Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 439260 - www-client/firefox(-bin)-(15|16).0.1 segfaults a lot in different situations
Summary: www-client/firefox(-bin)-(15|16).0.1 segfaults a lot in different situations
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Mozilla Gentoo Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-22 13:54 UTC by Jakub Caban
Modified: 2013-08-26 14:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
version symbols in spidermonkey (spidermonkey-1.8.5-symver.patch,1009 bytes, patch)
2012-11-07 14:55 UTC, Ian Stakenvicius
Details | Diff
version js symbols in firefox (firefox-js-symver.patch,1.04 KB, patch)
2012-11-07 14:56 UTC, Ian Stakenvicius
Details | Diff
emerge_info.txt (emerge_info.txt,5.03 KB, text/plain)
2012-11-11 11:29 UTC, Vincent Le Ligeour
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Caban 2012-10-22 13:54:00 UTC
Since like a week (I was using mozilla overlay ebuilds) I got a lot random crashes with firefox. Today I'm trying to investigate problem.

The most common situation for a crash is when I do something via Firebug (especially trying to select by click any element within IFRAME in Facebook app is 100% crash). But they also occur on random websites at random moments. Sometimes even when I simply close tab or segfault at closing firefox.

I've tried with clean .mozilla directory, so no plugins, no profile, not anything. A few random pages visited and... crash.

I've also tried this method firefox-bin 16.0.1 than 15.0.1. Still crashes. Right now I've commented the jemalloc lines in firefox ebuild from mozilla suspecting it can be a reason. Rebuild and again - crash after crash.

I'm not professional programmer so it's difficult for me to obtain more useful data. I've tried gdb-ing:

(gdb) bt
#0  0x00007fffea27f280 in ?? ()
#1  0x00007ffff5d3ec11 in StubEqualityOp<true> (f=...)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/methodjit/StubCalls.cpp:508
#2  js::mjit::stubs::Equal (f=...) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/methodjit/StubCalls.cpp:561
#3  0x00007fffeb64ad18 in ?? ()
#4  0x00007fffeb647c18 in ?? ()
#5  0x0000000000000115 in ?? ()
#6  0x00007fffffffa810 in ?? ()
#7  0x0000000000000000 in ?? ()

I'd be glad to provide any useful information, but need to be instructed how to obtain them.

Reproducible: Always

Steps to Reproduce:
1. Install firefox
2. Run it
3. wait ;)
Actual Results:  
Segmentation fault - crash

Expected Results:  
Working browser

Package Manager Information:
    Package Name              paludis
    Package Version           0.80.1
    Build Date                2012-10-14T23:52:18+0200
    Built with CXX            x86_64-pc-linux-gnu-g++ 4.7.2
    Built with CXXFLAGS        -march=native -O2 -pipe -pedantic
    Built with LDFLAGS        -Wl,-O1 -Wl,--as-needed -Wl,-O2

Environment Information:
    Format                    paludis
    Config dir                /etc/paludis
    Root                      /
    System Root               /
    World file                /var/db/pkg/world

Repository layman:
    format                    unavailable
    location                  /var/db/paludis/repositories/layman
    sync                      tar+http://git.exherbo.org/layman_repositories.tar.bz2
    sync_options              

Repository gentoo:
    format                    e
    location                  /usr/portage
    builddir                  /var/tmp/paludis
    cache                     /usr/portage/metadata/md5-cache
    distdir                   /usr/portage/distfiles
    eapi_when_unknown         0
    eapi_when_unspecified     0
    eclassdirs                /usr/portage/eclass
    layout                    traditional
    manifest_hashes           SHA256 SHA512 WHIRLPOOL
    names_cache               /usr/portage/.cache/names
    newsdir                   /usr/portage/metadata/news
    profile_eapi_when_unspecified 0
    profile_layout            traditional
    profiles                  /usr/portage/profiles/default/linux/amd64/10.0/desktop/kde
    securitydir               /usr/portage/metadata/glsa
    setsdir                   /usr/portage/sets
    sync                      rsync://rsync.gentoo.org/gentoo-portage
    sync_options              
    thin_manifests            false
    use_manifest              use
    write_cache               /var/cache/paludis/metadata
    Package information
        app-shells/bash       4.2_p37
        dev-java/java-config  2.1.12
        dev-lang/python       2.7.3-r2 3.2.3-r1
        dev-util/ccache       3.1.8
        dev-util/cmake        2.8.9-r1
        dev-util/pkgconfig    0.27.1
        sys-apps/baselayout   2.2
        sys-apps/openrc       0.11.1
        sys-apps/sandbox      2.6
        sys-devel/autoconf    2.13 2.69
        sys-devel/automake    1.11.6 1.12.4
        sys-devel/binutils    2.22.90
        sys-devel/gcc         4.7.2
        sys-devel/gcc-config  1.7.3
        sys-devel/libtool     2.4.2
        sys-devel/make        3.82-r4
        sys-freebsd/freebsd-lib (none)
        sys-kernel/linux-headers 3.6
        sys-libs/glibc        2.15-r3
        sys-libs/uclibc       (none)

