Closed Bug 321024 Opened 16 years ago Closed 15 years ago

Crash in nsCryptoHash during shutdown of nsUrlClassifierDBService [@ nsUrlClassifierDBService::Shutdown][@ NSSRWLock_LockRead]

Categories

(Core :: Security: PSM, defect)

defect
Not set
major

Tracking

()

VERIFIED FIXED

People

(Reporter: darin.moz, Assigned: benjamin)

References

Details

(Keywords: crash, fixed1.8.1.8, topcrash, Whiteboard: [kerh-bra] [need testcase])

Crash Data

Attachments

(4 files, 1 obsolete file)

Crash if nsCryptoHash is used from xpcom-startup

It crashes inside HASH_Begin, and I'm not sure what is going on exactly since NS_NSS_GENERIC_FACTORY_COSNTRUCTOR ensures that NSS has been initialized before it hands back the nsICryptoHash implementation.

http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSModule.cpp#75
doesn't psm / nss need a profile before it will work correctly?
Yes, but there is a profile ;-)  Firefox selects a profile before starting XPCOM.
PSM requires a profile? Why? In profileless situations can't it use the default certs?
Mozilla requires some profile directory.  For nss/psm, they find the secmod, cert, key, db's in this directory.  Of course, you can start NSS in readonly mode.
bug 309877 is about making PSM/NSS work w/o profile
Stack trace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 4678)]
0x40767c8c in NSSRWLock_LockRead () from /usr/local/fritz/firefox/libnss3.so
(gdb) bt
#0  0x40767c8c in NSSRWLock_LockRead ()
  from /usr/local/fritz/firefox/libnss3.so
#1  0x407458f7 in SECMOD_GetReadLock ()
  from /usr/local/fritz/firefox/libnss3.so
#2  0x407555b8 in PK11_GetAllTokens () from /usr/local/fritz/firefox/libnss3.so
#3  0x407557bf in PK11_GetBestSlotMultiple ()
  from /usr/local/fritz/firefox/libnss3.so
#4  0x4075598d in PK11_GetBestSlot () from /usr/local/fritz/firefox/libnss3.so
#5  0x407441b9 in PK11_CreateDigestContext ()
  from /usr/local/fritz/firefox/libnss3.so
#6  0x40737eaa in CERT_DecodeCRLDistributionPoints ()
  from /usr/local/fritz/firefox/libnss3.so
#7  0x40738159 in HASH_Create () from /usr/local/fritz/firefox/libnss3.so
#8  0x08676160 in nsXPTCVariant::Init ()
#9  0x4012f60b in XPTC_InvokeByIndex ()
  from /usr/local/fritz/firefox/libxpcom_core.so
#10 0x080a14f8 in nsTHashtable<nsBaseHashtableET<nsDepCharHashKey,
nsAutoPtr<nsINIParser::INIValue> > >::~nsTHashtable ()
#11 0x080a6c74 in nsTHashtable<nsBaseHashtableET<nsDepCharHashKey,
nsAutoPtr<nsINIParser::INIValue> > >::~nsTHashtable ()
#12 0x4004f90d in js_Invoke () from /usr/local/fritz/firefox/libmozjs.so
#13 0x4005863b in js_Interpret () from /usr/local/fritz/firefox/libmozjs.so
#14 0x4004f9be in js_Invoke () from /usr/local/fritz/firefox/libmozjs.so
#15 0x40053e5b in js_Interpret () from /usr/local/fritz/firefox/libmozjs.so
#16 0x4004f9be in js_Invoke () from /usr/local/fritz/firefox/libmozjs.so
#17 0x40053e5b in js_Interpret () from /usr/local/fritz/firefox/libmozjs.so
#18 0x4004f9be in js_Invoke () from /usr/local/fritz/firefox/libmozjs.so
#19 0x40053e5b in js_Interpret () from /usr/local/fritz/firefox/libmozjs.so
#20 0x4004f9be in js_Invoke () from /usr/local/fritz/firefox/libmozjs.so
#21 0x40053e5b in js_Interpret () from /usr/local/fritz/firefox/libmozjs.so
#22 0x4004f9be in js_Invoke () from /usr/local/fritz/firefox/libmozjs.so
#23 0x40053e5b in js_Interpret () from /usr/local/fritz/firefox/libmozjs.so
#24 0x4004f9be in js_Invoke () from /usr/local/fritz/firefox/libmozjs.so
#25 0x0809d314 in nsTHashtable<nsBaseHashtableET<nsDepCharHashKey,
nsAutoPtr<nsINIParser::INIValue> > >::~nsTHashtable ()
#26 0x0809b4d4 in nsTHashtable<nsBaseHashtableET<nsDepCharHashKey,
nsAutoPtr<nsINIParser::INIValue> > >::~nsTHashtable ()
#27 0x4012f730 in XPTC_InvokeByIndex ()
  from /usr/local/fritz/firefox/libxpcom_core.so
#28 0x40111efa in NS_CreateServicesFromCategory ()
  from /usr/local/fritz/firefox/libxpcom_core.so
#29 0x400e4e28 in NS_InitXPCOM3_P ()
  from /usr/local/fritz/firefox/libxpcom_core.so
Darin: We saw yesterday, that EnsureNSSInitialized does not return a possible failure, and therefore PSM services might get loaded, even if there is a problem with NSS databases.

Did you verify the call to NSS_InitReadWrite in nsNSSComponent::InitializeNSS succeeds?
> Did you verify the call to NSS_InitReadWrite in nsNSSComponent::InitializeNSS
> succeeds?

Nope, I have not.  That would be a good thing to test when I have a chance.
Duplicate of this bug: 366528
On Mac, this happens to several out of every thousand Firefox instances (see bug 366528).  I think that makes it a topcrash.
Flags: blocking1.9?
Keywords: topcrash
It sounds like this happens if NSS hits shutdown before nsUrlClassifierDBService (anti-phishing thread).  During xpcom-shutdown, nsUrlClassifierDBService processes pending events, which may include using nsCryptoHash.

I think the fix is to turn all pending events into NOOPs during nsUrlClassifierDBService shutdown.  I'll see if I can repro and get a patch.
Whiteboard: [kerh-bra]
I wasn't able to repro, but this patch cancels all calls into JS code once the urlclassifier shutdown has started.  Maybe someone who can repro can check to see if this fixes the shutdown crash.
Assignee: kengert → tony
Status: NEW → ASSIGNED
Attachment #260933 - Flags: review?(darin.moz)
Summary: Crash if nsCryptoHash is used from xpcom-startup → Crash in nsCryptoHash during shutdown of nsUrlClassifierDBService
Blocks: 376709
Comment on attachment 260933 [details] [diff] [review]
v1: no js callbacks during shutdown

It seems like some of these methods should return errors since they are not going to generate callbacks.  How about NS_ERROR_NOT_INITIALIZED?  Or, NS_ERROR_UNEXPECTED?

-Darin
Updated to return NS_ERROR_NOT_INITIALIZED instead.
Attachment #260933 - Attachment is obsolete: true
Attachment #261031 - Flags: review?(darin.moz)
Attachment #260933 - Flags: review?(darin.moz)
Summary: Crash in nsCryptoHash during shutdown of nsUrlClassifierDBService → Crash in nsCryptoHash during shutdown of nsUrlClassifierDBService [@ nsUrlClassifierDBService::Shutdown][@ NSSRWLock_LockRead]
QA Contact: psm
Attachment #261031 - Attachment is patch: true
Attachment #261031 - Attachment mime type: application/octet-stream → text/plain
Attachment #261031 - Flags: review?(darin.moz) → review+
We seem to be this bug pretty frequently on the tinderbox page, so I checked this in.

Checking in src/nsUrlClassifierDBService.cpp;
/cvsroot/mozilla/toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp,v  <--  nsUrlClassifierDBService.cpp
new revision: 1.21; previous revision: 1.20
done
(In reply to comment #16)

Do you know if this fix could be solve bug 376709 ?

I hit this crash three times last night (Mac trunk debug), despite my build being up-to-date.  (That's three crashes out of about 1360 shutdowns.)
Happening much more frequently now on the Firefox tinderbox page, on Mac qm-xserve01. I've copied a crashreport to:

http://pastebin.mozilla.org/127724
We should be observing a much earlier observer topic in any case. This will shutdown database activity at profile-before-change, as well as xpcom-shutdown-threads.

The comment in ::Shutdown says that it joins the thread, but I don't think it actually does. Unless I am misreading, we should definitely join that thread properly during shutdown. You aren't allowed to have threads persist past the xpcom-shutdown-threads observer topic.
Attachment #271852 - Flags: review?(tony)
I committed this patch a=robcee to get the tinderbox green, but I'd still like ex-post-facto review. Does this affect the branches at all, or just trunk?
Looks like it affects branch, yes. NSSRWLock_LockRead is the #22 topcrash for Firefox 2.0.0.4. http://talkback-public.mozilla.org/reports/firefox/FF2004/FF2004-topcrashers.html
OS: Linux → All
Hardware: PC → All
Attachment #271852 - Flags: review?(tony) → review+
What in the world is Thunderbird 2 doing with the URLClassifier? I can confirm that Thunderbird has a filehandle open to urlclassifier2.sqlite, (which is empty, of course).

filed bug 387840 to use --disable-safe-browsing in tbird
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.6?
Thunderbird 2 has phishing detection.  We want to keep it enabled.
http://mxr.mozilla.org/seamonkey/source/mail/components/phishing/
Here's a rollup patch for the 1.8 branch.
Assignee: tony → benjamin
Attachment #272029 - Flags: approval1.8.1.5?
Comment on attachment 272029 [details] [diff] [review]
Branch rollup patch

too late for 1.8.1.5
Attachment #272029 - Flags: approval1.8.1.5? → approval1.8.1.6?
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Flags: blocking1.9?
Resolution: --- → FIXED
Flags: blocking1.8.1.7? → blocking1.8.1.7+
Comment on attachment 272029 [details] [diff] [review]
Branch rollup patch

approved for 1.8.1.7, a=dveditz for release-drivers
Attachment #272029 - Flags: approval1.8.1.7? → approval1.8.1.7+
Fixed on MOZILLA_1_8_BRANCH for what is now I think 1.8.1.8
I believe the string "fixed1.8.1.8" should be moved from "URL" to "Keywords" in the bug status summary.
Can someone provide a STR or testcase?   Trying to verify on branch, but need steps.
Whiteboard: [kerh-bra] → [kerh-bra] [need testcase]
Because this is a thread race there really aren't steps to reproduce. The best way to verify would be to check whether the crashes disappeared in talkback.
This patch did not appear to help the NSSRWLock_LockRead crash. According to talkback that's hovering around 1.4% of all crashes in both FF2.0.0.7 and FF2.0.0.8
Duplicate of this bug: 376709
Crash Signature: [@ nsUrlClassifierDBService::Shutdown] [@ NSSRWLock_LockRead]
You need to log in before you can comment on or make changes to this bug.