Ubuntu
firefox-3.0 package

segfault in PL_DHashTableOperate

Bug #286155 reported by Brian J. Murrell
2
Affects Status Importance Assigned to Milestone
firefox-3.0 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: firefox

I have been seeing many firefox 3 crashes lately. Finally decided to hook gdb up to firefox in an effort to figure out where these crashes are coming from. Here's what I found:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7c416c0 (LWP 10505)]
0xb7867f94 in PL_DHashTableOperate (table=0xbf816ef8, key=0x8314a00,
    op=PL_DHASH_ADD) at pldhash.c:588
588 pldhash.c: No such file or directory.
 in pldhash.c
(gdb) thread apply all bt

Thread 71 (Thread 0xb27ffb90 (LWP 13818)):
#0 0xb7f1d430 in __kernel_vsyscall ()
#1 0xb7d19f77 in poll () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7b79d8c in _pr_poll_with_poll (pds=0xb27ff2ec, npds=1,
    timeout=4294967295) at ptio.c:3895
#3 0xb7b80b21 in WaitPidDaemonThread (unused=0x0) at uxproces.c:723
#4 0xb7b7e1e1 in _pt_root (arg=0xafdcd3d8) at ptthread.c:221
#5 0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#6 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 10 (Thread 0xb1e6bb90 (LWP 10872)):
#0 0xb7f1d430 in __kernel_vsyscall ()
#1 0xb7d19f77 in poll () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7b79d8c in _pr_poll_with_poll (pds=0x82a0240, npds=1,
    timeout=4294967295) at ptio.c:3895
#3 0xb7148a7b in nsSocketTransportService::Poll (this=0x829fd60, wait=1,
    interval=0xb1e6b1e8) at nsSocketTransportService2.cpp:349
#4 0xb7148f70 in nsSocketTransportService::DoPollIteration (this=0x829fd60,
    wait=1) at nsSocketTransportService2.cpp:644
#5 0xb714921a in nsSocketTransportService::OnProcessNextEvent (
    this=0x829fd60, thread=0x894e988, mayWait=1, depth=1)
    at nsSocketTransportService2.cpp:523
#6 0xb789d50e in nsThread::ProcessNextEvent (this=0x894e988, mayWait=1,
    result=0xb1e6b294) at nsThread.cpp:497
#7 0xb786df88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1)
    at nsThreadUtils.cpp:227
#8 0xb7148c93 in nsSocketTransportService::Run (this=0x829fd60)
    at nsSocketTransportService2.cpp:565
#9 0xb789d56c in nsThread::ProcessNextEvent (this=0x894e988, mayWait=1,
    result=0xb1e6b344) at nsThread.cpp:510
#10 0xb786df88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1)
    at nsThreadUtils.cpp:227
#11 0xb789dcd3 in nsThread::ThreadFunc (arg=0x894e988) at nsThread.cpp:253
#12 0xb7b7e1e1 in _pt_root (arg=0x9a13488) at ptthread.c:221
#13 0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#14 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 8 (Thread 0xb3ff1b90 (LWP 10818)):
#0 0xb7f1d430 in __kernel_vsyscall ()
#1 0xb7ed708b in write () from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb77dbfa9 in nsAppShell::ScheduleNativeEventCallback (this=0x82d1708)
    at nsAppShell.cpp:138
#3 0xb77f1294 in nsBaseAppShell::OnDispatchedEvent (this=0x82d1708,
    thr=0x82286b0) at nsBaseAppShell.cpp:236
#4 0xb789d396 in nsThread::PutEvent (this=0x82286b0, event=0xb56ad470)
    at nsThread.cpp:368
#5 0xb78a1f6a in nsProxyEventObject::CallMethod (this=0xa7c4e448,
    methodIndex=<value optimized out>, methodInfo=0x8fc4ba0, params=0xb3ff110c)
    at nsProxyEventObject.cpp:238