Extra Information for www-client/firefox-16.0.1:0::mozilla:
        >>> Running ebuild phase killold as paludisbuild:paludisbuild...
        >>> Starting builtin_killold
        >>> Done builtin_killold
        >>> Completed ebuild phase killold
        >>> Running ebuild phases initmisc infovars as paludisbuild:paludisbuild...
        >>> Starting builtin_initmisc
        >>> Done builtin_initmisc
        >>> Starting builtin_infovars
        ACCEPT_KEYWORDS=amd64
        CBUILD=x86_64-pc-linux-gnu
        CFLAGS=-march=native -O2 -pipe
        CHOST=x86_64-pc-linux-gnu
        CONFIG_PROTECT= 
        CONFIG_PROTECT_MASK= 
        CPPFLAGS=
        CTARGET=
        CXXFLAGS=-march=native -O2 -pipe
        DISTDIR=/usr/portage/distfiles
        FCFLAGS=-O2 -pipe
        FEATURES=
        FFLAGS=-O2 -pipe
        GENTOO_MIRRORS=
        INSTALL_MASK=
        LANG=
        LC_ALL=C
        LDFLAGS=-Wl,-O1 -Wl,--as-needed -Wl,-O2
        LINGUAS=en
        MAKEOPTS=-j10
        PORTAGE_COMPRESS=
        PORTAGE_COMPRESS_FLAGS=
        PORTAGE_CONFIGROOT=
        PORTAGE_RSYNC_EXTRA_OPTS=
        PORTAGE_RSYNC_OPTS=
        PORTAGE_TMPDIR=/var/tmp/paludis
        PORTDIR=/usr/portage
        PORTDIR_OVERLAY=
        SYNC=
        USE=alsa dbus ipc jit minimal system-sqlite webm wifi amd64 alsa_cards_ali5451 alsa_cards_als4000 alsa_cards_atiixp alsa_cards_atiixp-modem alsa_cards_bt87x alsa_cards_ca0106 alsa_cards_cmipci alsa_cards_emu10k1x alsa_cards_ens1370 alsa_cards_ens1371 alsa_cards_es1938 alsa_cards_es1968 alsa_cards_fm801 alsa_cards_hda-intel alsa_cards_intel8x0 alsa_cards_intel8x0m alsa_cards_maestro3 alsa_cards_trident alsa_cards_usb-audio alsa_cards_via82xx alsa_cards_via82xx-modem alsa_cards_ymfpci alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mmap_emul alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol apache2_modules_actions apache2_modules_alias apache2_modules_auth_basic apache2_modules_authn_alias apache2_modules_authn_anon apache2_modules_authn_core apache2_modules_authn_dbm apache2_modules_authn_default apache2_modules_authn_file apache2_modules_authz_core apache2_modules_authz_dbm apache2_modules_authz_default apache2_modules_authz_groupfile apache2_modules_authz_host apache2_modules_authz_owner apache2_modules_authz_user apache2_modules_autoindex apache2_modules_cache apache2_modules_cgi apache2_modules_cgid apache2_modules_dav apache2_modules_dav_fs apache2_modules_dav_lock apache2_modules_deflate apache2_modules_dir apache2_modules_disk_cache apache2_modules_env apache2_modules_expires apache2_modules_ext_filter apache2_modules_file_cache apache2_modules_filter apache2_modules_headers apache2_modules_include apache2_modules_info apache2_modules_log_config apache2_modules_logio apache2_modules_mem_cache apache2_modules_mime apache2_modules_mime_magic apache2_modules_negotiation apache2_modules_rewrite apache2_modules_setenvif apache2_modules_socache_shmcb apache2_modules_speling apache2_modules_status apache2_modules_unique_id apache2_modules_unixd apache2_modules_userdir apache2_modules_usertrack apache2_modules_vhost_alias calligra_features_braindump calligra_features_flow calligra_features_karbon calligra_features_kexi calligra_features_krita calligra_features_plan calligra_features_sheets calligra_features_stage calligra_features_tables calligra_features_words cameras_ptp2 collectd_plugins_df collectd_plugins_interface collectd_plugins_irq collectd_plugins_load collectd_plugins_memory collectd_plugins_rrdtool collectd_plugins_swap collectd_plugins_syslog elibc_glibc gpsd_protocols_aivdm gpsd_protocols_ashtech gpsd_protocols_earthmate gpsd_protocols_evermore gpsd_protocols_fv18 gpsd_protocols_garmin gpsd_protocols_garmintxt gpsd_protocols_gpsclock gpsd_protocols_itrax gpsd_protocols_mtk3301 gpsd_protocols_navcom gpsd_protocols_nmea gpsd_protocols_ntrip gpsd_protocols_oceanserver gpsd_protocols_oldstyle gpsd_protocols_oncore gpsd_protocols_rtcm104v2 gpsd_protocols_rtcm104v3 gpsd_protocols_sirf gpsd_protocols_superstar2 gpsd_protocols_timing gpsd_protocols_tnt gpsd_protocols_tripmate gpsd_protocols_tsip gpsd_protocols_ubx input_devices_evdev input_devices_keyboard input_devices_mouse input_devices_synaptics kernel_linux lcd_devices_bayrad lcd_devices_cfontz lcd_devices_cfontz633 lcd_devices_glk lcd_devices_hd44780 lcd_devices_lb216 lcd_devices_lcdm001 lcd_devices_mtxorb lcd_devices_ncurses lcd_devices_text libreoffice_extensions_presenter-console libreoffice_extensions_presenter-minimizer linguas_en php_targets_php5-4 python_targets_python2_7 python_targets_python3_2 qemu_softmmu_targets_x86_64 ruby_targets_ruby19 userland_GNU video_cards_nouveau xtables_addons_account xtables_addons_chaos xtables_addons_condition xtables_addons_delude xtables_addons_dhcpmac xtables_addons_fuzzy xtables_addons_geoip xtables_addons_iface xtables_addons_ipmark xtables_addons_ipp2p xtables_addons_ipset xtables_addons_ipv4options xtables_addons_length2 xtables_addons_logmark xtables_addons_lscan xtables_addons_pknock xtables_addons_psd xtables_addons_quota2 xtables_addons_rawnat xtables_addons_steal xtables_addons_sysrq xtables_addons_tarpit xtables_addons_tee amd64 
        USE_PYTHON=
        >>> Done builtin_infovars
        >>> Completed ebuild phases initmisc infovars
        >>> Running ebuild phase tidyup as paludisbuild:paludisbuild...
        >>> Starting builtin_tidyup
        rm -fr /var/tmp/paludis/www-client-firefox-16.0.1-info
        >>> Done builtin_tidyup
        >>> Completed ebuild phase tidyup
Comment 1 Jory A. Pratt gentoo-dev 2012-10-24 21:51:44 UTC
http://www.gentoo.org/proj/en/qa/backtraces.xml  please see url for how to get a meaningful bt, without the symbols noone can assist you.
Comment 2 Jakub Caban 2012-10-25 11:13:49 UTC
Thank you for directing me.

