Closed Bug 1609802 Opened 5 years ago Closed 5 years ago

firefox crash on startup

Categories

(Core :: DOM: Content Processes, defect)

Product:
Core
Component:
DOM: Content Processes
Version:
68 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: rick.liu.1989, Unassigned)

References

(Regression)

Details

(Keywords: regression)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Steps to reproduce:

Start firefox and got Segmentation fault (core dumped).

Actual results:

This started happening after upgrading from version 58.0 to version 68.2, OS version RHEL 7.3.

gdb info as below:

[root@admvx004 ccpp-2020-01-17-10:21:15-112813]# gdb /usr/lib64/firefox/firefox coredump
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/lib64/firefox/firefox...Reading symbols from /usr/lib64/firefox/firefox...(no debugging symbols found)...done.
(no debugging symbols found)...done.
[New LWP 112813]
[New LWP 112828]
[New LWP 112829]
[New LWP 112830]
[New LWP 112831]
[New LWP 112832]
[New LWP 112827]
[New LWP 112833]
[New LWP 112834]
[New LWP 112835]
[New LWP 112836]
[New LWP 112837]
[New LWP 112838]
[New LWP 112839]
[New LWP 112840]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/lib64/firefox/firefox'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f1c437854ab in raise () from /lib64/libpthread.so.0
Missing separate debuginfos, use: debuginfo-install firefox-68.2.0-1.el7_7.x86_64
(gdb) bt
#0 0x00007f1c437854ab in raise () from /lib64/libpthread.so.0
#1 0x00007f1c33266658 in nsProfileLock::FatalSignalHandler(int, siginfo_t*, void*) ()
from /usr/lib64/firefox/libxul.so
#2 0x00007f1c3398fd62 in WasmTrapHandler(int, siginfo_t*, void*) () from /usr/lib64/firefox/libxul.so
#3 <signal handler called>
#4 0x00007f1c3019403b in mozilla::dom::ipc::SharedStringMap::SharedStringMap(mozilla::dom::ipc::SharedStringMapBuilder&&) [clone .cold.660] () from /usr/lib64/firefox/libxul.so
#5 0x00007f1c302dec08 in (anonymous namespace)::SharedStringBundle::LoadProperties() ()
from /usr/lib64/firefox/libxul.so
#6 0x00007f1c302def18 in (anonymous namespace)::SharedStringBundle::GetStringImpl(nsTSubstring<char> const&, nsTSubstring<char16_t>&) () from /usr/lib64/firefox/libxul.so
#7 0x00007f1c302dc3d8 in nsStringBundleBase::GetStringFromName(char const*, nsTSubstring<char16_t>&) ()
from /usr/lib64/firefox/libxul.so
#8 0x00007f1c3240cbdd in mozilla::widget::WidgetUtils::GetBrandShortName(nsTSubstring<char16_t>&) ()
from /usr/lib64/firefox/libxul.so
#9 0x00007f1c32469303 in nsAppShell::Init() () from /usr/lib64/firefox/libxul.so
#10 0x00007f1c3247b08d in nsWidgetGtk2ModuleCtor() () from /usr/lib64/firefox/libxul.so
#11 0x00007f1c302704d5 in mozilla::xpcom::CallInitFunc(unsigned long) () from /usr/lib64/firefox/libxul.so
#12 0x00007f1c30276050 in mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsISupports*, nsID const&, void**) [clone .part.500] () from /usr/lib64/firefox/libxul.so
#13 0x00007f1c3028562e in nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) () from /usr/lib64/firefox/libxul.so
#14 0x00007f1c302856ff in nsComponentManagerImpl::GetService(nsID const&, nsID const&, void**) [clone .part.256] ()
from /usr/lib64/firefox/libxul.so
#15 0x00007f1c30285852 in nsGetServiceByCIDWithError::operator()(nsID const&, void**) const ()
from /usr/lib64/firefox/libxul.so
#16 0x00007f1c3021e9a6 in nsCOMPtr_base::assign_from_gs_cid_with_error(nsGetServiceByCIDWithError const&, nsID const&) () from /usr/lib64/firefox/libxul.so
#17 0x00007f1c331bf214 in nsAppStartup::Init() () from /usr/lib64/firefox/libxul.so
#18 0x00007f1c30278a04 in mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsISupports*, nsID const&, void**) [clone .part.500] () from /usr/lib64/firefox/libxul.so
#19 0x00007f1c3028562e in nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) () from /usr/lib64/firefox/libxul.so
#20 0x00007f1c30285bce in nsComponentManagerImpl::GetService(mozilla::xpcom::ModuleID, nsID const&, void**) ()
from /usr/lib64/firefox/libxul.so
#21 0x00007f1c3027056a in mozilla::xpcom::GetServiceHelper::operator()(nsID const&, void**) const ()
from /usr/lib64/firefox/libxul.so
#22 0x00007f1c3021ee06 in nsCOMPtr_base::assign_from_helper(nsCOMPtr_helper const&, nsID const&) ()
from /usr/lib64/firefox/libxul.so
#23 0x00007f1c33270121 in ScopedXPCOMStartup::SetWindowCreator(nsINativeAppSupport*) ()
from /usr/lib64/firefox/libxul.so
#24 0x00007f1c33276cb2 in XREMain::XRE_mainRun() () from /usr/lib64/firefox/libxul.so
#25 0x00007f1c332780e0 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) ()
from /usr/lib64/firefox/libxul.so
#26 0x00007f1c33278376 in XRE_main(int, char**, mozilla::BootstrapConfig const&) ()
from /usr/lib64/firefox/libxul.so
#27 0x00007f1c43bbd398 in do_main(int, char**, char**) ()
#28 0x00007f1c43bbc8ae in main ()
(gdb)

Expected results:

start normally

Hi,

I wasn't able to reproduce the bug but I've chosen a component for this bug in hope that someone with more expertise may look at it. We'll wait for their answer.

Regards, Flor.

Component: Untriaged → Startup and Profile System
Product: Firefox → Toolkit

The priority flag is not set for this bug.
:mossop, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dtownsend)

Seems to be failing in mozilla::dom::ipc::SharedStringMap.

Component: Startup and Profile System → IPC
Product: Toolkit → Core

This is almost certainly mozilla::dom::ipc::SharedStringMap release-asserting that MemMapSnapshot::Finalize; it can fail if MemMapSnapshot::Freeze fails, and this is 68ESR so it predates bug 1479960: it's using its own implementation of shared memory instead of IPC's.

My guess is that there's some kind of system level security policy that's misconfigured and breaking access to /dev/shm; strace could help debug this. In any case this code belongs to the DOM module.

Component: IPC → DOM: Content Processes
Flags: needinfo?(dtownsend) → needinfo?(kmaglione+bmo)
Regressed by: 1463587
Has Regression Range: --- → yes
Keywords: regression

Yeah, I don't have anything to add to that. It's almost certainly a system issue breaking shared memory.

Flags: needinfo?(kmaglione+bmo)

The priority flag is not set for this bug.
:neha, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(nkochar)

Closing bug as invalid because we don't have any crash reports and this code has been rewritten since 68 ESR.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(nkochar)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.