[tbb-bugs] #22158 [Applications/Tor Browser]: Tor browser core dump on Arch Linux

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun May 27 16:23:43 UTC 2018 

#22158: Tor browser core dump on Arch Linux
--------------------------------------+-----------------------------------
 Reporter:  jb.1234abcd               |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-crash                 |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by torsocksbug):

 I have been getting similar crashes as long as I can remember. They are
 seemingly random and it can be weeks without an occurrence (although they
 happen as a result of some action, e.g. loading a new page). This time I
 managed to capture and analyze the dump. This was the cause (version
 7.5.4):
 {{{
 #0  0x00007f9eb592e91b in raise () at /usr/lib/libpthread.so.0
 #1  0x00007f9eb1d6adaa in nsProfileLock::FatalSignalHandler(int, siginfo*,
 void*) (signo=11, info=0x7f9ea30fd470, context=0x7f9ea30fd340) at
 /var/tmp/build/firefox-deaa82b4f8ab/toolkit/profile/nsProfileLock.cpp:181
 #2  0x00007f9eb283fef1 in WasmFaultHandler<(Signal)0>(int, siginfo_t*,
 void*) (signum=<optimized out>, info=0x7f9ea30fd470,
 context=0x7f9ea30fd340) at /var/tmp/build/firefox-
 deaa82b4f8ab/js/src/wasm/WasmSignalHandlers.cpp:1239
 #3  0x00007f9eb592ea80 in <signal handler called> () at
 /usr/lib/libpthread.so.0
 #4  0x00007f9eb5bf7bf6 in PK11_ExitContextMonitor
 (cx=cx at entry=0x7f9e6e6b5160) at pk11cxt.c:50
 #5  0x00007f9eb5bf8c46 in PK11_DigestFinal (context=0x7f9e6e6b5160,
 data=0x7f9ea30fd948 <redacted>, outLen=0x7f9ea30fd93c, length=64) at
 pk11cxt.c:1009
 #6  0x00007f9eb1c49254 in nsCryptoHash::Finish(bool, nsACString_internal&)
 (this=0x7f9e6e777940, ascii=<optimized out>, _retval=...) at
 /var/tmp/build/firefox-
 deaa82b4f8ab/security/manager/ssl/nsCryptoHash.cpp:204
 #7  0x00007f9eb07fd4af in SHA256 (aResult=..., aPlainText=0x7f9e3cfa2d08
 <redacted>) at /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:42
 #8  0x00007f9eb07fd4af in
 mozilla::net::nsHttpConnectionInfo::BuildHashKey()
 (this=this at entry=0x7f9e8e8829d0) at /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:204
 #9  0x00007f9eb07fd5f8 in
 mozilla::net::nsHttpConnectionInfo::SetOriginServer(nsACString_internal
 const&, int) (this=this at entry=0x7f9e8e8829d0, host=...,
 port=port at entry=80) at /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:236
 #10 0x00007f9eb081733f in
 mozilla::net::nsHttpConnectionInfo::Init(nsACString_internal const&, int,
 nsACString_internal const&, nsACString_internal const&,
 mozilla::net::nsProxyInfo*, mozilla::NeckoOriginAttributes const&, bool)
 (this=0x7f9e8e8829d0, host=..., port=80, npnToken=..., username=...,
 proxyInfo=0x7f9e459d74c0, originAttributes=..., e2eSSL=false) at
 /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:108
 #11 0x00007f9eb081845e in mozilla::net::nsHttpConnectionInfo::Clone()
 const (this=0x7f9e8d9ed690) at /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionInfo.cpp:245
 #12 0x00007f9eb08189e1 in
 mozilla::net::nsHttpConnectionMgr::GetOrCreateConnectionEntry(mozilla::net::nsHttpConnectionInfo*,
 bool) (this=this at entry=0x7f9e9b23bc50, specificCI=<optimized out>,
 prohibitWildCard=<optimized out>, prohibitWildCard at entry=false) at
