Closed Bug 292699 Opened 19 years ago Closed 11 years ago

Camino crashes on Quit if an OpenSC PKCS11 module has been used during session [@ NSSRWLock_LockRead] - profile shutdown issue.

Categories

(Core Graveyard :: Profile: BackEnd, defect, P2)

defect

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: mihkel, Unassigned)

References

Details

(Keywords: crash)

Crash Data

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312
Build Identifier: 2005042806 (v0.8.4)

Camino crahses on Quit if OpenSC (http://www.opensc.org/) PKCS11 module has been used for 
authentication during browsing. The same module works OK with Firefox.

Reproducible: Always

Steps to Reproduce:
1. Compile and install OpenSC smart card reader software
2. Add OpenSC's opensc-pkcs11.so to Camino's secmod.db using Mozilla's modutil.
3. Access some web site that requires smart card authentication - it works ok.
4. Issue "Quit Camino" command 

Actual Results:  
Camino crashes before quitting

Expected Results:  
Quitted silently and happily :-)

Although the problem is probablt not exactly UI related I still post the bug here,  because the same 
opensc-pkcs11.so module works ok with Firefox (that should have identical security layer).

Please let me know what do you think of it (is it known already, any estimates for fix? etc). Also: if you 
think it would be helpful, I could also try to build Camino myself and run it under debugger. 


Below is the crash log:

Date/Time:      2005-05-03 09:01:01 +0300
OS Version:     10.3.9 (Build 7W98)
Report Version: 2

Command: Camino
Path:    /Applications/Camino.app/Contents/MacOS/Camino
Version: 0.8.4 (0.8.4)
PID:     5866
Thread:  3

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0:
0   libSystem.B.dylib         	0x900147a8 semaphore_wait_trap + 0x8
1   libSystem.B.dylib         	0x90039780 pthread_join + 0xfc
2   libnspr4.dylib            	0x00e22a20 PR_JoinThread + 0x7c
3   libxpcom.dylib            	0x05043d38 nsThread::Join() + 0x1c
4   org.mozilla.navigator     	0x000ad590 nsSocketTransportService::Shutdown() + 0x98
5   org.mozilla.navigator     	0x0007885c nsIOService::SetOffline(int) + 0x11c
6   org.mozilla.navigator     	0x00079014 nsIOService::Observe(nsISupports*, char const*, unsigned 
short const*) + 0x190
7   libxpcom.dylib            	0x0500b1fc nsObserverService::NotifyObservers(nsISupports*, char const*, 
unsigned short const*) + 0x10c
8   libxpcom.dylib            	0x0500331c NS_ShutdownXPCOM + 0xdc
9   org.mozilla.navigator     	0x00068240 NS_TermEmbedding + 0x68
10  org.mozilla.navigator     	0x0001f1b8 -[CHBrowserView destroyWebBrowser] + 0xc4
11  org.mozilla.navigator     	0x0000aa38 -[BrowserWrapper windowClosed] + 0x3c
12  org.mozilla.navigator     	0x00012454 -[BrowserWindowController windowWillClose:] + 0x11c
13  <<00000000>> 	0x90a27b14 0 + 0x90a27b14
14  com.apple.CoreFoundation  	0x901da5a0 __CFXNotificationPost + 0x1b4
15  com.apple.CoreFoundation  	0x901defb0 _CFXNotificationPostNotification + 0x340
16  <<00000000>> 	0x90a25960 0 + 0x90a25960
17  <<00000000>> 	0x92f1a1b8 0 + 0x92f1a1b8
18  <<00000000>> 	0x92f7118c 0 + 0x92f7118c
19  <<00000000>> 	0x90a27a0c 0 + 0x90a27a0c
20  <<00000000>> 	0x92f71984 0 + 0x92f71984
21  <<00000000>> 	0x92f5e3a8 0 + 0x92f5e3a8
22  <<00000000>> 	0x92f27c30 0 + 0x92f27c30
23  <<00000000>> 	0x92f5d450 0 + 0x92f5d450
24  <<00000000>> 	0x92fa1cf0 0 + 0x92fa1cf0
25  <<00000000>> 	0x92fa8620 0 + 0x92fa8620
26  <<00000000>> 	0x92f876d8 0 + 0x92f876d8
27  <<00000000>> 	0x92ea4d54 0 + 0x92ea4d54
28  <<00000000>> 	0x92ead5e4 0 + 0x92ead5e4
29  <<00000000>> 	0x92f69cc4 0 + 0x92f69cc4
30  org.mozilla.navigator     	0x0000a308 _start + 0x17c
31  org.mozilla.navigator     	0x0000a188 start + 0x30

