Crash in [@ RtlLockHeap | HeapLock]
Categories
(Core :: XPCOM, defect, P3)
Tracking
()
People
(Reporter: toshi, Assigned: toshi)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr78+
|
Details | Review |
This bug is for crash report bp-11e364bd-88a0-4eb8-9e14-8a0b10200618.
Top 10 frames of crashing thread:
0 ntdll.dll RtlLockHeap
1 kernelbase.dll HeapLock
2 xul.dll SystemHeapReporter::CollectReports xpcom/base/nsMemoryReporterManager.cpp:1059
3 xul.dll mozilla::detail::RunnableFunction<`lambda at /builds/worker/checkouts/gecko/xpcom/base/nsMemoryReporterManager.cpp:1861:7'>::Run xpcom/threads/nsThreadUtils.h:557
4 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1200
5 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:481
6 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:87
7 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:308
8 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:290
9 xul.dll nsBaseAppShell::Run widget/nsBaseAppShell.cpp:137
|
Assignee | |
Comment 1•4 years ago
|
||
The crash reports indicate a heap structure could be freed while
iterating over all heaps. We need to make sure it's accessible
before passing it to HeapLock, otherwise the process crashes.
|
||
Updated•4 years ago
|
|
||
Comment 3•4 years ago
|
||
| bugherder | ||
|
||
Updated•4 years ago
|
|
|
||
Comment 4•4 years ago
|
||
Is this something we should consider uplifting to ESR78?
|
|
Assignee | |
Comment 5•4 years ago
|
||
The number was not big, but this was constantly happening and the fix is straightforward. I'll submit a request.
|
|
Assignee | |
Comment 6•4 years ago
|
||
Comment on attachment 9157802 [details]
Bug 1646867 - SystemHeapSize counts only the process default heap on Windows. r=froydnj
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: This crash was happening constantly (~10 per day) on all versions. This is caused by a third-party application that is loaded into our process and creates a custom heap.
- User impact if declined: The process randomly crashes when a user generates a memory report.
- Fix Landed on Version: 79.0a1
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The crash happens in a timing window between we get a handle of a heap and they destroy the heap. The fix is straightforward that we don't touch private heaps we don't manage.
- String or UUID changes made by this patch: None
|
|
||
Comment 7•4 years ago
|
||
Comment on attachment 9157802 [details]
Bug 1646867 - SystemHeapSize counts only the process default heap on Windows. r=froydnj
Approved for 78.1esr.
|
|
||
Comment 8•4 years ago
|
||
| bugherder uplift | ||
|
||
Comment 9•4 years ago
|
||
Hello :toshi,
Is there anything that QA can do here? If so, could you provide any STR for this?
Thanks!
|
|
Assignee | |
Comment 10•4 years ago
|
||
(In reply to Maria Berlinger [:mberlinger] from comment #9)
Hello :toshi,
Is there anything that QA can do here? If so, could you provide any STR for this?
Thanks!
No manual test is needed as we don't have a local repro and we don't know which third-party application caused this (which allocates a custom heap in our process and destroy it while generating a memory report).
Description
•