Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 230413 - flash is killing seamonkey and firefox
Summary: flash is killing seamonkey and firefox
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Mozilla Gentoo Team
URL: https://bugzilla.mozilla.org/show_bug...
Whiteboard:
Keywords:
: 232392 233013 234413 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-07-02 01:15 UTC by Enrico 'nekrad' Weigelt
Modified: 2008-11-11 14:07 UTC (History)
12 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
gdb backtrace (firefox-crash,2.16 KB, text/plain)
2008-10-28 00:38 UTC, Rafał Mużyło
Details
curl-7.18.2-nss-thread-safety.patch (curl-7.18.2-nss-thread-safety.patch,1.70 KB, text/plain)
2008-11-01 15:40 UTC, Pacho Ramos
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Enrico 'nekrad' Weigelt 2008-07-02 01:15:05 UTC
When surfing around on certain video sites, seamonkey crashes with segfault. This started after installing flash.

It seems that loading a video twice or loading an video after closing some viewer with another one causes the crash.


Reproducible: Always

Steps to Reproduce:
1.surf around certain video sites
2.click through several videos
3.after a few seconds: boom!
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2008-07-02 14:24:29 UTC
Please post your `emerge --info', `emerge --nodeps -vp seamonkey netscape-flash` and maybe a backtrace of seamonkey crashing on a flash site.
Comment 2 Enrico 'nekrad' Weigelt 2008-07-02 17:30:37 UTC
Portage 2.1.4.4 (default/linux/x86/2008.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.22-gentoo-r9fb i686)
=================================================================
System uname: 2.6.22-gentoo-r9fb i686 AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
Timestamp of tree: Tue, 01 Jul 2008 13:30:01 +0000
ccache version 2.4 [disabled]
app-shells/bash:     3.2_p33
dev-java/java-config: 1.3.7, 2.1.6
dev-lang/python:     2.4.4-r13, 2.5.1-r5
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r2
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /lib/rcscripts/sh /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /usr/share/texmf /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer"
DISTDIR="/var/distfiles"
FEATURES="distlocks metadata-transfer noclean sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="de"
LINGUAS="en de"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--delete-excluded --exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/opt/overlay/oss-qm-overlay /opt/overlay/freenet-overlay /home/crosstool/src/portmap/dist/gentoo /var/overlay"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext acl berkdb bzip2 cli cracklib crypt cups dri fortran gdbm gpm iconv isdnlog midi mmx mmxext mudflap ncurses nls nptl nptlonly openmp pcre perl pppd python readline reflection session spl sse sse2 ssl tcpd unicode x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de" USERLAND="GNU" VIDEO_CARDS="nv dummy fbdev vesa"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Comment 3 Enrico 'nekrad' Weigelt 2008-07-02 17:31:53 UTC
These are the packages that would be merged, in order:

[ebuild   R   ] www-client/seamonkey-1.1.9-r1  USE="crypt gnome java moznocompose moznopango xforms -debug -ipv6 -ldap -mozdevelop -moznoirc -moznomail -moznoroaming -postgres -xinerama -xprint" 35,627 kB 
[ebuild   R   ] net-www/netscape-flash-9.0.115.0  2,962 kB 

Total: 2 packages (2 reinstalls), Size of downloads: 38,588 kB
Comment 4 Enrico 'nekrad' Weigelt 2008-07-02 17:33:11 UTC
Affected verions:

9.0.124.0
9.0.115.0

(the other versions are already masked by profile)
Comment 5 Enrico 'nekrad' Weigelt 2008-07-03 22:42:30 UTC
Added "and firefox" to subject, since it's affected the same way.

As soon as some flash stuff is involved, the browser almost immediately 
crashes. In other words: it makes it unusable.



