Closed Bug 427715 Opened 17 years ago Closed 16 years ago

nsCryptoHash apparently being called while NSS is in shutdown state [@ NSSRWLock_LockRead_Util]

Categories

(Core :: Security: PSM, defect, P2)

Product:
Core
Component:
Security: PSM
Platform:
x86
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking1.9.1 --- .3+
status1.9.1 --- .3-fixed

People

(Reporter: timeless, Assigned: mayhemer)

References

Details

(Keywords: crash, fixed1.9.0.14, topcrash+)

Crash Data

Attachments

(5 files, 9 obsolete files)

v1 for trunk [Checkin comment 73]
4.92 KB, patch
KaiE
: review+
Details | Diff | Splinter Review
v2, as laned on m-c [Checkin comment 92]
9.84 KB, patch
Details | Diff | Splinter Review
v1+v2 merged for 1.9.1 [Checkin comment 101]
12.67 KB, patch
samuel.sidler+old
: approval1.9.1.2-
dveditz
: approval1.9.1.3+
Details | Diff | Splinter Review
v1+v2 merged for 1.9.0 [Checkin comment 102]
12.93 KB, patch
dveditz
: approval1.9.0.14+
Details | Diff | Splinter Review
v1+v2 merged for 1.8.1
9.81 KB, patch
Details | Diff | Splinter Review
Signature NSSRWLock_LockRead_Util UUID e34e0aba-04bf-11dd-8b73-001321b13766 Time 2008-04-07 09:29:16-07:00 Uptime 13 Product Firefox Version 3.0pre Build ID 2008040606 OS Windows NT OS Version 6.0.6001 Service Pack 1 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 6 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 Comments Just open and close firefox rapidly and it crash Crashing Thread Frame Module Signature [Expand] Source 0 nssutil3.dll NSSRWLock_LockRead_Util mozilla/security/nss/lib/util/nssrwlk.c:177 1 nss3.dll PK11_GetAllTokens mozilla/security/nss/lib/pk11wrap/pk11slot.c:1776 2 nss3.dll PK11_GetBestSlotMultiple mozilla/security/nss/lib/pk11wrap/pk11slot.c:1866 3 nss3.dll PK11_GetBestSlot mozilla/security/nss/lib/pk11wrap/pk11slot.c:1927 4 nss3.dll PK11_CreateDigestContext mozilla/security/nss/lib/pk11wrap/pk11cxt.c:410 5 nss3.dll sha1_NewContext mozilla/security/nss/lib/cryptohi/sechash.c:91 6 nss3.dll HASH_Create mozilla/security/nss/lib/cryptohi/sechash.c:327 7 xul.dll nsCryptoHash::Init mozilla/security/manager/ssl/src/nsNSSComponent.cpp:2422 8 xul.dll NS_InvokeByIndex_P mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 9 xul.dll XPCWrappedNative::CallMethod mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:2369 while psm is doing something slightly nasty, i believe that it's using a public entry point. and afaict all the code I'm changing is wrong. I'm not sure about whitespace behavior, one place uses 3-tab;4-tab which seems wrong. i prefer no-tab and 4-4, but i'm trying to follow "conventions".
Attachment #314289 - Flags: review?(rrelyea)
Blocks: 427716
Explain how it is that this process is not initializing NSS until after it has run so long that it is already in an out-of-memory condition.
Nelson, Mozilla software will not access PSM unless it has a need to. And only when PSM gets accessed the first time it will init NSS.
According to my understanding, it seems reasonable to start by getting a lock, and only afterwards try to get the module list. But I don't know! I don't know this code well. Looking at http://lxr.mozilla.org/seamonkey/ident?i=SECMOD_GetDefaultModuleList it appears that usually the module list is obtained first, and only afterwards the lock is obtained and locked. I suspect that the lock is only required for modifying the contents of the lock?
The crash report comment quoted here and the reports i read show this probably *is* early in startup. I think we use the hashing bits as part of the update service and it seems likely it'd be nearly the first crypto bit to be hit. please note that i use systems where memory is often but not always scarce. It isn't legal to assume early allocs will succeed any more than it is to assume late ones will. is there a public contract for "HASH_Create" somewhere?
