Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 252302 - www-client/mozilla-firefox-3.0.5 crashes at random
Summary: www-client/mozilla-firefox-3.0.5 crashes at random
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL: http://sourceware.org/bugzilla/show_b...
Whiteboard:
Keywords:
: 252808 253159 253187 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-12-23 18:50 UTC by a_tevelev
Modified: 2009-06-26 05:34 UTC (History)
14 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge --info (emerge.info,3.66 KB, text/plain)
2008-12-23 18:52 UTC, a_tevelev
Details
emerge --info output (emerge.info,3.42 KB, text/plain)
2008-12-27 10:54 UTC, sa wu
Details
nssswitch.conf (nsswitch.conf,508 bytes, text/plain)
2008-12-30 13:05 UTC, sa wu
Details

Note You need to log in before you can comment on or make changes to this bug.
Description a_tevelev 2008-12-23 18:50:08 UTC
www-client/mozilla-firefox-3.0.5 crashes at random, for example when going to www.americanexpress.com, however it does not crash all the time. No error is reported in the log and no core dump is produced.

# firefox
/usr/lib64/mozilla-firefox/run-mozilla.sh: line 131:  7684 Segmentation fault      "$prog" ${1+"$@"}
Comment 1 a_tevelev 2008-12-23 18:52:23 UTC
Created attachment 176247 [details]
emerge --info
Comment 2 Wormo (RETIRED) gentoo-dev 2008-12-23 21:58:00 UTC
Do you have any plugins installed -- if so, which plugins (including versions)?
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-12-25 10:30:56 UTC
Try with a clean profile
Comment 4 a_tevelev 2008-12-27 03:22:19 UTC
- Shockwave Flash 10.0 d21 - this is the only new plug-in.

All other plug-ins have been working for quite a while:
- Adblock 0.5.3.043
- Adblock Filterset.G Updater 0.3.1.3
- All-in-One Gestures 0.19.1
- Copy Plain Text 0.3.3
- Execute JS 0.2.1
- FireFTP 1.0.2
- OpenBook 2.0.1.1
- PDF Download 2.0.0.0
- PhishTank SiteChecker 4.2.3
- Print Preview 0.7.1.4
- Tab Mix Plus 0.3.7.3
- Toobar Buttons 0.6.0.4
- Web Developer 1.1.6

The following plug-ins are installed but disabled:
- Firebug 1.05
- View formatted source 0.9.5.0
- XML Developer Toolbar 0.2

Since I have disabled Flash, Firefox has not crashed yet. So I gather the bug belongs to Shockwave Flash 10.0 d21.
Comment 5 sa wu 2008-12-27 10:40:34 UTC
Can confirm this bug on my amd64 no-multilib box, but i got no plugins aside from AdBlock installed, so it may be not flash related at all.
firefox started crashing just today, possibly after emerge -vauDN world, which installed
imlib2-1.4.2-r1, nano-2.1.7, ca-certificates-20080809, glibc-2.9_p20081201-r1, gcc-4.3.2-r1
While trying to file this bug firefox has also crashed several times (filed this bug via ssh -X):

% firefox                                      
/usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 30271 Segmentation fault      "$prog" ${1+"$@"}
% firefox
/usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 30357 Segmentation fault      "$prog" ${1+"$@"}
% firefox
/usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 30629 Segmentation fault      "$prog" ${1+"$@"}
% firefox
/usr/lib64/mozilla-firefox/run-mozilla.sh: line 131:   889 Segmentation fault      "$prog" ${1+"$@"}
% firefox
/usr/lib64/mozilla-firefox/run-mozilla.sh: line 131:  3573 Segmentation fault      "$prog" ${1+"$@"}
% firefox
/usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 20168 Segmentation fault      "$prog" ${1+"$@"}

No error in log, no crash dump
Comment 6 sa wu 2008-12-27 10:54:02 UTC
Created attachment 176493 [details]
emerge --info output

attach emerge info.
if it is glibc related, it might be related to
http://bugs.gentoo.org/show_bug.cgi?id=250342
Comment 7 sa wu 2008-12-27 13:21:37 UTC
some gdb backtrace

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fc929eff950 (LWP 24535)]
0x00007fc93b61e90c in free () from /usr/lib64/mozilla-firefox/libjemalloc.so
(gdb) backtrace 
#0  0x00007fc93b61e90c in free () from /usr/lib64/mozilla-firefox/libjemalloc.so
#1  0x00007fc936a23f6d in __res_iclose () from /lib/libc.so.6
#2  0x00007fc936a4e072 in ?? () from /lib/libc.so.6
#3  0x00007fc936a4e012 in __libc_thread_freeres () from /lib/libc.so.6
#4  0x00007fc93b82b02a in start_thread () from /lib/libpthread.so.0
#5  0x00007fc936a1738d in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2008-12-27 14:04:16 UTC
Try with a clean profile, please
Comment 9 Panagiotis Christopoulos (RETIRED) gentoo-dev 2008-12-27 14:16:23 UTC
(In reply to comment #8)
> Try with a clean profile, please
> 

mv ~/.mozilla ~/.mozilla.old && firefox

Do you still get the segfault?

Comment 10 sa wu 2008-12-27 14:54:42 UTC
cleaned configuration, removed firefox, re-emerged it
still segfaulting, same backtrace with every segfault experienced till now
Comment 11 Alexey Shvetsov archtester gentoo-dev 2008-12-28 12:23:49 UTC
same problem
Also for 3.1 betas
Comment 12 César Fernández 2008-12-28 15:44:05 UTC
(In reply to comment #5)
I've downgraded glibc from 2.9_p20081201-r1 to 2.9_p20081201 and it fixed the problem completely.
Comment 13 Alexey Shvetsov archtester gentoo-dev 2008-12-28 16:20:52 UTC
Adding toolchain since this bug seems to be related to glibc
Comment 14 SpanKY gentoo-dev 2008-12-29 10:08:55 UTC
these patches were added with -r1:
1020_all_glibc-2.9-strlen-hack.patch
1060_all_glibc-nss-deepbind.patch
1085_all_glibc-2.9-check_native-headers.patch
1095_all_glibc-2.9-assume-pipe2.patch
5021_all_2.9-fnmatch.patch
6120_all_ppc-glibc-2.9-atomic.patch
6221_all_arm-glibc-2.9-hidden-fpu-setjmp.patch
6222_all_arm-glibc-2.9-pie.patch

of these, i would really only suspect the first one.  so please try doing:
GLIBC_PATCH_EXCLUDE=1020_all_glibc-2.9-strlen-hack.patch emerge glibc

and see if that fixes your crashes ... if it doesnt, you can list multiple filenames in that GLIBC_PATCH_EXCLUDE, so please try to narrow it down for us
Comment 15 sa wu 2008-12-29 12:59:53 UTC
I have tried some combinations of excluding certain patches.
Seems up till now firefox is only segfaulting when emerging with
1060_all_glibc-nss-deepbind.patch .
Comment 16 César Fernández 2008-12-29 13:55:23 UTC
It still segfaults excluding 1020_all_glibc-2.9-strlen-hack
Comment 17 César Fernández 2008-12-29 14:50:18 UTC
(In reply to comment #15)
> I have tried some combinations of excluding certain patches.
> Seems up till now firefox is only segfaulting when emerging with
> 1060_all_glibc-nss-deepbind.patch .
> 

Confirmed, only excluding 1060_all_glibc-nss-deepbind.
Comment 18 SpanKY gentoo-dev 2008-12-29 20:36:17 UTC
*** Bug 252808 has been marked as a duplicate of this bug. ***
Comment 19 Petr Baudis 2008-12-30 11:17:47 UTC
In SUSE (where this patch comes from), we have not encountered this problem. However, we do not have libjemalloc.so in /usr/lib*/firefox/, just in /usr/lib*/xulrunner*. We have probably built firefox differently.

