Closed
Bug 564632
Opened 14 years ago
Closed 14 years ago
Breakpad's LinuxDumper::ElfFileIdentifierForMapping tries to open sound device and hangs
Categories
(Toolkit :: Crash Reporting, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | beta2+ |
People
(Reporter: jruderman, Assigned: ted)
References
Details
(Keywords: hang)
Attachments
(2 files)
|
430 bytes,
text/html
|
Details | |
|
781 bytes,
patch
|
Details | Diff | Splinter Review |
The Breakpad dumper sometimes hangs in waiting channel "snd_pcm_open" while calling open on "/dev/snd/pcmC0D0p". It probably shouldn't be trying to open this thing at all, since it's a sound device rather than a file. I don't know why the open syscall is hanging rather than e.g. returning failure, though.
I had this happen about 4 times last night while trying to run a fuzzer that uses Firefox's automation.py. (automation.py sends SIGABRT to a Firefox process that is hanging, and then waits for it to exit having created a minidump. Because of this bug, Firefox never exits, and automation.py gets stuck.)
I'm using Firefox trunk debug on Ubuntu 10.04 (64-bit).
Here's what I see if I attach gdb to the hung Firefox process and request a backtrace:
#0 0x00007f79e0a53e55 in sys_open (p=0x7f79d6998370 "/dev/snd/pcmC0D0p", f=0, m=0)
at /home/jruderman/mozilla-central/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/../../../common/linux/linux_syscall_support.h:2240
#1 0x00007f79e0a54ab6 in google_breakpad::LinuxDumper::ElfFileIdentifierForMapping (this=0x7f79e3198e30, mapping_id=358,
identifier=0x7f79e3198bf4 "\202S\016\377\201T\366\361R\365\351\023\020k\271A")
at /home/jruderman/mozilla-central/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/linux_dumper.cc:197
#2 0x00007f79e0a57b58 in google_breakpad::MinidumpWriter::WriteMappings (this=0x7f79e3198e00, dirent=0x7f79e3198db0)
at /home/jruderman/mozilla-central/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc:684
#3 0x00007f79e0a56d6f in google_breakpad::MinidumpWriter::Dump (this=0x7f79e3198e00)
at /home/jruderman/mozilla-central/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc:485
#4 0x00007f79e0a567f2 in google_breakpad::WriteMinidump (filename=0x7f79d6b0b698 "/tmp/tmppOTsB6/minidumps/0a8b443f-ee46-296d-0b571bba-426de1e4.dmp",
crashing_process=29922, blob=0x7fff004c8110, blob_size=1584)
at /home/jruderman/mozilla-central/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc:984
#5 0x00007f79e0a51c4f in google_breakpad::ExceptionHandler::DoDump (this=0x7f79d6b0a100, crashing_process=29922, context=0x7fff004c8110, context_size=1584)
at /home/jruderman/mozilla-central/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc:371
#6 0x00007f79e0a5187b in google_breakpad::ExceptionHandler::ThreadEntry (arg=0x7fff004c8070)
at /home/jruderman/mozilla-central/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc:289
#7 0x00007f79e0a50b17 in sys_clone (fn=Cannot access memory at address 0xffffffffffffffd8
)
at /home/jruderman/mozilla-central/toolkit/crashreporter/google-breakpad/src/client/linux/handler/../../../common/linux/linux_syscall_support.h:1505
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
|
Assignee | |
Comment 1•14 years ago
|
||
Interesting, I haven't ever hit this on Ubuntu 9.10. Can you reliably reproduce this? Are there any necessary STR to wind up with that sound device open in your file mappings?
|
Reporter | |
Comment 2•14 years ago
|
||
After opening this testcase, lsof shows that Firefox has the sound device open: lsof | grep firefox | grep /dev/snd Then, a "kill -6" will frequently cause Breakpad to hang.
|
|
Reporter | |
Comment 3•14 years ago
|
||
You'll need to download this file and edit the testcase to point to your copy: http://www.squarefree.com/music/Brandenburg_Concerto_no._1_in_F_major_zero.ogg
|
|
Assignee | |
Comment 4•14 years ago
|
||
Ok, so it involves an <audio> element, unsurprisingly. I guess Breakpad should be checking that the file mappings aren't block or character devices before trying to generate an ID for them.
|
|
Reporter | |
Comment 5•14 years ago
|
||
This bug forces me to babysit my Linux fuzzing machine. I'd be able to fuzz more effectively if this bug were fixed.
blocking2.0: --- → ?
|
||
Updated•14 years ago
|
Assignee: nobody → jim
|
|
||
Comment 6•14 years ago
|
||
This isn't ideal --- we should be calling stat, I think --- but it should stop the hangs.
|
|
||
Comment 7•14 years ago
|
||
... also, I wonder if that call to strncmp is safe.
|
||
Updated•14 years ago
|
blocking2.0: ? → beta2+
|
|
Assignee | |
Comment 8•14 years ago
|
||
A fix for this landed upstream: http://code.google.com/p/google-breakpad/source/detail?r=593 We'll pick this up with bug 567424.
Assignee: jim → ted.mielczarek
Depends on: 567424
|
|
Assignee | |
Comment 9•14 years ago
|
||
Should be fixed.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•