Bug 1259525 - crash @ [nsSecretDecoderRing::decode()]
crash @ [nsSecretDecoderRing::decode()]
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
22
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Martin Stransky
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-02 18:13 EDT by Pasi Karkkainen
Modified: 2016-02-16 23:18 EST (History)
7 users (show)

See Also:
Fixed In Version: firefox-44.0.2-3.fc23 firefox-44.0.2-3.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-14 21:49:50 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
firefox 40 about:support raw data (10.82 KB, text/plain)
2015-09-03 05:42 EDT, Pasi Karkkainen
no flags Details
firefox 40 about:support text (8.88 KB, text/plain)
2015-09-03 05:43 EDT, Pasi Karkkainen
no flags Details
firefox crash gdb backtrace (220.34 KB, text/plain)
2015-09-10 05:52 EDT, Pasi Karkkainen
no flags Details
another firefox crash gdb backtrace (213.07 KB, text/plain)
2015-09-10 17:19 EDT, Pasi Karkkainen
no flags Details
third firefox crash gdb backtrace (216.20 KB, text/plain)
2015-09-12 12:29 EDT, Pasi Karkkainen
no flags Details
fourth firefox crash gdb backtrace (203.63 KB, text/plain)
2015-09-15 11:29 EDT, Pasi Karkkainen
no flags Details
fifth firefox crash gdb backtrace (205.61 KB, text/plain)
2015-09-16 05:54 EDT, Pasi Karkkainen
no flags Details

  None (edit)
Description Pasi Karkkainen 2015-09-02 18:13:50 EDT
Description of problem:

Using Fedora 22 with Mate Desktop it seems Firefox browser is crashing a lot.. crashes happens multiple times per day, but quite randomly. 

adobe flash-plugin is installed.


Version-Release number of selected component (if applicable):

firefox-40.0.3-1.fc22.x86_64
gtk3-3.16.6-1.fc22.x86_64
flash-plugin-11.2.202.508-release.x86_64

How reproducible:
Crashes happen randomly, but quite often.. usually multiple times per day.

Steps to Reproduce:
1. Use firefox and browse the web.

Actual results:
Firefox crashes.

Expected results:
Firefox doesn't crash.


Additional info:

example crash in /var/log/messages:

Sep  3 00:58:56 localhost kernel: do_trap: 198 callbacks suppressed
Sep  3 00:58:56 localhost kernel: traps: firefox[2937] trap stack segment ip:7f1d8cc97fb0 sp:7ffd70e228e0 error:0 in libgtk-3.so.0.1600.6[7f1d8c912000+6da000]
Sep  3 00:58:56 localhost audit: <audit-1701> auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=2937 comm="firefox" exe="/usr/lib64/firefox/firefox" sig=7 
Sep  3 00:58:59 localhost audit: <audit-1701> auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined
_r:mozilla_plugin_t:s0-s0:c0.c1023 pid=3598 comm="Chrome_ChildThr" exe="/usr/lib64/firefox/plugin-container" sig=11
Sep  3 00:58:59 localhost kernel: Chrome_ChildThr[3598]: segfault at 0 ip 000055645838fd4a sp 00007f564f543470 error 6 in plugin-container[556458388000+39000]


/var/log/audit/audit.log:

type=ANOM_ABEND msg=audit(1441231136.272:592): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=2937 comm="firefox" exe="/usr/lib64/firefox/firefox" sig=7
type=ANOM_ABEND msg=audit(1441231139.596:593): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 pid=3598 comm="Chrome_ChildThr" exe="/usr/lib64/firefox/plugin-container" sig=11
Comment 2 Martin Stransky 2015-09-03 03:34:19 EDT
If you open "about:crashes" page, can you post here links to the latest crashes? Also please attach data from "about:support" page. Thanks!
Comment 4 Pasi Karkkainen 2015-09-03 05:42:25 EDT
Created attachment 1069720 [details]
firefox 40 about:support raw data

firefox 40 about:support raw data
Comment 5 Pasi Karkkainen 2015-09-03 05:43:04 EDT
Created attachment 1069721 [details]
firefox 40 about:support text

