Closed
Bug 1503201
Opened 6 years ago
Closed 6 years ago
Crash in mozilla::net::nsHttpChannelAuthProvider::GetCredentialsForChallenge
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
VERIFIED
FIXED
mozilla65
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox63 | --- | unaffected |
| firefox64 | --- | unaffected |
| firefox65 | blocking | verified |
People
(Reporter: calixte, Assigned: ehsan.akhgari)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, Whiteboard: [necko-triaged])
Crash Data
Attachments
(1 file)
This bug was filed from the Socorro interface and is
report bp-6a28cd6e-b913-452a-ba28-372480181030.
=============================================================
Top 10 frames of crashing thread:
0 xul.dll nsresult mozilla::net::nsHttpChannelAuthProvider::GetCredentialsForChallenge netwerk/protocol/http/nsHttpChannelAuthProvider.cpp:701
1 xul.dll nsresult mozilla::net::nsHttpChannelAuthProvider::GetCredentials netwerk/protocol/http/nsHttpChannelAuthProvider.cpp:612
2 xul.dll mozilla::net::nsHttpChannelAuthProvider::ProcessAuthentication netwerk/protocol/http/nsHttpChannelAuthProvider.cpp:194
3 xul.dll nsresult mozilla::net::nsHttpChannel::ContinueProcessResponse2 netwerk/protocol/http/nsHttpChannel.cpp:2667
4 xul.dll nsresult mozilla::net::nsHttpChannel::ContinueProcessResponse1 netwerk/protocol/http/nsHttpChannel.cpp:2540
5 xul.dll void mozilla::net::nsHttpChannel::AsyncContinueProcessResponse netwerk/protocol/http/nsHttpChannel.cpp:2448
6 xul.dll nsresult mozilla::detail::RunnableMethodImpl<mozilla::net::HttpChannelChild*, nsresult xpcom/threads/nsThreadUtils.h:1242
7 xul.dll static void mozilla::net::nsHttpChannel::ResumeInternal::<unnamed-tag>::operator netwerk/protocol/http/nsHttpChannel.cpp:9223
8 xul.dll nsresult mozilla::detail::RunnableFunction<`lambda at z:/build/build/src/netwerk/protocol/http/nsHttpChannel.cpp:9222:21'>::Run xpcom/threads/nsThreadUtils.h:577
9 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1245
=============================================================
There are 427 crashes (from 145 installations) in nightly 65 with buildid 20181029230149. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1502774.
[1] https://hg.mozilla.org/mozilla-central/rev?node=32a581482291
Flags: needinfo?(ehsan)
|
Reporter | |
Updated•6 years ago
|
Crash Signature: [@ mozilla::net::nsHttpChannelAuthProvider::GetCredentialsForChallenge] → [@ mozilla::net::nsHttpChannelAuthProvider::GetCredentialsForChallenge]
[@ mozilla::net::nsHttpChannelAuthProvider::GetCredentials]
|
||
Comment 2•6 years ago
|
||
Happens all the time with the latest build (on Linux) when trying to authenticate with google (see bp-67ab93cf-413a-4680-a4e6-f95790181030).
ASAN is not very helpful.
|
||
Updated•6 years ago
|
OS: Windows 7 → All
Hardware: Unspecified → All
|
||
Comment 3•6 years ago
|
||
I can't reproduce this with Nightly ASan on Fedora 28 but a clean profile on Windows 10 crashes every time I visit https://www.chromium.org/developers/testing/addresssanitizer with this stack:
==2880==ERROR: AddressSanitizer: access-violation on unknown address 0x000000000000 (pc 0x7ffd5f179931 bp 0x00bd045fcab0 sp 0x00bd045fc5c0 T0)
==2880==The signal is caused by a READ memory access.
==2880==Hint: address points to the zero page.
#0 0x7ffd5f179930 in mozilla::net::nsHttpChannelAuthProvider::GetCredentialsForChallenge(char const *,char const *,bool,class nsIHttpAuthenticator *,class nsTString<char> &) z:\build\build\src\netwerk\protocol\http\nsHttpChannelAuthProvider.cpp:701
#1 0x7ffd5f172ea8 in mozilla::net::nsHttpChannelAuthProvider::GetCredentials(char const *,bool,class nsTString<char> &) z:\build\build\src\netwerk\protocol\http\nsHttpChannelAuthProvider.cpp:612
#2 0x7ffd5f17170f in mozilla::net::nsHttpChannelAuthProvider::ProcessAuthentication(unsigned int,bool) z:\build\build\src\netwerk\protocol\http\nsHttpChannelAuthProvider.cpp:194
#3 0x7ffd5f343755 in mozilla::net::nsHttpChannel::ContinueProcessResponse2(enum nsresult) z:\build\build\src\netwerk\protocol\http\nsHttpChannel.cpp:2667
#4 0x7ffd5f34253f in mozilla::net::nsHttpChannel::ContinueProcessResponse1(void) z:\build\build\src\netwerk\protocol\http\nsHttpChannel.cpp:2540
#5 0x7ffd5f341b00 in mozilla::net::nsHttpChannel::ProcessResponse(void) z:\build\build\src\netwerk\protocol\http\nsHttpChannel.cpp:2441
#6 0x7ffd5f380a61 in mozilla::net::nsHttpChannel::OnStartRequest(class nsIRequest *,class nsISupports *) z:\build\build\src\netwerk\protocol\http\nsHttpChannel.cpp:7395
#7 0x7ffd5e921dda in nsInputStreamPump::OnStateStart(void) z:\build\build\src\netwerk\base\nsInputStreamPump.cpp:524
