1469327 - Crash in NtSignalAndWaitForSingleObject | SignalObjectAndWait

Status: RESOLVED WORKSFORME

(Core Graveyard :: Plug-ins, defect, P3)

Description

[Marcia Knous [:marcia]]

This bug was filed from the Socorro interface and is
report bp-f6f6dba4-ce4b-4a20-9b73-eba550180615.
=============================================================

Seen while looking at crash stats: https://bit.ly/2JWHaFO. 7 day count 39 crashes/48 installations. Earliest crash seems to go back to Build 20180513100055. Occurs on other branches but counts are negligible. 

Correlations: 89.66% in signature vs 29.85% overall) jit_category = null [53.85% vs 243.36% if process_type = null]

Top 10 frames of crashing thread:

0 ntdll.dll NtSignalAndWaitForSingleObject 
1 kernelbase.dll SignalObjectAndWait 
2 plugin-container.exe sandbox::SharedMemIPCClient::DoCall security/sandbox/chromium/sandbox/win/src/sharedmem_ipc_client.cc:71
3 plugin-container.exe sandbox::CrossCall<sandbox::SharedMemIPCClient, wchar_t*, unsigned int, unsigned int, unsigned long, unsigned long, unsigned long, unsigned int> security/sandbox/chromium/sandbox/win/src/crosscall_client.h:510
4 plugin-container.exe TargetNtCreateFile security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc:82
5 plugin-container.exe TargetNtCreateFile64 security/sandbox/chromium/sandbox/win/src/interceptors_64.cc:81
6 kernelbase.dll CreateFileInternal 
7 kernelbase.dll CreateFileW 
8 npswf64_27_0_0_187.dll F20324603_______________________________________________________________ F1630956306______________________________________________________:2140
9 npswf64_27_0_0_187.dll F1876746178_____________________________________________ 

=============================================================

Comment 1

[Marcia Knous [:marcia]]

During the time we had problems with Windows symbols, this signature was [@ ntdll.dll@0x9d464]. https://bit.ly/2MGUljO captures the recent crashes.

Comment 2

[Pascal Chevrel:pascalc]

We have more crashes on Nightly than release and beta, ryan FYI

Comment 3

[Ryan VanderMeulen [:RyanVM]]

Crash stacks show sandboxing code - any chance you can take a look, Jed?

Comment 4

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

This is in the Windows sandboxing internals, so redirecting to Bob Owen.

Comment 5

[Bob Owen (:bobowen)]

(In reply to Ryan VanderMeulen [:RyanVM] from comment #3)
> Crash stacks show sandboxing code - any chance you can take a look, Jed?

Looks like flash is trying to access the file system and the plugin process is waiting on the parent process to broker the request.
Seems an odd place for it to crash, which is on the NtSignalAndWaitForSingleObject system call.
Nothing seems to be wrong to cause the crash, could something else be killing the process due to a hang?

Comment 6

[Gabriele Svelto [:gsvelto]]

Note that the crash reason is always EXCEPTION_BREAKPOINT which is rather odd too.

Comment 7

[Liz Henry (:lizzard) (relman/hg->git project)]

Very low volume crash in all channels so I'm marking this fix-optional to remove it from recurring triage.

Comment 8

[Patricia Lawless]

Bulk change to wontfix for 68 (P3+ carryover with needinfo).

Comment 9

[Marcia Knous [:marcia]]

This is still around, but the volume is small enough I think we can close it out as WFM.