Closed Bug 1532190 Opened 6 months ago Closed 3 months ago

Exception thrown in ntdll.dll when closing the sole tab of firefox.

Categories

(Toolkit :: Application Update, defect, P3)

Product:
Toolkit
Component:
Application Update
Version:
65 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla69
Tracking Flags:
Tracking Status
firefox69 --- fixed

People

(Reporter: jsearle3, Assigned: tcampbell)

References

Details

Attachments

(5 files)

Screenshot (32).png
218.08 KB, image/png
Details
mozconfig
363 bytes, text/plain
Details
OUTPUT.txt
58.34 KB, text/plain
Details
CALLSTACK.txt
3.96 KB, text/plain
Details
Bug 1532190 - Don't call CloseHandle on invalid handle during update service. r?rstrong
47 bytes, text/x-phabricator-request
Details | Review
Attached image Screenshot (32).png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763

Steps to reproduce:

Ina command window on Windows 10, I rin firefox thusly:
export MOZ_NO_REMOTE=1
export MOZ_FORCE_DISABLE_E10S=1
export XRE_NO_DLL_READAHEAD=1
./mach run --debug

Actual results:

After testing an html page on firefox, I close firefox by closing the only tab thereof, and I'm rather consistently experiencing an exception being thrown and Visual Studio 2017 suspending the execution of firefox.

Expected results:

Firefox should exit.

Attached file mozconfig
Attached file OUTPUT.txt
Attached file CALLSTACK.txt
Component: Untriaged → js-ctypes
Product: Firefox → Core

Joe, thank you for the bug report. Would you be interested in helping to team-debug this over a Google Hangout?

Ted, do you have a Windows build handy? Does this reproduce in Nightly?

Flags: needinfo?(tcampbell)
Flags: needinfo?(jsearle3)
Priority: -- → P2

This looks like a race in the Update Service when the browser forces a shutdown during slow shutdown. You are probably experiencing this to to running '--disable-optimize' which makes the browser quite slow.

The specific failure is that in [1] we call the 'CloseHandle' function in ntdll with a null handle, which generates the bad handle exception you see in the debugger. The crash is safe and seems to be a race during unoptimized builds which seems like a very low priority.

[1] https://searchfox.org/mozilla-central/rev/b59a99943de4dd314bae4e44ab43ce7687ccbbec/toolkit/mozapps/update/UpdateService.jsm#1943

Flags: needinfo?(tcampbell)
Component: js-ctypes → Application Update
Flags: needinfo?(jsearle3)
Priority: P2 → --
Product: Core → Toolkit
Status: UNCONFIRMED → RESOLVED
Closed: 4 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1533072

During forced shutdown, we may call 'closeHandle' without having a
proper mutex. This results in a crash in ntdll, so instead just do
nothing if the handle is missing.

Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: DUPLICATE → ---
Assignee: nobody → tcampbell

This is still happening. It seems I have the best chance of reproducing it when I let my version of nightly quiesce before going on to the next step to reproduce it. I tried setting a break point in js code but it seems the js debugger us wiped out before my break point had a chance to be hit. Currently my build is at:
changeset: 472619:5ca7ab463290
tag: tip
parent: 472530:d7235ef1becf
parent: 472618:eb5b01e0b309
user: JayJ <jsearle3@verizon.net>
date: Fri May 03 15:58:33 2019 -0700
summary: Merge Updates

changeset: 472618:eb5b01e0b309
user: Ted Campbell <tcampbell@mozilla.com>
date: Fri May 03 18:17:39 2019 +0000
summary: Bug 1548903 - Remove unused JS TypeInference methods. r=iain

(In reply to Jason Orendorff [:jorendorff] from comment #4)

Joe, thank you for the bug report. Would you be interested in helping to team-debug this over a Google Hangout?

Ted, do you have a Windows build handy? Does this reproduce in Nightly?

It still is happening. I can help whenever you want. I live in California so I'm currently on PDT.

Joe, we think we have a fix, but it is still waiting for a code review. Rob?

Flags: needinfo?(robert.strong.bugs)

Correction. This is approved and just needs to land.

Flags: needinfo?(robert.strong.bugs) → needinfo?(tcampbell)

(In reply to Jason Orendorff [:jorendorff] from comment #12)

Correction. This is approved and just needs to land.

OK. I'll look for it to get to mozilla-central.

Thanks, Joe

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:tcampbell, could you have a look please?
For more information, please visit auto_nag documentation.

Flags: needinfo?(tcampbell)

Pushed to lando.

Flags: needinfo?(tcampbell)
Pushed by tcampbell@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ca8e3e6b3a82
Don't call CloseHandle on invalid handle during update service. r=rstrong

https://hg.mozilla.org/mozilla-central/rev/ca8e3e6b3a82

Status: REOPENED → RESOLVED
Closed: 4 months ago3 months ago
status-firefox69: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
You need to log in before you can comment on or make changes to this bug.