Last Comment Bug 421870 - Strsclnt crashed in PKIX tests.
: Strsclnt crashed in PKIX tests.
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.11.9
: x86 Solaris
: -- normal (vote)
: 3.12
Assigned To: Alexei Volkov
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-10 02:27 PDT by Slavomir Katuscak
Modified: 2008-03-10 14:58 PDT (History)
0 users
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Slavomir Katuscak 2008-03-10 02:27:36 PDT
Branch: securitytip
Build: 20080307.1
Platform: SunOS5.10_i86pc_DBG.OBJ

ssl.sh: #3449: Stress SSL2 RC4 128 with MD5 (no reuse, client auth) produced a returncode of 1, expected is 0.  - Core file is detected.

There were 2 core files found produced at the same time - core from selfserv and core from strsclnt. Selfserv one is the same as in bug 400947, strsclnt analysis is there:

bash-3.00$ dbx /share/builds/mccrel3/security/securitytip/builds/20080307.1/wozzeck_Solaris8/mozilla/security/nss/cmd/strsclnt/SunOS5.8_i86pc_DBG.OBJ/strsclnt /export/test/core.strsclnt.16222

t@null (l@1) terminated by signal KILL (Killed)
0xd09f1065: __lwp_wait+0x0015:  jae      __lwp_wait+0x23        [ 0xd09f1073, .+0xe ]
Current function is PR_JoinThread
  594           rv = pthread_join(id, &result);

(dbx) where                                                                  
  [1] __lwp_wait(0x2, 0x8046f50), at 0xd09f1065 
  [2] lwp_wait(0x2, 0x8046f50), at 0xd09e3c03 
  [3] _thrp_join(0x2, 0x0, 0x8046f98, 0x1), at 0xd09ec998 
  [4] _pthread_join(0x2, 0x8046f98), at 0xd09ecb17 
=>[5] PR_JoinThread(thred = 0x80e6c60), line 594 in "ptthread.c"
  [6] reap_threads(), line 497 in "strsclnt.c"
  [7] client_main(port = 8444U, connections = 100, Cert_And_Key = 0x80470e0, hostName = 0x8084708 "mandela.red.iplanet.com"), line 1278 in "strsclnt.c"
  [8] main(argc = 19, argv = 0x804715c), line 1474 in "strsclnt.c"

(dbx) threads
      t@1  a  l@1   ?()   LWP suspended in  __lwp_wait() 
      t@2  a  l@2   _pt_root()   LWP suspended in  __pollsys() 
      t@3  a  l@3   _pt_root()   LWP suspended in  __pollsys() 
      t@4  a  l@4   _pt_root()   sleep on 0xd0a1b1a8  in  __lwp_park() 
      t@5  a  l@5   _pt_root()   LWP suspended in  __pollsys() 
      t@6  a  l@6   _pt_root()   LWP suspended in  __pollsys() 
      t@7  a  l@7   _pt_root()   LWP suspended in  __pollsys() 
o     t@8  a  l@8   _pt_root()   signal SIGSEGV in  strlen() 
      t@9  a  l@9   _pt_root()   LWP suspended in  __pollsys() 
(dbx) where t@1
current thread: t@1
=>[1] __lwp_wait(0x2, 0x8046f50), at 0xd09f1065 
  [2] lwp_wait(0x2, 0x8046f50), at 0xd09e3c03 
  [3] _thrp_join(0x2, 0x0, 0x8046f98, 0x1), at 0xd09ec998 
  [4] _pthread_join(0x2, 0x8046f98), at 0xd09ecb17 
  [5] PR_JoinThread(thred = 0x80e6c60), line 594 in "ptthread.c"
  [6] reap_threads(), line 497 in "strsclnt.c"
  [7] client_main(port = 8444U, connections = 100, Cert_And_Key = 0x80470e0, hostName = 0x8084708 "mandela.red.iplanet.com"), line 1278 in "strsclnt.c"
  [8] main(argc = 19, argv = 0x804715c), line 1474 in "strsclnt.c"

