Closed
Bug 292699
Opened 19 years ago
Closed 11 years ago
Camino crashes on Quit if an OpenSC PKCS11 module has been used during session [@ NSSRWLock_LockRead] - profile shutdown issue.
Categories
(Core Graveyard :: Profile: BackEnd, defect, P2)
Core Graveyard
Profile: BackEnd
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: mihkel, Unassigned)
References
Details
(Keywords: crash)
Crash Data
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 Build Identifier: 2005042806 (v0.8.4) Camino crahses on Quit if OpenSC (http://www.opensc.org/) PKCS11 module has been used for authentication during browsing. The same module works OK with Firefox. Reproducible: Always Steps to Reproduce: 1. Compile and install OpenSC smart card reader software 2. Add OpenSC's opensc-pkcs11.so to Camino's secmod.db using Mozilla's modutil. 3. Access some web site that requires smart card authentication - it works ok. 4. Issue "Quit Camino" command Actual Results: Camino crashes before quitting Expected Results: Quitted silently and happily :-) Although the problem is probablt not exactly UI related I still post the bug here, because the same opensc-pkcs11.so module works ok with Firefox (that should have identical security layer). Please let me know what do you think of it (is it known already, any estimates for fix? etc). Also: if you think it would be helpful, I could also try to build Camino myself and run it under debugger. Below is the crash log: Date/Time: 2005-05-03 09:01:01 +0300 OS Version: 10.3.9 (Build 7W98) Report Version: 2 Command: Camino Path: /Applications/Camino.app/Contents/MacOS/Camino Version: 0.8.4 (0.8.4) PID: 5866 Thread: 3 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0: 0 libSystem.B.dylib 0x900147a8 semaphore_wait_trap + 0x8 1 libSystem.B.dylib 0x90039780 pthread_join + 0xfc 2 libnspr4.dylib 0x00e22a20 PR_JoinThread + 0x7c 3 libxpcom.dylib 0x05043d38 nsThread::Join() + 0x1c 4 org.mozilla.navigator 0x000ad590 nsSocketTransportService::Shutdown() + 0x98 5 org.mozilla.navigator 0x0007885c nsIOService::SetOffline(int) + 0x11c 6 org.mozilla.navigator 0x00079014 nsIOService::Observe(nsISupports*, char const*, unsigned short const*) + 0x190 7 libxpcom.dylib 0x0500b1fc nsObserverService::NotifyObservers(nsISupports*, char const*, unsigned short const*) + 0x10c 8 libxpcom.dylib 0x0500331c NS_ShutdownXPCOM + 0xdc 9 org.mozilla.navigator 0x00068240 NS_TermEmbedding + 0x68 10 org.mozilla.navigator 0x0001f1b8 -[CHBrowserView destroyWebBrowser] + 0xc4 11 org.mozilla.navigator 0x0000aa38 -[BrowserWrapper windowClosed] + 0x3c 12 org.mozilla.navigator 0x00012454 -[BrowserWindowController windowWillClose:] + 0x11c 13 <<00000000>> 0x90a27b14 0 + 0x90a27b14 14 com.apple.CoreFoundation 0x901da5a0 __CFXNotificationPost + 0x1b4 15 com.apple.CoreFoundation 0x901defb0 _CFXNotificationPostNotification + 0x340 16 <<00000000>> 0x90a25960 0 + 0x90a25960 17 <<00000000>> 0x92f1a1b8 0 + 0x92f1a1b8 18 <<00000000>> 0x92f7118c 0 + 0x92f7118c 19 <<00000000>> 0x90a27a0c 0 + 0x90a27a0c 20 <<00000000>> 0x92f71984 0 + 0x92f71984 21 <<00000000>> 0x92f5e3a8 0 + 0x92f5e3a8 22 <<00000000>> 0x92f27c30 0 + 0x92f27c30 23 <<00000000>> 0x92f5d450 0 + 0x92f5d450 24 <<00000000>> 0x92fa1cf0 0 + 0x92fa1cf0 25 <<00000000>> 0x92fa8620 0 + 0x92fa8620 26 <<00000000>> 0x92f876d8 0 + 0x92f876d8 27 <<00000000>> 0x92ea4d54 0 + 0x92ea4d54 28 <<00000000>> 0x92ead5e4 0 + 0x92ead5e4 29 <<00000000>> 0x92f69cc4 0 + 0x92f69cc4 30 org.mozilla.navigator 0x0000a308 _start + 0x17c 31 org.mozilla.navigator 0x0000a188 start + 0x30 Thread 1: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 com.unsanity.ape 0xc0002544 __ape_internal + 0xca4 3 com.unsanity.ape 0xc0001330 __ape_agent + 0x40 4 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 2: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 com.apple.CoreFoundation 0x901c16e0 __CFRunLoopRun + 0x350 3 com.apple.CoreFoundation 0x901c5e6c CFRunLoopRunSpecific + 0x148 4 com.apple.audio.CoreAudio 0x90732f80 