I've compiled firefox with -ggdb.

Backtrace from 100% repetitive segfault when using Firebug (run by just pressing "DOM" tab in element inspector anytime):

Program received signal SIGSEGV, Segmentation fault.
0x00007fffe9a7f280 in ?? ()
(gdb) bt
#0  0x00007fffe9a7f280 in ?? ()
#1  0x00007ffff5b08d88 in js::LooselyEqual (cx=cx@entry=0x7fffe2466400, lval=..., rval=..., result=result@entry=0x7fffffff8b10)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:573
#2  0x00007ffff5b0f70c in js::Interpret (cx=0x7fffe2466400, entryFrame=0x7fffe93ffa88, interpMode=js::JSINTERP_NORMAL)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:1932
#3  0x00007ffff5cecf1c in UncachedInlineCall (f=..., initial=<optimized out>, pret=0x7fffffff9328, unjittable=0x7fffffff9330, argc=argc@entry=3)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/methodjit/InvokeHelpers.cpp:327
#4  0x00007ffff5cef594 in js::mjit::stubs::UncachedCallHelper (f=..., argc=3, lowered=<optimized out>, ucr=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/methodjit/InvokeHelpers.cpp:410
#5  0x00007ffff5cef8be in js::mjit::stubs::UncachedCall (f=..., argc=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/methodjit/InvokeHelpers.cpp:367
#6  0x00007fffeae0a520 in ?? ()
#7  0x00007fffeae0a000 in ?? ()
#8  0x000000000000010f in ?? ()
#9  0x0000000000000000 in ?? ()

I will try to collect more backtraces from different situations soon.

If more debug information (from different packages) are needed just let me know what to rebuild with -ggdb.
Comment 3 Jakub Caban 2012-10-25 11:28:03 UTC
This one is 100% repetitive on trying to select element within IFRAME with Firebug:

Program received signal SIGSEGV, Segmentation fault.
0x00007fffe997f280 in ?? ()
(gdb) bt
#0  0x00007fffe997f280 in ?? ()
#1  0x00007ffff5d3ec11 in StubEqualityOp<true> (f=...)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/methodjit/StubCalls.cpp:508
#2  js::mjit::stubs::Equal (f=...) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/methodjit/StubCalls.cpp:561
#3  0x00007fffec753348 in ?? ()
#4  0x00007fffec750248 in ?? ()
#5  0x0000000000000115 in ?? ()
#6  0x00007fffffffa810 in ?? ()
#7  0x0000000000000000 in ?? ()

I put there Firebug related ones as they are easily reproducable. Others occurs at random and I will surely put when any happens.

Both also happens on clean profile with only Firebug installed.
Comment 4 Jakub Caban 2012-10-25 12:30:37 UTC
Completely random crash on opening website with no Firebux even open:

Program received signal SIGPIPE, Broken pipe.
[Switching to Thread 0x7fffec4ff700 (LWP 6987)]
0x00007ffff7bce0e7 in send () from /lib64/libpthread.so.0
(gdb) bt
#0  0x00007ffff7bce0e7 in send () from /lib64/libpthread.so.0
#1  0x0000003e11e2772b in pt_Send () from /usr/lib64/libnspr4.so
#2  0x00007ffff4687c6c in ssl_DefSend () from /usr/lib64/libssl3.so
#3  0x00007ffff467a3d8 in ssl3_SendRecord () from /usr/lib64/libssl3.so
#4  0x00007ffff467a946 in SSL3_SendAlert () from /usr/lib64/libssl3.so
#5  0x00007ffff468cda6 in ssl_SecureClose () from /usr/lib64/libssl3.so
#6  0x00007ffff56f2c2b in nsNSSSocketInfo::CloseSocketAndDestroy (this=0x7fffbd17a380)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/security/manager/ssl/src/nsNSSIOLayer.cpp:678
#7  0x00007ffff56f2c80 in nsSSLIOLayerClose (fd=0x7fffb1dfb8b0)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/security/manager/ssl/src/nsNSSIOLayer.cpp:668
#8  0x00007ffff4f52762 in ReleaseFD_Locked (this=0x7fffa9561b80, fd=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/netwerk/base/src/nsSocketTransport2.cpp:1405
#9  nsSocketTransport::ReleaseFD_Locked (this=0x7fffa9561b80, fd=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/netwerk/base/src/nsSocketTransport2.cpp:1399
#10 0x00007ffff4f545b4 in nsSocketTransport::OnSocketDetached (this=0x7fffa9561b80, fd=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/netwerk/base/src/nsSocketTransport2.cpp:1648
#11 0x00007ffff4f54c33 in nsSocketTransportService::DetachSocket (this=this@entry=0x7fffee5b3980, listHead=0x7fffc29c7000, sock=0x7fffc29c7078)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/netwerk/base/src/nsSocketTransportService2.cpp:181
#12 0x00007ffff4f554a6 in nsSocketTransportService::DoPollIteration (this=this@entry=0x7fffee5b3980, wait=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/netwerk/base/src/nsSocketTransportService2.cpp:754
#13 0x00007ffff4f55610 in nsSocketTransportService::Run (this=0x7fffee5b3980)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/netwerk/base/src/nsSocketTransportService2.cpp:614
#14 0x00007ffff59231e3 in nsThread::ProcessNextEvent (this=0x7ffff6c28a60, mayWait=<optimized out>, result=0x7fffec4feebf)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/xpcom/threads/nsThread.cpp:624
#15 0x00007ffff58f9fd7 in NS_ProcessNextEvent_P (thread=<optimized out>, mayWait=true)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/obj-x86_64-unknown-linux-gnu/xpcom/build/nsThreadUtils.cpp:217
#16 0x00007ffff59239b6 in nsThread::ThreadFunc (arg=0x7ffff6c28a60)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/xpcom/threads/nsThread.cpp:257
#17 0x0000003e11e2a713 in _pt_root () from /usr/lib64/libnspr4.so
#18 0x00007ffff7bc6f4a in start_thread () from /lib64/libpthread.so.0
#19 0x00007ffff7104e6d in clone () from /lib64/libc.so.6
Comment 5 Jory A. Pratt gentoo-dev 2012-10-26 00:07:44 UTC
Unless you test with a completely clean profile no addon at all, we will be unable to assist you, even if firebug is installed and disabled it can still cause a segfault within the browser through js engine.
Comment 6 Jakub Caban 2012-10-26 08:14:34 UTC
I am doing my best collecting data, but I mainly use many add-ons for work, so it's not easy task getting bt from crash on clean profile. Anyway this one is particularly interesting, as it occurs on closing Firefox (completely clean profile - wiped .mozilla):

