[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22158 [Applications/Tor Browser]: Tor browser core dump on Arch Linux
#22158: Tor browser core dump on Arch Linux
--------------------------------------+-----------------------------------
Reporter: jb.1234abcd | Owner: tbb-team
Type: defect | Status: needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-crash | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by torsocksbug):
I have been getting similar crashes as long as I can remember. They are
seemingly random and it can be weeks without an occurrence (although they
happen as a result of some action, e.g. loading a new page). This time I
managed to capture and analyze the dump. This was the cause (version
7.5.4):
{{{
#0 0x00007f9eb592e91b in raise () at /usr/lib/libpthread.so.0
#1 0x00007f9eb1d6adaa in nsProfileLock::FatalSignalHandler(int, siginfo*,
void*) (signo=11, info=0x7f9ea30fd470, context=0x7f9ea30fd340) at
/var/tmp/build/firefox-deaa82b4f8ab/toolkit/profile/nsProfileLock.cpp:181
#2 0x00007f9eb283fef1 in WasmFaultHandler<(Signal)0>(int, siginfo_t*,
void*) (signum=<optimized out>, info=0x7f9ea30fd470,
context=0x7f9ea30fd340) at /var/tmp/build/firefox-
deaa82b4f8ab/js/src/wasm/WasmSignalHandlers.cpp:1239
#3 0x00007f9eb592ea80 in <signal handler called> () at
/usr/lib/libpthread.so.0
#4 0x00007f9eb5bf7bf6 in PK11_ExitContextMonitor
(cx=cx@entry=0x7f9e6e6b5160) at pk11cxt.c:50
#5 0x00007f9eb5bf8c46 in PK11_DigestFinal (context=0x7f9e6e6b5160,
data=0x7f9ea30fd948 <redacted>, outLen=0x7f9ea30fd93c, length=64) at
pk11cxt.c:1009
#6 0x00007f9eb1c49254 in nsCryptoHash::Finish(bool, nsACString_internal&)
(this=0x7f9e6e777940, ascii=<optimized out>, _retval=...) at
/var/tmp/build/firefox-
deaa82b4f8ab/security/manager/ssl/nsCryptoHash.cpp:204
#7 0x00007f9eb07fd4af in SHA256 (aResult=..., aPlainText=0x7f9e3cfa2d08
<redacted>) at /var/tmp/build/firefox-
deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:42
#8 0x00007f9eb07fd4af in
mozilla::net::nsHttpConnectionInfo::BuildHashKey()
(this=this@entry=0x7f9e8e8829d0) at /var/tmp/build/firefox-
deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:204
#9 0x00007f9eb07fd5f8 in
mozilla::net::nsHttpConnectionInfo::SetOriginServer(nsACString_internal
const&, int) (this=this@entry=0x7f9e8e8829d0, host=...,
port=port@entry=80) at /var/tmp/build/firefox-
deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:236
#10 0x00007f9eb081733f in
mozilla::net::nsHttpConnectionInfo::Init(nsACString_internal const&, int,
nsACString_internal const&, nsACString_internal const&,
mozilla::net::nsProxyInfo*, mozilla::NeckoOriginAttributes const&, bool)
(this=0x7f9e8e8829d0, host=..., port=80, npnToken=..., username=...,
proxyInfo=0x7f9e459d74c0, originAttributes=..., e2eSSL=false) at
/var/tmp/build/firefox-
deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:108
#11 0x00007f9eb081845e in mozilla::net::nsHttpConnectionInfo::Clone()
const (this=0x7f9e8d9ed690) at /var/tmp/build/firefox-
deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:245
#12 0x00007f9eb08189e1 in
mozilla::net::nsHttpConnectionMgr::GetOrCreateConnectionEntry(mozilla::net::nsHttpConnectionInfo*,
bool) (this=this@entry=0x7f9e9b23bc50, specificCI=<optimized out>,
prohibitWildCard=<optimized out>, prohibitWildCard@entry=false) at
