I can confirm this bug started to bite me only recently (~May-June), and
have been a long-time icedove user. Some unique aspects of my environment:
* I often send and receive S/MIME digitally signed messages (though
the crash isn't always when encountering a signed message)
* 3 accounts are set up, with only 2 being active. Both are POP-3,
and use STARTTLS security
* Crashes usually occur when browsing the message list, though it has
occurred while AFK as well
* 3 relatively simple on-receive message filters which check for a
message header field and move the message accordingly
I have 10 backtraces from the segfault; alas, only 2 different sets of
backtraces are shared across all 10 entries. I can send all 10
backtraces if it is requested, but here are the 2 that were duplicated
(each was seen twice):
Program received signal SIGSEGV, Segmentation fault.
0x00007fffcf1bd920 in ?? ()
(gdb) where
#0 0x00007fffcf1bd920 in ?? ()
#1 0x00007ffff1cff9fb in nsDisplayItem::GetClippedBounds
(this=this@entry=0x7fffcc934180, aBuilder=aBuilder@entry=0x7fffffffbf08)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsDisplayList.cpp:2143
#2 0x00007ffff1d00cb7 in nsDisplayItem::RecomputeVisibility
(this=0x7fffcc934180, aBuilder=aBuilder@entry=0x7fffffffbf08,
aVisibleRegion=aVisibleRegion@entry=0x7fffffffb388)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsDisplayList.cpp:2120
#3 0x00007ffff1cdee1a in
mozilla::FrameLayerBuilder::RecomputeVisibilityForItems (aItems=...,
aBuilder=aBuilder@entry=0x7fffffffbf08, aRegionToDraw=..., aOffset=...,
aAppUnitsPerDevPixel=<optimized out>, aXScale=<optimized out>,
aYScale=<optimized out>) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/FrameLayerBuilder.cpp:5562
#4 0x00007ffff1cf098b in mozilla::FrameLayerBuilder::DrawPaintedLayer
(aLayer=0x7fffcefdfc00, aContext=0x7fffcd744c80, aRegionToDraw=...,
aDirtyRegion=...,
aClip=<optimized out>, aRegionToInvalidate=...,
aCallbackData=0x7fffffffbf08) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/FrameLayerBuilder.cpp:5799
#5 0x00007ffff0f47c0f in
mozilla::layers::ClientPaintedLayer::PaintThebes (this=0x7fffcefdfc00)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/gfx/layers/client/ClientPaintedLayer.cpp:100
#6 0x00007ffff0f48fa2 in
mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback
(this=0x7fffcefdfc00, aReadback=0x7fffffffb760)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/gfx/layers/client/ClientPaintedLayer.cpp:148
#7 0x00007ffff0f482a5 in
mozilla::layers::ClientContainerLayer::RenderLayer (this=0x7fffcd61e000)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/gfx/layers/client/ClientContainerLayer.h:65
#8 0x00007ffff0f482a5 in
mozilla::layers::ClientContainerLayer::RenderLayer (this=0x7fffd0ef2800)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/gfx/layers/client/ClientContainerLayer.h:65
#9 0x00007ffff0f459c9 in
mozilla::layers::ClientLayerManager::EndTransactionInternal
(this=this@entry=0x7fffccf27480,
aCallback=aCallback@entry=0x7ffff1cf0318
<mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*,
gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::$
#10 0x00007ffff0f50c04 in
mozilla::layers::ClientLayerManager::EndTransaction (this=0x7fffccf27480,
aCallback=0x7ffff1cf0318
<mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*,
gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> co$
aCallbackData=0x7fffffffbf08,
aFlags=mozilla::layers::LayerManager::END_DEFAULT) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/gfx/layers/client/ClientLayerManager.cpp:325
#11 0x00007ffff1d1ac38 in nsDisplayList::PaintRoot (this=0x7fffffffbd18,
aBuilder=0x7fffffffbf08, aCtx=<optimized out>, aFlags=13)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsDisplayList.cpp:1754
#12 0x00007ffff1d55578 in nsLayoutUtils::PaintFrame
(aRenderingContext=0x7fffffffb290, aRenderingContext@entry=0x0,
aFrame=0x7fffcfc2da50, aDirtyRegion=..., aBackstop=4294947471,
aBackstop@entry=4294967295, aFlags=4294950208) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsLayoutUtils.cpp:3389
#13 0x00007ffff1d5a47d in PresShell::Paint (this=0x7fffdb383400,
aViewToPaint=aViewToPaint@entry=0x7fffda743680, aDirtyRegion=...,
aFlags=aFlags@entry=1)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsPresShell.cpp:6105
#14 0x00007ffff1b7c884 in nsViewManager::ProcessPendingUpdatesPaint
(this=0x7fffcf7fa180, aWidget=aWidget@entry=0x7fffcde0a660)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/view/nsViewManager.cpp:467
#15 0x00007ffff1b7ca33 in nsViewManager::ProcessPendingUpdatesForView
(this=<optimized out>, aView=<optimized out>,
aFlushDirtyRegion=aFlushDirtyRegion@entry=true)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/view/nsViewManager.cpp:398
#16 0x00007ffff1b7cae3 in nsViewManager::ProcessPendingUpdates
(this=this@entry=0x7fffcf7fa180) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/view/nsViewManager.cpp:1101
#17 0x00007ffff1cd55a4 in nsRefreshDriver::Tick (this=0x7fffd2d8e000,
aNowEpoch=aNowEpoch@entry=1470760923593605, aNowTime=...)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:1857
#18 0x00007ffff1cd5884 in mozilla::RefreshDriverTimer::TickDriver
(driver=<optimized out>, jsnow=jsnow@entry=1470760923593605, now=...,
now@entry=...)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:264
#19 0x00007ffff1cd59b1 in
mozilla::RefreshDriverTimer::TickRefreshDrivers
(aJsNow=aJsNow@entry=1470760923593605, aNow=aNow@entry=...,
aDrivers=..., this=0x7fffda234650)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:236
#20 0x00007ffff1cd5a59 in mozilla::RefreshDriverTimer::Tick
(this=0x7fffda234650, jsnow=1470760923593605, now=...)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:255
#21 0x00007ffff1cd5b74 in RunRefreshDrivers (aTimeStamp=...,
this=0x7fffda234650) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:566
#22
mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver
(this=<optimized out>, aVsyncTimestamp=...)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:486
#23 0x00007ffff1cd01be in
apply<mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver, void
(mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeS$
#24 nsRunnableMethodImpl<void
(mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp),
true, mozilla::TimeStamp>::Run (this=<optimized out>)
at ../../dist/include/nsThreadUtils.h:870
#25 0x00007ffff09542b0 in nsThread::ProcessNextEvent
(this=0x7ffff6b6b6d0, aMayWait=<optimized out>, aResult=0x7fffffffca87)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/xpcom/threads/nsThread.cpp:972
#26 0x00007ffff096e9e1 in NS_ProcessNextEvent (aThread=<optimized out>,
aMayWait=aMayWait@entry=true)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/xpcom/glue/nsThreadUtils.cpp:297
#27 0x00007ffff0b4e7e0 in mozilla::ipc::MessagePump::Run
(this=0x7ffff6bfd900, aDelegate=0x7ffff6bc4360)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/ipc/glue/MessagePump.cpp:127
#28 0x00007ffff0b3ecdb in RunHandler (this=0x7ffff6bc4360) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/ipc/chromium/src/base/message_loop.cc:227
#29 MessageLoop::Run (this=0x7ffff6bc4360) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/ipc/chromium/src/base/message_loop.cc:201
#30 0x00007ffff1b8eaca in nsBaseAppShell::Run (this=0x7fffffffb290) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/widget/nsBaseAppShell.cpp:156
#31 0x00007ffff2167a0d in nsAppStartup::Run (this=0x7fffe1118d80) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/toolkit/components/startup/nsAppStartup.cpp:281
#32 0x00007ffff219c79e in XREMain::XRE_mainRun
(this=this@entry=0x7fffffffcd28) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/toolkit/xre/nsAppRunner.cpp:4285
#33 0x00007ffff219ca52 in XREMain::XRE_main
(this=this@entry=0x7fffffffcd28, argc=argc@entry=1,
argv=argv@entry=0x7fffffffe228, aAppData=aAppData@entry=0x7fffffffcf28)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/toolkit/xre/nsAppRunner.cpp:4382
#34 0x00007ffff219cc6d in XRE_main (argc=1, argv=0x7fffffffe228,
aAppData=0x7fffffffcf28, aFlags=<optimized out>)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/toolkit/xre/nsAppRunner.cpp:4484
#35 0x0000000000404c37 in do_main (argc=argc@entry=1,
argv=argv@entry=0x7fffffffe228, xreDirectory=0x7ffff6b3c9c0)
at /build/icedove-tNL3mB/icedove-45.1.0/mail/app/nsMailApp.cpp:195
#36 0x00000000004043b7 in main (argc=1, argv=0x7fffffffe228) at
/build/icedove-tNL3mB/icedove-45.1.0/mail/app/nsMailApp.cpp:332
This backtrace has the same trace for the top 8 entries on the stack;
below that, the callchain differs:
Program received signal SIGSEGV, Segmentation fault.