Ouch... The NSS contract is NO nss calls are made until NSS is initialized (period). We guarrentee you a crash if you do. To date, PSM has been the only user of NSS inside a mozilla app. If someone outside PSM is calling NSS directly, they, at the very least, need to do the minimal xpcom calls to access the crypto object (exported by PSM). Simply setting up that object will guarrentee NSS is initialized properly. That does not necessarily mean you are home free (PSM keeps track of the NSS objects it creates to make sure it closes them all down if mozilla wants to switch users, for instance, as well as keeps track that mozilla isn't in the middle of shutting down (to make sure no calls are made after NSS is shutdown). bob > I suspect that the lock is only required for modifying the contents of the > lock? No, the lock is required for both reading and writing. Looking at the code, it's clear it should be acquired before getting the list (as adding, and removal could in theory change the pointer). In practice the first module is the softoken, which is never removed (though it may change character), so such a bug is unlikely to show up. (Actually changes to the module list is extremely rarer anyway. Adding and deleting pkcs #11 modules in mozilla are the only way it happens in any real application that I know of.
right, I claim that the patch I'm providing here is correct based on your comments. And I'd like it to be taken. I think that PSM itself may be violating the NSS initialization constraint, but this bug is about flaws in the NSS code. I'll deal w/ any PSM errors in another bug. Kaie: i think comment 6 should be sufficient for you to r+ attachment 314290 [details] [diff] [review]
Bob's comment 6 should be interpreted as saying this: Crashing is the DEFINED BEHAVIOR of NSS when NSS functions are called before NSS is initialized. It is the caller's responsibility to ensure that NSS is initialized before calling other NSS functions (besides NSS initialization functions). So, by definition, this is NOT an NSS bug. TWO NSS module owners have now spoken on this subject.
Assignee: nobody → kaie
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Version: trunk → Trunk
Summary: [@ NSSRWLock_LockRead_Util] → nsCryptoHash must ensure NSS is initialized before using NSS HASH_ macros [@ NSSRWLock_LockRead_Util]
Nelson, where should we move this bug to to get the needed attention (and an acceptable patch)?
Flags: wanted1.9.0.x?
Flags: blocking1.9.0.1?
Samuel: I think I just moved it to the right place when I added comment 10.
Oh, sorry. I missed that in the Bug Activity. Thanks!
I think we've got the same topcrash on branch, would be nice to fix this there as well if the patch gets reviews and such.
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.15?
nsNSSModule.cpp has its own copied+modified XPCOM constructors. Those are designed to do the following: - if the interface requested means we create an instance of class nsNSSComponent, then proceed (because that class implements the code that is needed to init NSS) - if the above is not true, then we first jump through function EnsureNSSInitialized and if necessary create the nsNSSComponent singleton. The crashing code is in nsCryptoHash, which uses the correct macro that tries to achieve the latter. If this bug is because NSS was not initialized, it means either - the EnsureNSSInitialized code does not work (or regressed) or - you have shut NSS. You might have sent out a profile changed notification, but not yet switched to a new profile The existing PSM code assumes that you'll never use any of PSM services while you are in the middle of a profile switch.
We should trace the calls to NSS_InitReadWrite NSS_Shutdown HASH_Create If we see calls in the above order, then we've found the cause of the bug. We must find a way to ensure it never happens.
Summary: nsCryptoHash must ensure NSS is initialized before using NSS HASH_ macros [@ NSSRWLock_LockRead_Util] → nsCryptoHash apparently being called while NSS is in shutdown state [@ NSSRWLock_LockRead_Util]
Oops. We missed something when nsICryptoHash got implemented in bug 415799. => nsNSSShutDownObject nsCryptoHash and nsCryptoHMAC contain a handle to an NSS object that gets invalid at time of NSS shutdown. We should have made these classes derive from nsNSSShutDownObject, in order to track/invalidate the references when necessary.
timeless: it is really pity you didn't get the JS stack when it crashed. Do you know about a way to reproduce it? The theory with the update service seems to me right. I experienced some crashes while closing firefox and its autoupdate was in progress (there were active download).