firefox 40 about:support text
Comment 6 Martin Stransky 2015-09-03 07:42:24 EDT
Unfortunately the crash stats are missing debuginfos, because of broken debugsymbols upload. Do you mind to run Firefox in gdb and attach a backtrace when it crashes? See http://fedoraproject.org/wiki/Debugging_guidelines_for_Mozilla_products for details.
Comment 7 Pasi Karkkainen 2015-09-04 14:19:49 EDT
OK. I'll try running firefox in gdb, and get back to you.
Comment 8 Pasi Karkkainen 2015-09-10 05:52:54 EDT
Created attachment 1072074 [details]
firefox crash gdb backtrace
Comment 9 Pasi Karkkainen 2015-09-10 05:53:36 EDT
OK, crash backtrace attached. I can post another later, if needed.
Comment 10 Pasi Karkkainen 2015-09-10 17:19:31 EDT
Created attachment 1072364 [details]
another firefox crash gdb backtrace
Comment 11 Pasi Karkkainen 2015-09-12 12:29:26 EDT
Created attachment 1072718 [details]
third firefox crash gdb backtrace
Comment 12 Pasi Karkkainen 2015-09-12 12:30:17 EDT
OK, 3x gdb backtraces submitted. Is there anything else I should try/do? 

Thanks!
Comment 13 Martin Stransky 2015-09-15 04:29:24 EDT
crashes in gtk_socket_filter_func () - looks related to the flash plugin. If you run flash - is there a process named "plugin-container"? Is it supposed to run flash out of the main Firefox process.
Comment 14 Pasi Karkkainen 2015-09-15 04:53:58 EDT
Yes, there is plugin-container when I run flash content on firefox:

/usr/lib64/firefox/plugin-container /usr/lib64/flash-plugin/libflashplayer.so -greomni /usr/lib64/firefox/omni.ja -appomni /usr/lib64/firefox/browser/omni.ja -appdir /usr/lib64/firefox/browser 3087 true plugin
Comment 15 Pasi Karkkainen 2015-09-15 11:28:28 EDT
A bit different crash now:

Program received signal SIGPIPE, Broken pipe.
[Switching to Thread 0x7fffd9cfe700 (LWP 6256)]
0x00007ffff7bcfa2f in __libc_send (fd=156, buf=buf@entry=0x7fff99842000, 
    n=n@entry=53, flags=flags@entry=0)
    at ../sysdeps/unix/sysv/linux/x86_64/send.c:31
31	  ssize_t result = INLINE_SYSCALL (sendto, 6, fd, buf, n, flags, NULL,
(gdb)


It's weird that buggy flash-plugin is able to crash whole firefox.. even when flash-plugin is running in plugin-container. I'll attach gdb backtrace aswell.
Comment 16 Pasi Karkkainen 2015-09-15 11:29:23 EDT
Created attachment 1073719 [details]
fourth firefox crash gdb backtrace
Comment 17 Pasi Karkkainen 2015-09-15 14:03:04 EDT
(and yes I can see the latest crash is not related to plugin-container, at least not directly, but most of the crashes seem to be related to plugin-container..)
Comment 18 Pasi Karkkainen 2015-09-16 03:51:00 EDT
Just got another one of these:

Program received signal SIGPIPE, Broken pipe.
[Switching to Thread 0x7fffd9cfe700 (LWP 9985)]
0x00007ffff7bcfa2f in __libc_send (fd=162, buf=buf@entry=0x7fff9e76c000, n=n@entry=37, 
    flags=flags@entry=0) at ../sysdeps/unix/sysv/linux/x86_64/send.c:31
31	  ssize_t result = INLINE_SYSCALL (sendto, 6, fd, buf, n, flags, NULL,
(gdb)


For some reason firefox has recently been crashing a lot for me.. many times per day..
Comment 19 Pasi Karkkainen 2015-09-16 04:07:22 EDT
I think I'll open another bug about the __libc_send / INLINE_SYSCALL issue. Let's keep this bug open about the original plugin-container crash.

