Closed Bug 849204 Opened 12 years ago Closed 12 years ago

crash in _dbus_watch_invalidate

Categories

(Core :: DOM: Geolocation, defect)

Product:
Core
Component:
DOM: Geolocation
Version:
19 Branch
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla26
Tracking Flags:
Tracking Status
firefox19 --- affected
firefox21 --- affected
firefox22 --- affected
firefox23 --- affected
firefox24 --- affected

People

(Reporter: scoobidiver, Assigned: adrian.lungu89)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file, 1 obsolete file)

patch 2 (comment added)
1.97 KB, patch
adrian.lungu89
: review+
akeybl
: approval-mozilla-aurora-
akeybl
: approval-mozilla-beta-
Details | Diff | Splinter Review
It's #7 top crasher in 19.0 on Linux. Signature _dbus_watch_invalidate More Reports Search UUID af6eaa86-ac9a-4b99-840d-d579c2130303 Date Processed 2013-03-03 04:14:57 Uptime 13 Last Crash 19 seconds before submission Install Age 2.8 hours since version was first installed. Install Time 2013-03-03 01:24:36 Product Firefox Version 19.0 Build ID 20130227155931 Release Channel release OS Linux OS Version 0.0.0 Linux 3.5.0-25-generic #39-Ubuntu SMP Mon Feb 25 18:26:58 UTC 2013 x86_64 Build Architecture amd64 Build Architecture Info family 6 model 42 stepping 7 Crash Reason SIGSEGV Crash Address 0x4 User Comments It crashes when I try to access my ownCloud calendar. App Notes OpenGL: ATI Technologies Inc. -- AMD Radeon HD 6900 Series -- 4.2.12002 Compatibility Profile Context 9.012 -- texture_from_pixmap Processor Notes sp-processor09.phx1.mozilla.com_30861:2008; exploitablity tool: ERROR: unable to analyze dump EMCheckCompatibility True Frame Module Signature Source 0 libdbus-1.so.3.7.2 _dbus_watch_invalidate dbus-watch.c:171 1 libdbus-1.so.3.7.2 free_watches dbus-transport-socket.c:83 2 libdbus-1.so.3.7.2 socket_disconnect dbus-transport-socket.c:987 3 libdbus-1.so.3.7.2 _dbus_transport_disconnect dbus-transport.c:509 4 libdbus-1.so.3.7.2 _dbus_transport_queue_messages dbus-transport.c:1165 5 libdbus-1.so.3.7.2 _dbus_connection_get_dispatch_status_unlocked dbus-connection.c:4211 6 libdbus-1.so.3.7.2 dbus_connection_get_dispatch_status dbus-connection.c:4342 7 libdbus-glib-1.so.2.2.2 message_queue_prepare dbus-gmain.c:71 8 libglib-2.0.so.0.3400.1 g_main_context_prepare gmain.c:2986 9 libglib-2.0.so.0.3400.1 g_main_context_iterate gmain.c:3270 10 libglib-2.0.so.0.3400.1 g_main_context_iteration gmain.c:3351 11 libxul.so nsAppShell::ProcessNextNativeEvent nsAppShell.cpp:135 12 libxul.so nsBaseAppShell::DoProcessNextNativeEvent nsBaseAppShell.cpp:139 13 libxul.so nsBaseAppShell::OnProcessNextEvent nsBaseAppShell.cpp:280 14 libxul.so nsThread::ProcessNextEvent nsThread.cpp:600 15 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:238 16 libxul.so mozilla::ipc::MessagePump::Run MessagePump.cpp:82 17 libxul.so MessageLoop::Run message_loop.cc:208 18 libxul.so nsBaseAppShell::Run nsBaseAppShell.cpp:163 19 libxul.so nsAppStartup::Run nsAppStartup.cpp:290 20 libxul.so XREMain::XRE_mainRun nsAppRunner.cpp:3823 21 libxul.so XREMain::XRE_main nsAppRunner.cpp:3890 22 libxul.so XRE_main nsAppRunner.cpp:4084 23 firefox main nsBrowserApp.cpp:174 24 libc-2.15.so libc-2.15.so@0x2176d 25 libstdc++.so.6.0.17 libstdc++.so.6.0.17@0x2ed5e0 26 firefox firefox@0x26d0 27 firefox firefox@0x2a30 28 ld-2.15.so ld-2.15.so@0xf3ef More reports at: https://crash-stats.mozilla.com/report/list?signature=_dbus_watch_invalidate
See also this report, which is showing libdbus being used from a non-UI thread: https://crash-stats.mozilla.com/report/index/c5b40e01-db11-4892-a993-50d8b2130305 0 libdbus-1.so.3.7.2 _dbus_watch_invalidate dbus-watch.c:171 1 libdbus-1.so.3.7.2 free_watches dbus-transport-socket.c:83 2 libdbus-1.so.3.7.2 socket_disconnect dbus-transport-socket.c:987 3 libdbus-1.so.3.7.2 _dbus_transport_disconnect dbus-transport.c:509 4 libdbus-1.so.3.7.2 _dbus_transport_queue_messages dbus-transport.c:1165 5 libdbus-1.so.3.7.2 do_reading dbus-transport-socket.c:851 6 libdbus-1.so.3.7.2 socket_do_iteration dbus-transport-socket.c:706 7 libdbus-1.so.3.7.2 _dbus_transport_do_iteration dbus-transport.c:976 8 libdbus-1.so.3.7.2 _dbus_connection_do_iteration_unlocked dbus-connection.c:1234 9 libdbus-1.so.3.7.2 _dbus_connection_block_pending_call dbus-connection.c:2415 10 libdbus-1.so.3.7.2 dbus_pending_call_block dbus-pending-call.c:748 11 libdbus-1.so.3.7.2 dbus_connection_send_with_reply_and_block dbus-connection.c:3530 12 libxul.so mozilla::nsWifiScannerDBus::SendMessage nsWifiScannerDBus.cpp:80 13 libxul.so mozilla::nsWifiScannerDBus::IdentifyDeviceType nsWifiScannerDBus.cpp:160 14 libxul.so mozilla::nsWifiScannerDBus::SendMessage nsWifiScannerDBus.cpp:96 15 libxul.so mozilla::nsWifiScannerDBus::IdentifyDevices nsWifiScannerDBus.cpp:126 16 libxul.so mozilla::nsWifiScannerDBus::SendMessage nsWifiScannerDBus.cpp:94 17 libxul.so mozilla::nsWifiScannerDBus::Scan nsWifiScannerDBus.cpp:35 18 libxul.so nsWifiMonitor::DoScan nsWifiScannerDBus.cpp:324 19 libxul.so nsWifiMonitor::Run nsWifiMonitor.cpp:149 20 libxul.so nsThread::ProcessNextEvent nsThread.cpp:627 21 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:238 22 libxul.so nsThread::ThreadFunc nsThread.cpp:265 23 libnspr4.so _pt_root ptthread.c:156 24 libpthread-2.15.so libpthread-2.15.so@0x6d4c 25 libc-2.15.so libc-2.15.so@0xeed3e I haven't had a proper look at these crashes yet, but this bug looks related (libdbus isn't thread safe by default): https://bugs.freedesktop.org/show_bug.cgi?id=54972 ... and ... https://bugzilla.gnome.org/show_bug.cgi?id=683830
I guess a call to dbus_g_threads_init() will fix these, but this needs to be made quite early (before dbus is used)
status-firefox22: --- → affected
Blocks: 668194
Here are correlations from March 10th: _dbus_watch_invalidate|SIGSEGV (11 crashes) 82% (9/11) vs. 25% (115/468) {2e1445b0-2682-11e1-bfc2-0800200c9a66} 82% (9/11) vs. 24% (110/468) 2012.10.12.beta 0% (0/11) vs. 1% (5/468) 2012.11.20.beta 100% (11/11) vs. 66% (308/468) globalmenu@ubuntu.com 0% (0/11) vs. 0% (1/468) 3.6.4 0% (0/11) vs. 0% (1/468) 3.7.1 100% (11/11) vs. 65% (306/468) 3.7.2
Component: Widget: Gtk → Geolocation
Keywords: regression
this is called on a new thread: https://mxr.mozilla.org/mozilla-central/source/netwerk/wifi/nsWifiScannerDBus.cpp#39 We probably need to init dbus on that thread. But... why does it only sometimes fail? Shouldn't this always fail?
Assignee: nobody → doug.turner
IIUC the init needs to be on the main thread. Docs for dbus_threads_init_default() say "Note that this function must be called BEFORE the second thread is started." http://dbus.freedesktop.org/doc/api/html/group__DBusThreads.html#ga33b6cf3b8f1e41bad5508f84758818a7 There is an init call at http://mxr.mozilla.org/mozilla-central/source/ipc/dbus/RawDBusConnection.cpp#23 but I guess that is not in the default build for this platform (and I don't know whether it would be called first anyway).
(In reply to Doug Turner (:dougt) from comment #4) > Shouldn't this always fail? I guess you can get lucky without the locking.
Don't know about dbus_threads_init() in versions prior to 1.6, about June 2012. dbus_threads_init_default() can be called "as many times as you want", and I assume that's the function you want.
Flags: needinfo?(karlt)
Blocks: 888258
Assignee: doug.turner → alungu
Status: NEW → ASSIGNED
Attached patch patch 1 (obsolete) — Splinter Review
I see that by the time we make this new init call, there is an already existing thread labeled "gdbus". Could there be another place where the dbus is called even earlier?
Attachment #793091 - Flags: review?(karlt)
Comment on attachment 793091 [details] [diff] [review] patch 1 Please add a comment to indicate that this is for nsWifiScannerDBus, or whatever is a appropriate. (In reply to Adrian Lungu from comment #9) > I see that by the time we make this new init call, there is an already > existing thread labeled "gdbus". Could there be another place where the dbus > is called even earlier? The "gdbus" thread is from GDBusConnection, which perhaps is used on systems with more recent GIO by some GSettings backends, or dbus menu, or other GIO things. IIRC GDBus uses its own DBus client implementation instead of the reference implementation in libdbus-1.so.
Attachment #793091 - Flags: review?(karlt) → review+
I added a comment that describe the issue solved. Results from the try server: https://tbpl.mozilla.org/?tree=Try&rev=ea530f90c348
Attachment #793091 - Attachment is obsolete: true
Attachment #793237 - Flags: review+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/d5af18b5e19c
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
Will this fix be backported to Firefox 24.1 or to Firefox 25? Or do I have to wait for Firefox 26? (December?)
Comment on attachment 793237 [details] [diff] [review] patch 2 (comment added) simple fix. prevents a init race.
Attachment #793237 - Flags: approval-mozilla-beta?
Attachment #793237 - Flags: approval-mozilla-aurora?
Comment on attachment 793237 [details] [diff] [review] patch 2 (comment added) Longstanding issue and non-critical, so no need to take this on Beta 25. Looks like this is already on Aurora 26.
Attachment #793237 - Flags: approval-mozilla-beta?
Attachment #793237 - Flags: approval-mozilla-beta-
Attachment #793237 - Flags: approval-mozilla-aurora?
Attachment #793237 - Flags: approval-mozilla-aurora-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: