Issue 73145 in chromium: Crash operating on JIRA and Confluence by Atlassian

20 views
Skip to first unread message

chro...@googlecode.com

unread,
Feb 16, 2011, 5:55:06 AM2/16/11
to chromi...@chromium.org
Status: Unconfirmed
Owner: ----
Labels: Type-Bug Pri-2 Area-Undefined

New issue 73145 by marchite...@gmail.com: Crash operating on JIRA and
Confluence by Atlassian
http://code.google.com/p/chromium/issues/detail?id=73145

Chrome Version : 9.0.597.98
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this

What steps will reproduce the problem?
1. When I try to edit a page or to see attach of a page in atlassian wiki
chrome crashes
2. When I try to visualize an issue on JIRA Chrome crashes.

What is the expected result?
I would to use JIRA and CONFLUENCE


chro...@googlecode.com

unread,
Feb 18, 2011, 6:59:05 PM2/18/11
to chromi...@chromium.org
Updates:
Labels: Crash FeedbackRequested

Comment #1 on issue 73145 by the...@chromium.org: Crash operating on JIRA

Can you get a crash report id?
http://dev.chromium.org/for-testers/bug-reporting-guidelines/reporting-crash-bug

chro...@googlecode.com

unread,
Mar 21, 2011, 11:11:19 AM3/21/11
to chromi...@chromium.org

Comment #4 on issue 73145 by derrick.simpson: Crash operating on JIRA and

When I try to view the initial Jira Page:
http://apps.ourdomain.com/jira/secure/Dashboard.jspa

Fresh launch of Chrome 11.0.696.14 , then immediatley browse to jira

Atlassian JIRA (v4.2#587)

chro...@googlecode.com

unread,
Mar 22, 2011, 9:06:01 AM3/22/11
to chromi...@chromium.org

Comment #5 on issue 73145 by derrick.simpson: Crash operating on JIRA and

The instruction at '0x6fa94770' referenced memory at 0x05288000. The memory
could not be "read".

Chrome 11.0.696.16 dev.

Target Page: http://host/atlassian-jira/secure/Dashboard.jspa

I tried using Charles (proxy) to see which resources may have been causing
the issue, but the crash NEVER happens when using the proxy.

chro...@googlecode.com

unread,
Mar 22, 2011, 9:10:02 AM3/22/11
to chromi...@chromium.org

Comment #6 on issue 73145 by derrick.simpson: Crash operating on JIRA and

Chrome Version: Chrome 11.0.696.16 dev

URLs (if applicable) : http://host/atlassian-jira/secure/Dashboard.jspa

Other browsers tested:
Opera 10, Firefox 4.0b13pre, Internet Explorer 8

What steps will reproduce the problem?

Simply F5 to refresh to the Jira dashbaord page.

chro...@googlecode.com

unread,
Dec 6, 2011, 5:18:04 PM12/6/11
to chromi...@chromium.org

Comment #7 on issue 73145 by the...@chromium.org: Crash operating on JIRA

Is this still happening? We need a crash report id, or a publicly
accessible site that can reproduce the crash.

chro...@googlecode.com

unread,
Feb 27, 2012, 7:14:12 AM2/27/12
to chromi...@chromium.org

Comment #10 on issue 73145 by nzs...@gmail.com: Crash operating on JIRA and

JIRA is still crashing for me, but is it not every time. Chrome = 17.0,
JIRA = 4.45. Seems to be on the JIRA pie charts. It will crash 1 in every
10/20 loads of a JIRA dashboard.

chro...@googlecode.com

unread,
Jun 4, 2012, 11:17:53 AM6/4/12
to chromi...@chromium.org

Comment #12 on issue 73145 by jvolk...@gmail.com: Crash operating on JIRA
Chrome is all but unusable with our Jira instance in our work environment.
It looks like, at least for us, it might be due to Kerberos authentication:

Chrome 19.0.1084.52; Ubuntu 12.04

Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/opt/google/chrome/chrome --debug
--auth-negotiate-delegate-whitelist=*.company.com'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f25463bb113 in ?? () from
/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
(gdb) bt
#0 0x00007f25463bb113 in ?? () from
/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
#1 0x00007f25463ae3c9 in gss_inquire_context () from
/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
#2 0x00007f254fd5cc7d in ?? ()
#3 0x00007f254fd5d54b in ?? ()
#4 0x00007f254fc8bfd8 in ?? ()
#5 0x00007f254fc8c07a in ?? ()
#6 0x00007f254fd5dbea in ?? ()
#7 0x00007f254fd599eb in ?? ()
#8 0x00007f254fc9b734 in ?? ()
#9 0x00007f254fc9dbc0 in ?? ()
#10 0x00007f254fc9dd99 in ?? ()
#11 0x00007f254fbc4159 in ?? ()
#12 0x00007f254fbc49f8 in ?? ()
#13 0x00007f254fbc4ff8 in ?? ()
#14 0x00007f254fba10ea in ?? ()
#15 0x00007f254fbc13cc in ?? ()
#16 0x00007f254fbe4fb9 in ?? ()
#17 0x00007f254fbe2782 in ?? ()
#18 0x00007f254b370e9a in start_thread () from
/lib/x86_64-linux-gnu/libpthread.so.0
#19 0x00007f2548dda4bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
#20 0x0000000000000000 in ?? ()