Thread 1:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   com.unsanity.ape          	0xc0002544 __ape_internal + 0xca4
3   com.unsanity.ape          	0xc0001330 __ape_agent + 0x40
4   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 2:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   com.apple.CoreFoundation  	0x901c16e0 __CFRunLoopRun + 0x350
3   com.apple.CoreFoundation  	0x901c5e6c CFRunLoopRunSpecific + 0x148
4   com.apple.audio.CoreAudio 	0x90732f80 HALRunLoop::OwnThread(void*) + 0x104
5   com.apple.audio.CoreAudio 	0x907391e0 CAPThread::Entry(CAPThread*) + 0x30
6   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 3 Crashed:
0   libnss3.dylib             	0x0703a838 NSSRWLock_LockRead + 0x1c
1   libnss3.dylib             	0x070265f0 SECMOD_FindModuleByID + 0x2c
2   libnss3.dylib             	0x0702671c SECMOD_LookupSlot + 0x1c
3   libssl3.dylib             	0x06003d40 ssl3_ClientAuthTokenPresent + 0x48
4   libssl3.dylib             	0x06003e5c ssl3_SendRecord + 0x74
5   libssl3.dylib             	0x0600441c SSL3_SendAlert + 0x98
6   libssl3.dylib             	0x0601279c ssl_SecureClose + 0x78
7   org.mozilla.navigator     	0x006454a8 nsSSLIOLayerClose(PRFileDesc*) + 0x78
8   org.mozilla.navigator     	0x000d18a4 nsSocketTransport::ReleaseFD_Locked(PRFileDesc*) + 0x58
9   org.mozilla.navigator     	0x000d1ec0 nsSocketTransport::OnSocketDetached(PRFileDesc*) + 0xec
10  org.mozilla.navigator     	0x000acc74 nsSocketTransportService::
DetachSocket(nsSocketTransportService::SocketContext*) + 0x58
11  org.mozilla.navigator     	0x000ad804 nsSocketTransportService::Run() + 0x148
12  libxpcom.dylib            	0x05043ae0 nsThread::Main(void*) + 0x38
13  libnspr4.dylib            	0x00e2246c _pt_root + 0xac
14  libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 4:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   libjvm.dylib              	0x9253c68c JNI_CreateJavaVM_Impl + 0x173c
3   libjvm.dylib              	0x9253c624 JNI_CreateJavaVM_Impl + 0x16d4
4   libjvm.dylib              	0x924fdc9c JVM_GetClassMethodsCount + 0x21c
5   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 5:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   libjvm.dylib              	0x9249a89c JVM_NewInstance + 0x1fcc
3   libjvm.dylib              	0x924b9f18 JVM_FillInStackTrace + 0x2b8
4   libjvm.dylib              	0x924bf948 JVM_Send + 0x42e8
5   libjvm.dylib              	0x9255173c JNI_CreateJavaVM_Impl + 0x167ec
6   libjvm.dylib              	0x924fdc9c JVM_GetClassMethodsCount + 0x21c
7   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 6:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   libjvm.dylib              	0x9249a808 JVM_NewInstance + 0x1f38
3   libjvm.dylib              	0x924a2a20 JVM_ArrayCopy + 0x4d0
4   libjvm.dylib              	0x924b8b48 JVM_MonitorNotify + 0x778
5   libjvm.dylib              	0x924b97a8 JVM_MonitorWait + 0xd8
6   <<00000000>> 	0x0e90a690 0 + 0xe90a690
7   <<00000000>> 	0x0e90868c 0 + 0xe90868c
8   <<00000000>> 	0x0e90868c 0 + 0xe90868c
9   <<00000000>> 	0xa24a3720 typeinfo name for std::bad_exception + 0x6e7c
10  libjvm.dylib              	0x9249808c JVM_CurrentTimeMillis + 0x136c
11  libjvm.dylib              	0x924cd518 JVM_GetCPClassNameUTF + 0x1798
12  libjvm.dylib              	0x924d2ce4 JVM_FindClassFromClass + 0x9e4
13  libjvm.dylib              	0x924ec170 JVM_IsSameClassPackage + 0xfc0
14  libjvm.dylib              	0x924e66d8 JVM_GetMethodIxExceptionTableEntry + 0x2058
15  libjvm.dylib              	0x92577054 JVM_UnloadLibrary + 0x85c4
16  libjvm.dylib              	0x924fdc9c JVM_GetClassMethodsCount + 0x21c
17  libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 7:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   libjvm.dylib              	0x9249a808 JVM_NewInstance + 0x1f38
3   libjvm.dylib              	0x924a2a20 JVM_ArrayCopy + 0x4d0
4   libjvm.dylib              	0x924b8b48 JVM_MonitorNotify + 0x778
5   libjvm.dylib              	0x924b97a8 JVM_MonitorWait + 0xd8
6   <<00000000>> 	0x0e90a690 0 + 0xe90a690
7   <<00000000>> 	0x0e90868c 0 + 0xe90868c
8   <<00000000>> 	0x0e9085cc 0 + 0xe9085cc
9   <<00000000>> 	0x0e9085cc 0 + 0xe9085cc
10  <<00000000>> 	0xa24a3720 typeinfo name for std::bad_exception + 0x6e7c
11  libjvm.dylib              	0x9249808c JVM_CurrentTimeMillis + 0x136c
12  libjvm.dylib              	0x924cd518 JVM_GetCPClassNameUTF + 0x1798
13  libjvm.dylib              	0x924d2ce4 JVM_FindClassFromClass + 0x9e4
14  libjvm.dylib              	0x924ec170 JVM_IsSameClassPackage + 0xfc0
15  libjvm.dylib              	0x924e66d8 JVM_GetMethodIxExceptionTableEntry + 0x2058
16  libjvm.dylib              	0x92577054 JVM_UnloadLibrary + 0x85c4
17  libjvm.dylib              	0x924fdc9c JVM_GetClassMethodsCount + 0x21c
18  libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 8:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   libjvm.dylib              	0x9249a89c JVM_NewInstance + 0x1fcc
3   libjvm.dylib              	0x924a1a04 JVM_GetClassLoader + 0x1824
4   libjvm.dylib              	0x924a17a4 JVM_GetClassLoader + 0x15c4
5   libjvm.dylib              	0x924fdc9c JVM_GetClassMethodsCount + 0x21c
6   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 9:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   libjvm.dylib              	0x9249a808 JVM_NewInstance + 0x1f38
3   libjvm.dylib              	0x924b9f70 JVM_FillInStackTrace + 0x310
4   libjvm.dylib              	0x92553b20 JVM_InitProperties + 0x1b10
5   libjvm.dylib              	0x92553920 JVM_InitProperties + 0x1910
6   libjvm.dylib              	0x92577054 JVM_UnloadLibrary + 0x85c4
7   libjvm.dylib              	0x924fdc9c JVM_GetClassMethodsCount + 0x21c
8   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 10:
0   libSystem.B.dylib         	0x90007878 mach_msg_trap + 0x8
1   libSystem.B.dylib         	0x900073f8 mach_msg + 0x38
2   libjvm.dylib              	0x9249a808 JVM_NewInstance + 0x1f38
3   libjvm.dylib              	0x924b9f70 JVM_FillInStackTrace + 0x310
4   libjvm.dylib              	0x924e22b0 JVM_StartThread + 0x580
5   libjvm.dylib              	0x924d0e04 JVM_FindLoadedClass + 0xa44
6   libjvm.dylib              	0x92577054 JVM_UnloadLibrary + 0x85c4
7   libjvm.dylib              	0x924fdc9c JVM_GetClassMethodsCount + 0x21c
8   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 11:
0   libSystem.B.dylib         	0x90018e18 semaphore_timedwait_signal_trap + 0x8
1   libSystem.B.dylib         	0x9000e9d4 _pthread_cond_wait + 0x268
2   libnspr4.dylib            	0x00e1d38c pt_TimedWait + 0xa8
3   libnspr4.dylib            	0x00e1d5f0 PR_WaitCondVar + 0x88
4   libxpcom.dylib            	0x050465f4 TimerThread::Run() + 0x1ac
5   libxpcom.dylib            	0x05043ae0 nsThread::Main(void*) + 0x38
6   libnspr4.dylib            	0x00e2246c _pt_root + 0xac
7   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