Comment 6 Enrico 'nekrad' Weigelt 2008-07-03 23:47:15 UTC
[Thread 0xb1616b90 (LWP 28135) exited]
[Thread 0xb0e15b90 (LWP 28136) exited]
[New Thread 0xb0e15b90 (LWP 28934)]
[New Thread 0xb1616b90 (LWP 28935)]
(no debugging symbols found)
[New Thread 0xb0614b90 (LWP 28936)]
(no debugging symbols found)
[New Thread 0xaf5b1b90 (LWP 28937)]
[New Thread 0xafdd4b90 (LWP 28938)]
[New Thread 0xaedb0b90 (LWP 28939)]
[New Thread 0xad331b90 (LWP 28940)]
[New Thread 0xacb30b90 (LWP 28970)]
[New Thread 0xac32fb90 (LWP 28971)]
[New Thread 0xabb2eb90 (LWP 28972)]
[New Thread 0xab32db90 (LWP 28973)]
[New Thread 0xaab2cb90 (LWP 28985)]
[New Thread 0xaa32bb90 (LWP 28986)]
[New Thread 0xa9b2ab90 (LWP 28987)]
[New Thread 0xa9329b90 (LWP 28988)]
[New Thread 0xa8b28b90 (LWP 28989)]
[Thread 0xb3a73b90 (LWP 22667) exited]
[New Thread 0xb3a73b90 (LWP 29284)]
[Thread 0xa8b28b90 (LWP 28989) exited]
[Thread 0xab32db90 (LWP 28973) exited]
[Thread 0xabb2eb90 (LWP 28972) exited]
[Thread 0xacb30b90 (LWP 28970) exited]
[Thread 0xac32fb90 (LWP 28971) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb72316d0 (LWP 22657)]
0xb74b206d in vfprintf () from /lib/libc.so.6
(gdb) backtrace
#0  0xb74b206d in vfprintf () from /lib/libc.so.6
Cannot access memory at address 0xbf1f4f8c
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2008-07-04 09:07:41 UTC
And it doesn't happen with -bin?
Comment 8 Florian Steinel 2008-07-08 16:22:25 UTC
Maybe related to https://bugzilla.mozilla.org/show_bug.cgi?id=435764 ?
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2008-07-20 14:21:39 UTC
*** Bug 232392 has been marked as a duplicate of this bug. ***
Comment 10 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-07-20 17:30:15 UTC
(In reply to comment #8)
> Maybe related to https://bugzilla.mozilla.org/show_bug.cgi?id=435764 ?
> 

Apparently that should only happen using flash player 10, and Enrico has reported using version 9.0.115.0.

@Enrico:
Have you tried netscape-flash-10_beta20080515?
Comment 11 Fred Krogh 2008-07-20 20:51:00 UTC
(In reply to comment #10)
> (In reply to comment #8)
I've had the problem using netscape-flash-10_beta20080702 

Comment 12 Pacho Ramos gentoo-dev 2008-07-27 18:59:54 UTC
Are you using pulseaudio?
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2008-07-28 17:31:59 UTC
*** Bug 233013 has been marked as a duplicate of this bug. ***
Comment 14 Shaun Bouckaert 2008-07-28 21:41:39 UTC
(In reply to comment #13)
> *** Bug 233013 has been marked as a duplicate of this bug. ***
> 

This was happening with netscape-flash-10_beta20080702

There is another problem using flash 9 though where navigating away from a page with flash will sometimes cause the browser to freeze entirely.
Comment 15 Enrico 'nekrad' Weigelt 2008-07-29 08:32:45 UTC
IMHO there's no other (sane) way than putting those crappy plugins into their own process.
Comment 16 Pacho Ramos gentoo-dev 2008-07-29 09:35:42 UTC
flash10 betas tend to crash, also, if you are using pulseaudio, you will also get frequent crashes with flash9, a possible workaround would be use nspluginwrapper for preventing crashes of wall server. Anyway, firefox crashing due plugins is an upstream bug 
Comment 17 Raúl Porcel (RETIRED) gentoo-dev 2008-08-11 10:35:29 UTC
*** Bug 234413 has been marked as a duplicate of this bug. ***
Comment 18 M 2008-08-12 12:10:41 UTC
I'd like to add that flash usually crashes for me when I hit the back button while a video is playing.
Comment 19 Nickolas Grigoriadis 2008-08-13 11:17:56 UTC
For info on the Flash 10 crash look at here:
http://blogs.adobe.com/penguin.swf/2008/07/addessing_wmode_crashes.html

It seems that Firefox 3.0.1 does not have the patch:
https://bugzilla.mozilla.org/show_bug.cgi?id=435764

Either we should wait for Firefox 3.0.2, or release a 3.0.1-r1 that includes that patch. I have not yet had Flash 9 crash my browser.
Comment 20 Travis Snoozy 2008-10-05 20:35:07 UTC
Oops, missed my emerge --info output...