chro...@googlecode.com

unread,
Jun 5, 2012, 2:15:20 AM6/5/12
to chromi...@chromium.org

Comment #13 on issue 73145 by the...@chromium.org: Crash operating on JIRA
jvolkman: can you either:
a) just get a crash report id with Google Chrome (see comment 1)
or
b) install Chromium and debugging symbols and get a proper backtrace.
https://wiki.ubuntu.com/Chromium/Debugging

chro...@googlecode.com

unread,
Jun 5, 2012, 11:13:10 AM6/5/12
to chromi...@chromium.org

Comment #14 on issue 73145 by jvolk...@gmail.com: Crash operating on JIRA
I created a crash this morning clicking around Jira. Crash ID
a76ab1763f41e7df

chro...@googlecode.com

unread,
Jun 5, 2012, 3:26:23 PM6/5/12
to chromi...@chromium.org

Comment #18 on issue 73145 by asa...@chromium.org: Crash operating on JIRA
Looks like the crash in #15 is because we are passing a NULL context handle
to gss_inquire_context() after a call to gss_init_sec_context() failed.

The crash itself should be easy to fix. Then we can worry about why
gss_init_sec_context() failing.


chro...@googlecode.com

unread,
Jun 5, 2012, 5:14:23 PM6/5/12
to chromi...@chromium.org

Comment #19 on issue 73145 by bugdro...@chromium.org: Crash operating on
JIRA and Confluence by Atlassian
http://code.google.com/p/chromium/issues/detail?id=73145#c19

The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=140603

------------------------------------------------------------------------
r140603 | asa...@chromium.org | Tue Jun 05 13:47:26 PDT 2012

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_auth_gssapi_posix.cc?r1=140603&r2=140602&pathrev=140603

Don't pass GSS_C_NO_CONTEXT into gss_inquire_context()

If the call to gss_init_sec_context() failed, the returned context handle
could be NULL. Attempting to describe the context by calling
gss_inquire_context() using the NULL handle can cause a crash in the
Kerberos library.

BUG=73145
TEST=none


Review URL: https://chromiumcodereview.appspot.com/10535018
------------------------------------------------------------------------

chro...@googlecode.com

unread,
Jun 6, 2012, 11:42:42 AM6/6/12
to chromi...@chromium.org
Updates:
Status: Fixed
Owner: asa...@chromium.org

Comment #20 on issue 73145 by asa...@chromium.org: Crash operating on JIRA
The fix I'm referring to is for the crash in comments #12 and #15.

In particular, it is definitely not the crash mentioned in comment #5 (the
crash address is inconsistent).

The fix is not in any release yet, and needs verification once it is.


chro...@googlecode.com

unread,
Jun 6, 2012, 1:23:42 PM6/6/12
to chromi...@chromium.org

Comment #21 on issue 73145 by jvolk...@gmail.com: Crash operating on JIRA
Now that the crash is fixed, what will happen if gss_init_sec_context
fails? Will fallback authentication schemes be attempted (prompting me for
username/password, etc.)?

chro...@googlecode.com

unread,
Jun 6, 2012, 1:29:42 PM6/6/12
to chromi...@chromium.org

Comment #22 on issue 73145 by asa...@chromium.org: Crash operating on JIRA
jvolkman: Yes. Chrome should attempt to use other authentication schemes.

If Negotiate authentication should work with the JIRA server and it
doesn't, could you open a new issue for it? (http://new.crbug.com) We can
follow up on that issue there.


chro...@googlecode.com

unread,
Jun 6, 2012, 1:50:42 PM6/6/12
to chromi...@chromium.org

Comment #23 on issue 73145 by jvolk...@gmail.com: Crash operating on JIRA
It works sometimes, but not always. The times when krb auth fails are the
times when Chrome currently crashes, I guess. Sometimes that takes 3 clicks
and other times it takes 30 or more. I can open a separate ticket for JIRA
+ krb issues.

I should mention that I also experience crashing with Chrome + JIRA + OS X.
I've enabled crash reporting, but the crashes in OS X don't appear to be
caught by Chrome. The report generated by Apple's own crash reporter seems
to point to an infinite recursion in Chrome_IOThread which doesn't seem to
be the same Kerberos issue. Admittedly, I might just be reading the report
incorrectly.