Thread 12:
0   libSystem.B.dylib         	0x900171d8 semaphore_wait_signal_trap + 0x8
1   libSystem.B.dylib         	0x9000e9dc _pthread_cond_wait + 0x270
2   <<00000000>> 	0x90a7c614 0 + 0x90a7c614
3   <<00000000>> 	0x92e7a65c 0 + 0x92e7a65c
4   <<00000000>> 	0x90a6a538 0 + 0x90a6a538
5   libSystem.B.dylib         	0x90024910 _pthread_body + 0x28

PPC Thread State:
  srr0: 0x0703a838 srr1: 0x0000d030                vrsave: 0x00000000
    cr: 0x44002434  xer: 0x20000000   lr: 0x0703a834  ctr: 0x900019c0
    r0: 0x0703a834   r1: 0xf01129a0   r2: 0x00e3aa4c   r3: 0x019ede20
    r4: 0x00000048   r5: 0x00000060   r6: 0x00000002   r7: 0x00000000
    r8: 0x044ba7f0   r9: 0x0338bc20  r10: 0x008e6824  r11: 0x00e38d04
   r12: 0x900019c0  r13: 0x00000000  r14: 0x00000000  r15: 0x00000000
   r16: 0x00000000  r17: 0x00000000  r18: 0x00000000  r19: 0x00000015
   r20: 0x00000000  r21: 0x00000000  r22: 0x00000000  r23: 0xf0112bd0
   r24: 0x00000002  r25: 0x0ab62600  r26: 0x00000001  r27: 0x00000001
   r28: 0x070665cc  r29: 0x019ede20  r30: 0x00000000  r31: 0x070265cc