Program received signal SIGSEGV, Segmentation fault.
0x00007fffe9a7f280 in ?? ()
(gdb) bt
#0  0x00007fffe9a7f280 in ?? ()
#1  0x00007ffff5b08d88 in js::LooselyEqual (cx=cx@entry=0x7fffeadbff80, lval=..., rval=..., result=result@entry=0x7fffffff8560)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:573
#2  0x00007ffff5b0f70c in js::Interpret (cx=cx@entry=0x7fffeadbff80, entryFrame=entryFrame@entry=0x7fffe93ff3e0, 
    interpMode=interpMode@entry=js::JSINTERP_NORMAL) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:1932
#3  0x00007ffff5b181ed in js::RunScript (cx=cx@entry=0x7fffeadbff80, script=<optimized out>, fp=0x7fffe93ff3e0)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:301
#4  0x00007ffff5b18aed in js::InvokeKernel (cx=0x7fffeadbff80, args=..., construct=js::NO_CONSTRUCT)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:355
#5  0x00007ffff5aace96 in Invoke (args=..., cx=0x7fffeadbff80, construct=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.h:119
#6  array_filter (cx=0x7fffeadbff80, argc=<optimized out>, vp=0x7fffe93ff388)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsarray.cpp:3405
#7  0x00007ffff5b18a2c in CallJSNative (args=..., native=<optimized out>, cx=0x7fffeadbff80)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jscntxtinlines.h:382
#8  js::InvokeKernel (cx=cx@entry=0x7fffeadbff80, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:344
#9  0x00007ffff5b0a1bd in js::Interpret (cx=cx@entry=0x7fffeadbff80, entryFrame=entryFrame@entry=0x7fffe93ff310, 
    interpMode=interpMode@entry=js::JSINTERP_NORMAL) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:2442
#10 0x00007ffff5b181ed in js::RunScript (cx=cx@entry=0x7fffeadbff80, script=<optimized out>, fp=0x7fffe93ff310)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:301
#11 0x00007ffff5b18aed in js::InvokeKernel (cx=cx@entry=0x7fffeadbff80, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:355
#12 0x00007ffff5b19047 in Invoke (construct=js::NO_CONSTRUCT, args=..., cx=0x7fffeadbff80)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.h:119
#13 js::Invoke (cx=0x7fffeadbff80, thisv=..., fval=..., argc=2, argv=<optimized out>, rval=0x7fffffff9938)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:387
#14 0x00007ffff5b5759e in js::IndirectProxyHandler::call (this=<optimized out>, cx=0x7fffeadbff80, proxy=0x7fffcf885160, argc=2, 
    vp=0x7fffe93ff258) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsproxy.cpp:442
#15 0x00007ffff5bc0905 in call (vp=0x7fffe93ff258, argc=2, wrapper=0x7fffcf885160, cx=0x7fffeadbff80, 
    this=0x7ffff69e4d40 <js::CrossCompartmentWrapper::singleton>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jswrapper.cpp:383
#16 js::DirectWrapper::call (this=0x7ffff69e4d40 <js::CrossCompartmentWrapper::singleton>, cx=0x7fffeadbff80, wrapper=0x7fffcf885160, argc=2, 
    vp=0x7fffe93ff258) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jswrapper.cpp:379
#17 0x00007ffff5bc2077 in js::CrossCompartmentWrapper::call (this=0x7ffff69e4d40 <js::CrossCompartmentWrapper::singleton>, cx=0x7fffeadbff80, 
    wrapper_=0x7fffcf885160, argc=2, vp=0x7fffe93ff258)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jswrapper.cpp:777
---Type <return> to continue, or q <return> to quit---
#18 0x00007ffff5b5946e in call (vp=<optimized out>, argc=<optimized out>, proxy=<optimized out>, cx=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsproxy.cpp:1143
#19 proxy_Call (cx=<optimized out>, argc=<optimized out>, vp=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsproxy.cpp:1666
#20 0x00007ffff5b18b57 in CallJSNative (args=..., native=<optimized out>, cx=0x7fffeadbff80)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jscntxtinlines.h:382
#21 js::InvokeKernel (cx=cx@entry=0x7fffeadbff80, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:337
#22 0x00007ffff5b0a1bd in js::Interpret (cx=cx@entry=0x7fffeadbff80, entryFrame=entryFrame@entry=0x7fffe93ff1e8, 
    interpMode=interpMode@entry=js::JSINTERP_NORMAL) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:2442
#23 0x00007ffff5b181ed in js::RunScript (cx=cx@entry=0x7fffeadbff80, script=<optimized out>, fp=0x7fffe93ff1e8)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:301
#24 0x00007ffff5b18aed in js::InvokeKernel (cx=cx@entry=0x7fffeadbff80, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:355
#25 0x00007ffff5b19047 in Invoke (construct=js::NO_CONSTRUCT, args=..., cx=0x7fffeadbff80)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.h:119
#26 js::Invoke (cx=0x7fffeadbff80, thisv=..., fval=..., argc=2, argv=<optimized out>, rval=0x7fffffffa518)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:387
#27 0x00007ffff5b5759e in js::IndirectProxyHandler::call (this=<optimized out>, cx=0x7fffeadbff80, proxy=0x7fffcf854220, argc=2, 
    vp=0x7fffe93ff128) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsproxy.cpp:442
#28 0x00007ffff5bc0905 in call (vp=0x7fffe93ff128, argc=2, wrapper=0x7fffcf854220, cx=0x7fffeadbff80, 
