Closed Bug 520541 Opened 15 years ago Closed 15 years ago

Crash [@ sqlite3BtreeGetMeta] when editing bookmark via star

Categories

(Firefox :: Bookmarks & History, defect)

Product:
Firefox
Component:
Bookmarks & History
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 3.7a1

People

(Reporter: jmjjeffery, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

Crash editing a bookmark via the Star in the Awesomebar

1. double click a bookmarked page to edit the bookmark
2. Click the right-most drop-box to expand the folder list 
3. crash

Reported here: 
http://forums.mozillazine.org/viewtopic.php?p=7671935#p7671935

crash report:
http://crash-stats.mozilla.com/report/index/a4ca0c69-cfc2-4383-85ac-f9b7d2091005?p=1
Nightly for 10/1/2009 does not crash
Nightly for 10/2/2009 crashes..

Same stack as above: 
http://crash-stats.mozilla.com/report/index/5cf386d7-1e33-440e-aa74-1795a2091005?p=1
Please, open your crashing places.sqlite and execute a PRAGMA integrity_check on it so we can exclude broken dbs.
adding blocking to bug 519270. We can't be sure it is related but the range reported in comment 1 looks related.
Blocks: 519270
other interesting bugs, bug 494828 has been backed out during that day, and bug 498130 has landed.
Marco, would be glad to help, how do I open / execute your request in comment #2 ?
you need an external sqlite software for now, next nigthly will have PlacesDBUtils util... btw
if you download sqlite3.exe from http://www.sqlite.org/sqlite-3_6_18.zip you should be able to do
sqlite3 places.sqlite to get an sqlite console, and then run the above command, otherwise you can use Sqlite Manager extension in another profile or another standalone sqlite manager. The only important thing is that the profile containing places.sqlite you want to analyze is not in use (otherwise it would be locked)
Sorry, I'm dense on some of this software stuff. 
I couldn't figure out how to link/open the places.sqlite with the program you suggested. 

I used SQlite Browser and ran the integrity_check and it shows places.sqlite to be OK.
I just downloaded the latest hourly with the new 'placesDBUtils' and I pasted into the eval box in Console2 this command from the bug info: 

Components.utils.import("resource://gre/modules/PlacesDBUtils.jsm");
PlacesDBUtils.checkDatabase();


I get this error:
Error: PlacesDBUtils.checkDatabase is not a function
Source file: javascript:%20Components.utils.import("resource://gre/modules/PlacesDBUtils.jsm");%20PlacesDBUtils.checkDatabase();
Line: 1
(In reply to comment #8)
> I just downloaded the latest hourly with the new 'placesDBUtils' and I pasted
> into the eval box in Console2 this command from the bug info: 
> 
> Components.utils.import("resource://gre/modules/PlacesDBUtils.jsm");
> PlacesDBUtils.checkDatabase();

yeah, the name changed to PlacesDBUtils.checkAndFixDatabase()
OK, with new command, this is the return:

INTEGRITY
ok
- - -
CLEANUP
- - -
VACUUM
places.sqlite: 13217792 byte
- - -
STATS
places.sqlite: 12247040 byte
moz_bookmarks: 719
moz_bookmarks_roots: 5
moz_keywords: 1
sqlite_sequence: 1
moz_favicons: 1147
moz_annos: 128
moz_anno_attributes: 11
moz_items_annos: 164
moz_places: 19039
moz_historyvisits: 49540
moz_inputhistory: 224
moz_privatebrowsinghistory: 0
- - -
moz_privatebrowsinghistory is not our table, was probably created by an extension, or some old build. IF you don't have PB extensions, you can probably drop it.  That is however unrelated to this bug.
No addons caused that as I only have 7 total:
Console2
Nightly Tester Tools
Chatzilla
MovePlayer
FlashBlock
StatusBarClock 
ForecastbarEnhanced

