Crash in mozalloc_abort | abort | libdbus-1.so.3.19.3@0x39476
RESOLVED
FIXED
in Firefox 59
Status
People
(Reporter: calixte, Assigned: stransky)
Tracking
(Blocks 1 bug, {crash, regression})
Firefox Tracking Flags
(firefox-esr52 unaffected, firefox57 unaffected, firefox58 unaffected, firefox59 fixed)
Details
(Whiteboard: [clouseau], crash signature, )
Attachments
(2 attachments)
This bug was filed from the Socorro interface and is report bp-a6a23341-7484-4344-8ff3-a44b50171118. ============================================================= Top 10 frames of crashing thread: 0 firefox mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:33 1 firefox abort memory/mozalloc/mozalloc_abort.cpp:80 2 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x39476 3 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x2f932 4 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x3a7bf 5 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x3a59f 6 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x3a5c4 7 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x31ef4 8 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x1e177 9 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x117c7 ============================================================= There are 127 crashes in nightly 59 starting with buildid 20171118100420 where the proto-signature contains the function nsDBusRemoteService::Startup. In analyzed the backtrace, the regression may have been introduced by patch [1] to fix bug 1360566.
Flags: needinfo?(stransky)
|
Reporter | |
Comment 1•2 years ago
|
||
Forgot the link for [1]: [1] https://hg.mozilla.org/mozilla-central/rev?node=8a07d34a17b6
|
Assignee | |
Updated•2 years ago
|
Assignee: nobody → stransky
|
|
Assignee | |
Comment 3•2 years ago
|
||
Looks like dbus_bus_request_name() does not like the nullptr as an error parameter.
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Updated•2 years ago
|
Attachment #8930089 -
Flags: review?(jhorak)
|
||
Comment 6•2 years ago
|
||
| mozreview-review | ||
Comment on attachment 8930087 [details] Bug 1418985 - pass valid error parameter to dbus_bus_request_name() instead of nullptr, https://reviewboard.mozilla.org/r/201274/#review206362
Attachment #8930087 -
Flags: review?(jhorak) → review+
|
|
||
Comment 7•2 years ago
|
||
| mozreview-review | ||
Comment on attachment 8930089 [details] Bug 1418985 - pass valid error parameter to dbus_bus_get() instead of nullptr, jhorak https://reviewboard.mozilla.org/r/201276/#review206364
Attachment #8930089 -
Flags: review?(jhorak) → review+
Pushed by stransky@redhat.com: https://hg.mozilla.org/integration/autoland/rev/a3d92be6ee55 pass valid error parameter to dbus_bus_request_name() instead of nullptr, r=jhorak https://hg.mozilla.org/integration/autoland/rev/76503049cd52 pass valid error parameter to dbus_bus_get() instead of nullptr, jhorak r=jhorak
|
||
Comment 9•2 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/a3d92be6ee55 https://hg.mozilla.org/mozilla-central/rev/76503049cd52
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
|
|
Reporter | |
Comment 10•2 years ago
|
||
There are 13 crashes after the patch has landed: http://bit.ly/2zaZ7v4
|
|
Assignee | |
Comment 11•2 years ago
|
||
I managed to reproduce it, there's the backtrace:
#0 0x000000000040898b in mozalloc_abort(char const*) ()
#1 0x0000000000408955 in mozalloc_abort(char const*) ()
#2 0x00007fffeebd88c4 in _dbus_abort () at ../../dbus/dbus-sysdeps.c:93
#3 0x00007fffeebcf150 in _dbus_warn_check_failed (format=format@entry=0x7fffeebdee68 "arguments to %s() were incorrect, assertion \"%s\" failed in file %s line %d.\nThis is normally a bug in some application using the D-Bus library.\n")
at ../../dbus/dbus-internals.c:281
#4 0x00007fffeebcf86a in _dbus_warn_return_if_fail (function=function@entry=0x7fffeebd9be0 <__func__.4674> "dbus_bus_request_name", assertion=assertion@entry=0x7fffeebd99c0 "_dbus_check_is_valid_bus_name (name)", file=file@entry=0x7fffeebd99e5 "../../dbus/dbus-bus.c", line=line@entry=1122) at ../../dbus/dbus-internals.c:936
#5 0x00007fffeebb1c07 in dbus_bus_request_name (connection=0x7ffff685d010, name=<optimized out>, flags=<optimized out>, error=0x7fffffffc830) at ../../dbus/dbus-bus.c:1122
#6 0x00007fffe8e7bae6 in nsDBusRemoteService::Startup(char const*, char const*) ()
at /home/komat/Programy/firefox-nightly/libxul.so
#7 0x00007fffe8e7c3fa in nsRemoteService::Startup(char const*, char const*) ()
at /home/komat/Programy/firefox-nightly/libxul.so
#8 0x00007fffe8f4bef5 in XREMain::XRE_mainRun() [clone .cold.89] () at /home/komat/Programy/firefox-nightly/libxul.so
#9 0x00007fffe9efbfd8 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) ()
at /home/komat/Programy/firefox-nightly/libxul.so
#10 0x00007fffe9efbc36 in XRE_main(int, char**, mozilla::BootstrapConfig const&) ()
at /home/komat/Programy/firefox-nightly/libxul.so
#11 0x0000000000421e39 in do_main(int, char**, char**) ()
#12 0x0000000000415e8f in main ()
The crash comes from _dbus_check_is_valid_bus_name (name) when name (potentially profile name) contains characters which are not compatible with DBus interface name - for instance profile name "$" causes the crash.|
|
Assignee | |
Comment 12•2 years ago
|
||
dbus_validate_bus_name() should be called before we pass interfaceName to dbus_bus_request_name().
|
|
Assignee | |
Comment 13•2 years ago
|
||
Address at Bug 1420124 as this one already has closed mozreview.
|
||
Comment 14•2 years ago
|
||
Re-resolving the bug since the follow-up work is happening in bug 1420124.
Status: REOPENED → RESOLVED
Closed: 2 years ago → 2 years ago
Resolution: --- → FIXED
|
||
Updated•2 months ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•