Bug 629966

Summary: Firefox crash with Segmentation fault
Product: Red Hat Enterprise Linux 6 Reporter: Miroslav Suchý <msuchy>
Component: firefoxAssignee: Martin Stransky <stransky>
Status: CLOSED NOTABUG QA Contact: desktop-bugs <desktop-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 6.0CC: jan.kratochvil
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-18 11:07:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
script for backtraces generation
none
firefox-backtrace-29192.txt
none
firefox-backtrace-29367.txt
none
list of installed rpm none

Description Miroslav Suchý 2010-09-03 11:58:31 UTC 
Description of problem:
Firefox crash with Segmentation fault when plugin crash. This should not happen with crash protection feature.

Version-Release number of selected component (if applicable):
firefox-3.6.9-2.el6.x86_64
lightspark-0.4.4.1-1.fc13.x86_64

How reproducible:
always

Steps to Reproduce:
1. install firefox-3.6.9-2.el6.x86_64
2. install lightspark plugin from http://hicham.fedorapeople.org/lightspark/F13
3. go to some web page with flash where this plugin crash (it always crash on koop.cz website)
  
Actual results:
(firefox:29192): atk-bridge-WARNING **: AT_SPI_REGISTRY was not started at session startup.

(firefox:29192): atk-bridge-WARNING **: IOR not set.

(firefox:29192): atk-bridge-WARNING **: Could not locate registry
INFO: No SWF file signature found
ERROR: Exception in ParseThread Not an SWF file
Class flash.display:Stage references 1
Class flash.events:EventDispatcher references 1
/usr/lib64/firefox-3.6/run-mozilla.sh: line 131: 29192 Segmentation fault      (core dumped) "$prog" ${1+"$@"}


Expected results:
plugin dies, but firefox will survive

Additional info:
You can find core dumps at:
http://dri.englab.brq.redhat.com/~msuchy/core.29192.gz
http://dri.englab.brq.redhat.com/~msuchy/core.29367.gz
Comment 3 Miroslav Suchý 2010-09-13 08:03:15 UTC 
Sorry, I still could not used to recent hostname change (and I have local alias so this url works for me).
Correct url for core dumps are:
http://dri.brq.redhat.com/~msuchy/core.29192.gz
http://dri.brq.redhat.com/~msuchy/core.29367.gz
Comment 4 Matěj Cepl 2010-09-13 10:11:16 UTC 
Created attachment 446877 [details]
script for backtraces generation

No, this doesn't work this way (I tried but the generated backtrace was useless). We have to generate backtraces locally. Please, run

sudo debuginfo-install firefox

and then

gbt /usr/bin/firefox core.<number>

Then attach firefox-backtrace-<number>.txt

Thank you
Comment 5 Jan Kratochvil 2010-09-13 11:13:20 UTC 
rpm -qa would be useful as some of the installed packages are not available in the current repository:
http://download.devel.redhat.com/nightly/latest-RHEL6.0/6/Workstation/x86_64/debug
Such as:
/usr/lib/debug/.build-id/a9/f5bb76f2e9c8964ffcfa03e27f37468968a640

and there exists no build-id database, which I requested for Fedora in:
http://lists.fedoraproject.org/pipermail/devel/2010-September/142701.html
https://fedorahosted.org/koji/ticket/190
Comment 6 Miroslav Suchý 2010-09-13 11:18:20 UTC 
Created attachment 446893 [details]
firefox-backtrace-29192.txt
Comment 7 Miroslav Suchý 2010-09-13 11:18:51 UTC 
Created attachment 446894 [details]
firefox-backtrace-29367.txt
Comment 8 Miroslav Suchý 2010-09-13 11:26:29 UTC 
Created attachment 446895 [details]
list of installed rpm
Comment 9 Matěj Cepl 2010-09-13 13:27:06 UTC 
From core.29192

Thread 1 (Thread 29192):
#0  0x00007f83e2bbf38b in raise (sig=<value optimized out>)
---Type <return> to continue, or q <return> to quit---
    at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#1  0x00007f83df89cb8a in nsProfileLock::FatalSignalHandler (signo=11, 
    info=<value optimized out>, context=<value optimized out>)
    at nsProfileLock.cpp:213
#2  <signal handler called>
#3  idalloc (ptr=0x7f83c3eff230) at jemalloc.c:4243
#4  free (ptr=0x7f83c3eff230) at jemalloc.c:6017
#5  0x00007f83c335c9a3 in ?? ()
#6  0x00007f83e26b02c0 in ?? () from /usr/lib64/libstdc++.so.6.0.13
#7  0x00007f83b0b27800 in ?? ()
#8  0x00007f83e26b02c0 in ?? () from /usr/lib64/libstdc++.so.6.0.13
#9  0x00007f83b0b28398 in ?? ()
#10 0x00007f83ae48b590 in ?? ()
#11 0x00007f83c335cf6b in ?? ()
#12 0x0000000000000000 in ?? ()
(gdb) 

and from core.29367

Thread 1 (Thread 29367):
---Type <return> to continue, or q <return> to quit---
#0  0x00007f19886ec38b in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#1  0x00007f198539cb8a in nsProfileLock::FatalSignalHandler (signo=11, 
    info=<value optimized out>, context=<value optimized out>)
    at nsProfileLock.cpp:213
#2  <signal handler called>
#3  0x00007f1987f52e3a in std::_Rb_tree_decrement (__x=0x7f195911d398)
    at ../../../../libstdc++-v3/src/tree.cc:89
#4  0x00007f1968e60e49 in ?? ()
#5  0x00007f195d9a9400 in ?? ()
#6  0x00007fff5324c9c0 in ?? ()
#7  0x00007fff5324c860 in ?? ()
#8  0x00007fff5324c910 in ?? ()
#9  0x00007f195d9a9400 in ?? ()
#10 0x00007f195d9a9400 in ?? ()
#11 0x00007fff5324c860 in ?? ()
#12 0x00007fff5324c910 in ?? ()
#13 0x00007fff5324ca60 in ?? ()
#14 0x00007f1968f5537d in ?? ()
#15 0x00007fff5324cc40 in ?? ()
#16 0x0000000000000002 in ?? ()
#17 0x00007f195b1eae00 in ?? ()
#18 0x00007fff5324cd38 in ?? ()
#19 0x4050000000000000 in ?? ()
#20 0x00007f1987719fae in ___printf_fp (fp=0x7fff5324c860, 
    info=0x7f195911d390, args=<value optimized out>) at printf_fp.c:413
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
Comment 10 Matěj Cepl 2010-09-13 13:31:29 UTC 
I don't have much hope, reporter, if you are able to get anything better, please, attach.
Comment 11 Martin Stransky 2010-10-18 11:07:10 UTC 
The "crash protection feature" is enabled for flash plug-in only for now. 
If you want to enable it for your plugin, go to about:config and set dom.ipc.plugins.enabled.your_plugin_name.so to true.