#6 0xb78a9f04 in PrepareAndDispatch (methodIndex=<value optimized out>,
    self=0xa7c4e468, args=<value optimized out>)
    at xptcstubs_gcc_x86_unix.cpp:95
#7 0xb76959d3 in nsUrlClassifierDBServiceWorker::GetTables (this=0x926e0f0,
    c=0xa7c4e468) at nsUrlClassifierDBService.cpp:1756
#8 0xb78a93f9 in NS_InvokeByIndex_P ()
   from /usr/lib/xulrunner-1.9.0.3/libxul.so
#9 0xb78a1789 in nsProxyObjectCallInfo::Run (this=0xa7c4e490)
    at nsProxyEvent.cpp:181
#10 0xb789d56c in nsThread::ProcessNextEvent (this=0x8564a48, mayWait=1,
    result=0xb3ff1344) at nsThread.cpp:510
#11 0xb786df88 in NS_ProcessNextEvent_P (thread=0xb3ff103f, mayWait=1)
    at nsThreadUtils.cpp:227
#12 0xb789dcd3 in nsThread::ThreadFunc (arg=0x8564a48) at nsThread.cpp:253
#13 0xb7b7e1e1 in _pt_root (arg=0x8b57070) at ptthread.c:221
#14 0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 5 (Thread 0xb515bb90 (LWP 10510)):
#0 0xb7f1d430 in __kernel_vsyscall ()
#1 0xb7ed43a2 in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb7b76f9e in pt_TimedWait (cv=0x82283e4, ml=0x8238c38, timeout=45)
    at ptsynch.c:280
#3 0xb7b77dc0 in PR_WaitCondVar (cvar=0x82283e0, timeout=45) at ptsynch.c:407
#4 0xb78a04bc in TimerThread::Run (this=0x8238dd8) at TimerThread.cpp:345
#5 0xb789d56c in nsThread::ProcessNextEvent (this=0x8359800, mayWait=1,
    result=0xb515b344) at nsThread.cpp:510
#6 0xb786df88 in NS_ProcessNextEvent_P (thread=0x80, mayWait=1)
    at nsThreadUtils.cpp:227
#7 0xb789dcd3 in nsThread::ThreadFunc (arg=0x8359800) at nsThread.cpp:253
#8 0xb7b7e1e1 in _pt_root (arg=0x8359a08) at ptthread.c:221
#9 0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 4 (Thread 0xb47f2b90 (LWP 10521)):
#0 0xb7f1d430 in __kernel_vsyscall ()
#1 0xb7ed4075 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb7b77e39 in PR_WaitCondVar (cvar=0x8661580, timeout=4294967295)
    at ptsynch.c:405
#3 0xb76a6266 in nsSSLThread::Run (this=0x86614f8) at nsSSLThread.cpp:964
#4 0xb76a5b9a in nsPSMBackgroundThread::nsThreadRunner (arg=0x86614f8)
    at nsPSMBackgroundThread.cpp:44
#5 0xb7b7e1e1 in _pt_root (arg=0x86615c0) at ptthread.c:221
#6 0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#7 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (Thread 0xb3785b90 (LWP 10522)):
#0 0xb7f1d430 in __kernel_vsyscall ()
#1 0xb7ed4075 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb7b77e39 in PR_WaitCondVar (cvar=0x8661750, timeout=4294967295)
    at ptsynch.c:405
#3 0xb76a72fe in nsCertVerificationThread::Run (this=0x86616a0)
    at nsCertVerificationThread.cpp:138
#4 0xb76a5b9a in nsPSMBackgroundThread::nsThreadRunner (arg=0x86616a0)
    at nsPSMBackgroundThread.cpp:44
#5 0xb7b7e1e1 in _pt_root (arg=0x8661790) at ptthread.c:221
#6 0xb7ed050f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#7 0xb7d247ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb7c416c0 (LWP 10505)):
#0 0xb7867f94 in PL_DHashTableOperate (table=0xbf816ef8, key=0x8314a00,
    op=PL_DHASH_ADD) at pldhash.c:588
#1 0xb78a8304 in GCGraphBuilder::AddNode (this=0xbf816edc, s=0x8314a00,
    aParticipant=0xb7b43c54) at nsCycleCollector.cpp:1285
#2 0xb710a76a in XPCJSRuntime::AddXPConnectRoots (this=0x82b0d08,
    cx=0x8516338, cb=@0xbf816edc) at xpcjsruntime.cpp:428
