Last Comment Bug 767338 - crash in mozilla::HangMonitor::GetChromeHangReport @ GetPdbInfo
: crash in mozilla::HangMonitor::GetChromeHangReport @ GetPdbInfo
Status: RESOLVED FIXED
: crash, regression, topcrash
Product: Core
Classification: Components
Component: Gecko Profiler (show other bugs)
: 16 Branch
: All Windows 7
: -- critical (vote)
: mozilla16
Assigned To: :Ehsan Akhgari
:
:
Mentors:
Depends on:
Blocks: 764216
  Show dependency treegraph
 
Reported: 2012-06-22 05:58 PDT by Scoobidiver (away)
Modified: 2012-07-07 12:02 PDT (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch (v1) (1.64 KB, patch)
2012-07-01 11:48 PDT, :Ehsan Akhgari
vladan.bugzilla: review+
Details | Diff | Splinter Review
Patch (v2) (2.35 KB, patch)
2012-07-06 10:48 PDT, :Ehsan Akhgari
vladan.bugzilla: review+
Details | Diff | Splinter Review

Description Scoobidiver (away) 2012-06-22 05:58:31 PDT
It first appeared in 16.0a1/20120619. The regression range might be:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=b1a0fb2bdbf7&tochange=373e6f9264e6

Signature 	GetPdbInfo More Reports Search
UUID	6a234859-4226-4f5b-9703-372352120622
Date Processed	2012-06-22 09:43:22
Uptime	13087
Last Crash	5.1 weeks before submission
Install Age	3.6 hours since version was first installed.
Install Time	2012-06-22 06:04:47
Product	Firefox
Version	16.0a1
Build ID	20120621030536
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7600
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 23 stepping 10
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x51ae0000
App Notes 	
Cisco VPN
AdapterVendorID: 0x1002, AdapterDeviceID: 0x9591, AdapterSubsysID: 211617aa, AdapterDriverVersion: 8.752.4.0
Has dual GPUs. GPU #2: AdapterVendorID2: 0x8086, AdapterDeviceID2: 0x2a42, AdapterSubsysID2: 211517aa, AdapterDriverVersion2: 8.752.4.0D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 
EMCheckCompatibility	True
Adapter Vendor ID	0x1002
Adapter Device ID	0x9591
Total Virtual Memory	2147352576
Available Virtual Memory	1433157632
System Memory Use Percentage	61
Available Page File	1629605888
Available Physical Memory	777400320

Frame 	Module 	Signature 	Source
0 	xul.dll 	GetPdbInfo 	tools/profiler/shared-libraries-win32.cc:30
1 	xul.dll 	SharedLibraryInfo::GetInfoForSelf 	tools/profiler/shared-libraries-win32.cc:91
2 	xul.dll 	mozilla::HangMonitor::GetChromeHangReport 	xpcom/threads/HangMonitor.cpp:137
3 	xul.dll 	mozilla::HangMonitor::ThreadMain 	xpcom/threads/HangMonitor.cpp:218
4 	nspr4.dll 	_PR_NativeRunThread 	nsprpub/pr/src/threads/combined/pruthr.c:395
5 	nspr4.dll 	pr_root 	nsprpub/pr/src/md/windows/w95thred.c:90
6 	msvcr100.dll 	_callthreadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:314
7 	msvcr100.dll 	_threadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:292
8 	kernel32.dll 	BaseThreadInitThunk 	
9 	ntdll.dll 	__RtlUserThreadStart 	
10 	ntdll.dll 	_RtlUserThreadStart

More reports at:
https://crash-stats.mozilla.com/report/list?signature=GetPdbInfo
Comment 1 Scoobidiver (away) 2012-06-30 23:27:10 PDT
It's #12 top crasher in 16.0a1.
It's likely a regression from bug 764216.
Comment 2 :Ehsan Akhgari 2012-07-01 11:48:12 PDT
Created attachment 638207 [details] [diff] [review]
Patch (v1)

One risky part of this code is the possibility of the module being unloaded as we're reading stuff from its header.  This patch should prevent against this.
Comment 3 Vladan Djeric (:vladan) 2012-07-02 07:33:13 PDT
Comment on attachment 638207 [details] [diff] [review]
Patch (v1)

Thank you for fixing this
Comment 4 :Ehsan Akhgari 2012-07-02 11:46:10 PDT
If you have access to a Windows machine, can you please test to make sure that this doesn't break the hand monitor?  I'd do it myself, but I don't quite know how I should test this.  (Or you can wait and tell me tomorrow at the office.)
Comment 5 :Ehsan Akhgari 2012-07-06 10:48:59 PDT
Created attachment 639723 [details] [diff] [review]
Patch (v2)

Turns out that DuplicateHandle doesn't work on HMODULE's.  This version uses LoadLibrary to increment the refcount, and VirtualQuery to make sure that the base address is in the virtual address space before attempting to access it.
Comment 6 Vladan Djeric (:vladan) 2012-07-06 11:48:18 PDT
Comment on attachment 639723 [details] [diff] [review]
Patch (v2)

Tested and can confirm it returns valid data
Comment 7 :Ehsan Akhgari 2012-07-06 11:51:48 PDT
Landed with a proper commit message.  Thanks for reviewing and testing the patch!

https://hg.mozilla.org/integration/mozilla-inbound/rev/885c843432e6
Comment 8 Ryan VanderMeulen [:RyanVM] 2012-07-07 12:02:42 PDT
https://hg.mozilla.org/mozilla-central/rev/885c843432e6

Note You need to log in before you can comment on or make changes to this bug.