1477713 - Crash in long sandbox::TargetNtCreateFile

Status: RESOLVED WORKSFORME

(Core :: Security, defect)

Description

[Marcia Knous [:marcia]]

This bug was filed from the Socorro interface and is
report bp-42632dc7-3bf4-4e81-8094-9e1d10180712.
=============================================================

Seen while looking at nightly crash stats - crashes started using 20180711100118: https://bit.ly/2LI6BMf. Appears to affect 63 only - Win 10 and Win 7.

Not sure if this is really in the right component, but filing since it seems to be new in 63.

https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a675c5d7eb76887a3e4b24548d621c9cc05a1545&tochange=3aca103e49150145dbff910be15e7886b7c4495a is the changelog based on the Build ID.

Top 10 frames of crashing thread:

0  @0x20d1bf0b834 
1 plugin-container.exe long sandbox::TargetNtCreateFile security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc:34
2 plugin-container.exe TargetNtCreateFile64 security/sandbox/chromium/sandbox/win/src/interceptors_64.cc:81
3 kernelbase.dll CreateFileInternal 
4 kernelbase.dll CreateFileW 
5 npswf64_30_0_0_134.dll npswf64_30_0_0_134.dll@0x56fa72 
6 npswf64_30_0_0_134.dll npswf64_30_0_0_134.dll@0x32bee5 
7 npswf64_30_0_0_134.dll npswf64_30_0_0_134.dll@0x18a9bdf 
8 npswf64_30_0_0_134.dll npswf64_30_0_0_134.dll@0x570e0b 
9 npswf64_30_0_0_134.dll npswf64_30_0_0_134.dll@0x18a9bdf 

=============================================================

Comment 1

[David Durst [:ddurst]]

NI jimm in case this looks familiar, given the large pushlog and reported recent sandboxing change.

Comment 2

[Jim Mathies [:jimm]]

Doesn't look serious, may be 3rd party related. Bob any ideas?

Comment 3

[Bob Owen (:bobowen)]

(In reply to Jim Mathies [:jimm] from comment #2)
> Doesn't look serious, may be 3rd party related. Bob any ideas?

The dumps I looked at are fairly strange, possibly a double hooking of NtCreateFile, but not really sure. 
Some of the stacks seem to have system modules for which we don't have symbols and also all the ones I checked had Flash in them.

David - could the mid-July appearance of this on Nightly correlate with any recent Flash changes?

Comment 4

[David Parks [:handyman]]

I don't know of anything that could have caused this to spike in July but I think the history of crashes is longer than that.  This search is, I think, a more honest accounting:

https://crash-stats.mozilla.com/search/?signature=~TargetNtCreateFile&process_type=plugin&date=%3E%3D2018-02-22T08%3A08%3A47.000Z&date=%3C2018-08-22T09%3A08%3A47.000Z&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature

Thats a search on TargetNtCreateFile in plugin process for the last 6 months.  It looks like this crash (hang, probably) has been intermittent for quite a while -- I'm seeing 700+ crashes in that 6 months.  The top of the crash stacks look similar.  

I'm going to look at a couple more things but I'm already pretty much out of ideas on this one.  Double hooking the method is still a potential cause but I think this could be anything going on with the OS and the file system.

Comment 5

[Pascal Chevrel:pascalc]

No crash since we shipped 63, only ESR had a couple crashes over the last month.

Comment 6

[Marcia Knous [:marcia]]

No recent crashes, closing this one out as WFM.