Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
www-client/mozilla-firefox-3.0.5 crashes at random, for example when going to www.americanexpress.com, however it does not crash all the time. No error is reported in the log and no core dump is produced. # firefox /usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 7684 Segmentation fault "$prog" ${1+"$@"}
Created an attachment (id=176247) [details] emerge --info
Do you have any plugins installed -- if so, which plugins (including versions)?
Try with a clean profile
- Shockwave Flash 10.0 d21 - this is the only new plug-in. All other plug-ins have been working for quite a while: - Adblock 0.5.3.043 - Adblock Filterset.G Updater 0.3.1.3 - All-in-One Gestures 0.19.1 - Copy Plain Text 0.3.3 - Execute JS 0.2.1 - FireFTP 1.0.2 - OpenBook 2.0.1.1 - PDF Download 2.0.0.0 - PhishTank SiteChecker 4.2.3 - Print Preview 0.7.1.4 - Tab Mix Plus 0.3.7.3 - Toobar Buttons 0.6.0.4 - Web Developer 1.1.6 The following plug-ins are installed but disabled: - Firebug 1.05 - View formatted source 0.9.5.0 - XML Developer Toolbar 0.2 Since I have disabled Flash, Firefox has not crashed yet. So I gather the bug belongs to Shockwave Flash 10.0 d21.
Can confirm this bug on my amd64 no-multilib box, but i got no plugins aside from AdBlock installed, so it may be not flash related at all. firefox started crashing just today, possibly after emerge -vauDN world, which installed imlib2-1.4.2-r1, nano-2.1.7, ca-certificates-20080809, glibc-2.9_p20081201-r1, gcc-4.3.2-r1 While trying to file this bug firefox has also crashed several times (filed this bug via ssh -X): % firefox /usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 30271 Segmentation fault "$prog" ${1+"$@"} % firefox /usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 30357 Segmentation fault "$prog" ${1+"$@"} % firefox /usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 30629 Segmentation fault "$prog" ${1+"$@"} % firefox /usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 889 Segmentation fault "$prog" ${1+"$@"} % firefox /usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 3573 Segmentation fault "$prog" ${1+"$@"} % firefox /usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 20168 Segmentation fault "$prog" ${1+"$@"} No error in log, no crash dump
Created an attachment (id=176493) [details] emerge --info output attach emerge info. if it is glibc related, it might be related to http://bugs.gentoo.org/show_bug.cgi?id=250342
some gdb backtrace Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fc929eff950 (LWP 24535)] 0x00007fc93b61e90c in free () from /usr/lib64/mozilla-firefox/libjemalloc.so (gdb) backtrace #0 0x00007fc93b61e90c in free () from /usr/lib64/mozilla-firefox/libjemalloc.so #1 0x00007fc936a23f6d in __res_iclose () from /lib/libc.so.6 #2 0x00007fc936a4e072 in ?? () from /lib/libc.so.6 #3 0x00007fc936a4e012 in __libc_thread_freeres () from /lib/libc.so.6 #4 0x00007fc93b82b02a in start_thread () from /lib/libpthread.so.0 #5 0x00007fc936a1738d in clone () from /lib/libc.so.6 #6 0x0000000000000000 in ?? ()
Try with a clean profile, please
(In reply to comment #8) > Try with a clean profile, please > mv ~/.mozilla ~/.mozilla.old && firefox Do you still get the segfault?
cleaned configuration, removed firefox, re-emerged it still segfaulting, same backtrace with every segfault experienced till now
same problem Also for 3.1 betas
(In reply to comment #5) I've downgraded glibc from 2.9_p20081201-r1 to 2.9_p20081201 and it fixed the problem completely.