    this=0x7ffff69e4d40 <js::CrossCompartmentWrapper::singleton>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jswrapper.cpp:383
#29 js::DirectWrapper::call (this=0x7ffff69e4d40 <js::CrossCompartmentWrapper::singleton>, cx=0x7fffeadbff80, wrapper=0x7fffcf854220, argc=2, 
    vp=0x7fffe93ff128) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jswrapper.cpp:379
#30 0x00007ffff5bc2077 in js::CrossCompartmentWrapper::call (this=0x7ffff69e4d40 <js::CrossCompartmentWrapper::singleton>, cx=0x7fffeadbff80, 
    wrapper_=0x7fffcf854220, argc=2, vp=0x7fffe93ff128)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jswrapper.cpp:777
#31 0x00007ffff5b5946e in call (vp=<optimized out>, argc=<optimized out>, proxy=<optimized out>, cx=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsproxy.cpp:1143
#32 proxy_Call (cx=<optimized out>, argc=<optimized out>, vp=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsproxy.cpp:1666
#33 0x00007ffff5b18b57 in CallJSNative (args=..., native=<optimized out>, cx=0x7fffeadbff80)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jscntxtinlines.h:382
#34 js::InvokeKernel (cx=cx@entry=0x7fffeadbff80, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:337
#35 0x00007ffff5b0a1bd in js::Interpret (cx=cx@entry=0x7fffeadbff80, entryFrame=entryFrame@entry=0x7fffe93ff0b8, 
---Type <return> to continue, or q <return> to quit---
    interpMode=interpMode@entry=js::JSINTERP_NORMAL) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:2442
#36 0x00007ffff5b181ed in js::RunScript (cx=cx@entry=0x7fffeadbff80, script=<optimized out>, fp=0x7fffe93ff0b8)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:301
#37 0x00007ffff5b18aed in js::InvokeKernel (cx=cx@entry=0x7fffeadbff80, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:355
#38 0x00007ffff5b19047 in Invoke (construct=js::NO_CONSTRUCT, args=..., cx=0x7fffeadbff80)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.h:119
#39 js::Invoke (cx=0x7fffeadbff80, thisv=..., fval=..., argc=3, argv=<optimized out>, rval=0x7fffffffb1e0)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsinterp.cpp:387
#40 0x00007ffff5a99b34 in JS_CallFunctionValue (cx=0x7fffeadbff80, obj=<optimized out>, fval=..., argc=<optimized out>, argv=<optimized out>, 
    rval=<optimized out>) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/src/jsapi.cpp:5604
#41 0x00007ffff55d14ca in nsXPCWrappedJSClass::CallMethod (this=0x7fffe864f180, wrapper=<optimized out>, methodIndex=3, info=0x7fffec56a100, 
    nativeParams=0x7fffffffb690) at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/xpconnect/src/XPCWrappedJSClass.cpp:1436
#42 0x00007ffff55ccdcf in nsXPCWrappedJS::CallMethod (this=0x7fffd0b95c80, methodIndex=3, info=0x7fffec56a100, params=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/js/xpconnect/src/XPCWrappedJS.cpp:580
#43 0x00007ffff59317df in PrepareAndDispatch (self=0x7fffcfbf2120, methodIndex=<optimized out>, args=<optimized out>, gpregs=0x7fffffffb750, 
    fpregs=0x7fffffffb780)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x86_64_linux.cpp:121
#44 0x00007ffff5930cdb in SharedStub () from /usr/lib64/firefox/libxul.so
#45 0x00007ffff5907530 in nsObserverList::NotifyObservers (this=<optimized out>, aSubject=0x7ffff6c77e08, 
    aTopic=0x7ffff5d6efb3 "xpcom-shutdown", someData=0x0)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/xpcom/ds/nsObserverList.cpp:99
#46 0x00007ffff59078b4 in NotifyObservers (someData=0x0, aTopic=0x7ffff5d6efb3 "xpcom-shutdown", aSubject=0x7ffff6c77e08, this=0x7fffee5e9e00)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/xpcom/ds/nsObserverService.cpp:149
#47 nsObserverService::NotifyObservers (this=0x7fffee5e9e00, aSubject=0x7ffff6c77e08, aTopic=0x7ffff5d6efb3 "xpcom-shutdown", someData=0x0)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/xpcom/ds/nsObserverService.cpp:138
#48 0x00007ffff58fd7ce in mozilla::ShutdownXPCOM (servMgr=0x7ffff6c77e08)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/xpcom/build/nsXPComInit.cpp:581
#49 0x00007ffff4f2a6cf in ScopedXPCOMStartup::~ScopedXPCOMStartup (this=0x7ffff6c7e330, __in_chrg=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/toolkit/xre/nsAppRunner.cpp:1105
#50 0x00007ffff4f2e214 in XREMain::XRE_main (this=this@entry=0x7fffffffb908, argc=argc@entry=1, argv=argv@entry=0x7fffffffdc58, 
    aAppData=aAppData@entry=0x6247e0 <sAppData>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/toolkit/xre/nsAppRunner.cpp:3893
#51 0x00007ffff4f2e3f1 in XRE_main (argc=1, argv=0x7fffffffdc58, aAppData=0x6247e0 <sAppData>, aFlags=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/toolkit/xre/nsAppRunner.cpp:3947
#52 0x0000000000402e12 in do_main (argv=0x7fffffffdc58, argc=1)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/browser/app/nsBrowserApp.cpp:160
---Type <return> to continue, or q <return> to quit---
#53 main (argc=<optimized out>, argv=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.1/work/mozilla-release/browser/app/nsBrowserApp.cpp:265
Comment 7 Jakub Caban 2012-10-28 22:01:56 UTC
After a lot of debugging, I've found the reason for my crash.

