firefox crashes using gtalk in gmail

RESOLVED INCOMPLETE

Status

()

Firefox
General
--
critical
RESOLVED INCOMPLETE
11 years ago
9 years ago

People

(Reporter: Andrea Federico, Unassigned)

Tracking

({crash})

2.0 Branch
x86
Linux
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: closeme 2009-06-20)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5

when I use gtalk in gmail sometimes firefox crashes I don't understand where is problem.
I use firefox with ubuntu relase 6.06.

I try to investigated the prblem and I download the official binary firefox release from mozilla.org repository but the problem it the same.

I investigated again and I compiled firefox from source and debug it.
Follow my debug session:

----------------------------------------------------------------------
this is what my console show:
----------------------------------------------------------------------

Program /opt/firefox_gdb2/lib/firefox-2.0.0.5/firefox-bin (pid = 27693) received signal 11.
Stack:
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/firefox-bin +0x0001FE46]
__kernel_sigreturn+0x00000000 [ +0x00000420]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libxpconnect.so +0x0005B9DD]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libxpconnect.so +0x00064EB5]
js_Invoke+0x000010A2 [/opt/firefox_gdb2/lib/firefox-2.0.0.5/libmozjs.so +0x00063978]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/libmozjs.so +0x00076C1F]
js_Invoke+0x00001158 [/opt/firefox_gdb2/lib/firefox-2.0.0.5/libmozjs.so +0x00063A2E]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/libmozjs.so +0x00063DCC]
JS_CallFunctionValue+0x00000048 [/opt/firefox_gdb2/lib/firefox-2.0.0.5/libmozjs.so +0x0002242B]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x0056B369]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x005D3E9C]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x0040C037]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x0040E80D]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x0051D832]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x0052DF51]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x00588918]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x005717D9]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x005718B5]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x0041E311]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x0012317D]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x00124747]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x005615A5]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x005627AF]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x005514CD]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x0001EDC3]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x0001EC9C]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x00011D01]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x000122BF]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libgklayout.so +0x005874E9]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libnsappshell.so +0x00026165]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x0001EDC3]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x0001EBE4]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x00011EFA]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x00011F83]
_gtk_marshal_BOOLEAN__BOXED+0x00000058 [/usr/lib/libgtk-x11-2.0.so.0 +0x001208E0]
g_closure_invoke+0x0000011E [/usr/lib/libgobject-2.0.so.0 +0x0000979F]
UNKNOWN [/usr/lib/libgobject-2.0.so.0 +0x000182EA]
g_signal_emit_valist+0x0000041D [/usr/lib/libgobject-2.0.so.0 +0x00019886]
g_signal_emit+0x00000029 [/usr/lib/libgobject-2.0.so.0 +0x00019E89]
UNKNOWN [/usr/lib/libgtk-x11-2.0.so.0 +0x00202DCF]
UNKNOWN [/usr/lib/libgtk-x11-2.0.so.0 +0x00212592]
_gtk_window_set_is_active+0x00000066 [/usr/lib/libgtk-x11-2.0.so.0 +0x002168D2]
UNKNOWN [/usr/lib/libgtk-x11-2.0.so.0 +0x0021698F]
_gtk_marshal_BOOLEAN__BOXED+0x00000058 [/usr/lib/libgtk-x11-2.0.so.0 +0x001208E0]
UNKNOWN [/usr/lib/libgobject-2.0.so.0 +0x0000916F]
g_closure_invoke+0x0000011E [/usr/lib/libgobject-2.0.so.0 +0x0000979F]
UNKNOWN [/usr/lib/libgobject-2.0.so.0 +0x000189CE]
g_signal_emit_valist+0x0000041D [/usr/lib/libgobject-2.0.so.0 +0x00019886]
g_signal_emit+0x00000029 [/usr/lib/libgobject-2.0.so.0 +0x00019E89]
UNKNOWN [/usr/lib/libgtk-x11-2.0.so.0 +0x00202DCF]
gtk_main_do_event+0x00000314 [/usr/lib/libgtk-x11-2.0.so.0 +0x0011F47F]
UNKNOWN [/usr/lib/libgdk-x11-2.0.so.0 +0x0003FDEC]
g_main_context_dispatch+0x000001D7 [/usr/lib/libglib-2.0.so.0 +0x000238D6]
UNKNOWN [/usr/lib/libglib-2.0.so.0 +0x00026996]
g_main_loop_run+0x000001D6 [/usr/lib/libglib-2.0.so.0 +0x00026CB8]
gtk_main+0x000000B4 [/usr/lib/libgtk-x11-2.0.so.0 +0x0011E765]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libwidget_gtk2.so +0x0001C0FA]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libtoolkitcomps.so +0x0000D2E0]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/firefox-bin +0x0000AA88]
UNKNOWN [/opt/firefox_gdb2/lib/firefox-2.0.0.5/firefox-bin +0x000033EC]
__libc_start_main+0x000000D2 [/lib/tls/i686/cmov/libc.so.6 +0x00014EA2]
Sleeping for 300 seconds.
Type 'gdb /opt/firefox_gdb2/lib/firefox-2.0.0.5/firefox-bin 27693' to attach your debugger to this thread.

----------------------------------------------------------------------
backtrace from gdb
----------------------------------------------------------------------

gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb74f9136 in nanosleep () from /lib/tls/i686/cmov/libc.so.6
#2  0xb74f8f3c in sleep () from /lib/tls/i686/cmov/libc.so.6
#3  0x08066acd in ah_crap_handler (signum=11) at nsSigHandlers.cpp:133
#4  0x08067e46 in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:210
#5  <signal handler called>
#6  0x00000001 in ?? ()
#7  0x08c5d2c0 in ?? ()
#8  0xbfd58a54 in ?? ()
#9  0xbfd58aec in ?? ()
#10 0xb720f0d0 in ?? () from /opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libxpconnect.so
#11 0xbfd58c18 in ?? ()
#12 0xb71e29dd in XPCWrappedNative::CallMethod (ccx=@0x4, mode=32) at ../../../../../js/src/xpconnect/src/xpcwrappednative.cpp:2169

----------------------------------------------------------------------
backtrace with more information
----------------------------------------------------------------------

(gdb) backtrace full
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb74f9136 in nanosleep () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb74f8f3c in sleep () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3  0x08066acd in ah_crap_handler (signum=11) at nsSigHandlers.cpp:133
No locals.
#4  0x08067e46 in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:210
        oldact = (sigaction *) 0x806f360
#5  <signal handler called>
No symbol table info available.
#6  0x00000001 in ?? ()
No symbol table info available.
#7  0x08c5d2c0 in ?? ()
No symbol table info available.
#8  0xbfd58a54 in ?? ()
No symbol table info available.
#9  0xbfd58aec in ?? ()
No symbol table info available.
#10 0xb720f0d0 in ?? () from /opt/firefox_gdb2/lib/firefox-2.0.0.5/components/libxpconnect.so
No symbol table info available.
#11 0xbfd58c18 in ?? ()
No symbol table info available.
#12 0xb71e29dd in XPCWrappedNative::CallMethod (ccx=@0x4, mode=32) at ../../../../../js/src/xpconnect/src/xpcwrappednative.cpp:2169
        req = {mCCX = @0x0, mCX = 0x2eb, mDepth = 17}
        rv = 0
        retval = 160881632
        paramCount = 0 '\0'
        err = 25
        tls = (XPCPerThreadData *) 0x80ab140
        secAction = 160464960
        methodInfo = (const nsXPTMethodInfo *) 0x31
        src = 1
        foundDependentParam = 73
        i = 0 '\0'
        xpcc = (XPCContext *) 0xd
        argv = (jsval *) 0xa8a58c0
        secFlag = 158209672
        autoStringIndex = 20110204
        invokeResult = 68442
        param_iid = {m0 = 0, m1 = 1, m2 = 0, m3 = "P\000\000\000HFh\b"}
        ifaceInfo = (class nsIInterfaceInfo *) 0xa2f0578
        paramBuffer = {{<nsXPTCMiniVariant> = {val = {i8 = 45 '-', i16 = 29485, i32 = 1919251245, i64 = 112603076850477, u8 = 45 '-', u16 = 29485, u32 = 1919251245,
        u64 = 112603076850477, f = 4.5447236e+30, d = 5.5633311887842437e-310, b = 1919251245, c = 45 '-', wc = 29485, p = 0x7265732d}}, ptr = 0x11,
    type = {<XPTTypeDescriptorPrefix> = {flags = 65 'A'}, <No data fields>}, flags = 99 'c'}, {<nsXPTCMiniVariant> = {val = {i8 = 0 '\0', i16 = 0, i32 = 0, i64 = 0, u8 = 0 '\0',