Binary Images Description:
    0x1000 -   0x860fff org.mozilla.navigator 0.8.4	/Applications/Camino.app/Contents/MacOS/
Camino
  0xcf5000 -   0xcfbfff com.rogueamoeba.Detour Detour version 1.5.2 (1.5.2)
	/Library/Application Enhancers/Detour.ape/Contents/MacOS/Detour
  0xe05000 -   0xe37fff libnspr4.dylib 	/Applications/Camino.app/Contents/MacOS/libnspr4.dylib
  0xeae000 -   0xeaffff com.apple.aoa.halplugin 2.5.0	/System/Library/Extensions/
IOAudioFamily.kext/Contents/PlugIns/AOAHALPlugin.bundle/Contents/MacOS/AOAHALPlugin
  0xf16000 -   0xf52fff com.apple.iSightAudio 6.5.2	/Library/Audio/Plug-Ins/HAL/iSightAudio.plugin/
Contents/MacOS/iSightAudio
  0xf8d000 -   0xf8ffff com.unsanity.menuextraenabler Menu Extra Enabler version 1.0.1 (1.0.1)
	/Library/InputManagers/Menu Extra Enabler/Menu Extra Enabler.bundle/Contents/MacOS/Menu 
Extra Enabler
  0xf9f000 -   0xf9f3c2 Java Applet Plugin Enablerò¿ 	PEF binary: Java Applet Plugin Enablerò¿
 0x1ce5000 -  0x1dcbfff com.divxnetworks.DivXCodec 5.1.1	/Library/QuickTime/DivX Pro 
5.component/Contents/MacOS/DivX Pro 5
 0x1ecb000 -  0x1ef5fff com.adobe.acrobat.pdfviewer 7.0.0	/Library/Internet Plug-Ins/
AdobePDFViewer.plugin/Contents/MacOS/AdobePDFViewer
 0x1f03000 -  0x1f4e9b1 CarbonLibpwpc 	PEF binary: CarbonLibpwpc
 0x1f7a000 -  0x1f86fff com.apple.JavaAppletPlugin 1.2.0	/Library/Internet Plug-Ins/Java 
Applet.plugin/Contents/MacOS/Java Applet
 0x2000000 -  0x200dfff libplds4.dylib 	/Applications/Camino.app/Contents/MacOS/libplds4.dylib
 0x3000000 -  0x300efff libplc4.dylib 	/Applications/Camino.app/Contents/MacOS/libplc4.dylib
 0x3333c90 -  0x3333d42 CFMPriv_CoreFoundation 	PEF binary: CFMPriv_CoreFoundation
 0x3336e10 -  0x3336e87 CFMPriv_System 	PEF binary: CFMPriv_System
 0x3337100 -  0x33371d0 CFMPriv_CarbonSound 	PEF binary: CFMPriv_CarbonSound
 0x3337240 -  0x3337313 CFMPriv_CommonPanels 	PEF binary: CFMPriv_CommonPanels
 0x33373e0 -  0x333749b CFMPriv_Help 	PEF binary: CFMPriv_Help
 0x33374a0 -  0x333756a CFMPriv_HIToolbox 	PEF binary: CFMPriv_HIToolbox
 0x33375e0 -  0x33376b6 CFMPriv_HTMLRendering3pê3q‡ 	PEF binary: 
CFMPriv_HTMLRendering3pê3q‡
 0x3337720 -  0x33377f3 CFMPriv_ImageCapture 	PEF binary: CFMPriv_ImageCapture
 0x3337870 -  0x3337955 CFMPriv_NavigationServices 	PEF binary: CFMPriv_NavigationServices
 0x33379c0 -  0x3337a96 CFMPriv_OpenScriptingMacBLib 	PEF binary: 
CFMPriv_OpenScriptingMacBLib
 0x3337b60 -  0x3337c1e CFMPriv_Print 	PEF binary: CFMPriv_Print
 0x3337c30 -  0x3337cfd CFMPriv_SecurityHI 	PEF binary: CFMPriv_SecurityHI
 0x3337d70 -  0x3337e52 CFMPriv_SpeechRecognition 	PEF binary: CFMPriv_SpeechRecognition
 0x3337ec0 -  0x3337f93 CFMPriv_CarbonCore 	PEF binary: CFMPriv_CarbonCore
 0x3338000 -  0x33380d3 CFMPriv_OSServices 	PEF binary: CFMPriv_OSServices
 0x33381a0 -  0x3338262 CFMPriv_AE 	PEF binary: CFMPriv_AE
 0x3338270 -  0x3338335 CFMPriv_ATS 	PEF binary: CFMPriv_ATS
 0x33383a0 -  0x3338477 CFMPriv_ColorSync 	PEF binary: CFMPriv_ColorSync
 0x33384f0 -  0x33385d3 CFMPriv_FindByContent3up3† 	PEF binary: 
CFMPriv_FindByContent3up3†
 0x3338640 -  0x333871a CFMPriv_HIServices 	PEF binary: CFMPriv_HIServices
 0x3338780 -  0x3338860 CFMPriv_LangAnalysis 	PEF binary: CFMPriv_LangAnalysis
 0x33388e0 -  0x33389c6 CFMPriv_LaunchServices 	PEF binary: CFMPriv_LaunchServices
 0x3338a90 -  0x3338b67 CFMPriv_PrintCore 	PEF binary: CFMPriv_PrintCore
 0x3338b70 -  0x3338c32 CFMPriv_QD 	PEF binary: CFMPriv_QD
 0x3338d20 -  0x3338e09 CFMPriv_SpeechSynthesis 	PEF binary: CFMPriv_SpeechSynthesis
 0x3fcc000 -  0x3fcefff com.apple.PDFImporter 1.3.1 (???)	/System/Library/Components/
PDFImporter.component/Contents/MacOS/PDFImporter
 0x3fdc000 -  0x3fddfff org.mozilla.camino.AddressBookManager ??? (0.0.1d1)
	/Applications/Camino.app/Contents/Resources/AddressBookManager.bundle/Contents/MacOS/
AddressBookManager
 0x3fe6000 -  0x3fe8fff com.apple.textencoding.unicode 1.6.4
	/System/Library/TextEncodings/Unicode Encodings.bundle/Contents/MacOS/Unicode Encodings
 0x4000000 -  0x4068fff libmozjs.dylib 	/Applications/Camino.app/Contents/MacOS/libmozjs.dylib
 0x4a23000 -  0x4a26fff libscconf.1.dylib 	/usr/local/lib/libscconf.1.dylib
 0x4aed000 -  0x4b05fff opensc-pkcs11.so 	/usr/local/lib/pkcs11/opensc-pkcs11.so
 0x4baf000 -  0x4bc3fff libpkcs15init.1.dylib 	/usr/local/lib/libpkcs15init.1.dylib
 0x4c70000 -  0x4cbffff libopensc.1.dylib 	/usr/local/lib/libopensc.1.dylib
 0x5000000 -  0x5082fff libxpcom.dylib 	/Applications/Camino.app/Contents/MacOS/libxpcom.dylib
 0x6000000 -  0x601afff libssl3.dylib 	/Applications/Camino.app/Contents/MacOS/libssl3.dylib
 0x7000000 -  0x705dfff libnss3.dylib 	/Applications/Camino.app/Contents/MacOS/libnss3.dylib
 0x8000000 -  0x801dfff libsmime3.dylib 	/Applications/Camino.app/Contents/MacOS/
libsmime3.dylib
 0x9000000 -  0x9079fff libsoftokn3.dylib 	/Applications/Camino.app/Contents/MacOS/
libsoftokn3.dylib
 0xa000000 -  0xa019fff libxpcom_compat.dylib 	/Applications/Camino.app/Contents/MacOS/
libxpcom_compat.dylib
0x30000000 - 0x30004fff ??? SharedMenusCocoa version 0.3 (0.0.3)
	/Applications/Camino.app/Contents/MacOS/../Frameworks/SharedMenusCocoa.framework/
Versions/A/SharedMenusCocoa
0x80830000 - 0x8090efff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x83b2c000 - 0x83b38fff com.apple.agl 2.5 (AGL-2.5)	/System/Library/Frameworks/
AGL.framework/Versions/A/AGL
0x84660000 - 0x84669fff libz.1.1.3.dylib 	/usr/lib/libz.1.1.3.dylib
0x86e60000 - 0x86e6afff com.apple.pcsc 4.2 (15.2)	/System/Library/Frameworks/
PCSC.framework/Versions/A/PCSC
0x8b0c0000 - 0x8b788fff com.apple.QuickTimeComponents.component 6.5.2
	/System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/
QuickTimeComponents
0x8eea0000 - 0x8eeb6fff libJapaneseConverter.dylib 	/System/Library/CoreServices/Encodings/
libJapaneseConverter.dylib
0x8f020000 - 0x8f02efff com.apple.JavaEmbedding 1.0.4	/System/Library/Frameworks/
JavaEmbedding.framework/Versions/A/JavaEmbedding
0x8fe00000 - 0x8fe4ffff dyld 	/usr/lib/dyld
0x90000000 - 0x9014ffff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x901c0000 - 0x9026dfff com.apple.CoreFoundation 6.3.7 (299.35)
	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x902b0000 - 0x90529fff com.apple.CoreServices.CarbonCore 10.3.7
	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/
CarbonCore.framework/Versions/A/CarbonCore
0x90584000 - 0x905f3fff com.apple.framework.IOKit 1.3.6 (???)
	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90610000 - 0x9069afff com.apple.CoreServices.OSServices 3.0.1
	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/
OSServices.framework/Versions/A/OSServices
0x90700000 - 0x90700fff com.apple.CoreServices 10.3 (???)	/System/Library/Frameworks/
CoreServices.framework/Versions/A/CoreServices
0x90720000 - 0x90787fff com.apple.audio.CoreAudio 2.1.2	/System/Library/Frameworks/
CoreAudio.framework/Versions/A/CoreAudio
0x92490000 - 0x92616fff libjvm.dylib 	/System/Library/Frameworks/JavaVM.framework/Versions/
1.3.1/Libraries/libjvm.dylib
0xc0000000 - 0xc000efff com.unsanity.ape 1.4.4	/Library/Frameworks/
ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer
Assignee: dveditz → wtchang
Component: Security → Libraries
Keywords: crash
Product: Camino → NSS
QA Contact: camino → bishakhabanerjee
Summary: Camino repeatably crashes on Quit if an OpenSC PKCS11 module has been used during session → Camino repeatably crashes on Quit if an OpenSC PKCS11 module has been used during session [@ NSSRWLock_LockRead]
This should be investigated as a Camino bug.  It
crashed in NSS's SSL library (thread 3), but it is
most likely because Camino already shut down NSS at
that time.