I've been using this profile for awhile now. I always download the installer/remove via add/remove programs the old build, and run the new installer.
Summary: Crash editing bookmark via Star → Crash [@ sqlite3 sqlite3BtreeGetMeta] when editing bookmark via star
Summary: Crash [@ sqlite3 sqlite3BtreeGetMeta] when editing bookmark via star → Crash [@ sqlite3BtreeGetMeta] when editing bookmark via star
These stacks are strange:
0  	sqlite3.dll  	sqlite3BtreeGetMeta  	 db/sqlite3/src/sqlite3.c:44614
1 	sqlite3.dll 	sqlite3VdbeExec 	db/sqlite3/src/sqlite3.c:54642
2 	mozcrt19.dll 	arena_dalloc_small 	obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4425
3 	sqlite3.dll 	sqlite3Step 	db/sqlite3/src/sqlite3.c:50423
4 	xul.dll 	mozilla::storage::Statement::ExecuteStep 	storage/src/mozStorageStatement.cpp:713

And that's it.  I don't understand how our stack can start there.
For comparison purposes, the following is the stack I get for this regression, triggered if I have Add Bookmark Here 2 extension enabled and I click the bookmark star:

0  	sqlite3.dll  	sqlite3BtreeGetMeta  	 db/sqlite3/src/sqlite3.c:44614
1 	sqlite3.dll 	sqlite3VdbeExec 	db/sqlite3/src/sqlite3.c:54642
2 	mozcrt19.dll 	arena_dalloc_small 	obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4425
3 	sqlite3.dll 	sqlite3Step 	db/sqlite3/src/sqlite3.c:50423
4 	xul.dll 	mozilla::storage::Statement::ExecuteStep 	storage/src/mozStorageStatement.cpp:713

http://crash-stats.mozilla.com/report/index/bp-85dae794-c5cf-4645-8d5d-c02202091002
If it helps, I forgot to mention, that on a new Profile, no addons, if I use the Organizer and 'restore' my bookmarks from my default profile, not the whole places, just the JSON file then I can repo the crash. 

Creating new folders and bookmarking in a clean profile does not crash.  So something is happening with the JSON file perhaps.
If I change editBookmarkOverlay.js as follows, browser will not crash,
It would be greatly appreciated if this becomes a hint. 

      // XXXmano: Ideally we would only do this once, but for some odd reason,
      // the editable mode set on this tree, together with its collapsed state
      // breaks the view.
      const FOLDER_TREE_PLACE_URI =
-        "place:excludeItems=1&excludeQueries=1&excludeReadOnlyFolders=1&folder=" +
+        "place:excludeItems=1&excludeQueries=1&folder=" +
       PlacesUIUtils.allBookmarksFolderId;
      this._folderTree.place = FOLDER_TREE_PLACE_URI;
you're practically saying us excludeReadOnlyFolders option is the culprit?
sounds interesting even if that does not explain the stack trace.
GetFolderReadonly is not error checked in nsNavBookmarks, but the result is inited to PR_FALSE. it boils down to annosvc->itemHasAnnotation that executes mDBGetAnnotationFromItemId. nothing particularly interesting out of that query.
Doing more testing today on this:
Using nightly build from 10/12/2009
Using my default profile I exported a fresh JSON backup
Opened a new profile, no addons 
Imported the JSON file
Double-click on starred page and using the right-most drop arrow I now see the folders without crashing.
Any attempt to scroll through the folders results in a 'black' box where folders are displayed, followed by a crash.  I get a slightly different crash-stack than before. 

http://crash-stats.mozilla.com/report/index/71c8f393-c0e5-4896-824a-e5b7a2091013
Forgot to add, if I use the HTML 'export' function from my default profile, then import the HTML into a fresh profile, I can edit bookmarks just fine, no crash.  So the issue seems to be writing the JSON file is corrupt or something.
We found a bug in SQLite which can cause a segfault similar to the ones shown here, when an application has several reads going, then tries to write to a read-only database file on a table that has constraints that might fail.  The fact that the database file is read-only was being detected, but that error condition was being (incorrectly) discarded and processing was allowed to continue until the database engine segfaulted.  The bug was introduced in SQLite version 3.6.18.  The bug report is at http://www.sqlite.org/src/info/5ee23731f1 and the one-line fix is at http://www.sqlite.org/src/info/bc1101179

Look for SQLite 3.6.19 in a week or so.  Or we can get you a patch release (3.6.18.1) that contains only this one-line fix.  Please let us know what would work best for you.
(In reply to comment #20)
> Look for SQLite 3.6.19 in a week or so.  Or we can get you a patch release
> (3.6.18.1) that contains only this one-line fix.  Please let us know what would
> work best for you.
We can wait for 3.6.19.  3.6.18 is only on mozilla-central.

