Bug 536768 – crash in Epiphany Web Browser: downloading a file, i th...

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 536768 - crash in Epiphany Web Browser: downloading a file, i th...


Summary:	crash in Epiphany Web Browser: downloading a file, i th...


Status:	RESOLVED FIXED

Product:	epiphany
Classification:	Core
Component:	Downloads
Version:	2.22.x
Hardware:	Other All

Importance:	High critical
Target Milestone:	gnome-2-24
Assigned To:	Epiphany Maintainers
QA Contact:	Epiphany Maintainers

URL:
Whiteboard:	This bug is on the auto-stacktrace-re...

Duplicates:	537495 538434 539383 540583 542695 542757 542830 542844 542942 543046 543053 543151 543230 543293 543339 543425 543462 543522 543525 543526 543538 543576 544462 544783 544970 545758 545901 546523 547109 548743 548920 550155 550539 550900 551168 555397 557051 562492 578316 580875 583101 (view as bug list)
Depends on:
Blocks:

Reported:	2008-06-05 09:32 UTC by Sam Morris
Modified:	2009-05-19 04:34 UTC

See Also:
GNOME target:	---
GNOME version:	2.21/2.22

Attachments
[PATCH] Move libnotify initialization to ephy-main (1.55 KB, patch) 2008-08-02 21:56 UTC, Diego Escalante Urrelo (not reading bugmail)	committed	Details \| Review

Description Sam Morris 2008-06-05 09:32:02 UTC

Version: 2.22.2

What were you doing when the application crashed?
downloading a file, i think the download just finshed


Distribution: Debian lenny/sid
Gnome Release: 2.22.1 2008-04-08 (Debian)
BugBuddy Version: 2.22.0

System: Linux 2.6.26-rc4-amd64 #1 SMP Tue May 27 00:06:22 CEST 2008 x86_64
X Vendor: The X.Org Foundation
X Vendor Release: 10400090
Selinux: No
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: gnome

Memory status: size: 830906368 vsize: 830906368 resident: 205365248 share: 38436864 rss: 205365248 rss_rlim: 18446744073709551615
CPU usage: start_time: 1212571211 rtime: 56019 utime: 52593 stime: 3426 cutime:35339 cstime: 1473 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/epiphany-browser'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0x7f1aa1d1d780 (LWP 23145)]
[New Thread 0x45f91950 (LWP 10250)]
[New Thread 0x422d5950 (LWP 10246)]
[New Thread 0x44f8f950 (LWP 8800)]
[New Thread 0x43f8d950 (LWP 23175)]
[New Thread 0x41ad4950 (LWP 23151)]
[New Thread 0x40ad2950 (LWP 23150)]
[New Thread 0x412d3950 (LWP 23149)]
0x00007f1a9a90eedf in waitpid () from /lib/libpthread.so.0

+ Trace 199626

Thread 1 (Thread 0x7f1aa1d1d780 (LWP 23145))

#0 waitpid
from /lib/libpthread.so.0
#1 IA__g_spawn_sync
at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c line 374
#2 IA__g_spawn_command_line_sync
at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c line 682
#3 ??
from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
#4 nsProfileLock::FatalSignalHandler
at nsProfileLock.cpp line 216
#5 <signal handler called>
#6 dbus_g_proxy_connect_signal
from /usr/lib/libdbus-glib-1.so.2
#7 notify_notification_show
from /usr/lib/libnotify.so.1
#8 update_download_row
at /scratch/build-area/epiphany-browser-2.22.2/embed/downloader-view.c line 454
#9 IA__g_closure_invoke
at /tmp/buildd/glib2.0-2.16.3/gobject/gclosure.c line 490
#10 signal_emit_unlocked_R
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2440
#11 IA__g_signal_emit_valist
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2199
#12 IA__g_signal_emit_by_name
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2267
#13 MozDownload::OnStateChange
at /scratch/build-area/epiphany-browser-2.22.2/embed/mozilla/MozDownload.cpp line 317
#14 nsWebBrowserPersist::OnStopRequest
at nsWebBrowserPersist.cpp line 794
#15 nsHttpChannel::OnStopRequest
at nsHttpChannel.cpp line 4443
#16 nsInputStreamPump::OnStateStop
at nsInputStreamPump.cpp line 576
#17 nsInputStreamPump::OnInputStreamReady
at nsInputStreamPump.cpp line 401
#18 nsInputStreamReadyEvent::Run
at nsStreamUtils.cpp line 111
#19 nsThread::ProcessNextEvent
at nsThread.cpp line 510
#20 NS_ProcessPendingEvents_P
at nsThreadUtils.cpp line 180
#21 nsBaseAppShell::NativeEventCallback
at nsBaseAppShell.cpp line 121
#22 nsAppShell::EventProcessorCallback
at nsAppShell.cpp line 69
#23 IA__g_main_context_dispatch
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2009
#24 g_main_context_iterate
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2642
#25 IA__g_main_loop_run
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2850
#26 IA__gtk_main
at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c line 1163
#27 main
at /scratch/build-area/epiphany-browser-2.22.2/src/ephy-main.c line 744
#0 waitpid
from /lib/libpthread.so.0



