Closed Bug 1334216 Opened 8 years ago Closed 7 years ago

AddressSanitizer: SEGV ipc/glue/MessageChannel.cpp:2178:13 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink()

Categories

(Core :: IPC, defect, P3)

Product:
Core
Component:
IPC
Version:
52 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox-esr45 --- unaffected
firefox51 --- unaffected
firefox52 - fix-optional
firefox53 - fix-optional
firefox54 - wontfix

People

(Reporter: bc, Unassigned)

References

(
URL
)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

asan report
27.98 KB, text/plain
Details
*scary* popup warning user
1.53 KB, text/plain
Details
Attached file asan report
1. http://1405track.online/?flux_fts=paetlfbdc0&flux_cost=0&pid=0034 Microsoft Support Scam. 2. shutdown 3. ASAN SEGV + numereous other crash signatures. Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=155.713) [GFX1-]: Receive IPC close with reason=AbnormalShutdown [Child 14188] WARNING: pipe error (3): Connection reset by peer: file /home/worker/workspace/build/src/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 346 Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=169.229) ASAN:DEADLYSIGNAL ================================================================= [GFX1-]: Receive IPC close with reason=AbnormalShutdown ==14188==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f675f141f11 bp 0x7f675b9e5610 sp 0x7f675b9e55f0 T2) ASAN:DEADLYSIGNAL Bill or Wes, could you look at this? s-s since I don't like asan segvs that have lots of other related crash signatures that are also scams.
Is this a recent regression, Bob?
Flags: needinfo?(bob)
Not sure how recent but it goes back in some variation of the stack to at least Aurora on 2017-01-04 which makes it Aurora/52. I clear the db at the beginning of the year, but this narrows it somewhat to after 2016-11-14.
Flags: needinfo?(bob)
Version: Trunk → 52 Branch
Group: core-security → dom-core-security
I tried to reproduce this with an ASAN build I downloaded from Treeherder. (It was an ASAN opt build if that makes any difference.) I followed the STR. The content process seems to hang during shutdown and so we kill it. That results in an ASAN report. I'm not getting symbols in my report, so I'm not sure if it's the exact same thing Bob is seeing. But it probably is. I suggest we close this since it's expected behavior.
A hang is expected behavior? Sounds like there's a bug here even if it's not a sec issue.
Flags: needinfo?(wmccloskey)
Well, the reason we're "crashing" is that we're killing the hung process.
Flags: needinfo?(wmccloskey)
Do we get a shutdown-blocker note in the crashreport if we're not running ASAN?
Should we un-security this?
Flags: needinfo?(wmccloskey)
Group: dom-core-security
Flags: needinfo?(wmccloskey)
Not tracking for 52/53. We can still take a patch to fix this at least in 53 in the next weeks.
tracking-firefox52: ?-
tracking-firefox53: ?-
The same bug is being reproduced in Firefox 51.0.1 on Linux everyday several times a day. But Firefox version 50 seems to have no such bug. Firefox 51.0.1 crashes on Linux (file is ipc/glue/MessageChannel.cpp).
Track 54- for now as no crashes in crash report server but still happy to have the fix in 54.
tracking-firefox54: ?-
Mark 54 won't fix as 54 was released.
status-firefox54: affectedwontfix
Priority: -- → P3
The url now returns a blank page. I'll just mark this incomplete unless someone has other ideas. I have other current scam urls that cause issues that I'll file as time permits.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: