Closed
Bug 1046210
Opened 10 years ago
Closed 10 years ago
Crash in SetCurrentProcessSandbox → BroadcastSetThreadSandbox while stability testing
Categories
(Core :: Security, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox32 | --- | wontfix |
firefox33 | --- | unaffected |
firefox34 | --- | unaffected |
b2g-v1.4 | --- | wontfix |
b2g-v2.0 | --- | fixed |
b2g-v2.1 | --- | unaffected |
People
(Reporter: ggrisco, Assigned: jld)
References
Details
(Keywords: crash, Whiteboard: [b2g-crash][caf-crash 272][caf priority: p1][CR 693894])
Crash Data
Attachments
(3 files)
[Blocking Requested - why for this release]: Same as bug 1038900 which was marked fixed, but crash is still happening.
Comment 1•10 years ago
|
||
Comment 2•10 years ago
|
||
Reporter | ||
Comment 3•10 years ago
|
||
Hi Jed, can you take a look at this one?
Reporter | ||
Updated•10 years ago
|
Flags: needinfo?(jld)
Updated•10 years ago
|
blocking-b2g: 2.0? → 2.0+
Assignee | ||
Comment 4•10 years ago
|
||
This is an entirely different crash from bug 1038900, and I think I know what's going on. These messages: 07-30 08:12:49.546 3510 3515 E Sandbox : SANDBOX DISABLED FOR DMD! See bug 956961. [...] 07-30 08:12:49.566 3416 3416 E Sandbox : SANDBOX DISABLED FOR DMD! See bug 956961. are being logged from an asynchronous signal handler, with logging code that isn't async signal safe. This wasn't as much of an issue for the SIGSYS handler, because at that point we're already about to crash and things can't get much worse — but this is not that. I conjecture that this caused a deadlock due to reentrant use of malloc, and that this is why these two messages occur back-to-back (note the thread ids): 07-30 08:13:00.646 3432 3432 E Sandbox : Thread 3495 unresponsive for 10 seconds. Killing process. 07-30 08:13:00.646 3432 3495 E Sandbox : SANDBOX DISABLED FOR DMD! See bug 956961. This should affect DMD builds only. Also, bug 956961 removed that code so 2.1 is unaffected (and any fix for this will need to be landed directly on 2.0). The fix is simple: do the DMD check once ahead of time instead of in the routine that runs once for each thread.
Assignee: nobody → jld
status-b2g-v2.1:
--- → unaffected
status-firefox33:
--- → unaffected
status-firefox34:
--- → unaffected
Flags: needinfo?(jld)
Summary: Crash in SetCurrentProcessSandbox while stability testing → Crash in SetCurrentProcessSandbox → BroadcastSetThreadSandbox while stability testing
Comment 5•10 years ago
|
||
Observed on: Device: msm8610 Gonk Version: AU_LINUX_GECKO_B2G_KK_3.6.01.04.00.000.043 Moz BuildID: 20140721000201 B2G Version: 2.0 Gecko Version: 32.0a2 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=8cb1a949f2e9650bb2c5598e78a6f24a58bbaf97 Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=5f27d3ee3ccf01ac91a3efacb5e3e22ea62fd73c
Assignee | ||
Comment 6•10 years ago
|
||
I moved the other getenv call as well — it might not be part of the problem, but it also doesn't belong there.
Attachment #8465118 -
Flags: review?(gdestuynder)
Comment on attachment 8465118 [details] [diff] [review] Lift sandbox disablement checks out of async signal context. Review of attachment 8465118 [details] [diff] [review]: ----------------------------------------------------------------- That reasoning sounds right to me, too. Code looks good.
Attachment #8465118 -
Flags: review?(gdestuynder) → review+
Assignee | ||
Comment 8•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g32_v2_0/rev/85ec57090a25
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•10 years ago
|
Updated•10 years ago
|
Target Milestone: --- → 2.1 S1 (1aug)
Updated•10 years ago
|
Flags: in-moztrap?(ychung)
Comment 9•10 years ago
|
||
No STR is present to create test case to address bug.
QA Whiteboard: [QAnalyst-Triage?]
Flags: needinfo?(ktucker)
Updated•10 years ago
|
QA Whiteboard: [QAnalyst-Triage?] → [QAnalyst-Triage+]
Flags: needinfo?(ktucker)
Flags: in-moztrap?(ychung)
Flags: in-moztrap-
You need to log in
before you can comment on or make changes to this bug.
Description
•