Portage 2.2_rc11 (default/linux/x86/2008.0/desktop, gcc-4.3.2, glibc-2.8_p20080602-r0, 2.6.23-gentoo-r5 i686)
=================================================================
System uname: Linux-2.6.23-gentoo-r5-i686-Intel-R-_Pentium-R-_M_processor_1.60GHz-with-glibc2.0
Timestamp of tree: Sun, 05 Oct 2008 18:30:01 +0000
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7, 2.1.6-r1
dev-lang/python:     2.5.2-r8
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.2.5
sys-apps/sandbox:    1.2.18.1-r3
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.26
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=pentium-m -ftracer -funit-at-a-time -funswitch-loops -fprefetch-loop-arrays -msse2 -mfpmath=sse -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O3 -march=pentium-m -ftracer -funit-at-a-time -funswitch-loops -fprefetch-loop-arrays -msse2 -mfpmath=sse -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1"
MAKEOPTS=""
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/.portage_overlay"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi aim alsa amr aotuv apache2 artworkextra asf async avahi bash-completion bdf berkdb bidi bittorrent bl blender-game bluetooth bonjour bonobo bookmarks branding bzip2 c++ cairo cap caps cardbus cdda cddb cdparanoia cdr chroot cjk clamav clamd cli console cpudetection cracklib crypt cscope css ctype cups curl curlwrappers dar32 dbus depth32 dga divx dmi dnd dri dts dv dvd dvdr dvdread dvi editor eds elf emboss encode evo exif expat extensions fam ffmpeg fftw firefox flac flash fmod font-server fontconfig foomaticdb ftp fuse gaim gdbm ggi gif gimp gimpprint glade glgd glitz glut gmail gmp gnome gnomedb gphoto2 graphviz groupwise gs gstreamer gtk gtkhtml guile h323 hal howl howl-compat hpn html http iconv icq idea idn ieee1394 inkjar ipod ipv6 irc isdnlog ithreads jabber java javascript jbig jce jcs jikes jit joystick jpeg jpeg2k kerberos kqemu ladspa lame largeterminal latex lcd lcms ldap lesstif libcaca libclamav libnotify libsamplerate live lm_sensors lzo lzw mad math matroska mbox md5sum mdnsresponder-compat meanwhile midi mikmod mime mjpeg mmap mmx mmxext mng mod mono mozilla moznocompose moznoirc moznomail mp2 mp3 mp4 mpeg mplayer msn mudflap music mysql ncurses net network nptl nptlonly nsplugin offensive ogg on-the-fly-crypt openal opengl openmp oscar pam pcmcia pcntl pcre pdf perl physfs pic plugin png pop posix postgres povray ppds pppd prediction python qq qt3support qt4 quicktime quotes radio rar readline real realmedia recode reflection regex reiserfs remix remote rss rtc rtsp samba sdl session sftp shorten silc slang slp smime soap sockets speex spell spl sql sse sse2 ssl startup-notification stream subtitles subversion svg svgz symlink sysfs szip t1lib tagwriting tcpd tetex theora threads tiff timidity tordns transcode truetype type1 unicode upnp usb userlocales uudeview vcd vidix vim vim-pager vim-syntax vim-with-x vorbis wifi win32codecs wma wmf wmp x264 x86 xanim xattr xchattext xine xinerama xml xmlrpc xorg xosd xpm xprint xrandr xscreensaver xsl xslt xulrunner xv xvid xvmc yahoo yv12 zeroconf zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev synaptics keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="radeon"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 21 Travis Snoozy 2008-10-05 20:38:45 UTC
(Sorry for the spam; I got my windows crossed. Please ignore the prior post.)
Comment 22 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-10-17 14:24:45 UTC
Would everyone affected please report on whether this still persists with net-www/netscape-flash-10.0.12.36 ?  Please post whether it works for you or not, and what version(s) of firefox you have tested with.