        u16 = 0, u32 = 0, u64 = 0, f = 0, d = 0, b = 0, c = 0 '\0', wc = 0, p = 0x0}}, ptr = 0x11, type = {<XPTTypeDescriptorPrefix> = {flags = 248 '�'}, <No data fields>},
    flags = 90 'Z'}, {<nsXPTCMiniVariant> = {val = {i8 = 1 '\001', i16 = 513, i32 = 513, i64 = 513, u8 = 1 '\001', u16 = 513, u32 = 513, u64 = 513, f = 7.18866112e-43,
        d = 2.5345567631655948e-321, b = 513, c = 1 '\001', wc = 513, p = 0x201}}, ptr = 0x29, type = {<XPTTypeDescriptorPrefix> = {flags = 255 '�'}, <No data fields>},
    flags = 255 '�'}, {<nsXPTCMiniVariant> = {val = {i8 = 0 '\0', i16 = 0, i32 = 0, i64 = 0, u8 = 0 '\0', u16 = 0, u32 = 0, u64 = 0, f = 0, d = 0, b = 0, c = 0 '\0', wc = 0,
        p = 0x0}}, ptr = 0xa15a698, type = {<XPTTypeDescriptorPrefix> = {flags = 0 '\0'}, <No data fields>}, flags = 0 '\0'}, {<nsXPTCMiniVariant> = {val = {i8 = 0 '\0',
        i16 = 0, i32 = 0, i64 = 2251799813685248, u8 = 0 '\0', u16 = 0, u32 = 0, u64 = 2251799813685248, f = 0, d = 1.1125369292536007e-308, b = 0, c = 0 '\0', wc = 0,
        p = 0x0}}, ptr = 0x0, type = {<XPTTypeDescriptorPrefix> = {flags = 0 '\0'}, <No data fields>}, flags = 0 '\0'}, {<nsXPTCMiniVariant> = {val = {i8 = 17 '\021', i16 = 17,
        i32 = 17, i64 = 682327538621480977, u8 = 17 '\021', u16 = 17, u32 = 17, u64 = 682327538621480977, f = 2.38220739e-44, d = 4.7862997835021536e-263, b = 17, c = 17 '\021',
        wc = 17, p = 0x11}}, ptr = 0x0, type = {<XPTTypeDescriptorPrefix> = {flags = 0 '\0'}, <No data fields>}, flags = 0 '\0'}, {<nsXPTCMiniVariant> = {val = {i8 = 33 '!',
        i16 = 33, i32 = 33, i64 = 60129542177, u8 = 33 '!', u16 = 33, u32 = 33, u64 = 60129542177, f = 4.62428493e-44, d = 2.9707941089817979e-313, b = 33, c = 33 '!', wc = 33,
        p = 0x21}}, ptr = 0x10, type = {<XPTTypeDescriptorPrefix> = {flags = 72 'H'}, <No data fields>}, flags = 91 '['}, {<nsXPTCMiniVariant> = {val = {i8 = 1 '\001', i16 = 1,
        i32 = 1, i64 = 4294967297, u8 = 1 '\001', u16 = 1, u32 = 1, u64 = 4294967297, f = 1.40129846e-45, d = 2.121995791459338e-314, b = 1, c = 1 '\001', wc = 1, p = 0x1}},
    ptr = 0xa6e4608, type = {<XPTTypeDescriptorPrefix> = {flags = 0 '\0'}, <No data fields>}, flags = 0 '\0'}}
        autoStrings = {{<nsFixedString> = {<nsString> = {<nsSubstring> = {<nsAString_internal> = {mVTable = 0x1, mData = 0x8070548, mLength = 157296240,
            mFlags = 24}, <No data fields>}, <No data fields>}, mFixedCapacity = 129, mFixedBuf = 0x6f6d2065}, mStorage = {30052, 25964, 26912, 8307, 29811, 29281, 25972, 8292,
      26217, 26912, 8307, 8240, 29801, 26912, 8307, 28526, 8308, 29811, 29281, 25972, 8292, 29285, 28530, 8306, 29807, 25960, 30578, 29545, 25957, 27936, 25711, 27765, 8293,
      29545, 29472, 24948, 29810, 25701, 26912, 8294, 29545, 12320, 26912, 8308, 29545, 28192, 29807, 29472, 24948, 29810, 25701, 25888, 29298, 29295, 28448, 26740, 29285,
      26999, 25971, 0, 17, 0, 24947, 29550}}}
        dispatchParams = (nsXPTCVariant *) 0x0
        requiredArgs = 0 '\0'
        sm = (class nsIXPCSecurityManager *) 0x0
        rt = (XPCJSRuntime *) 0x1401
        callee = (nsISupports *) 0x0
        vtblIndex = 2448
        name = 170853888


----------------------------------------------------------------------
variable
----------------------------------------------------------------------

from backtrace there is a call from this function:

XPCWrappedNative::CallMethod

line: 2169
file: js/src/xpconnect/src/xpcwrappednative.cpp

I analyze some variable:

(gdb) print ccx
$8 = (class XPCCallContext &) @0x4: Cannot access memory at address 0x4
(gdb) print mode
$9 = 32
(gdb) print callee
$10 = (nsISupports *) 0x0
(gdb) print vtblIndex
$11 = 2448
(gdb) print paramCount
$12 = 0 '\0'
(gdb) print dispatchParams
$13 = (nsXPTCVariant *) 0x0


----------------------------------------------------------------------
step by step
----------------------------------------------------------------------

(gdb) step
Single stepping until exit from function __kernel_vsyscall,
which has no line number information.
[Switching to Thread -1221052192 (LWP 27693)]
0xb74f9136 in nanosleep () from /lib/tls/i686/cmov/libc.so.6
(gdb) step
Single stepping until exit from function nanosleep,
which has no line number information.

Program received signal SIGTERM, Terminated.
[Switching to Thread -1248973904 (LWP 27701)]
0xffffe410 in __kernel_vsyscall ()
(gdb) step
Single stepping until exit from function __kernel_vsyscall,
which has no line number information.
nsProfileLock::FatalSignalHandler (signo=-1248976652) at nsProfileLock.cpp:156
156     void nsProfileLock::FatalSignalHandler(int signo)
(gdb) step
159         RemovePidLockFiles();
(gdb) step
nsProfileLock::RemovePidLockFiles () at nsProfileLock.cpp:141
141         while (!PR_CLIST_IS_EMPTY(&mPidLockList))
(gdb) step

Program exited with code 013.
(gdb)                                       


----------------------------------------------------------------------

I hope this long report can help you to understand the problem.


Reproducible: Always

Steps to Reproduce:
1. open gmail
2. use gtalk
3.



Every time I use gtalk in gmail firefox crashes but not occur in a particular moment, this can happen after 1 minute or after 1 our.
(Reporter)

Updated

11 years ago
Version: unspecified → 2.0 Branch
(Reporter)

Comment 1

11 years ago
official binary firefox downloaded form mozilla.org repository when crashes show this message:

/opt/firefox/run-mozilla.sh: line 131: 21522 Segmentation fault      (core dumped) "$prog" ${1+"$@"}


and previous version I don't remember exactly, 
(version >= 2.0.0.0) and (version < 2.0.0.5) show this error:

*** glibc detected *** free(): invalid pointer: 0xb7f9a588 ***

Comment 2

11 years ago
are you using --enable-debug or --enable-debugger-info-modules? you should be using at least one of them...
(Reporter)

Comment 3

11 years ago
this debug session is made with firefox compiled with these options:

--enable-debug --enable-debug-modules --prefix=/opt/firefox_gdb2 --disable-optimize --enable-application=browser --disable-gnomevfs


but I have the same result with firefox compiled only with 1 debug option, this:
--enable-debug

Comment 4

9 years ago
Do you see this with FF 3.5 beta, or FFF 3?
 ftp://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-1.9.1/
Keywords: crash
Whiteboard: closeme 2009-06-20
-> incomplete - no reply
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.