MASTER crash in getenv() ... spi_atk_bridge_exit_func()

Bug #278095 reported by Vincent DiPinto on 2008-10-04
484
This bug affects 17 people
Affects Status Importance Assigned to Milestone
at-spi
Expired
High
apport (Ubuntu)
Undecided
Unassigned
Intrepid
Undecided
Unassigned
Jaunty
Undecided
Unassigned
at-spi (Ubuntu)
High
Alexander Sack
Intrepid
High
Alexander Sack
Jaunty
High
Alexander Sack
firefox-3.0 (Ubuntu)
High
lonelytux
Intrepid
High
Unassigned
Jaunty
High
lonelytux

Bug Description

This crash seems to occur most frequently when opening a new URL in an existing Firefox process. The URL is successfully opened, but the client process then crashes while exiting. The result is that the operation appears to work, but there has been a crash in the background (which is then displayed by update-notifier and apport).

Steps to reproduce:

1. check "Enable assisitive technologies" in Preferences -> Assistive Technologies
2. restart X session
3. start firefox
4. start from terminal: firefox http://www.ubuntu.com

Result: see crash.

Verify: with updated package it shouldnt crash.

===========

I am using Ubuntu 8.10 beta

ProblemType: Crash
Architecture: i386
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/lib/firefox-3.0.3/firefox
Package: firefox-3.0 3.0.3+build1+nobinonly-0ubuntu1
ProcAttrCurrent: unconfined
ProcCmdline: /usr/lib/firefox-3.0.3/firefox https://bugs.launchpad.net/ubuntu/+source/seahorse-plugins/+filebug/7cEBHSr9Xvdab5iSpVMC09PXb6N?field.title=seahorse-agent+crashed+with+SIGSEGV+in+_XIOError%28%29
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: firefox-3.0
StacktraceTop:
 getenv () from /lib/tls/i686/cmov/libc.so.6
 g_getenv () from /usr/lib/libglib-2.0.so.0
 ?? () from /usr/lib/gtk-2.0/modules/libatk-bridge.so
 exit () from /lib/tls/i686/cmov/libc.so.6
 __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
Title: firefox crashed with SIGSEGV in getenv()
Uname: Linux 2.6.27-4-generic i686
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev video

Vincent DiPinto (vdipinto0) wrote :

StacktraceTop:getenv () from /lib/tls/i686/cmov/libc.so.6
IA__g_getenv (variable=0x5441 <Address 0x5441 out of bounds>)
spi_atk_bridge_exit_func () at bridge.c:643
exit () from /lib/tls/i686/cmov/libc.so.6
__libc_start_main () from /lib/tls/i686/cmov/libc.so.6

Changed in firefox-3.0:
importance: Undecided → Medium

looks more like a atk crashed here? Are you sure you have submitted the seahorse crash?

Hello and thanks for the response.

Yes, the error message read that Seahorse has crashed while I was
using FF 3.0.3. Since the time I submitted the report I have gone back
to Ubuntu 8.04LTS. No problems at all. I'll wait for the stable
version of 8.10 to come and re-install it. I confident the errors
will be corrected with that release.

Kindest Regards.
Vince

On 10/22/08, Alexander Sack <email address hidden> wrote:
> looks more like a atk crashed here? Are you sure you have submitted the
> seahorse crash?
>
> --
> "seahorse crashed when starting firefox 3.0.3"
> https://bugs.launchpad.net/bugs/278095
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in "firefox-3.0" source package in Ubuntu: New
>
> Bug description:
> Binary package hint: firefox-3.0
>
> I am using Ubuntu 8.10 beta
>
> ProblemType: Crash
> Architecture: i386
> DistroRelease: Ubuntu 8.10
> ExecutablePath: /usr/lib/firefox-3.0.3/firefox
> Package: firefox-3.0 3.0.3+build1+nobinonly-0ubuntu1
> ProcAttrCurrent: unconfined
> ProcCmdline: /usr/lib/firefox-3.0.3/firefox
> https://bugs.launchpad.net/ubuntu/+source/seahorse-plugins/+filebug/7cEBHSr9Xvdab5iSpVMC09PXb6N?field.title=seahorse-agent+crashed+with+SIGSEGV+in+_XIOError%28%29
> ProcEnviron:
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
> LANG=en_CA.UTF-8
> SHELL=/bin/bash
> Signal: 11
> SourcePackage: firefox-3.0
> StacktraceTop:
> getenv () from /lib/tls/i686/cmov/libc.so.6
> g_getenv () from /usr/lib/libglib-2.0.so.0
> ?? () from /usr/lib/gtk-2.0/modules/libatk-bridge.so
> exit () from /lib/tls/i686/cmov/libc.so.6
> __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
> Title: firefox crashed with SIGSEGV in getenv()
> Uname: Linux 2.6.27-4-generic i686
> UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev
> video
>

--
Vince

Alexander Sack (asac) on 2008-10-24
Changed in firefox-3.0:
status: New → Triaged
Alexander Sack (asac) wrote :

we have a bunch of dupes here. bumping importance to High.