#8 0x7ffd5e92129a in nsInputStreamPump::OnInputStreamReady(class nsIAsyncInputStream *) z:\build\build\src\netwerk\base\nsInputStreamPump.cpp:429
#9 0x7ffd5e654a4f in nsInputStreamReadyEvent::Run(void) z:\build\build\src\xpcom\io\nsStreamUtils.cpp:102
#10 0x7ffd5e6c810a in nsThread::ProcessNextEvent(bool,bool *) z:\build\build\src\xpcom\threads\nsThread.cpp:1245
#11 0x7ffd5e6d0958 in NS_ProcessNextEvent(class nsIThread *,bool) z:\build\build\src\xpcom\threads\nsThreadUtils.cpp:530
#12 0x7ffd5f758436 in mozilla::ipc::MessagePump::Run(class base::MessagePump::Delegate *) z:\build\build\src\ipc\glue\MessagePump.cpp:125
#13 0x7ffd5f6be2ae in MessageLoop::RunHandler(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:318
#14 0x7ffd5f6be036 in MessageLoop::Run(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:298
#15 0x7ffd6857313a in nsBaseAppShell::Run(void) z:\build\build\src\widget\nsBaseAppShell.cpp:158
#16 0x7ffd687011b7 in nsAppShell::Run(void) z:\build\build\src\widget\windows\nsAppShell.cpp:420
#17 0x7ffd6c6920ce in nsAppStartup::Run(void) z:\build\build\src\toolkit\components\startup\nsAppStartup.cpp:290
#18 0x7ffd6c934cb7 in XREMain::XRE_mainRun(void) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4777
#19 0x7ffd6c93944e in XREMain::XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4922
#20 0x7ffd6c93b89e in XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:5014
#21 0x7ff6e2391ceb (C:\Program Files\Firefox Nightly\firefox.exe+0x140001ceb)
#22 0x7ff6e23914a1 (C:\Program Files\Firefox Nightly\firefox.exe+0x1400014a1)
#23 0x7ff6e239ebdb (C:\Program Files\Firefox Nightly\firefox.exe+0x14000ebdb)
#24 0x7ffda95c3033 (C:\Windows\System32\KERNEL32.DLL+0x180013033)
#25 0x7ffdaa8d1460 (C:\Windows\SYSTEM32\ntdll.dll+0x180071460)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation z:\build\build\src\netwerk\protocol\http\nsHttpChannelAuthProvider.cpp:701 in mozilla::net::nsHttpChannelAuthProvider::GetCredentialsForChallenge(char const *,char const *,bool,class nsIHttpAuthenticator *,class nsTString<char> &)
==2880==ABORTING
|
||
Comment 4•6 years ago
|
||
I was able to reproduce this twice in a row
https://crash-stats.mozilla.com/report/index/bp-1b1f5f18-da7a-4be6-b1ec-18b790181030
https://crash-stats.mozilla.com/report/index/bp-8f82be35-0afc-4a67-ad8c-3bd090181030
from this URL with Nightly
https://www.xda-developers.com/huawei-gopro-quik/
|
||
Comment 5•6 years ago
|
||
¡Hola!
Yup! Firefox Nightly is crash happy here too as well.
Here are my crashes from today FWIW:
bp-fb941280-a0cd-4b20-a80c-be67a0181030 30/10/2018 10:23 a. m.
bp-65dfcd9a-61ea-415c-b5fe-0d97b0181030 30/10/2018 10:13 a. m.
bp-9dc26bef-7b74-4dbb-a30d-ec03f0181030 30/10/2018 10:09 a. m.
bp-509b9dbe-980b-48c9-816c-9844b0181030 30/10/2018 09:04 a. m.
bp-f71f6c17-fa16-45d1-80e2-b54050181030 30/10/2018 09:04 a. m.
Hope a fix is promptly made available.
¡Gracias!
Alex
|
|
||
Comment 6•6 years ago
|
||
¡Hola!
FWIW https://support.cloudflare.com/hc/en-us/articles/200170216 instacrashes today's Nightly for me.
¡Gracias!
Alex
|
||
Updated•6 years ago
|
tracking-firefox65:
--- → blocking
Bisected:
2018-10-30T19:42:32: DEBUG : Using url: https://hg.mozilla.org/integration/autoland/json-pushes?changeset=6b821f5b12ae5c9520a0d1da2575094b5a532899&full=1
2018-10-30T19:42:33: DEBUG : Found commit message:
Bug 1502774 - Part 3: Remove nsAuthModule r=valentin
Depends on D10026
Differential Revision: https://phabricator.services.mozilla.com/D10027
2018-10-30T19:42:33: INFO : The bisection is done.
|
|
||
Comment 8•6 years ago
|
||
This was fixed by backout. Nightlies with buildid 201810302200 or newer should have the fix.
https://hg.mozilla.org/mozilla-central/rev/c2b537178ae9cb4ee0c8afbc1504f97159a7aed5
Assignee: nobody → ehsan
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(ehsan)
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
|
Assignee | |
Comment 9•6 years ago
|
||
Reopening so that I can add a crash test for this.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 10•6 years ago
|
||
|
||
Updated•6 years ago
|
Whiteboard: [necko-triaged]
|
||
Comment 11•6 years ago
|
||
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1ff1e5e3c60a
Add a crash test for fetching a subresource served with an invalid authentication realm r=valentin
|
||
Comment 12•6 years ago
|
||
| bugherder | ||
Status: REOPENED → RESOLVED
Closed: 6 years ago → 6 years ago
Resolution: --- → FIXED
|
|
||
Updated•6 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Updated•6 years ago
|
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•