Short story:
oxygen-gtk loads libmozjs185.so from seamonkey package during initialization. When the library is loaded, it corrupts JavaScript internals inside of libxul.so from Firefox build. Removing libmozjs185.so works around the bug.

Long story:
In the backtraces I provided previously, all crashes were during an attempt to invoke js::FunctionProxyClass.ext.equality. It's supposed to be always NULL, but it was modified in runtime. Setting a watch point gave me following backtrace:

Hardware watchpoint 2: js::FunctionProxyClass.ext.equality

Old value = (JSEqualityOp) 0x0
New value = (JSEqualityOp) 0x7fffe29b4280 <fun_hasInstance(JSContext*, JSObject*, js::Value const*, int*)>
0x00007fffe294cb80 in _GLOBAL__sub_I_jsproxy.cpp () from /usr/lib64/libmozjs185.so.1.0
(gdb) bt
#0  0x00007fffe294cb80 in _GLOBAL__sub_I_jsproxy.cpp () from /usr/lib64/libmozjs185.so.1.0
#1  0x00007ffff7de9876 in call_init () from /lib64/ld-linux-x86-64.so.2
#2  0x00007ffff7de995a in _dl_init_internal () from /lib64/ld-linux-x86-64.so.2
#3  0x00007ffff7dedb42 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
#4  0x00007ffff7de96b6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#5  0x00007ffff7ded38c in _dl_open () from /lib64/ld-linux-x86-64.so.2
#6  0x00007ffff79bb1d6 in dlopen_doit () from /lib64/libdl.so.2
#7  0x00007ffff7de96b6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#8  0x00007ffff79bb78c in _dlerror_run () from /lib64/libdl.so.2
#9  0x00007ffff79bb271 in dlopen@@GLIBC_2.2.5 () from /lib64/libdl.so.2
#10 0x00007fffec08ba21 in g_module_open () from /usr/lib64/libgmodule-2.0.so.0
#11 0x00007fffef64197b in g_io_module_load_module () from /usr/lib64/libgio-2.0.so.0
#12 0x00007ffff123fca1 in g_type_module_use () from /usr/lib64/libgobject-2.0.so.0
#13 0x00007fffef642168 in g_io_modules_scan_all_in_directory_with_scope () from /usr/lib64/libgio-2.0.so.0
#14 0x00007fffef64248c in _g_io_modules_ensure_loaded () from /usr/lib64/libgio-2.0.so.0
#15 0x00007fffef6427b3 in _g_io_module_get_default () from /usr/lib64/libgio-2.0.so.0
#16 0x00007fffef62f6fe in g_file_new_for_path () from /usr/lib64/libgio-2.0.so.0
#17 0x00007fffe333b2da in Oxygen::QtSettings::monitorFile (this=this@entry=0x7fffe5534018, filename="/usr/share/themes/oxygen-gtk/gtk-2.0/kdeglobals")
    at /var/tmp/paludis/x11-themes-oxygen-gtk-1.3.1/work/oxygen-gtk2-1.3.1/src/oxygenqtsettings.cpp:1133
#18 0x00007fffe333df1c in Oxygen::QtSettings::loadKdeGlobals (this=this@entry=0x7fffe5534018) at /var/tmp/paludis/x11-themes-oxygen-gtk-1.3.1/work/oxygen-gtk2-1.3.1/src/oxygenqtsettings.cpp:217
#19 0x00007fffe333e133 in Oxygen::QtSettings::initialize (this=0x7fffe5534018, flags=63) at /var/tmp/paludis/x11-themes-oxygen-gtk-1.3.1/work/oxygen-gtk2-1.3.1/src/oxygenqtsettings.cpp:137
#20 0x00007fffe334f615 in Oxygen::Style::initialize (this=this@entry=0x7fffe5534000, flags=flags@entry=63)
    at /var/tmp/paludis/x11-themes-oxygen-gtk-1.3.1/work/oxygen-gtk2-1.3.1/src/oxygenstyle.cpp:63
#21 0x00007fffe334fa05 in Oxygen::Style::instance () at /var/tmp/paludis/x11-themes-oxygen-gtk-1.3.1/work/oxygen-gtk2-1.3.1/src/oxygenstyle.cpp:49
#22 0x00007fffe3397536 in theme_init (module=0x7fffe54f6f80) at /var/tmp/paludis/x11-themes-oxygen-gtk-1.3.1/work/oxygen-gtk2-1.3.1/src/oxygentheme.cpp:53
#23 0x00007fffefd4f436 in gtk_theme_engine_load () from /usr/lib64/libgtk-x11-2.0.so.0
#24 0x00007ffff123fca1 in g_type_module_use () from /usr/lib64/libgobject-2.0.so.0
#25 0x00007fffefd4f545 in gtk_theme_engine_get () from /usr/lib64/libgtk-x11-2.0.so.0
#26 0x00007fffefcd942b in gtk_rc_parse_any () from /usr/lib64/libgtk-x11-2.0.so.0
#27 0x00007fffefcda175 in gtk_rc_context_parse_one_file () from /usr/lib64/libgtk-x11-2.0.so.0
#28 0x00007fffefcd8ea2 in gtk_rc_parse_any () from /usr/lib64/libgtk-x11-2.0.so.0
