Bug#567415: iceweasel won't restart after it crashes

Mike Hommey mh at glandium.org
Fri Feb 5 06:56:01 UTC 2010 

reassign 567415 libarts1c2a
thanks

On Thu, Feb 04, 2010 at 05:32:00PM -0500, Gary Dale wrote:
> Mike Hommey wrote:
> >On Mon, Feb 01, 2010 at 10:15:05AM -0500, Gary Dale wrote:
> >>Mike Hommey wrote:
> >>>On Fri, Jan 29, 2010 at 03:42:20PM -0500, Gary Dale wrote:
> >>>>Is there something else I need to send you?
> >>>>
> >>>The same backtrace with xulrunner-1.9.1-dbg installed would be helpful,
> >>>though I can already give you a workaround: set ICEWEASEL_DSP to none in
> >>>/etc/iceweasel/iceweaselrc.
> >>>
> >>>Mike
> >>>
> >>I seem to have xulrunner-1.9.1-dbg already installed. Is there
> >>something I need to do to get it active?
> >
> >Oh then, your crash is likely to be unrelated to xulrunner. Can you
> >install libc6-dbg and get a new backtrace ?
> >
> >Mike
> >
> I seemed to have libc6-dbg installed already also. Anyway here's the
> latest trace, which looks the same as the earlier one.
> 
(snip)

I could reproduce the crash, and with arts-dbg, it gets clearer:
#0  0x0000000000000000 in ?? ()
#1  0x00007f56ad21ae8d in open (pathname=0x411609 "/proc/cpuinfo", flags=0) at /build/buildd/arts-1.5.9/./artsc/artsdsp.c:233
#2  0x000000000040cd84 in ?? ()
#3  0x000000000040e525 in calloc ()
#4  0x00007f56ace10360 in _dlerror_run (operate=0x7f56ace100b0 <dlsym_doit>, args=0x7fff79dd5cc0) at dlerror.c:142
#5  0x00007f56ace1007a in __dlsym (handle=<value optimized out>, name=<value optimized out>) at dlsym.c:71
#6  0x00007f56ad219dc5 in artsdsp_doinit () at /build/buildd/arts-1.5.9/./artsc/artsdsp.c:148
#7  0x00007f56ad21a017 in access (pathname=0x7fff79dd6d30 "/usr/lib/iceweasel/xulrunner/libxpcom.so", mode=4) at /build/buildd/arts-1.5.9/./artsc/artsdsp.c:571

This is the same pattern as #550674 in padsp, but instead of
deadlocking, this one crashes.

This is what happens:
- something in nsXULStub calls access() before jemalloc is initialized.
- access() is caught by artsdsp, which starts resolving all the symbols
it needs with dlsym() through artsdsp_doinit().
- dlsym() ends up allocating memory, which triggers jemalloc
initialization code.
- jemalloc init code open()s /proc/cpuinfo.
- open() is caught by artsdsp, which tries to call the original open()
it got from dlsym(), except it is in dlsym(), so orig_open is still
NULL. Thus the crash.

This is IMHO a bug in artsdsp assuming it can call dlsym without looping
back in itself.

The best thing IMHO would be to have a constructor function that does
the symbol resolution at startup.

Mike

More information about the pkg-mozilla-maintainers mailing list