848075 - hang in malloc lock during exception handling on OS X

Status: RESOLVED FIXED

(Toolkit :: Crash Reporting, defect)

Description

[(not currently active) Ted Mielczarek]

Attachment: plugin-container hang sample

I was trying to reproduce bug 706751 by running test_content_annotation.js in a loop on my MBP. The test hung, so I sampled the plugin-container process (see attached).

Breakpad calls exc_server, which calls dlsym to find _catch_exception_raise (in libxul), which mallocs. Some other thread has the malloc lock so we're hung.

I *think* this is just a failure in our OOP exception-handling code. In the in-process case, we simply call exit() after writing out the minidump and exec()ing the crashreporter. In the OOP case, we don't actually exit after requesting that the parent process write a dump, so it's possible for us to fall down into this exc_server call and hit this condition.

Comment 1

[(not currently active) Ted Mielczarek]

Specifically WriteMinidumpWithException either writes a dump and calls the callback (in-process), or calls CrashGenerationClient's RequestDump method:
http://mxr.mozilla.org/mozilla-central/source/toolkit/crashreporter/google-breakpad/src/client/mac/handler/exception_handler.cc#523

In the in-process case we exit during our callback. In the OOP case we don't exit. I think this is actually just a bug in the Breakpad OOP code. We should be honoring _exit_after_write in the IsOutOfProcess block here:
http://mxr.mozilla.org/mozilla-central/source/toolkit/crashreporter/google-breakpad/src/client/mac/handler/exception_handler.cc#341

Comment 2

[(not currently active) Ted Mielczarek]

Landed a patch upstream that should fix this:
http://code.google.com/p/google-breakpad/source/detail?r=1127

Will update our Breakpad snapshot shortly.

Comment 3

[(not currently active) Ted Mielczarek]

Just pushed an updated Breakpad snapshot that includes this fix.