Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp error 6 in plugin-container/libxul.so

Status changed to 'Confirmed' because the bug affects multiple users.

Hi. On Mar 11, Firefox has been closed again. After a couple of hours, suddenly system began to slow down, mouse cursor moves very lazy etc. RAM usage was full. (I have only 1GB - planned to add more.) Anyway, there was YouTube and about 5, 6 other tabs opened. Additionally, a second Firefox was also running with a couple of tabs opened. System log files, such as, /var/log/kern.log and /var/log/syslog contained such entry:

● Mar 11 19:46:53 t4 kernel: [31159.076986] Out of memory: Kill process 4316 (plugin-containe) score 641 or sacrifice child

● Mar 11 19:46:53 t4 kernel: [31159.076992] Killed process 4316 (plugin-containe) total-vm:1865424kB, anon-rss:735720kB, file-rss:0kB

● Mar 11 19:47:33 t4 kernel: [31200.111636] Chrome_ChildThr[2619]: segfault at 0 ip b77b72e5 sp b21fe9f0 error 6 in plugin-container[b77b3000+1b000]

Generally, this log message is longer, but I think that it's appropriate for another, new thread. One thing, which makes me wonder is (I skipped the entry for date and kernel name):

● [31159.073984] Call Trace:
kernel: [31159.073993] [<c10fd0b5>] dump_header.isra.6+0x85/0xc0
kernel: [31159.073997] [<c10fd30c>] oom_kill_process+0x5c/0x80
kernel: [31159.074001] [<c10fd725>] out_of_memory+0xc5/0x1c0
kernel: [31159.074006] [<c110163e>] __alloc_pages_nodemask+0x72e/0x740
kernel: [31159.074010] [<c10fc408>] filemap_fault+0x1f8/0x370
kernel: [31159.074016] [<c1117eae>] __do_fault+0x6e/0x550
kernel: [31159.074020] [<c111b741>] handle_pte_fault+0xa1/0x2d0
kernel: [31159.074024] [<c111c6bb>] handle_mm_fault+0x21b/0x310
kernel: [31159.074029] [<c15bba28>] do_page_fault+0x158/0x4b0
kernel: [31159.074034] [<c1085fc5>] ? getnstimeofday+0x55/0x120
kernel: [31159.074039] [<c12c0ed0>] ? copy_to_user+0x40/0x60
kernel: [31159.074043] [<c1061732>] ? sys_gettimeofday+0x32/0x70
kernel: [31159.074047] [<c15bb8d0>] ? vmalloc_fault+0x195/0x195
kernel: [31159.074051] [<c15b8c53>] error_code+0x67/0x6c

According to the above entries (and the whole log), I wonder if I should create a new bug report, related to this issue. Here are some technical informations:

● Firefox 52.0 (32 bit.)

The rest is the same as in bug report. Thanks, best regards.

Hi. Today Firefox has been closed again - only two tabs opened, no reaction from my side. (No website with flash etc.) Anyway, log files contains:

● kernel: [ 327.337599] Chrome_ChildThr[2594]: segfault at 0 ip b77812e5 sp b21fe9f0 error 6 in plugin-container[b777d000+1b000]

There was available an update for flash-plugin (ver. 25.0.0.127ubuntu0.12.04.1). Firefox version remains the same as above - 52.0.

Thanks.

Repeated again.
[ 7070.061996] Chrome_ChildThr[13699]: segfault at 0 ip 000055c9be372ac7 sp 00007f331e6fe370 error 6 in plugin-container[55c9be36e000+1a000]

Same for me

Hello. Firefox has crashed again - today, after entering 'about:support' (in address bar) and pressing Enter key. Log files contain this entry:

✓ May 11 18:44:03 my_linux kernel: [25336.972878] Chrome_ChildThr[14103]: segfault at 0 ip b3610140 sp b12fee30 error 6 in libxul.so[b2f39000+44d1000]

However, this time it concerns Firefox 53.0.2 (update while ago) and 16.04 LTS Release. Definitely, something is wrong still.

Thanks, best regards.

