Crash in [@ g_dbus_connection_call_sync_internal]
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr115 | --- | unaffected |
firefox118 | --- | wontfix |
firefox119 | --- | wontfix |
firefox120 | --- | fixed |
firefox121 | --- | fixed |
People
(Reporter: gsvelto, Assigned: stransky)
References
Details
(4 keywords, Whiteboard: [adv-main120+r])
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/c0750a24-5fe0-48a4-84ba-ab5990230924
Reason: SIGSEGV / SI_KERNEL
Top 10 frames of crashing thread:
0 libgio-2.0.so.0 g_dbus_connection_call_sync_internal /usr/src/debug/glib2/glib/gio/gdbusconnection.c:6067
1 libgio-2.0.so.0 g_dbus_proxy_call_sync_internal /usr/src/debug/glib2/glib/gio/gdbusproxy.c:2848
2 libgio-2.0.so.0 g_dbus_proxy_call_sync /usr/src/debug/glib2/glib/gio/gdbusproxy.c:3040
3 libxul.so UserIdleServiceMutter::PollIdleTime widget/gtk/nsUserIdleServiceGTK.cpp:160
4 libxul.so nsUserIdleService::GetIdleTime widget/nsUserIdleService.cpp:632
5 libxul.so nsUserIdleService::IdleTimerCallback widget/nsUserIdleService.cpp:694
5 libxul.so nsUserIdleService::StaticIdleTimerCallback widget/nsUserIdleService.cpp:681
6 libxul.so nsTimerImpl::Fire const xpcom/threads/nsTimerImpl.cpp:680
6 libxul.so mozilla::detail::VariantImplementation<unsigned char, mfbt/Variant.h:309
6 libxul.so mozilla::detail::VariantImplementation<unsigned char, mfbt/Variant.h:318
Pretty clear-cut use-after-free crash. It's affecting several distros and mostly happening on nightly/beta. I'm unsure if it's our fault or maybe something changed in the system libraries and led to this.
Assignee | ||
Updated•8 months ago
|
Comment 1•8 months ago
|
||
There's a range of OS vendors and versions involved here. All involve libgio-2.0.so.0 but I don't know if that name hides different minor versions. The hashes are different, but that doesn't mean anything if they were compiled by different versions of the compiler on the different versions of the OS.
There are crashes on ESR 115.2.1 which corresponds to the earliest affected Release version 117.0.1 -- could it be a regression from the chemspill? That stack has nothing to do with the webp changes, but I know a lot more went into 117.0.1. I don't know if there were fixes already planned for a 115.2.1 before the webp chemspill hijacked the release. The earliest crashes were in a beta build 20230910175934 and several the next day which would have been before we started working on the webp bug.
Comment 2•8 months ago
|
||
Nothing jumps out at me in the changes that went into 118b7
https://hg.mozilla.org/releases/mozilla-beta/pushloghtml?startdate=2023-09-08&enddate=2023-09-11
Assignee | ||
Comment 3•8 months ago
|
||
org.gnome.Mutter.IdleMonitor was implemented by Bug 1847699 (118.0)
UAF regression was fixed for 118.0b9 (Bug 1850968) but that was a start up crash.
Assignee | ||
Updated•8 months ago
|
Updated•8 months ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Comment 4•6 months ago
|
||
Emilio, this is a sec-high. Can you take a look and see if there's anything obviously wrong?
Comment 5•6 months ago
|
||
Martin has recently reworked this to not be sync anymore in bug 1861615, so should've fixed this effectively.
Assignee | ||
Comment 6•6 months ago
|
||
Yeah, dupe of Bug 1861615.
Comment 7•6 months ago
|
||
I dont see any crashes in nightly since 20231103093836 (when bug 1861615 landed in central 121)
nor in beta since 120.0b7 (when bug 1861615 was uplifted to beta 120)
Closing this as fixed in 120/121.
Pls re-open if there is further work to be done here
Comment 8•6 months ago
|
||
What should we do about ESR115?
Assignee | ||
Comment 9•6 months ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #8)
What should we do about ESR115?
UserIdleServiceMutter::PollIdleTime() was implemented by Bug 1847699 in 118.0. ESR is not be affect by this one. If you see a DBus related crash there it's from different bug or idle patches were backported downstream.
Assignee | ||
Comment 10•6 months ago
|
||
For instance this crash https://crash-stats.mozilla.org/report/index/2352299e-6a24-4bd9-b7dd-a83620231103 (gio/dbus) comes from external library and not from Firefox itself so it's not directly related to Firefox.
Updated•6 months ago
|
Updated•6 months ago
|
Updated•6 months ago
|
Updated•6 months ago
|
Assignee | ||
Comment 11•5 months ago
|
||
Looks like a bug in external library (DBus). The same error is triggered from various Firefox components and various external libraries which use DBus - libnotify, gio vfs interface.
Comment 12•18 days ago
|
||
Bulk-unhiding security bugs fixed in Firefox 119-121 (Fall 2023). Use "moo-doctrine-subsidy" to filter
Description
•