I've attached the Apple report. If there's a better way to obtain a
backtrace (other than the standard crash reporting which doesn't appear to
be working), I'm willing to try.


Attachments:
chrome-jira-osx.txt 185 KB

chro...@googlecode.com

unread,
Jun 6, 2012, 4:55:38 PM6/6/12
to chromi...@chromium.org

Comment #25 on issue 73145 by jvolk...@gmail.com: Crash operating on JIRA
Here's the Apple report. Chrome 19.0.1084.54 still didn't catch the crash.

Attachments:
19.0.1084.54-jira-osx-crash.txt 93.5 KB

chro...@googlecode.com

unread,
Jun 7, 2012, 5:42:39 PM6/7/12
to chromi...@chromium.org

Comment #26 on issue 73145 by asa...@chromium.org: Crash operating on JIRA
Thank you for the crash report. That crash appears to have been triggered
by a heap corruption. I suspect that it could be related to the invalid
handle that was passed into the GSSAPI library.

The Chrome Canary builds for Mac
(https://tools.google.com/dlpage/chromesxs) should now have the fix for the
crash. It would be great if you could try it out and see.


chro...@googlecode.com

unread,
Jun 7, 2012, 9:36:40 PM6/7/12
to chromi...@chromium.org

Comment #27 on issue 73145 by jvolk...@gmail.com: Crash operating on JIRA
So far so good. I'm not sure how to reproduce the original problem exactly,
so I can't say with 100% certainty that it's fixed. However, the current
Chrome release crashed multiple times within 5 minutes of clicking around
JIRA, and the Canary build is still going strong.

One thing to mention is that I haven't seen any basic authentication
prompts with Canary. I was expecting these due to the apparent
gss_init_sec_context failures which caused the crash.

chro...@googlecode.com

unread,
Jun 7, 2012, 11:23:52 PM6/7/12
to chromi...@chromium.org

Comment #28 on issue 73145 by asa...@chromium.org: Crash operating on JIRA
Not crashing is great. You can find out what's going on with the
authentication by looking at a net internals dump.

- Open chrome://net-internals on a separate tab and access JIRA.

- Switch to the net-internals tab and click on "Events" on the left. You'll
see a list of network events.

- Type "401" into the "Filter" box. This will filter events that have "401"
in them, which would include URL_REQUEST events that have a 401 status code.

- The URL_REQUESTs that receive a 401 response will have multiple round
trips as Chrome authenticates to the server. The requests that Chrome sends
out will have an "Authorization" header that specifies a scheme and
authorization data. If the scheme is "Negotiate" (i.e. looks
like "Authorization: Negotiate <base64 encoded data>") then you are using
Negotiate authentication.


chro...@googlecode.com

unread,
Jun 8, 2012, 12:17:09 AM6/8/12
to chromi...@chromium.org

Comment #29 on issue 73145 by jvolk...@gmail.com: Crash operating on JIRA
It looks like all requests are using Negotiate, and I've not experienced
any crashes. Thanks!

chro...@googlecode.com

unread,
Jun 8, 2012, 11:17:55 AM6/8/12
to chromi...@chromium.org
Updates:
Status: Verified

Comment #30 on issue 73145 by asa...@chromium.org: Crash operating on JIRA
Thanks for the confirmation.

This (in theory) also affects M20. However, I can't find any crash reports
on Linux for M20 stable.

On Mac, the nature of the crash might be preventing the crash report from
being sent to us.


chro...@googlecode.com

unread,
Jun 8, 2012, 12:59:22 PM6/8/12
to chromi...@chromium.org

Comment #31 on issue 73145 by jvolk...@gmail.com: Crash operating on JIRA
Unfortunately it looks like I spoke too soon. Canary crashed this morning
while I was actually using JIRA (as opposed to just clicking around). I've
attached the Apple crash file; Chrome didn't catch it.

It definitely takes longer to crash now.

Attachments:
Google Chrome Canary_2012-06-08-095048_c82a1438fefc.crash 99 KB

chro...@googlecode.com

unread,
Jun 8, 2012, 3:11:22 PM6/8/12
to chromi...@chromium.org
Updates:
Cc: tha...@chromium.org

Comment #32 on issue 73145 by asa...@chromium.org: Crash operating on JIRA
thakis: Would you mind taking a quick peek at the crash in comment #31 ?

With my untrained rudimentary Mac debugging it looks like we are doing an
infinite recursion in CrMallocErrorBreak(). This is the same thing I
noticed in the crash in comment #25. Is that possible? Could
g_original_malloc_error_break point at CrMallocErrorBreak()? Or is it
something else entirely?

Granted, whatever is causing the potential heap corruption is probably
something else, but the stacks weren't every enlightening to me.

I verified that the crash mentioned in comments #12 and #15 is fixed and
that we aren't passing an invalid context handle to the GSSAPI library.


Reply all
Reply to author
Forward
0 new messages