ubuntu Firefox crash in mozilla::dom::CrashReporterParent::GenerateChildData during NP_Shutdown

RESOLVED DUPLICATE of bug 1184068

Status

()

Core
Plug-ins
--
critical
RESOLVED DUPLICATE of bug 1184068
2 years ago
2 years ago

People

(Reporter: Robert Kaiser, Unassigned)

Tracking

({crash})

Trunk
Unspecified
Linux
crash
Points:
---

Firefox Tracking Flags

(firefox42 affected)

Details

(crash signature)

(Reporter)

Description

2 years ago
This bug was filed from the Socorro interface and is 
report bp-086234a0-8aea-4a71-b001-1c8592150713.
=============================================================

Top Stack Frames:
0 	libxul.so 	mozilla::dom::CrashReporterParent::GenerateChildData 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/ipc/CrashReporterParent.cpp:114
1 	libxul.so 	mozilla::plugins::PluginModuleChromeParent::ProcessFirstMinidump 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/ipc/PluginModuleParent.cpp:1415
2 	libxul.so 	mozilla::plugins::PluginModuleChromeParent::ActorDestroy 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/ipc/PluginModuleParent.cpp:1503
3 	libxul.so 	mozilla::plugins::PPluginModuleParent::DestroySubtree 	/build/firefox-4CFcvq/firefox-39.0+build5/obj-x86_64-linux-gnu/ipc/ipdl/PPluginModuleParent.cpp:1588
4 	libxul.so 	mozilla::plugins::PPluginModuleParent::OnChannelError 	/build/firefox-4CFcvq/firefox-39.0+build5/obj-x86_64-linux-gnu/ipc/ipdl/PPluginModuleParent.cpp:1462
5 	libxul.so 	mozilla::ipc::MessageChannel::NotifyMaybeChannelError 	/build/firefox-4CFcvq/firefox-39.0+build5/ipc/glue/MessageChannel.cpp:1622
6 	libxul.so 	mozilla::ipc::MessageChannel::Close 	/build/firefox-4CFcvq/firefox-39.0+build5/ipc/glue/MessageChannel.cpp:1744
7 	libxul.so 	mozilla::plugins::PluginModuleParent::DoShutdown 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/ipc/PluginModuleParent.cpp:2326
8 	libxul.so 	mozilla::plugins::PluginModuleParent::NP_Shutdown 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/ipc/PluginModuleParent.cpp:2307
9 	libxul.so 	mozilla::plugins::PluginModuleChromeParent::~PluginModuleChromeParent 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/ipc/PluginModuleParent.cpp:705
10 	libxul.so 	mozilla::plugins::PluginModuleChromeParent::~PluginModuleChromeParent 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/ipc/PluginModuleParent.cpp:741
11 	libxul.so 	nsNPAPIPlugin::~nsNPAPIPlugin 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/base/nsNPAPIPlugin.cpp:237
12 	libxul.so 	nsNPAPIPlugin::~nsNPAPIPlugin 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/base/nsNPAPIPlugin.cpp:239
13 	libxul.so 	nsNPAPIPlugin::Release 	/build/firefox-4CFcvq/firefox-39.0+build5/dom/plugins/base/nsNPAPIPlugin.cpp:224
[...]

This looks specific to ubuntu builds of Firefox 39 - we are in NP_Shutdown but crash in crash reporter code.

Comment 1

2 years ago
Crash Address 	0x89 

http://hg.mozilla.org/releases/mozilla-release/annotate/FIREFOX_39_0_RELEASE/dom/ipc/CrashReporterParent.cpp is the first time we touch a member variable in this function. So this is probably a null `this` access.

This is the callsite: http://hg.mozilla.org/releases/mozilla-release/annotate/FIREFOX_39_0_RELEASE/dom/plugins/ipc/PluginModuleParent.cpp#l1415

It's weird that we'd have a null `crashReporter` here, because we null-check it above at line 1408.

Can't say much beyond that; we know that the crash reporter is enabled in these builds, so there should be a `crashReporter` here. Best thing would be for somebody who is seeing this to debug it using the distro symbols.
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #1)
> Crash Address 	0x89 

On a roughly-similar Win64 build, my debugger says that mProcessType has offset 0x88. So `this` is 1? That explains how we sneak past the null-check, but it certainly doesn't seem right.

Comment 3

2 years ago
I've tried reproducing this but have been unable to so far

Comment 4

2 years ago
I'm getting this continuously on Ubuntu 14.04 since upgrading to package version 39.0+build5-0ubuntu0.14.04.1. The browser crashes randomly within a few minutes of starting, same symptoms as https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1471949 which I found while googling the problem. In fact I suspect that I'm hitting that crash initially, but then getting this crash in the crash reporter.