#29 0x00007fffefcda175 in gtk_rc_context_parse_one_file () from /usr/lib64/libgtk-x11-2.0.so.0
#30 0x00007fffefcda94f in gtk_rc_reparse_all_for_settings () from /usr/lib64/libgtk-x11-2.0.so.0
#31 0x00007fffefcf7405 in gtk_settings_get_for_screen () from /usr/lib64/libgtk-x11-2.0.so.0
#32 0x00007fffefd0bce9 in gtk_style_init () from /usr/lib64/libgtk-x11-2.0.so.0
#33 0x00007ffff123cda7 in g_type_create_instance () from /usr/lib64/libgobject-2.0.so.0
#34 0x00007ffff1222498 in g_object_constructor () from /usr/lib64/libgobject-2.0.so.0
#35 0x00007ffff1223f19 in g_object_newv () from /usr/lib64/libgobject-2.0.so.0
#36 0x00007ffff122455c in g_object_new () from /usr/lib64/libgobject-2.0.so.0
#37 0x00007fffefda5789 in gtk_widget_get_default_style () from /usr/lib64/libgtk-x11-2.0.so.0
#38 0x00007fffefda5835 in gtk_widget_init () from /usr/lib64/libgtk-x11-2.0.so.0
#39 0x00007ffff123cd58 in g_type_create_instance () from /usr/lib64/libgobject-2.0.so.0
#40 0x00007ffff1222498 in g_object_constructor () from /usr/lib64/libgobject-2.0.so.0
#41 0x00007fffefc7ad4b in gtk_invisible_constructor () from /usr/lib64/libgtk-x11-2.0.so.0
#42 0x00007ffff1223f19 in g_object_newv () from /usr/lib64/libgobject-2.0.so.0
#43 0x00007ffff122455c in g_object_new () from /usr/lib64/libgobject-2.0.so.0
#44 0x00007ffff57b5482 in nsLookAndFeel::InitWidget (this=0x7ffff6c4ef00) at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/widget/gtk2/nsLookAndFeel.cpp:980
#45 0x00007ffff57b557a in nsLookAndFeel::nsLookAndFeel (this=0x7ffff6c4ef00) at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/widget/gtk2/nsLookAndFeel.cpp:64
#46 0x00007ffff57cdb2c in GetInstance () at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/widget/xpwidgets/nsXPLookAndFeel.cpp:234
#47 nsXPLookAndFeel::GetInstance () at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/widget/xpwidgets/nsXPLookAndFeel.cpp:226
#48 0x00007ffff57ce2e4 in mozilla::LookAndFeel::GetInt (aID=mozilla::LookAndFeel::eIntID_UseAccessibilityTheme, aResult=0x7fffffffb744)
    at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/widget/xpwidgets/nsXPLookAndFeel.cpp:700
#49 0x00007ffff58e89c6 in GetInt (aDefault=0, aID=mozilla::LookAndFeel::eIntID_UseAccessibilityTheme) at ../../dist/include/mozilla/LookAndFeel.h:469
#50 nsChromeRegistryChrome::CheckForOSAccessibility (this=0x7ffff6c4a2c0) at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/chrome/src/nsChromeRegistryChrome.cpp:177
#51 0x00007ffff4f0f9d6 in ScopedXPCOMStartup::SetWindowCreator (this=<optimized out>, native=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/toolkit/xre/nsAppRunner.cpp:1238
#52 0x00007ffff4f138f8 in XREMain::XRE_mainRun (this=this@entry=0x7fffffffb908) at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/toolkit/xre/nsAppRunner.cpp:3568
#53 0x00007ffff4f14224 in XREMain::XRE_main (this=this@entry=0x7fffffffb908, argc=argc@entry=1, argv=argv@entry=0x7fffffffdc58, aAppData=aAppData@entry=0x6247e0 <sAppData>)
    at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/toolkit/xre/nsAppRunner.cpp:3871
#54 0x00007ffff4f14431 in XRE_main (argc=1, argv=0x7fffffffdc58, aAppData=0x6247e0 <sAppData>, aFlags=<optimized out>)
    at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/toolkit/xre/nsAppRunner.cpp:3947
---Type <return> to continue, or q <return> to quit--- 
#55 0x0000000000402e12 in do_main (argv=0x7fffffffdc58, argc=1) at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/browser/app/nsBrowserApp.cpp:160
#56 main (argc=<optimized out>, argv=<optimized out>) at /var/tmp/paludis/www-client-firefox-16.0.2/work/mozilla-release/browser/app/nsBrowserApp.cpp:265


I'm not sure how to proceed further. Loading an external instance of libmozjs185.so shouldn't have caused this. I guess it's loaded in a really strange way.