Thread 3 crashed in the NSSRWLock_LockRead function.
The most likely readon is that the argument to the
function, moduleLock, was NULL, and moduleLock is
destroyed and set to NULL in SECMOD_Shutdown:
http://lxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11util.c#76
Assignee: wtchang → pinkerton
Component: Libraries → General
Product: NSS → Camino
QA Contact: bishakhabanerjee
Mihkel: it would help if you could make a Camino debug
build and run it inside a debugger to get more detailed
thread stack traces.  Thanks.

Does anyone know whether NSS has been shut down when
NS_ShutdownXPCOM is called by Camino?  In the Mozilla
clients, NSS is initialized and shut down by the
nsNSSComponent.
http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSComponent.cpp#1259
i'm not certain this is critcal per se, since not too many camino users would be
using OpenSC (or even understand what it is) but....
Target Milestone: --- → Camino1.0
I wonder if it's related to:

###!!! ASSERTION: nsNSSComponent relies on profile manager to wait for
synchronous shutdown of all network activity: 'isNetworkDown', file
../../../../../../mozilla/security/manager/ssl/src/nsNSSComponent.cpp, line 1578
Break: at file
../../../../../../mozilla/security/manager/ssl/src/nsNSSComponent.cpp, line 1578
WARNING: nsExceptionService ignoring thread destruction after shutdown, file
../../../../mozilla/xpcom/base/nsExceptionService.cpp, line 191
While it may have to do with something in the OpenSC PKCS #11 module, it looks
to me more like a race condition that OpenSC just makes worse. As such it should
probably be tracked down.

If PSM is being shutdown before you've closed all your connections, that
certainly could cause a problem.

bob
I get basically the same crash stack when I quit Camino if I have been logged on
to <URL:https://www.skandiabanken.no/>.

This is related to a recent update of the bank's site since older versions of
Camino (including the venerable 0.8-series) also crashes (which they didn't a
few days ago).
Status: UNCONFIRMED → NEW
Ever confirmed: true
*** Bug 301464 has been marked as a duplicate of this bug. ***
Priority: -- → P2
epiphany crashes too with the same assertion and this backtrace:

Backtrace was generated from '/usr/bin/epiphany'

