Description of problem: The Fedora abrt handler is helpless because the image dump is too large, apparently. I installed all of the debuginfo for Firefox, disabled abrt-ccpp and got a stack trace, which I ran through c++filt: Apr 05 11:08:05 felis systemd-coredump[3864]: Process 3773 (firefox) of user 1000 dumped core. Stack trace of thread 3773: #0 0x00007fe25e09ab09 raise (libpthread.so.0) #1 0x00007fe2501dd8c3 nsProfileLock::FatalSignalHandler(int, siginfo_t*, void*) (libxul.so) #2 0x00007fe25e09ac30 __restore_rt (libpthread.so.0) #3 0x00007fe250827ed8 void DispatchToTracer<JSObject*>(JSTracer*, JSObject**, char const*) (libxul.so) #4 0x00007fe25080c96e js::frontend::ObjectBox::trace(JSTracer*) (libxul.so) #5 0x00007fe25082949b JS::AutoGCRooter::trace(JSTracer*) (libxul.so) #6 0x00007fe250829668 js::gc::GCRuntime::markRuntime(JSTracer*, js::gc::GCRuntime::TraceOrMarkRuntime) (libxul.so) #7 0x00007fe25061c6b0 js::gc::GCRuntime::beginMarkPhase(JS::gcreason::Reason) (libxul.so) #8 0x00007fe25061e1d7 js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason) (libxul.so) #9 0x00007fe25061efba js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason) (libxul.so) #10 0x00007fe25061f3ad js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason) (libxul.so) #11 0x00007fe25061f7b7 js::gc::GCRuntime::startGC(JSGCInvocationKind, JS::gcreason::Reason, long) (libxul.so) #12 0x00007fe25061f9aa js::gc::GCRuntime::gcIfRequested(JSContext*) (libxul.so) #13 0x00007fe25080e265 js::gc::GCRuntime::gcIfNeededPerAllocation(JSContext*) (libxul.so) #14 0x00007fe250818f61 bool js::gc::GCRuntime::checkAllocatorState<(js::AllowGC)1>(JSContext*, js::gc::AllocKind) (libxul.so) #15 0x00007fe250641aaa JSObject::create(js::ExclusiveContext*, js::gc::AllocKind, js::gc::InitialHeap, JS::Handle<js::Shape*>, JS::Handle<js::ObjectGroup*>) (libxul.so) #16 0x00007fe250642181 js::NewObjectWithGivenTaggedProto(js::ExclusiveContext*, js::Class const*, JS::Handle<js::TaggedProto>, js::gc::AllocKind, js::NewObjectKind, unsigned int) (libxul.so) #17 0x00007fe2507260ac js::StaticBlockObject* js::NewObjectWithGivenTaggedProto<js::StaticBlockObject>(js::ExclusiveContext*, JS::Handle<js::TaggedProto>, js::NewObjectKind, unsigned int) (libxul.so) #18 0x00007fe250866185 js::frontend::Parser<js::frontend::FullParseHandler>::pushLexicalScope(js::frontend::Parser<js::frontend::FullParseHandler>::AutoPushStmtInfoPC&) (libxul.so) #19 0x00007fe2508858f0 js::frontend::Parser<js::frontend::FullParseHandler>::evalBody() (libxul.so) #20 0x00007fe2507fddc5 BytecodeCompiler::compileScript(JS::Handle<JSObject*>, JS::Handle<JSScript*>) (libxul.so) #21 0x00007fe2507fe1cb js::frontend::CompileScript(js::ExclusiveContext*, js::LifoAlloc*, JS::Handle<JSObject*>, JS::Handle<js::ScopeObject*>, JS::Handle<JSScript*>, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&, JSString*, js::SourceCompressionTask*, js::ScriptSourceObject**) (libxul.so) #22 0x00007fe250516c91 EvalKernel (libxul.so) #23 0x00007fe25051724c js::DirectEval(JSContext*, JS::CallArgs const&) (libxul.so) #24 0x00007fe2506ff763 Interpret (libxul.so) #25 0x00007fe25070b605 js::RunScript(JSContext*, js::RunState&) (libxul.so) #26 0x00007fe25070b9e7 js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (libxul.so) #27 0x00007fe25070c27d js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) (libxul.so) #28 0x00007fe25070dcb5 js::InvokeGetter(JSContext*, JS::Value const&, JS::Value, JS::MutableHandle<JS::Value>) (libxul.so) #29 0x00007fe25070df58 GetExistingProperty<(js::AllowGC)1u> (libxul.so) #30 0x00007fe25070e915 js::GetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) (libxul.so) #31 0x00007fe2506fe418 GetPropertyOperation (libxul.so) #32 0x00007fe25070b605 js::RunScript(JSContext*, js::RunState&) (libxul.so) #33 0x00007fe25070b9e7 js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (libxul.so) #34 0x00007fe2505fba45 js::fun_call(JSContext*, unsigned int, JS::Value*) (libxul.so) #35 0x00007fe25061258b js::fun_apply(JSContext*, unsigned int, JS::Value*) (libxul.so) #36 0x00007fe25070bab0 js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) (libxul.so) #37 0x00007fe250706395 Interpret (libxul.so) #38 0x00007fe25070b605 js::RunScript(JSContext*, js::RunState&) (libxul.so) #39 0x00007fe25070b9e7 js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (libxul.so) #40 0x00007fe25070c27d js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) (libxul.so) #41 0x00007fe25067ea55 js::DirectProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const (libxul.so) #42 0x00007fe25068109d js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const (libxul.so) #43 0x00007fe250684334 js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) (libxul.so) #44 0x00007fe25070bbcd js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) (libxul.so) #45 0x00007fe25070c27d js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) (libxul.so) #46 0x00007fe2505b1866 JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (libxul.so) #47 0x00007fe24edf2017 nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) (libxul.so) #48 0x00007fe24e9ce3b4 PrepareAndDispatch (libxul.so) #49 0x00007fe24e9cd915 SharedStub (libxul.so) Version-Release number of selected component (if applicable): $ firefox -v Mozilla Firefox 45.0.1 $ rpm -q firefox firefox-45.0.1-4.fc24.x86_64 How reproducible: With my current profile and crash state, it offers to restore the windows and crashes every time. Note that it was working yesterday and I expect that if I do not restore my previous session, it will work again. Steps to Reproduce: 1. Open Firefox, accept offer to restore my previous session. 2. Firefox opens, loads tabs, thinks for about 5 seconds and crashes. If anyone knows where the file is I could try uploading my tab list, although it might depend on my particular user logins as well.
Does it crashes when you don't restore the session? The session data are stored in places.sqlite in your profile but it's unpractical to handle it here as it contains your complete browsing history.
It does not crash right away when I start with an empty session. It also runs for longer when I disable all plugins. However, it does still crash eventually, with the same looking stack trace. I believe it is a memory usage problem. It seems to happen especially after using Google apps like Inbox or Plus for a while. This doesn't happen to me with Firefox on Windows, so I am guessing it is something specific to the Fedora 24 build process (built with new GCC version?) or perhaps the GUI libraries. The bug may not be in the GC code at all, but just memory corruption that gets revealed by the GC code.
firefox-45.0.2-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-cebfb38250
firefox-45.0.2-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-cebfb38250
firefox-45.0.2-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.