Bug 452509

Summary: Firefox randomly crashes with segmentation fault in gmail.
Product: [Fedora] Fedora Reporter: Nikolay Vladimirov <accounts>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: hdegoede, mcepl, walters, wwoods
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-23 16:37:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 438943, 446445    
Attachments:
Description Flags
full stack trace none

Description Nikolay Vladimirov 2008-06-23 14:00:49 UTC 
Description of problem:
Firefox crashes with segmentation fault in gmail. It's mostly random. One time
it displays a letter the other it segfaults.

Version-Release number of selected component (if applicable):
firefox-3.0-1.fc10.x86_64

How reproducible:
Sometimes


Steps to Reproduce:
1. Try to read some letters in gmail

  
Actual results:
segfault

Expected results:
normal operation

Additional info:
This is a tricky one. I'm havin all sorts of firefox crashes. And I can't
reproduce any of them. It just crashes in gmail more often. I guess it doesn't
matter what extentions I use since the stack trace attached is from ff in safe
mode. 
I removed nspluginwrapper in case it's flash realted .
Comment 1 Nikolay Vladimirov 2008-06-23 14:00:50 UTC 
Created attachment 310030 [details]
full stack trace
Comment 2 Hans de Goede 2008-07-21 21:01:12 UTC 
I'm also seeing random firefox crashes all over the place in a fully up2date
x86_64 rawhide. One guaranteed way of reproducing it for me is opening:
http://bugzilla.livna.org/show_bug.cgi?id=2057

[hans@localhost ~]$ firefox http://bugzilla.livna.org/show_bug.cgi?id=2057
/usr/lib64/firefox-3.0.1/run-mozilla.sh: line 131:  3116 Segmentation fault     
"$prog" ${1+"$@"}
[hans@localhost ~]$

Involved versions:
firefox-3.0.1-1.fc10.x86_64
xulrunner-1.9.0.1-1.fc10.x86_64

Additonal info:
I also got an abort once from glibc's malloc memory checking which backtrace
started at libhunspell, while libhunspell was doing a malloc, so chances are its
innocent, but still I thought it would be good to add a note about this.
Comment 3 Hans de Goede 2008-07-21 21:04:24 UTC 
Making this block F10Alpha, as discussed in #fedora-devel
Comment 4 Will Woods 2008-07-22 14:32:34 UTC 
Problem sighted on i386 as well.
Comment 5 Matěj Cepl 2008-07-22 14:40:11 UTC 
Try to switch off your accessibility functionality (unless you actually need it)
and retest. DOes it help?
Comment 6 Will Woods 2008-07-22 14:45:40 UTC 
The hunspell crash is tracked as bug 447444.
Comment 7 Hans de Goede 2008-07-22 14:56:47 UTC 
(In reply to comment #5)
> Try to switch off your accessibility functionality (unless you actually need it)
> and retest. DOes it help?

Not for the livna bugzilla url, I have managed to open that url in firefox
sometimes if another tab was already open, but whne I start firefox with that
url as initial url it crashes constanly (for me).

Maybe this is a race condition and related to smp systems? What I'm thinking is
that since on an smp system 2 threads can run at once, if there is a race the
chance of triggering it is much bigger with smp.
Comment 8 Nikolay Vladimirov 2008-07-22 17:19:08 UTC 
Couldn't reproduce this. I'm now using firefox-3.0.1-1.fc10.x86_64. 
I also disabled accessibility. Not sure if it's fixed or not. It crashed randomly. 
So this can be closed. And if firefox continues to crash I'll get backtraces and
submit them and reopen the bug if the crash is related.
Comment 9 Will Woods 2008-07-23 16:37:44 UTC 
This seems fine for me, using xulrunner-1.9.0.1-2.fc10 (which should fix
ff3-crash-hunspell). caillon suspects this is a dup of that bug, so I'm going to
close it as such.

*** This bug has been marked as a duplicate of 447444 ***