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread -1227946304 (LWP 15484)]
[New Thread -1266697296 (LWP 15487)]
[New Thread -1244415056 (LWP 15485)]
0xffffe410 in __kernel_vsyscall ()
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb705d23d in pthread_join () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7df8a98 in PR_JoinThread (thred=0x820e4e8) at ptthread.c:578
#3  0xb7efc12d in nsThread::Join (this=0x820e468) at nsThread.cpp:178
#4  0xb66d1ee7 in nsSocketTransportService::Shutdown (this=0x820de28) at
nsSocketTransportService2.cpp:419
#5  0xb66ad7db in nsIOService::SetOffline (this=0x820d8f0, offline=1) at
nsIOService.cpp:524
#6  0xb66ad642 in nsIOService::Observe (this=0x820d8f0, subject=0x81aed3c,
topic=0xb7f3a9c3 "xpcom-shutdown", data=0x0)
    at nsIOService.cpp:688
#7  0xb7e946b8 in nsObserverService::NotifyObservers (this=0x82c02d8,
aSubject=0x81aed3c, 
    aTopic=0xb7f3a9c3 "xpcom-shutdown", someData=0x0) at nsObserverService.cpp:208
#8  0xb7e81b4b in NS_ShutdownXPCOM (servMgr=0x0) at nsXPComInit.cpp:765
#9  0xb7f98630 in NS_TermEmbedding () at nsEmbedAPI.cpp:173
#10 0xb7f81ab3 in EmbedPrivate::PopStartup () at EmbedPrivate.cpp:491
#11 0xb7f7f774 in gtk_moz_embed_pop_startup () at gtkmozembed2.cpp:822
#12 0x080b4fba in mozilla_init_profile ()
#13 0xb70249a5 in IA__g_object_unref (_object=0x81abf38) at gobject.c:1702
#14 0x080dbaaa in ephy_embed_shell_get_type ()
#15 0x08073934 in ephy_shell_startup ()
#16 0xb70249a5 in IA__g_object_unref (_object=0x8193ba8) at gobject.c:1702
#17 0x0808004a in ephy_window_get_notebook ()
#18 0xb70249a5 in IA__g_object_unref (_object=0x830c6c0) at gobject.c:1702
#19 0xb75a2995 in IA__gtk_propagate_event (widget=0x830c6c0, event=0x85e04c8) at
gtkmain.c:2171
#20 0xb75a2cf0 in IA__gtk_main_do_event (event=0x85e04c8) at gtkmain.c:1395
#21 0xb744658d in gdk_event_dispatch (source=0xfffffffc, callback=0,
user_data=0x0) at gdkevents-x11.c:2291
#22 0xb6fbc47e in IA__g_main_context_dispatch (context=0x816ada8) at gmain.c:1934
#23 0xb6fbf486 in g_main_context_iterate (context=0x816ada8, block=1,
dispatch=1, self=0x8140490) at gmain.c:2565
#24 0xb6fbf773 in IA__g_main_loop_run (loop=0x8174218) at gmain.c:2769
#25 0xb75a1fb6 in IA__gtk_main () at gtkmain.c:974
#26 0x08072ea0 in main ()