Can you paste your /etc/nsswitch.conf? Are you using any exotic NSS modules?

One random idea, can you try if running firefox with LD_BIND_NOW=1 also shows the issue? We have encountered some random weirdness in lazy handling (https://bugzilla.novell.com/show_bug.cgi?id=444800).
Comment 20 sa wu 2008-12-30 13:05:31 UTC
Created attachment 176870 [details]
nssswitch.conf

file is as shipped.
firefox emerged without xulrunner support.
use flags enabled in my case: custom-optimization, ipv6, java, linguas-en
no nss modules installed apart from whats shipped with dev-libs/nss.
Comment 21 Alexey Shvetsov archtester gentoo-dev 2008-12-30 17:25:59 UTC
*** Bug 253159 has been marked as a duplicate of this bug. ***
Comment 22 Markus Doits 2008-12-30 19:04:47 UTC
i suggest hard-masking this version of glibc to prevent others running into this
Comment 23 Dror Levin (RETIRED) gentoo-dev 2009-01-01 14:11:02 UTC
*** Bug 253187 has been marked as a duplicate of this bug. ***
Comment 24 Dror Levin (RETIRED) gentoo-dev 2009-01-01 14:15:48 UTC
I'm using firefox-3.1_beta2 from the mozilla overlay and I'm getting segfaults as well.

$ firefox
Segmentation fault

I can't put my finger exactly what causes this, it sometimes happens when doing
nothing at all (all tabs are closed and I'm not doing anything). I've tried
disabling all add-ons, running in safe-mode, removing the flash plugin and
removing ~/.mozilla/ altogether, but to no avail.

This is the backtrace I got (after compiling xulrunner, mozilla-firefox and
glibc with -ggdb):
#0  0x000000000040e394 in free ()
#1  0x00007f06161fef6d in *__GI___res_iclose (statp=0x7f06047ffdc8,
free_addr=true) at res_init.c:605
#2  0x00007f0616229072 in res_thread_freeres () at res_init.c:632
#3  0x00007f0616229012 in __libc_thread_freeres () at thread-freeres.c:30
#4  0x00007f06170f902a in start_thread (arg=<value optimized out>) at
pthread_create.c:307
#5  0x00007f06161f238d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6  0x0000000000000000 in ?? ()
Comment 25 Dror Levin (RETIRED) gentoo-dev 2009-01-01 14:51:48 UTC
I can confirm as well that compiling glibc without 1060_all_glibc-nss-deepbind.patch fixes this issue.
BTW, i'm on amd64, if it makes any difference.
Comment 26 Petr Baudis 2009-01-01 15:39:26 UTC
Can someone test setting LD_BIND_NOW=1 in your environment and then running firefox?

I should have looked at the backtrace more carefully before, the problem looks obvious now - it seems to be that libjemalloc overrides the malloc() and free() functions in the main program, but due to deepbinding not in the nss_dns. However, dynamically allocated pointer is passed from nss_dns to the main program and later free()d using the libjemalloc free() when the thread dies. The solution should be to force resolved allocator to always directly use libc malloc/free.
Comment 27 Ivan Mironov 2009-01-16 06:17:22 UTC
(In reply to comment #26)
> Can someone test setting LD_BIND_NOW=1 in your environment and then running
> firefox?

[2009.01.16 11:11:43] ivan@ivan-laptop ~
$ export LD_BIND_NOW=1

[2009.01.16 11:11:46] ivan@ivan-laptop ~
$ firefox
/usr/lib64/mozilla-firefox/run-mozilla.sh: line 131: 31133 Segmentation fault      "$prog" ${1+"$@"}

Firefox 3.0.5, glibc 2.9_p20081201-r1, gentoo ~amd64 with all fresh updates.
Comment 28 Ivan Mironov 2009-02-05 16:07:44 UTC
Firefox stopped crashing after update to version 3.0.6.
Comment 29 SpanKY gentoo-dev 2009-02-16 06:39:08 UTC
said patch was dropped midway in glibc-2.9-r1 and completely in glibc-2.9-r2