Just for report: I created fake update file on my local server and I emulate the auto update being in progress in background. When I shutdown Minefield it does NOT crash - tried 10 times... The theory with update service will probably be wrong because: nsUpdateService.js!_verifyDownload that creates cryptohash instance is called only from OnStopRequest with status NS_OK. When shutdown with download in progress, the download request is canceled from "xpcom-shutdown" notification with NS_ERROR_ABORT status - so _verifyDownload is not called. Anyway, NSS is shutdown by nsNSSComponent in "profile-before-change" event that comes earlier then "xpcom-shutdown". If the download would succeed between these two events and OnStopRequest would be passed to JS somehow we theoretically may crash. But it is highly unlikely to happen.
this was a crash report based bug. i didn't experience it. i saw it in reports and picked a series of paths which aren't correct to patch. they're still not correct. fwiw, it's easy to tell if a crash isn't mine. I only run XP, so if the crash report i pick is vista (6.*) then it can't be mine :). that psm is broken is quite likely (mentioned in comment 0). do note that the crash report i picked has a very nice comment in the comments field. :)
Kai: is a patch based on comment 17 likely soon, and if so would it be small? I guess we won't 'block' the current release (since we're trying to wrap it up) but we'd really like to make this crash go away if we can.
Flags: blocking1.8.1.15? → blocking1.8.1.16?
(In reply to comment #21) > Kai: is a patch based on comment 17 likely soon, and if so would it be small? I > guess we won't 'block' the current release (since we're trying to wrap it up) > but we'd really like to make this crash go away if we can. We don't know if implementing what I mention in comment 17 will cure the crash. It might only help us to understand more.
Tested using firefox restart from add-ons dialog. This won't fix the crash.
Attachment #323866 - Flags: review?(kaie)
I see this popping up to #6 on the topcrash list using a one day sample for RC2.
If anyone can reproduce this, please, list the JS callstack using xpc3250!DumpJSStack(). This prints it to stdout. This should help us.
Comment on attachment 323866 [details] [diff] [review] derivation from nss shutdown object Honza, thanks for working on this patch. Could you please follow the style that other code implementing nsNSSShutdownObject is using? For example, please look at nsNSSCertCache. In the destructor, you should use the locker, check for isAlreadyShutDown. In virtualDestroyNSSReference all other code checks for isAlreadyShutDown, too. This prevents destroying objects that belong to a shutdown NSS session. I would recommend you rearrance the code so that you have the same functions called virtualDestroyNSSReference, destructorSafeDestroyNSSReference. As a result, you'll have your calls to destroy the objects only once.
Attachment #323866 - Flags: review?(kaie) → review-
Attachment #323866 - Attachment is obsolete: true
Attachment #325550 - Flags: review?(kaie)
Not blocking at this point, but topcrash+ (#1 topcrash on OSX) so let's see if we can get a safe patch in.
Flags: wanted1.9.0.x?
Flags: wanted1.9.0.x+
Flags: blocking1.9.0.1?
Flags: blocking1.9.0.1-
Keywords: topcrashtopcrash+
Got this crash on Windows once today: bp-e34de6cf-428e-11dd-862f-001cc45a2ce4
Kai, does this patch look good? This is currently the #4 topcrash and we'd love to see it fixed in 3.0.2 (and, really 2.0.0.x).
Would be really nice to get this into 1.9.0.2/1.8.1.17
Flags: blocking1.9.1?
Flags: blocking1.9.0.2?
Flags: blocking1.8.1.17?
Flags: blocking1.8.1.17+
Not going to block on this for 1.9.0.2 (and likely 1.8.1.17). The patches aren't reviewed or landed and this will likely need bake time.
Flags: blocking1.9.0.2? → blocking1.9.0.2-
Flags: blocking1.8.1.17+ → blocking1.8.1.17-
Note that Bug 450468 has a rather similar stack, but not identical. That appears to be in PRNG code, while this bug is in hash code.
update: we still don't know what causes the crash, the patches in this bug are not a cure for the crash.