Thread 3 (Thread -1244415056 (LWP 15485)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb70624ab in __waitpid_nocancel () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb7ccc498 in libgnomeui_segv_handle (signum=11) at gnome-ui-init.c:749
	estatus = -1208593892
	eret = 0
	in_segv = 1
	sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask =
{__val = {3086687222, 3086638348, 
      3068616544, 1, 1, 0, 3086624796, 1192, 3086438003, 3068658364, 3068664544,
136511824, 3050548428, 3067843754, 
      3068664544, 136511824, 3086620804, 0, 0, 3050548476, 3086603366,
136511824, 3086620804, 0, 3086603268, 3050548524, 
      3086687024, 136442512, 0, 0, 3086620804, 3050548524}}, sa_flags =
-1208363817, sa_restorer = 0x821f290}
	pid = 15493
#3  0xb7f9d62d in nsProfileLock::FatalSignalHandler (signo=11) at
nsProfileLock.cpp:209
	oldact = (sigaction *) 0xb7fa3c00
#4  <signal handler called>
No symbol table info available.
#5  0xb3755da5 in NSSRWLock_LockRead (rwlock=0x0) at nssrwlk.c:209
	me = (PRThread *) 0x820e4e8
#6  0xb372f8de in SECMOD_GetReadLock (modLock=0x0) at pk11list.c:73
No locals.
#7  0xb373b304 in SECMOD_FindModuleByID (id=1) at pk11util.c:255
	mlp = (SECMODModuleList *) 0xb7df5726
	module = (SECMODModule *) 0x0
#8  0xb373b43c in SECMOD_LookupSlot (moduleID=1, slotID=2) at pk11util.c:305
	module = (SECMODModule *) 0xb665f52d
	slot = (PK11SlotInfo *) 0xb6e802bc
#9  0xb3642da7 in ssl3_ClientAuthTokenPresent (sid=0x872f048) at ssl3con.c:1634
	slot = (PK11SlotInfo *) 0x0
	isPresent = 1
#10 0xb3642fca in ssl3_SendRecord (ss=0x87d2770, type=content_alert,
buf=0xb5d3b256 "\001", bytes=2, flags=0)
    at ssl3con.c:1695
	cwSpec = (ssl3CipherSpec *) 0xb5d3bbb0
	write = (sslBuffer *) 0x87d2788
	cipher_def = (const ssl3BulkCipherDef *) 0xb7df1202
	rv = 1
	bufSize = 0
	sent = 0
	cipherBytes = -1
	isBlocking = 0
	ssl3WasNull = 0
#11 0xb36439bb in SSL3_SendAlert (ss=0x87d2770, level=alert_warning,
desc=close_notify) at ssl3con.c:2027
	sent = 142429752
	bytes = "\001"
	rv = SECSuccess
#12 0xb365c829 in ssl_SecureClose (ss=0x87d2770) at sslsecur.c:901
	rv = 0
#13 0xb36623fd in ssl_Close (fd=0x87d26a8) at sslsock.c:1204
	ss = (sslSocket *) 0x87d2770
	rv = PR_SUCCESS
#14 0xb35dcff4 in nsSSLIOLayerClose (fd=0x87d26a8) at nsNSSIOLayer.cpp:921
	locker = {<No data fields>}
	popped = (PRFileDesc *) 0x87d4eb0
	infoObject = (nsNSSSocketInfo *) 0x87d26e8
	status = 142419240
#15 0xb7dd473b in PR_Close (fd=0x87d26a8) at priometh.c:133
No locals.
#16 0xb66cb06f in nsSocketTransport::ReleaseFD_Locked (this=0x87d2408,
fd=0x87d26a8) at nsSocketTransport2.cpp:1270
No locals.
#17 0xb66cdfdd in nsSocketTransport::OnSocketDetached (this=0x87d2408,
fd=0x87d26a8) at nsSocketTransport2.cpp:1465
	lock = {<nsAutoLockBase> = {mAddr = 0x87d2528, mDown = 0x0, mType =
nsAutoLockBase::eAutoLock}, 
  mLock = 0x87d2528, mLocked = 1}
#18 0xb66d168b in nsSocketTransportService::DetachSocket (this=0x820de28,
sock=0x820dff8)
    at nsSocketTransportService2.cpp:183
	index = 1
#19 0xb66d22d2 in nsSocketTransportService::Run (this=0x820de28) at
nsSocketTransportService2.cpp:520
	n = 1
	i = 2
	count = 3
	active = 1
#20 0xb7efcaff in nsThread::Main (arg=0x820e468) at nsThread.cpp:118
	self = (nsThread *) 0x820e468
	rv = 0
#21 0xb7df8190 in _pt_root (arg=0x820e4e8) at ptthread.c:214
	rv = 0
	thred = (PRThread *) 0x820e4e8
	detached = 0
#22 0xb705c361 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#23 0xb6e1edbe in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 2 (Thread -1266697296 (LWP 15487)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb705ef0c in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb7df08ed in pt_TimedWait (cv=0x8682824, ml=0x86827c0, timeout=8997) at
ptsynch.c:264
	rv = -1210086574
	now = {tv_sec = 1124663073, tv_usec = 527692}
	tmo = {tv_sec = 1124663082, tv_nsec = 524692000}
	ticks = 1000
#3  0xb7df0e0b in PR_WaitCondVar (cvar=0x8682820, timeout=8997) at ptsynch.c:391
	rv = 1124663073
	thred = (PRThread *) 0x8680158
#4  0xb7f00083 in TimerThread::Run (this=0x86826f8) at TimerThread.cpp:285
	waitFor = 8997
	lock = {<nsAutoLockBase> = {mAddr = 0x86827c0, mDown = 0x0, mType = eAutoLock},
mLock = 0x86827c0, mLocked = 1}
#5  0xb7efcaff in nsThread::Main (arg=0x867e6d0) at nsThread.cpp:118
	self = (nsThread *) 0x867e6d0
	rv = 0
#6  0xb7df8190 in _pt_root (arg=0x8680158) at ptthread.c:214
	rv = 0
	thred = (PRThread *) 0x8680158
	detached = 0
#7  0xb705c361 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#8  0xb6e1edbe in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 1 (Thread -1227946304 (LWP 15484)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb705d23d in pthread_join () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb7df8a98 in PR_JoinThread (thred=0x820e4e8) at ptthread.c:578
	id = 3050552240
	rv = -1
	result = (void *) 0x0
#3  0xb7efc12d in nsThread::Join (this=0x820e468) at nsThread.cpp:178
	status = PR_SUCCESS
#4  0xb66d1ee7 in nsSocketTransportService::Shutdown (this=0x820de28) at
nsSocketTransportService2.cpp:419
No locals.
#5  0xb66ad7db in nsIOService::SetOffline (this=0x820d8f0, offline=1) at
nsIOService.cpp:524
	offlineString = {<nsString> = {<nsSubstring> = {<nsAString> = {mVTable =
0xb7f5c088, mData = 0xb679274c, 
        mLength = 7, mFlags = 1}, <No data fields>}, <No data fields>}, <No data
fields>}
	observerService = {mRawPtr = 0x82c02d8}
	rv = 0
#6  0xb66ad642 in nsIOService::Observe (this=0x820d8f0, subject=0x81aed3c,
topic=0xb7f3a9c3 "xpcom-shutdown", data=0x0)
    at nsIOService.cpp:688
No locals.
#7  0xb7e946b8 in nsObserverService::NotifyObservers (this=0x82c02d8,
aSubject=0x81aed3c, 
    aTopic=0xb7f3a9c3 "xpcom-shutdown", someData=0x0) at nsObserverService.cpp:208
	observer = {mRawPtr = 0x820d8f4}
	rv = 0
	observers = {mRawPtr = 0x82300f8}
	observerRef = {<nsCOMPtr_base> = {mRawPtr = 0x820d8f0}, <No data fields>}
	loop = 1
#8  0xb7e81b4b in NS_ShutdownXPCOM (servMgr=0x0) at nsXPComInit.cpp:765
	mgr = {mRawPtr = 0x81aed3c}
	observerService = {mRawPtr = 0x82c02d8}
	rv = 0
	currentQ = {mRawPtr = 0x1}
#9  0xb7f98630 in NS_TermEmbedding () at nsEmbedAPI.cpp:173
	rv = 3086583216
#10 0xb7f81ab3 in EmbedPrivate::PopStartup () at EmbedPrivate.cpp:491
No locals.
#11 0xb7f7f774 in gtk_moz_embed_pop_startup () at gtkmozembed2.cpp:822
No locals.
#12 0x080b4fba in mozilla_init_profile ()
No symbol table info available.
#13 0xb70249a5 in IA__g_object_unref (_object=0x81abf38) at gobject.c:1702
	object = (GObject *) 0x81abf38
	__PRETTY_FUNCTION__ = "IA__g_object_unref"
#14 0x080dbaaa in ephy_embed_shell_get_type ()
No symbol table info available.
#15 0x08073934 in ephy_shell_startup ()
No symbol table info available.
#16 0xb70249a5 in IA__g_object_unref (_object=0x8193ba8) at gobject.c:1702
	object = (GObject *) 0x8193ba8
	__PRETTY_FUNCTION__ = "IA__g_object_unref"
#17 0x0808004a in ephy_window_get_notebook ()
No symbol table info available.
#18 0xb70249a5 in IA__g_object_unref (_object=0x830c6c0) at gobject.c:1702
	object = (GObject *) 0x830c6c0
	__PRETTY_FUNCTION__ = "IA__g_object_unref"
#19 0xb75a2995 in IA__gtk_propagate_event (widget=0x830c6c0, event=0x85e04c8) at
gtkmain.c:2171
	window = (GtkWidget *) 0x830c6c0
	handled_event = #0  0xffffe410 in __kernel_vsyscall ()
wtc: i'm sorry, at best i'm willing at accept this as a psm bug, but leaving it
assigned to Camino isn't fair.
Assignee: pinkerton → kaie.bugs
Component: General → Security: PSM
OS: MacOS X → All
Product: Camino → Core
Hardware: Macintosh → All
Target Milestone: Camino1.0 → ---
Version: unspecified → Trunk
I'm seeing this every time I run Camino, now that I'm excercising more PSM APIs.
We have to fix this for Camino 1.0.
Flags: blocking1.8b4?
The issue seems to be that PSM needs all the http connections to be cleaned up
(by the observer notification here:

