Crash in mozalloc_abort | abort | libdbus-1.so.3.19.3@0x39476

RESOLVED FIXED in Firefox 59

Status

defect
--
critical
RESOLVED FIXED
2 years ago
2 months ago

People

(Reporter: calixte, Assigned: stransky)

Tracking

(Blocks 1 bug, {crash, regression})

59 Branch
mozilla59
Unspecified
Linux
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox57 unaffected, firefox58 unaffected, firefox59 fixed)

Details

(Whiteboard: [clouseau], crash signature, )

Attachments

(2 attachments)

Reporter

Description

2 years ago
This bug was filed from the Socorro interface and is
report bp-a6a23341-7484-4344-8ff3-a44b50171118.
=============================================================

Top 10 frames of crashing thread:

0 firefox mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:33
1 firefox abort memory/mozalloc/mozalloc_abort.cpp:80
2 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x39476 
3 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x2f932 
4 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x3a7bf 
5 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x3a59f 
6 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x3a5c4 
7 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x31ef4 
8 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x1e177 
9 libdbus-1.so.3.19.3 libdbus-1.so.3.19.3@0x117c7 

=============================================================

There are 127 crashes in nightly 59 starting with buildid 20171118100420 where the proto-signature contains the function nsDBusRemoteService::Startup.
In analyzed the backtrace, the regression may have been introduced by patch [1] to fix bug 1360566.
Flags: needinfo?(stransky)
Assignee

Comment 2

2 years ago
Thanks, will look at it.
Flags: needinfo?(stransky)
Assignee

Updated

2 years ago
Assignee: nobody → stransky
Assignee

Comment 3

2 years ago
Looks like dbus_bus_request_name() does not like the nullptr as an error parameter.
Assignee

Updated

2 years ago
Attachment #8930089 - Flags: review?(jhorak)

Comment 6

2 years ago
mozreview-review
Comment on attachment 8930087 [details]
Bug 1418985 - pass valid error parameter to dbus_bus_request_name() instead of nullptr,

https://reviewboard.mozilla.org/r/201274/#review206362
Attachment #8930087 - Flags: review?(jhorak) → review+

Comment 7

2 years ago
mozreview-review
Comment on attachment 8930089 [details]
Bug 1418985 - pass valid error parameter to dbus_bus_get() instead of nullptr, jhorak

https://reviewboard.mozilla.org/r/201276/#review206364
Attachment #8930089 - Flags: review?(jhorak) → review+

Comment 8

2 years ago
Pushed by stransky@redhat.com:
https://hg.mozilla.org/integration/autoland/rev/a3d92be6ee55
pass valid error parameter to dbus_bus_request_name() instead of nullptr, r=jhorak
https://hg.mozilla.org/integration/autoland/rev/76503049cd52
pass valid error parameter to dbus_bus_get() instead of nullptr, jhorak r=jhorak

Comment 9

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/a3d92be6ee55
https://hg.mozilla.org/mozilla-central/rev/76503049cd52
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Reporter

Comment 10

2 years ago
There are 13 crashes after the patch has landed:
http://bit.ly/2zaZ7v4
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee

Comment 11

2 years ago
I managed to reproduce it, there's the backtrace:

#0  0x000000000040898b in mozalloc_abort(char const*) ()
#1  0x0000000000408955 in mozalloc_abort(char const*) ()
#2  0x00007fffeebd88c4 in _dbus_abort () at ../../dbus/dbus-sysdeps.c:93
#3  0x00007fffeebcf150 in _dbus_warn_check_failed (format=format@entry=0x7fffeebdee68 "arguments to %s() were incorrect, assertion \"%s\" failed in file %s line %d.\nThis is normally a bug in some application using the D-Bus library.\n")
    at ../../dbus/dbus-internals.c:281
#4  0x00007fffeebcf86a in _dbus_warn_return_if_fail (function=function@entry=0x7fffeebd9be0 <__func__.4674> "dbus_bus_request_name", assertion=assertion@entry=0x7fffeebd99c0 "_dbus_check_is_valid_bus_name (name)", file=file@entry=0x7fffeebd99e5 "../../dbus/dbus-bus.c", line=line@entry=1122) at ../../dbus/dbus-internals.c:936
#5  0x00007fffeebb1c07 in dbus_bus_request_name (connection=0x7ffff685d010, name=<optimized out>, flags=<optimized out>, error=0x7fffffffc830) at ../../dbus/dbus-bus.c:1122
#6  0x00007fffe8e7bae6 in nsDBusRemoteService::Startup(char const*, char const*) ()
    at /home/komat/Programy/firefox-nightly/libxul.so
#7  0x00007fffe8e7c3fa in nsRemoteService::Startup(char const*, char const*) ()
    at /home/komat/Programy/firefox-nightly/libxul.so
#8  0x00007fffe8f4bef5 in XREMain::XRE_mainRun() [clone .cold.89] () at /home/komat/Programy/firefox-nightly/libxul.so
#9  0x00007fffe9efbfd8 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) ()
    at /home/komat/Programy/firefox-nightly/libxul.so
#10 0x00007fffe9efbc36 in XRE_main(int, char**, mozilla::BootstrapConfig const&) ()
    at /home/komat/Programy/firefox-nightly/libxul.so
#11 0x0000000000421e39 in do_main(int, char**, char**) ()
#12 0x0000000000415e8f in main ()

The crash comes from _dbus_check_is_valid_bus_name (name) when name (potentially profile name) contains characters which are not compatible with DBus interface name - for instance profile name "$" causes the crash.
Assignee

Comment 12

2 years ago
dbus_validate_bus_name() should be called before we pass interfaceName to dbus_bus_request_name().
Assignee

Updated

2 years ago
Depends on: 1420124
Assignee

Comment 13

2 years ago
Address at Bug 1420124 as this one already has closed mozreview.
Re-resolving the bug since the follow-up work is happening in bug 1420124.
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED

Updated

2 months ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.