Whiteboard: cause of crash still unknown
I know this bug was originally filed as a Windows Vista bug, but I'm getting [@ NSSRWLock_LockRead_Util] crashes on Windows XP. Namely XP SP 3. If it's alright, I can provide my crash reports (though I don't have any stack traces available =/ ). If I'm in the wrong place or you'd like a separate bug to be filed, do let me know.
Attachment #314289 - Flags: review?(rrelyea)
Comment on attachment 314289 [details] [diff] [review] don't assume allocs won't fail and lock before reading Clearing review request per comment 34.
Comment on attachment 325550 [details] [diff] [review] derivation from nss shutdown object, 2 Clearing review request per comment 34.
(In reply to comment #35) > I know this bug was originally filed as a Windows Vista bug, Vista vs. XP shouldn't make a difference for this crash. You're in the right place, we don't need a separate bug, and thanks for the offer of stack traces but we should have all we need. What we really need is a way to reproduce the crash at will so we can debug it.
We if it helps, for me it often happens when restarting after installing extensions.
(In reply to comment #39) > We if it helps, for me it often happens when restarting after installing > extensions. Are you 100% sure it is this crash? If so, are you able to attach a debugger to FF? Best, _before_ it crash? ... Actually, what would be very useful is a JS stack - the source of call. It could be one of these, but not limited to: http://mxr.mozilla.org/mozilla-central/source/toolkit/mozapps/update/src/nsUpdateService.js.in#2506 http://mxr.mozilla.org/mozilla-central/source/toolkit/mozapps/plugins/content/pluginInstallerService.js#165 http://mxr.mozilla.org/mozilla-central/source/toolkit/components/url-classifier/content/multi-querier.js#133 http://mxr.mozilla.org/mozilla-central/source/toolkit/components/url-classifier/content/multi-querier.js#142 Personally I most suspect the url classifier.
The crash tends to occur when I'm using the restart function after installing or updating an extension for me at least, but it can occur when Firefox is shutting down. I've opened 12 tabs at crash-stats although after 3 hours none of them have been processed yet. crash-stats really needs a server upgrade... Here's a list of all the crash reports relating to this bug which have occurred on my computer since 3.0.0: http://crash-stats.mozilla.com/report/index/4b43e099-9464-11dd-be25-001cc45a2ce4 http://crash-stats.mozilla.com/report/index/d5c55c40-8d6f-11dd-938e-001a4bd43e5c http://crash-stats.mozilla.com/report/index/3efa89a8-86c3-11dd-a6e7-0013211cbf8a http://crash-stats.mozilla.com/report/index/f60be78c-8591-11dd-8d30-001a4bd43ef6 http://crash-stats.mozilla.com/report/index/55330e85-8517-11dd-a2e0-0013211cbf8a http://crash-stats.mozilla.com/report/index/e6b61ed7-83c4-11dd-8168-001cc45a2ce4 http://crash-stats.mozilla.com/report/index/7d50ab2e-8230-11dd-8c0c-001cc45a2c28 http://crash-stats.mozilla.com/report/index/63b4604f-8165-11dd-b872-001cc45a2c28 http://crash-stats.mozilla.com/report/index/24b0b1c2-7bb4-11dd-883a-001a4bd43ef6 http://crash-stats.mozilla.com/report/index/03d38a78-80c1-11dd-ac75-001cc45a2c28 http://crash-stats.mozilla.com/report/index/7b3ae52e-7636-11dd-acbd-001cc45a2c28 http://crash-stats.mozilla.com/report/index/acfd6c0a-7305-11dd-8857-001a4bd43ef6 http://crash-stats.mozilla.com/report/index/112915bd-6b5e-11dd-9da5-0013211cbf8a http://crash-stats.mozilla.com/report/index/effe29c0-6add-11dd-a69d-001a4bd43ef6 http://crash-stats.mozilla.com/report/index/3f78b8e1-6a0b-11dd-99cc-001cc45a2c28 http://crash-stats.mozilla.com/report/index/c40fb91e-69d9-11dd-9cb9-001321b13766 http://crash-stats.mozilla.com/report/index/a4307f35-6932-11dd-9f79-001cc45a2ce4 http://crash-stats.mozilla.com/report/index/98ffc88a-6921-11dd-9c64-001cc45a2ce4 http://crash-stats.mozilla.com/report/index/23e60c82-691a-11dd-a7bc-001a4bd43e5c