The reason I ask is that netscape-flash-10.0.12.36 is on a fast-track for stabilization (Bug #239543), and version 9 will be going away.
Comment 23 Nickolas Grigoriadis 2008-10-20 07:59:56 UTC
mozilla-firefox-3.0.2 fixed the issue for me.
I am currently running net-www/netscape-flash-10.0.12.36 and mozilla-firefox-3.0.2 and have no crashing issues anymore. 
Comment 24 Nickolas Grigoriadis 2008-10-20 08:01:06 UTC
(In reply to comment #23)
> mozilla-firefox-3.0.2 fixed the issue for me.
> I am currently running net-www/netscape-flash-10.0.12.36 and
> mozilla-firefox-3.0.2 and have no crashing issues anymore. 
> 

Sorry forgot to say. This is on both x86 and amd64, but amd64 is using mozilla-firefox-bin-3.0.2. That system is also fine.
Comment 25 Rafał Mużyło 2008-10-27 22:27:46 UTC
OK, today I was finally hit by flash 10 and it hit me hard.
Shortly after it emerged, it crashed the running firefox.
It repeated it on two subsequent runs.
The moment I downgraded (to flash 9), things started working again.

Firefox is 3.0.3.
Comment 26 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-10-27 22:57:23 UTC
(In reply to comment #25)
> OK, today I was finally hit by flash 10 and it hit me hard.
> Shortly after it emerged, it crashed the running firefox.
> It repeated it on two subsequent runs.

If you actually want help on this, I need a little more information here to figure out what's going wrong on your system:

- What arch?  If amd64, what version of net-www/nspluginwrapper, and are you running firefox or firefox-bin?
- Do you have net-www/libflashsupport installed?  If so, what version, and what version of media-libs/alsa-lib?
- Run firefox from a console, reproduce the crash, and then attach the output here, if there is any.
- What site?  How can I reproduce your error?

> The moment I downgraded (to flash 9), things started working again.

Sorry, but flash 9 is going to go away soon due to rather major security flaws (Bug #239543).  In fact, I just p.masked flash-9
Comment 27 Rafał Mużyło 2008-10-27 23:14:55 UTC
OK, arch is x86 (forgot about that).
When I typed 'firefox' in the terminal, the only message was 
'Segmentation fault', not a sign more.
Yes, I'm using net-www/libflashsupport, but I'm also using flashblock.
Crash happened when many tabs were opened, but those with flash were
in the background and still blocked (I think).
net-www/libflashsupport-1.2 and media-libs/alsa-lib-1.0.17a
Hard to tell which site and I suspect it's site independent.
Comment 28 Rafał Mużyło 2008-10-27 23:17:26 UTC
And firefox is not bin, of course.
Comment 29 Rafał Mużyło 2008-10-27 23:22:10 UTC
The first crash happened (one where firefox that was still running)
happened without any action on my side.
Two other crashes happened during restoring a session,
so flashblock should have been in full effect.
Comment 30 Rafał Mużyło 2008-10-28 00:38:17 UTC
Created attachment 170051 [details]
gdb backtrace

Then again, it may be site related, but I've got way too many tabs to tell which is the problem.
I tried gdb. On two crashes, output was inconsistent.
I'm attaching first one. The other one was much shorter
and the only same thing was that it happened in libnssutil3:
#0  0xb2806b35 in ?? () from /usr/lib/nss/libnss3.so.12
#1  0x0d006ea0 in ?? ()
#2  0x00000000 in ?? ()
Comment 31 Rafał Mużyło 2008-10-28 01:03:00 UTC
Then again, maybe it's both more consistent and not the correct one.