Hi. During five days (since my last post - #5) there was about three, four segfaults in plugin-container. As always with the same log entry:

✓ May 16 18:19:42 my_linux kernel: [ 3000.656624] plugin-containe[2771]: segfault at 0 ip 800ee8a8 sp bfbeffe0 error 6 in plugin-container[800eb000+1c000]

There is a fix needed. Best regards.

Hello.

The last two days were full of the plugin-container segfault. However, today I noticed that pulseaudio and known alsa-sink issue (see; <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/320875/comments/28>) are related with this problem also. During watch e.g. YT video (with only one tab opened), suddenly, system is no responsive (with very, very slow mouse motion), audio is jamming etc. After a couple of minutes I can enable terminal and slowly run `$ killall firefox` command and check log files.

And /var/log/syslog file contains plugin-container segfault and alsa-sink entries. While /var/log/kern.log file contains only plugin-container entry.

✓ kernel: [24658.609247] plugin-containe[4287]: segfault at 0 ip 800128a8 sp bfdc2430 error 6 in plugin-container[8000f000+1c000]

If it's about pulseaudio/alsa-sink -- log entries are very similar with these mentioned in above link. There is, of course, a known message:

✓ Most likely this is a bug in the ALSA driver 'snd_hda_intel'. Please report this issue to the ALSA developers. (...)

Very similar problem: <https://bbs.archlinux.org/viewtopic.php?id=164605> Same things in my case: "The video stops, the audio loops the last second or so, and I get the following errors."

So, another day, another segfault.

Could you add the http link you have visited when FF crashed? Maybe someone can reproduce it.

Does your FF also crash with apparmor profile disabled?

My experience is that FF tolerates a lot of these apparmor-blocked actions which are reported in syslog. These logged errors are not necessarily the reason why FF crashed. But could, of course.

In your case, I would also check the system memory with mem86. Let it run during a weekend and see what happens.

Hello Thomas. Unfortunately, I can not give you a link to the website, because it happens randomly. (But mostly during watching YouTube etc.) I have to check this issue with AppArmor profile disabled or in a complain mode. But it must wait for sometime. I will let you know, what will be the result of this test.

And yes, I think you're right: Firefox seems to tolerate some of these DENIED actions, vide "speech-dispatcher" and blocked "x" access. A couple of weeks ago I've done a memory test with memtest86+ and everything is OK.

Best regards.

I'm seeing a similar crash with this message:
[ 5486.157823] Chrome_ChildThr[20218]: segfault at 0 ip 00007fa357e6ec10 sp 00007fa34c0fe7f0 error 6 in libxul.so[7fa3571c0000+401a000]

The page triggering this is:
http://www.lavanguardia.com

Just scrolling down the page I can reproduce this 100% of the times.

My setup:
Ubuntu 17.04.
Firefox: 53.0.3+build1-0ubuntu0.17.04.2

Since upgrading the kernel to 4.10.0-22-generic in Ubuntu 17.04 I haven't seen this bug any more. I think Firefox was also triggering a general system freeze through a problem in the kernel. See bug #1674838 and the many messages relating it to a firefox freeze.

Ignore my comment #12, just got the Firefox freeze using the 4.10.0-22-generic kernel.

> ● Mar 11 19:46:53 t4 kernel: [31159.076986] Out of memory: Kill process 4316 (plugin-containe) score 641 or sacrifice child

This looks like an out of memory condition in your system, rather than a bug in Ubuntu, so I'm setting the bug status to Invalid.

If you believe that this is really a bug, then you may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to New.

Perhaps Invalid was a little harsh. But, for example Apparmor isn't enforcing on Firefox by defualt, so it seems that you've done things on your system that you haven't detailed here. So we don't have fulls steps to reproduce the problem, so this report is at best Incomplete at the moment, and it isn't clear that your problem is due to a bug rather than something as a consequence of how you have your system configured.

I appreciate the problem may be hard to reproduce, but it'd be a start to describe how you've configured a system such that it _could_ happen.

Hello Robie. I understand your point of view. If it's about "Out of memory: Kill process" etc. message: I wrote that my computer has only 1GB of RAM memory and there are some plans to add more. (By the way; this is a computer for various tests.) And I've never wrote, that it's a problem in Ubuntu. This rather a Firefox issue.