HALRunLoop::OwnThread(void*) + 0x104 5 com.apple.audio.CoreAudio 0x907391e0 CAPThread::Entry(CAPThread*) + 0x30 6 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 3 Crashed: 0 libnss3.dylib 0x0703a838 NSSRWLock_LockRead + 0x1c 1 libnss3.dylib 0x070265f0 SECMOD_FindModuleByID + 0x2c 2 libnss3.dylib 0x0702671c SECMOD_LookupSlot + 0x1c 3 libssl3.dylib 0x06003d40 ssl3_ClientAuthTokenPresent + 0x48 4 libssl3.dylib 0x06003e5c ssl3_SendRecord + 0x74 5 libssl3.dylib 0x0600441c SSL3_SendAlert + 0x98 6 libssl3.dylib 0x0601279c ssl_SecureClose + 0x78 7 org.mozilla.navigator 0x006454a8 nsSSLIOLayerClose(PRFileDesc*) + 0x78 8 org.mozilla.navigator 0x000d18a4 nsSocketTransport::ReleaseFD_Locked(PRFileDesc*) + 0x58 9 org.mozilla.navigator 0x000d1ec0 nsSocketTransport::OnSocketDetached(PRFileDesc*) + 0xec 10 org.mozilla.navigator 0x000acc74 nsSocketTransportService:: DetachSocket(nsSocketTransportService::SocketContext*) + 0x58 11 org.mozilla.navigator 0x000ad804 nsSocketTransportService::Run() + 0x148 12 libxpcom.dylib 0x05043ae0 nsThread::Main(void*) + 0x38 13 libnspr4.dylib 0x00e2246c _pt_root + 0xac 14 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 4: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 libjvm.dylib 0x9253c68c JNI_CreateJavaVM_Impl + 0x173c 3 libjvm.dylib 0x9253c624 JNI_CreateJavaVM_Impl + 0x16d4 4 libjvm.dylib 0x924fdc9c JVM_GetClassMethodsCount + 0x21c 5 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 5: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 libjvm.dylib 0x9249a89c JVM_NewInstance + 0x1fcc 3 libjvm.dylib 0x924b9f18 JVM_FillInStackTrace + 0x2b8 4 libjvm.dylib 0x924bf948 JVM_Send + 0x42e8 5 libjvm.dylib 0x9255173c JNI_CreateJavaVM_Impl + 0x167ec 6 libjvm.dylib 0x924fdc9c JVM_GetClassMethodsCount + 0x21c 7 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 6: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 libjvm.dylib 0x9249a808 JVM_NewInstance + 0x1f38 3 libjvm.dylib 0x924a2a20 JVM_ArrayCopy + 0x4d0 4 libjvm.dylib 0x924b8b48 JVM_MonitorNotify + 0x778 5 libjvm.dylib 0x924b97a8 JVM_MonitorWait + 0xd8 6 <<00000000>> 0x0e90a690 0 + 0xe90a690 7 <<00000000>> 0x0e90868c 0 + 0xe90868c 8 <<00000000>> 0x0e90868c 0 + 0xe90868c 9 <<00000000>> 0xa24a3720 typeinfo name for std::bad_exception + 0x6e7c 10 libjvm.dylib 0x9249808c JVM_CurrentTimeMillis + 0x136c 11 libjvm.dylib 0x924cd518 JVM_GetCPClassNameUTF + 0x1798 12 libjvm.dylib 0x924d2ce4 JVM_FindClassFromClass + 0x9e4 13 libjvm.dylib 0x924ec170 JVM_IsSameClassPackage + 0xfc0 14 libjvm.dylib 0x924e66d8 JVM_GetMethodIxExceptionTableEntry + 0x2058 15 libjvm.dylib 0x92577054 JVM_UnloadLibrary + 0x85c4 16 libjvm.dylib 0x924fdc9c JVM_GetClassMethodsCount + 0x21c 17 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 7: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 libjvm.dylib 0x9249a808 JVM_NewInstance + 0x1f38 3 libjvm.dylib 0x924a2a20 JVM_ArrayCopy + 0x4d0 4 libjvm.dylib 0x924b8b48 JVM_MonitorNotify + 0x778 5 libjvm.dylib 0x924b97a8 JVM_MonitorWait + 0xd8 6 <<00000000>> 0x0e90a690 0 + 0xe90a690 7 <<00000000>> 0x0e90868c 0 + 0xe90868c 8 <<00000000>> 0x0e9085cc 0 + 0xe9085cc 9 <<00000000>> 0x0e9085cc 0 + 0xe9085cc 10 <<00000000>> 0xa24a3720 typeinfo name for std::bad_exception + 0x6e7c 11 libjvm.dylib 0x9249808c JVM_CurrentTimeMillis + 0x136c 12 libjvm.dylib 0x924cd518 JVM_GetCPClassNameUTF + 0x1798 13 libjvm.dylib 0x924d2ce4 JVM_FindClassFromClass + 0x9e4 14 libjvm.dylib 0x924ec170 JVM_IsSameClassPackage + 0xfc0 15 libjvm.dylib 0x924e66d8 JVM_GetMethodIxExceptionTableEntry + 0x2058 16 libjvm.dylib 0x92577054 JVM_UnloadLibrary + 0x85c4 17 libjvm.dylib 0x924fdc9c JVM_GetClassMethodsCount + 0x21c 18 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 8: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 libjvm.dylib 0x9249a89c JVM_NewInstance + 0x1fcc 3 libjvm.dylib 0x924a1a04 JVM_GetClassLoader + 0x1824 4 libjvm.dylib 0x924a17a4 JVM_GetClassLoader + 0x15c4 5 libjvm.dylib 0x924fdc9c JVM_GetClassMethodsCount + 0x21c 