http://crash-stats.mozilla.com/report/index/f02a3f23-6867-11dd-a17d-001cc4e2bf68 http://crash-stats.mozilla.com/report/index/b38c2663-6848-11dd-8709-001a4bd43ef6 http://crash-stats.mozilla.com/report/index/3b39cdca-6108-11dd-83d7-001321b13766 http://crash-stats.mozilla.com/report/index/718bcbf5-60ab-11dd-957d-0013211cbf8a http://crash-stats.mozilla.com/report/index/92950acc-609c-11dd-8eac-001cc45a2c28 http://crash-stats.mozilla.com/report/index/99269882-5fcd-11dd-9b74-0013211cbf8a http://crash-stats.mozilla.com/report/index/ad2b8205-5fc6-11dd-b565-0013211cbf8a http://crash-stats.mozilla.com/report/index/c59ee811-5fb5-11dd-9f25-001cc4e2bf68 The first 12 haven't been processed yet so they may relate to other bugs although the problem seems to be coming from http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/util/nssrwlk.c&rev=1.8&mark=177#177
Thanks for this report. I'm interested in complete stack trace on the main thread at least to see if it were called from OnStopRequest of incremental download (to confirm culprit is the update service). Is there a way to see the complete stack from the crash reporter and not just first 10 frames? David, are you willing to attach debugger and try to reproduce the crash? We can join at IRC (mayhemer @ #developers) to discuss how.
Sure, I'll be waiting there.
OS: Windows Vista → Windows XP
Topcrash, blocking+... kaie, are you going to be able to look at this?
Flags: blocking1.9.1? → blocking1.9.1+
Seems to be more triggered in OS X current nightly (20081119) according to: http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&version=Firefox%3A3.1b2pre&signature=NSSRWLock_LockRead_Util People are stating that the crash occurs in current build when restarting with saved tabs and when Weave is enabled.
I can reproduce that in a debugger. It seems it is quit different problem because this happens during start of firefox and not during quit. Filed new bug 465974.
During fixing of bug 456705 I figured out that URL classifier uses always_async proxy to invoke its callback that uses crypto hash. When proxy is used right before shutdown the callback could potentially be invoked after nss has been shutdown. After that bug lands this bug could also be fixed. See bug 456705 comment 59. CC'ing Dave Camp as author of the URL classifier.
Depends on: 456705
Priority: -- → P2
We've just seen what appears to be an instance of this bug at http://bugzilla.gnome.org/show_bug.cgi?id=571228 but in Evolution, not Firefox. Evolution is using the NSS libraries however, and given the reporter was closing down Evolution at the time, it looks like a similar problem.
This may be going off topic, but ... Does Evolution use Mozilla's nsCryptoHash class?
Tom Parker, I guess the question in comment 49 was addressed to you, but I just made a source-level-search: evolution-2.24.4]$ grep -ril cryptohash . => nothing ... I propose, let's wait for Honza's fix in bug 456705 to land, then have another look at crash reports.
looks like it landed a while ago. whats next?
This bug will probably be fixed with bug 456705 that has been landed on trunk and 1.9.1. It should also land on 1.9.0 and 1.8.1.
ok, wanted 1.9.0.x and wanted 1.8.0.x flags should get it on the radar for those releases. I'll mark this fixed. change the bug again if this is not right.
Status: NEW → RESOLVED
Closed: 16 years ago
Flags: wanted1.8.0.x?
Resolution: --- → FIXED
Whiteboard: cause of crash still unknown
In the former case I suspect this: http://mxr.mozilla.org/mozilla1.9.1/source/toolkit/mozapps/update/src/nsUpdateService.js.in#2415 What hash algorithm is used for application updates signing? Is it SHA256?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Honza: how do you figure on 95% of crashes? This is the #2 topcrash by my queries. Is the assertion here that our first fix was so insufficient that this needs to block again? That's what's happened.
(In reply to comment #56) > In the former case I suspect this: > http://mxr.mozilla.org/mozilla1.9.1/source/toolkit/mozapps/update/src/nsUpdateService.js.in#2415 > > What hash algorithm is used for application updates signing? Is it SHA256? We switched from SHA1 to SHA512 for app. update hashes when 3.5b99 was released.
(In reply to comment #57) > Honza: how do you figure on 95% of crashes? This is the #2 topcrash by my > queries. 95% = my guess. For this signature I can see a lot of stacks with call to initWithString. Only few stack are with call to init. > > Is the assertion here that our first fix was so insufficient that this needs to > block again? That's what's happened. Seems so. I'll revisit the patch ones again or try to reproduce.
Status: REOPENED → ASSIGNED
(In reply to comment #58) > (In reply to comment #56) > > In the former case I suspect this: > > http://mxr.mozilla.org/mozilla1.9.1/source/toolkit/mozapps/update/src/nsUpdateService.js.in#2415 > > > > What hash algorithm is used for application updates signing? Is it SHA256? > > We switched from SHA1 to SHA512 for app. update hashes when 3.5b99 was > released. So does this mean that we can mitigate this crash by using a different SHA algorithm until we fix this bug? Most of the comments in the crash reports indicate that the crash happens on browser-close, which isn't as concerning to me.
I may know the cause: when PSM is shutting down in "profile-before-change", we call nsNSSComponent::ShutdownNSS that calls ::NSS_Shutdown(). But, the nsNSSComponent service may not be released immediately after we do that and as there are many other observers processing "profile-before-change" after we shutdown nss, event loop may be triggered and one of the stacks I provide may get called after we have already shut nss down. I'll provide a patch for this.
Honza: so does that mean that you also think this is happening on shutdown only?
(In reply to comment #60) > So does this mean that we can mitigate this crash by using a different SHA > algorithm until we fix this bug? Absolutely not :) I was just trying to find out if the code I suspect is the one that really crashes. You say you are using sha512, isn't it really a sha256? If not, comes to your mind anything that could be using sha256? One more interesting stack: http://crash-stats.mozilla.com/report/index/929cf9da-0e8b-4dfb-9421-6196e2090621 It confirms comment 61. (In reply to comment #62) > Honza: so does that mean that you also think this is happening on shutdown > only? I certainly do.
As per IRC discussion with bsmedberg, wanted1.9.1.x (we should take it for 3.5.1) but not blocking final release.
Whiteboard: [3.5.1?]
(ugh, fixing flags)
Flags: wanted1.9.1.x+
Flags: blocking1.9.1-
Flags: blocking1.9.1+
Keywords: fixed1.9.1
I don't understand why switching from SHA1 to SHA512 would matter, we call nsCryptoHash either way AFAICT. There have been changes to the updater, CC'ing Rob Strong and Mossop. It really is SHA512 btw, https://aus2.mozilla.org/update/1/Firefox/3.5b99/20090605162636/WINNT_x86-msvc/en-US/beta/update.xml?force=1
(In reply to comment #66) > I don't understand why switching from SHA1 to SHA512 would matter, we call > nsCryptoHash either way AFAICT. There have been changes to the updater, CC'ing > Rob Strong and Mossop. Per comment #63 it doesn't matter. I don't think there were any changes to the update service that would cause this and this bug has been around since at least 2008-04-08
Preliminary patch, I have to test it with use case from bug 456705 to check it still prevents the original crash.
Assignee: kaie → honzab.moz
Attachment #384744 - Attachment description: wip1 → v1 for trunk and 1.9.1
Attachment #384744 - Flags: review?(kaie)
Comment on attachment 384744 [details] [diff] [review] v1 for trunk [Checkin comment 73] Tested with test case from bug 456705 and with SeaMonkey.
Comment on attachment 384744 [details] [diff] [review] v1 for trunk [Checkin comment 73] r=kaie
Attachment #384744 - Flags: review?(kaie) → review+
Kai, thanks for your quick review! I think I can start landing this.
Attachment #384744 - Flags: approval1.9.1?
Attachment #384844 - Attachment description: v1 for 1.9.0 → v1 for 1.9.0 (identical, just merged)
Attachment #384844 - Flags: approval1.9.0.12?
Attachment #384744 - Attachment description: v1 for trunk and 1.9.1 → v1 for trunk and 1.9.1 [Checkin comment 73]
Status: ASSIGNED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → FIXED
Whiteboard: [3.5.1?] → [3.5.1?] [baking on m-c since June 24]
Attached patch v1 for 1.8.1 (obsolete) — Splinter Review
Attachment #384844 - Attachment is obsolete: true
Attachment #384844 - Flags: approval1.9.0.12?
I recently did some investigation into stacks showing crashes in NSS while NSS was not initialized. I found at least 5 distinct stacks. See bug 470500 comment 24.
Flags: blocking1.9.1.1+
Whiteboard: [3.5.1?] [baking on m-c since June 24] → [baking on m-c since June 24]
Blocks: 464186
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
The patch is not complete. I didn't realize that we bypass the new code checking the nss component being up because haveLoaded flag is still up. This patch doesn't prevent the crash.
Status: REOPENED → ASSIGNED
Whiteboard: [baking on m-c since June 24]
I'd like to get a user doc created for this, but I'm having trouble understanding the comments on this bug. What is the cause of this (in terms that the user would understand), and is there anything the user can do for now to prevent this crash?
I wonder if going off-line several seconds before shutting down the browser would help.
Attached patch v2 for trunk, 1.9.1 (obsolete) — Splinter Review
Marking haveLoaded = false when we shutdown nss from nsNSSComponent. This really should prevent to get any psm component while nss is not at the moment initialized. We should also apply the attachment 325550 [details] [diff] [review].
Attachment #384915 - Attachment is obsolete: true
Attachment #384916 - Attachment is obsolete: true
Attachment #387852 - Flags: review?(kaie)
Attached patch v2 for 1.8.1 (obsolete) — Splinter Review
Attachment #314289 - Attachment is obsolete: true
Attachment #325550 - Flags: review?(kaie)
Blocks: 503559
blocking1.9.1: --- → .2+
Flags: blocking1.9.1.1+ → blocking1.9.1.1-
Bug 505223 is almost certainly a duplicate of this bug. It contains a stack showing that nsCryptoHash::Init is being called while in NS_ShutdownXPCOM_P .
OS: Windows XP → All
Kai: any ETA on a fix here? This is blocking our next release which we're trying to square away earlier rather than later.
Whiteboard: [needs review kaie]
Attachment #325550 - Attachment is obsolete: true
Attachment #325550 - Flags: review?(kaie)
Comment on attachment 384744 [details] [diff] [review] v1 for trunk [Checkin comment 73] I'm assuming these two are obsolete...
Attachment #384744 - Attachment is obsolete: true
Attachment #384744 - Flags: approval1.9.1?
Comment on attachment 325550 [details] [diff] [review] derivation from nss shutdown object, 2 (In reply to comment #86) > (From update of attachment 384744 [details] [diff] [review]) > I'm assuming these two are obsolete... No, it is not, I point out in comment 81 we should also take it.
Attachment #325550 - Attachment is obsolete: false
Attachment #325550 - Flags: review?(kaie)
Uh... then we should really do a combined patch instead of separate ones...
Nominating this topcrash for 1.9.0.13 since it looks like these fixes will land on 1.9.1 before then.
Flags: blocking1.9.0.13?
Comment on attachment 325550 [details] [diff] [review] derivation from nss shutdown object, 2 This patch is good. It adds protection for the "NSS shutdown race" to the nsCryptoHash and nsCryptoHMAC objects, the same protection we already use for other PSM objects that store references to NSS objects. r=kaie
Attachment #325550 - Flags: review?(kaie) → review+
Comment on attachment 387852 [details] [diff] [review] v2 for trunk, 1.9.1 r=kaie
Attachment #387852 - Flags: review?(kaie) → review+
Attachment #384744 - Attachment is obsolete: false
Attachment #384844 - Attachment is obsolete: false
Attachment #384915 - Attachment is obsolete: false
Attachment #384916 - Attachment is obsolete: false
Comment on attachment 387852 [details] [diff] [review] v2 for trunk, 1.9.1 http://hg.mozilla.org/mozilla-central/rev/4679ac688c56
Attachment #387852 - Attachment description: v2 for trunk, 1.9.1 → v2 for trunk, 1.9.1 [Checkin m-c comment 92]
Attachment #384844 - Attachment is obsolete: true
Attachment #325550 - Attachment is obsolete: true
Attachment #387852 - Attachment description: v2 for trunk, 1.9.1 [Checkin m-c comment 92] → v2 for trunk, 1.9.1
Attachment #387852 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → FIXED
Whiteboard: [needs review kaie]
Attached patch v1+v2 merged for 1.9.1 (obsolete) — Splinter Review
attachment 384744 [details] [diff] [review] and attachment 391336 [details] [diff] [review] folded and merged to 1.9.1.
