User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008101315 Ubuntu/8.10 (intrepid) Firefox/3.0.3 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008101315 Ubuntu/8.10 (intrepid) Firefox/3.0.3 I've been getting a segfault several times a day now for a while and I've finally tracked it down. The details of several crashes can be found in the launchpad bug I've put in the URL field of this bug. Reproducible: Always Steps to Reproduce: 1. Run firefox3 2. Browse Actual Results: Crashes eventually Expected Results: Uhm. No crashing? :-) Here's the latest stack traces: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7d406c0 (LWP 22826)] GCGraphBuilder::AddNode (this=0xbf813e5c, s=0xa2a5540, aParticipant=0x8dc53f4) at nsCycleCollector.cpp:1287 1287 nsCycleCollector.cpp: No such file or directory. in nsCycleCollector.cpp Current language: auto; currently c++ (gdb) where #0 GCGraphBuilder::AddNode (this=0xbf813e5c, s=0xa2a5540, aParticipant=0x8dc53f4) at nsCycleCollector.cpp:1287 #1 0xb79a7401 in GCGraphBuilder::NoteScriptChild (this=0xbf813e5c, langID=2, child=0xa2a5540) at nsCycleCollector.cpp:1237 #2 0xb71f56b0 in NoteJSChild (trc=0x1354db20, thing=0xa2a5540, kind=0) at nsXPConnect.cpp:744 #3 0xb7cdddf9 in JS_CallTracer (trc=0xbf813db0, thing=0xa2a5540, kind=0) at jsgc.c:2449 #4 0xb7cf3ecc in js_TraceObject (trc=0xbf813db0, obj=0xac52a9a0) at jsobj.c:5082 #5 0xb7cddbba in JS_TraceChildren (trc=0xbf813db0, thing=0xac52a9a0, kind=0) at jsgc.c:2233 #6 0xb71f5770 in nsXPConnect::Traverse (this=0x8dc53e0, p=0xac52a9a0, cb=@0xbf813e5c) at nsXPConnect.cpp:935 #7 0xb79a6c84 in GCGraphBuilder::Traverse (this=0xbf813e5c, aPtrInfo=0x9d3288c4) at nsCycleCollector.cpp:1319 #8 0xb79a6ce7 in nsCycleCollector::MarkRoots (this=0x8dcd698, builder=@0xbf813e5c) at nsCycleCollector.cpp:1513 #9 0xb79a7795 in nsCycleCollector::BeginCollection (this=0x8dcd698) at nsCycleCollector.cpp:2368 #10 0xb79a77d8 in nsCycleCollector_beginCollection () at nsCycleCollector.cpp:2910 #11 0xb71f66cc in XPCCycleCollectGCCallback (cx=0x92a1838, status=JSGC_MARK_END) at nsXPConnect.cpp:440 #12 0xb7cded7a in js_GC (cx=0x92a1838, gckind=GC_NORMAL) at jsgc.c:3239 #13 0xb7cbb63a in JS_GC (cx=0x92a1838) at jsapi.c:2469 #14 0xb71f5950 in nsXPConnect::Collect (this=0x8dc53e0) at nsXPConnect.cpp:529 #15 0xb79a78fa in nsCycleCollector::Collect (this=0x8dcd698, aTryCollections=1) at nsCycleCollector.cpp:2250 #16 0xb79a7a39 in nsCycleCollector_collect () at nsCycleCollector.cpp:2898 #17 0xb75a2f42 in nsJSContext::CC () at nsJSEnvironment.cpp:3346 #18 0xb75a31fa in nsJSContext::Notify (this=0xacf47d68, timer=0x9e79d190) at nsJSEnvironment.cpp:3438 #19 0xb799ea42 in nsTimerImpl::Fire (this=0x9e79d190) at nsTimerImpl.cpp:403 #20 0xb799eab7 in nsTimerEvent::Run (this=0xa9883950) at nsTimerImpl.cpp:490 #21 0xb799c56c in nsThread::ProcessNextEvent (this=0x8db78d0, mayWait=1, result=0xbf8180b4) at nsThread.cpp:510 #22 0xb796cf88 in NS_ProcessNextEvent_P (thread=0x1354db20, mayWait=1) at nsThreadUtils.cpp:227 #23 0xb78f02c4 in nsBaseAppShell::Run (this=0x9185638) at nsBaseAppShell.cpp:170 #24 0xb7785ab8 in nsAppStartup::Run (this=0x91c7ed0) at nsAppStartup.cpp:181 #25 0xb71ea508 in XRE_main (argc=2, argv=0xbf81b814, aAppData=0x8d32830) at nsAppRunner.cpp:3194 #26 0x080491ab in ?? () #27 0xb7d58685 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #28 0x08048d11 in ?? () (gdb) thread apply all bt Thread 8 (Thread 0xb1532b90 (LWP 22935)): #0 