Ubuntu
firefox-3.0 package

*** glibc detected *** ...firefox-3.0/firefox: free(): invalid next size

Bug #243963 reported by Remove Me
8
Affects Status Importance Assigned to Milestone
firefox-3.0 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: firefox

For reasons unknown. Firefox 3 with flash plugin on 64bit system (through nspluginwrapper. But there wasn't much of Flash, AFAIK).
On stderr (from .xsession-errors):

*** glibc detected *** /usr/lib/firefox-3.0/firefox: free(): invalid next size (fast): 0x00007f18b26040f0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f18c5cb308a]
/lib/libc.so.6(cfree+0x8c)[0x7f18c5cb6c1c]
/usr/lib/xulrunner-1.9/libmozjs.so[0x7f18c5795ccd]
/usr/lib/xulrunner-1.9/libmozjs.so[0x7f18c57557de]
/usr/lib/xulrunner-1.9/libxul.so[0x7f18c4108413]
... (the complete files will be attached)

Complete backtrace (from the core):
(gdb) bt
#0 0x00007f18c694d69b in raise () from /lib/libpthread.so.0
#1 0x00007f18c4104f26 in nsProfileLock::FatalSignalHandler (signo=6) at nsProfileLock.cpp:212
#2 <signal handler called>
#3 0x00007f18c5c71095 in raise () from /lib/libc.so.6
#4 0x00007f18c5c72af0 in abort () from /lib/libc.so.6
#5 0x00007f18c5caba7b in __libc_message () from /lib/libc.so.6
#6 0x00007f18c5cb308a in _int_free () from /lib/libc.so.6
#7 0x00007f18c5cb6c1c in free () from /lib/libc.so.6
#8 0x00007f18c5795ccd in js_FinalizeStringRT (rt=0x738ec0, str=0x7f18b08737e0, type=6, cx=0x0) at jsstr.c:2652
#9 0x00007f18c57557de in js_GC (cx=0xb73cd0, gckind=GC_NORMAL) at jsgc.c:3341
#10 0x00007f18c4108413 in nsXPConnect::Collect (this=0x766740) at nsXPConnect.cpp:529
#11 0x00007f18c48a1740 in nsCycleCollector::Collect (this=0x7f18c6c1b010, aTryCollections=1) at nsCycleCollector.cpp:2250
#12 0x00007f18c4497067 in nsJSContext::CC () at nsJSEnvironment.cpp:3346
#13 0x00007f18c4497120 in nsJSContext::MaybeCC (aHigherProbability=1) at nsJSEnvironment.cpp:3397
#14 0x00007f18c4497293 in nsJSContext::Notify (this=0x7f18b096f210, timer=<value optimized out>) at nsJSEnvironment.cpp:3438
#15 0x00007f18c4899c75 in nsTimerImpl::Fire (this=0x7f18b2f2bb10) at nsTimerImpl.cpp:403
#16 0x00007f18c489a118 in nsTimerEvent::Run (this=<value optimized out>) at nsTimerImpl.cpp:490
#17 0x00007f18c4897db2 in nsThread::ProcessNextEvent (this=0x6a9010, mayWait=1, result=0x7fffced7617c) at nsThread.cpp:510
#18 0x00007f18c486c181 in NS_ProcessNextEvent_P (thread=0xddf, mayWait=1) at nsThreadUtils.cpp:227
#19 0x00007f18c47eea67 in nsBaseAppShell::Run (this=0x828760) at nsBaseAppShell.cpp:170
#20 0x00007f18c4686c93 in nsAppStartup::Run (this=0x87f310) at nsAppStartup.cpp:181
#21 0x00007f18c40ff723 in XRE_main (argc=<value optimized out>, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3170
#22 0x00000000004014f7 in ?? ()
#23 0x00007f18c5c5d1c4 in __libc_start_main () from /lib/libc.so.6
#24 0x00000000004010f9 in ?? ()
#25 0x00007fffced77798 in ?? ()
#26 0x0000000000000000 in ?? ()
(gdb)

Versions:

firefox:
  Installed: 3.0+nobinonly-0ubuntu0.8.04.1
  Candidate: 3.0+nobinonly-0ubuntu0.8.04.1
  Version table:
 *** 3.0+nobinonly-0ubuntu0.8.04.1 0
        500 http://archive.ubuntu.com hardy-updates/main Packages
        100 /var/lib/dpkg/status
     3.0~b5+nobinonly-0ubuntu3 0
        500 http://archive.ubuntu.com hardy/main Packages

xulrunner-1.9:
  Installed: 1.9+nobinonly-0ubuntu0.8.04.1
  Candidate: 1.9+nobinonly-0ubuntu0.8.04.1
  Version table:
 *** 1.9+nobinonly-0ubuntu0.8.04.1 0
        500 http://archive.ubuntu.com hardy-updates/main Packages
        100 /var/lib/dpkg/status
     1.9~b5+nobinonly-0ubuntu3 0
        500 http://archive.ubuntu.com hardy/main Packages

libc6:
  Installed: 2.7-10ubuntu3
  Candidate: 2.7-10ubuntu3
  Version table:
 *** 2.7-10ubuntu3 0
        500 http://archive.ubuntu.com hardy/main Packages
        100 /var/lib/dpkg/status

Revision history for this message
Remove Me (remove-me) wrote :
Revision history for this message
Remove Me (remove-me) wrote :

The core file available on request (16Mb)

Revision history for this message
Chris Goldman (cgoldman) wrote :

I, too, have been having this problem, only for the past week or so. At this point, even with -safe-mode, Firefox would freeze or crash immediately on startup.

After running "apt-get purge" on a couple of recently-installed packages, however, things are back to normal (I'm using FF3 to send this).

The offending packages seem to be: pango-graphite and its dependent package, libgraphite3. I realize this is mere anecdote, but the change was instant, and perhaps bears investigation by others.

Revision history for this message
Chris Goldman (cgoldman) wrote :

Ah, I suppose I should note:

I'm running:
uname -a: 2.6.24-19-rt #1 SMP PREEMPT RT Wed Aug 20 20:13:12 UTC 2008 x86_64 GNU/Linux
firefox-3.0: 3.0~b5+nobinonly-0ubuntu3

Purged:
pango-graphite: 0.9.2-3
libgraphite3: 1:2.2.1-2

In addition to no longer crashing or freezing, and thus seeing the backtrace, I also no longer see the series of warnings like this:

** (firefox:11125): WARNING **: Exception in gr::RangeSegment

Revision history for this message
Martin Mai (mrkanister-deactivatedaccount-deactivatedaccount) wrote :

 Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

Changed in firefox-3.0:
status: New → Incomplete
Revision history for this message
Remove Me (remove-me) wrote : Re: [Bug 243963] Re: *** glibc detected *** ...firefox-3.0/firefox: free(): invalid next size

2009/1/20 Martin Mai <email address hidden>:
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better. You reported this bug a while ago and there hasn't been
> any activity in it recently. We were wondering if this is still an issue
> for you. ...

No. I stopped using nspluginwrapper and 32bit flash plugin.
The 64 bit flash plugin is just as good (which is pretty bad, frankly).

> ... Can you try with the latest Ubuntu release?

Not going to.

Revision history for this message
John Vivirito (gnomefreak) wrote :

Alex maybe for Jaunty+1 but it will not see Jaunty or before for a long time
Closing since it is no longer reproducible due to reporter using unofficial falsh package.

Revision history for this message
John Storta Jr. (jstorta) wrote :

I wanted to add to this thread as this is one issue that frustrates me while making the switch from Windows to Ubuntu. I am willing to test anything if anyone has any ideas.

I am running Jaunty 64-bit. Right now it is running out of the box with only the following apps added.

Flash
VLC with codecs
JDK 6 from Sun (Not through Synaptec)
Jedit
FlightGear
Atlas

Let me know how to provide the specific package names and I will get them.

I believe I have identified Flash as the common thread when Firefox hangs. It seems when Firefox hangs it is when I am on a page that has flash ads.

To try and get more info about the crashes, I ran Firefox from a terminal. I did some normal surfing of the web and eventually stopped at espn.com. I got pulled away from my computer and left the browser at the ESPN page. When I came back about 30 minutes later, Firefox was hung.

I tried to manually kill the npviewer process, which has worked in the past, but it just became a zombie and I had to force quit Firefox.

I have attached the output fromt he terminal session in hopes it provides some details that might help.

Let me know if there is anything else I can provide or test.

Thanks,
John S.

Revision history for this message
xteejx (xteejx) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner.
There have been many changes in Ubuntu since that time you reported the bug and your problem may have been fixed with some of the updates. It would help us a lot if you could test the current Ubuntu version (10.10). If you can test it, and it is still an issue, we would appreciate if you could upload updated logs by running apport-collect <bug #>, and any other logs that are relevant for this particular issue.

Revision history for this message
Remove Me (remove-me) wrote :

On Sun, Oct 17, 2010 at 15:04, Teej <email address hidden> wrote:
> Thank you for taking the time to report this bug and helping to make Ubuntu better.

I don't fucking care if Ubuntu becomes better. For what I care it can
burn down to ashes.
This "supporty" line reminds me of IT support at work... Same proud uselessness.

> It would help us a lot if you could test the current Ubuntu version (10.10).

Go to hell. Stop, read the fucking discussion first, than go to hell.

Revision history for this message
xteejx (xteejx) wrote :

Thank you for your bug report. To maintain a respectful atmosphere, please follow the code of conduct - http://www.ubuntu.com/community/conduct/ . Bug reports are handled by humans, the majority of whom are volunteers, so please bear this in mind.
Bug closed.

Changed in firefox-3.0 (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Robert Collins (lifeless) wrote :

Alex, you may wish to unsubscribe from this bug as it no longer affects you.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.