Jim - is your database set as read-only by chance?
(In reply to comment #21)
> (In reply to comment #20)
> > Look for SQLite 3.6.19 in a week or so.  Or we can get you a patch release
> > (3.6.18.1) that contains only this one-line fix.  Please let us know what would
> > work best for you.
> We can wait for 3.6.19.  3.6.18 is only on mozilla-central.
> 
> Jim - is your database set as read-only by chance?

No, its normal, not showing any other issues other with the bookmarking/editiing crash.  Not sure where I went wrong in my testing, but now even the HTML Import is crashing on edit.  

We can wait this one out...
Severity: major → critical
Keywords: crash
If it matters, the one-line patch mentioned in comment #20 doesn't fix this crash for me.

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a1pre) Gecko/20091015 Firefox/3.7a1pre

SourceStamp=04b1081dbb5d+

with the patch applied to db/sqlite3/src/sqlite3.c
Crash continues in today nightly update.  Here is the data of the crash report:

Add-ons: jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.7a1pre
BuildID: 20091015051159
Comments: Crash happened when trying to file a bookmark on a choosen directory
CrashTime: 1255639106
Email: fpiera@ati.es
InstallTime: 1255639029
ProductName: Firefox
SecondsSinceLastCrash: 51195
StartupTime: 1255639041
Theme: classic/1.0
Throttleable: 1
URL: http://www.europapress.es/economia/noticia-economia-telecos-espana-quiere-presidencia-ue-adopte-carta-derechos-usuarios-telecos-20091014171245.html
Vendor: Mozilla
Version: 3.7a1pre

This report also contains technical information about the state of the application when it crashed.
I've replaced sqlite3.c and sqlite3.h with the files from the new 3.6.19 release, the resulting Firefox build (SourceStamp=43339764467b+) crashes reproducibly on expanding the bookmarks folder tree via the star.

There is just one nuance in the STR: the crash occures not directly after the Step 2, but as soon as the "Bookmarks Menu" folder list is expanded. If the "Bookmarks Menu" list was already expanded after Step 2 due to the location of the edited bookmark inside this folder, collapsing and re-expanding it triggers the crash.
Can you please try replacing sqlite3.c and sqlite3.h with the new build found at http://www.sqlite.org/sqlite3-20091016162152.tar.gz and let me know if that fixes the problem.  (I suspect that it will.)
(In reply to comment #27)
> Can you please try replacing sqlite3.c and sqlite3.h with the new build found
> at http://www.sqlite.org/sqlite3-20091016162152.tar.gz and let me know if that
> fixes the problem. [...]

Yes, this (<http://www.sqlite.org/src/info/174477bca0> if I got the point) does fix the crash. Verified with

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a1pre) Gecko/20091016 Firefox/3.7a1pre

SourceStamp=e8bc0e76d7e9+

Thanks!
Crash with 20091017 nightly update

Add-ons: jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.7a1pre
BuildID: 20091017051221
Comments: another crash with the same problem and with last nightly update.
CrashTime: 1255804351
Email: fpiera@ati.es
InstallTime: 1255804116
ProductName: Firefox
SecondsSinceLastCrash: 611
StartupTime: 1255804124
Theme: classic/1.0
Throttleable: 1
URL: http://www.hetanker.be/
Vendor: Mozilla
Version: 3.7a1pre

This report also contains technical information about the state of the application when it crashed.
I may be experiencing this bug, I get it the moment I click on that "Show all the bookmarks" button, even in safe mode.  But if so it's unrelated to "via star"; you can get also to the Edit This Bookmark dialog by pressing Ctrl+D or choosing Bookmarks > Bookmark this Page.  Could someone please change the summary to 

  Crash [@ sqlite3BtreeGetMeta] clicking the "Show all the bookmarks" button in Edit This Bookmark

Here's my latest stack trace (Crash Reporter doesn't fire for me) in safe mode from "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.3a1pre) Gecko/20091021  Minefield/3.7a1pre" on Kubuntu 9.04 amd64.  There doesn't seem to be an alloc going on.