----------- .xsession-errors (168060 sec old) ---------------------
(npviewer.bin:26428): Gtk-WARNING **: /usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so: wrong ELF class: ELFCLASS64
(npviewer.bin:26428): Gtk-CRITICAL **: gtk_style_detach: assertion `style->attach_count > 0' failed
(npviewer.bin:26428): Gtk-CRITICAL **: gtk_style_detach: assertion `style->attach_count > 0' failed
(npviewer.bin:26428): Gtk-CRITICAL **: gtk_widget_hide: assertion `GTK_IS_WIDGET (widget)' failed
(npviewer.bin:26428): Gtk-CRITICAL **: gtk_widget_destroy: assertion `GTK_IS_WIDGET (widget)' failed
(npviewer.bin:26428): Gtk-CRITICAL **: gtk_widget_hide: assertion `GTK_IS_WIDGET (widget)' failed
(npviewer.bin:26428): Gtk-CRITICAL **: gtk_widget_destroy: assertion `GTK_IS_WIDGET (widget)' failed
...Too much output, ignoring rest...
--------------------------------------------------

Comment 1 Reinout van Schouwen 2008-06-05 10:33:17 UTC

Trace looks unique. D-BUS problem?

Comment 2 Diego Escalante Urrelo (not reading bugmail) 2008-06-07 06:39:31 UTC

Maybe notification daemon died. Or something happened and the connection was lost.  I guess there's little we can do since the crash comes from libnotify itself... I'd say notgnome if there hasn't been another trace like this, otherwise it might be worth checking if we can catch something to avoid crashes.

Comment 3 Sam Morris 2008-06-13 11:54:13 UTC

Well, it just happened again. As far as I can tell there is nothing wrong with dbus or the notification daemon--they are both still running and working.
0x00007fb95534dedf in waitpid () from /lib/libpthread.so.0

+ Trace 200318

Thread 1 (Thread 0x7fb95c75f780 (LWP 25827))

#0 waitpid
from /lib/libpthread.so.0
#1 IA__g_spawn_sync
at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c line 374
#2 IA__g_spawn_command_line_sync
at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c line 682
#3 ??
from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
#4 nsProfileLock::FatalSignalHandler
at nsProfileLock.cpp line 216
#5 <signal handler called>
#6 dbus_g_proxy_connect_signal
from /usr/lib/libdbus-glib-1.so.2
#7 notify_notification_show
from /usr/lib/libnotify.so.1
#8 update_download_row
at /scratch/build-area/epiphany-browser-2.22.2/embed/downloader-view.c line 454
#9 IA__g_closure_invoke
at /tmp/buildd/glib2.0-2.16.3/gobject/gclosure.c line 490
#10 signal_emit_unlocked_R
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2440
#11 IA__g_signal_emit_valist
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2199
#12 IA__g_signal_emit_by_name
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2267
#13 MozDownload::OnStateChange
at /scratch/build-area/epiphany-browser-2.22.2/embed/mozilla/MozDownload.cpp line 317
#14 nsExternalAppHandler::ExecuteDesiredAction
at nsExternalHelperAppService.cpp line 1820
#15 nsExternalAppHandler::OnStopRequest
at nsExternalHelperAppService.cpp line 1762
#16 nsDocumentOpenInfo::OnStopRequest
at nsURILoader.cpp line 323
#17 nsHttpChannel::OnStopRequest
at nsHttpChannel.cpp line 4443
#18 nsInputStreamPump::OnStateStop
at nsInputStreamPump.cpp line 576
#19 nsInputStreamPump::OnInputStreamReady
at nsInputStreamPump.cpp line 401
#20 nsInputStreamReadyEvent::Run
at nsStreamUtils.cpp line 111
#21 nsThread::ProcessNextEvent
at nsThread.cpp line 510
#22 NS_ProcessPendingEvents_P
at nsThreadUtils.cpp line 180
#23 nsBaseAppShell::NativeEventCallback
at nsBaseAppShell.cpp line 121
#24 nsAppShell::EventProcessorCallback
at nsAppShell.cpp line 69
#25 IA__g_main_context_dispatch
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2009
#26 g_main_context_iterate
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2642
#27 IA__g_main_loop_run
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2850
#28 IA__gtk_main
at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c line 1163
#29 main
at /scratch/build-area/epiphany-browser-2.22.2/src/ephy-main.c line 744
#0 waitpid
from /lib/libpthread.so.0


I'll rebuild libnotify with debug symbols to get a better trace.

Comment 4 Reinout van Schouwen 2008-06-16 10:51:56 UTC

*** Bug 538434 has been marked as a duplicate of this bug. ***

Comment 5 Reinout van Schouwen 2008-06-16 11:04:08 UTC

Could you install debug symbols for libnotify as well, please?
I'm not sure this is a bug in Epiphany at all...

Comment 6 Cosimo Cecchi 2008-06-22 12:42:30 UTC

*** Bug 539383 has been marked as a duplicate of this bug. ***

Comment 7 Sam Morris 2008-06-27 11:24:37 UTC

Backtrace with libnotify and libdbus debugging symbols:

(gdb) bt full

+ Trace 201518

#0 waitpid
from /lib/libpthread.so.0
#1 IA__g_spawn_sync
at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c line 374
#2 IA__g_spawn_command_line_sync
at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c line 682
#3 ??
from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
#4 nsProfileLock::FatalSignalHandler
at nsProfileLock.cpp line 216
#5 <signal handler called>
#6 dbus_g_proxy_connect_signal
at dbus-gproxy.c line 2874
#7 notify_notification_show
at notification.c line 751
#8 update_download_row
at /scratch/build-area/epiphany-browser-2.22.2/embed/downloader-view.c line 454
#9 IA__g_closure_invoke
at /tmp/buildd/glib2.0-2.16.3/gobject/gclosure.c line 490
#10 signal_emit_unlocked_R
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2440
#11 IA__g_signal_emit_valist
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2199
#12 IA__g_signal_emit_by_name
at /tmp/buildd/glib2.0-2.16.3/gobject/gsignal.c line 2267
#13 MozDownload::OnStateChange
at /scratch/build-area/epiphany-browser-2.22.2/embed/mozilla/MozDownload.cpp line 315
#14 nsWebBrowserPersist::OnStopRequest
at nsWebBrowserPersist.cpp line 794
#15 nsHttpChannel::OnStopRequest
at nsHttpChannel.cpp line 4443
#16 nsInputStreamPump::OnStateStop
at nsInputStreamPump.cpp line 576
#17 nsInputStreamPump::OnInputStreamReady
at nsInputStreamPump.cpp line 401
#18 nsInputStreamReadyEvent::Run
at nsStreamUtils.cpp line 111
#19 nsThread::ProcessNextEvent
at nsThread.cpp line 510
#20 NS_ProcessPendingEvents_P
at nsThreadUtils.cpp line 180
#21 nsBaseAppShell::NativeEventCallback
at nsBaseAppShell.cpp line 121
#22 nsAppShell::EventProcessorCallback
at nsAppShell.cpp line 69
#23 IA__g_main_context_dispatch
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2009
#24 g_main_context_iterate
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2642
#25 IA__g_main_loop_run
at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c line 2850
#26 IA__gtk_main
at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c line 1163
#27 main
at /scratch/build-area/epiphany-browser-2.22.2/src/ephy-main.c line 744

Comment 8 Reinout van Schouwen 2008-06-27 19:40:32 UTC

Okay, this is out of my league... could be a d-bus bug (in which case you have to forward the bug to bugs.freedesktop.org). Chpe, any ideas?

(BTW, Sam, seeing that you're getting good at this, have you thought about joining the Gnome bugteam?)

Comment 9 Christian Persch 2008-06-27 19:45:34 UTC

Possibly a libnotify or dbus-glib issue, but I'll take a look for 2.22.3.

Comment 10 Susana 2008-06-28 13:32:26 UTC

*** Bug 540583 has been marked as a duplicate of this bug. ***

Comment 11 Christian Persch 2008-06-30 17:45:07 UTC

Seems definitely to be in dbus-glib. Which version was that with, git head?

Nothing to do here from the Gnome side.

Comment 12 Reinout van Schouwen 2008-07-10 22:17:39 UTC

*** Bug 537495 has been marked as a duplicate of this bug. ***

Comment 13 Sam Morris 2008-07-12 14:59:50 UTC

I'm using dbus-glib 0.76. Shall I forward the bug to fdo?