/var/tmp/build/firefox-
deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionMgr.cpp:2951
#13 0x00007f9eb0818b2b in
mozilla::net::nsHttpConnectionMgr::OnMsgSpeculativeConnect(int,
mozilla::net::ARefBase*) (this=0x7f9e9b23bc50, param=0x7f9e76f58e80) at
/var/tmp/build/firefox-
deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionMgr.cpp:2992
#14 0x00007f9eb081d72f in
RefPtr<mozilla::net::nsHttpConnectionMgr>::Proxy<void, int,
mozilla::net::ARefBase*>::operator()<int&,
RefPtr<mozilla::net::ARefBase>&>(int&, RefPtr<mozilla::net::ARefBase>&)
(this=<optimized out>) at /var/tmp/build/firefox-deaa82b4f8ab/obj-x86_64
-pc-linux-gnu/dist/include/mozilla/RefPtr.h:338
#15 0x00007f9eb081d72f in mozilla::net::ConnEvent::Run() (this=<optimized
out>) at /var/tmp/build/firefox-
deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionMgr.cpp:209
#16 0x00007f9eb05973cd in nsThread::ProcessNextEvent(bool, bool*)
(this=0x7f9eb46798c0, aMayWait=<optimized out>, aResult=0x7f9ea30fdc6f) at
/var/tmp/build/firefox-deaa82b4f8ab/xpcom/threads/nsThread.cpp:1216
#17 0x00007f9eb05b201f in NS_ProcessNextEvent(nsIThread*, bool)
(aThread=<optimized out>, aMayWait=aMayWait@entry=true) at /var/tmp/build
/firefox-deaa82b4f8ab/xpcom/glue/nsThreadUtils.cpp:361
#18 0x00007f9eb06174c2 in mozilla::net::nsSocketTransportService::Run()
(this=0x7f9eb46698a0) at /var/tmp/build/firefox-
deaa82b4f8ab/netwerk/base/nsSocketTransportService2.cpp:939
#19 0x00007f9eb05973cd in nsThread::ProcessNextEvent(bool, bool*)
(this=0x7f9eb46798c0, aMayWait=<optimized out>, aResult=0x7f9ea30fdddf) at
/var/tmp/build/firefox-deaa82b4f8ab/xpcom/threads/nsThread.cpp:1216
#20 0x00007f9eb05b201f in NS_ProcessNextEvent(nsIThread*, bool)
(aThread=<optimized out>, aThread@entry=0x7f9eb46798c0,
aMayWait=aMayWait@entry=false) at /var/tmp/build/firefox-
deaa82b4f8ab/xpcom/glue/nsThreadUtils.cpp:361
#21 0x00007f9eb087dfb9 in
mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)
(this=0x7f9ea3942080, aDelegate=0x7f9eb46a6840) at /var/tmp/build/firefox-
deaa82b4f8ab/ipc/glue/MessagePump.cpp:338
#22 0x00007f9eb084eb5e in MessageLoop::RunHandler() (this=<optimized out>)
at /var/tmp/build/firefox-
deaa82b4f8ab/ipc/chromium/src/base/message_loop.cc:225
#23 0x00007f9eb084eb5e in MessageLoop::Run()
(this=this@entry=0x7f9eb46a6840) at /var/tmp/build/firefox-
deaa82b4f8ab/ipc/chromium/src/base/message_loop.cc:205
#24 0x00007f9eb059615b in nsThread::ThreadFunc(void*)
(aArg=0x7f9eb46798c0) at /var/tmp/build/firefox-
deaa82b4f8ab/xpcom/threads/nsThread.cpp:467
#25 0x00007f9eb5d16ecf in _pt_root (arg=0x7f9eb46a28e0) at /var/tmp/build
/firefox-deaa82b4f8ab/nsprpub/pr/src/pthreads/ptthread.c:216
#26 0x00007f9eb5924075 in start_thread () at /usr/lib/libpthread.so.0
#27 0x00007f9eb491153f in clone () at /usr/lib/libc.so.6
}}}
It was a segmentation fault at PK11_ExitContextMonitor due to an invalid
context pointing to freed memory (e5e5e5e5e5e5e5e5...)
Before that, the C_DigestFinal in PK11_DigestFinal successfully returned
CKR_OK, the buffer contained the correct result, and outLen was about to
be set to 32...
I will update this on the next crash to see if it occurs in the same
place.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22158#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs