Bug 603182

Summary: Firefox 3.6.3 starts with a segfault
Product: [Fedora] Fedora Reporter: Karsten Roch <karo1170>
Component: firefoxAssignee: Martin Stransky <stransky>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: alejandro.cubero, gecko-bugs-nobody, mcepl, rrankin
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-23 03:01:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karsten Roch 2010-06-11 18:59:04 UTC 
Description of problem:

Firefox 3.6.3 starts with a segfault

$ firefox
/usr/lib/firefox-3.6/run-mozilla.sh: line 131:  2195 Segmentation fault      "$prog" ${1+"$@"}

But if firefox is started from thunderbird (clicking on a link in an email for instance) or from another instance of firefox, or restartet, firefox starts without any problems...

Version-Release number of selected component (if applicable):

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100402 Fedora/3.6.3-4.fc14 Firefox/3.6.3

How reproducible:

Always. See gdb and backtrace.

Steps to Reproduce:
1./usr/lib/firefox-3.6/firefox
  
Actual results:
/usr/lib/firefox-3.6/run-mozilla.sh: line 131:  2195 Segmentation fault      "$prog" ${1+"$@"}


Expected results:
Firafox starts.

Additional info:

gdb /usr/lib/firefox-3.6/firefox 
GNU gdb (GDB) Fedora (7.1-26.fc13)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/firefox-3.6/firefox...Reading symbols from /usr/lib/debug/usr/lib/xulrunner-1.9.2/xulrunner-stub.debug...done.
done.
(gdb) run
Starting program: /usr/lib/firefox-3.6/firefox 
[Thread debugging using libthread_db enabled]
[New Thread 0xb79ffb70 (LWP 2212)]
[New Thread 0xb6ffeb70 (LWP 2213)]
[New Thread 0xb65fdb70 (LWP 2214)]
[New Thread 0xb58ffb70 (LWP 2215)]
[New Thread 0xb23ffb70 (LWP 2216)]

