Closed Bug 1748490 Opened 3 years ago Closed 3 years ago

Firefox 96 crashes with ESET antivirus (eplgfirefox.dll), various signatures e.g. in [@ RtlpReportHeapFailure | RtlpFreeHeapInternal | RtlFreeHeap | eplgfirefox.dll | mozilla::dom::ScriptLoader::EvaluateScript]

Categories

(External Software Affecting Firefox :: Other, defect)

All
Windows
defect

Tracking

(firefox-esr91 unaffected, firefox95 unaffected, firefox96+ fixed, firefox97+ fixed, firefox98 fixed)

RESOLVED FIXED
Tracking Status
firefox-esr91 --- unaffected
firefox95 --- unaffected
firefox96 + fixed
firefox97 + fixed
firefox98 --- fixed

People

(Reporter: aryx, Unassigned)

Details

(Keywords: crash)

Crash Data

There is an increase in crashes with ESET antvirus' eplgfirefox.dll version1.0.113.0 in the crashing thread of Firefox 96 betas and release candidate 1. It's surging today, but there have already been crashes in the days before.

crash signatures

This crash signature [@ RtlpReportHeapFailure | RtlpFreeHeapInternal | RtlFreeHeap | eplgfirefox.dll | mozilla::dom::ScriptLoader::EvaluateScript] only affects 32-bit Firefox builds, but most are with 64-bit.

Natalie, could you reach out to ESET like in bug 1720463 comment 4? Thank you in advance.

Crash report: https://crash-stats.mozilla.org/report/index/19770f04-6164-49b7-a5e2-6bd770220104

Reason: STATUS_HEAP_CORRUPTION

Top 10 frames of crashing thread:

0 ntdll.dll RtlReportFatalFailure 
1 ntdll.dll RtlReportCriticalFailure 
2 ntdll.dll RtlpReportHeapFailure 
3 None @0x068b7d17 
4 ntdll.dll RtlpLogHeapFailure 
5 ntdll.dll RtlpFreeHeapInternal 
6 ntdll.dll RtlFreeHeap 
7 eplgfirefox.dll eplgfirefox.dll@0x0000b110 
8 eplgfirefox.dll eplgfirefox.dll@0x00007f0e 
9 eplgfirefox.dll eplgfirefox.dll@0x000043c3 
Flags: needinfo?(nraketic)

[Tracking Requested - why for this release]:

Natalie reached out to ESET.

Rares, could SoftVision try to reproduce these crashes with Firefox 96.0rc and ESET antivirus?

Flags: needinfo?(nraketic) → needinfo?(rares.bologa)

I have attempted reproducing this issue with ESET Smart Security Premium (Product version: 15.0.21.0) on 2 different physical systems, on Windows 10 with 64-bit and 32-bit system architecture, also on a 64bit-Win10+32bit-Firefox browser. It was tested on the supposedly affected version of RC1 v96.0 (build ID: 20220103221059).
I've opened a new profile and opened several high demanding websited (youtube, facebook, reddit, pinkbike and other random ones)

No crash could not be reproduced with the available information.

(In reply to Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout) from comment #0)

There is an increase in crashes with ESET antvirus' eplgfirefox.dll version1.0.113.0 in the crashing thread of Firefox 96 betas and release candidate It's surging today, but there have already been crashes in the days before.

  1. What is the version mentioned above(1.0.113.0)?
  2. What exact application is installed on these systems?

This crash signature [@ RtlpReportHeapFailure | RtlpFreeHeapInternal | RtlFreeHeap | eplgfirefox.dll | mozilla::dom::ScriptLoader::EvaluateScript] only affects 32-bit Firefox builds, but most are with 64-bit.

  1. What do you mean by "only affects 32-bit Firefox builds, but most are with 64-bit"?

  2. What kind of content do you think I should attempt to load in order to reproduce this crash?

  3. Is there any other information that might help me reproduce it?

Thank you!

Flags: needinfo?(rares.bologa) → needinfo?(aryx.bugmail)

(In reply to Bodea Daniel [:danibodea] from comment #3)

  1. What is the version mentioned above(1.0.113.0)?

It's the version of the eplgFirefox.dll file listed in the Modules tab of the crash reports.

  1. What exact application is installed on these systems?

The Telemetry Environment tab mentions ESET Security as active antivirus. I downloaded the installers for ESET Smart Security and ESET Internet Security but both are wrappers for the updater, not the program itself (I didn't want to install third-party software).

This crash signature [@ RtlpReportHeapFailure | RtlpFreeHeapInternal | RtlFreeHeap | eplgfirefox.dll | mozilla::dom::ScriptLoader::EvaluateScript] only affects 32-bit Firefox builds, but most are with 64-bit.

  1. What do you mean by "only affects 32-bit Firefox builds, but most are with 64-bit"?

The crashes with that signature are all with 32-bit builds of Firefox. But there are many more slightly different crash signatures which also affect 64-bit builds.

  1. What kind of content do you think I should attempt to load in order to reproduce this crash?

There is no correlation with a website, the vast share doesn't submit one for these crashes. DevEdition users seem to be overrepresented (40% of crashes, beta 47%, nightly 3%) - having the developers tools and watching the network monitor tab, resending requests there, websockets or service worker demo pages are worth a try.

  1. Is there any other information that might help me reproduce it?

Unfortunately not.

Flags: needinfo?(aryx.bugmail)

Added all the top signatures.

Crash Signature: [@ RtlpReportHeapFailure | RtlpFreeHeapInternal | RtlFreeHeap | eplgfirefox.dll | mozilla::dom::ScriptLoader::EvaluateScript] [@ RtlpFreeHeapInternal | RtlFreeHeap | NS_FaultTolerantHeap::APIHook_RtlFreeHeap] [@ RtlpFreeHeapInternal | RtlFreeHeap | eplg… → [@ RtlFreeHeap | eplgfirefox.dll | mozilla::dom::ScriptLoader::EvaluateScript] [@ RtlFreeHeap | HeapFree | eplgfirefox.dll | mozilla::dom::ScriptLoader::EvaluateScript] [@ RtlpFreeHeapInternal | RtlFreeHeap | eplgfirefox.dll] [@ RtlpFreeHeapInternal | …

A new “Script scanner module” version 1110 is planned for release today in pre-release setup.

We could also try to launch Firefox, open a website which will continue to make data requests - e.g. https://treeherder.mozilla.org/ - and let it idle for e.g. 2 hours.

Crash volume per day for crashes with epldfirefox.dll in the top 15 frames of the crashing thread:

2022-01-02   2
2022-01-03  14
2022-01-04 102
2022-01-05 107
2022-01-06  75
2022-01-07  82
2022-01-08  40
2022-01-09  61
2022-01-10 111
2022-01-11  89
2022-01-12 128
2022-01-13 201
2022-01-14  93 (today - still getting submissions)

The increase in daily crash volume can be explained with the release of Firefox 96.0, the affected version. Daily crash volume on Beta might be trending down, will check again next week.

Crash volume has dropped more than 95% since ESET released a new version. The remaining clients submitting crash reports will likely eventually update.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.