In further tests, I'm still getting this:

0xb280cebe in NSSRWLock_LockRead_Util () from /usr/lib/nss/libnssutil3.so.12
(gdb) bt
#0  0xb280cebe in NSSRWLock_LockRead_Util ()
   from /usr/lib/nss/libnssutil3.so.12
#1  0xb284fbfd in SECMOD_GetReadLock () from /usr/lib/nss/libnss3.so.12
#2  0xb2865b96 in PK11_TokenExists () from /usr/lib/nss/libnss3.so.12
#3  0xb296a049 in ?? () from /usr/lib/nss/libssl3.so.12
#4  0x00000021 in ?? ()
#5  0x0xb280cebe in NSSRWLock_LockRead_Util () from /usr/lib/nss/libnssutil3.so.12
(gdb) bt
#0  0xb280cebe in NSSRWLock_LockRead_Util ()
   from /usr/lib/nss/libnssutil3.so.12
#1  0xb284fbfd in SECMOD_GetReadLock () from /usr/lib/nss/libnss3.so.12
#2  0xb2865b96 in PK11_TokenExists () from /usr/lib/nss/libnss3.so.12
#3  0xb296a049 in ?? () from /usr/lib/nss/libssl3.so.12
#4  0x00000021 in ?? ()
#5  0xb322b1d8 in ?? ()
#6  0xb322b208 in ?? ()
#7  0xb322b248 in ?? ()
#8  0xb2985528 in ?? () from /usr/lib/nss/libssl3.so.12
#9  0xb2985360 in ?? () from /usr/lib/nss/libssl3.so.12
#10 0xb2984e80 in ?? () from /usr/lib/nss/libssl3.so.12
#11 0x00000000 in ?? ()b322b1d8 in ?? ()
#6  0xb322b208 in ?? ()
#7  0xb322b248 in ?? ()
#8  0xb2985528 in ?? () from /usr/lib/nss/libssl3.so.12
#9  0xb2985360 in ?? () from /usr/lib/nss/libssl3.so.12
#10 0xb2984e80 in ?? () from /usr/lib/nss/libssl3.so.12
#11 0x00000000 in ?? ()

but if I hit continue, program runs a bit more and then I get:
0xb8073424 in __kernel_vsyscall ()
(gdb) bt
#0  0xb8073424 in __kernel_vsyscall ()
#1  0xb8047d90 in raise () from /lib/libpthread.so.0
#2  0xb72511bd in ?? () from /usr/lib/xulrunner-1.9/libxul.so
#3  0x0000000b in ?? ()
#4  0xb322adec in ?? ()
#5  0x00000000 in ?? ()

Anyway, if I open one site at a time, flash 10 does work.
That may either mean it's site related or it's number of tabs with flash
dependent. A race condition, maybe.
Once again, crashes happen while flashblock is in effect.

Comment 32 Rafał Mużyło 2008-10-30 17:28:30 UTC
Following bug report sound similar:
http://bugs.adobe.com/jira/browse/FP-781
Comment 33 Ryan Tandy 2008-10-31 08:27:33 UTC
I've had Firefox crashing ever since early Flash 10 betas, and just stuck with 9; I finally took some time this evening to track it down.  My issue is the same as Rafał's (proven by his backtrace), and possibly the same as the Adobe bug he linked, but I don't believe it's the same as Enrico's.  I don't want to file a new bug because I believe it's strictly an upstream issue and not a Gentoo one, but I am braindumping here quickly because I want to poke at it a bit more before following up with Mozilla (hopefully in the next couple of days), and for other people's benefit.

The chain of events in this case goes something like this:
1. Firefox initializes NSS at startup.
2. User browses to a page with Flash content.
3. Flash player calls libcurl to download content; libcurl initializes NSS.
4. Flash player finishes downloading and tells libcurl to clean up; libcurl cleans up NSS.
5. Next time the user moves the mouse pointer, Firefox attempts to update the NSS entropy pool.  Since NSS has already been shut down, this eventually leads to a NULL pointer dereference inside NSS, and the browser crashes.  Other users not seeing the issue could be explained by conditions on when and/or how the entropy pool gets updated; I don't know what those conditions are.

The workaround implied by step 5 - which has worked flawlessly for me so far - is to not move the mouse at all, and do all browsing with the keyboard (a lot easier if you use f.ex. Vimperator).  There may be other events that update the entropy pool, but this is the only one I've run into in my limited testing.