After a clean 16.04 LTS installation, I'd enabled an AppArmor profile, added some dbus-related rules (please see: <https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988> and comment #45 etc.), installed three addons. When I noticed these problems with Chrome_ChildThr (it looks like this is a known issue, see: [2], [3] in my bug description and so on), I decided to disable flash-player - but with no luck. In the mean time, there was a couple of Firefox updates.

However, it seems, that this problem is really solved. I did not noticed this segfaults since a couple of weeks. For now, I'm using Firefox v54.0 with e10s enabled and everything seems to be OK.

I'm sorry, that I cannot describe it the better way. But, I'd mentioned every steps I'd done after 16.04 LTS Release installation.

Thanks Robie, best regards.

Thanks daniel. Based on your comments, I'll set the bug to Fix Released.

Hello Robie.

Unfortunately, this problem appeared again. Today, I have had Firefox enabled with just two tabs: YouTube and Google Translate. Suddenly, system start to slow down, disk diode was... red all the time, mouse cursor moved slowly etc. After a couple of minutes, I managed to start terminal and used '$ killall firefox' command, which helped -- system started to work faster again, clicking e.g. on a file, opened Mousepad almost immediately, in milliseconds etc.

Log files (such as '/var/log/syslog' or '/var/log/kern.log') contains:

✓ Sep 4 13:46:00 holycross kernel: [10194.439105] Chrome_~dThread[3599]: segfault at 0 ip b03f6b24 sp afaa1040 error 6 in libxul.so[afb73000+570f000]
✓ Sep 4 13:46:00 holycross kernel: [10195.084439] Chrome_~dThread[4040]: segfault at 0 ip b042fb24 sp afada040 error 6 in libxul.so[afbac000+570f000]

As we can see, there is a problem in 'libxul.so'. (See bug title.) Firefox version: 55.0.2 (32-bit), e10s enabled (4. processes; changed from 2. after update), four addons, no Flash. RAM memory checked with memtest64 - no problems.

I will keep an eye on this, because of a couple of months without problem. Maybe it was just an accident?

Thanks, best regards.

[Expired for firefox (Ubuntu) because there has been no activity for 60 days.]

I seem to have the same problem on Ubuntu 17.10, firefox-57.0.4+build1-0ubuntu0.17.10.1. I get random crashes about twice a day. The crash is usually accompaigned by a gnome-shell crash & restart. I observe no suspicios activity such as eating up too much RAM or a high CPU usage before the crash.

dmesg contains something like:

[230270.664890] rfkill: input handler enabled
[230276.136725] traps: gnome-shell[2403] general protection ip:7fa4c6c0cde2 sp:7ffe28542d40 error:0 in libgobject-2.0.so.0.5400.1[7fa4c6bd7000+52000]
[230295.837969] rfkill: input handler disabled
[230308.490256] rfkill: input handler enabled
[230332.394705] Chrome_~dThread[59613]: segfault at 0 ip 00007f3389d10e7d sp 00007f3387ffdb10 error 6 in libxul.so[7f3388ec3000+5805000]
[230332.475649] Chrome_~dThread[59369]: segfault at 0 ip 00007f7482b10e7d sp 00007f7480dfdb10 error 6
[230332.475652] Chrome_~dThread[67396]: segfault at 0 ip 00007f860b910e7d sp 00007f8609bfdb10 error 6
[230332.475656] in libxul.so[7f7481cc3000+5805000]
[230332.475657] in libxul.so[7f860aac3000+5805000]
[230341.929151] rfkill: input handler disabled

same here with firefox 59.0.2+build1-0ubuntu0.16.04.3

same here with
firefox 59.0.2+build1-0ubuntu0.16.04.3

still crashing multiple times a day now ... getting worse :(

@asgard2, open please another bug report with your system information. Try also to disable all add-ons and see if you see the crash, just in case it is not caused by an add-on. I was affected by this bug but I haven't seen this crash for months. This bug report is expired and nobody will pay attention to it.

reopened at:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1766875