Complicated dependences of this bug explain why it's so hard to reproduce.
Comment 8 Vincent Le Ligeour 2012-11-05 22:10:59 UTC
Hi,

I have the exact same problem:
* crash of firefox (16.0.1 and 16.0.2 at least) when javascript is activated
* no crash of firefox when javascript is disabled
* crash of thunderbird (16.0.1)
* no crash of firefox AFAICT (16.0.1-r1) when libmozjs185.so.1.0.0 from spidermonkey package is moved (making libmozjs185.so a dead link)


This seems similar to the openSuse issue : https://bugzilla.novell.com/show_bug.cgi?id=759123
Comment 9 Ian Stakenvicius gentoo-dev 2012-11-06 15:46:50 UTC
Sounds like this might be linked to the same problem as bug 439148
Comment 10 Jakub Caban 2012-11-06 15:53:34 UTC
Seems very likely as for me crashes also happened on exit (100% reproducible).
Comment 11 Ian Stakenvicius gentoo-dev 2012-11-07 14:55:16 UTC
Created attachment 328684 [details, diff]
version symbols in spidermonkey

After discussing with mozilla dev's, it seems to be that the way to fix issues like these is to ensure the symbols in libxul for FF, TB, etc, and the external libs like libmozjs185 , each have distinct versions so that they can't conflict with one-another.

I've got a patch for spidermonkey and another one (to be attached later) for firefox-16.0.2 (should be generic enough to apply to all future versions), which accomplishes this.  Preliminary testing on my system shows it works; taking the example from bug 439148 , firefox no longer crashes with libproxy is linked against spidemronkey.

I'm a bit weary to just commit these to the tree, though; so if they could be tested more I'd appreciate it.  Fortunately both FF16 and SM185 ebuilds have 'epatch_user' support, which means user testing of these patches is doable without having to overlay the ebuilds.
Comment 12 Ian Stakenvicius gentoo-dev 2012-11-07 14:56:22 UTC
Created attachment 328686 [details, diff]
version js symbols in firefox
Comment 13 Vincent Le Ligeour 2012-11-10 09:09:39 UTC
I patched spidermonkey, firefox and thunderbird (with the firefox patch modified) with no luck.
After each of them rebuild, thunderbird still segfault at start (100% reproducible), firefox still segfault after 1 minute browsing on different sites.

Thunderbird segfault in libxul, but firefox segfault moved to libssl3 and libnspr4.
Comment 14 Ian Stakenvicius gentoo-dev 2012-11-10 19:36:30 UTC
(In reply to comment #13)
> I patched spidermonkey, firefox and thunderbird (with the firefox patch
> modified) with no luck.
> After each of them rebuild, thunderbird still segfault at start (100%
> reproducible), firefox still segfault after 1 minute browsing on different
> sites.
> 
> Thunderbird segfault in libxul, but firefox segfault moved to libssl3 and
> libnspr4.

Hi Vincent -- since I don't see any info about your system on this bug, could you attach your emerge --info and the build.log for firefox, thunderbird, and spidermonkey please?

Also, could you run:

LD_DEBUG="bindings" firefox &>/tmp/bindings.log

..and attach that logfile as well?  I have a sneaking suspicion that there might be a similar conflict between firefox and nspr.
Comment 15 Vincent Le Ligeour 2012-11-11 11:29:01 UTC
Created attachment 329194 [details]
emerge_info.txt
Comment 16 Vincent Le Ligeour 2012-11-11 11:36:51 UTC
> Hi Vincent -- since I don't see any info about your system on this bug,
> could you attach your emerge --info and the build.log for firefox,
> thunderbird, and spidermonkey please?
> 
> Also, could you run:
> 
> LD_DEBUG="bindings" firefox &>/tmp/bindings.log
> 
> ..and attach that logfile as well?  I have a sneaking suspicion that there
> might be a similar conflict between firefox and nspr.

Hi, I attached emerge --info.
About bindings they are too big (6.5M for firefox to reproduce, 1.9M for thunderbird).

I've uploaded them both :
- http://vincent.leligeour.free.fr/bindings_firefox.log
- http://vincent.leligeour.free.fr/bindings_thunderbird.log

About build log, should I redirect output of a build, or is there a way not to destroy the build.log on successful build ?
Comment 17 Vincent Le Ligeour 2012-11-11 14:03:24 UTC
mail-client/thunderbird-10.0.9 just works perfectly and does not segfault at start.
Comment 18 Ian Stakenvicius gentoo-dev 2012-11-12 06:10:38 UTC
(In reply to comment #17)
> mail-client/thunderbird-10.0.9 just works perfectly and does not segfault at
> start.

That is most likely because (In reply to comment #16)
> > Hi Vincent -- since I don't see any info about your system on this bug,
> > could you attach your emerge --info and the build.log for firefox,
> > thunderbird, and spidermonkey please?
> > 
> > Also, could you run:
> > 
> > LD_DEBUG="bindings" firefox &>/tmp/bindings.log
> > 
> > ..and attach that logfile as well?  I have a sneaking suspicion that there
> > might be a similar conflict between firefox and nspr.
> 
> Hi, I attached emerge --info.
> About bindings they are too big (6.5M for firefox to reproduce, 1.9M for
> thunderbird).
> 
> I've uploaded them both :
> - http://vincent.leligeour.free.fr/bindings_firefox.log
> - http://vincent.leligeour.free.fr/bindings_thunderbird.log
> 
> About build log, should I redirect output of a build, or is there a way not
> to destroy the build.log on successful build ?

FEATURES="keeptemp" should do it.


I'm not sure what's going on with Firefox.  For Thunderbird, though, I believe the issue has to do with the following:

binding file /usr/lib64/thunderbird/extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/libcalbasecomps.so [0] to /usr/lib64/thunderbird/libxul.so [0]: normal symbol `_Z14js_DateIsValidP9JSContextP8JSObject'

..which I expect is a calendar extension?  Perhaps if that can be disabled or removed, Thunderbird will start acting normally again?
Comment 19 Jory A. Pratt gentoo-dev 2013-08-26 14:57:32 UTC
If you can duplicate with current 17.0.x stable versions please reopen and update with updated information