0xb801c430 in __kernel_vsyscall () #1 0xb7fd3075 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7c76e39 in PR_WaitCondVar (cvar=0x8fc9380, timeout=4294967295) at ptsynch.c:405 #3 0xb7c76eb7 in PR_Wait (mon=0x8f689d8, timeout=4294967295) at ptsynch.c:584 #4 0xb799b791 in nsEventQueue::GetEvent (this=0x8e81238, mayWait=1, result=0xb1532304) at ../../dist/include/xpcom/nsAutoLock.h:340 #5 0xb799c540 in nsThread::ProcessNextEvent (this=0x8e81218, mayWait=1, result=0xb1532344) at nsThread.h:112 #6 0xb796cf88 in NS_ProcessNextEvent_P (thread=0x80, mayWait=1) at nsThreadUtils.cpp:227 #7 0xb799ccd3 in nsThread::ThreadFunc (arg=0x8e81218) at nsThread.cpp:253 #8 0xb7c7d1e1 in _pt_root (arg=0x9773c18) at ptthread.c:221 #9 0xb7fcf50f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #10 0xb7e237ee in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 6 (Thread 0xb5a7cb90 (LWP 22849)): #0 0xb801c430 in __kernel_vsyscall () #1 0xb7e18f77 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb7c78d8c in _pr_poll_with_poll (pds=0x8e46848, npds=1, timeout=4294967295) at ptio.c:3895 #3 0xb7247a7b in nsSocketTransportService::Poll (this=0x8e46368, wait=1, interval=0xb5a7c1e8) at nsSocketTransportService2.cpp:349 #4 0xb7247f70 in nsSocketTransportService::DoPollIteration (this=0x8e46368, wait=1) at nsSocketTransportService2.cpp:644 #5 0xb724821a in nsSocketTransportService::OnProcessNextEvent (this=0x8e46368, thread=0x8e43810, mayWait=1, depth=1) at nsSocketTransportService2.cpp:523 #6 0xb799c50e in nsThread::ProcessNextEvent (this=0x8e43810, mayWait=1, result=0xb5a7c294) at nsThread.cpp:497 #7 0xb796cf88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1) at nsThreadUtils.cpp:227 #8 0xb7247c93 in nsSocketTransportService::Run (this=0x8e46368) at nsSocketTransportService2.cpp:565 #9 0xb799c56c in nsThread::ProcessNextEvent (this=0x8e43810, mayWait=1, result=0xb5a7c344) at nsThread.cpp:510 #10 0xb796cf88 in NS_ProcessNextEvent_P (thread=0x1, mayWait=1) at nsThreadUtils.cpp:227 #11 0xb799ccd3 in nsThread::ThreadFunc (arg=0x8e43810) at nsThread.cpp:253 #12 0xb7c7d1e1 in _pt_root (arg=0x8e46bd0) at ptthread.c:221 #13 0xb7fcf50f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #14 0xb7e237ee in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 5 (Thread 0xb527bb90 (LWP 22850)): #0 0xb801c430 in __kernel_vsyscall () #1 0xb7fd33a2 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7c75f9e in pt_TimedWait (cv=0x8da7424, ml=0x8db7c98, timeout=113) at ptsynch.c:280 #3 0xb7c76dc0 in PR_WaitCondVar (cvar=0x8da7420, timeout=113) at ptsynch.c:407 #4 0xb799f4bc in TimerThread::Run (this=0x8db7be0) at TimerThread.cpp:345 #5 0xb799c56c in nsThread::ProcessNextEvent (this=0x8e823c8, mayWait=1, result=0xb527b344) at nsThread.cpp:510 #6 0xb796cf88 in NS_ProcessNextEvent_P (thread=0x80, mayWait=1) at nsThreadUtils.cpp:227 #7 0xb799ccd3 in nsThread::ThreadFunc (arg=0x8e823c8) at nsThread.cpp:253 #8 0xb7c7d1e1 in _pt_root (arg=0x8e825e8) at ptthread.c:221 #9 0xb7fcf50f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #10 0xb7e237ee in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 4 (Thread 0xb488bb90 (LWP 22854)): #0 0xb801c430 in __kernel_vsyscall () #1 0xb7fd3075 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7c76e39 in PR_WaitCondVar (cvar=0x9389d00, timeout=4294967295) at ptsynch.c:405 #3 0xb77a5266 in nsSSLThread::Run (this=0x934ea60) at nsSSLThread.cpp:964 #4 0xb77a4b9a in