(dbx) where t@2
current thread: t@2
=>[1] __pollsys(0xd04fb9b0, 0x1, 0xd04fb980, 0x0), at 0xd09f0aa5 
  [2] _pollsys(0xd04fb9b0, 0x1, 0xd04fb980, 0x0), at 0xd09e5229 
  [3] _poll(0xd04fb9b0, 0x1, 0x1388), at 0xd099a672 
  [4] pt_poll_now(op = 0xd04fba14), line 599 in "ptio.c"
  [5] pt_Continue(op = 0xd04fba14), line 722 in "ptio.c"
  [6] pt_Recv(fd = 0x80c9b40, buf = 0x80ecc70, amount = 5, flags = 0, timeout = 4294967295U), line 1863 in "ptio.c"
  [7] ssl_DefRecv(ss = 0x80ec9f0, buf = 0x80ecc70 "^V^C", len = 5, flags = 0), line 94 in "ssldef.c"
  [8] ssl3_GatherData(ss = 0x80ec9f0, gs = 0x80ecc30, flags = 0), line 90 in "ssl3gthr.c"
  [9] ssl3_GatherCompleteHandshake(ss = 0x80ec9f0, flags = 0), line 195 in "ssl3gthr.c"
  [10] ssl_GatherRecord1stHandshake(ss = 0x80ec9f0), line 1258 in "sslcon.c"
  [11] ssl_Do1stHandshake(ss = 0x80ec9f0), line 151 in "sslsecur.c"
  [12] ssl_SecureSend(ss = 0x80ec9f0, buf = 0x8067bec "GET /abc HTTP/1.0^M\n^M\n", len = 21, flags = 0), line 1152 in "sslsecur.c"
  [13] ssl_Send(fd = 0x80c9700, buf = 0x8067bec, len = 21, flags = 0, timeout = 4294967295U), line 1447 in "sslsock.c"
  [14] PR_Send(fd = 0x80c9700, buf = 0x8067bec, amount = 21, flags = 0, timeout = 4294967295U), line 226 in "priometh.c"
  [15] handle_connection(ssl_sock = 0x80c9700, tid = 0), line 693 in "strsclnt.c"
  [16] do_connects(a = 0x8047024, b = 0x80c9580, tid = 0), line 883 in "strsclnt.c"
  [17] thread_wrapper(arg = 0x80828b8), line 436 in "strsclnt.c"
  [18] _pt_root(arg = 0x80e6c60), line 221 in "ptthread.c"
  [19] _thr_setup(0xd0a32400), at 0xd09ef708 
  [20] _lwp_start(), at 0xd09ef9f0 

