Assertion failure went undetected by tinderbox

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P1
blocker
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Alexei Volkov, Assigned: Slavomir Katuscak)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIXTEST NSS312B2)

Attachments

(1 attachment, 1 obsolete attachment)

1.38 KB, patch
Alexei Volkov
: review+
Details | Diff | Splinter Review
(Reporter)

Description

9 years ago
Killing of selfserv is producing a leak that went undetected since March 26 after patch to bug 397832 enabled assertion check on the number of leaked objects. 

Objects leaked on all platforms.
 
ssl.sh: #845: TLS Require client auth (client auth)(cert TestUser51 - not revoked) produced a returncode of 0, expected is 0 - PASSED
Server Args: -r_-r
tstclnt -p 8443 -h dositups.red.iplanet.com -f -d ../client \
        -w nss -n TestUser52   < /export/tinderbox/SunOS_5.10/mozilla/security/nss/tests/ssl/sslreq.dat
4[817d180]: Error at level 0: Unable to build chain
4[817d180]: Error at level 1: pkix_Build_InitiateBuildChain failed
4[817d180]: Error at level 2: pkix_BuildForwardDepthFirstSearch failed
4[817d180]: Error at level 3: pkix_DefaultCRLChecker_Check_Store failed
4[817d180]: Error at level 4: pkix_DefaultCRLChecker_Check_Store failed
4[817d180]: Error at level 5: Certificate is revoked by CRL for key compromise
selfserv: HDX PR_Read returned error -8180:
Peer's Certificate has been revoked.
tstclnt: write to SSL socket failed: SSL peer rejected your certificate as revoked.
kill -0 2995 >/dev/null 2>/dev/null
selfserv with PID 2995 found at Mon Mar 31 10:03:29 PST 2008
ssl.sh: #846: TLS Require client auth (client auth)(cert TestUser52 - revoked) produced a returncode of 254, expected is 254 - PASSED
trying to kill selfserv with PID 2995 at Mon Mar 31 10:03:29 PST 2008
kill -USR1 2995
1[8087790]: Class BigInt leaked 8 objects of size 8 bytes, total = 64 bytes
1[8087790]: Class Cert leaked 8 objects of size 136 bytes, total = 1088 bytes
1[8087790]: Class List leaked 40 objects of size 20 bytes, total = 800 bytes
1[8087790]: Class PublicKey leaked 8 objects of size 4 bytes, total = 32 bytes
1[8087790]: Class X500Name leaked 16 objects of size 24 bytes, total = 384 bytes
1[8087790]: Assertion failure: numLeakedObjects == 0, at pkix_pl_lifecycle.c:294
Assertion failure: numLeakedObjects == 0, at pkix_pl_lifecycle.c:294
selfserv: 0 cache hits; 41 cache misses, 0 cache not reusable
          0 stateless resumes, 0 ticket parse failures
selfserv with PID 2995 killed at Mon Mar 31 10:03:29 PST 2008
ssl.sh: TLS Require client auth (client auth) ----
selfserv starting at Mon Mar 31 10:03:29 PST 2008
selfserv -D -p 8443 -d ../server -n dositups.red.iplanet.com  \

Here is what happened on the system, where core was detected:

ssl.sh: #2890: TLS Require client auth (client auth)(cert TestUser52 - revoked) produced a returncode of 254, expected is 254 - PASSED
trying to kill selfserv with PID 412 at Thu Mar 27 05:48:59 PDT 2008
kill -USR1 412
Assertion failure: numLeakedObjects == 0, at pkix_pl_lifecycle.c:294
selfserv: 0 cache hits; 41 cache misses, 0 cache not reusable
          0 stateless resumes, 0 ticket parse failures
selfserv with PID 412 killed at Thu Mar 27 05:48:59 PDT 2008
ssl.sh: #2891: kill_selfserv core detection step - Core file is detected.
ssl.sh: TLS Require client auth (client auth) ----

It looks like all systems(except one) have ulimit for code set to 0. Slavo, please check out our test system and set variable to "unlimited" value.
(Reporter)

Updated

9 years ago
Whiteboard: PKIXTEST NSS312B2
(Reporter)

Updated

9 years ago
Priority: -- → P1
Slavo, please treat this as your TOP priority bug, immediately.
Severity: normal → blocker
(Assignee)

Comment 2

9 years ago
Created attachment 312879 [details] [diff] [review]
Patch.

Added setting ulimit -c unlimited if ulimit exists and executable.
Added FAILED string when core file detected.
Attachment #312879 - Flags: review?(alexei.volkov.bugs)
(Assignee)

Comment 3

9 years ago
For now I set ulimit to unlimited on all Solaris and Linux trunk Tinderboxes, but I prefer to have this setting in script.
(Assignee)

Comment 4

9 years ago
Created attachment 312922 [details] [diff] [review]
Patch v2.

Ulimit detection didn't work on Linux correctly (ulimit is part of shell, which command doesn't detect it). I rather skip ulimit only for Windows platform. Then there is no limitation for OS.
Attachment #312879 - Attachment is obsolete: true
Attachment #312922 - Flags: review?(alexei.volkov.bugs)
Attachment #312879 - Flags: review?(alexei.volkov.bugs)
(Reporter)

Comment 5

9 years ago
Comment on attachment 312922 [details] [diff] [review]
Patch v2.

r+ provided the fix is tested on all unix platforms.
Attachment #312922 - Flags: review?(alexei.volkov.bugs) → review+
(Assignee)

Comment 6

9 years ago
Checking in init.sh;
/cvsroot/mozilla/security/nss/tests/common/init.sh,v  <--  init.sh
new revision: 1.63; previous revision: 1.62
done
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.