js::ConstraintTypeSet::sweep (this=this@entry=0x7fffc4f08d80,
zone=0x7fffce0b4800, oom=...) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/vm/TypeInference.cpp:4077
4077
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/vm/TypeInference.cpp:
No such file or directory.
(gdb) where
#0 js::ConstraintTypeSet::sweep (this=this@entry=0x7fffc4f08d80,
zone=0x7fffce0b4800, oom=...) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/vm/TypeInference.cpp:4077
#1 0x00007ffff294a551 in JSScript::maybeSweepTypes
(this=0x7fffca2d8f30, oom=oom@entry=0x7fffffffc450)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/vm/TypeInference.cpp:4305
#2 0x00007ffff279e405 in SweepThing (oom=0x7fffffffc450,
script=<optimized out>) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsgc.cpp:5361
#3 SweepArenaList<JSScript, js::AutoClearTypeInferenceStateOnOOM*>
(sliceBudget=..., arenasToSweep=0x7fffce0b4cf0)
at /build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsgc.cpp:5376
#4 js::gc::GCRuntime::sweepPhase (this=this@entry=0x7fffe51ab3f8,
sliceBudget=...) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsgc.cpp:5417
#5 0x00007ffff27a309f in js::gc::GCRuntime::incrementalCollectSlice
(this=this@entry=0x7fffe51ab3f8, budget=...,
reason=reason@entry=JS::gcreason::REFRESH_FRAME)
at /build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsgc.cpp:6086
#6 0x00007ffff27a3cca in js::gc::GCRuntime::gcCycle
(this=this@entry=0x7fffe51ab3f8,
nonincrementalByAPI=nonincrementalByAPI@entry=false, budget=...,
reason=reason@entry=JS::gcreason::REFRESH_FRAME) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsgc.cpp:6278
#7 0x00007ffff27a410d in js::gc::GCRuntime::collect
(this=this@entry=0x7fffe51ab3f8,
nonincrementalByAPI=nonincrementalByAPI@entry=false, budget=...,
reason=reason@entry=JS::gcreason::REFRESH_FRAME) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsgc.cpp:6384
#8 0x00007ffff27a58e8 in gcSlice (millis=0,
reason=JS::gcreason::REFRESH_FRAME, this=0x7fffe51ab3f8) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsgc.cpp:6457
#9 notifyDidPaint (this=0x7fffe51ab3f8) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsgc.cpp:6518
#10 JS::NotifyDidPaint (rt=0x7fffe51ab000) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jsfriendapi.cpp:1048
#11 0x00007ffff0d69c08 in nsXPConnect::NotifyDidPaint (this=<optimized
out>) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/xpconnect/src/nsXPConnect.cpp:1063
#12 0x00007ffff1cd55f2 in nsRefreshDriver::Tick (this=0x7fffd13bac00,
aNowEpoch=aNowEpoch@entry=1470758950917929, aNowTime=...)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:1872
#13 0x00007ffff1cd5884 in mozilla::RefreshDriverTimer::TickDriver
(driver=<optimized out>, jsnow=jsnow@entry=1470758950917929, now=...,
now@entry=...)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:264
#14 0x00007ffff1cd59b1 in
mozilla::RefreshDriverTimer::TickRefreshDrivers
(aJsNow=aJsNow@entry=1470758950917929, aNow=aNow@entry=...,
aDrivers=..., this=0x7fffda4fd650)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:236
#15 0x00007ffff1cd5a59 in mozilla::RefreshDriverTimer::Tick
(this=0x7fffda4fd650, jsnow=1470758950917929, now=...)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:255
#16 0x00007ffff1cd5b74 in RunRefreshDrivers (aTimeStamp=...,
this=0x7fffda4fd650) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:566