I'm happy to help debug it since it's driving me crazy. I don't know the codebase but I speak C++ and can drive gdb well enough. Let me know how I can help.

Comment 5

2 years ago
Happens relatively regularly to me, too, since I upgraded to Firefox 39 on Ubuntu 14.04:

Report ID 	Date Submitted
bp-7a58b79f-1291-4ad4-9cd2-461b22150716
	07/16/2015	08:48 AM
bp-e967d447-3559-4971-b912-55fb62150716
	07/16/2015	08:45 AM
bp-3d5f123f-01a0-48a4-b5a7-04b562150715
	07/15/2015	01:44 PM
bp-b525986a-f248-4380-9108-c0fd62150714
	07/14/2015	10:21 PM
bp-5cbee686-cbfb-4ad8-b021-abcbc2150714
	07/14/2015	09:58 PM
bp-ee28c00b-123f-45de-8867-3ef2b2150713
	07/13/2015	10:49 PM

The only common web sites which were open (as App Tabs) are Twitter and our company's Zimbra Web UI.  They didn't have the focus when it happened though.  I generally don't have many tabs open, the last one happened with maybe five open tabs.  I didn't try in safe mode yet since it happens randomly while I'm working/browsing.  Flash, which I suspected first to be the culprit, is globally set click-to-play except maybe for Zimbra where I might have whitelisted it to make the copy feature work.

Comment 6

2 years ago
This is getting really annoying.  Is there anything I can do to help getting this crash fixed?

bp-6ee0a9ab-c17d-4479-be6e-a79c32150722	07/22/2015	08:22 PM
bp-a2a3206d-23b7-483f-bfea-d8ed72150722	07/22/2015	09:13 AM
bp-310bf0d1-c3f5-47c7-9019-7523c2150721	07/21/2015	07:11 PM
bp-d6d4589f-08a5-46ce-bcb2-0cb432150721	07/21/2015	09:13 AM
bp-40198fd6-948c-41b1-8dc5-510232150720	07/20/2015	08:40 PM
bp-3b97e4ba-e3d2-411f-bb9c-e5e302150720	07/20/2015	06:49 PM
bp-188a0ef9-43a8-4957-b6e1-412a42150720	07/20/2015	04:12 PM
bp-068c67c0-f87f-40e3-a960-7d7002150717	07/17/2015	08:06 PM
bp-05c4ca78-de1d-406b-b467-9e0792150717	07/17/2015	07:34 PM
bp-71f89704-3f6a-4b01-9a19-6b5912150716	07/16/2015	05:47 PM
bp-d23dea67-60b3-4c36-bab3-32c8b2150716	07/16/2015	04:45 PM
bp-7a58b79f-1291-4ad4-9cd2-461b22150716	07/16/2015	08:48 AM
bp-e967d447-3559-4971-b912-55fb62150716	07/16/2015	08:45 AM
bp-3d5f123f-01a0-48a4-b5a7-04b562150715	07/15/2015	01:44 PM
bp-b525986a-f248-4380-9108-c0fd62150714	07/14/2015	10:21 PM
bp-5cbee686-cbfb-4ad8-b021-abcbc2150714	07/14/2015	09:58 PM
bp-ee28c00b-123f-45de-8867-3ef2b2150713	07/13/2015	10:49 PM

Updated

2 years ago
Flags: needinfo?(chrisccoulson)

Comment 7

2 years ago
Can people try the current 40.0 beta? This should be fixed there
Flags: needinfo?(chrisccoulson)

Comment 8

2 years ago
I haven't seen a crash sine I updated to 39.0.3.  The last crash was on Thursday and before that I saw them almost daily:

bp-e4a9e5fa-0994-458b-9201-162912150806        08/06/2015      09:59 PM
bp-fe3a4abf-ea7f-4167-9406-af74b2150806        08/06/2015      05:29 PM
bp-866ad494-77ff-45a1-b80a-046b02150806        08/06/2015      02:21 PM
bp-38297f61-5352-436a-a110-ff0342150806        08/06/2015      01:17 PM
bp-3a10593c-4f59-409e-a8df-208d42150806        08/06/2015      12:50 PM
bp-3028a39c-b6c5-4f8f-adf9-530772150803        08/03/2015      06:05 PM
bp-b8c55d8d-9c45-4460-b1fa-420532150803        08/03/2015      02:44 PM
bp-30d6fe5f-d1d5-4e72-b7f5-6d8692150803        08/03/2015      01:16 PM
bp-faecb29d-ccdf-4071-bbc5-36feb2150802        08/02/2015      10:58 PM
bp-3cccd80e-3c70-4d27-8c17-567dc2150802        08/02/2015      10:52 PM

Comment 9

2 years ago
Same here.

Updated

2 years ago
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1184068
You need to log in before you can comment on or make changes to this bug.