6 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 9: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 libjvm.dylib 0x9249a808 JVM_NewInstance + 0x1f38 3 libjvm.dylib 0x924b9f70 JVM_FillInStackTrace + 0x310 4 libjvm.dylib 0x92553b20 JVM_InitProperties + 0x1b10 5 libjvm.dylib 0x92553920 JVM_InitProperties + 0x1910 6 libjvm.dylib 0x92577054 JVM_UnloadLibrary + 0x85c4 7 libjvm.dylib 0x924fdc9c JVM_GetClassMethodsCount + 0x21c 8 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 10: 0 libSystem.B.dylib 0x90007878 mach_msg_trap + 0x8 1 libSystem.B.dylib 0x900073f8 mach_msg + 0x38 2 libjvm.dylib 0x9249a808 JVM_NewInstance + 0x1f38 3 libjvm.dylib 0x924b9f70 JVM_FillInStackTrace + 0x310 4 libjvm.dylib 0x924e22b0 JVM_StartThread + 0x580 5 libjvm.dylib 0x924d0e04 JVM_FindLoadedClass + 0xa44 6 libjvm.dylib 0x92577054 JVM_UnloadLibrary + 0x85c4 7 libjvm.dylib 0x924fdc9c JVM_GetClassMethodsCount + 0x21c 8 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 11: 0 libSystem.B.dylib 0x90018e18 semaphore_timedwait_signal_trap + 0x8 1 libSystem.B.dylib 0x9000e9d4 _pthread_cond_wait + 0x268 2 libnspr4.dylib 0x00e1d38c pt_TimedWait + 0xa8 3 libnspr4.dylib 0x00e1d5f0 PR_WaitCondVar + 0x88 4 libxpcom.dylib 0x050465f4 TimerThread::Run() + 0x1ac 5 libxpcom.dylib 0x05043ae0 nsThread::Main(void*) + 0x38 6 libnspr4.dylib 0x00e2246c _pt_root + 0xac 7 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 Thread 12: 0 libSystem.B.dylib 0x900171d8 semaphore_wait_signal_trap + 0x8 1 libSystem.B.dylib 0x9000e9dc _pthread_cond_wait + 0x270 2 <<00000000>> 0x90a7c614 0 + 0x90a7c614 3 <<00000000>> 0x92e7a65c 0 + 0x92e7a65c 4 <<00000000>> 0x90a6a538 0 + 0x90a6a538 5 libSystem.B.dylib 0x90024910 _pthread_body + 0x28 PPC Thread State: srr0: 0x0703a838 srr1: 0x0000d030 vrsave: 0x00000000 cr: 0x44002434 xer: 0x20000000 lr: 0x0703a834 ctr: 0x900019c0 r0: 0x0703a834 r1: 0xf01129a0 r2: 0x00e3aa4c r3: 0x019ede20 r4: 0x00000048 r5: 0x00000060 r6: 0x00000002 r7: 0x00000000 r8: 0x044ba7f0 r9: 0x0338bc20 r10: 0x008e6824 r11: 0x00e38d04 r12: 0x900019c0 r13: 0x00000000 r14: 0x00000000 r15: 0x00000000 r16: 0x00000000 r17: 0x00000000 r18: 0x00000000 r19: 0x00000015 r20: 0x00000000 r21: 0x00000000 r22: 0x00000000 r23: 0xf0112bd0 r24: 0x00000002 r25: 0x0ab62600 r26: 0x00000001 r27: 0x00000001 r28: 0x070665cc r29: 0x019ede20 r30: 0x00000000 r31: 0x070265cc Binary Images Description: 0x1000 - 0x860fff org.mozilla.navigator 0.8.4 /Applications/Camino.app/Contents/MacOS/ Camino 0xcf5000 - 0xcfbfff com.rogueamoeba.Detour Detour version 1.5.2 (1.5.2) /Library/Application Enhancers/Detour.ape/Contents/MacOS/Detour 0xe05000 - 0xe37fff libnspr4.dylib /Applications/Camino.app/Contents/MacOS/libnspr4.dylib 0xeae000 - 0xeaffff com.apple.aoa.halplugin 2.5.0 /System/Library/Extensions/ IOAudioFamily.kext/Contents/PlugIns/AOAHALPlugin.bundle/Contents/MacOS/AOAHALPlugin 0xf16000 - 0xf52fff com.apple.iSightAudio 6.5.2 /Library/Audio/Plug-Ins/HAL/iSightAudio.plugin/ Contents/MacOS/iSightAudio 0xf8d000 - 0xf8ffff com.unsanity.menuextraenabler Menu Extra Enabler version 1.0.1 (1.0.1) /Library/InputManagers/Menu Extra Enabler/Menu Extra Enabler.bundle/Contents/MacOS/Menu Extra Enabler 0xf9f000 - 0xf9f3c2 Java Applet Plugin Enablerò¿ PEF binary: Java Applet Plugin Enablerò¿ 0x1ce5000 - 0x1dcbfff com.divxnetworks.DivXCodec 5.1.1 /Library/QuickTime/DivX Pro 5.component/Contents/MacOS/DivX Pro 5 0x1ecb000 - 0x1ef5fff com.adobe.acrobat.pdfviewer 7.0.0 /Library/Internet Plug-Ins/ AdobePDFViewer.plugin/Contents/MacOS/AdobePDFViewer 0x1f03000 - 0x1f4e9b1 CarbonLibpwpc PEF binary: CarbonLibpwpc 0x1f7a000 - 0x1f86fff com.apple.JavaAppletPlugin 1.2.0 /Library/Internet Plug-Ins/Java Applet.plugin/Contents/MacOS/Java Applet 0x2000000 - 0x200dfff libplds4.dylib /Applications/Camino.app/Contents/MacOS/libplds4.dylib 0x3000000 - 0x300efff libplc4.dylib /Applications/Camino.app/Contents/MacOS/libplc4.dylib 0x3333c90 - 0x3333d42 CFMPriv_CoreFoundation PEF binary: CFMPriv_CoreFoundation 