Bug 242370 - Firefox segfaults on closing.
Summary: Firefox segfaults on closing.
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 7
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Gecko Maintainer
QA Contact:
: 244540 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2007-06-03 19:28 UTC by Ashish Shukla
Modified: 2018-04-11 08:37 UTC (History)
9 users (show)

Clone Of:
Last Closed: 2007-07-16 17:02:22 UTC

Attachments (Terms of Use)
strace firefox (76.64 KB, application/x-bzip)
2007-06-03 19:28 UTC, Ashish Shukla
no flags Details
ltrace -C -p `/sbin/pidof firefox-bin` (11.72 KB, text/plain)
2007-06-03 19:30 UTC, Ashish Shukla
no flags Details
backtrace of Firefox core file (2.13 KB, text/plain)
2007-06-28 23:46 UTC, James Ralston
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 383977 None None None Never

Description Ashish Shukla 2007-06-03 19:28:40 UTC
Description of problem:
Firefox causes a segmentation fault.

Version-Release number of selected component (if applicable):

How reproducible:
Reproducible everytime.

Steps to Reproduce:
1. Start Firefox.
2. Close the Firefox instance.
Actual results:
Segmentation Fault.

Expected results:
Clean shutdown of Firefox.

Additional info:
Stack trace from gdb by attaching to the 'firefox-bin' process:

#0  0x00000030dca3c12b in PL_DHashTableOperate () from
#1  0x00000030dca41f53 in __cxa_pure_virtual () from
#2  0x00000030dca41f93 in __cxa_pure_virtual () from
#3  0x00002aaab179e9e6 in __cxa_pure_virtual () from
#4  0x00002aaab179e83f in __cxa_pure_virtual () from
#5  0x00002aaab17a7bfc in __cxa_pure_virtual () from
#6  0x00002aaab17a891a in __cxa_pure_virtual () from
#7  0x00002aaab039142c in __cxa_pure_virtual () from
#8  0x00002aaab26e83db in __cxa_pure_virtual () from
#9  0x00000030c903bc50 in __cxa_pure_virtual () from
#10 0x00000030c90222d2 in __cxa_pure_virtual () from
#11 0x00002aaab0394028 in __cxa_pure_virtual () from
#12 0x00002aaab0393bba in __cxa_pure_virtual () from
#13 0x00002aaab0393cd1 in __cxa_pure_virtual () from
#14 0x00002aaab0393d5a in __cxa_pure_virtual () from
#15 0x00000030dce13d9d in __cxa_pure_virtual () from /usr/lib64/libnspr4.so
#16 0x00000030dce26a21 in __cxa_pure_virtual () from /usr/lib64/libnspr4.so
#17 0x00000030dce26afe in __cxa_pure_virtual () from /usr/lib64/libnspr4.so
#18 0x00000030dce0ce82 in __cxa_pure_virtual () from /usr/lib64/libnspr4.so
#19 0x00007fff417e8c90 in ?? ()
#20 0x00000030dce2a771 in _fini () from /usr/lib64/libnspr4.so
#21 0x0000000000000000 in ?? ()

Attaching the output of 'strace firefox' and 'ltrace -C -p `/sbin/pidof

Comment 1 Ashish Shukla 2007-06-03 19:28:40 UTC
Created attachment 156029 [details]
strace firefox

Comment 2 Ashish Shukla 2007-06-03 19:30:10 UTC
Created attachment 156030 [details]
ltrace -C -p `/sbin/pidof firefox-bin`

'ltrace' output obtained by attaching to 'firefox-bin' process.

Comment 3 Ashish Shukla 2007-06-05 10:02:07 UTC
I've just upgraded to "firefox-" and this version of Firefox also
segfaults on closing.

Comment 4 Christopher Aillon 2007-06-05 15:06:41 UTC
Kai, is this related to the NSPR threading changes?

Comment 5 Kai Engert (:kaie) (inactive account) 2007-06-06 18:16:44 UTC
This might be related to the NSPR thread cleanup.
We can see from
  #20 0x00000030dce2a771 in _fini () from /usr/lib64/libnspr4.so
that the crash is triggered while NSPR tries to clean up.

I wish I were able to reproduce this crash.

I installed a Xen Fedora 7 x86_64 guest system.
I uninstalled firefox.i386
I tried with original firefox as shipped
I tried with the latest available update package.

But I never crash on exit.

Ashish, does a simple "startup and exit" trigger the crash?
Or do you crash only after having used the browser?

Ashish, do you crash with a clean empty profile?
you can use 
  firefox -ProfileManager
to create a new profile.


Comment 6 Ashish Shukla 2007-06-06 19:04:15 UTC
I've tried with an clean profile and it didn't segfaulted. So, it seems, there
are problems with extensions I'm using. If this bug report is still eligible for
troubleshooting, I'm running following extensions:

DOM Inspector
Mugshot 0.1

Adblock Plus
CustomizeGoogle 0.60
Deepest Sender 0.8.0
FireFTP 0.96.4
Torbutton 1.0.4
User Agent Switcher 0.6.10

System-wide extensions are available in both profiles, whereas user-wide aren't.

Comment 7 Ashish Shukla 2007-06-06 19:06:28 UTC
And yes, simple "startup and exit" trigger the crash.

Comment 8 Christopher Aillon 2007-06-06 19:21:23 UTC
Think you could help us figure which one is crashing?  Install one, see if you
get the crash.  Repeat until you get the crash.

Comment 9 Kai Engert (:kaie) (inactive account) 2007-06-06 19:42:18 UTC
Ashish, I have you haven't yet, you could install the

You might have to edit files

In both files you'll find sections fedora-debuginfo or updates-debuginfo,
respectively. After setting
you should be able to install the above packages.

This would allow you to get better stack trace of the crash.

Comment 10 Ashish Shukla 2007-06-06 20:01:46 UTC
In the clean profile, I downloaded extensions (Adblock Plus, xmpp4moz, FireFTP
and Flashblock) one by one, resulting in segfaulting of Firefox when Firefox is
restarted during post-installation of extension.

Then after installation of all above extensions Firefox stopped segfaulting in
simple "startup and exit" test.

Now when I restarted Firefox, and opened "Add-ons" dialog box, closed the dialog
box and closed the Firefox, it segfaulted again. I started removing extension
one by one leaving only "xmpp4moz", and it segfaulted on every exit after
removal of every extension.

When the last extension "xmpp4moz" is left, I restarted Firefox, opened
"Add-ons" dialog box, close the dialog box, and then closed the Firefox, it
segfaulted again.

I restarted Firefox, and this time immediately closed it as in simple "startup
and exit" test, no segfault this time.

I again restarted Firefox. Opened "Add-ons" dialog box. Closed "Add-ons" dialog
box. Closed Firefox. It segfaulted this time.

After this, I restarted Firefox, disabled "xmpp4moz" extension from "Add-ons"
dialog box. And close Firefox, it segfaulted again.

Now again, I restarted Firefox, opened "Add-ons" dialog box. "xmpp4moz"
extension is disabled already. And closed the dialog box and  the Firefox. No
segfault this time.

So, I concluded that xmpp4moz is the extension to be blamed, and it does this
only when "Add-ons" dialog box is opened. Though I'm not sure, but it seems,
when "Add-ons" dialog box is loaded, Firefox executes some introspection code
for each extension for retrieving some properties of extensions like Authors,
Version, preferences, etc. And when that code is invoked for "xmpp4moz" it does
something which cause Firefox to segfault later. This is just a guess.

Anyways, I'm on 128 Kbps connection so it will take 45-60 minutes to install
these '*-debuginfo' packages, so will reply then.

Comment 11 Ashish Shukla 2007-06-06 21:03:41 UTC
Backtrace obtained by attaching gdb to the running Firefox process.

(gdb) bt
#0  0x00000035b483c12b in PL_DHashTableOperate (table=0x35b4ad3420, 
    key=0x125bdbc, op=PL_DHASH_REMOVE) at pldhash.c:547
#1  0x00000035b4841f53 in ~AtomImpl (this=<value optimized out>)
    at nsAtomTable.cpp:298
#2  0x00000035b4841f93 in AtomImpl::Release (this=0x125bdb0)
    at nsAtomTable.cpp:307
#3  0x00002aaab15109e6 in ~Entry (this=0xb52160) at nsNameSpaceMap.h:56
#4  0x00002aaab151083f in ~nsNameSpaceMap (this=0x1404650)
    at nsNameSpaceMap.cpp:57
#5  0x00002aaab1519bfc in ~RDFXMLDataSourceImpl (this=0x14045f0)
    at nsRDFXMLDataSource.cpp:537
#6  0x00002aaab151a91a in RDFXMLDataSourceImpl::Release (this=0x35b4ad3420)
    at nsRDFXMLDataSource.cpp:540
#7  0x00002aaab039142c in XPCJSRuntime::GCCallback (cx=0x2aaab451ad30, 
    status=JSGC_END) at xpcjsruntime.cpp:587
#8  0x00002aaab245a3db in DOMGCCallback (cx=0x35b4ad3420, status=JSGC_END)
    at nsJSEnvironment.cpp:2269
#9  0x00000035b503bc50 in js_GC (cx=0x2aaab451ad30, gckind=GC_NORMAL)
    at jsgc.c:3177
#10 0x00000035b50222d2 in js_DestroyContext (cx=0x2aaab451ad30, 
    mode=JSDCM_FORCE_GC) at jscntxt.c:409
#11 0x00002aaab0394028 in ~XPCJSContextStack (this=0x71ede0)
    at xpcthreadcontext.cpp:61
---Type <return> to continue, or q <return> to quit---
#12 0x00002aaab0393bba in XPCPerThreadData::Cleanup (this=0x71ed70)
    at xpcthreadcontext.cpp:407
#13 0x00002aaab0393cd1 in ~XPCPerThreadData (this=0x35b4ad3420)
    at xpcthreadcontext.cpp:416
#14 0x00002aaab0393d5a in xpc_ThreadDataDtorCB (ptr=0x71ed70)
    at xpcthreadcontext.cpp:451
#15 0x000000301ae13d9d in _PR_DestroyThreadPrivate (self=0x624a20)
    at ../mozilla/nsprpub/pr/src/threads/prtpd.c:265
#16 0x000000301ae26a21 in _pt_thread_death (arg=<value optimized out>)
    at ../mozilla/nsprpub/pr/src/pthreads/ptthread.c:815
#17 0x000000301ae26afe in _PR_Fini ()
    at ../mozilla/nsprpub/pr/src/pthreads/ptthread.c:944
#18 0x000000301ae0ce82 in __do_global_dtors_aux () from /usr/lib64/libnspr4.so
#19 0x00007fff397dfc80 in ?? ()
#20 0x000000301ae2a771 in _fini () from /usr/lib64/libnspr4.so
#21 0x0000000000000000 in ?? ()

Comment 12 Ashish Shukla 2007-06-06 21:09:49 UTC
Backtrace of segfault obtained by attaching gdb to the Firefox (running with
clean profile + only xmpp4moz 'user-wide extension' enabled + "Add-Ons" dialog
box shown)

(gdb) bt
#0  0x00000035b483c12b in PL_DHashTableOperate (table=0x35b4ad3420, 
    key=0x15280ac, op=PL_DHASH_REMOVE) at pldhash.c:547
#1  0x00000035b4841f53 in ~AtomImpl (this=<value optimized out>)
    at nsAtomTable.cpp:298
#2  0x00000035b4841f93 in AtomImpl::Release (this=0x15280a0)
    at nsAtomTable.cpp:307
#3  0x00002aaab15109e6 in ?? ()
#4  0x00007fff537813c0 in ?? ()
#5  0x0000000001528100 in ?? ()
#6  0x000000000151f390 in ?? ()
#7  0x00002aaab151083f in ?? ()
#8  0x000000000151f370 in ?? ()
#9  0x000000000151f330 in ?? ()
#10 0x000000000151f370 in ?? ()
#11 0x00002aaab1519bfc in ?? ()
#12 0x000000000071b670 in ?? ()
#13 0x0000000000000000 in ?? ()

Comment 13 Matěj Cepl 2007-06-12 00:47:56 UTC
Isn't this xmpp4moz bug then? (BTW, I really like the idea of this project)

Comment 16 James Ralston 2007-06-28 23:46:00 UTC
Created attachment 158174 [details]
backtrace of Firefox core file

I'm seeing segfaults-on-exit as well, and I don't have the xmpp4moz extension
installed.  So, I don't think this is a bug with xmpp4moz.

My backtrace (attached) is virtually identical.

The highest-level frame I can list from that backtrace is frame 17:

(gdb) frame 17
#17 0x00002aaab057dd5a in xpc_ThreadDataDtorCB (ptr=0x71c6c0) at
451		delete data;

(gdb) list
447	xpc_ThreadDataDtorCB(void* ptr)
448	{
449	    XPCPerThreadData* data = (XPCPerThreadData*) ptr;
450	    if(data)
451		delete data;
452	}
454	void XPCPerThreadData::MarkAutoRootsBeforeJSFinalize(JSContext* cx)
455	{

This looks like a theading bug of some sort.

Comment 17 James Ralston 2007-06-28 23:49:46 UTC
Also, bug 244540 is almost certainly reporting the same problem.

Comment 18 James Ralston 2007-06-28 23:56:03 UTC
Furthermore, I don't see the crash-on-exit every time.  If I just start Firefox
and quit, I rarely (never?) see it.  I only see the crash-on-exit if I've given
Firefox a "workout".

Comment 19 Kai Engert (:kaie) (inactive account) 2007-07-06 22:58:09 UTC
*** Bug 244540 has been marked as a duplicate of this bug. ***

Comment 20 Kai Engert (:kaie) (inactive account) 2007-07-06 23:02:31 UTC
I produced updated NSPR packages that should show up soon in the updates-testing
channel for FC6 and F7: nspr-4.6.7-0.7.1.fc7 and nspr-4.6.7-0.6.1.fc6

If you are able to reproduce the crash, I would like to encourage you to install
the updates-testing package and report in this bug whether it fixes the crash.

Thanks in advance for your help.

Comment 21 Fedora Update System 2007-07-09 15:45:27 UTC
nspr-4.6.7-0.7.1.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2007-07-16 17:02:01 UTC
nspr-4.6.7-0.7.1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 James Ralston 2007-07-16 18:07:25 UTC
After a few days, I can say that I haven't seen any crashes since I updated to
nspr-4.6.7-0.7.1.fc7, for either i386 or x86_64.

Comment 24 Matěj Cepl 2010-01-03 23:09:34 UTC
*** Bug 551750 has been marked as a duplicate of this bug. ***

Comment 25 Matěj Cepl 2010-01-03 23:09:34 UTC
*** Bug 552077 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.