Closed
Bug 907096
Opened 12 years ago
Closed 6 years ago
crash in nsInterfaceRequestorAgg::GetInterface(nsID const&, void**) via mozilla::psm::TransportSecurityInfo::GetInterface
Categories
(Core :: Security: PSM, defect, P3)
Tracking
()
People
(Reporter: Usul, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [startupcrash][tbird crash][psm-backlog])
Crash Data
This bug was filed from the Socorro interface and is
report bp-911bb3d7-d4fe-454c-a278-067f52130819 .
=============================================================
0 xul.dll nsInterfaceRequestorAgg::GetInterface(nsID const &,void * *) xpcom/base/nsInterfaceRequestorAgg.cpp
1 xul.dll mozilla::psm::TransportSecurityInfo::GetInterface(nsID const &,void * *) security/manager/ssl/src/TransportSecurityInfo.cpp
2 xul.dll nsGetInterface::operator()(nsID const &,void * *) objdir-tb/mozilla/xpcom/build/nsIInterfaceRequestorUtils.cpp
3 xul.dll nsCOMPtr_base::assign_from_helper(nsCOMPtr_helper const &,nsID const &) objdir-tb/mozilla/xpcom/build/nsCOMPtr.cpp
4 xul.dll PK11PasswordPromptRunnable::RunOnTargetThread() security/manager/ssl/src/nsNSSCallbacks.cpp
5 xul.dll mozilla::psm::SyncRunnableBase::Run() security/manager/ssl/src/PSMRunnable.cpp
6 xul.dll nsThread::ProcessNextEvent(bool,bool *) xpcom/threads/nsThread.cpp
7 xul.dll NS_ProcessNextEvent(nsIThread *,bool) objdir-tb/mozilla/xpcom/build/nsThreadUtils.cpp
8 xul.dll nsXULWindow::ShowModal() xpfe/appshell/src/nsXULWindow.cpp
9 xul.dll nsContentTreeOwner::ShowAsModal() xpfe/appshell/src/nsContentTreeOwner.cpp
10 xul.dll nsWindowWatcher::OpenWindowInternal(nsIDOMWindow *,char const *,char const *,char const *,bool,bool,bool,nsIArray *,nsIDOMWindow * *) embedding/components/windowwatcher/src/nsWindowWatcher.cpp
11 xul.dll nsWindowWatcher::OpenWindow(nsIDOMWindow *,char const *,char const *,char const *,nsISupports *,nsIDOMWindow * *) embedding/components/windowwatcher/src/nsWindowWatcher.cpp
12 xul.dll NS_InvokeByIndex xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp
13 xul.dll XPCWrappedNative::CallMethod(XPCCallContext &,XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp
14 xul.dll XPC_WN_CallMethod(JSContext *,unsigned int,JS::Value *) js/xpconnect/src/XPCWrappedNativeJSOps.cpp
15 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
16 mozjs.dll Interpret js/src/vm/Interpreter.cpp
17 mozjs.dll js::RunScript(JSContext *,js::RunState &) js/src/vm/Interpreter.cpp
18 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
19 mozjs.dll js_fun_apply(JSContext *,unsigned int,JS::Value *) js/src/jsfun.cpp
20 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
21 mozjs.dll Interpret js/src/vm/Interpreter.cpp
22 mozjs.dll JSObject::addPropertyInternal(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>),int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int,JS::MutableHandle<JS::Value>),unsigned int,unsigned int,unsigned int,int,js::Shape * *,bool) js/src/vm/Shape.cpp
23 mozjs.dll JSObject::putProperty(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>),int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int,JS::MutableHandle<JS::Value>),unsigned int,unsigned int,unsigned int,int) js/src/vm/Shape.cpp
24 mozjs.dll mozjs.dll@0x1d7630
25 @0xffffff86
26 mozglue.dll arena_dalloc memory/mozjemalloc/jemalloc.c
27 xul.dll xul.dll@0x10d7bb4
28 @0x2a4294
29 xul.dll nsCharTraits<wchar_t>::move(wchar_t *,wchar_t const *,unsigned int) objdir-tb/mozilla/dist/include/nsCharTraits.h
30 xul.dll nsCharSinkTraits<wchar_t *>::write(wchar_t * &,wchar_t const *,unsigned int) objdir-tb/mozilla/dist/include/nsCharTraits.h
31 mozglue.dll arena_dalloc_small memory/mozjemalloc/jemalloc.c
32 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp
33 xul.dll PK11PasswordPromptRunnable::RunOnTargetThread() security/manager/ssl/src/nsNSSCallbacks.cpp
34 winmm.dll timeGetTime
35 xul.dll mozilla::psm::SyncRunnableBase::Run() security/manager/ssl/src/PSMRunnable.cpp
36 xul.dll nsThread::ProcessNextEvent(bool,bool *) xpcom/threads/nsThread.cpp
37 xul.dll NS_ProcessNextEvent(nsIThread *,bool) objdir-tb/mozilla/xpcom/build/nsThreadUtils.cpp
38 xul.dll nsXULWindow::ShowModal() xpfe/appshell/src/nsXULWindow.cpp
39 xul.dll nsContentTreeOwner::ShowAsModal() xpfe/appshell/src/nsContentTreeOwner.cpp
40 xul.dll nsWindowWatcher::OpenWindowInternal(nsIDOMWindow *,char const *,char const *,char const *,bool,bool,bool,nsIArray *,nsIDOMWindow * *) embedding/components/windowwatcher/src/nsWindowWatcher.cpp
41 xul.dll nsWindowWatcher::OpenWindow(nsIDOMWindow *,char const *,char const *,char const *,nsISupports *,nsIDOMWindow * *) embedding/components/windowwatcher/src/nsWindowWatcher.cpp
42 xul.dll NS_InvokeByIndex xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp
43 xul.dll XPCWrappedNative::CallMethod(XPCCallContext &,XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp
44 xul.dll XPC_WN_CallMethod(JSContext *,unsigned int,JS::Value *) js/xpconnect/src/XPCWrappedNativeJSOps.cpp
45 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
46 mozjs.dll Interpret js/src/vm/Interpreter.cpp
47 mozjs.dll js::RunScript(JSContext *,js::RunState &) js/src/vm/Interpreter.cpp
48 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
49 mozjs.dll js_fun_apply(JSContext *,unsigned int,JS::Value *) js/src/jsfun.cpp
50 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
51 mozjs.dll Interpret js/src/vm/Interpreter.cpp
52 mozjs.dll JSObject::addPropertyInternal(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>),int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int,JS::MutableHandle<JS::Value>),unsigned int,unsigned int,unsigned int,int,js::Shape * *,bool) js/src/vm/Shape.cpp
53 mozjs.dll JSObject::putProperty(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>),int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int,JS::MutableHandle<JS::Value>),unsigned int,unsigned int,unsigned int,int) js/src/vm/Shape.cpp
54 mozjs.dll DefinePropertyOrElement js/src/jsobj.cpp
55 @0x2a5c58
and
0 xul.dll nsInterfaceRequestorAgg::GetInterface(nsID const &,void * *) xpcom/base/nsInterfaceRequestorAgg.cpp
1 xul.dll mozilla::psm::TransportSecurityInfo::GetInterface(nsID const &,void * *) security/manager/ssl/src/TransportSecurityInfo.cpp
2 xul.dll nsGetInterface::operator()(nsID const &,void * *) objdir-tb/mozilla/xpcom/build/nsIInterfaceRequestorUtils.cpp
3 xul.dll nsCOMPtr_base::assign_from_helper(nsCOMPtr_helper const &,nsID const &) objdir-tb/mozilla/xpcom/build/nsCOMPtr.cpp
4 xul.dll PK11PasswordPromptRunnable::RunOnTargetThread() security/manager/ssl/src/nsNSSCallbacks.cpp
5 xul.dll mozilla::psm::SyncRunnableBase::Run() security/manager/ssl/src/PSMRunnable.cpp
6 xul.dll nsThread::ProcessNextEvent(bool,bool *) xpcom/threads/nsThread.cpp
7 xul.dll NS_ProcessNextEvent(nsIThread *,bool) objdir-tb/mozilla/xpcom/build/nsThreadUtils.cpp
8 xul.dll nsXULWindow::ShowModal() xpfe/appshell/src/nsXULWindow.cpp
9 xul.dll nsContentTreeOwner::ShowAsModal() xpfe/appshell/src/nsContentTreeOwner.cpp
10 xul.dll nsWindowWatcher::OpenWindowInternal(nsIDOMWindow *,char const *,char const *,char const *,bool,bool,bool,nsIArray *,nsIDOMWindow * *) embedding/components/windowwatcher/src/nsWindowWatcher.cpp
11 xul.dll nsWindowWatcher::OpenWindow(nsIDOMWindow *,char const *,char const *,char const *,nsISupports *,nsIDOMWindow * *) embedding/components/windowwatcher/src/nsWindowWatcher.cpp
12 xul.dll NS_InvokeByIndex xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp
13 xul.dll XPCWrappedNative::CallMethod(XPCCallContext &,XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp
14 xul.dll XPC_WN_CallMethod(JSContext *,unsigned int,JS::Value *) js/xpconnect/src/XPCWrappedNativeJSOps.cpp
15 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
16 mozjs.dll Interpret js/src/vm/Interpreter.cpp
17 mozjs.dll js::RunScript(JSContext *,js::RunState &) js/src/vm/Interpreter.cpp
18 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
19 mozjs.dll js_fun_apply(JSContext *,unsigned int,JS::Value *) js/src/jsfun.cpp
20 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp
21 mozjs.dll Interpret js/src/vm/Interpreter.cpp
22 mozjs.dll JSObject::addPropertyInternal(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>),int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int,JS::MutableHandle<JS::Value>),unsigned int,unsigned int,unsigned int,int,js::Shape * *,bool) js/src/vm/Shape.cpp
23 mozjs.dll JSObject::putProperty(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>),int (*)(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,int,JS::MutableHandle<JS::Value>),unsigned int,unsigned int,unsigned int,int) js/src/vm/Shape.cpp
24 mozjs.dll mozjs.dll@0x1d7630
25 @0xffffff86
26 mozglue.dll arena_dalloc memory/mozjemalloc/jemalloc.c
27 xul.dll xul.dll@0x10d7bb4
28 @0x1ace94
29 xul.dll nsCharTraits<wchar_t>::move(wchar_t *,wchar_t const *,unsigned int) objdir-tb/mozilla/dist/include/nsCharTraits.h
30 xul.dll nsCharSinkTraits<wchar_t *>::write(wchar_t * &,wchar_t const *,unsigned int) objdir-tb/mozilla/dist/include/nsCharTraits.h
31 mozglue.dll arena_dalloc_small memory/mozjemalloc/jemalloc.c
32 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp
33 xul.dll PK11PasswordPromptRunnable::RunOnTargetThread() security/manager/ssl/src/nsNSSCallbacks.cpp
34 winmm.dll timeGetTime
35 gkmedias.dll doProlog
From the same user.
|
||
Comment 1•12 years ago
|
||
I had this bug for a while after starting another Thunderbird version, for example when I quit Earlybird and then start Thunderbird beta. I think Thunderbird crashed before prompting for my master password and checking for add-ons compatibility/updates. When starting Thunderbird beta for the second and subsequent times, it would start normally (but not check for add-ons compatibility anymore).
Thunderbird would crash each first start after I switched channels, no matter to which channel I switched (beta, aurora, daily,...). All instances use the same profile.
Today I turned off FIPS and I could switch channels without a crash. After turning FIPS back on I still could switch channels. So FIPS was probably related (otherwise a lot more people would have had the crash) and disabling/re-enabling must have changed something...
|
||
Comment 2•12 years ago
|
||
Each time seems to be a PK11PasswordPromptRunnable that ends up showing a modal window that triggers another PK11PasswordPromptRunnable, which looks fun.
|
||
Comment 3•12 years ago
|
||
(not a scientific study) looks like less then half of thunderbird crashes with this signature have this stack
Summary: crash in nsInterfaceRequestorAgg::GetInterface(nsID const&, void**) → crash in nsInterfaceRequestorAgg::GetInterface(nsID const&, void**) via mozilla::psm::TransportSecurityInfo::GetInterface
Whiteboard: [tbird crash]
|
|
||
Comment 4•12 years ago
|
||
The crash is back again...
|
||
Comment 5•12 years ago
|
||
Also present on linux: https://crash-stats.mozilla.com/report/index/133e204c-cb97-46f0-b624-d39212130901
OS: Windows NT → All
Hardware: x86 → All
|
||
Comment 6•11 years ago
|
||
Another one with TB29 beta on Linux openSUSE 13.1.
bp-4dcde755-9a2b-4faf-acb0-06ec42140427
|
|
||
Comment 7•11 years ago
|
||
Today, immediately after restarting after having shut down Aurora, TB Daily crashed three times in a row. After switching to safe-mode and starting normal it worked again...
bp-428b975f-d4cb-4b89-afb0-02bdb2140430
bp-5b96c2c4-20c3-4557-bffd-301e82140430
bp-582068dc-4382-46f7-bdf5-843982140430
|
||
Comment 8•11 years ago
|
||
I have a Firefox Desktop user experiencing this (or a similar crash) https://support.mozilla.org/en-US/questions/1016319
|
|
||
Comment 9•11 years ago
|
||
TB is crashing more than Firefox.
57% of crashes are startup, between both Firefox and Thunderbird.
Estimate 80% of firefox crashes are startup
Whiteboard: [tbird crash] → [startupcrash][tbird crash]
|
||
Comment 10•11 years ago
|
||
I am suspecting this crash is a side effect of the fix for bug 902158.
Some of comments from crash reports:
crash at startup after upgrade from 31.2.0 to 31.3.0
MacOS X 10.7.5
Submitted: 2014-12-08T16:47:06+00:00
Downgrade to 31.1.0 is working
Submitted: 2014-12-03T21:16:12+00:00
|
|
||
Comment 11•11 years ago
|
||
(In reply to Hiroyuki Ikezoe (:hiro) from comment #10)
> I am suspecting this crash is a side effect of the fix for bug 902158.
>
> Some of comments from crash reports:
>
> crash at startup after upgrade from 31.2.0 to 31.3.0
> MacOS X 10.7.5
>
> Submitted: 2014-12-08T16:47:06+00:00
>
> Downgrade to 31.1.0 is working
If you are saying the fix for bug 902158 is causing this crash I think you are mistaken. I think we do not see this crash in 31.1.0 because what caused bug 902158 also caused the crashes for this bug to temporarily stop - i.e. bug 902158 caused us to crash earlier. Now that bug 902158 is fixed, the original problem causing this naturally starts happening again. (disclaimer, I beleive this based on the versions and timing of the reports of crashes, not by any understanding of the code - which I haven't examined)
|
||
Updated•10 years ago
|
Crash Signature: [@ nsInterfaceRequestorAgg::GetInterface(nsID const&, void**)] → [@ nsInterfaceRequestorAgg::GetInterface(nsID const&, void**)]
[@ nsInterfaceRequestorAgg::GetInterface]
|
|
||
Updated•9 years ago
|
Whiteboard: [startupcrash][tbird crash] → [startupcrash][tbird crash][psm-backlog]
|
|
||
Comment 12•9 years ago
|
||
Saw this signature while doing Uptime triage. This is #10 with 4 crashes on build 20160801030227. There are 916 crashes reported this year, almost all of them are startup crashes.
A lot of crashes are on poisoned address 0xffffffffe5e5e5e5 or 0xffffffffffffffff so this is use after free crash.
|
||
Comment 13•9 years ago
|
||
Crash volume for signature 'nsInterfaceRequestorAgg::GetInterface':
- nightly (version 51): 6 crashes from 2016-08-01.
- aurora (version 50): 22 crashes from 2016-08-01.
- beta (version 49): 25 crashes from 2016-08-02.
- release (version 48): 27 crashes from 2016-07-25.
- esr (version 45): 9 crashes from 2016-05-02.
Crash volume on the last weeks (Week N is from 08-22 to 08-28):
W. N-1 W. N-2 W. N-3
- nightly 1 0 5
- aurora 7 7 5
- beta 17 3 0
- release 4 6 7
- esr 0 2 2
Affected platforms: Windows, Linux
Crash rank on the last 7 days:
Browser Content Plugin
- nightly #876
- aurora #341
- beta #781
- release #1659
- esr
status-firefox48:
--- → affected
status-firefox49:
--- → affected
status-firefox50:
--- → affected
status-firefox51:
--- → affected
status-firefox-esr45:
--- → affected
|
|
||
Updated•8 years ago
|
Priority: -- → P3
|
|
||
Comment 14•6 years ago
|
||
This signature no longer exists for newer versions of Thunderbird and Firefox
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•