#3 0xb70f75cf in nsXPConnect::BeginCycleCollection (this=0x82b0c70,
    cb=@0xbf816edc) at nsXPConnect.cpp:624
#4 0xb78a874a in nsCycleCollector::BeginCollection (this=0x824e6b0)
    at nsCycleCollector.cpp:2317
#5 0xb78a87d8 in nsCycleCollector_beginCollection ()
    at nsCycleCollector.cpp:2910
#6 0xb70f76cc in XPCCycleCollectGCCallback (cx=0x8516338,
    status=JSGC_MARK_END) at nsXPConnect.cpp:440
#7 0xb7bdfd7a in js_GC (cx=0x8516338, gckind=GC_NORMAL) at jsgc.c:3239
#8 0xb7bbc63a in JS_GC (cx=0x8516338) at jsapi.c:2469
#9 0xb70f6950 in nsXPConnect::Collect (this=0x82b0c70) at nsXPConnect.cpp:529
#10 0xb78a88fa in nsCycleCollector::Collect (this=0x824e6b0, aTryCollections=1)
    at nsCycleCollector.cpp:2250
#11 0xb78a8a39 in nsCycleCollector_collect () at nsCycleCollector.cpp:2898
#12 0xb74a3f42 in nsJSContext::CC () at nsJSEnvironment.cpp:3346
#13 0xb74a4227 in nsCCMemoryPressureObserver::Observe (this=0x8515bb0,
    aSubject=0xb7b523b0, aTopic=0xb79f35f8 "memory-pressure", aData=0xb7a54ac8)
    at nsJSEnvironment.cpp:311
#14 0xb78779a0 in nsObserverList::NotifyObservers (this=0x86a85e8,
    aSubject=0xb7b523b0, aTopic=0xb79f35f8 "memory-pressure",
    someData=0xb7a54ac8) at nsObserverList.cpp:128
#15 0xb7877c6e in nsObserverService::NotifyObservers (this=0x82a0fa0,
    aSubject=0xb7b523b0, aTopic=0xb79f35f8 "memory-pressure",
    someData=0xb7a54ac8) at nsObserverService.cpp:181
#16 0xb78a4ed9 in nsMemoryImpl::RunFlushers (this=0xb7b523b0,
    aReason=0xb7a54ac8) at nsMemoryImpl.cpp:253
#17 0xb78a4f1a in nsMemoryImpl::FlushEvent::Run (this=0xb7b523a8)
    at nsMemoryImpl.cpp:268
#18 0xb789d56c in nsThread::ProcessNextEvent (this=0x82286b0, mayWait=1,
    result=0xbf81b194) at nsThread.cpp:510
#19 0xb786df88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1)
    at nsThreadUtils.cpp:227
#20 0xb77f12c4 in nsBaseAppShell::Run (this=0x82d1708)
    at nsBaseAppShell.cpp:170
#21 0xb7686ab8 in nsAppStartup::Run (this=0x83145b8) at nsAppStartup.cpp:181
#22 0xb70eb508 in XRE_main (argc=2, argv=0xbf81e8f4, aAppData=0x81b3830)
    at nsAppRunner.cpp:3194
#23 0x080491ab in ?? ()
#24 0xb7c59685 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#25 0x08048d11 in ?? ()
(gdb)

This is using Intrepid from about a week or two ago.

Revision history for this message
Brian J. Murrell (brian-interlinx) wrote :

I should add, firefox is up to date on this installation:

$ apt-cache policy firefox
firefox:
  Installed: 3.0.3+nobinonly-0ubuntu1
  Candidate: 3.0.3+nobinonly-0ubuntu1
  Version table:
 *** 3.0.3+nobinonly-0ubuntu1 0
        500 http://apt.interlinx.bc.ca intrepid/main Packages
        100 /var/lib/dpkg/status

Revision history for this message
Brian J. Murrell (brian-interlinx) wrote :

This should be changed from firefox to firefox-3.0

Revision history for this message
John Vivirito (gnomefreak) wrote :

Thank you for taking the time to file this bug report with us. Closing due to age. If this is still a problem in 3.0.7 please reopen this bug.
Also please reopen with all new information on how to reproduce this bug by giving us step by step instructions.
We also need what happens what is expected to happen.
To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in firefox-3.0 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.