0x3336e10 - 0x3336e87 CFMPriv_System PEF binary: CFMPriv_System 0x3337100 - 0x33371d0 CFMPriv_CarbonSound PEF binary: CFMPriv_CarbonSound 0x3337240 - 0x3337313 CFMPriv_CommonPanels PEF binary: CFMPriv_CommonPanels 0x33373e0 - 0x333749b CFMPriv_Help PEF binary: CFMPriv_Help 0x33374a0 - 0x333756a CFMPriv_HIToolbox PEF binary: CFMPriv_HIToolbox 0x33375e0 - 0x33376b6 CFMPriv_HTMLRendering3pê3q‡ PEF binary: CFMPriv_HTMLRendering3pê3q‡ 0x3337720 - 0x33377f3 CFMPriv_ImageCapture PEF binary: CFMPriv_ImageCapture 0x3337870 - 0x3337955 CFMPriv_NavigationServices PEF binary: CFMPriv_NavigationServices 0x33379c0 - 0x3337a96 CFMPriv_OpenScriptingMacBLib PEF binary: CFMPriv_OpenScriptingMacBLib 0x3337b60 - 0x3337c1e CFMPriv_Print PEF binary: CFMPriv_Print 0x3337c30 - 0x3337cfd CFMPriv_SecurityHI PEF binary: CFMPriv_SecurityHI 0x3337d70 - 0x3337e52 CFMPriv_SpeechRecognition PEF binary: CFMPriv_SpeechRecognition 0x3337ec0 - 0x3337f93 CFMPriv_CarbonCore PEF binary: CFMPriv_CarbonCore 0x3338000 - 0x33380d3 CFMPriv_OSServices PEF binary: CFMPriv_OSServices 0x33381a0 - 0x3338262 CFMPriv_AE PEF binary: CFMPriv_AE 0x3338270 - 0x3338335 CFMPriv_ATS PEF binary: CFMPriv_ATS 0x33383a0 - 0x3338477 CFMPriv_ColorSync PEF binary: CFMPriv_ColorSync 0x33384f0 - 0x33385d3 CFMPriv_FindByContent3up3† PEF binary: CFMPriv_FindByContent3up3† 0x3338640 - 0x333871a CFMPriv_HIServices PEF binary: CFMPriv_HIServices 0x3338780 - 0x3338860 CFMPriv_LangAnalysis PEF binary: CFMPriv_LangAnalysis 0x33388e0 - 0x33389c6 CFMPriv_LaunchServices PEF binary: CFMPriv_LaunchServices 0x3338a90 - 0x3338b67 CFMPriv_PrintCore PEF binary: CFMPriv_PrintCore 0x3338b70 - 0x3338c32 CFMPriv_QD PEF binary: CFMPriv_QD 0x3338d20 - 0x3338e09 CFMPriv_SpeechSynthesis PEF binary: CFMPriv_SpeechSynthesis 0x3fcc000 - 0x3fcefff com.apple.PDFImporter 1.3.1 (???) /System/Library/Components/ PDFImporter.component/Contents/MacOS/PDFImporter 0x3fdc000 - 0x3fddfff org.mozilla.camino.AddressBookManager ??? (0.0.1d1) /Applications/Camino.app/Contents/Resources/AddressBookManager.bundle/Contents/MacOS/ AddressBookManager 0x3fe6000 - 0x3fe8fff com.apple.textencoding.unicode 1.6.4 /System/Library/TextEncodings/Unicode Encodings.bundle/Contents/MacOS/Unicode Encodings 0x4000000 - 0x4068fff libmozjs.dylib /Applications/Camino.app/Contents/MacOS/libmozjs.dylib 0x4a23000 - 0x4a26fff libscconf.1.dylib /usr/local/lib/libscconf.1.dylib 0x4aed000 - 0x4b05fff opensc-pkcs11.so /usr/local/lib/pkcs11/opensc-pkcs11.so 0x4baf000 - 0x4bc3fff libpkcs15init.1.dylib /usr/local/lib/libpkcs15init.1.dylib 0x4c70000 - 0x4cbffff libopensc.1.dylib /usr/local/lib/libopensc.1.dylib 0x5000000 - 0x5082fff libxpcom.dylib /Applications/Camino.app/Contents/MacOS/libxpcom.dylib 0x6000000 - 0x601afff libssl3.dylib /Applications/Camino.app/Contents/MacOS/libssl3.dylib 0x7000000 - 0x705dfff libnss3.dylib /Applications/Camino.app/Contents/MacOS/libnss3.dylib 0x8000000 - 0x801dfff libsmime3.dylib /Applications/Camino.app/Contents/MacOS/ libsmime3.dylib 0x9000000 - 0x9079fff libsoftokn3.dylib /Applications/Camino.app/Contents/MacOS/ libsoftokn3.dylib 0xa000000 - 0xa019fff libxpcom_compat.dylib /Applications/Camino.app/Contents/MacOS/ libxpcom_compat.dylib 0x30000000 - 0x30004fff ??? SharedMenusCocoa version 0.3 (0.0.3) /Applications/Camino.app/Contents/MacOS/../Frameworks/SharedMenusCocoa.framework/ Versions/A/SharedMenusCocoa 0x80830000 - 0x8090efff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x83b2c000 - 0x83b38fff com.apple.agl 2.5 (AGL-2.5) /System/Library/Frameworks/ AGL.framework/Versions/A/AGL 0x84660000 - 0x84669fff libz.1.1.3.dylib /usr/lib/libz.1.1.3.dylib 0x86e60000 - 0x86e6afff com.apple.pcsc 4.2 (15.2) /System/Library/Frameworks/ PCSC.framework/Versions/A/PCSC 0x8b0c0000 - 0x8b788fff com.apple.QuickTimeComponents.component 6.5.2 /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/ QuickTimeComponents 0x8eea0000 - 0x8eeb6fff libJapaneseConverter.dylib /System/Library/CoreServices/Encodings/ libJapaneseConverter.dylib 0x8f020000 - 0x8f02efff com.apple.JavaEmbedding 1.0.4 /System/Library/Frameworks/ JavaEmbedding.framework/Versions/A/JavaEmbedding 0x8fe00000 - 0x8fe4ffff dyld /usr/lib/dyld 0x90000000 - 0x9014ffff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901c0000 - 0x9026dfff com.apple.CoreFoundation 6.3.7 (299.35) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x902b0000 - 0x90529fff com.apple.CoreServices.CarbonCore 10.3.7 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ CarbonCore.framework/Versions/A/CarbonCore 0x90584000 - 0x905f3fff com.apple.framework.IOKit 1.3.6 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90610000 - 0x9069afff com.apple.CoreServices.OSServices 3.0.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ OSServices.framework/Versions/A/OSServices 0x90700000 - 0x90700fff com.apple.CoreServices 10.3 (???) /System/Library/Frameworks/ CoreServices.framework/Versions/A/CoreServices 0x90720000 - 0x90787fff com.apple.audio.CoreAudio 2.1.2 /System/Library/Frameworks/ CoreAudio.framework/Versions/A/CoreAudio 0x92490000 - 0x92616fff libjvm.dylib /System/Library/Frameworks/JavaVM.framework/Versions/ 1.3.1/Libraries/libjvm.dylib 0xc0000000 - 0xc000efff com.unsanity.ape 1.4.4 /Library/Frameworks/ ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer
Assignee: dveditz → wtchang
Component: Security → Libraries
Keywords: crash
Product: Camino → NSS
QA Contact: camino → bishakhabanerjee
Summary: Camino repeatably crashes on Quit if an OpenSC PKCS11 module has been used during session → Camino repeatably crashes on Quit if an OpenSC PKCS11 module has been used during session [@ NSSRWLock_LockRead]
Comment 1•19 years ago
|
||
This should be investigated as a Camino bug. It crashed in NSS's SSL library (thread 3), but it is most likely because Camino already shut down NSS at that time. Thread 3 crashed in the NSSRWLock_LockRead function. The most likely readon is that the argument to the function, moduleLock, was NULL, and moduleLock is destroyed and set to NULL in SECMOD_Shutdown: http://lxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11util.c#76
Assignee: wtchang → pinkerton
Component: Libraries → General
Product: NSS → Camino
QA Contact: bishakhabanerjee
Comment 2•19 years ago
|
||
Mihkel: it would help if you could make a Camino debug build and run it inside a debugger to get more detailed thread stack traces. Thanks. Does anyone know whether NSS has been shut down when NS_ShutdownXPCOM is called by Camino? In the Mozilla clients, NSS is initialized and shut down by the nsNSSComponent. http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSComponent.cpp#1259
Comment 3•19 years ago
|
||
i'm not certain this is critcal per se, since not too many camino users would be using OpenSC (or even understand what it is) but....
Target Milestone: --- → Camino1.0
Comment 4•19 years ago
|
||
I wonder if it's related to: ###!!! ASSERTION: nsNSSComponent relies on profile manager to wait for synchronous shutdown of all network activity: 'isNetworkDown', file ../../../../../../mozilla/security/manager/ssl/src/nsNSSComponent.cpp, line 1578 Break: at file ../../../../../../mozilla/security/manager/ssl/src/nsNSSComponent.cpp, line 1578 WARNING: nsExceptionService ignoring thread destruction after shutdown, file ../../../../mozilla/xpcom/base/nsExceptionService.cpp, line 191
Comment 5•19 years ago
|
||
While it may have to do with something in the OpenSC PKCS #11 module, it looks to me more like a race condition that OpenSC just makes worse. As such it should probably be tracked down. If PSM is being shutdown before you've closed all your connections, that certainly could cause a problem. bob
I get basically the same crash stack when I quit Camino if I have been logged on to <URL:https://www.skandiabanken.no/>. This is related to a recent update of the bank's site since older versions of Camino (including the venerable 0.8-series) also crashes (which they didn't a few days ago).
Status: UNCONFIRMED → NEW
Ever confirmed: true
*** Bug 301464 has been marked as a duplicate of this bug. ***
Updated•19 years ago
|
Priority: -- → P2
Comment 8•19 years ago
|
||
epiphany crashes too with the same assertion and this backtrace: Backtrace was generated from '/usr/bin/epiphany' (no debugging symbols found) Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (no debugging symbols found) `system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols. [Thread debugging using libthread_db enabled] [New Thread -1227946304 (LWP 15484)] [New Thread -1266697296 (LWP 15487)] [New Thread -1244415056 (LWP 15485)] 0xffffe410 in __kernel_vsyscall () #0 0xffffe410 in __kernel_vsyscall () #1 0xb705d23d in pthread_join () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7df8a98 in PR_JoinThread (thred=0x820e4e8) at ptthread.c:578 #3 0xb7efc12d in nsThread::Join (this=0x820e468) at nsThread.cpp:178 #4 0xb66d1ee7 in nsSocketTransportService::Shutdown (this=0x820de28) at nsSocketTransportService2.cpp:419 #5 0xb66ad7db in nsIOService::SetOffline (this=0x820d8f0, offline=1) at nsIOService.cpp:524 #6 0xb66ad642 in nsIOService::Observe (this=0x820d8f0, subject=0x81aed3c, topic=0xb7f3a9c3 "xpcom-shutdown", data=0x0) at nsIOService.cpp:688 #7 0xb7e946b8 in nsObserverService::NotifyObservers (this=0x82c02d8, aSubject=0x81aed3c, aTopic=0xb7f3a9c3 "xpcom-shutdown", someData=0x0) at nsObserverService.cpp:208 #8 0xb7e81b4b in NS_ShutdownXPCOM (servMgr=0x0) at nsXPComInit.cpp:765 #9 0xb7f98630 in NS_TermEmbedding () at nsEmbedAPI.cpp:173 #10 0xb7f81ab3 in EmbedPrivate::PopStartup () at EmbedPrivate.cpp:491 #11 0xb7f7f774 in gtk_moz_embed_pop_startup () at gtkmozembed2.cpp:822 #12 0x080b4fba in mozilla_init_profile () #13 0xb70249a5 in IA__g_object_unref (_object=0x81abf38) at gobject.c:1702 #14 0x080dbaaa in ephy_embed_shell_get_type () #15 0x08073934 in ephy_shell_startup () #16 0xb70249a5 in IA__g_object_unref (_object=0x8193ba8) at gobject.c:1702 #17 0x0808004a in ephy_window_get_notebook () #18 0xb70249a5 in IA__g_object_unref (_object=0x830c6c0) at gobject.c:1702 #19 0xb75a2995 in IA__gtk_propagate_event (widget=0x830c6c0, event=0x85e04c8) at gtkmain.c:2171 #20 0xb75a2cf0 in IA__gtk_main_do_event (event=0x85e04c8) at gtkmain.c:1395 #21 0xb744658d in gdk_event_dispatch (source=0xfffffffc, callback=0, user_data=0x0) at gdkevents-x11.c:2291 #22 0xb6fbc47e in IA__g_main_context_dispatch (context=0x816ada8) at gmain.c:1934 #23 0xb6fbf486 in g_main_context_iterate (context=0x816ada8, block=1, dispatch=1, self=0x8140490) at gmain.c:2565 #24 0xb6fbf773 in IA__g_main_loop_run (loop=0x8174218) at gmain.c:2769 #25 0xb75a1fb6 in IA__gtk_main () at gtkmain.c:974 #26 0x08072ea0 in main () Thread 3 (Thread -1244415056 (LWP 15485)): #0 0xffffe410 in __kernel_vsyscall () No symbol table info available. #1 0xb70624ab in __waitpid_nocancel () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #2 0xb7ccc498 in libgnomeui_segv_handle (signum=11) at gnome-ui-init.c:749 estatus = -1208593892 eret = 0 in_segv = 1 sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {3086687222, 3086638348, 3068616544, 1, 1, 0, 3086624796, 1192, 3086438003, 3068658364, 3068664544, 136511824, 3050548428, 3067843754, 3068664544, 136511824, 3086620804, 0, 0, 3050548476, 3086603366, 136511824, 3086620804, 0, 3086603268, 3050548524, 3086687024, 136442512, 0, 0, 3086620804, 3050548524}}, sa_flags = -1208363817, sa_restorer = 0x821f290} pid = 15493 #3 0xb7f9d62d in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:209 oldact = (sigaction *) 0xb7fa3c00 #4 <signal handler called> No symbol table info available. #5 0xb3755da5 in NSSRWLock_LockRead (rwlock=0x0) at nssrwlk.c:209 me = (PRThread *) 0x820e4e8 #6 0xb372f8de in SECMOD_GetReadLock (modLock=0x0) at pk11list.c:73 No locals. #7 0xb373b304 in SECMOD_FindModuleByID (id=1) at pk11util.c:255 mlp = (SECMODModuleList *) 0xb7df5726 module = (SECMODModule *) 0x0 #8 0xb373b43c in SECMOD_LookupSlot (moduleID=1, slotID=2) at pk11util.c:305 module = (SECMODModule *) 0xb665f52d slot = (PK11SlotInfo *) 0xb6e802bc #9 0xb3642da7 in ssl3_ClientAuthTokenPresent (sid=0x872f048) at ssl3con.c:1634 slot = (PK11SlotInfo *) 0x0 isPresent = 1 #10 0xb3642fca in ssl3_SendRecord (ss=0x87d2770, type=content_alert, buf=0xb5d3b256 "\001", bytes=2, flags=0) at ssl3con.c:1695 cwSpec = (ssl3CipherSpec *) 0xb5d3bbb0 write = (sslBuffer *) 0x87d2788 cipher_def = (const ssl3BulkCipherDef *) 0xb7df1202 rv = 1 bufSize = 0 sent = 0 cipherBytes = -1 isBlocking = 0 ssl3WasNull = 0 #11 0xb36439bb in SSL3_SendAlert (ss=0x87d2770, level=alert_warning, desc=close_notify) at ssl3con.c:2027 sent = 142429752 bytes = "\001" rv = SECSuccess #12 0xb365c829 in ssl_SecureClose (ss=0x87d2770) at sslsecur.c:901 rv = 0 #13 0xb36623fd in ssl_Close (fd=0x87d26a8) at sslsock.c:1204 ss = (sslSocket *) 0x87d2770 rv = PR_SUCCESS #14 0xb35dcff4 in nsSSLIOLayerClose (fd=0x87d26a8) at nsNSSIOLayer.cpp:921 locker = {<No data fields>} popped = (PRFileDesc *) 0x87d4eb0 