nsPSMBackgroundThread::nsThreadRunner (arg=0x934ea60) at nsPSMBackgroundThread.cpp:44 #5 0xb7c7d1e1 in _pt_root (arg=0x9389d40) at ptthread.c:221 #6 0xb7fcf50f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #7 0xb7e237ee in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 3 (Thread 0xb381eb90 (LWP 22855)): #0 0xb801c430 in __kernel_vsyscall () #1 0xb7fd3075 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7c76e39 in PR_WaitCondVar (cvar=0x9389ea0, timeout=4294967295) at ptsynch.c:405 #3 0xb77a62fe in nsCertVerificationThread::Run (this=0x9389df0) at nsCertVerificationThread.cpp:138 #4 0xb77a4b9a in nsPSMBackgroundThread::nsThreadRunner (arg=0x9389df0) at nsPSMBackgroundThread.cpp:44 #5 0xb7c7d1e1 in _pt_root (arg=0x9389ee0) at ptthread.c:221 #6 0xb7fcf50f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #7 0xb7e237ee in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 1 (Thread 0xb7d406c0 (LWP 22826)): #0 GCGraphBuilder::AddNode (this=0xbf813e5c, s=0xa2a5540, aParticipant=0x8dc53f4) at nsCycleCollector.cpp:1287 #1 0xb79a7401 in GCGraphBuilder::NoteScriptChild (this=0xbf813e5c, langID=2, child=0xa2a5540) at nsCycleCollector.cpp:1237 #2 0xb71f56b0 in NoteJSChild (trc=0x1354db20, thing=0xa2a5540, kind=0) at nsXPConnect.cpp:744 #3 0xb7cdddf9 in JS_CallTracer (trc=0xbf813db0, thing=0xa2a5540, kind=0) at jsgc.c:2449 #4 0xb7cf3ecc in js_TraceObject (trc=0xbf813db0, obj=0xac52a9a0) at jsobj.c:5082 #5 0xb7cddbba in JS_TraceChildren (trc=0xbf813db0, thing=0xac52a9a0, kind=0) at jsgc.c:2233 #6 0xb71f5770 in nsXPConnect::Traverse (this=0x8dc53e0, p=0xac52a9a0, cb=@0xbf813e5c) at nsXPConnect.cpp:935 #7 0xb79a6c84 in GCGraphBuilder::Traverse (this=0xbf813e5c, aPtrInfo=0x9d3288c4) at nsCycleCollector.cpp:1319 #8 0xb79a6ce7 in nsCycleCollector::MarkRoots (this=0x8dcd698, builder=@0xbf813e5c) at nsCycleCollector.cpp:1513 #9 0xb79a7795 in nsCycleCollector::BeginCollection (this=0x8dcd698) at nsCycleCollector.cpp:2368 #10 0xb79a77d8 in nsCycleCollector_beginCollection () at nsCycleCollector.cpp:2910 #11 0xb71f66cc in XPCCycleCollectGCCallback (cx=0x92a1838, status=JSGC_MARK_END) at nsXPConnect.cpp:440 #12 0xb7cded7a in js_GC (cx=0x92a1838, gckind=GC_NORMAL) at jsgc.c:3239 #13 0xb7cbb63a in JS_GC (cx=0x92a1838) at jsapi.c:2469 #14 0xb71f5950 in nsXPConnect::Collect (this=0x8dc53e0) at nsXPConnect.cpp:529 #15 0xb79a78fa in nsCycleCollector::Collect (this=0x8dcd698, aTryCollections=1) at nsCycleCollector.cpp:2250 #16 0xb79a7a39 in nsCycleCollector_collect () at nsCycleCollector.cpp:2898 #17 0xb75a2f42 in nsJSContext::CC () at nsJSEnvironment.cpp:3346 #18 0xb75a31fa in nsJSContext::Notify (this=0xacf47d68, timer=0x9e79d190) at nsJSEnvironment.cpp:3438 #19 0xb799ea42 in nsTimerImpl::Fire (this=0x9e79d190) at nsTimerImpl.cpp:403 #20 0xb799eab7 in nsTimerEvent::Run (this=0xa9883950) at nsTimerImpl.cpp:490 #21 0xb799c56c in nsThread::ProcessNextEvent (this=0x8db78d0, mayWait=1, result=0xbf8180b4) at nsThread.cpp:510 #22 0xb796cf88 in NS_ProcessNextEvent_P (thread=0x1354db20, mayWait=1) at nsThreadUtils.cpp:227 #23 0xb78f02c4 in nsBaseAppShell::Run (this=0x9185638) at nsBaseAppShell.cpp:170 #24 0xb7785ab8 in nsAppStartup::Run (this=0x91c7ed0) at nsAppStartup.cpp:181 #25 0xb71ea508 in XRE_main (argc=2, argv=0xbf81b814, aAppData=0x8d32830) at nsAppRunner.cpp:3194 #26 0x080491ab in ?? () #27 0xb7d58685 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #28 0x08048d11 in ?? () Please be my hero and solve this one. :-)