The underlying problem here is that NSS does not support instancing: a lot of its data only exists in memory once per process, so when libcurl shuts down NSS, it's the single global instance that gets shut down.  The correct fix would be to support instancing in NSS.  I have come up with two more realistic short term solutions:
1. Before attempting NSS operations such as updating the entropy pool, attempt to initialize NSS.  This is harmless if NSS has already been initialized.
2. Before trying to update the entropy pool, check whether NSS is in a working state, and abort if it isn't.
Judging by other Mozilla bugs, I believe the first solution is the better one; the approach seems to have already been used in a few places in Mozilla code.

I will update this bug once I file one with upstream.
Comment 34 Ryan Tandy 2008-10-31 17:42:40 UTC
The other workaround: build net-misc/curl with USE="-nss".  Firefox is fine for me with that setting.  Rafał, can you please check your USE?
Comment 35 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-10-31 18:25:33 UTC
(In reply to comment #34)
> The other workaround: build net-misc/curl with USE="-nss".  Firefox is fine for
> me with that setting.  Rafał, can you please check your USE?

Good catch!  At least I can detect this in the ebuild and warn about it.
Comment 36 Rafał Mużyło 2008-10-31 18:30:50 UTC
For the moment, it seems you are right.
I reemerged curl with '-nss', emerge flash 10
and for the moment, no crash yet.
If it still crashes, I'll let you know.
Comment 37 Pacho Ramos gentoo-dev 2008-11-01 15:40:06 UTC
Created attachment 170463 [details]
curl-7.18.2-nss-thread-safety.patch

This seems like:
https://bugzilla.redhat.com/show_bug.cgi?id=459297
https://bugzilla.redhat.com/show_bug.cgi?id=462217

then, attached patch from fedora's curl package should fix this and this bug should be assigned to curl maintainers
Comment 38 Ryan Tandy 2008-11-01 16:33:36 UTC
(In reply to comment #37)
> then, attached patch from fedora's curl package should fix this and this bug
> should be assigned to curl maintainers

This fixes it for me.  curl maintainer, please consider adding this patch to curl in Gentoo until the fix is applied by upstream.
Comment 39 Enrico 'nekrad' Weigelt 2008-11-01 18:39:09 UTC
At my site, curl never had been compiled w/ nss, so it seems very unlikely that this is the reason flash's crashes (at my site).

Actually, the worst problem is that (especially proprietary) plugins run in-process, instead of in their own processes. This is the root of most plugin trouble.


cu
Comment 40 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-11-03 16:29:54 UTC
(In reply to comment #39)
> At my site, curl never had been compiled w/ nss, so it seems very unlikely that
> this is the reason flash's crashes (at my site).

So you are still experiencing crashes with flash?  I was under the impression that most of the early reporters in this bug were bitten by the "wmode" bug that should be fixed with flash-10 and firefox-3.0.3  I'm not really sure what versions of seamonkey are affected/not affected by this same bug.

Since then this bug has been co-opted by the new curl/nss issue.

> Actually, the worst problem is that (especially proprietary) plugins run
> in-process, instead of in their own processes. This is the root of most plugin
> trouble.

Yes, this is true.  Of course, your other option is just not running the plugins, or using something like the firefox "flashblock" plugin to only run flash applets you really "need" to run.

Also I thought perhaps net-www/nspluginwrapper lets you run plugins in their own processes?  I'm not exactly sure how you would do this on an x86 platform though.
Comment 41 Enrico 'nekrad' Weigelt 2008-11-03 16:49:47 UTC
(In reply to comment #40)

> So you are still experiencing crashes with flash?  

Yes, quite regularily :(

flash9 tends to hangup or at least massively slow down the browser.
(can easily reproduce the slowdown on one of my favourite SN sites - 
http://ipower.ning.com - by opening multiple tabs of it. their flash 
banner produces heavy load!)

flash10 segfaults, so I had to completely mask it out.

> I was under the impression that most of the early reporters in this bug
> were bitten by the "wmode" bug that should be fixed with flash-10 and 
> firefox-3.0.3  

Might be, but thats not the (only) case at my site.

BTW: yesterday ff3 always hung on a futex (while at the same time running 
seamonkey was heavily under load by flash9), now it works again - no idea
where this came from :(

> I'm not really sure what
> versions of seamonkey are affected/not affected by this same bug.