(dbx) where t@4
current thread: t@4
=>[1] __lwp_park(0x0, 0x0), at 0xd09efa69 
  [2] mutex_lock_queue(0xd02d0400, 0x0, 0xd0a1b1a8, 0x0), at 0xd09e8ad5 
  [3] slow_lock(0xd02d0400, 0xd0a1b1a8, 0x0), at 0xd09e9371 
  [4] mutex_lock_impl(0xd0a1b1a8, 0x0), at 0xd09e9467 
  [5] _private_mutex_lock(0xd0a1b1a8), at 0xd09e9573 
  [6] _flockget(0xd0a1c080), at 0xd09d68d3 
  [7] printf(0xd0e6fbd8, 0xd0e51166), at 0xd09ccce6 
  [8] pkix_trace_dump_cert(info = 0xd0e6e3d0 "pkix_CheckChain", cert = 0x822c37c, plContext = 0x820dc30), line 73 in "pkix_build.c"
  [9] pkix_CheckChain(certs = 0x822f0ac, numCerts = 1U, checkers = 0x82402f4, revCheckers = 0x81f41dc, removeCheckedExtOIDs = 0x820e15c, procParams = 0x82395e4, pCertCheckedIndex = 0x8217534, pCheckerIndex = 0x8217538, pRevChecking = 0x8217560, pReasonCode = 0x8217548, pNBIOContext = 0xd02cd45c, pFinalSubjPubKey = 0xd02cd468, pPolicyTree = 0xd02cd464, pVerifyTree = (nil), plContext = 0x820dc30), line 942 in "pkix_validate.c"
  [10] pkix_Build_ValidateEntireChain(state = 0x8217514, anchor = 0x82453bc, pNBIOContext = 0xd02cd4d8, pValResult = 0xd02cd4f4, verifyNode = 0x82411f4, plContext = 0x820dc30), line 1621 in "pkix_build.c"
  [11] pkix_Build_CheckInCache(state = 0x8217514, pBuildResult = 0xd02cd580, pNBIOContext = 0xd02cd5d0, plContext = 0x820dc30), line 3669 in "pkix_build.c"
  [12] pkix_Build_InitiateBuildChain(procParams = 0x82395e4, pNBIOContext = 0xd02cd694, pState = 0xd02cd69c, pBuildResult = 0xd02cd698, pVerifyNode = 0xd02cd718, plContext = 0x820dc30), line 4120 in "pkix_build.c"
  [13] PKIX_BuildChain(procParams = 0x82395e4, pNBIOContext = 0xd02cd714, pState = 0xd02cd710, pBuildResult = 0xd02cd71c, pVerifyNode = 0xd02cd718, plContext = 0x820dc30), line 4364 in "pkix_build.c"
  [14] cert_BuildAndValidateChain(procParams = 0x82395e4, pResult = 0xd02cd75c, pVerifyNode = 0xd02cd758, plContext = 0x820dc30), line 777 in "certvfypkix.c"
  [15] cert_VerifyCertChainPkix(cert = 0x8209788, checkSig = 1, requiredUsage = certUsageSSLServer, time = 1204893517460748ULL, wincx = (nil), log = (nil), pSigerror = (nil), pRevoked = (nil)), line 1190 in "certvfypkix.c"
  [16] cert_VerifyCertChain(handle = 0x80b3b48, cert = 0x8209788, checkSig = 1, sigerror = (nil), certUsage = certUsageSSLServer, t = 1204893517460748LL, wincx = (nil), log = (nil), revoked = (nil)), line 870 in "certvfy.c"