#17
mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver
(this=<optimized out>, aVsyncTimestamp=...)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/layout/base/nsRefreshDriver.cpp:486
#18 0x00007ffff1cd01be in
apply<mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver, void
(mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeS$
#19 nsRunnableMethodImpl<void
(mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp),
true, mozilla::TimeStamp>::Run (this=<optimized out>)
at ../../dist/include/nsThreadUtils.h:870
#20 0x00007ffff09542b0 in nsThread::ProcessNextEvent
(this=0x7ffff6b6b6d0, aMayWait=<optimized out>, aResult=0x7fffffffca87)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/xpcom/threads/nsThread.cpp:972
#21 0x00007ffff096e9e1 in NS_ProcessNextEvent (aThread=<optimized out>,
aMayWait=aMayWait@entry=false)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/xpcom/glue/nsThreadUtils.cpp:297
#22 0x00007ffff0b4e791 in mozilla::ipc::MessagePump::Run
(this=0x7ffff6bfd900, aDelegate=0x7ffff6bc4360)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/ipc/glue/MessagePump.cpp:95
#23 0x00007ffff0b3ecdb in RunHandler (this=0x7ffff6bc4360) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/ipc/chromium/src/base/message_loop.cc:227
#24 MessageLoop::Run (this=0x7ffff6bc4360) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/ipc/chromium/src/base/message_loop.cc:201
#25 0x00007ffff1b8eaca in nsBaseAppShell::Run (this=0x7fffc4f08d80) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/widget/nsBaseAppShell.cpp:156
#26 0x00007ffff2167a0d in nsAppStartup::Run (this=0x7fffe1118d80) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/toolkit/components/startup/nsAppStartup.cpp:281
#27 0x00007ffff219c79e in XREMain::XRE_mainRun
(this=this@entry=0x7fffffffcd28) at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/toolkit/xre/nsAppRunner.cpp:4285
#28 0x00007ffff219ca52 in XREMain::XRE_main
(this=this@entry=0x7fffffffcd28, argc=argc@entry=1,
argv=argv@entry=0x7fffffffe228, aAppData=aAppData@entry=0x7fffffffcf28)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/toolkit/xre/nsAppRunner.cpp:4382
#29 0x00007ffff219cc6d in XRE_main (argc=1, argv=0x7fffffffe228,
aAppData=0x7fffffffcf28, aFlags=<optimized out>)
at
/build/icedove-tNL3mB/icedove-45.1.0/mozilla/toolkit/xre/nsAppRunner.cpp:4484
#30 0x0000000000404c37 in do_main (argc=argc@entry=1,
argv=argv@entry=0x7fffffffe228, xreDirectory=0x7ffff6b3c9c0)
at /build/icedove-tNL3mB/icedove-45.1.0/mail/app/nsMailApp.cpp:195
#31 0x00000000004043b7 in main (argc=1, argv=0x7fffffffe228) at
/build/icedove-tNL3mB/icedove-45.1.0/mail/app/nsMailApp.cpp:332
Before you ask, no, the crashes aren't reproducable, in that they only
show up once every other day or so, and no given sequence of events will
trigger a SEGV (though selecting messages to view from the folder list
is usually involved). I strongly suspect this is an upstream bug, and
not Debian-specific. Again, I have another ~6 backtraces which show
SEGVs at different locations (I've been running icedove in gdb now for
the last ~3 weeks and have been collecting backtraces on each crash
since then). There are two SEGVs in what appear to be JScript
processing methods, and another two that are inside the
nsJSContext::GarbageCollectNow routine and share a stack above that, but
diverge 5 entries below that call.
