Closed
Bug 860882
Opened 11 years ago
Closed 11 years ago
User Mode Write AV near NULL starting at mozalloc!mozalloc_abort+0x000000000000002e
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 859955
People
(Reporter: me.himansu, Unassigned)
Details
Attachments
(1 file)
|
2.87 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:20.0) Gecko/20100101 Firefox/20.0 Build ID: 20130409194949 Steps to reproduce: On scrolling the pages very quickly on a 8.2MB pdf that was loaded into my Mozilla Firefox stable v20. The browser crashed. I had tested it on windows 7 x86.
|
||
Comment 1•11 years ago
|
||
This is an intentional abort, usually due to a nonrecoverable OOM condition. Certainly not security-sensitive. Can you provide a real stacktrace? I'm not sure why you are using windbg for the stack instead of just submitting a normal crash report. When using a local debugger, you really need to use the Mozilla and Microsoft symbol servers in order to get useful stack traces: https://developer.mozilla.org/en-US/docs/How_to_get_a_stacktrace_for_a_bug_report https://developer.mozilla.org/en-US/docs/Using_the_Mozilla_symbol_server
Group: core-security
Flags: needinfo?(me.himansu)
|
Reporter | |
Comment 2•11 years ago
|
||
I have submitted the crash: https://crash-stats.mozilla.com/report/index/bp-44f53e25-5242-42f8-9254-61c492130411 Here, goes the stacktrace: 0:000> |* !analyze -v -f ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\firefox.exe *** WARNING: Unable to verify checksum for C:\Windows\system32\framsys.dll *** ERROR: Module load completed but symbols could not be loaded for C:\Windows\system32\framsys.dll *** WARNING: Unable to verify checksum for C:\Windows\system32\dxtrares.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\dxtrares.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NVIDIA Corporation\3D Vision\nvStereoApiI.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Internet Download Manager\idmmkb.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll - *** WARNING: Unable to verify checksum for C:\Windows\system32\igd10umd32.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\igd10umd32.dll - *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\mozsqlite3.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\nss3.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\nssckbi.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\freebl3.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll - *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\nssdbm3.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\nvumdshim.dll - *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\softokn3.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\components\browsercomps.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\ssl3.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\smime3.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\nvapi.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\IPHLPAPI.DLL - *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\xpcom.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\nssutil3.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\plds4.dll *** WARNING: Unable to verify checksum for C:\Program Files\Mozilla Firefox\plc4.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\nvinit.dll - ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* FAULTING_IP: mozalloc!mozalloc_abort+2e [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\memory\mozalloc\mozalloc_abort.cpp @ 30] 740419a2 c705000000007b000000 mov dword ptr ds:[0],7Bh EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 740419a2 (mozalloc!mozalloc_abort+0x0000002e) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00000000 Attempt to write to address 00000000 FAULTING_THREAD: 00003644 DEFAULT_BUCKET_ID: NULL_POINTER_WRITE PROCESS_NAME: firefox.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 00000001 EXCEPTION_PARAMETER2: 00000000 WRITE_ADDRESS: 00000000 FOLLOWUP_IP: mozalloc!mozalloc_abort+2e [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\memory\mozalloc\mozalloc_abort.cpp @ 30] 740419a2 c705000000007b000000 mov dword ptr ds:[0],7Bh DETOURED_IMAGE: 1 NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 PRIMARY_PROBLEM_CLASS: NULL_POINTER_WRITE BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_WRITE LAST_CONTROL_TRANSFER: from 612db66d to 740419a2 STACK_TEXT: 0022caec 612db66d 0025bc6c 0022cc94 199d4a20 mozalloc!mozalloc_abort+0x2e [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\memory\mozalloc\mozalloc_abort.cpp @ 30] 0022cb50 5ae5e862 199d4a20 00000000 00000001 gkmedias!mozilla::gfx::AlphaBoxBlur::Blur+0xf6 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\gfx\2d\blur.cpp @ 525] 0022cbb8 5ae5b3a7 199d4940 0022cc08 199d4940 xul!gfxAlphaBoxBlur::Paint+0x1a [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\gfx\thebes\gfxblur.cpp @ 88] 0022cc18 5add3346 5aa9df00 2c5fc388 00000000 xul!nsContextBoxBlur::DoPaint+0x3e [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nscssrendering.cpp @ 4803] 0022ce04 5ae50e4e 5aa9df00 29b88c98 0022ce50 xul!nsCSSRendering::PaintBoxShadowOuter+0x4b6 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nscssrendering.cpp @ 1352] 0022cef0 5ad1548a 0022e158 5aa9df00 199d4940 xul!nsDisplayBoxShadowOuter::Paint+0xb8 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nsdisplaylist.cpp @ 2434] 0022d244 5b6a6990 1764b6e0 199d4940 0022d374 xul!mozilla::FrameLayerBuilder::DrawThebesLayer+0x81a [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\framelayerbuilder.cpp @ 3338] 0022d2dc 5b6a6d38 199d4940 0022d374 00000001 xul!mozilla::layers::ThebesLayerD3D10::DrawRegion+0x24b [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\gfx\layers\d3d10\thebeslayerd3d10.cpp @ 449] 0022d408 5b6b32e2 1764b6e0 0022d424 29cb4e20 xul!mozilla::layers::ThebesLayerD3D10::Validate+0x383 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\gfx\layers\d3d10\thebeslayerd3d10.cpp @ 245] 0022d478 5b6b32ec 0022e158 19b94c00 00000048 xul!mozilla::layers::ContainerLayerD3D10::Validate+0x137 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\gfx\layers\d3d10\containerlayerd3d10.cpp @ 414] 0022d4e0 5b6c344b 0022e158 19b94c00 00000000 xul!mozilla::layers::ContainerLayerD3D10::Validate+0x141 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\gfx\layers\d3d10\containerlayerd3d10.cpp @ 417] 0022dea0 5b6c3a16 19b94c00 00000002 29cb4c00 xul!mozilla::layers::LayerManagerD3D10::Render+0x24 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\gfx\layers\d3d10\layermanagerd3d10.cpp @ 727] 0022defc 5ad342e7 5ad14c70 0022e158 00000002 xul!mozilla::layers::LayerManagerD3D10::EndTransaction+0x9c [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\gfx\layers\d3d10\layermanagerd3d10.cpp @ 383] 0022e008 5ac9bc5d 0022e094 0022e158 00000000 xul!nsDisplayList::PaintForFrame+0x557 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nsdisplaylist.cpp @ 1167] 0022e024 5ad309b1 0022e094 00000000 0000000d xul!nsDisplayList::PaintRoot+0x7d [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nsdisplaylist.cpp @ 1027] 0022e44c 5ad4698f 00000000 06acd240 0022e5c8 xul!nsLayoutUtils::PaintFrame+0x3d1 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nslayoututils.cpp @ 2008] 0022e594 5ad40991 0701b3a0 0022e5c8 00000081 xul!PresShell::Paint+0x23f [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nspresshell.cpp @ 5358] 0022e628 5ad3d556 0701b3a0 00000001 00000001 xul!nsViewManager::ProcessPendingUpdatesForView+0x121 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\view\src\nsviewmanager.cpp @ 401] 0022e738 5ad505c5 86733dfb 0004da1b ae57e850 xul!nsRefreshDriver::Tick+0x686 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nsrefreshdriver.cpp @ 959] 0022e778 5ad41484 09130c10 09134140 01e4e5b0 xul!mozilla::RefreshDriverTimer::Tick+0x115 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\layout\base\nsrefreshdriver.cpp @ 156] 0022e7b8 5ad4169c 00000001 5acb8426 01e4e5b0 xul!nsTimerImpl::Fire+0x124 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\xpcom\threads\nstimerimpl.cpp @ 482] 0022e7c0 5acb8426 01e4e5b0 01e033b0 01e300e0 xul!nsTimerEvent::Run+0x1c [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\xpcom\threads\nstimerimpl.cpp @ 567] 0022e82c 5aeea6ff 01e4e5b0 00000000 0022e868 xul!nsThread::ProcessNextEvent+0x1b6 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\xpcom\threads\nsthread.cpp @ 633] 0022e860 5aefec30 01e30001 117dfc5e 01e161c0 xul!mozilla::ipc::MessagePump::Run+0x5f [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\ipc\glue\messagepump.cpp @ 82] 0022e898 5aefebd8 00000001 5ac82e00 00000000 xul!MessageLoop::RunHandler+0x21 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\ipc\chromium\src\base\message_loop.cc @ 209] 0022e8b4 5aedf7dc 01e022b0 01e17300 5aefeb6d xul!MessageLoop::Run+0x15 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\ipc\chromium\src\base\message_loop.cc @ 183] 0022e8c0 5aefeb6d 0532a8d0 5af23873 0532a8d0 xul!nsBaseAppShell::Run+0x34 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\widget\xpwidgets\nsbaseappshell.cpp @ 165] 0022e8d4 5ae72b08 01e17300 00000000 740410a0 xul!nsAppShell::Run+0x14 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\widget\windows\nsappshell.cpp @ 154] 0022e9a8 5aec3318 0022eb14 0022e9ec 01e16100 xul!XREMain::XRE_mainRun+0x3d5 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\toolkit\xre\nsapprunner.cpp @ 3823] 0022e9cc 5aee4339 0022e9ec 00000001 01a045c8 xul!XREMain::XRE_main+0xea [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\toolkit\xre\nsapprunner.cpp @ 3890] 0022eae4 00be1528 00000001 01a045c8 0022eb14 xul!XRE_main+0x30 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\toolkit\xre\nsapprunner.cpp @ 4093] 0022ed74 00be1e51 00000001 01e16040 00be5490 firefox!do_main+0x528 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\browser\app\nsbrowserapp.cpp @ 195] 0022f860 00be2174 00000001 01a02dd0 01a03c68 firefox!wmain+0x7b1 [e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\toolkit\xre\nswindowswmain.cpp @ 105] 0022f8a4 755a1174 7ffdf000 0022f8f0 76edb3f5 firefox!__tmainCRTStartup+0x122 [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 552] 0022f8b0 76edb3f5 7ffdf000 705c8bd7 00000000 kernel32!BaseThreadInitThunk+0xe 0022f8f0 76edb3c8 00be2295 7ffdf000 00000000 ntdll!__RtlUserThreadStart+0x70 0022f908 00000000 00be2295 7ffdf000 00000000 ntdll!_RtlUserThreadStart+0x1b SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: mozalloc!mozalloc_abort+2e FOLLOWUP_NAME: MachineOwner MODULE_NAME: mozalloc IMAGE_NAME: mozalloc.dll DEBUG_FLR_IMAGE_TIMESTAMP: 5164ea3f STACK_COMMAND: ~0s ; kb FAILURE_BUCKET_ID: NULL_POINTER_WRITE_c0000005_mozalloc.dll!mozalloc_abort BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_WRITE_DETOURED_mozalloc!mozalloc_abort+2e WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/firefox_exe/20_0_1_4847/51650aee/mozalloc_dll/20_0_1_4847/5164ea3f/c0000005/000019a2.htm?Retriage=1 Followup: MachineOwner
Flags: needinfo?(me.himansu)
|
|
||
Comment 3•11 years ago
|
||
Yeah, we're seeing this more recently, especially for users with dual intel/nvidia graphics cards: it's a dup of both bug 829954 and bug 859955. If you're interested in some of the details, see http://benjamin.smedbergs.us/blog/2013-04-11/graph-of-the-day-firefox-virtual-memory-plot/ and if you're very very interested, you can try setting breakpoints in MapViewOfFile to get stacks at the VM leakpoint.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•