http://lxr.mozilla.org/mozilla/source/netwerk/protocol/http/src/nsHttpHandler.cpp#1679

before the xpcom shutdown notification comes.

Two places fire that notification:
http://lxr.mozilla.org/mozilla/source/profile/src/nsProfile.cpp#1196
http://lxr.mozilla.org/mozilla/source/toolkit/xre/nsXREDirProvider.cpp#619

and neither run in embedding apps.
Summary: Camino repeatably crashes on Quit if an OpenSC PKCS11 module has been used during session [@ NSSRWLock_LockRead] → Camino crashes on Quit if an OpenSC PKCS11 module has been used during session [@ NSSRWLock_LockRead] - profile shutdown issue.
Simon can you elaborate on Camino's schedule. Are you guys shipping 1.0 from
1.8b4 or can this wait for 1.8b5 (Firefox Beta 2). 
We'll be doing Camino 1.0 after 1.8b4, so this isn't critical for 1.8b4.

I also think that it's a profile manager issue; we need to make sure that the
same notifications are sent out for embedding apps which use a single profile as
in the multi-profile case.

We can also put a workaround in the Camino code:

 void CHBrowserService::ShutDown()
 {
   NS_ASSERTION(sCanTerminate, "Should be able to terminate here!");
+
+  nsCOMPtr<nsIObserverService> observerService =
do_GetService("@mozilla.org/observer-service;1");
+  if (observerService)
+    observerService->NotifyObservers(nsnull, "profile-change-net-teardown",
nsnull);
   
   // phase 2 notifcation (we really are about to terminate)
   [[NSNotificationCenter defaultCenter]
postNotificationName:XPCOMShutDownNotificationName object:nil];
Assignee: kaie.bugs → nobody
Component: Security: PSM → Profile: BackEnd
QA Contact: profile-manager-backend
Flags: blocking1.8b4? → blocking1.8b5+
Per comment 13 removing from 1.8b5 blocker list.
Flags: blocking1.8b5+ → blocking1.8b5-
There should now be a temporary fix in OpenSC for this.
(It was an issue with Firefox 1.5 as well)

Pls. see http://www.opensc-project.org/opensc/ticket/72
for more info.

-- Stef
The cited OpenSC bug says (in part):

> The problem is currently that one thread could do a C_Finalize() which 
> causes the sc_context_t struct to be released. But if another thread is 
> still waiting in C_WaitForSlotEvent(), it will call/work with an invalid 
> sc_context_t (-> crash, ...)

> This is the case in e.g. Firefox 1.5 which switched from polling for slot 
> events in the main thread, to opening a new thread and doing a 
> C_WaitForSlotEvent() in that thread.

This suggests that there are problems to be fixed in NSS *AND* in the calling
applications.

There should be no PKCS11 calls outstanding (that is, in progress) on a module  when C_Finalize is called on that module, and NO PKCS11 calls should be made to a module after C_Finalize is called on it.  

NSS calls C_Finalize when the application tells it to do so.  So, if (as stated above) C_finalize is being called while C_WaitForSlotEvent is in progress, 
then (a) the appliation should not do that, and (b) NSS should detect it.

Unless the appliation is making some PKSC11 calls directly to the module (bypassing NSS) and others through NSS (so that NSS cannot determine if 
there are other calls outstanding) NSS could (I think) and probably should 
detect that the module is in use, when it is asked to finalize a module.

When it detects this condition, it should either (a) return an error code 
without calling C_Finalize, or (b) wait until the module is not in use and 
then call C_Finalize.  

I'd suggest that a second bug be filed against NSS, and leave this bug 
filed against camino and/or FF 1.5.  Is this a PSM bug?
Nelson... except this case.

NSS should not call C_WaitForSlotEvent if the slot has been finalized, but it can and should call C_Finalize if C_WaitForSlotEvent is still active.

To quote the PKCS #11 spec:

"If a thread of an application has C_WaitForSlotEvent call balocking when another thread of that aplication calls C_Finalize, the C_WaitForSlotEvent call returns the vallue CKR_CRYPOKI_NOT_INITIALIZED". 

Currently the only documented way for software to force C_WaitForSlotEvent to return is to call C_Finalize.

bob
Crash Signature: [@ NSSRWLock_LockRead]
I have been having a similar problem. 2 issues:

1) Camino freezes on quit preventing shutdown 

2) fb won't accept photos. Says it 'Can't process request now, try again later." But it works in Chrome.

I am on 10.6.8. 2008 Mac Pro Desktop. Camino 2.1.2
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.