Description of problem: Version-Release number of selected component (if applicable): Sunday October 28 RHN update to Firefox/xulrunner on RHEL 5 64-bit (fully updated) is completely broken - any web page with Java/Flash crashes Firefox, often immediately: firefox-10.0.10-1.el5_8 (both 32 and 64) xulrunner-10.0.10-1.el5_8 (both 32 and 64) flash-plugin-11.2.202.243-1.el5 java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8 Until today stable, now unusable. Erasing both firefox matches, and re-installing the 32-bit version only appears to resolve the issue, but this is not an adequate solution, since all users with 64-bit installed < 10.0.10 will fall into the same trap. The 64-bit version needs to be revised at your earliest convenience. Seems also do be resolved for the x86_64 firefox using: https://access.redhat.com/knowledge/solutions/219073 which says: Navigate your browser to about:config and change following to match exactly: dom.ipc.plugins.enabled true dom.ipc.plugins.nswrapper* true Note that this will cause flash to run in sandbox and therefore external devices like Webcameras, microphones, etc. will not work in flash Add-ons. The previous firefox x86_64 release version was not affected by this, sometimes a bit flaky, but not an immediate crash of the application. How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
That's strange because flash is supposed to run inside plugin-container. Can you attach a bactrace of the crash? (see http://fedoraproject.org/wiki/Debugging_guidelines_for_Mozilla_products)
Created attachment 636235 [details] bug-report
Thanks, but please provide stacktrace of the cras (see http://fedoraproject.org/wiki/Debugging_guidelines_for_Mozilla_products#Application_crash)
Created attachment 636690 [details] Firefox gdb session #rpm -q firefox firefox-10.0.10-1.el5_8 firefox-10.0.10-1.el5_8 # rpm -q flash-plugin flash-plugin-11.2.202.243-1.el5 # cat /etc/redhat-release Red Hat Enterprise Linux Client release 5.8 (Tikanga) Attached is the application crash as asked for. I can confirm this is only happening in the x86_64 version of firefox. Downgrading to ESR 10.0.9 solves the issue however this leaves open the vulnerability patched in RHSA-2012:1407-1.
Thanks, but the trace is incomplete. Please follow the instructions from the box: set logging on crash_bt thread apply all bt full print DumpJSStack() set logging off and attach the full backtrace from all threards.
(In reply to comment #5) > Thanks, but the trace is incomplete. Please follow the instructions from the > box: > > set logging on crash_bt > thread apply all bt full > print DumpJSStack() > set logging off > > and attach the full backtrace from all threards. Martin: This is not helpful on your part. I have, and I guess Derek has too, attempted to follow the instructions. I see: # debuginfo-install firefox.x86_64 Loaded plugins: rhnplugin enabling epel-debuginfo Reading repository metadata in from local files Could not find debuginfo for main pkg: firefox-10.0.10-1.el5_8.x86_64 Could not find debuginfo pkg for dependency package glibc-2.5-81.el5_8.7.x86_64 Could not find debuginfo pkg for dependency package glibc-2.5-81.el5_8.7.x86_64 Could not find debuginfo pkg for dependency package atk-1.12.2-1.fc6.x86_64 Could not find debuginfo pkg for dependency package cairo-1.2.4-5.el5.x86_64 ... So when doing: $ firefox -g -d gdb MOZILLA_FIVE_HOME=/usr/lib64/firefox LD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox/plugins:/usr/lib64/firefox DISPLAY=:0.0 FONTCONFIG_PATH=/etc/fonts:/usr/lib64/firefox/res/Xft DYLD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox LIBRARY_PATH= SHLIB_PATH=/usr/lib64/firefox:/usr/lib64/firefox LIBPATH=/usr/lib64/firefox:/usr/lib64/firefox ADDON_PATH= MOZ_PROGRAM=/usr/lib64/firefox/firefox MOZ_TOOLKIT= moz_debug=1 moz_debugger=gdb moz_debugger_args= /usr/bin/gdb --args /usr/lib64/firefox/firefox GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-42.el5_8.1) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/lib64/firefox/firefox...(no debugging symbols found)...done. (gdb) run Starting program: /usr/lib64/firefox/firefox warning: no loadable sections found in added symbol-file system-supplied DSO at 0x2aaaaaaab000 [Thread debugging using libthread_db enabled] Detaching after fork from child process 5364. Program exited normally. (gdb) set logging on crash_bt Copying output to crash_bt. (gdb) thread apply all bt full (gdb) print DumpJSStack() No symbol table is loaded. Use the "file" command. (gdb) set logging off Done logging to crash_bt. (gdb) quit $ more crash_bt No symbol table is loaded. Use the "file" command. If the first part worked, the gdb handles would be present, but it doesn't, implying that the required debug-info packages are not available.
(In reply to comment #6) > (In reply to comment #5) > > Thanks, but the trace is incomplete. Please follow the instructions from the > > box: > > > > set logging on crash_bt > > thread apply all bt full > > print DumpJSStack() > > set logging off > > > > and attach the full backtrace from all threards. > > Martin: > > This is not helpful on your part. I have, and I guess Derek has too, > attempted to follow the instructions. I see: > > # debuginfo-install firefox.x86_64 > Loaded plugins: rhnplugin > enabling epel-debuginfo > Reading repository metadata in from local files > Could not find debuginfo for main pkg: firefox-10.0.10-1.el5_8.x86_64 > Could not find debuginfo pkg for dependency package > glibc-2.5-81.el5_8.7.x86_64 > Could not find debuginfo pkg for dependency package > glibc-2.5-81.el5_8.7.x86_64 > Could not find debuginfo pkg for dependency package atk-1.12.2-1.fc6.x86_64 > Could not find debuginfo pkg for dependency package cairo-1.2.4-5.el5.x86_64 > ... > > So when doing: > $ firefox -g -d gdb > MOZILLA_FIVE_HOME=/usr/lib64/firefox > > LD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox/plugins:/usr/lib64/ > firefox > DISPLAY=:0.0 > FONTCONFIG_PATH=/etc/fonts:/usr/lib64/firefox/res/Xft > DYLD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox > LIBRARY_PATH= > SHLIB_PATH=/usr/lib64/firefox:/usr/lib64/firefox > LIBPATH=/usr/lib64/firefox:/usr/lib64/firefox > ADDON_PATH= > MOZ_PROGRAM=/usr/lib64/firefox/firefox > MOZ_TOOLKIT= > moz_debug=1 > moz_debugger=gdb > moz_debugger_args= > /usr/bin/gdb --args /usr/lib64/firefox/firefox > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-42.el5_8.1) > Copyright (C) 2009 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>... > Reading symbols from /usr/lib64/firefox/firefox...(no debugging symbols > found)...done. > (gdb) run > Starting program: /usr/lib64/firefox/firefox > warning: no loadable sections found in added symbol-file system-supplied DSO > at 0x2aaaaaaab000 > [Thread debugging using libthread_db enabled] > Detaching after fork from child process 5364. > Program exited normally. > (gdb) set logging on crash_bt > Copying output to crash_bt. > (gdb) thread apply all bt full > (gdb) print DumpJSStack() > No symbol table is loaded. Use the "file" command. > (gdb) set logging off > Done logging to crash_bt. > (gdb) quit > $ more crash_bt > No symbol table is loaded. Use the "file" command. > > If the first part worked, the gdb handles would be present, but it doesn't, > implying that the required debug-info packages are not available. In this case the crash was total, took down 3 ff windows, but gdb didn't notice it. There is no about:crashes page. Fedora may have debuginfo, but does RHEL 5.8? Derek seems to have something. In my case the crash occurs going to: http://www.bbc.co.uk/radio/ then http://www.bbc.co.uk/radio/player/bbc_radio_three in a fresh ff session with: dom.ipc.plugins.nswrapper* false
(In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > Thanks, but the trace is incomplete. Please follow the instructions from the > > > box: > > > > > > set logging on crash_bt > > > thread apply all bt full > > > print DumpJSStack() > > > set logging off > > > > > > and attach the full backtrace from all threards. > > > > Martin: > > > > This is not helpful on your part. I have, and I guess Derek has too, > > attempted to follow the instructions. I see: > > > > # debuginfo-install firefox.x86_64 > > Loaded plugins: rhnplugin > > enabling epel-debuginfo > > Reading repository metadata in from local files > > Could not find debuginfo for main pkg: firefox-10.0.10-1.el5_8.x86_64 > > Could not find debuginfo pkg for dependency package > > glibc-2.5-81.el5_8.7.x86_64 > > Could not find debuginfo pkg for dependency package > > glibc-2.5-81.el5_8.7.x86_64 > > Could not find debuginfo pkg for dependency package atk-1.12.2-1.fc6.x86_64 > > Could not find debuginfo pkg for dependency package cairo-1.2.4-5.el5.x86_64 > > ... > > > > So when doing: > > $ firefox -g -d gdb > > MOZILLA_FIVE_HOME=/usr/lib64/firefox > > > > LD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox/plugins:/usr/lib64/ > > firefox > > DISPLAY=:0.0 > > FONTCONFIG_PATH=/etc/fonts:/usr/lib64/firefox/res/Xft > > DYLD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox > > LIBRARY_PATH= > > SHLIB_PATH=/usr/lib64/firefox:/usr/lib64/firefox > > LIBPATH=/usr/lib64/firefox:/usr/lib64/firefox > > ADDON_PATH= > > MOZ_PROGRAM=/usr/lib64/firefox/firefox > > MOZ_TOOLKIT= > > moz_debug=1 > > moz_debugger=gdb > > moz_debugger_args= > > /usr/bin/gdb --args /usr/lib64/firefox/firefox > > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-42.el5_8.1) > > Copyright (C) 2009 Free Software Foundation, Inc. > > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > > and "show warranty" for details. > > This GDB was configured as "x86_64-redhat-linux-gnu". > > For bug reporting instructions, please see: > > <http://www.gnu.org/software/gdb/bugs/>... > > Reading symbols from /usr/lib64/firefox/firefox...(no debugging symbols > > found)...done. > > (gdb) run > > Starting program: /usr/lib64/firefox/firefox > > warning: no loadable sections found in added symbol-file system-supplied DSO > > at 0x2aaaaaaab000 > > [Thread debugging using libthread_db enabled] > > Detaching after fork from child process 5364. > > Program exited normally. > > (gdb) set logging on crash_bt > > Copying output to crash_bt. > > (gdb) thread apply all bt full > > (gdb) print DumpJSStack() > > No symbol table is loaded. Use the "file" command. > > (gdb) set logging off > > Done logging to crash_bt. > > (gdb) quit > > $ more crash_bt > > No symbol table is loaded. Use the "file" command. > > > > If the first part worked, the gdb handles would be present, but it doesn't, > > implying that the required debug-info packages are not available. > > In this case the crash was total, took down 3 ff windows, but gdb didn't > notice it. There is no about:crashes page. Fedora may have debuginfo, but > does RHEL 5.8? Derek seems to have something. OK, enabled debuginfo in RHN subscriptions. Will report on crash shortly. > In my case the crash occurs going to: > > http://www.bbc.co.uk/radio/ > > then > > http://www.bbc.co.uk/radio/player/bbc_radio_three > > in a fresh ff session with: > > dom.ipc.plugins.nswrapper* false
Created attachment 636741 [details] crash_bt Sorry, here is the full back trace.
Created attachment 636753 [details] crash_bt
Looks like a NULL pointer crash in nsObjectFrame::CallSetWindow(). If you set the dom.ipc.plugins.enabled.nswrapper* to true does it help to you? If I understand correclty, firefox-10.0.8 works fine for you, right?
(In reply to comment #13) > Looks like a NULL pointer crash in nsObjectFrame::CallSetWindow(). If you > set the dom.ipc.plugins.enabled.nswrapper* to true does it help to you? > > If I understand correcty, firefox-10.0.8 works fine for you, right? Previous x86_64 versions up to 10.0.10 worked (but could stall/freeze occasionally but not predictably) with: dom.ipc.plugins.enabled.nswrapper* false 10.0.10 crashes always, immediately, as described with false. 10.0.10 does not crash with true.
Thanks. Can you please test the 10.0.8 package (it's the previous one) with dom.ipc.plugins.enabled.nswrapper* false? But you have to add the key manually to about:config because it has been explicitly added to 10.0.10 package.
(In reply to comment #15) > Thanks. > > Can you please test the 10.0.8 package (it's the previous one) with > dom.ipc.plugins.enabled.nswrapper* false? But you have to add the key > manually to about:config because it has been explicitly added to 10.0.10 > package. Sorry, I did: yum downgrade firefox.x86_64 yum downgrade firefox-debuginfo.x86_64 but after that gdb said: firefox -g -d gdb MOZILLA_FIVE_HOME=/usr/lib64/firefox LD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox/plugins:/usr/lib64/firefox DISPLAY=:0.0 FONTCONFIG_PATH=/etc/fonts:/usr/lib64/firefox/res/Xft DYLD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox LIBRARY_PATH= SHLIB_PATH=/usr/lib64/firefox:/usr/lib64/firefox LIBPATH=/usr/lib64/firefox:/usr/lib64/firefox ADDON_PATH= MOZ_PROGRAM=/usr/lib64/firefox/firefox MOZ_TOOLKIT= moz_debug=1 moz_debugger=gdb moz_debugger_args= /usr/bin/gdb --args /usr/lib64/firefox/firefox GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-42.el5_8.1) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/lib64/firefox/firefox...(no debugging symbols found)...done. (gdb) run Starting program: /usr/lib64/firefox/firefox warning: no loadable sections found in added symbol-file system-supplied DSO at 0x2aaaaaaab000 [Thread debugging using libthread_db enabled] Detaching after fork from child process 11652. Error: Platform version '10.0.10' is not compatible with minVersion >= 10.0.8 maxVersion <= 10.0.8 Program exited with code 01. (gdb) So you'll have to show me precisely how to downgrade to a running 10.0.8 (10.0.8 now wouldn't start at all, not just for gdb). Is the version cached? Are the plugin hooks versioned?
Ahh, looks like we have a dependency bug here. Generally you need to downgrade the xulrunner package too because it provides a binary part of the browser. Thanks!
Running yum downgrade firefox.x86_64 xulrunner.x86_64 gives: Downloading Packages: Running rpm_check_debug ERROR with rpm_check_debug vs depsolve: libmozalloc.so is needed by (installed) devhelp-0.12-22.el5.i386 libxul.so is needed by (installed) devhelp-0.12-22.el5.i386 Complete! (1, [u'Please report this error in https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%205&component=yum']) so there may be a 64/32 issue? yum downgrade firefox xulrunner is running, to be followed by yum downgrade firefox-debuginfo xulrunner-debuginfo
Yes, devhelp may cause a problem, but you can remove it, downgrade firefox/xulrunner and install devhelp again. BTW. you may not need the devhelp package, it's just a launcher for help system for developers, I wonder who runs it anyway.
To be sure...you see it on RHEL5 only and RHEL6 is unaffected, right?
Created attachment 637135 [details] crash_bt 10.0.8
(In reply to comment #20) > To be sure...you see it on RHEL5 only and RHEL6 is unaffected, right? I'm only running RHEL5 on two academic license machines, don't have access to RHEL6. The 10.0.8 crash was provoked in the same way, suggesting that the dom.ipc.plugins.enabled.nswrapper* false is the trigger to a possibly earlier vulnerability.
(In reply to comment #14) > (In reply to comment #13) > > Looks like a NULL pointer crash in nsObjectFrame::CallSetWindow(). If you > > set the dom.ipc.plugins.enabled.nswrapper* to true does it help to you? > > > > If I understand correcty, firefox-10.0.8 works fine for you, right? > > Previous x86_64 versions up to 10.0.10 worked (but could stall/freeze > occasionally but not predictably) with: > > dom.ipc.plugins.enabled.nswrapper* false I retract this - I was assuming that the tag existed and was default false. More correctly, previous x86_64 versions up to 10.0.10 worked (but could stall/freeze occasionally but not predictably) with default configure settings (no user changes). > > 10.0.10 crashes always, immediately, as described with false. > > 10.0.10 does not crash with true.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-1429.html