Description of problem: Firefox causes a segmentation fault. Version-Release number of selected component (if applicable): firefox-2.0.0.4-1.fc7 How reproducible: Reproducible everytime. Steps to Reproduce: 1. Start Firefox. 2. Close the Firefox instance. 3. Actual results: Segmentation Fault. Expected results: Clean shutdown of Firefox. Additional info: Stack trace from gdb by attaching to the 'firefox-bin' process: #0 0x00000030dca3c12b in PL_DHashTableOperate () from /usr/lib64/firefox-2.0.0.4/libxpcom_core.so #1 0x00000030dca41f53 in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/libxpcom_core.so #2 0x00000030dca41f93 in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/libxpcom_core.so #3 0x00002aaab179e9e6 in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/librdf.so #4 0x00002aaab179e83f in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/librdf.so #5 0x00002aaab17a7bfc in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/librdf.so #6 0x00002aaab17a891a in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/librdf.so #7 0x00002aaab039142c in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/libxpconnect.so #8 0x00002aaab26e83db in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/libgklayout.so #9 0x00000030c903bc50 in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/libmozjs.so #10 0x00000030c90222d2 in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/libmozjs.so #11 0x00002aaab0394028 in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/libxpconnect.so #12 0x00002aaab0393bba in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/libxpconnect.so #13 0x00002aaab0393cd1 in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/libxpconnect.so #14 0x00002aaab0393d5a in __cxa_pure_virtual () from /usr/lib64/firefox-2.0.0.4/components/libxpconnect.so #15 0x00000030dce13d9d in __cxa_pure_virtual () from /usr/lib64/libnspr4.so #16 0x00000030dce26a21 in __cxa_pure_virtual () from /usr/lib64/libnspr4.so #17 0x00000030dce26afe in __cxa_pure_virtual () from /usr/lib64/libnspr4.so #18 0x00000030dce0ce82 in __cxa_pure_virtual () from /usr/lib64/libnspr4.so #19 0x00007fff417e8c90 in ?? () #20 0x00000030dce2a771 in _fini () from /usr/lib64/libnspr4.so #21 0x0000000000000000 in ?? () Attaching the output of 'strace firefox' and 'ltrace -C -p `/sbin/pidof firefox-bin`'
Created attachment 156029 [details] strace firefox
Created attachment 156030 [details] ltrace -C -p `/sbin/pidof firefox-bin` 'ltrace' output obtained by attaching to 'firefox-bin' process.
I've just upgraded to "firefox-2.0.0.4-2.fc7" and this version of Firefox also segfaults on closing.
Kai, is this related to the NSPR threading changes?
This might be related to the NSPR thread cleanup. We can see from #20 0x00000030dce2a771 in _fini () from /usr/lib64/libnspr4.so that the crash is triggered while NSPR tries to clean up. I wish I were able to reproduce this crash. I installed a Xen Fedora 7 x86_64 guest system. I uninstalled firefox.i386 I tried with original firefox as shipped I tried with the latest available update package. But I never crash on exit. Ashish, does a simple "startup and exit" trigger the crash? Or do you crash only after having used the browser? Ashish, do you crash with a clean empty profile? you can use firefox -ProfileManager to create a new profile. Thanks
I've tried with an clean profile and it didn't segfaulted. So, it seems, there are problems with extensions I'm using. If this bug report is still eligible for troubleshooting, I'm running following extensions: System-wide ------------ DOM Inspector 1.8.1.4 Mugshot 0.1 User-wide ---------- Adblock Plus 0.7.5.1 CustomizeGoogle 0.60 Deepest Sender 0.8.0 FireFTP 0.96.4 Flashblock 1.5.3.1 JabBar 0.2.0.2007012622 JabBiff 0.2.0.2007012622 SamePlace 0.6.0.2007040122 Torbutton 1.0.4 User Agent Switcher 0.6.10 XMPP4Moz 0.4.2.2007040121 System-wide extensions are available in both profiles, whereas user-wide aren't.
And yes, simple "startup and exit" trigger the crash.
Think you could help us figure which one is crashing? Install one, see if you get the crash. Repeat until you get the crash.
Ashish, I have you haven't yet, you could install the firefox-debuginfo nspr-debuginfo nss-debuginfo packages. You might have to edit files /etc/yum.repos.d/fedora-updates.repo and /etc/yum.repos.d/fedora.repo In both files you'll find sections fedora-debuginfo or updates-debuginfo, respectively. After setting enabled=1 you should be able to install the above packages. This would allow you to get better stack trace of the crash. Thanks!
In the clean profile, I downloaded extensions (Adblock Plus, xmpp4moz, FireFTP and Flashblock) one by one, resulting in segfaulting of Firefox when Firefox is restarted during post-installation of extension. Then after installation of all above extensions Firefox stopped segfaulting in simple "startup and exit" test. Now when I restarted Firefox, and opened "Add-ons" dialog box, closed the dialog box and closed the Firefox, it segfaulted again. I started removing extension one by one leaving only "xmpp4moz", and it segfaulted on every exit after removal of every extension. When the last extension "xmpp4moz" is left, I restarted Firefox, opened "Add-ons" dialog box, close the dialog box, and then closed the Firefox, it segfaulted again. I restarted Firefox, and this time immediately closed it as in simple "startup and exit" test, no segfault this time. I again restarted Firefox. Opened "Add-ons" dialog box. Closed "Add-ons" dialog box. Closed Firefox. It segfaulted this time. After this, I restarted Firefox, disabled "xmpp4moz" extension from "Add-ons" dialog box. And close Firefox, it segfaulted again. Now again, I restarted Firefox, opened "Add-ons" dialog box. "xmpp4moz" extension is disabled already. And closed the dialog box and the Firefox. No segfault this time. So, I concluded that xmpp4moz is the extension to be blamed, and it does this only when "Add-ons" dialog box is opened. Though I'm not sure, but it seems, when "Add-ons" dialog box is loaded, Firefox executes some introspection code for each extension for retrieving some properties of extensions like Authors, Version, preferences, etc. And when that code is invoked for "xmpp4moz" it does something which cause Firefox to segfault later. This is just a guess. Anyways, I'm on 128 Kbps connection so it will take 45-60 minutes to install these '*-debuginfo' packages, so will reply then.
Backtrace obtained by attaching gdb to the running Firefox process. (gdb) bt #0 0x00000035b483c12b in PL_DHashTableOperate (table=0x35b4ad3420, key=0x125bdbc, op=PL_DHASH_REMOVE) at pldhash.c:547 #1 0x00000035b4841f53 in ~AtomImpl (this=<value optimized out>) at nsAtomTable.cpp:298 #2 0x00000035b4841f93 in AtomImpl::Release (this=0x125bdb0) at nsAtomTable.cpp:307 #3 0x00002aaab15109e6 in ~Entry (this=0xb52160) at nsNameSpaceMap.h:56 #4 0x00002aaab151083f in ~nsNameSpaceMap (this=0x1404650) at nsNameSpaceMap.cpp:57 #5 0x00002aaab1519bfc in ~RDFXMLDataSourceImpl (this=0x14045f0) at nsRDFXMLDataSource.cpp:537 #6 0x00002aaab151a91a in RDFXMLDataSourceImpl::Release (this=0x35b4ad3420) at nsRDFXMLDataSource.cpp:540 #7 0x00002aaab039142c in XPCJSRuntime::GCCallback (cx=0x2aaab451ad30, status=JSGC_END) at xpcjsruntime.cpp:587 #8 0x00002aaab245a3db in DOMGCCallback (cx=0x35b4ad3420, status=JSGC_END) at nsJSEnvironment.cpp:2269 #9 0x00000035b503bc50 in js_GC (cx=0x2aaab451ad30, gckind=GC_NORMAL) at jsgc.c:3177 #10 0x00000035b50222d2 in js_DestroyContext (cx=0x2aaab451ad30, mode=JSDCM_FORCE_GC) at jscntxt.c:409 #11 0x00002aaab0394028 in ~XPCJSContextStack (this=0x71ede0) at xpcthreadcontext.cpp:61 ---Type <return> to continue, or q <return> to quit--- #12 0x00002aaab0393bba in XPCPerThreadData::Cleanup (this=0x71ed70) at xpcthreadcontext.cpp:407 #13 0x00002aaab0393cd1 in ~XPCPerThreadData (this=0x35b4ad3420) at xpcthreadcontext.cpp:416 #14 0x00002aaab0393d5a in xpc_ThreadDataDtorCB (ptr=0x71ed70) at xpcthreadcontext.cpp:451 #15 0x000000301ae13d9d in _PR_DestroyThreadPrivate (self=0x624a20) at ../mozilla/nsprpub/pr/src/threads/prtpd.c:265 #16 0x000000301ae26a21 in _pt_thread_death (arg=<value optimized out>) at ../mozilla/nsprpub/pr/src/pthreads/ptthread.c:815 #17 0x000000301ae26afe in _PR_Fini () at ../mozilla/nsprpub/pr/src/pthreads/ptthread.c:944 #18 0x000000301ae0ce82 in __do_global_dtors_aux () from /usr/lib64/libnspr4.so #19 0x00007fff397dfc80 in ?? () #20 0x000000301ae2a771 in _fini () from /usr/lib64/libnspr4.so #21 0x0000000000000000 in ?? ()
Backtrace of segfault obtained by attaching gdb to the Firefox (running with clean profile + only xmpp4moz 'user-wide extension' enabled + "Add-Ons" dialog box shown) (gdb) bt #0 0x00000035b483c12b in PL_DHashTableOperate (table=0x35b4ad3420, key=0x15280ac, op=PL_DHASH_REMOVE) at pldhash.c:547 #1 0x00000035b4841f53 in ~AtomImpl (this=<value optimized out>) at nsAtomTable.cpp:298 #2 0x00000035b4841f93 in AtomImpl::Release (this=0x15280a0) at nsAtomTable.cpp:307 #3 0x00002aaab15109e6 in ?? () #4 0x00007fff537813c0 in ?? () #5 0x0000000001528100 in ?? () #6 0x000000000151f390 in ?? () #7 0x00002aaab151083f in ?? () #8 0x000000000151f370 in ?? () #9 0x000000000151f330 in ?? () #10 0x000000000151f370 in ?? () #11 0x00002aaab1519bfc in ?? () #12 0x000000000071b670 in ?? () #13 0x0000000000000000 in ?? ()
Isn't this xmpp4moz bug then? (BTW, I really like the idea of this project)
Created attachment 158174 [details] backtrace of Firefox core file I'm seeing segfaults-on-exit as well, and I don't have the xmpp4moz extension installed. So, I don't think this is a bug with xmpp4moz. My backtrace (attached) is virtually identical. The highest-level frame I can list from that backtrace is frame 17: (gdb) frame 17 #17 0x00002aaab057dd5a in xpc_ThreadDataDtorCB (ptr=0x71c6c0) at xpcthreadcontext.cpp:451 451 delete data; (gdb) list 446 PR_STATIC_CALLBACK(void) 447 xpc_ThreadDataDtorCB(void* ptr) 448 { 449 XPCPerThreadData* data = (XPCPerThreadData*) ptr; 450 if(data) 451 delete data; 452 } 453 454 void XPCPerThreadData::MarkAutoRootsBeforeJSFinalize(JSContext* cx) 455 { This looks like a theading bug of some sort.
Also, bug 244540 is almost certainly reporting the same problem.
Furthermore, I don't see the crash-on-exit every time. If I just start Firefox and quit, I rarely (never?) see it. I only see the crash-on-exit if I've given Firefox a "workout".
*** Bug 244540 has been marked as a duplicate of this bug. ***
I produced updated NSPR packages that should show up soon in the updates-testing channel for FC6 and F7: nspr-4.6.7-0.7.1.fc7 and nspr-4.6.7-0.6.1.fc6 If you are able to reproduce the crash, I would like to encourage you to install the updates-testing package and report in this bug whether it fixes the crash. Thanks in advance for your help.
nspr-4.6.7-0.7.1.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
nspr-4.6.7-0.7.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
After a few days, I can say that I haven't seen any crashes since I updated to nspr-4.6.7-0.7.1.fc7, for either i386 or x86_64.
*** Bug 551750 has been marked as a duplicate of this bug. ***
*** Bug 552077 has been marked as a duplicate of this bug. ***