I think I'll also submit these issues to upstream mozilla bugzilla.
Comment 20 Pasi Karkkainen 2015-09-16 04:23:12 EDT
Upstream mozilla bug about the flash plugin-container / gtk_socket_filter_func crash: https://bugzilla.mozilla.org/show_bug.cgi?id=1205199
Comment 21 Pasi Karkkainen 2015-09-16 05:53:56 EDT
Just got the original crash once again, when trying to click play on a flash video on a web page:

Program received signal SIGBUS, Bus error.
gtk_socket_filter_func (gdk_xevent=0x7fffffffc1e0, event=0x7fffb44cb790, data=0x7fff9ee76030)
    at gtksocket.c:1371
1371	  if (private->plug_widget)
(gdb)


dmesg:
[58832.569404] Chrome_ChildThr[10319]: segfault at 0 ip 000055e2d93a4d4a sp 00007f7d5f343470 error 6 in plugin-container[55e2d939d000+39000]

I'll attach full GDB backtrace.
Comment 22 Pasi Karkkainen 2015-09-16 05:54:43 EDT
Created attachment 1073927 [details]
fifth firefox crash gdb backtrace
Comment 23 Pasi Karkkainen 2015-09-27 09:10:07 EDT
Btw this crash seems to be specific to Fedora build of Firefox. When I run the firefox binary provided by Mozilla it's stable - no crashes.
Comment 24 Pasi Karkkainen 2015-10-09 05:17:03 EDT
For the last two weeks I've been running Mozilla build/binary of Firefox 40, and that seems to be very stable (no crashes so far).. 

While the Fedora build of Firefox crashes multiple times per day..

Any suggestions what to try next?
Comment 25 Martin Stransky 2015-10-09 05:26:44 EDT
It crashes in gtk3 build (Mozilla is still gtk2) in plugin handler code. May be fixed when Mozilla also switch to Gtk3, in FF43 or so.
Comment 26 Pasi Karkkainen 2015-10-29 08:38:11 EDT
I'm currently running F22 build of Firefox 41.0.2, and it crashes a lot too..
Comment 27 Pasi Karkkainen 2015-11-16 12:22:36 EST
Interesting comment on the upstream mozilla bugzilla about this plugin-container crashing firefox -issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=1205199#c7

"on one of linuxfromscratch pages regarding firefox, there's a note >=firefox-40 needing to be built with bundled cairo, due to unspecified crashes.
One of Fedora bugs mentions something similar in the passing (and states plans of switching to bundled cairo too)..."
Comment 28 Martin Stransky 2015-11-16 14:10:28 EST
(In reply to Pasi Karkkainen from comment #27)
> Interesting comment on the upstream mozilla bugzilla about this
> plugin-container crashing firefox -issue:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1205199#c7
> 
> "on one of linuxfromscratch pages regarding firefox, there's a note
> >=firefox-40 needing to be built with bundled cairo, due to unspecified
> crashes.
> One of Fedora bugs mentions something similar in the passing (and states
> plans of switching to bundled cairo too)..."

Fedora Firefox is already built with bundled cairo because of the stability issues. I see the gtk3 crashes too (usually once a day). I'll try to look at it.
Comment 29 Pasi Karkkainen 2015-11-16 14:31:02 EST
Oh, good to hear it's not only me who is seeing the crashes :)

Btw at least for me going to paypal.com website triggers the crash quite often.. Thanks for looking into this!
Comment 30 Reik Red 2015-12-03 20:55:12 EST
I have the same crashes, in firefox 42.0, in fedora 19, most recently about one hour  ago. Here is a link to the relevant about:crashes entry

https://crash-stats.mozilla.com/report/index/dcdf0a86-f0fe-4ef3-a933-8443b2151204

The message in dmesg is the same type as the one Pasi Karkkainen has reported, that is:

Thu Dec  3 16:49:34 2015: Chrome_ChildThr[17288]: segfault at 0 ip 000000000040c28f sp 00007fb4bb6fe430 error 6 in plugin-container[400000+65000]

Some additional tidbits that may or may not be useful:

1. I do not know any particular website causing the crash

2. I was not actively browsing when the crash happened

3. Out of multiple instances of firefox running (each instance runs in a separate profile, of course), there is only ONE specific instance/profile that has this problem. 

4. Once the crash happens, a restart will soon again crash, UNLESS I clean  the cache (remove cache2/entries/*, to be specific) . With cache cleaning, firefox  will usually last for a day or so (varies).

5. The profile that regularly crashes has the most tabs of any of the instances I have running, 1314 at last count, but not sure that is relevant. Pasi, how many tabs do you have when this happens?

6. I always use the "Don't load tabs until selected" setting, or "lazy loading" as some call it.

I hope the above may provide some clues.
Comment 31 Pasi Karkkainen 2015-12-04 03:45:57 EST
Reik: Thanks for the "me too" :) 

Yes, I have a *lot* of tabs open, in many windows.. that might be related, yes.

I've noticed this particular URL will crash my firefox *often*:
https://www.paypal.com/signin/?country.x=FI&locale.x=en_FI

Most of the times when I go to that url, I get a firefox crash..
Comment 32 Reik Red 2015-12-04 04:03:08 EST
Pasi: I tried your paypal link in one of my other firefox instances. It warps from the Finnoish site to the US site and I can login in, No crash. This instance has 5 windows and 304 tabs at the moment (note to self: profile1).
Comment 33 Reik Red 2015-12-23 16:11:49 EST
Executive summary: Was able to get ebay/paypal to trigger the bug by making a purchase.

Long version: 

I split my previously mentioned 1312 tab session into two unequal halves (13 + 12 windows), one with 973 tabs and the other with 369 tabs. (I used the session manager extension, loaded full session, quickly closed about half the windows, saved the session, repeat from full session, with the other half of the windows being closed, save again. Then I could run each half session at will).

After this, 1st half ran stable for a long time, and so did 2nd half. BUT then something very interesting happened. I added a tab to buy something at ebay, and I used paypal to pay. At the exact moment I pressed BUY, firefox crashed.

So, yes, I think we have confirmation that, just as Pasi has said above, that paypal/ebay has something to do with triggering the bug.

Here is the crash report:

https://crash-stats.mozilla.com/report/index/68609338-dd1e-4f07-8ee9-71e1f2151223

In this crash, there was no error messages about the plugin container, as far as I could see in my xterm where I had started firefox. I copied all error messages (lots of them) and searched for the word plugin, no matches.
Comment 34 Pasi Karkkainen 2016-01-01 16:20:12 EST
It seems F22 build of latest Firefox 43 crashes aswell when plugin-container/flash crashes.. so the bug is still in gtk3 build of Firefox 43.
Comment 35 Reik Red 2016-01-07 01:20:20 EST
Pasi, do you know if it is possible to get a relevant firefox 43.0 (say) that was compiled with cc -g (or whatever they call it these days) debug options set? Then we could look at a coredump with gdb and perhaps see what caused the segfault?

It appears that nobody is interested in analyzing the crash data we already sent out...this stuff is a bit beyond my capability.
Comment 36 Martin Stransky 2016-01-07 04:48:37 EST
(In reply to Reik Red from comment #33)
> After this, 1st half ran stable for a long time, and so did 2nd half. BUT
> then something very interesting happened. I added a tab to buy something at
> ebay, and I used paypal to pay. At the exact moment I pressed BUY, firefox
> crashed.
> 
> So, yes, I think we have confirmation that, just as Pasi has said above,
> that paypal/ebay has something to do with triggering the bug.
> 
> Here is the crash report:
> 
> https://crash-stats.mozilla.com/report/index/68609338-dd1e-4f07-8ee9-
> 71e1f2151223

Folks, there are various crash reports together. This one is clear, it's crash here:

http://hg.mozilla.org/releases/mozilla-release/annotate/e2f9a0ed50bc/security/manager/ssl/nsSDR.cpp#l309

Kai, any idea how to handle this one? Thanks.
Comment 37 Pasi Karkkainen 2016-02-11 06:06:37 EST
Btw now there has been activity in the upstream Mozilla bugzilla, and it seems the issue for the Firefox crashes has been identified/fixed:

https://bugzilla.mozilla.org/show_bug.cgi?id=1205199
Comment 38 Martin Stransky 2016-02-11 08:19:21 EST
Added to Firefox-44.0.2-3 for Fedora.
Comment 39 Fedora Update System 2016-02-11 15:54:36 EST
firefox-44.0.2-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1d8f67dc76
Comment 40 Fedora Update System 2016-02-11 15:54:36 EST
firefox-44.0.2-3.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8794abe899
Comment 41 Fedora Update System 2016-02-12 08:51:17 EST
firefox-44.0.2-3.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8794abe899
Comment 42 Reik Red 2016-02-13 12:30:35 EST
I installed firefox-44.0.2 on fedora fc19/x64. So far so good, after about 24 hrs. There have been no crashes in the previously crash-prone profile and set of tabs. What are you seeing, Pasi?
Comment 43 Fedora Update System 2016-02-14 11:22:56 EST
firefox-44.0.2-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1d8f67dc76
Comment 44 Fedora Update System 2016-02-14 21:49:47 EST
firefox-44.0.2-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 45 Fedora Update System 2016-02-16 23:18:25 EST
firefox-44.0.2-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.