Bug 14062 - After update to 31.1 Firefox started to crash
Summary: After update to 31.1 Firefox started to crash
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: x86_64 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
: 14067 (view as bug list)
Depends on:
Blocks: 14069
  Show dependency treegraph
 
Reported: 2014-09-06 12:17 CEST by Nikita Krupenko
Modified: 2014-09-23 20:17 CEST (History)
15 users (show)

See Also:
Source RPM: firefox-31.1.0-1.mga5.src.rpm
CVE:
Status comment:


Attachments
Crash stack trace (7.59 KB, text/plain)
2014-09-06 12:34 CEST, Nikita Krupenko
Details

Description Nikita Krupenko 2014-09-06 12:17:18 CEST
Description of problem:
Yestarday I updated firefox and it started to crash. It often happens when I restore session with many tabs, open new tab or just scroll a page.
This happens on two different machines.
Tried firefox-beta and it does not crashes.
IIRC version 31.0 worked without crashes.

Version-Release number of selected component (if applicable):
31.1.0-1.mga

How reproducible:
Install recent firefox and open several tabs with some sites.


Reproducible: 

Steps to Reproduce:
Comment 1 Nikita Krupenko 2014-09-06 12:34:58 CEST
Created attachment 5408 [details]
Crash stack trace

Added stacktrace.
Also I found, that it often crashes when I hover buttons in pdf.js viewer or on toolbar.
Comment 2 Reinout van Schouwen 2014-09-06 22:51:55 CEST
+1. Same stack trace when logging in to Google.

CC: (none) => reinout

Comment 3 Otto Leipälä 2014-09-07 09:49:47 CEST
This is only cauldron problem,updated in mageia 4 firefox 31.1 from testing and removed .mozilla from home folder and have no even single crash.

CC: (none) => ozkyster

Comment 4 Florian Hubold 2014-09-07 15:22:08 CEST
(In reply to Nikita Krupenko from comment #0)
> Tried firefox-beta and it does not crashes.
> IIRC version 31.0 worked without crashes.
> 
> Version-Release number of selected component (if applicable):
> 31.1.0-1.mga

Between 31.0 and 31.1 compiler was changed to clang, so this could be a possible cause. Although firefox-beta is also built with clang ... Which version of firefox-beta did you try?


Note to self - upstream bugreport about gcc 4.9 breakage where tv already commented: https://bugzilla.mozilla.org/show_bug.cgi?id=1025639

CC: (none) => doktor5000

Colin Guthrie 2014-09-07 17:09:32 CEST

CC: (none) => mageia

Comment 5 Florian Hubold 2014-09-07 19:48:44 CEST
Just checked via the ff 31.1.0 build for Mageia 4 (currently available for early testing via updates_testing repo) and it seems to work fine, although only used it for a short time. Big difference to cauldron: It is built with gcc instead of clang.

Apart from that, is there any link that reproducibly triggers a crash?

(In reply to Reinout van Schouwen from comment #2)
> +1. Same stack trace when logging in to Google.

See question above, can you please post a direct link? E.g. https://accounts.google.com ? For me under mga4 google+ login worked just fine.

CC: (none) => luigiwalser

Florian Hubold 2014-09-07 19:49:09 CEST

CC: luigiwalser => (none)

Florian Hubold 2014-09-07 19:52:45 CEST

See Also: (none) => https://bugzilla.mozilla.org/show_bug.cgi?id=1025639

Comment 6 Manuel Hiebel 2014-09-07 20:50:38 CEST
*** Bug 14067 has been marked as a duplicate of this bug. ***

CC: (none) => Carth_Onasi

Florian Hubold 2014-09-07 21:13:21 CEST

Assignee: bugsquad => doktor5000
Status: NEW => ASSIGNED

Comment 8 Nikita Krupenko 2014-09-07 22:54:55 CEST
(In reply to Florian Hubold from comment #4)
> Which version of firefox-beta did you try?

IIRC it was version 32.0-0.b9.1

(In reply to Florian Hubold from comment #5)
> See question above, can you please post a direct link? 

Easy way to reproduce crash: open PDF file in integrated viewer (pdf.js) and hover mouse over buttons in viewer toolbar. Also when opening empty tab and hover mouse over most visited sites buttons.
Comment 9 Rémi Verschelde 2014-09-08 11:59:46 CEST
(In reply to Florian Hubold from comment #7)
> From the duplicate report (where at least the output of firefox crashing was
> posted ...)

The duplicate report is actually not 100% a dup. I'm also having the issue described in bug 14062, and get a similar stacktrace with gdb. I've never seen the console output in bug 14067, so it seems to be a different bug, or a different form of this bug.

CC: (none) => remi

Comment 10 Joseph Wang 2014-09-08 20:04:21 CEST
I've been able to reproduce the crash when I open a pdf file with the mozilla pdf viewer, and then I page down.  When the pdf changes pages, firefox will crash.

CC: (none) => joequant

Comment 11 Bernard SIAUD 2014-09-08 22:04:46 CEST
With 31.1.0 crash when I'm openning airdroid ( http://web.airdroid.com/ ).
But after, I can't open all the other tab . Why ?

After I have "restaurer les onglets fermés" : open all the tab als before and it's go... Why ???

CC: (none) => liste

Florian Hubold 2014-09-08 23:05:14 CEST

Blocks: (none) => 14069

Comment 12 Florian Hubold 2014-09-08 23:19:53 CEST
Same content as in mail to -dev:

Please stop the "me too" posts that don't hold essential details, sorry but those are simply useless.
There's a bugreport: https://bugs.mageia.org/show_bug.cgi?id=14062

Please provide at the least the normal output when running firefox in safe mode
"firefox -safe-mode" and also the output from "rpm -qa | grep firefox | sort"

In addition it would be really helpful if you can test latest mozilla firefox
in normal mode. Either use ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/31.1.0esr/linux-x86_64/en-US/firefox-31.1.0esr.tar.bz2 or ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/31.1.0esr/linux-i686/en-US/firefox-31.1.0esr.tar.bz2 for i586 boxes.

Easiest way to reproduce the crash is open a new tab and move the mouse over one  or two of the tiles for a few seconds and firefox will crash, safe mode or not. Relevant output I got is:

  Segmentation fault
  ###!!! [Child][MessageChannel::SendAndWait] Error: Channel error: cannot send/recv


The latter message does not seems to appear always, but segmentation fault does.

Does not happen with firefox from mozilla with the same user profile. But this could still be an issue with theme used or gtk or glib something like that.


To get a clean backtrace with a fresh profile (wipes your firefox profile, so backup important files first!) use this:

rm -rf ~/.mozilla; gdb --args /lib/firefox-31.1.0/firefox -safe-mode


then run in gdb to run firefox, reproduce the crash, then "bt full" command in gdb and attach the stack trace here. That is, after installing all the debuginfo packages beforehand. For more information, see https://wiki.mageia.org/en/Debugging_software_crashes
Florian Hubold 2014-09-08 23:49:47 CEST

See Also: (none) => https://bugzilla.mozilla.org/show_bug.cgi?id=1064553

Jerome Quelin 2014-09-11 10:35:46 CEST

CC: (none) => jquelin

Comment 13 Florian Hubold 2014-09-11 23:47:03 CEST
FWIW, here's my upstream report: https://bugzilla.mozilla.org/show_bug.cgi?id=1064553

Cannot reproduce the issues with 31.1esr mozilla stock builds, and also not with 31.1esr for mga4 which is built with gcc. Tried to switch back to gcc for cauldron too, but I'm currently swamped with $dayjob and cannot work further on this. Anybody feel free to work on it, here are the last builds logs:

----

- @673451:firefox-31.1.0-3.mga5.src.rpm

Failure details available in http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20140908050614.doktor5000.valstar.30987/log
Reason:
@673451:firefox-31.1.0-3.mga5.src.rpm: build_failure

Log files generated:
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20140908050614.doktor5000.valstar.30987/log/firefox-31.1.0-3.mga5/build.0.20140908070707.log
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20140908050614.doktor5000.valstar.30987/log/firefox-31.1.0-3.mga5/rpm_qa.0.20140908070707.log
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20140908050614.doktor5000.valstar.30987/log/firefox-31.1.0-3.mga5/install_deps-1.0.20140908070707.log

Status: ASSIGNED => NEW
Assignee: doktor5000 => bugsquad

Comment 14 Bernard SIAUD 2014-09-12 07:26:07 CEST
Now, I need to use Konqueror for see :
- https://moncompte.numericable.fr/pages/Home.aspx
- a pdf with firefox
- and more sheet

When I'm openning a new tab, firefox crash

You can see http://www.mageialinux-online.org/forum/topic-18861-1+firefox-instable.php if you understand french (it's very difficult for me to speak english).
Helge Hielscher 2014-09-12 23:30:47 CEST

CC: (none) => hhielscher

Comment 15 Thierry Vignaud 2014-09-15 17:51:21 CEST
ff-beta crashes too. This could be due to new clang.
If someone succeeds in building ff with gcc, can (s)he checks whether the gcc build is segfaulting too?

CC: (none) => thierry.vignaud, tmb

Comment 16 Rémi Verschelde 2014-09-15 18:18:16 CEST
(In reply to Thierry Vignaud from comment #15)
> ff-beta crashes too. This could be due to new clang.
> If someone succeeds in building ff with gcc, can (s)he checks whether the
> gcc build is segfaulting too?

I confirm that firefox-beta crashes too, but less often. ff 31.1 crashes after I've used it for less than two minutes, while I can use ff-beta for hours before it crashes (it crashes when trying to log into gmail for example).
Comment 17 Florian Hubold 2014-09-15 19:57:04 CEST
(In reply to Thierry Vignaud from comment #15)
> If someone succeeds in building ff with gcc, can (s)he checks whether the
> gcc build is segfaulting too?

I'd do that, if I'd get it to build :/ Here are the logs from last submit:

Build of the following packages failed:

- @674823:firefox-31.1.0-3.mga5.src.rpm

Failure details available in http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20140912160636.doktor5000.valstar.20483/log
Reason:
@674823:firefox-31.1.0-3.mga5.src.rpm: build_failure


Already found some related reports upstream about similar issues, related to either location of freetype headers (first link, but that patch is already merged in current upstream code AFAICS) or harfbuzz linker issues:
https://bugzilla.mozilla.org/show_bug.cgi?id=944454
https://bugzilla.mozilla.org/show_bug.cgi?id=985803 & https://bugzilla.mozilla.org/show_bug.cgi?id=985756
https://bugzilla.mozilla.org/show_bug.cgi?id=986580
Comment 18 Olav Vitters 2014-09-15 21:29:29 CEST
My backtrace:

#0  0x00007ffff59c8620 in js::jit::JitRuntime::patchIonBackedges(JSRuntime*, js::jit::JitRuntime::BackedgeTarget) (where=0x7fffd52b11f2, value=-325) at /usr/src/debug/mozilla-esr31/js/src/assembler/assembler/X86Assembler.h:3445
#1  0x00007ffff59c8620 in js::jit::JitRuntime::patchIonBackedges(JSRuntime*, js::jit::JitRuntime::BackedgeTarget) (from=0x7fffd52b11f2, to=<optimized out>) at /usr/src/debug/mozilla-esr31/js/src/assembler/assembler/X86Assembler.h:3392
#2  0x00007ffff59c8620 in js::jit::JitRuntime::patchIonBackedges(JSRuntime*, js::jit::JitRuntime::BackedgeTarget) (jump=..., label=...) at /usr/src/debug/mozilla-esr31/js/src/jit/x64/Assembler-x64.h:716
#3  0x00007ffff59c8620 in js::jit::JitRuntime::patchIonBackedges(JSRuntime*, js::jit::JitRuntime::BackedgeTarget) (this=<optimized out>, rt=0x7fffd52b10ad, target=js::jit::JitRuntime::BackedgeLoopHeader) at /usr/src/debug/mozilla-esr31/js/src/jit/Ion.cpp:410
#4  0x00007ffff5a8c084 in js::jit::CheckOverRecursedWithExtra(JSContext*, js::jit::BaselineFrame*, unsigned int, unsigned int) (cx=0x7fffd220dd80) at /usr/src/debug/mozilla-esr31/js/src/jit/VMFunctions.cpp:522
#5  0x00007ffff5a8c084 in js::jit::CheckOverRecursedWithExtra(JSContext*, js::jit::BaselineFrame*, unsigned int, unsigned int) (cx=0x7fffd220dd80, frame=<optimized out>, extra=<optimized out>, earlyCheck=<optimized out>)
    at /usr/src/debug/mozilla-esr31/js/src/jit/VMFunctions.cpp:177
#6  0x00007ffff7e6c5aa in  ()
#7  0x0000000000000058 in  ()
#8  0x00007fffffff1a58 in  ()
#9  0x00007ffff7fcb740 in  ()
#10 0x00007ffff6bfc470 in CheckOverRecursedWithExtraInfo () at /usr/lib64/firefox-31.1.0/libxul.so
#11 0x00007fffd7a34940 in  ()
#12 0x00007ffff7e6f120 in  ()
#13 0x0000000000000701 in  ()
#14 0x00007fffffff1aa0 in  ()
#15 0x0000000000000000 in  ()

CC: (none) => olav

Comment 19 Frank Griffin 2014-09-15 22:46:28 CEST
(In reply to Olav Vitters from comment #18)
> My backtrace:

That looks very similar to the one I posted on the ML.  I got it starting FF after having killed it with open windows, and then trying to restore them when FF restarted.

CC: (none) => ftg

Han Willemsen 2014-09-16 16:23:11 CEST

CC: (none) => willemsj

Comment 20 Thierry Vignaud 2014-09-18 11:32:58 CEST
After looking at FC, I successfuly locally build ff-beta with gcc.
It seems to no more segfault.
I then uploaded it & pushed the same changes to firefox
but it still failed to build with gcc:
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20140918053223.tv.valstar.2980/log/firefox-31.1.0-4.mga5/

If someone wants to play with it...
Comment 21 Thierry Vignaud 2014-09-19 15:40:06 CEST
Noone?
Comment 22 Florian Hubold 2014-09-21 20:04:49 CEST
(In reply to Thierry Vignaud from comment #21)
> Noone?

Seems so ... :/
FWIW, for patch39 you forgot to actually apply that one, was that on purpose? There's no %apply_patches here ... ;)


Just had a chance to take a look at the logs again, and actual build error happens after all the warnings:

/home/iurt/rpmbuild/BUILD/mozilla-esr31/content/media/SharedBuffer.h:68: error: undefined reference to 'mozilla::AudioQueueMemoryFunctor::MallocSizeOf(void const*)'
/home/iurt/rpmbuild/BUILD/mozilla-esr31/content/media/MediaData.h:86: error: undefined reference to 'mozilla::AudioQueueMemoryFunctor::MallocSizeOf(void const*)'
collect2: error: ld returned 1 exit status
/home/iurt/rpmbuild/BUILD/mozilla-esr31/config/rules.mk:882: recipe for target 'libxul.so' failed
make[5]: *** [libxul.so] Error 1

Which seems to be fixed in FF32. I've added the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=999496 and will submit new build to updates_testing
Comment 23 Florian Hubold 2014-09-21 20:53:36 CEST
Yay! Finally got it to build with gcc again :)

Check firefox-31.1.0-5.mga5 from core/updates_testing
Comment 24 Rémi Verschelde 2014-09-21 20:59:07 CEST
Awesome! Thanks Florian. I'll check it out and report back :-)
Comment 25 Rémi Verschelde 2014-09-21 21:44:47 CEST
Works like a charm, I haven't had any crash so far, and I could test that flash, JS, HTML5 and java work properly.
Florian Hubold 2014-09-22 10:27:22 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=13575

Comment 26 Bernard SIAUD 2014-09-22 21:53:42 CEST
I think that it's good now !
Thanks !
Comment 27 Florian Hubold 2014-09-23 00:20:49 CEST
Ok, I'll try to clean some irrelevant changes and enable webRTC support, then we can close 3 bugs :)

.. although still need to find out why the clang builds break, maybe some compiler flags?
Comment 28 Thierry Vignaud 2014-09-23 11:05:47 CEST
It only started to segfault once we updated clang to 3.5
It worked fine with 3.4 so I think it's a clang regression
Comment 29 Thomas Backlund 2014-09-23 11:11:13 CEST
Yep, it's almost always some issues with new compiler versions,
either an "optimization" or "new feature" triggers problems with
old code...
Comment 30 Florian Hubold 2014-09-23 19:33:43 CEST
So please test the normal build firefox-31.1.0-6.mga5 (including webRTC support) and reopen if this reoccurs. Resolving per previous comments. Maybe if someone wants to play later with it again, clang can be enabled. But hopefully the packager who enables it also make sure it actually works :/

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 31 Thomas Backlund 2014-09-23 20:17:11 CEST
(In reply to Florian Hubold from comment #30)

> Maybe
> if someone wants to play later with it again, clang can be enabled. But
> hopefully the packager who enables it also make sure it actually works :/

Well, the reason for switching to clang was becuse build with gcc was broken.

And now we switch back to gcc since build with clang is broken... 

so we have come full circle :)

Note You need to log in before you can comment on or make changes to this bug.