Closed Bug 1424126 Opened 7 years ago Closed 5 years ago

Crash: MEH: malicious process?

Categories

(Core :: Graphics: WebRender, defect, P3)

Product:
Core
Component:
Graphics: WebRender
Platform:
x86_64
All
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox-esr60 --- unaffected
firefox57 --- unaffected
firefox58 --- unaffected
firefox59 --- disabled
firefox60 --- disabled
firefox61 --- disabled
firefox62 --- disabled
firefox63 --- disabled
firefox64 --- affected

People

(Reporter: jan, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, nightly-community)

Crash Data

Seen on Socorro. bp-2c05a2aa-d84c-4a2d-aab3-9c75f0171204 Build 20171204100103 (2017-12-04) @ macOS > MEH: malicious process?: Custom("invalid value: integer `3857049061`, expected variant index 0 <= i < 19") > 0 libmozglue.dylib mozalloc_abort(char const*) memory/mozalloc/mozalloc_abort.cpp:33 > 1 libmozglue.dylib abort memory/mozalloc/mozalloc_abort.cpp:80 > 2 XUL std::panicking::rust_panic src/libpanic_abort/lib.rs:59 > 3 XUL std::panicking::rust_panic_with_hook src/libstd/panicking.rs:593 > 4 XUL std::panicking::begin_panic<alloc::string::String> src/libstd/panicking.rs:538 > 5 XUL std::panicking::begin_panic_fmt src/libstd/panicking.rs:522 > 6 XUL core::panicking::panic_fmt src/libstd/panicking.rs:498 > 7 XUL core::result::unwrap_failed<alloc::boxed::Box<bincode::internal::ErrorKind>> src/libcore/macros.rs:23 > 8 XUL webrender_api::display_list::{{impl}}::next src/libcore/result.rs:799 > 9 XUL webrender::frame::{{impl}}::flatten_root gfx/webrender/src/frame.rs:150 > 10 XUL webrender::frame::{{impl}}::flatten_item gfx/webrender/src/frame.rs:368 > 11 XUL webrender::frame::{{impl}}::flatten_item gfx/webrender/src/frame.rs:159 > 12 XUL webrender::frame::{{impl}}::flatten_root gfx/webrender/src/frame.rs:159 > 13 XUL webrender::render_backend::{{impl}}::build_scene gfx/webrender/src/frame.rs:1151 > 14 XUL webrender::render_backend::{{impl}}::process_document gfx/webrender/src/render_backend.rs:292 > 15 XUL webrender::render_backend::{{impl}}::run gfx/webrender/src/render_backend.rs:491 > 16 XUL std::sys_common::backtrace::__rust_begin_short_backtrace<closure, ()> gfx/webrender/src/renderer.rs:1975 > 17 XUL alloc::boxed::{{impl}}::call_box<(), closure> src/libstd/thread/mod.rs:400 > 18 XUL std::sys::imp::thread::{{impl}}::new::thread_start src/liballoc/boxed.rs:736 > 19 libsystem_pthread.dylib _pthread_body > 20 libsystem_pthread.dylib _pthread_start > 21 libsystem_pthread.dylib thread_start > 22 XUL XUL@0x444917f
Well, at least we're catching the corruption properly in the backend (;>.>) Hard to say what this could be without a test page.
Whiteboard: [wr-mvp] [triage]
There's only the one crash of this kind (there's two reports in crash-stats but they appear to be identical). However, the value `3857049061` is 0xE5E5E5E5 which is jemalloc fills in for freed memory. so this is really a use-after-free instance which is bad news. Hopefully it doesn't come back.
(In reply to Kartikaya Gupta (email:kats@mozilla.com) from comment #2) > Hopefully it doesn't come back. It came back. https://crash-stats.mozilla.com/search/?moz_crash_reason=~MEH%3A%20malicious%20process%3F&date=%3E%3D2018-01-20T19%3A38%3A43.000Z&date=%3C2018-04-20T20%3A38%3A43.000Z&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports The last one so far: bp-12909d01-6105-4d64-a5fd-877270180222 build 2018-02-21_102240 Win10 > MEH: malicious process?: Custom("invalid value: integer `128`, expected variant index 0 <= i < 20")
Crash Signature: [@ mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next ] → [@ mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next ] [@ core::result::unwrap_failed<T> | webrender_api::display_list::BuiltDisplayListIter::next ]
status-firefox60: --- → disabled
status-firefox61: --- → disabled
status-firefox-esr60: --- → unaffected
OS: Mac OS X → All
Summary: Crash in mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next → Crash: MEH: malicious process?
Whiteboard: [wr-mvp] [triage]
bp-4d8c8659-95cd-46b4-a6fc-ba60b0180522 build 2018-05-21_220045 MacOS
Crash Signature: [@ mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next ] [@ core::result::unwrap_failed<T> | webrender_api::display_list::BuiltDisplayListIter::next ] → [@ mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next ] [@ core::result::unwrap_failed<T> | webrender_api::display_list::BuiltDisplayListIter::next ] [@ mozalloc_abort | abort | core::result::unwrap_fai…
status-firefox62: --- → disabled
Rare enough not to block release.
Blocks: stage-wr-next
No longer blocks: stage-wr-trains
bp-b46bd5de-f54a-4362-bc59-977c70180917, Nvidia, GP106 [GeForce GTX 1060 6GB] > MEH: malicious process?: Custom("invalid value: integer `150994944`, expected variant index 0 <= i < 3")
Crash Signature: core::result::unwrap_failed::h28729ab984c8d4f9 ] → core::result::unwrap_failed::h28729ab984c8d4f9 ] [@ core::result::unwrap_failed<T> | webrender_api::display_list::BuiltDisplayListIter::next_raw ]
status-firefox63: --- → disabled
status-firefox64: --- → affected

One recent crash in the nightly 4-10 build. Should we just close this one out based on the low crash volume?

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.