infoObject = (nsNSSSocketInfo *) 0x87d26e8 status = 142419240 #15 0xb7dd473b in PR_Close (fd=0x87d26a8) at priometh.c:133 No locals. #16 0xb66cb06f in nsSocketTransport::ReleaseFD_Locked (this=0x87d2408, fd=0x87d26a8) at nsSocketTransport2.cpp:1270 No locals. #17 0xb66cdfdd in nsSocketTransport::OnSocketDetached (this=0x87d2408, fd=0x87d26a8) at nsSocketTransport2.cpp:1465 lock = {<nsAutoLockBase> = {mAddr = 0x87d2528, mDown = 0x0, mType = nsAutoLockBase::eAutoLock}, mLock = 0x87d2528, mLocked = 1} #18 0xb66d168b in nsSocketTransportService::DetachSocket (this=0x820de28, sock=0x820dff8) at nsSocketTransportService2.cpp:183 index = 1 #19 0xb66d22d2 in nsSocketTransportService::Run (this=0x820de28) at nsSocketTransportService2.cpp:520 n = 1 i = 2 count = 3 active = 1 #20 0xb7efcaff in nsThread::Main (arg=0x820e468) at nsThread.cpp:118 self = (nsThread *) 0x820e468 rv = 0 #21 0xb7df8190 in _pt_root (arg=0x820e4e8) at ptthread.c:214 rv = 0 thred = (PRThread *) 0x820e4e8 detached = 0 #22 0xb705c361 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #23 0xb6e1edbe in clone () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. Thread 2 (Thread -1266697296 (LWP 15487)): #0 0xffffe410 in __kernel_vsyscall () No symbol table info available. #1 0xb705ef0c in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #2 0xb7df08ed in pt_TimedWait (cv=0x8682824, ml=0x86827c0, timeout=8997) at ptsynch.c:264 rv = -1210086574 now = {tv_sec = 1124663073, tv_usec = 527692} tmo = {tv_sec = 1124663082, tv_nsec = 524692000} ticks = 1000 #3 0xb7df0e0b in PR_WaitCondVar (cvar=0x8682820, timeout=8997) at ptsynch.c:391 rv = 1124663073 thred = (PRThread *) 0x8680158 #4 0xb7f00083 in TimerThread::Run (this=0x86826f8) at TimerThread.cpp:285 waitFor = 8997 lock = {<nsAutoLockBase> = {mAddr = 0x86827c0, mDown = 0x0, mType = eAutoLock}, mLock = 0x86827c0, mLocked = 1} #5 0xb7efcaff in nsThread::Main (arg=0x867e6d0) at nsThread.cpp:118 self = (nsThread *) 0x867e6d0 rv = 0 #6 0xb7df8190 in _pt_root (arg=0x8680158) at ptthread.c:214 rv = 0 thred = (PRThread *) 0x8680158 detached = 0 #7 0xb705c361 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #8 0xb6e1edbe in clone () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. Thread 1 (Thread -1227946304 (LWP 15484)): #0 0xffffe410 in __kernel_vsyscall () No symbol table info available. #1 0xb705d23d in pthread_join () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #2 0xb7df8a98 in PR_JoinThread (thred=0x820e4e8) at ptthread.c:578 id = 3050552240 rv = -1 result = (void *) 0x0 #3 0xb7efc12d in nsThread::Join (this=0x820e468) at nsThread.cpp:178 status = PR_SUCCESS #4 0xb66d1ee7 in nsSocketTransportService::Shutdown (this=0x820de28) at nsSocketTransportService2.cpp:419 No locals. #5 0xb66ad7db in nsIOService::SetOffline (this=0x820d8f0, offline=1) at nsIOService.cpp:524 offlineString = {<nsString> = {<nsSubstring> = {<nsAString> = {mVTable = 0xb7f5c088, mData = 0xb679274c, mLength = 7, mFlags = 1}, <No data fields>}, <No data fields>}, <No data fields>} observerService = {mRawPtr = 0x82c02d8} rv = 0 #6 0xb66ad642 in nsIOService::Observe (this=0x820d8f0, subject=0x81aed3c, topic=0xb7f3a9c3 "xpcom-shutdown", data=0x0) at nsIOService.cpp:688 No locals. #7 0xb7e946b8 in nsObserverService::NotifyObservers (this=0x82c02d8, aSubject=0x81aed3c, aTopic=0xb7f3a9c3 "xpcom-shutdown", someData=0x0) at nsObserverService.cpp:208 observer = {mRawPtr = 0x820d8f4} rv = 0 observers = {mRawPtr = 0x82300f8} observerRef = {<nsCOMPtr_base> = {mRawPtr = 0x820d8f0}, <No data fields>} loop = 1 #8 0xb7e81b4b in NS_ShutdownXPCOM (servMgr=0x0) at nsXPComInit.cpp:765 mgr = {mRawPtr = 0x81aed3c} observerService = {mRawPtr = 0x82c02d8} rv = 0 currentQ = {mRawPtr = 0x1} #9 0xb7f98630 in NS_TermEmbedding () at nsEmbedAPI.cpp:173 rv = 3086583216 #10 0xb7f81ab3 in EmbedPrivate::PopStartup () at EmbedPrivate.cpp:491 No locals. #11 0xb7f7f774 in gtk_moz_embed_pop_startup () at gtkmozembed2.cpp:822 No locals. #12 0x080b4fba in mozilla_init_profile () No symbol table info available. #13 0xb70249a5 in IA__g_object_unref (_object=0x81abf38) at gobject.c:1702 object = (GObject *) 0x81abf38 __PRETTY_FUNCTION__ = "IA__g_object_unref" #14 0x080dbaaa in ephy_embed_shell_get_type () No symbol table info available. #15 0x08073934 in ephy_shell_startup () No symbol table info available. #16 0xb70249a5 in IA__g_object_unref (_object=0x8193ba8) at gobject.c:1702 object = (GObject *) 0x8193ba8 __PRETTY_FUNCTION__ = "IA__g_object_unref" #17 0x0808004a in ephy_window_get_notebook () No symbol table info available. #18 0xb70249a5 in IA__g_object_unref (_object=0x830c6c0) at gobject.c:1702 object = (GObject *) 0x830c6c0 __PRETTY_FUNCTION__ = "IA__g_object_unref" #19 0xb75a2995 in IA__gtk_propagate_event (widget=0x830c6c0, event=0x85e04c8) at gtkmain.c:2171 window = (GtkWidget *) 0x830c6c0 handled_event = #0 0xffffe410 in __kernel_vsyscall ()
wtc: i'm sorry, at best i'm willing at accept this as a psm bug, but leaving it assigned to Camino isn't fair.
Assignee: pinkerton → kaie.bugs
Component: General → Security: PSM
OS: MacOS X → All
Product: Camino → Core
Hardware: Macintosh → All
Target Milestone: Camino1.0 → ---
Version: unspecified → Trunk
Comment 10•19 years ago
|
||
I'm seeing this every time I run Camino, now that I'm excercising more PSM APIs. We have to fix this for Camino 1.0.
Flags: blocking1.8b4?
Comment 11•19 years ago
|
||
The issue seems to be that PSM needs all the http connections to be cleaned up (by the observer notification here: http://lxr.mozilla.org/mozilla/source/netwerk/protocol/http/src/nsHttpHandler.cpp#1679 before the xpcom shutdown notification comes. Two places fire that notification: http://lxr.mozilla.org/mozilla/source/profile/src/nsProfile.cpp#1196 http://lxr.mozilla.org/mozilla/source/toolkit/xre/nsXREDirProvider.cpp#619 and neither run in embedding apps.
Summary: Camino repeatably crashes on Quit if an OpenSC PKCS11 module has been used during session [@ NSSRWLock_LockRead] → Camino crashes on Quit if an OpenSC PKCS11 module has been used during session [@ NSSRWLock_LockRead] - profile shutdown issue.
Comment 12•19 years ago
|
||
Simon can you elaborate on Camino's schedule. Are you guys shipping 1.0 from 1.8b4 or can this wait for 1.8b5 (Firefox Beta 2).
Comment 13•19 years ago
|
||
We'll be doing Camino 1.0 after 1.8b4, so this isn't critical for 1.8b4. I also think that it's a profile manager issue; we need to make sure that the same notifications are sent out for embedding apps which use a single profile as in the multi-profile case. We can also put a workaround in the Camino code: void CHBrowserService::ShutDown() { NS_ASSERTION(sCanTerminate, "Should be able to terminate here!"); + + nsCOMPtr<nsIObserverService> observerService = do_GetService("@mozilla.org/observer-service;1"); + if (observerService) + observerService->NotifyObservers(nsnull, "profile-change-net-teardown", nsnull); // phase 2 notifcation (we really are about to terminate) [[NSNotificationCenter defaultCenter] postNotificationName:XPCOMShutDownNotificationName object:nil];
Assignee: kaie.bugs → nobody
Component: Security: PSM → Profile: BackEnd
QA Contact: profile-manager-backend
Updated•19 years ago
|
Flags: blocking1.8b4? → blocking1.8b5+
Comment 14•19 years ago
|
||
Per comment 13 removing from 1.8b5 blocker list.
Flags: blocking1.8b5+ → blocking1.8b5-
Comment 15•18 years ago
|
||
There should now be a temporary fix in OpenSC for this. (It was an issue with Firefox 1.5 as well) Pls. see http://www.opensc-project.org/opensc/ticket/72 for more info. -- Stef
Comment 16•18 years ago
|
||
The cited OpenSC bug says (in part): > The problem is currently that one thread could do a C_Finalize() which > causes the sc_context_t struct to be released. But if another thread is > still waiting in C_WaitForSlotEvent(), it will call/work with an invalid > sc_context_t (-> crash, ...) > This is the case in e.g. Firefox 1.5 which switched from polling for slot > events in the main thread, to opening a new thread and doing a > C_WaitForSlotEvent() in that thread. This suggests that there are problems to be fixed in NSS *AND* in the calling applications. There should be no PKCS11 calls outstanding (that is, in progress) on a module when C_Finalize is called on that module, and NO PKCS11 calls should be made to a module after C_Finalize is called on it. NSS calls C_Finalize when the application tells it to do so. So, if (as stated above) C_finalize is being called while C_WaitForSlotEvent is in progress, then (a) the appliation should not do that, and (b) NSS should detect it. Unless the appliation is making some PKSC11 calls directly to the module (bypassing NSS) and others through NSS (so that NSS cannot determine if there are other calls outstanding) NSS could (I think) and probably should detect that the module is in use, when it is asked to finalize a module. When it detects this condition, it should either (a) return an error code without calling C_Finalize, or (b) wait until the module is not in use and then call C_Finalize. I'd suggest that a second bug be filed against NSS, and leave this bug filed against camino and/or FF 1.5. Is this a PSM bug?
Comment 17•18 years ago
|
||
Nelson... except this case. NSS should not call C_WaitForSlotEvent if the slot has been finalized, but it can and should call C_Finalize if C_WaitForSlotEvent is still active. To quote the PKCS #11 spec: "If a thread of an application has C_WaitForSlotEvent call balocking when another thread of that aplication calls C_Finalize, the C_WaitForSlotEvent call returns the vallue CKR_CRYPOKI_NOT_INITIALIZED". Currently the only documented way for software to force C_WaitForSlotEvent to return is to call C_Finalize. bob
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ NSSRWLock_LockRead]
Comment 18•11 years ago
|
||
I have been having a similar problem. 2 issues: 1) Camino freezes on quit preventing shutdown 2) fb won't accept photos. Says it 'Can't process request now, try again later." But it works in Chrome. I am on 10.6.8. 2008 Mac Pro Desktop. Camino 2.1.2
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•