Changed in firefox-3.0:
importance: Medium → High
Matt Zimmerman (mdz) wrote :

This is 100% reproducible for me on current (near-final) Intrepid with firefox 3.0.3+nobinonly-0ubuntu2. It happens every time firefox is launched when there is already a firefox process running. It correctly opens the specified URL as a new tab, but then crashes. It never crashes when starting up an actual browser process, just when communicating with an existing firefox.

Matt Zimmerman (mdz) wrote :

It's crashing in exit(), so I think it's fairly harmless FWIW

Matt Zimmerman (mdz) wrote :

The code in at-spi bridge.c:643 is:

  if (g_getenv ("AT_BRIDGE_SHUTDOWN"))

my best guess would be that char **environ is corrupted somehow

Matt Zimmerman (mdz) wrote :

(gdb) print *(environ+50)
$16 = 0xbff79f32 "PWD=/home/mdz"
(gdb) print *(environ+55)
$17 = 0xbff79fbe "EDITOR=vim"
(gdb) print *(environ+57)
$18 = 0xbff79fd2 "COLUMNS=80"
(gdb) print *(environ+58)
$19 = 0xb7989a9e <Address 0xb7989a9e out of bounds>
(gdb) print *(environ+59)
$20 = 0x0
(gdb) print *(environ+60)
$21 = 0x0

Matt Zimmerman (mdz) wrote :

My guess is that something called putenv() with a pointer to memory which has been unmapped at the time that this exit handler is running. I suspect this could happen even for a string constant (e.g. in a shared library). The solution would be to use setenv() instead, which makes a copy.

Alexander Sack (asac) on 2008-10-26
Changed in at-spi:
importance: Undecided → High
status: New → Triaged
Alexander Sack (asac) wrote :

First at-spi workaround attempt.

Alexander Sack (asac) wrote :

Milestoned and targetted for intrepid. If not for release, we should get this fixed in an early SRU.

Changed in at-spi:
milestone: none → ubuntu-8.10
Steve Langasek (vorlon) wrote :

there's no room for fixing this before final; pushing back to SRU.

Changed in at-spi:
milestone: ubuntu-8.10 → intrepid-updates
Martin Pitt (pitti) wrote :

Alex has a patch and seems to know what's going on, assigning this to him.

Changed in at-spi:
assignee: nobody → asac
Martin Pitt (pitti) on 2008-11-04
Changed in at-spi:
assignee: nobody → asac
Alexander Sack (asac) wrote :

uploaded to jaunty: at-spi_1.25.1-0ubuntu2_source.changes

Changed in at-spi:
status: Triaged → In Progress
Alexander Sack (asac) wrote :

uploaded SRU to intrepid: at-spi_1.24.0-0ubuntu3.8.10.1_source.changes

Changed in at-spi:
status: Triaged → In Progress
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package at-spi - 1.25.1-0ubuntu2

---------------
at-spi (1.25.1-0ubuntu2) jaunty; urgency=low

  * fix LP: #278095 - MASTER crash in getenv() ... spi_atk_bridge_exit_func();
    we don't access environ in atexit hook to workaround environ corruption
    - add debian/patches/05_lp278095_no_environ_access_shutdown.patch

 -- Alexander Sack <email address hidden> Mon, 17 Nov 2008 06:26:01 +0100

Changed in at-spi:
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in at-spi:
milestone: intrepid-updates → none
status: In Progress → Fix Committed
Changed in firefox-3.0:
status: Triaged → Fix Committed
Martin Pitt (pitti) wrote :

Is this an issue in firefox at all?

Changed in firefox-3.0:
status: Fix Committed → Triaged

On Mon, Nov 17, 2008 at 08:20:43AM -0000, Martin Pitt wrote:
> Is this an issue in firefox at all?

It doesn't seem so, no (though it should probably remain filed there for now
to help reduce duplicates).

--
 - mdz

Matt Zimmerman (mdz) wrote :

Speaking of duplicates, I've added a bugpattern:

mizar:[...anonical/ubuntu-bugpatterns] bzr diff
=== modified file 'firefox-3.0.xml'
--- firefox-3.0.xml 2008-09-09 15:08:28 +0000
+++ firefox-3.0.xml 2008-11-17 10:03:16 +0000
@@ -5,4 +5,10 @@
  <re key="ExecutablePath">/usr/lib/firefox-.*/firefox</re>
  <re key="ProcMaps">libflashsupport.so</re>
     </pattern>
+ <pattern url="https://launchpad.net/bugs/278095">
+ <re key="ExecutablePath">/usr/lib/firefox-.*/firefox</re>
+ <re key="ProcMaps">libspi.so</re>
+ <re key="Stacktrace">#0 0x........ in getenv</re>
+ <re key="Stacktrace">#3 0x........ in exit</re>
+ </pattern>
 </patterns>

zsh: exit 1 bzr diff
mizar:[...anonical/ubuntu-bugpatterns] bzr commit -m 'Add bug 278095'
Committing to: bzr+ssh://bazaar.launchpad.net/~ubuntu-bugcontrol/apport/ubuntu-bugpatterns/
modified firefox-3.0.xml
Committed revision 16.