Attachment #391359 - Flags: approval1.9.1.2?
This is the correct one...
Attachment #391359 - Attachment is obsolete: true
Attachment #391368 - Flags: approval1.9.1.2?
Attachment #391359 - Flags: approval1.9.1.2?
Attachment #391368 - Flags: approval1.9.1.3?
Attachment #391368 - Flags: approval1.9.1.2?
Attachment #391368 - Flags: approval1.9.1.2-
Comment on attachment 391368 [details] [diff] [review] v1+v2 merged for 1.9.1 [Checkin comment 101] This *just* landed on mozilla-central. I don't think we can take it in 1.9.1.2.
Attachment #384916 - Attachment is obsolete: true
Attachment #391397 - Flags: approval1.9.0.13?
Attachment #384744 - Attachment description: v1 for trunk and 1.9.1 [Checkin comment 73] → v1 for trunk [Checkin comment 73]
blocking1.9.1: .2+ → .3+
Attachment #384915 - Attachment is obsolete: true
Attachment #387853 - Attachment is obsolete: true
Attachment #391554 - Flags: approval1.8.1.next?
status1.9.1: --- → wanted
Flags: blocking1.9.0.14? → blocking1.9.0.14+
Comment on attachment 391368 [details] [diff] [review] v1+v2 merged for 1.9.1 [Checkin comment 101] Approved for 1.9.1.3, a=dveditz for release-drivers
Attachment #391368 - Flags: approval1.9.1.3? → approval1.9.1.3+
Comment on attachment 391397 [details] [diff] [review] v1+v2 merged for 1.9.0 [Checkin comment 102] Approved for 1.9.0.14, a=dveditz for release-drivers
Attachment #391397 - Flags: approval1.9.0.14? → approval1.9.0.14+
Comment on attachment 391368 [details] [diff] [review] v1+v2 merged for 1.9.1 [Checkin comment 101] http://hg.mozilla.org/releases/mozilla-1.9.1/rev/11bdfa7b7c58
Attachment #391368 - Attachment description: v1+v2 merged for 1.9.1 → v1+v2 merged for 1.9.1 [Checkin comment 101]
Comment on attachment 391397 [details] [diff] [review] v1+v2 merged for 1.9.0 [Checkin comment 102] Checking in security/manager/ssl/src/nsNSSComponent.cpp; /cvsroot/mozilla/security/manager/ssl/src/nsNSSComponent.cpp,v <-- nsNSSComponent.cpp new revision: 1.170; previous revision: 1.169 done Checking in security/manager/ssl/src/nsNSSComponent.h; /cvsroot/mozilla/security/manager/ssl/src/nsNSSComponent.h,v <-- nsNSSComponent.h new revision: 1.55; previous revision: 1.54
Attachment #391397 - Attachment description: v1+v2 merged for 1.9.0 → v1+v2 merged for 1.9.0 [Checkin comment 102]
Keywords: fixed1.9.0.14
It was fixed for Gecko 1.9.1.3 per the flags above, meaning that Firefox 3.5.3 should no longer show the issue.
Crash Signature: [@ NSSRWLock_LockRead_Util]
Flag clean up.
Flags: wanted1.8.0.x?
Comment on attachment 391554 [details] [diff] [review] v1+v2 merged for 1.8.1 Flag clean up.
Attachment #391554 - Flags: approval1.8.1.next?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: