000

local
    location: /var/lib/portage-local/local
    masters: gentoo
    priority: 0

testing
    location: /var/lib/portage-local/testing
    masters: gentoo
    priority: 1

science
    location: /var/lib/layman/science
    masters: gentoo
    priority: 50

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -mtune=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -mtune=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps=y"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs cgroup collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync network-sandbox news parallel-fetch preserve-libs protect-owned sandbox sfperms strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
MAKEOPTS="-j8"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 acl acpi alsa amd64 avx berkdb bzip2 cairo caps cdda cddb cdparanoia cli cracklib crypt cups cxx dbus dri dts dvd fam ffmpeg fftw flac fontconfig foomaticdb gdbm gif gimp gmp gnutls gtk hardened iconv icu idn ipv6 jpeg justify lame lcms libnotify lzma mad matroska mmap mmx mmxext modules mp3 mpeg ncurses networkmanager nptl ogg opengl openmp pam pcre pie png policykit ppds readline sasl sdl seccomp session sse sse2 sse3 sse4 sse4_1 sse4_2 ssl ssp ssse3 startup-notification svg tcpd theora threads tiff truetype udev udisks unicode upower vaapi vorbis wayland x264 xattr xcb xml xtpax xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="i965 intel nouveau" XFCE_PLUGINS="power" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

I'm using Hardened Gentoo profile, with JIT disabled, and GCC 5. After just upgraded to FireFox 45, I got a series of xul crashes, and then GTK crashes. I disabled GTK-3 in order to get rid of the GTK crashes, the final reproducible crash was within its JavaScript engine,

Thread 67 "DOM Worker" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x388ce3d2700 (LWP 25275)]
js::TypedArrayObject::getElement (this=0x388ccc7ae20, index=0)
    at /mnt/compile/compile/portage/www-client/firefox-45.0/work/firefox-45.0/js/src/vm/TypedArrayObject.cpp:1792
1792            return Uint8ClampedArray::getIndexValue(this, index);
(gdb) bt
#0  js::TypedArrayObject::getElement (this=0x388ccc7ae20, index=0)
    at /mnt/compile/compile/portage/www-client/firefox-45.0/work/firefox-45.0/js/src/vm/TypedArrayObject.cpp:1792
#1  0x00000388fa438ef6 in js::NativeObject::getDenseOrTypedArrayElement (this=<optimized out>, idx=<optimized out>)
    at /mnt/compile/compile/portage/www-client/firefox-45.0/work/firefox-45.0/js/src/vm/NativeObject-inl.h:240
#2  0x00000388fa418d06 in NativeGetPropertyInline<(js::AllowGC)0> (vp=..., nameLookup=NotNameLookup, id=..., receiver=..., obj=<optimized out>, 
    cx=0x388cdf63000) at /mnt/compile/compile/portage/www-client/firefox-45.0/work/firefox-45.0/js/src/vm/NativeObject.cpp:1931
#3  js::NativeGetPropertyNoGC (cx=0x388cdf63000, obj=<optimized out>, receiver=..., id=..., vp=0x388ccedc468)
    at /mnt/compile/compile/portage/www-client/firefox-45.0/work/firefox-45.0/js/src/vm/NativeObject.cpp:1975
#4  0x00000388fa12f880 in js::GetPropertyNoGC (vp=<optimized out>, id=..., receiver=..., obj=<optimized out>, cx=<optimized out>)
    at /mnt/compile/compile/portage/www-client/firefox-45.0/work/firefox-45.0/js/src/vm/NativeObject.h:1479
#5  js::GetElementNoGC (cx=<optimized out>, obj=<optimized out>, receiver=..., index=<optimized out>, vp=<optimized out>)
    at /mnt/compile/compile/portage/www-client/firefox-45.0/work/firefox-45.0/js/src/jsobjinlines.h:210

I checked TypedArrayObject.cpp, and I found this file was refactored in FireFox 45, so it likely the root of the issue. But I can't see any obvious memory corruption.

Maybe there is a memory corruption or undefined behaviour, but unaffected normal users until a Hardened Gentoo system uncovered it...

It seems that the issue is only presented without JIT. After enabled JIT the issue disappeared, looks like a regression that was never tested.

(In reply to Tom Li from comment #9)
> It seems that the issue is only presented without JIT. After enabled JIT the
> issue disappeared, looks like a regression that was never tested.

I can confirm with JIT Useflag enabled, firefox did not crash anymore.

Same setup here (firefox-45 on hardened profile, now with jit enabled). I am seeing fewer (but still some) crashes. Based on some information from this bug upstream:https://bugzilla.mozilla.org/show_bug.cgi?id=1136417 , I exported MOZ_X_SYNC to the environment. Following that, I have seen even fewer crashes. I am not sure what these tea leaves say, but hopefully that information can be helpful to someone.

Comment 12 Ian Stakenvicius (RETIRED) 2016-03-12 14:28:57 UTC

(In reply to gentoo from comment #11)
> Same setup here (firefox-45 on hardened profile, now with jit enabled). I am
> seeing fewer (but still some) crashes. Based on some information from this
> bug upstream:https://bugzilla.mozilla.org/show_bug.cgi?id=1136417 , I
> exported MOZ_X_SYNC to the environment. Following that, I have seen even
> fewer crashes. I am not sure what these tea leaves say, but hopefully that
> information can be helpful to someone.

That particular upstream bug relates to using system-cairo with firefox; that's a separate issue that is unlikeyu to be resolved any time soon -- the issue there actually seems to be that system-cairo is too new, rather than too old:  mozilla uses a -heavily- patched cairo 1.9 , compared to 1.14.x which is the oldest availble in the gentoo repo.

If anyone on this bug is seeing crashes with system-cairo enabled but otherwise not, please see bug

Comment 13 Ian Stakenvicius (RETIRED) 2016-03-12 14:38:20 UTC

(In reply to Ian Stakenvicius from comment #12)
> (In reply to gentoo from comment #11)
> > Same setup here (firefox-45 on hardened profile, now with jit enabled). I am
> > seeing fewer (but still some) crashes. Based on some information from this
> > bug upstream:https://bugzilla.mozilla.org/show_bug.cgi?id=1136417 , I
> > exported MOZ_X_SYNC to the environment. Following that, I have seen even
> > fewer crashes. I am not sure what these tea leaves say, but hopefully that
> > information can be helpful to someone.
> 
> That particular upstream bug relates to using system-cairo with firefox;
> that's a separate issue that is unlikeyu to be resolved any time soon -- the
> issue there actually seems to be that system-cairo is too new, rather than
> too old:  mozilla uses a -heavily- patched cairo 1.9 , compared to 1.14.x
> which is the oldest availble in the gentoo repo.
> 
> If anyone on this bug is seeing crashes with system-cairo enabled but
> otherwise not, please see bug

... bug 558150

Comment 14 Ian Stakenvicius (RETIRED) 2016-03-12 19:38:45 UTC

Hey all -- ok so I made some progress.  The crash is caused by a 'MOZ_CRASH()' assertion in the firefox-codebase for the "none" jit.  (FYI - you can't actually build firefox or spidermonkey without jit anymore, what you can do is either --enable-ion which gives you ion-jit, or --disable-ion which gives you none-jit)

Anyhow, it seems that the AtomicOperations.h file needs to include a platform-specific header file for the arch the code is running on, even if using none-jit.  Fedora "fixed" this for ppc64 by including the ppc.h header instead of the none.h header; i've attempted the same workaround for x86 and x86_64.  I *don't* know if this is sufficient, or if it will end up enabling code that forces MPROTECT to be disabled on firefox, so testing is needed.

I've added the patches to firefox-45.0 on mozilla-overlay, please test.

Created attachment 428248 [details]
ia64 backtrace

Comment 16 Ian Stakenvicius (RETIRED) 2016-03-14 20:11:01 UTC

commit 2e9de7d3b2f0b047e8c5574c63b15ca00e7b920d
Author: Ian Stakenvicius <axs@gentoo.org>
Date:   Mon Mar 14 16:06:56 2016 -0400

    www-client/firefox-45.0: fix runtime crashes when built with USE=-jit
    
    Addressed the issue by adding ppc{,64} and x86{,_64} specific platform header
    definitions to nonejit instead of using the MOZ_CRASH-enforcing stub.
 

Thanks to kensington for being a guineapig!

Please note that right now only amd64, ppc, ppc64 and x86 are supported with USE="-jit" in this fashion.  Other platforms may or may not work as-is, I haven't been able to test.  Please reopen this bug if your platform continues to crash with USE="-jit"

Comment 17 Ian Stakenvicius (RETIRED) 2016-03-14 20:14:18 UTC

*** Bug 577280 has been marked as a duplicate of this bug. ***

I _think_ I'm also running into this issue on ia64 arch (attachment #428248 [details]). This is a regression from firefox-44.0.2 here too.

(In reply to Ian Stakenvicius from comment #14)
> Hey all -- ok so I made some progress.  The crash is caused by a
> 'MOZ_CRASH()' assertion in the firefox-codebase for the "none" jit.  (FYI -
> you can't actually build firefox or spidermonkey without jit anymore, what
> you can do is either --enable-ion which gives you ion-jit, or --disable-ion
> which gives you none-jit)

And what about arches that don't have JIT? BTW, use flags seem unchanged between firefox-44.0.2 and firefox-45.0 (emerge -pqv output):

[ebuild     U ] www-client/firefox-45.0 [44.0.2] USE="dbus gmp-autoupdate gstrea
mer hwaccel jemalloc3 jit pulseaudio startup-notification -bindist -custom-cflag
s (-custom-optimization) -debug -ffmpeg -gstreamer-0 -gtk3 -hardened (-neon) (-p
go) (-selinux) -system-cairo -system-icu -system-jpeg -system-libevent -system-l
ibvpx -system-sqlite {-test} (-wifi)" LINGUAS="fr -af -ar -as -ast -be -bg -bn_B
D -bn_IN -br -bs -ca -cs -cy -da -de -el -en_GB -en_ZA -eo -es_AR -es_CL -es_ES 
-es_MX -et -eu -fa -fi -fy_NL -ga_IE -gd -gl -gu_IN -he -hi_IN -hr -hu -hy_AM -i
d -is -it -ja -kk -km -kn -ko -lt -lv -mai -mk -ml -mr -nb_NO -nl -nn_NO -or -pa
_IN -pl -pt_BR -pt_PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv_SE -ta -te -th -t
r -uk -vi -xh -zh_CN -zh_TW"

jit flag was set for firefox-44.0.2 (running fine) as well as firefox-45.0 (crashing).

> Anyhow, it seems that the AtomicOperations.h file needs to include a
> platform-specific header file for the arch the code is running on, even if
> using none-jit.  Fedora "fixed" this for ppc64 by including the ppc.h header
> instead of the none.h header; i've attempted the same workaround for x86 and
> x86_64.  I *don't* know if this is sufficient, or if it will end up enabling
> code that forces MPROTECT to be disabled on firefox, so testing is needed.
> 
> I've added the patches to firefox-45.0 on mozilla-overlay, please test.

Well, I wish I could. But I don't know what to do for ia64. Patches on mozilla-overlay are for ppc64 and x86 arches.

     Émeric

Comment 19 Ian Stakenvicius (RETIRED) 2016-03-14 22:48:49 UTC

(In reply to Émeric Maschino from comment #18)
> (In reply to Ian Stakenvicius from comment #14)
> > Hey all -- ok so I made some progress.  The crash is caused by a
> > 'MOZ_CRASH()' assertion in the firefox-codebase for the "none" jit.  (FYI -
> > you can't actually build firefox or spidermonkey without jit anymore, what
> > you can do is either --enable-ion which gives you ion-jit, or --disable-ion
> > which gives you none-jit)
> 
> And what about arches that don't have JIT? BTW, use flags seem unchanged
> between firefox-44.0.2 and firefox-45.0 (emerge -pqv output):
> [...]
> 
> Well, I wish I could. But I don't know what to do for ia64. Patches on
> mozilla-overlay are for ppc64 and x86 arches.
> 

Because there isn't a platform-specific jit already coded for ia64, the ia64 community at large needs to code support for it.  

x86/amd64/ppc/ppc64 are easy to fix for the USE="-jit" case because there are already full jit implementations, but for ia64 and hppa there just isn't a jit implementation of AtomicOperations.h to leverage.  (I'm not sure about arm/arm64, jit is available but i don't know if there's a need for having jit disabled)

If you want to take a stab at it, take a look at ${S}/js/src/jit/none/AtomicOperations-none.h , and one of the platform-specific variants (such as ${S}/js/src/jit/none/AtomicOperations-ppc.h ), and then you'll have to look up the operations for the ia64 platform.  At least, that's what i intend to do when i have the time.

@Ian
Thank you very much.
But i think you forgot to upload the new patch archiv firefox-45.0-patches-02.tar.xz:

 Fetching (1 of 1) www-client/firefox-45.0::gentoo
 * firefox-45.0-de.xpi SHA256 SHA512 WHIRLPOOL size ;-) ...                                                                                                        [ ok ]
>>> Downloading 'http://distfiles.gentoo.org/distfiles/firefox-45.0-patches-02.tar.xz'
--2016-03-14 23:55:36--  http://distfiles.gentoo.org/distfiles/firefox-45.0-patches-02.tar.xz
Resolving distfiles.gentoo.org... 64.50.236.52, 140.211.166.134, 137.226.34.46, ...
Connecting to distfiles.gentoo.org|64.50.236.52|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-03-14 23:55:36 ERROR 404: Not Found.

>>> Downloading 'https://dev.gentoo.org/~polynomial-c/mozilla/patchsets/firefox-45.0-patches-02.tar.xz'
--2016-03-14 23:55:36--  https://dev.gentoo.org/~polynomial-c/mozilla/patchsets/firefox-45.0-patches-02.tar.xz
Resolving dev.gentoo.org... 140.211.166.183, 2001:470:ea4a:1:5054:ff:fec7:86e4
Connecting to dev.gentoo.org|140.211.166.183|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-03-14 23:55:37 ERROR 404: Not Found.

>>> Downloading 'https://dev.gentoo.org/~axs/mozilla/patchsets/firefox-45.0-patches-02.tar.xz'
--2016-03-14 23:55:37--  https://dev.gentoo.org/~axs/mozilla/patchsets/firefox-45.0-patches-02.tar.xz
Resolving dev.gentoo.org... 140.211.166.183, 2001:470:ea4a:1:5054:ff:fec7:86e4
Connecting to dev.gentoo.org|140.211.166.183|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-03-14 23:55:38 ERROR 404: Not Found.

>>> Downloading 'https://dev.gentoo.org/~anarchy/mozilla/patchsets/firefox-45.0-patches-02.tar.xz'
--2016-03-14 23:55:38--  https://dev.gentoo.org/~anarchy/mozilla/patchsets/firefox-45.0-patches-02.tar.xz
Resolving dev.gentoo.org... 140.211.166.183, 2001:470:ea4a:1:5054:ff:fec7:86e4
Connecting to dev.gentoo.org|140.211.166.183|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-03-14 23:55:39 ERROR 404: Not Found.

!!! Couldn't download 'firefox-45.0-patches-02.tar.xz'. Aborting.
 * firefox-45.0.source.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...                                                                                                 [ ok ]
 * Fetch failed for 'www-client/firefox-45.0'

Comment 21 Ian Stakenvicius (RETIRED) 2016-03-14 23:04:53 UTC

(In reply to Frank Krömmelbein from comment #20)
> @Ian
> Thank you very much.
> But i think you forgot to upload the new patch archiv
> firefox-45.0-patches-02.tar.xz:
> 

You're absolutely right -- it's in place now.

Created attachment 452930 [details, diff]
Atomic operations for ia64 (Firefox 45 ESR patch)

Created attachment 452932 [details, diff]
Atomic operations for ia64 (Firefox 49 patch)

(In reply to Ian Stakenvicius from comment #19)
> 
> Because there isn't a platform-specific jit already coded for ia64, the ia64
> community at large needs to code support for it.  
> 
> x86/amd64/ppc/ppc64 are easy to fix for the USE="-jit" case because there
> are already full jit implementations, but for ia64 and hppa there just isn't
> a jit implementation of AtomicOperations.h to leverage.  (I'm not sure about
> arm/arm64, jit is available but i don't know if there's a need for having
> jit disabled)
> 
> If you want to take a stab at it, take a look at
> ${S}/js/src/jit/none/AtomicOperations-none.h , and one of the
> platform-specific variants (such as
> ${S}/js/src/jit/none/AtomicOperations-ppc.h ), and then you'll have to look
> up the operations for the ia64 platform.  At least, that's what i intend to
> do when i have the time.

OK, I got the point. It wasn't that difficult in the end, thanks to the PPC/PPC64 and SPARC people who required similar patches (see upstream bug #1232150).

So, dear maintainers, please apply the patches in attachment 452930 [details, diff] and attachment 452932 [details, diff] for Firefox 45 ESR and Firefox 49 currently in portage tree. The same limitations than in PPC/PPC64 and SPARC patches apply.

Firefox 45 ESR is running fine once patched. I can't check for Firefox 49, as build is still failing (bug #582432).

Thanks,

     Émeric

Comment 25 Ian Stakenvicius (RETIRED) 2016-11-10 21:58:32 UTC

(In reply to Émeric Maschino from comment #24)
> (In reply to Ian Stakenvicius from comment #19)
> > 
> > Because there isn't a platform-specific jit already coded for ia64, the ia64
> > community at large needs to code support for it.  
> > 
> > x86/amd64/ppc/ppc64 are easy to fix for the USE="-jit" case because there
> > are already full jit implementations, but for ia64 and hppa there just isn't
> > a jit implementation of AtomicOperations.h to leverage.  (I'm not sure about
> > arm/arm64, jit is available but i don't know if there's a need for having
> > jit disabled)
> > 
> > If you want to take a stab at it, take a look at
> > ${S}/js/src/jit/none/AtomicOperations-none.h , and one of the
> > platform-specific variants (such as
> > ${S}/js/src/jit/none/AtomicOperations-ppc.h ), and then you'll have to look
> > up the operations for the ia64 platform.  At least, that's what i intend to
> > do when i have the time.
> 
> OK, I got the point. It wasn't that difficult in the end, thanks to the
> PPC/PPC64 and SPARC people who required similar patches (see upstream bug
> #1232150).
> 
> So, dear maintainers, please apply the patches in attachment 452930 [details, diff]
> [details, diff] and attachment 452932 [details, diff] [details, diff] for Firefox 45 ESR and
> Firefox 49 currently in portage tree. The same limitations than in PPC/PPC64
> and SPARC patches apply.
> 
> Firefox 45 ESR is running fine once patched. I can't check for Firefox 49,
> as build is still failing (bug #582432).
> 
> Thanks,
> 
>      Émeric

Thank you!!  I'll check these out and get them upstream'ed.

Comment 26 Ian Stakenvicius (RETIRED) 2017-03-22 03:14:28 UTC

Hi Emeric -- so upstream came back with the following, do you think it's sufficient?

https://hg.mozilla.org/mozilla-central/rev/fcc0dffd33b5

(In reply to Ian Stakenvicius from comment #26)
> Hi Emeric -- so upstream came back with the following, do you think it's
> sufficient?
> 
> https://hg.mozilla.org/mozilla-central/rev/fcc0dffd33b5

Hi Ian,

I just rebuilt FF45 ESR, adapting the patch from upstream to check. It's OK, but to make it work on ia64, well, you have to add the missing ia64-specific parts.

In js/src/jit/AtomicOperations.h, add include of the newly introduced AtomicOperations-feeling-lucky.h file, such as:

# elif defined(__alpha__)
#  include "jit/none/AtomicOperations-feeling-lucky.h"
# elif defined(__hppa__)
#  include "jit/none/AtomicOperations-feeling-lucky.h"
# elif defined(__ia64__)
#  include "jit/none/AtomicOperations-feeling-lucky.h"
# elif defined(__sh__)
#  include "jit/none/AtomicOperations-feeling-lucky.h"

jit/none/AtomicOperations-ia64.h, if present, is thus useless and can be safely deleted.

And in the included jit/none/AtomicOperations-feeling-lucky.h common file, add statement for ia64, such as:

#ifdef __alpha__
#  define GNUC_COMPATIBLE
#endif

#ifdef __hppa__
#  define GNUC_COMPATIBLE
#endif

#ifdef __ia64__
#  define GNUC_COMPATIBLE
#endif

#ifdef __sh__
#  define GNUC_COMPATIBLE
#endif

I didn't add the define for 64-bit JS atomics (as in Alpha and HP-PA arches) and FF seems happy without it.

     Émeric

Still problematic with current =www-client/firefox-52.8.0, at least on ia64. But I bet that alpha, hppa and sh arches are in the same boat. Indeed, there's no more AtomicOperations-feeling-lucky.h as introduced in comment #27.

So for example on ia64, precompilation of startup cache segfaults because of this:

Thread 1 "firefox" received signal SIGSEGV, Segmentation fault.
0x200000000e393581 in js::jit::AtomicOperations::storeSafeWhenRacy<double> (val=<optimized out>, addr=<optimized out>) at /var/tmp/portage/www-client/firefox-52.8.0/work/firefox-52.8.0esr/js/src/jit/none/AtomicOperations-none.h:104
104	    MOZ_CRASH();

Do I have to rewrite the patches in comment #24 to fix this issue once again, at least for ia64?

     Émeric

Comment 29 Jory A. Pratt 2018-06-20 21:01:29 UTC

(In reply to Émeric Maschino from comment #28)
> Still problematic with current =www-client/firefox-52.8.0, at least on ia64.
> But I bet that alpha, hppa and sh arches are in the same boat. Indeed,
> there's no more AtomicOperations-feeling-lucky.h as introduced in comment
> #27.
> 
> So for example on ia64, precompilation of startup cache segfaults because of
> this:
> 
> Thread 1 "firefox" received signal SIGSEGV, Segmentation fault.
> 0x200000000e393581 in js::jit::AtomicOperations::storeSafeWhenRacy<double>
> (val=<optimized out>, addr=<optimized out>) at
> /var/tmp/portage/www-client/firefox-52.8.0/work/firefox-52.8.0esr/js/src/jit/
> none/AtomicOperations-none.h:104
> 104	    MOZ_CRASH();
> 
> Do I have to rewrite the patches in comment #24 to fix this issue once
> again, at least for ia64?
> 
>      Émeric

You would be wasting your time to be honest. Firefox-60esr is where all work is being made. firefox-52.x is at EOL and only maintained in the basic bump until it reaches its full EOL>

(In reply to Jory A. Pratt from comment #29)
> 
> You would be wasting your time to be honest. Firefox-60esr is where all work
> is being made. firefox-52.x is at EOL and only maintained in the basic bump
> until it reaches its full EOL>

Problem is that FF 60 isn't keyworded at all on ia64. And this makes sense as it also wants to emerge LLVM/Clang and Rust. These aren't available on ia64... and probably other arches too.

Created attachment 537344 [details, diff]
Atomic operations for ia64 (Firefox 52 ESR patch)

Patch in attachment #537344 [details, diff] applies to current =www-client/firefox-52.8.0. I didn't try =www-client/firefox-52.6.0 that's also in Portage tree. No patch for FF 60 ESR as it requires LLVM/Clang and Rust that are not available on ia64.

     Émeric

Created attachment 634024 [details, diff]
Atomic operations for ia64 (Firefox 52 ESR patch)

Patch updated to latest =www-client/firefox-52.9.0.

Any chance to have my patch (https://bugs.gentoo.org/attachment.cgi?id=634024) commited in Firefox 52 ESR, please?

Firefox 52 ESR is fortunately still in portage tree, as ia64 won't be able to go further, I fear. Newer Firefox versions require Rust and thus LLVM, none of them being available on ia64.

Thanks,

     Émeric