Comment 14 Sam Morris 2008-07-12 15:42:10 UTC

Forwarded to <https://bugs.freedesktop.org/show_bug.cgi?id=16681>.

Comment 15 Susana 2008-07-13 20:18:31 UTC

*** Bug 542757 has been marked as a duplicate of this bug. ***

Comment 16 Susana 2008-07-13 20:24:47 UTC

*** Bug 542695 has been marked as a duplicate of this bug. ***

Comment 17 Reinout van Schouwen 2008-07-14 22:58:59 UTC

*** Bug 542830 has been marked as a duplicate of this bug. ***

Comment 18 Reinout van Schouwen 2008-07-14 22:59:40 UTC

*** Bug 542844 has been marked as a duplicate of this bug. ***

Comment 19 Reinout van Schouwen 2008-07-14 23:03:06 UTC

*** Bug 542942 has been marked as a duplicate of this bug. ***

Comment 20 Reinout van Schouwen 2008-07-15 08:18:08 UTC

*** Bug 543046 has been marked as a duplicate of this bug. ***

Comment 21 Reinout van Schouwen 2008-07-15 09:35:05 UTC

*** Bug 543053 has been marked as a duplicate of this bug. ***

Comment 22 Baptiste Mille-Mathias 2008-07-16 20:22:03 UTC

*** Bug 543230 has been marked as a duplicate of this bug. ***

Comment 23 Baptiste Mille-Mathias 2008-07-16 20:22:37 UTC

*** Bug 543151 has been marked as a duplicate of this bug. ***

Comment 24 Baptiste Mille-Mathias 2008-07-16 20:22:47 UTC

*** Bug 543293 has been marked as a duplicate of this bug. ***

Comment 25 Reinout van Schouwen 2008-07-17 10:16:45 UTC

*** Bug 543339 has been marked as a duplicate of this bug. ***

Comment 26 Reinout van Schouwen 2008-07-17 13:39:17 UTC

*** Bug 543425 has been marked as a duplicate of this bug. ***

Comment 27 Reinout van Schouwen 2008-07-17 21:32:33 UTC

*** Bug 543462 has been marked as a duplicate of this bug. ***

Comment 28 Reinout van Schouwen 2008-07-18 08:45:56 UTC

*** Bug 543522 has been marked as a duplicate of this bug. ***

Comment 29 Reinout van Schouwen 2008-07-18 08:51:57 UTC

*** Bug 543525 has been marked as a duplicate of this bug. ***

Comment 30 Reinout van Schouwen 2008-07-18 08:54:09 UTC

*** Bug 543526 has been marked as a duplicate of this bug. ***

Comment 31 Reinout van Schouwen 2008-07-18 08:55:13 UTC

*** Bug 543538 has been marked as a duplicate of this bug. ***

Comment 32 Reinout van Schouwen 2008-07-18 11:20:33 UTC

*** Bug 543576 has been marked as a duplicate of this bug. ***

Comment 33 Colin Walters 2008-07-20 08:54:55 UTC

The stack trace doesn't tell me a lot on its own; I'd need to look at the epiphany code (will do once I return from traveling).  But my guess is this crash is more likely related to trying to use a freed Notification object than a generic bug in dbus-glib.

Comment 34 Allan Day 2008-07-24 00:12:19 UTC

*** Bug 544462 has been marked as a duplicate of this bug. ***

Comment 35 Reinout van Schouwen 2008-07-24 08:47:06 UTC

@Sam, why did you reopen this bug?

Comment 36 Sam Morris 2008-07-24 09:36:17 UTC

Colin's comments look like it's a bug in epiphany...

Comment 37 Colin Walters 2008-07-24 17:20:37 UTC

Had a few moments for a closer look, and this looks suspicious in downloader-view.c:

#ifdef HAVE_LIBNOTIFY	
	if (notify_is_initted ())
	{
		notify_uninit ();
	}
#endif

This will basically invalidate all existing usage of libnotify; do we call downloader_view_finalize when the window is closed?   I bet we do.  And that's wrong for several reasons because it assumes nothing else in the app is using libnotify which seems unlikely.

In this particular case what I bet is crashing is that we connect to the "changed" signal on a download but don't hold a ref...so if a download changes after the downloader view has been finalized we call into libnotify, and...boom.

Bottom line I think the right fix is to init libnotify in some global app setup (ephy-main.c or whatever) and notify_uninit () close to before we exit().

Again I haven't verified this is the bug but wanted to write up my thoughts...might try doing some downloads in ephy now to test.

Comment 38 Cosimo Cecchi 2008-07-26 09:30:21 UTC

*** Bug 544783 has been marked as a duplicate of this bug. ***

Comment 39 Cosimo Cecchi 2008-07-27 12:27:22 UTC

*** Bug 544970 has been marked as a duplicate of this bug. ***

Comment 40 Sam Morris 2008-07-28 22:39:21 UTC

In case it helps, I think I've only seen this on my amd64 machine. My i386 machine seems to be able to download files without crashing.

Comment 41 Jon Dowland 2008-07-29 19:07:37 UTC

This seems to only happen on my amd64 too.

Comment 42 Reinout van Schouwen 2008-08-01 13:48:11 UTC

*** Bug 545758 has been marked as a duplicate of this bug. ***

Comment 43 Reinout van Schouwen 2008-08-01 21:55:05 UTC

*** Bug 545901 has been marked as a duplicate of this bug. ***

Comment 44 Diego Escalante Urrelo (not reading bugmail) 2008-08-02 21:56:26 UTC

Created attachment 115748 [details] [review]
[PATCH] Move libnotify initialization to ephy-main


This should fix the crash when libnotify was uninit before the notification was
actually shown. Fix suggested by Colin Walters, closes: #536768.
---
 embed/downloader-view.c |   12 ------------
 src/ephy-main.c         |   13 +++++++++++++
 2 files changed, 13 insertions(+), 12 deletions(-)

Comment 45 Christian Persch 2008-08-03 10:40:14 UTC

Thanks! Please commit to trunk and 2-24.

Comment 46 Diego Escalante Urrelo (not reading bugmail) 2008-08-04 13:23:40 UTC

Committed. Let's hope this is now really fixed.

Comment 47 Sam Morris 2008-08-04 14:36:07 UTC

Thanks everyone! Though it's a bit late now, here is how to reliably provoke the crash (though I've only tested this on my amd64 laptop).

 1. Start a download that will take some time
 2. Open a new tab, and load a web page in it.
 3. Leave the new tab in the foreground while the download finishes
 4. Crash!

Comment 48 Reinout van Schouwen 2008-08-06 08:04:19 UTC

*** Bug 546523 has been marked as a duplicate of this bug. ***

Comment 49 Susana 2008-08-10 19:35:24 UTC

*** Bug 547109 has been marked as a duplicate of this bug. ***

Comment 50 Christian Persch 2008-08-15 08:52:21 UTC

Diego: since there seems to be interest in another 2.22.x release (on the ML; not certain yet though), could you also commit this to 2-22 please? Thanks!

Comment 51 Reinout van Schouwen 2008-08-20 20:34:30 UTC

*** Bug 548743 has been marked as a duplicate of this bug. ***

Comment 52 Reinout van Schouwen 2008-08-23 13:30:48 UTC

*** Bug 548920 has been marked as a duplicate of this bug. ***

Comment 53 Reinout van Schouwen 2008-09-01 09:19:30 UTC

*** Bug 550155 has been marked as a duplicate of this bug. ***

Comment 54 Reinout van Schouwen 2008-09-02 21:29:46 UTC

*** Bug 550539 has been marked as a duplicate of this bug. ***

Comment 55 Reinout van Schouwen 2008-09-04 21:12:21 UTC

*** Bug 550900 has been marked as a duplicate of this bug. ***

Comment 56 Reinout van Schouwen 2008-09-06 23:23:59 UTC

*** Bug 551168 has been marked as a duplicate of this bug. ***

Comment 57 Reinout van Schouwen 2008-10-07 15:37:35 UTC

*** Bug 555397 has been marked as a duplicate of this bug. ***

Comment 58 Reinout van Schouwen 2008-10-20 11:26:42 UTC

*** Bug 557051 has been marked as a duplicate of this bug. ***

Comment 59 Cosimo Cecchi 2008-11-28 08:38:03 UTC

*** Bug 562492 has been marked as a duplicate of this bug. ***

Comment 60 Reinout van Schouwen 2009-04-08 10:51:52 UTC

*** Bug 578316 has been marked as a duplicate of this bug. ***

Comment 61 Gianluca Borello 2009-04-30 12:53:53 UTC

*** Bug 580875 has been marked as a duplicate of this bug. ***

Comment 62 Fabio Durán Verdugo 2009-05-18 19:56:28 UTC

*** Bug 583101 has been marked as a duplicate of this bug. ***