  [17] CERT_VerifyCertChain(handle = 0x80b3b48, cert = 0x8209788, checkSig = 1, certUsage = certUsageSSLServer, t = 1204893517460748LL, wincx = (nil), log = (nil)), line 882 in "certvfy.c"
  [18] CERT_VerifyCert(handle = 0x80b3b48, cert = 0x8209788, checkSig = 1, certUsage = certUsageSSLServer, t = 1204893517460748LL, wincx = (nil), log = (nil)), line 1479 in "certvfy.c"
  [19] CERT_VerifyCertNow(handle = 0x80b3b48, cert = 0x8209788, checkSig = 1, certUsage = certUsageSSLServer, wincx = (nil)), line 1530 in "certvfy.c"
  [20] SSL_AuthCertificate(arg = 0x80b3b48, fd = 0x80c99c0, checkSig = 1, isServer = 0), line 255 in "sslauth.c"
  [21] mySSLAuthCertificate(arg = 0x80b3b48, fd = 0x80c99c0, checkSig = 1, isServer = 0), line 275 in "strsclnt.c"
  [22] ssl3_HandleCertificate(ss = 0x80fe658, b = 0x81243d2 "^M", length = 0), line 7261 in "ssl3con.c"
  [23] ssl3_HandleHandshakeMessage(ss = 0x80fe658, b = 0x8123ed6 "", length = 1276U), line 7939 in "ssl3con.c"
  [24] ssl3_HandleHandshake(ss = 0x80fe658, origBuf = 0x80fe89c), line 8063 in "ssl3con.c"
  [25] ssl3_HandleRecord(ss = 0x80fe658, cText = 0xd02cdb04, databuf = 0x80fe89c), line 8326 in "ssl3con.c"
  [26] ssl3_GatherCompleteHandshake(ss = 0x80fe658, flags = 0), line 206 in "ssl3gthr.c"
  [27] ssl_GatherRecord1stHandshake(ss = 0x80fe658), line 1258 in "sslcon.c"
  [28] ssl_Do1stHandshake(ss = 0x80fe658), line 151 in "sslsecur.c"
  [29] ssl_SecureSend(ss = 0x80fe658, buf = 0x8067bec "GET /abc HTTP/1.0^M\n^M\n", len = 21, flags = 0), line 1152 in "sslsecur.c"
  [30] ssl_Send(fd = 0x80c99c0, buf = 0x8067bec, len = 21, flags = 0, timeout = 4294967295U), line 1447 in "sslsock.c"
  [31] PR_Send(fd = 0x80c99c0, buf = 0x8067bec, amount = 21, flags = 0, timeout = 4294967295U), line 226 in "priometh.c"
  [32] handle_connection(ssl_sock = 0x80c99c0, tid = 2), line 693 in "strsclnt.c"
  [33] do_connects(a = 0x8047024, b = 0x80c9580, tid = 2), line 883 in "strsclnt.c"
  [34] thread_wrapper(arg = 0x80828f0), line 436 in "strsclnt.c"
  [35] _pt_root(arg = 0x80e6d70), line 221 in "ptthread.c"
  [36] _thr_setup(0xd02d0400), at 0xd09ef708 
  [37] _lwp_start(), at 0xd09ef9f0 

(dbx) where t@8
current thread: t@8
=>[1] strlen(0x0), at 0xd0974adc 
  [2] _ndoprnt(0xd0e6fc02, 0xcfecd2e0, 0xd0a1c080, 0x0), at 0xd09ca096 
  [3] printf(0xd0e6fbf4, 0x0), at 0xd09ccd54 
  [4] pkix_trace_dump_cert(info = 0xd0e6e3d0 "pkix_CheckChain", cert = 0x822c37c, plContext = 0x8244378), line 74 in "pkix_build.c"
  [5] pkix_CheckChain(certs = 0x82411bc, numCerts = 1U, checkers = 0x824128c, revCheckers = 0x81f4144, removeCheckedExtOIDs = 0x82141bc, procParams = 0x8206ccc, pCertCheckedIndex = 0x82403dc, pCheckerIndex = 0x82403e0, pRevChecking = 0x8240408, pReasonCode = 0x82403f0, pNBIOContext = 0xcfecd45c, pFinalSubjPubKey = 0xcfecd468, pPolicyTree = 0xcfecd464, pVerifyTree = (nil), plContext = 0x8244378), line 942 in "pkix_validate.c"
  [6] pkix_Build_ValidateEntireChain(state = 0x82403bc, anchor = 0x82453bc, pNBIOContext = 0xcfecd4d8, pValResult = 0xcfecd4f4, verifyNode = 0x824025c, plContext = 0x8244378), line 1621 in "pkix_build.c"
  [7] pkix_Build_CheckInCache(state = 0x82403bc, pBuildResult = 0xcfecd580, pNBIOContext = 0xcfecd5d0, plContext = 0x8244378), line 3669 in "pkix_build.c"
  [8] pkix_Build_InitiateBuildChain(procParams = 0x8206ccc, pNBIOContext = 0xcfecd694, pState = 0xcfecd69c, pBuildResult = 0xcfecd698, pVerifyNode = 0xcfecd718, plContext = 0x8244378), line 4120 in "pkix_build.c"
  [9] PKIX_BuildChain(procParams = 0x8206ccc, pNBIOContext = 0xcfecd714, pState = 0xcfecd710, pBuildResult = 0xcfecd71c, pVerifyNode = 0xcfecd718, plContext = 0x8244378), line 4364 in "pkix_build.c"
  [10] cert_BuildAndValidateChain(procParams = 0x8206ccc, pResult = 0xcfecd75c, pVerifyNode = 0xcfecd758, plContext = 0x8244378), line 777 in "certvfypkix.c"
  [11] cert_VerifyCertChainPkix(cert = 0x8209788, checkSig = 1, requiredUsage = certUsageSSLServer, time = 1204893517460650ULL, wincx = (nil), log = (nil), pSigerror = (nil), pRevoked = (nil)), line 1190 in "certvfypkix.c"
  [12] cert_VerifyCertChain(handle = 0x80b3b48, cert = 0x8209788, checkSig = 1, sigerror = (nil), certUsage = certUsageSSLServer, t = 1204893517460650LL, wincx = (nil), log = (nil), revoked = (nil)), line 870 in "certvfy.c"
  [13] CERT_VerifyCertChain(handle = 0x80b3b48, cert = 0x8209788, checkSig = 1, certUsage = certUsageSSLServer, t = 1204893517460650LL, wincx = (nil), log = (nil)), line 882 in "certvfy.c"
  [14] CERT_VerifyCert(handle = 0x80b3b48, cert = 0x8209788, checkSig = 1, certUsage = certUsageSSLServer, t = 1204893517460650LL, wincx = (nil), log = (nil)), line 1479 in "certvfy.c"
  [15] CERT_VerifyCertNow(handle = 0x80b3b48, cert = 0x8209788, checkSig = 1, certUsage = certUsageSSLServer, wincx = (nil)), line 1530 in "certvfy.c"
  [16] SSL_AuthCertificate(arg = 0x80b3b48, fd = 0x80c9aa0, checkSig = 1, isServer = 0), line 255 in "sslauth.c"
  [17] mySSLAuthCertificate(arg = 0x80b3b48, fd = 0x80c9aa0, checkSig = 1, isServer = 0), line 275 in "strsclnt.c"
  [18] ssl3_HandleCertificate(ss = 0x82552c8, b = 0x812b962 "^M", length = 0), line 7261 in "ssl3con.c"
  [19] ssl3_HandleHandshakeMessage(ss = 0x82552c8, b = 0x812b466 "", length = 1276U), line 7939 in "ssl3con.c"
  [20] ssl3_HandleHandshake(ss = 0x82552c8, origBuf = 0x825550c), line 8063 in "ssl3con.c"
  [21] ssl3_HandleRecord(ss = 0x82552c8, cText = 0xcfecdb04, databuf = 0x825550c), line 8326 in "ssl3con.c"
  [22] ssl3_GatherCompleteHandshake(ss = 0x82552c8, flags = 0), line 206 in "ssl3gthr.c"
  [23] ssl_GatherRecord1stHandshake(ss = 0x82552c8), line 1258 in "sslcon.c"
  [24] ssl_Do1stHandshake(ss = 0x82552c8), line 151 in "sslsecur.c"
  [25] ssl_SecureSend(ss = 0x82552c8, buf = 0x8067bec "GET /abc HTTP/1.0^M\n^M\n", len = 21, flags = 0), line 1152 in "sslsecur.c"
  [26] ssl_Send(fd = 0x80c9aa0, buf = 0x8067bec, len = 21, flags = 0, timeout = 4294967295U), line 1447 in "sslsock.c"
  [27] PR_Send(fd = 0x80c9aa0, buf = 0x8067bec, amount = 21, flags = 0, timeout = 4294967295U), line 226 in "priometh.c"
  [28] handle_connection(ssl_sock = 0x80c9aa0, tid = 6), line 693 in "strsclnt.c"
  [29] do_connects(a = 0x8047024, b = 0x80c9580, tid = 6), line 883 in "strsclnt.c"
  [30] thread_wrapper(arg = 0x8082960), line 436 in "strsclnt.c"
  [31] _pt_root(arg = 0x80e6ff0), line 221 in "ptthread.c"
  [32] _thr_setup(0xd02d1400), at 0xd09ef708 
  [33] _lwp_start(), at 0xd09ef9f0 

If the reason of failure is the same as in bug 400947, please set it as duplicate.
Comment 1 Alexei Volkov 2008-03-10 14:58:55 PDT
pkix_trace_dump_cert does not use thread safe code. Last patch to bug 418398 ifdefed this function. We should not have this crash any more. Slavo, please reopen this bug if you see one.

Note You need to log in before you can comment on or make changes to this bug.