#0  0x00007fe7cae55f3b in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#1  0x00007fe7c9c95120 in ?? () from /home/skierpage/programs/firefox/libxul.so
#2  <signal handler called>
#3  0x00007fe7c5f397cd in ?? () from /home/skierpage/programs/firefox/libsqlite3.so
#4  0x00007fe7c5f86d76 in ?? () from /home/skierpage/programs/firefox/libsqlite3.so
#5  0x00007fe7c5f7616f in sqlite3_step () from /home/skierpage/programs/firefox/libsqlite3.so
#6  0x00007fe7ca42c0be in ?? () from /home/skierpage/programs/firefox/libxul.so
#7  0x00007fe7ca45cbee in ?? () from /home/skierpage/programs/firefox/libxul.so
#8  0x00007fe7ca45e491 in ?? () from /home/skierpage/programs/firefox/libxul.so
#9  0x00007fe7ca45698d in ?? () from /home/skierpage/programs/firefox/libxul.so
#10 0x00007fe7ca45708b in ?? () from /home/skierpage/programs/firefox/libxul.so
#11 0x00007fe7ca56499c in NS_InvokeByIndex_P () from /home/skierpage/programs/firefox/libxul.so
#12 0x00007fe7c9cb96f3 in ?? () from /home/skierpage/programs/firefox/libxul.so
#13 0x00007fe7c9cbfe18 in ?? () from /home/skierpage/programs/firefox/libxul.so
#14 0x00007fe7c953d703 in js_Invoke () from /home/skierpage/programs/firefox/libmozjs.so
#15 0x00007fe7c953e658 in ?? () from /home/skierpage/programs/firefox/libmozjs.so
#16 0x00007fe7c953e771 in ?? () from /home/skierpage/programs/firefox/libmozjs.so
#17 0x00007fe7c954e5a5 in ?? () from /home/skierpage/programs/firefox/libmozjs.so
#18 0x00007fe7c954994f in ?? () from /home/skierpage/programs/firefox/libmozjs.so
#19 0x00007fe7c9549d2e in ?? () from /home/skierpage/programs/firefox/libmozjs.so
#20 0x00007fe7c952d7e8 in ?? () from /home/skierpage/programs/firefox/libmozjs.so
#21 0x00007fe7c953db07 in js_Invoke () from /home/skierpage/programs/firefox/libmozjs.so
#22 0x00007fe7c9cb7013 in ?? () from /home/skierpage/programs/firefox/libxul.so
#23 0x00007fe7ca5655a6 in ?? () from /home/skierpage/programs/firefox/libxul.so
#24 0x00007fe7ca564a77 in ?? () from /home/skierpage/programs/firefox/libxul.so
#25 0x00007fe7af07b680 in ?? ()
#26 0x0000000000000005 in ?? ()
#27 0x00007fffd3280758 in ?? ()
#28 0x0000000000000066 in ?? ()
#29 0x0000000000000078 in ?? ()
#30 0x0101010101010101 in ?? ()
#31 0x4014000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
Fixed by backout of https://bugzilla.mozilla.org/show_bug.cgi?id=519270

Tested using latest hourly
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20091022 Minefield/3.7a1pre  ID:20091022143507

cset: http://hg.mozilla.org/mozilla-central/rev/8d79c4a770ea
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 3.7a1
Given the response from Jim in comment 32 we can mark it as verified fixed. Thanks.
Status: RESOLVED → VERIFIED
Crash Signature: [@ sqlite3BtreeGetMeta]
You need to log in before you can comment on or make changes to this bug.