Adding toolchain since this bug seems to be related to glibc
these patches were added with -r1: 1020_all_glibc-2.9-strlen-hack.patch 1060_all_glibc-nss-deepbind.patch 1085_all_glibc-2.9-check_native-headers.patch 1095_all_glibc-2.9-assume-pipe2.patch 5021_all_2.9-fnmatch.patch 6120_all_ppc-glibc-2.9-atomic.patch 6221_all_arm-glibc-2.9-hidden-fpu-setjmp.patch 6222_all_arm-glibc-2.9-pie.patch of these, i would really only suspect the first one. so please try doing: GLIBC_PATCH_EXCLUDE=1020_all_glibc-2.9-strlen-hack.patch emerge glibc and see if that fixes your crashes ... if it doesnt, you can list multiple filenames in that GLIBC_PATCH_EXCLUDE, so please try to narrow it down for us
I have tried some combinations of excluding certain patches. Seems up till now firefox is only segfaulting when emerging with 1060_all_glibc-nss-deepbind.patch .
It still segfaults excluding 1020_all_glibc-2.9-strlen-hack
(In reply to comment #15) > I have tried some combinations of excluding certain patches. > Seems up till now firefox is only segfaulting when emerging with > 1060_all_glibc-nss-deepbind.patch . > Confirmed, only excluding 1060_all_glibc-nss-deepbind.
*** Bug 252808 has been marked as a duplicate of this bug. ***
In SUSE (where this patch comes from), we have not encountered this problem. However, we do not have libjemalloc.so in /usr/lib*/firefox/, just in /usr/lib*/xulrunner*. We have probably built firefox differently. Can you paste your /etc/nsswitch.conf? Are you using any exotic NSS modules? One random idea, can you try if running firefox with LD_BIND_NOW=1 also shows the issue? We have encountered some random weirdness in lazy handling (https://bugzilla.novell.com/show_bug.cgi?id=444800).
Created an attachment (id=176870) [details] nssswitch.conf file is as shipped. firefox emerged without xulrunner support. use flags enabled in my case: custom-optimization, ipv6, java, linguas-en no nss modules installed apart from whats shipped with dev-libs/nss.
*** Bug 253159 has been marked as a duplicate of this bug. ***
i suggest hard-masking this version of glibc to prevent others running into this
*** Bug 253187 has been marked as a duplicate of this bug. ***
I'm using firefox-3.1_beta2 from the mozilla overlay and I'm getting segfaults as well. $ firefox Segmentation fault I can't put my finger exactly what causes this, it sometimes happens when doing nothing at all (all tabs are closed and I'm not doing anything). I've tried disabling all add-ons, running in safe-mode, removing the flash plugin and removing ~/.mozilla/ altogether, but to no avail. This is the backtrace I got (after compiling xulrunner, mozilla-firefox and glibc with -ggdb): #0 0x000000000040e394 in free () #1 0x00007f06161fef6d in *__GI___res_iclose (statp=0x7f06047ffdc8, free_addr=true) at res_init.c:605 #2 0x00007f0616229072 in res_thread_freeres () at res_init.c:632 #3 0x00007f0616229012 in __libc_thread_freeres () at thread-freeres.c:30 #4 0x00007f06170f902a in start_thread (arg=<value optimized out>) at pthread_create.c:307 #5 0x00007f06161f238d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 #6 0x0000000000000000 in ?? ()
I can confirm as well that compiling glibc without 1060_all_glibc-nss-deepbind.patch fixes this issue. BTW, i'm on amd64, if it makes any difference.
Can someone test setting LD_BIND_NOW=1 in your environment and then running firefox? I should have looked at the backtrace more carefully before, the problem looks obvious now - it seems to be that libjemalloc overrides the malloc() and free() functions in the main program, but due to deepbinding not in the nss_dns. However, dynamically allocated pointer is passed from nss_dns to the main program and later free()d using the libjemalloc free() when the thread dies. The solution should be to force resolved allocator to always directly use libc malloc/free.
(In reply to comment #26) > Can someone test setting LD_BIND_NOW=1 in your environment and then running > firefox? [2009.01.16 11:11:43] ivan@ivan-laptop ~ $ export LD_BIND_NOW=1 [2009.01.16 11:11:46] ivan@ivan-laptop ~ $ firefox /usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 31133 Segmentation fault "$prog" ${1+"$@"} Firefox 3.0.5, glibc 2.9_p20081201-r1, gentoo ~amd64 with all fresh updates.
Firefox stopped crashing after update to version 3.0.6.
said patch was dropped midway in glibc-2.9-r1 and completely in glibc-2.9-r2
