Crash in mozalloc_abort | Abort | NS_DebugBreak | mozilla::Logger::~Logger

RESOLVED FIXED in Firefox 66

Status

()

defect
--
critical
RESOLVED FIXED
5 months ago
4 months ago

People

(Reporter: lizzard, Assigned: Alex_Gaynor)

Tracking

({crash})

64 Branch
mozilla67
Unspecified
Linux
Points:
---
Bug Flags:
qe-verify -

Firefox Tracking Flags

(firefox-esr60 wontfix, firefox64 wontfix, firefox65 wontfix, firefox66 fixed, firefox67 fixed)

Details

(crash signature)

Attachments

(1 attachment)

This bug was filed from the Socorro interface and is
report bp-f9388159-a1f4-408a-b231-ae7290181211.
=============================================================

There are a couple of crashes with this signature in nightly 66. 
Looking back a month or so there are also a few crashes in 65 and 64. 

Top 10 frames of crashing thread:

0 firefox-bin mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:33
1 libxul.so Abort xpcom/base/nsDebugImpl.cpp:438
2 libxul.so NS_DebugBreak xpcom/string/nsSubstring.cpp
3 libxul.so mozilla::Logger::~Logger ipc/chromium/src/base/logging.cc:48
4 libxul.so base::RandUint64 ipc/chromium/src/base/logging.h:58
5 libxul.so base::RandInt ipc/chromium/src/base/rand_util.cc:22
6 libxul.so IPC::Channel::GenerateUniqueRandomChannelID ipc/chromium/src/chrome/common/ipc_channel.cc:37
7 libxul.so IPC::Channel::GenerateVerifiedChannelID ipc/chromium/src/chrome/common/ipc_channel_posix.cc:968
8 libxul.so mozilla::ipc::CreateTransport ipc/glue/Transport_posix.cpp:26
9 libxul.so nsresult mozilla::ipc::CreateEndpoints<mozilla::ipc::PBackgroundParent, mozilla::ipc::PBackgroundChild> ipc/glue/ProtocolUtils.h:868

=============================================================
This looks more like a problem with the RandUint64 implementation for various platforms. It aborts if there's a problem getting random data. I'll move this to IPC since those functions are defined under ipc/chromium, but there might be a better component for this problem.
Component: DOM: Workers → IPC
Assignee: nobody → agaynor
Assignee

Comment 2

4 months ago

Note to self: solution here is to deleting the chromium random code and use our own random code.

Assignee

Comment 3

4 months ago

This includes deleting several unused functions. Our own code does a better job
of using the preferred platform APIs for random numbers.

Assignee

Updated

4 months ago
Keywords: checkin-needed

Comment 4

4 months ago

Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/99140ba06c13
remove chromium's random code from IPC in favor of our own; r=froydnj

Keywords: checkin-needed

Comment 5

4 months ago
bugherder
Status: NEW → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67

Would you like to request beta uplift? If no crashes show up in the next couple of days in nightly that seems promising.

Flags: needinfo?(agaynor)
Assignee

Comment 7

4 months ago

This should uplift cleanly and safely. If release management thinks this is uplift worthy I'm happy to! Will leave the ni? and put in the request on Monday unless I hear otherwise.

Assignee

Comment 8

4 months ago

Comment on attachment 9040188 [details]
Bug 1513687 - remove chromium's random code from IPC in favor of our own; r?froydnj

Beta/Release Uplift Approval Request

Feature/Bug causing the regression

None

User impact if declined

Content crashes in certain (unclear) situations.

Is this code covered by automated tests?

Yes

Has the fix been verified in Nightly?

Yes

Needs manual test from QE?

No

If yes, steps to reproduce

List of other uplifts needed

None

Risk to taking this patch

Low

Why is the change risky/not risky? (and alternatives if risky)

Replaces some Chromium code with our own code. This is in a core routine so it is regularly exercised.

String changes made/needed

Flags: needinfo?(agaynor)
Attachment #9040188 - Flags: approval-mozilla-beta?

Comment on attachment 9040188 [details]
Bug 1513687 - remove chromium's random code from IPC in favor of our own; r?froydnj

Crash fix, low risk, verified in nightly.
Let's uplift for beta 5.

[Triage Comment]

Attachment #9040188 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Flags: qe-verify-
You need to log in before you can comment on or make changes to this bug.