I'm running 1.1.12 @ x86.

> > Actually, the worst problem is that (especially proprietary) plugins run
> > in-process, instead of in their own processes. This is the root of most plugin
> > trouble.
> 
> Yes, this is true. 

:(

I'm now trying to convince people for moving out the whole plugin stuff
to external processes for years (don't have the time for doing it all by
myself), but @m.o nobody seems to be interested. Same w/ other issues, eg. 
cleaning up the build/code structure - instead they prefer bloating it up
more and more with things that could be done much better externally.

> Of course, your other option is just not running the plugins, or using 
> something like the firefox "flashblock" plugin to only run flash applets
> you really "need" to run.

This isn't a fix, just an inconvenient workaround. Unfortunately many 
sites heavily rely on flash.

> Also I thought perhaps net-www/nspluginwrapper lets you run plugins in 
> their own processes?  I'm not exactly sure how you would do this on 
> an x86 platform though.

Yep, I already had a look at it. But it's very tied to x86<->x86_64 and 
requires a lot of refactoring to get it running as a general out-of-process
plugin engine.

When time allows, I'll dive deeper into this issue and design an generic
plugin interface, where moz becomes an 9P server and external plugins 
just mount it as a filesystem. Feel free to contact me directly on this project.


cu
Comment 42 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-11-03 17:54:46 UTC
(In reply to comment #41)
> (In reply to comment #40)
> 
> > So you are still experiencing crashes with flash?  
> 
> Yes, quite regularily :(
> 
> flash9 tends to hangup or at least massively slow down the browser.
> (can easily reproduce the slowdown on one of my favourite SN sites - 
> http://ipower.ning.com - by opening multiple tabs of it. their flash 
> banner produces heavy load!)

In theory, flash-10 may yield lower load since it can take advantage of GPU acceleration in some cases.

> flash10 segfaults, so I had to completely mask it out.

This is something I've not yet seen with flash-10.  I would recommend reporting crashes like this directly to Adobe.  No one but them can actually fix it :(

Just be aware that flash 9 is probably going away soon.  I've left it in the tree (but masked) for now because of users like you that for whatever reason can't use flash-10, but it's full of big ugly security holes.  Plus I can only actually keep it in the tree as long as Adobe keeps it on their download server, thanks to a no-mirroring clause in the license.

> > Of course, your other option is just not running the plugins, or using 
> > something like the firefox "flashblock" plugin to only run flash applets
> > you really "need" to run.
> 
> This isn't a fix, just an inconvenient workaround. Unfortunately many 
> sites heavily rely on flash.

Perhaps flashblock is inconvenient, but thanks to the ever-growing number of security holes in flash-9 (and no doubt flash-10 too), it's very dangerous to run without it.

As for the large number of sites that rely on flash, I can only shake my fist at the designers who think this is a good idea.  Email them and tell them they're stupid.  Not like they'll actually listen.

> > Also I thought perhaps net-www/nspluginwrapper lets you run plugins in 
> > their own processes?  I'm not exactly sure how you would do this on 
> > an x86 platform though.
> 
> Yep, I already had a look at it. But it's very tied to x86<->x86_64 and 
> requires a lot of refactoring to get it running as a general out-of-process
> plugin engine.
> 
> When time allows, I'll dive deeper into this issue and design an generic
> plugin interface, where moz becomes an 9P server and external plugins 
> just mount it as a filesystem. Feel free to contact me directly on this
> project.

This is an excellent plan.  I really hope it turns out!
Comment 43 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-11-03 22:13:33 UTC
(In reply to comment #38)
> (In reply to comment #37)
> > then, attached patch from fedora's curl package should fix this and this bug
> > should be assigned to curl maintainers
> 
> This fixes it for me.  curl maintainer, please consider adding this patch to
> curl in Gentoo until the fix is applied by upstream.

Good news everybody!  I got permission from ye olde curl maintainer to add this patch (or rather, the actual patch that was accepted by upstream) to curl-7.18.2 (current stable) and I also added curl-7.19.0 which also has the fix.

So, if this NSS-bug has bitten you, remerge your curl, or upgrade to 7.19.0, and all should be well.