https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224917
Bug ID: 224917 Summary: www/firefox: bus error on stable/10 with 57.0.3,1 Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ge...@freebsd.org Reporter: jil...@freebsd.org Flags: maintainer-feedback?(ge...@freebsd.org) Assignee: ge...@freebsd.org Created attachment 189422 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=189422&action=edit gdb output After upgrading firefox from 57.0.2_1,1 to 57.0.3,1 it started crashing with bus error frequently (in particular on the about:sessionrestore page but also elsewhere). This is stable/10 amd64 with packages from pkg.freebsd.org. The machine also uses nvidia-driver 384.98. What happens is that clang has decided to combine two 64-bit stores in mozilla::ipc::MessageChannel::Clear() in libxul.so into one aligned 128-bit store (movaps). However, the object is actually not 128-bit aligned and a general protection fault occurs in the main firefox process. Some gdb output is in an attachment. As a result, various child processes crash in mozilla::ipc::MessageChannel::OnChannelErrorFromLink(). I think these crashes are a direct result of the original crash, and not interesting by themselves. The insufficient alignment could be because of a disagreement between various pieces of code about what the alignment should be or because the pointer is bogus. Assuming it is the former, I have modified one byte in /usr/local/lib/firefox/libxul.so to change the movaps instruction to movups so it will work with any alignment. With this change, firefox runs stably again for me (note that, on this machine, I have many tabs open but I do not leave firefox running for more than a day). More details about the workaround: --- /tmp/zshXpplPs 2018-01-03 23:47:31.929337000 +0100 +++ /tmp/zshxVT4SU 2018-01-03 23:47:31.929702000 +0100 @@ -1,5 +1,5 @@ -/usr/local/lib/firefox/libxul.so: file format elf64-x86-64-freebsd +libxul.so.fixed: file format elf64-x86-64-freebsd Disassembly of section .init: @@ -1231701,7 +1231701,7 @@ cebf90: e8 8b bf 00 00 callq cf7f20 <_ZNSt3__16__treeINS_12__value_typeImN7mozilla3ipc14MessageChannel13PromiseHolderEEENS_19__map_value_compareImS6_NS_4lessImEELb1EEENS_9allocatorIS6_EEE7destroyEPNS_11__tree_nodeIS6_PvEE> cebf95: 4d 89 be 08 01 00 00 mov %r15,0x108(%r14) cebf9c: 0f 57 c0 xorps %xmm0,%xmm0 - cebf9f: 41 0f 29 86 10 01 00 movaps %xmm0,0x110(%r14) + cebf9f: 41 0f 11 86 10 01 00 movups %xmm0,0x110(%r14) cebfa6: 00 cebfa7: 49 c7 46 38 00 00 00 movq $0x0,0x38(%r14) cebfae: 00 root@lion /home/jilles# cmp -l /root/libxul.so.orig /usr/local/lib/firefox/libxul.so 13549474 51 21 -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-gecko@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-gecko To unsubscribe, send any mail to "freebsd-gecko-unsubscr...@freebsd.org"