Program received signal SIGSEGV, Segmentation fault.
0x072941b9 in addMem (this=0xb7affaa0, start=@0xb5ad588c, end=@0xb5ad5890) at nanojit/CodeAlloc.cpp:327
327             b->end = (NIns*) (uintptr_t(mem) + bytes - sizeofMinBlock);
Missing separate debuginfos, use: debuginfo-install ORBit2-2.14.18-1.fc14.i686 avahi-glib-0.6.25-7.fc14.i686 avahi-libs-0.6.25-7.fc14.i686 dbus-glib-0.84-3.fc13.i686 gtk2-engines-2.20.1-1.fc14.i686 hunspell-1.2.11-1.fc14.i686 libXt-1.0.7-1.fc13.i686 libart_lgpl-2.3.20-5.fc12.i686 libbonobo-2.24.2-2.fc13.i686 libbonoboui-2.24.3-1.fc14.i686 libgcrypt-1.4.5-4.fc13.i686 libgnome-2.30.0-2.fc14.i686 libgnome-keyring-2.30.1-1.fc14.i686 libgnomecanvas-2.30.1-1.fc14.i686 libgnomeui-2.24.3-1.fc14.i686 libgpg-error-1.7-3.fc14.i686 nss-3.12.6-8.fc14.i686 nss-util-3.12.6-1.fc14.i686 pixman-0.18.0-1.fc14.i686 popt-1.13-7.fc14.i686 xcb-util-0.3.6-1.fc12.i686
(gdb) bt
#0  0x072941b9 in addMem (this=0xb7affaa0, start=@0xb5ad588c, end=@0xb5ad5890) at nanojit/CodeAlloc.cpp:327
#1  nanojit::CodeAlloc::alloc (this=0xb7affaa0, start=@0xb5ad588c, end=@0xb5ad5890) at nanojit/CodeAlloc.cpp:132
#2  0x0728a1da in nanojit::Assembler::codeAlloc (this=0xb5ad5844, start=@0xb5ad588c, end=@0xb5ad5890, eip=@0xb5ad589c)
    at nanojit/Assembler.cpp:192
#3  0x07299945 in nanojit::Assembler::nativePageSetup (this=0xb5ad5844) at nanojit/Nativei386.cpp:1732
#4  0x0728b645 in nanojit::Assembler::beginAssembly (this=0xb5ad5844, frag=0xb3adbe44) at nanojit/Assembler.cpp:658
#5  0x0729575f in nanojit::compile (assm=0xb5ad5844, frag=0xb3adbe44) at nanojit/LIR.cpp:1954
#6  0x0726ebfe in TraceRecorder::compile (this=0xb7ab7090, tm=0xb5a11068) at jstracer.cpp:4212
#7  0x07270d0d in TraceRecorder::closeLoop (this=0xb7ab7090, slotMap=..., exit=0xb3ade584, consensus=@0xbfff70f0) at jstracer.cpp:4599
#8  0x07278722 in TraceRecorder::closeLoop (this=0xb7ab7090, consensus=@0xbfff70f0) at jstracer.cpp:4502
#9  0x07278b65 in TraceRecorder::checkTraceEnd (this=0xb7ab7090, pc=0xb3be013a "\b\377\341V") at jstracer.cpp:5039
#10 0x0727be72 in TraceRecorder::equalityHelper (this=0xb7ab7090, l=2049, r=1, l_ins=0xb7afd5fc, r_ins=0xb7afd618, negate=true, 
    tryBranchAfterCond=true, rval=@0xb37eb310) at jstracer.cpp:8486
#11 0x0727c34c in equality (this=0xb7ab7090) at jstracer.cpp:8360
#12 TraceRecorder::record_JSOP_NE (this=0xb7ab7090) at jstracer.cpp:9625
#13 0x072866a4 in TraceRecorder::monitorRecording (cx=0xb3dd6a00, tr=0xb7ab7090, op=JSOP_NE) at jsopcode.tbl:138
#14 0x071ca406 in js_Interpret (cx=0xb3dd6a00) at jsops.cpp:79
#15 0x071d14e6 in js_Invoke (cx=0xb3dd6a00, argc=1, vp=0xb37eb2e0, flags=<value optimized out>) at jsinterp.cpp:1368
#16 0x0293a33a in nsXPCWrappedJSClass::CallMethod (this=0xb3de89d0, wrapper=0xb3ee3980, methodIndex=43, info=0xb3fb4288, 
    nativeParams=0xbfff7778) at xpcwrappedjsclass.cpp:1696
#17 0x02935a7a in nsXPCWrappedJS::CallMethod (this=0xb3ee3980, methodIndex=43, info=0xb3fb4288, params=0xbfff7778)
    at xpcwrappedjs.cpp:570
#18 0x032326c6 in PrepareAndDispatch (methodIndex=<value optimized out>, self=0xb3de73b0, args=<value optimized out>)
    at xptcstubs_gcc_x86_unix.cpp:95
#19 0x03231b87 in NS_InvokeByIndex_P () from /usr/lib/xulrunner-1.9.2/libxul.so
#20 0x0293d4c7 in XPCWrappedNative::CallMethod (ccx=..., mode=XPCWrappedNative::CALL_METHOD) at xpcwrappednative.cpp:2722
#21 0x029460c6 in XPC_WN_CallMethod (cx=0xb3dd6a00, obj=0xb47270e0, argc=1, argv=0xb37eb2b8, vp=0xbfff7ca0)
    at xpcwrappednativejsops.cpp:1740
#22 0x071d10ce in js_Invoke (cx=0xb3dd6a00, argc=1, vp=0xb37eb2b0, flags=<value optimized out>) at jsinterp.cpp:1360
#23 0x071c15dc in js_Interpret (cx=0xb3dd6a00) at jsops.cpp:2240
#24 0x071d14e6 in js_Invoke (cx=0xb3dd6a00, argc=2, vp=0xb37eb1fc, flags=<value optimized out>) at jsinterp.cpp:1368
#25 0x0293a33a in nsXPCWrappedJSClass::CallMethod (this=0xb4c0b370, wrapper=0xb3afca40, methodIndex=3, info=0xb7ae22a0, 
    nativeParams=0xbfff8258) at xpcwrappedjsclass.cpp:1696
#26 0x02935a7a in nsXPCWrappedJS::CallMethod (this=0xb3afca40, methodIndex=3, info=0xb7ae22a0, params=0xbfff8258)
---Type <return> to continue, or q <return> to quit---
    at xpcwrappedjs.cpp:570
#27 0x032326c6 in PrepareAndDispatch (methodIndex=<value optimized out>, self=0xb3d1bc20, args=<value optimized out>)
    at xptcstubs_gcc_x86_unix.cpp:95
#28 0x0321e476 in nsComponentManagerImpl::CreateInstance (this=0xb7d80460, aClass=..., aDelegate=0x0, aIID=..., aResult=0xbfff83ac)
    at nsComponentManager.cpp:1597
#29 0x0321fe10 in nsComponentManagerImpl::GetService (this=0xb7d80460, aClass=..., aIID=..., result=0xbfff8400)
    at nsComponentManager.cpp:1901
#30 0x0292ec9e in nsJSCID::GetService (this=0xb3dfb5b0, _retval=0xbfff84e4) at xpcjsid.cpp:894
#31 0x03231b87 in NS_InvokeByIndex_P () from /usr/lib/xulrunner-1.9.2/libxul.so
#32 0x0293d4c7 in XPCWrappedNative::CallMethod (ccx=..., mode=XPCWrappedNative::CALL_METHOD) at xpcwrappednative.cpp:2722
#33 0x029460c6 in XPC_WN_CallMethod (cx=0xb3dd6a00, obj=0xb48d6d60, argc=1, argv=0xb37eb1d4, vp=0xbfff88b0)
    at xpcwrappednativejsops.cpp:1740
#34 0x071d10ce in js_Invoke (cx=0xb3dd6a00, argc=1, vp=0xb37eb1cc, flags=<value optimized out>) at jsinterp.cpp:1360
#35 0x071c15dc in js_Interpret (cx=0xb3dd6a00) at jsops.cpp:2240
#36 0x071d14e6 in js_Invoke (cx=0xb3dd6a00, argc=2, vp=0xb37eb130, flags=<value optimized out>) at jsinterp.cpp:1368
#37 0x0293a33a in nsXPCWrappedJSClass::CallMethod (this=0xb4c0b370, wrapper=0xb46e7b00, methodIndex=3, info=0xb7ae22a0, 
    nativeParams=0xbfff8e68) at xpcwrappedjsclass.cpp:1696
#38 0x02935a7a in nsXPCWrappedJS::CallMethod (this=0xb46e7b00, methodIndex=3, info=0xb7ae22a0, params=0xbfff8e68)
    at xpcwrappedjs.cpp:570
#39 0x032326c6 in PrepareAndDispatch (methodIndex=<value optimized out>, self=0xb3bd4bf0, args=<value optimized out>)
    at xptcstubs_gcc_x86_unix.cpp:95
#40 0x0321e476 in nsComponentManagerImpl::CreateInstance (this=0xb7d80460, aClass=..., aDelegate=0x0, aIID=..., aResult=0xbfff8fbc)
    at nsComponentManager.cpp:1597
#41 0x0321fe10 in nsComponentManagerImpl::GetService (this=0xb7d80460, aClass=..., aIID=..., result=0xbfff9010)
    at nsComponentManager.cpp:1901
#42 0x0292ec9e in nsJSCID::GetService (this=0xb3e9c160, _retval=0xbfff90f0) at xpcjsid.cpp:894
#43 0x03231b87 in NS_InvokeByIndex_P () from /usr/lib/xulrunner-1.9.2/libxul.so
#44 0x0293d4c7 in XPCWrappedNative::CallMethod (ccx=..., mode=XPCWrappedNative::CALL_METHOD) at xpcwrappednative.cpp:2722
#45 0x029460c6 in XPC_WN_CallMethod (cx=0xb3dd6a00, obj=0xb48f6260, argc=1, argv=0xb37eb10c, vp=0xbfff94bc)
    at xpcwrappednativejsops.cpp:1740
#46 0x071d10ce in js_Invoke (cx=0xb3dd6a00, argc=1, vp=0xb37eb104, flags=<value optimized out>) at jsinterp.cpp:1360
#47 0x071c15dc in js_Interpret (cx=0xb3dd6a00) at jsops.cpp:2240
#48 0x071d0a89 in js_Execute (cx=0xb3dd6a00, chain=<value optimized out>, script=0xb3fa7800, down=0x0, flags=0, result=0xbfff97c4)
    at jsinterp.cpp:1601
Comment 1 Matěj Cepl 2010-06-16 12:59:08 UTC 
Relevant upstream crashreports are at http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=nanojit%3A%3ACodeAlloc%3A%3Aalloc&date=06%2F16%2F2010%2005%3A38%3A50&range_value=1&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=nanojit%3A%3ACodeAlloc%3A%3Aalloc
Comment 2 Matěj Cepl 2010-06-16 13:06:00 UTC 
Reporter, is there anything special about your system, network, configuration
which we need to replicate here in order to reproduce your problem please?
Obviously, just plain starting of firefox doesn't create the result it does on
your computer.

Thank you for filing the report
Comment 3 Karsten Roch 2010-06-16 19:08:27 UTC 
System is nothing special, (AMD Athlon 64 with 2.2GHz on ALiveDual-eSATA2, 2GB Ram, Nvidia 8400GS) running Fedora Rawhide 32bit since FC11 (Feb 2009) with DSL. firefox-3.6.3 was running fine until 06/08/2010.

First crash of firefox was:

Jun  8 19:01:08 krakatoa kernel: Process 1810(firefox) has RLIMIT_CORE set to 0
Jun  8 19:01:08 krakatoa kernel: Aborting core 
Jun  8 19:01:12 krakatoa setroubleshoot: SELinux is preventing firefox from making its memory writable and executable. For complete SELinux messages. run sealert -l 166c03a5-dfcd-4353-9cb5-d1e680c66770

One day before, i updated the following files through "yum update":

Jun 07 20:21:46 Updated: cryptsetup-luks-libs-1.1.2-2.fc14.i686
Jun 07 20:21:46 Updated: nss-softokn-freebl-3.12.4-23.fc14.i686
Jun 07 20:21:47 Updated: nss-softokn-3.12.4-23.fc14.i686
Jun 07 20:21:47 Updated: nss-sysinit-3.12.6-6.fc14.i686
Jun 07 20:21:48 Updated: nss-3.12.6-6.fc14.i686
Jun 07 20:21:49 Updated: cryptsetup-luks-1.1.2-2.fc14.i686
Jun 07 20:21:49 Updated: clucene-core-0.9.21b-1.fc14.i686
Jun 07 20:21:49 Updated: yum-plugin-auto-update-debug-info-1.1.27-1.fc14.noarch
Jun 07 20:21:50 Updated: yum-plugin-fastestmirror-1.1.27-1.fc14.noarch
Jun 07 20:21:51 Updated: yum-utils-1.1.27-1.fc14.noarch

(I have no crypted partitions, not using nss for anything, these packages came automagically.)

There is not more i can say for the moment. If i have already one instance of firefox started (e.g if i click on a link through thunderbird) i can start other instances of firefox wthout a crash. Starting firefox with a new Profil (firefox -P)or under a different (new) user changes nothing, firefox crashes. I currently use only 2 plugins on firefox:

/usr/java/jre1.6.0_20/lib/i386/libnpjp2.so 
/usr/lib/flash-plugin/libflashplayer.so  (from Adobe Repo)

Removing these links from /usr/lib/mozilla/plugins did also nothing changes, firefox crashes.

Cordialement
Karsten
Comment 4 Roy Rankin 2010-06-18 09:28:20 UTC 
I am see this same crash on a QEMU virtual CPU version 8.12.3 running the curren rawhide (18 June 2010)

Regards,
Roy Rankin
Comment 5 Alejandro Cubero 2010-06-21 23:02:52 UTC 
I'm having the same behaviour reported on this bug

[cuberomo@localhost ~]$ firefox
/usr/lib/firefox-3.6/run-mozilla.sh: line 131:  5526 Segmentation fault      "$prog" ${1+"$@"}
[cuberomo@localhost ~]$ cat /etc/redhat-release 
Fedora release 14 (Rawhide)

Installed Packages
firefox.i686                                           3.6.3-4.fc14                                           @rawhide/12


Please let me know what information can I send you that might help
Comment 6 Roy Rankin 2010-07-05 12:31:41 UTC 
 I saw 606789 which found that if you set selinux to to not be in enforcing mode firefox worked. I tried this, rebooted and firefox now works for me.
Comment 7 Jens Petersen 2010-07-23 03:01:54 UTC 

*** This bug has been marked as a duplicate of bug 597858 ***