Closed
Bug 1334216
Opened 8 years ago
Closed 7 years ago
AddressSanitizer: SEGV ipc/glue/MessageChannel.cpp:2178:13 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink()
Categories
(Core :: IPC, defect, P3)
Tracking
()
RESOLVED
INCOMPLETE
Tracking | Status | |
---|---|---|
firefox-esr45 | --- | unaffected |
firefox51 | --- | unaffected |
firefox52 | - | fix-optional |
firefox53 | - | fix-optional |
firefox54 | - | wontfix |
People
(Reporter: bc, Unassigned)
References
()
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files)
1. http://1405track.online/?flux_fts=paetlfbdc0&flux_cost=0&pid=0034
Microsoft Support Scam.
2. shutdown
3. ASAN SEGV + numereous other crash signatures.
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=155.713) [GFX1-]: Receive IPC close with reason=AbnormalShutdown
[Child 14188] WARNING: pipe error (3): Connection reset by peer: file /home/worker/workspace/build/src/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 346
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=169.229) ASAN:DEADLYSIGNAL
=================================================================
[GFX1-]: Receive IPC close with reason=AbnormalShutdown
==14188==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f675f141f11 bp 0x7f675b9e5610 sp 0x7f675b9e55f0 T2)
ASAN:DEADLYSIGNAL
Bill or Wes, could you look at this?
s-s since I don't like asan segvs that have lots of other related crash signatures that are also scams.
Reporter | ||
Comment 1•8 years ago
|
||
Is this a recent regression, Bob?
Flags: needinfo?(bob)
Reporter | ||
Comment 3•8 years ago
|
||
Not sure how recent but it goes back in some variation of the stack to at least Aurora on 2017-01-04 which makes it Aurora/52. I clear the db at the beginning of the year, but this narrows it somewhat to after 2016-11-14.
Flags: needinfo?(bob)
Version: Trunk → 52 Branch
Updated•8 years ago
|
Group: core-security → dom-core-security
Updated•8 years ago
|
status-firefox51:
--- → unaffected
status-firefox52:
--- → affected
status-firefox53:
--- → affected
status-firefox-esr45:
--- → unaffected
tracking-firefox52:
--- → ?
tracking-firefox53:
--- → ?
tracking-firefox54:
--- → ?
I tried to reproduce this with an ASAN build I downloaded from Treeherder. (It was an ASAN opt build if that makes any difference.)
I followed the STR. The content process seems to hang during shutdown and so we kill it. That results in an ASAN report. I'm not getting symbols in my report, so I'm not sure if it's the exact same thing Bob is seeing. But it probably is.
I suggest we close this since it's expected behavior.
Comment 5•8 years ago
|
||
A hang is expected behavior? Sounds like there's a bug here even if it's not a sec issue.
Flags: needinfo?(wmccloskey)
Well, the reason we're "crashing" is that we're killing the hung process.
Flags: needinfo?(wmccloskey)
Comment 7•8 years ago
|
||
Do we get a shutdown-blocker note in the crashreport if we're not running ASAN?
Updated•8 years ago
|
Group: dom-core-security
Flags: needinfo?(wmccloskey)
Updated•8 years ago
|
Comment 9•8 years ago
|
||
Not tracking for 52/53. We can still take a patch to fix this at least in 53 in the next weeks.
Comment 10•8 years ago
|
||
The same bug is being reproduced in Firefox 51.0.1 on Linux everyday several times a day. But Firefox version 50 seems to have no such bug. Firefox 51.0.1 crashes on Linux (file is ipc/glue/MessageChannel.cpp).
Comment 11•8 years ago
|
||
Track 54- for now as no crashes in crash report server but still happy to have the fix in 54.
Comment 12•7 years ago
|
||
Mark 54 won't fix as 54 was released.
Updated•7 years ago
|
Priority: -- → P3
Reporter | ||
Comment 13•7 years ago
|
||
The url now returns a blank page. I'll just mark this incomplete unless someone has other ideas. I have other current scam urls that cause issues that I'll file as time permits.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•