 /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionMgr.cpp:2951
 #13 0x00007f9eb0818b2b in
 mozilla::net::nsHttpConnectionMgr::OnMsgSpeculativeConnect(int,
 mozilla::net::ARefBase*) (this=0x7f9e9b23bc50, param=0x7f9e76f58e80) at
 /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionMgr.cpp:2992
 #14 0x00007f9eb081d72f in
 RefPtr<mozilla::net::nsHttpConnectionMgr>::Proxy<void, int,
 mozilla::net::ARefBase*>::operator()<int&,
 RefPtr<mozilla::net::ARefBase>&>(int&, RefPtr<mozilla::net::ARefBase>&)
 (this=<optimized out>) at /var/tmp/build/firefox-deaa82b4f8ab/obj-x86_64
 -pc-linux-gnu/dist/include/mozilla/RefPtr.h:338
 #15 0x00007f9eb081d72f in mozilla::net::ConnEvent::Run() (this=<optimized
 out>) at /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/protocol/http/nsHttpConnectionMgr.cpp:209
 #16 0x00007f9eb05973cd in nsThread::ProcessNextEvent(bool, bool*)
 (this=0x7f9eb46798c0, aMayWait=<optimized out>, aResult=0x7f9ea30fdc6f) at
 /var/tmp/build/firefox-deaa82b4f8ab/xpcom/threads/nsThread.cpp:1216
 #17 0x00007f9eb05b201f in NS_ProcessNextEvent(nsIThread*, bool)
 (aThread=<optimized out>, aMayWait=aMayWait at entry=true) at /var/tmp/build
 /firefox-deaa82b4f8ab/xpcom/glue/nsThreadUtils.cpp:361
 #18 0x00007f9eb06174c2 in mozilla::net::nsSocketTransportService::Run()
 (this=0x7f9eb46698a0) at /var/tmp/build/firefox-
 deaa82b4f8ab/netwerk/base/nsSocketTransportService2.cpp:939
 #19 0x00007f9eb05973cd in nsThread::ProcessNextEvent(bool, bool*)
 (this=0x7f9eb46798c0, aMayWait=<optimized out>, aResult=0x7f9ea30fdddf) at
 /var/tmp/build/firefox-deaa82b4f8ab/xpcom/threads/nsThread.cpp:1216
 #20 0x00007f9eb05b201f in NS_ProcessNextEvent(nsIThread*, bool)
 (aThread=<optimized out>, aThread at entry=0x7f9eb46798c0,
 aMayWait=aMayWait at entry=false) at /var/tmp/build/firefox-
 deaa82b4f8ab/xpcom/glue/nsThreadUtils.cpp:361
 #21 0x00007f9eb087dfb9 in
 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)
 (this=0x7f9ea3942080, aDelegate=0x7f9eb46a6840) at /var/tmp/build/firefox-
 deaa82b4f8ab/ipc/glue/MessagePump.cpp:338
 #22 0x00007f9eb084eb5e in MessageLoop::RunHandler() (this=<optimized out>)
 at /var/tmp/build/firefox-
 deaa82b4f8ab/ipc/chromium/src/base/message_loop.cc:225
 #23 0x00007f9eb084eb5e in MessageLoop::Run()
 (this=this at entry=0x7f9eb46a6840) at /var/tmp/build/firefox-
 deaa82b4f8ab/ipc/chromium/src/base/message_loop.cc:205
 #24 0x00007f9eb059615b in nsThread::ThreadFunc(void*)
 (aArg=0x7f9eb46798c0) at /var/tmp/build/firefox-
 deaa82b4f8ab/xpcom/threads/nsThread.cpp:467
 #25 0x00007f9eb5d16ecf in _pt_root (arg=0x7f9eb46a28e0) at /var/tmp/build
 /firefox-deaa82b4f8ab/nsprpub/pr/src/pthreads/ptthread.c:216
 #26 0x00007f9eb5924075 in start_thread () at /usr/lib/libpthread.so.0
 #27 0x00007f9eb491153f in clone () at /usr/lib/libc.so.6
 }}}
 It was a segmentation fault at PK11_ExitContextMonitor due to an invalid
 context pointing to freed memory (e5e5e5e5e5e5e5e5...)
 Before that, the C_DigestFinal in PK11_DigestFinal successfully returned
 CKR_OK, the buffer contained the correct result, and outLen was about to
 be set to 32...

 I will update this on the next crash to see if it occurs in the same
 place.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22158#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list