Changed in at-spi:
status: Unknown → New
Martin Zuther (mzuther) wrote :

Hi!

I just an across this problem today. Installing "at-spi" and "python-pyatspi" from "intrepid proposed" and reinstalling "gnome-orca" seems to have solved the issue for me. After changing to "intrepid-proposed":

  $ firefox http://www.ubuntu.com
  $ firefox http://www.ubuntu.com
  $ firefox http://www.ubuntu.com
  $ firefox http://www.ubuntu.com
  $ firefox http://www.ubuntu.com

After getting back to "intrepid":

  $ firefox http://www.ubuntu.com
  Segmentation fault (core dumped)
  $ firefox http://www.ubuntu.com
  Segmentation fault (core dumped)

And forward again to "intrepid-proposed":

  $ firefox http://www.ubuntu.com
  $ firefox http://www.ubuntu.com
  $ firefox http://www.ubuntu.com
  $ firefox http://www.ubuntu.com
  $ firefox http://www.ubuntu.com

My system's here:

  https://bugs.launchpad.net/proposed-tracking/+bug/300140/comments/5

Thanks for fixing this,

Martin

RockeT (rocket-extremelan) wrote :

Just saw this in my Jaunty system, although, Firefox didn't actually crash. Maybe a regression?

Please let me know what extra info I can supply to help.

Tom (tjkirch) wrote :

I have this issue in jaunty when I try to click a link in gnome-terminal. It didn't crash the instance of firefox I already had open, just the new instance it was trying to open. I would expect it to open the link in the instance of firefox I already had open.

As a note, it *did* open the link properly if I right-clicked the link and selected "Open Link" rather than just left-clicking it.

Alexander Sack (asac) wrote :

On Mon, Jan 19, 2009 at 01:05:43AM -0000, RockeT wrote:
> Just saw this in my Jaunty system, although, Firefox didn't actually
> crash. Maybe a regression?
>
> Please let me know what extra info I can supply to help.
>

Are you sure you saw this issue? Did you get a backtrace and say the
getenv in it?

 - Alexander

RockeT (rocket-extremelan) wrote :

Hi,

I've never used this system before. Apport just whisked me off here after telling me a crash occurred (which I didn't even realise had happened.)

To be honest I didn't check the backtrace. It hasn't recurred, but if/when it does I will check. Looks like nothing was saved by Apport, presumably because it thinks it's filing a dupe. Annoying.

If there's a way to get my crash report (eg. locally or some other website), please tell me how and I'll check and report back.

Martin Zuther (mzuther) wrote :

Hi RockeT,

backtraces end up in the directory /var/crash.

If you know your way around the console, you could try "apport-cli" without additional options. This should look in /var/crash for pending bug reports.

If this doesn't work (i.e. all reports have already been processed), do a "ls /var/crash" and see if you can find the backtrace yourself. Then just call "apport-cli -c /var/crash/your-backtrace". I'm not a professional "backtracer" myself, but this procedure helped me once or twice...

Good luck,

Martin

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package at-spi - 1.24.0-0ubuntu3.8.10.1

---------------
at-spi (1.24.0-0ubuntu3.8.10.1) intrepid-proposed; urgency=low

  * fix LP: #278095 - MASTER crash in getenv() ... spi_atk_bridge_exit_func();
    we don't access environ in atexit hook to workaround environ corruption
    - add debian/patches/05_lp278095_no_environ_access_shutdown.patch

 -- Alexander Sack <email address hidden> Mon, 17 Nov 2008 05:59:44 +0100

Changed in at-spi:
status: Fix Committed → Fix Released
Martin Pitt (pitti) on 2009-01-28
Changed in firefox-3.0:
status: Triaged → Invalid
status: Triaged → Invalid

This bug is also present in jaunty (updated 29 jan 09) but I can't see how to add jaunty to the list. Could someone tell me how?

Alexander Sack (asac) wrote :

On Thu, Jan 29, 2009 at 11:04:03AM -0000, Duncan Lithgow wrote:
> This bug is also present in jaunty (updated 29 jan 09) but I can't see
> how to add jaunty to the list. Could someone tell me how?
>
yeah ... at-spi package dropped my intrepid patch on 1.25.2 new
upstream release (together with my changelog entry ... which is why i
think its a glitch)

debian/patches/05_lp278095_no_environ_access_shutdown.patch

 affects ubuntu/at-spi
 status triaged
 importance high
 tag regression

 - Alexander

Alexander Sack (asac) wrote :

regressed as patch was dropped. adding jaunty alpha 4 milestone.

Changed in at-spi:
milestone: intrepid-updates → jaunty-alpha-4
status: Fix Released → Triaged
Alexander Sack (asac) wrote :

err ... actually the patch seems not needed anymore. if you really think you stills see this, pleaes post a backtrace ... setting back to released.

Changed in at-spi:
status: Triaged → Fix Released
Changed in firefox-3.0:
assignee: nobody → abdelkebir-hamza

I have just experienced this again in jaunty. i can't report it because apport says it's already been reported in launchpad. I'm trying to collect more information but i can't find the debugging symbols, see below:

duncan@duncan-laptop:~$ sudo apt-get install firefox-dbgsym
[sudo] password for duncan:
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package firefox-dbgsym
duncan@duncan-laptop:~$ sudo apt-get install abrowser-dbgsym
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package abrowser-dbgsym
duncan@duncan-laptop:~$

Martin Olsson (mnemo) wrote :

Once you've added the ddebs apt repo in sources.list try:

sudo apt-get install firefox-3.0-dbgsym \
     xulrunner-1.9-dbgsym \
     libgtk2.0-0-dbg \
     libnss3-1d-dbgsym \
     libnspr4-0d-dbg \
     libpango1.0-0-dbg \
     libcairo2-dbg \
     libc6-dbg

Details on:
https://wiki.ubuntu.com/MozillaTeam/Bugs

John Vivirito (gnomefreak) wrote :

Its normally a better idea to use apport to report a crash. The error you are getting you shouldnt be it should allow you to file it than apport will grab info out of crash report and either mark it as a dupe or leave it as that bugt.

Please let me see the error you are getting, a screenshot would be best.

There is no package, menu entry or cli command called 'apport' so appart from waiting until this happens I don't see how I can submit this with apport if apport insists that it's already been reported. And yes it's just brought me here again after yet another crash. Interestingly this oftne happens when apport is trying to contact launchpad to report some other bug I've just experienced.

Graeme Glass (graemeglass) wrote :

Just had this bug, my browser did not crash, but I had the error applet and when I clicked report this problem, it told me that this bug was already reported and brought me to this page.

I am running 9.04 (desktop) and fully updated as of this morning.

Paul Sladen (sladen) wrote :

Just had this on up-to-the-minute Jaunty.

I've add "also affects" 'apport', and speculatively 'update-notifier' as the error seems to be coming from apport/update-notifier and ... *not* Firefox (which carried on displaying this auto-opened URL just fine).

Paul Sladen (sladen) wrote :

Apport hooks(?) are being has been fixed, and redirecting here to this bug report instead of allowing the backtrace to be uploaded.

Matt Zimmerman (mdz) wrote :

This is not a bug in apport, marking invalid there

Changed in apport:
status: New → Invalid
status: New → Invalid
description: updated
Alexander Sack (asac) wrote :

reopening as this seems to have reappeared after recent jaunty at-spi merge.

Changed in at-spi:
status: Fix Released → In Progress
milestone: jaunty-alpha-4 → ubuntu-9.04-beta
Graeme Glass (graemeglass) wrote :

This is still happening as of today with a fully updated system. Running Jaunty

Graeme Glass (graemeglass) wrote :

Not sure if this will help with debugging.

from dmesg: [ 353.869116] firefox[4917]: segfault at b795283e ip b7c8e3c1 sp bfb36bc4 error 4 in libc-2.9.so[b7c60000+15c000]

As of this morning on fully update system

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package at-spi - 1.26.0-0ubuntu2

---------------
at-spi (1.26.0-0ubuntu2) jaunty; urgency=low

  * 01_lp278095_no_environ_access_shutdown.patch: Re-add a patch introduced
    in 1.25.1-0ubuntu2 that got clobbered by a later upload. (LP: #278095)

 -- Luke Yelavich <email address hidden> Wed, 18 Mar 2009 09:30:04 +1100

Changed in at-spi:
status: In Progress → Fix Released
Changed in at-spi:
importance: Unknown → High
Changed in at-spi:
status: New → Expired
Troels (s-admin-lisew-dk) wrote :

"[Bug 278095] Re: MASTER crash in getenv() ... spi_atk_bridge_exit_func()"
Launchpad Bug Tracker doc

Troels (s-admin-lisew-dk) wrote : RE

Check
[Bug 278095] Re: MASTER crash in getenv() ... spi_atk_bridge_exit_func()

To post a comment you must log in.