Description of problem: More or less often firefox crashes on a VIA EPIA with 800 MHz CentaurHauls CPU. Version-Release number of selected component (if applicable): firefox-2.0.0.10-3.fc8 kernel-2.6.23.14-107.fc8 How reproducible: Often, after loading more complex web sites Backtrace: Core was generated by `/usr/lib/firefox-2.0.0.10/firefox-bin -UILocale de'. Program terminated with signal 11, Segmentation fault. #0 0x0012d402 in __kernel_vsyscall () (gdb) bt #0 0x0012d402 in __kernel_vsyscall () #1 0x00319891 in raise () from /lib/libpthread.so.0 #2 0x08059992 in ?? () #3 <signal handler called> #4 0x00160ba5 in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so #5 0x00179c7b in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so #6 0x0016383c in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so #7 0x0016840b in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so #8 0x00170f1d in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so #9 0x0013bafd in JS_EvaluateUCScriptForPrincipals () from /usr/lib/firefox-2.0.0.10/libmozjs.so #10 0x01a2e332 in ?? () from /usr/lib/firefox-2.0.0.10/components/libgklayout.so #11 0x01a35113 in ?? () from /usr/lib/firefox-2.0.0.10/components/libgklayout.so #12 0x01a455c5 in ?? () from /usr/lib/firefox-2.0.0.10/components/libgklayout.so #13 0x00255223 in ?? () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so #14 0x002552e4 in ?? () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so #15 0x00250f8d in PL_HandleEvent () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so #16 0x00251216 in PL_ProcessPendingEvents () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so #17 0x00252a6f in ?? () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so #18 0x07dda452 in ?? () from /usr/lib/firefox-2.0.0.10/components/libwidget_gtk2.so #19 0x009b38ad in ?? () from /lib/libglib-2.0.so.0 #20 0x0098410c in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #21 0x0098754f in ?? () from /lib/libglib-2.0.so.0 #22 0x009878f9 in g_main_loop_run () from /lib/libglib-2.0.so.0 #23 0x004ba422 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #24 0x07dda83f in ?? () from /usr/lib/firefox-2.0.0.10/components/libwidget_gtk2.so #25 0x06c19306 in ?? () from /usr/lib/firefox-2.0.0.10/components/libtoolkitcomps.so #26 0x0804fb7d in __cxa_pure_virtual () #27 0x0804aca0 in __cxa_pure_virtual () #28 0x00c56390 in __libc_start_main () from /lib/libc.so.6 #29 0x0804abc1 in __cxa_pure_virtual () Please request more infos from the core file, if needed.
Can you reproduce it with the latest firefox update? Please install missing debuginfo packages and attach the back-trace again.
At this point, we're going to only be taking security fixes and major stability fixes into this release of Fedora. However, we still want to ensure the bug is fixed in the next version. We'd appreciate if you could test Firefox 3, available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping as the default in Fedora rawhide and provide feedback as to whether it still exists so we can file a ticket upstream to try to fix it in Firefox 3 before it is released.
Here a backtrace: Core was generated by `/usr/lib/firefox-2.0.0.12/firefox-bin -UILocale de'. Program terminated with signal 11, Segmentation fault. #0 0x0012d402 in __kernel_vsyscall () (gdb) bt #0 0x0012d402 in __kernel_vsyscall () #1 0x00310891 in raise () from /lib/libpthread.so.0 #2 0x08059f46 in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:206 #3 <signal handler called> #4 0x00ca88aa in memcpy () from /lib/libc.so.6 #5 0x00282732 in nsSubstringTuple::WriteTo (this=0xa5b6394, buf=0xa1b6390, bufLen=7) at /usr/include/bits/string3.h:52 #6 0x00281cad in nsSubstring::Assign (this=0xbfe11f94, tuple=@0xbfe11fc4) at nsTSubstring.cpp:384 #7 0x002872ca in nsAString_internal::Assign (this=0xbfe11f94, tuple=@0xbfe11e1c) at nsTAString.cpp:238 #8 0x01385471 in nsEventListenerManager::AddEventListenerByType (this=0xa1ef920, aListener=0x9e0e188, aType=@0xbfe1209c, aFlags=2, aEvtGrp=0x93e93a8) at ../../../dist/include/string/nsTAString.h:494 #9 0x013834a7 in nsEventListenerManager::AddGroupedEventListener (this=0xa1ef920, aType=@0xbfe1209c, aListener=0x9e0e188, aUseCapture=0, aEvtGrp=0x93e93a8) at nsEventListenerManager.cpp:2150 #10 0x01348a17 in nsDOMEventRTTearoff::AddGroupedEventListener (this=0xa1b6370, aType=@0xbfe1209c, aListener=0x9e0e188, aUseCapture=0, aEvtGrp=0x93e93a8) at nsGenericElement.cpp:716 #11 0x0120f13c in nsTextControlFrame::SetInitialChildList (this=0xa1b42a0, aPresContext=0xa191120, aListName=0x0, aChildList=0xa1b4584) at nsTextControlFrame.cpp:3280 #12 0x0114d721 in nsCSSFrameConstructor::ConstructHTMLFrame (this=0xa1a8940, aState=@0xbfe130c4, aContent=0xa1ef878, aParentFrame=0xa1e8380, aTag=0x8bf0778, aNameSpaceID=0, aStyleContext=0xa1b41a4, aFrameItems=@0xbfe12458, aHasPseudoParent=0) at nsCSSFrameConstructor.cpp:5708
Can yoy please check the upcoming Fedora 9? There's a Firefox 3 there with many bugfixes. If it still crashes, can yoy please provide more info about the crash? Seems to be somewhere in nsSubstringTuple::WriteTo (wrong params?) so can you please provide info about local variables, pointers and so on?
Reporter, could you please reply to the previous question? If you won't reply in one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you.
I switched Fedora 9 and Firefox 3 Beta 5 and changed also my system a little bit. I do no longer see this crashes. Please close this bug for now.
Thanks for letting us know.