Closed
Bug 1303967
Opened 8 years ago
Closed 8 years ago
Crash in mozalloc_abort | NS_DebugBreak | mozilla::ipc::LogicError | mozilla::dom::PBrowser::Transition
Categories
(Core :: DOM: Content Processes, defect)
Tracking
()
RESOLVED
FIXED
mozilla52
People
(Reporter: ting, Assigned: billm)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
2.71 KB,
patch
|
mrbkap
:
review+
gchang
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-0fce5ec5-fa63-4446-bcc6-277b62160920.
=============================================================
#6 of 0918 Nightly on Windows, 89 crashes from 50 installations.
Reporter | ||
Updated•8 years ago
|
Flags: needinfo?(wmccloskey)
Comment 1•8 years ago
|
||
[Tracking Requested - why for this release]:
Over 100 crashes on 51 as well so far.
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → wmccloskey
Flags: needinfo?(wmccloskey)
Assignee | ||
Comment 2•8 years ago
|
||
Here's the relevant part of the crash stack:
4 xul.dll mozilla::dom::PBrowserChild::SendForcePaintNoOp(unsigned __int64 const&) obj-firefox/ipc/ipdl/PBrowserChild.cpp:2452
5 xul.dll mozilla::dom::TabChild::RecvSetDocShellIsActive(bool const&, bool const&, unsigned __int64 const&) dom/ipc/TabChild.cpp:2663
6 xul.dll mozilla::dom::TabChild::ForcePaint(unsigned __int64)
...
29 xul.dll nsDocShellTreeOwner::AddChromeListeners() embedding/browser/nsDocShellTreeOwner.cpp:976
30 xul.dll nsWebBrowser::Create() embedding/browser/nsWebBrowser.cpp:1286
31 xul.dll mozilla::dom::TabChild::Init() dom/ipc/TabChild.cpp:762
So we're getting an interrupt callback too soon--before the TabChild has been initialized. When we try to send an IPC message, we crash.
I think it makes sense for mIPCOpen to be false until we can actually send messages. That's how it's typically used. So I delayed setting it to true until TabChild::Init finishes.
I also added an IPCOpen() check in TabChild::ForcePaint. I don't think it makes sense to do any of that stuff if it's false.
Attachment #8793104 -
Flags: review?(mrbkap)
Updated•8 years ago
|
Attachment #8793104 -
Flags: review?(mrbkap) → review+
Pushed by wmccloskey@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a536a062f1d9
Don't set mIPCOpen until TabChild is initialized (r=mrbkap)
Assignee | ||
Comment 4•8 years ago
|
||
Comment on attachment 8793104 [details] [diff] [review]
patch
Approval Request Comment
[Feature/regressing bug #]: bug 1279086
[User impact if declined]: crashes
[Describe test coverage new/current, TreeHerder]: will be on m-c soon
[Risks and why]: pretty low risk, just avoiding some bad code
[String/UUID change made/needed]: none
Attachment #8793104 -
Flags: approval-mozilla-aurora?
Comment 5•8 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Comment 6•8 years ago
|
||
Comment on attachment 8793104 [details] [diff] [review]
patch
Review of attachment 8793104 [details] [diff] [review]:
-----------------------------------------------------------------
This patch fixes a crash. Take it in 51 aurora.
Attachment #8793104 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 7•8 years ago
|
||
bugherder uplift |
Comment 9•8 years ago
|
||
Crash volume for signature 'mozalloc_abort | NS_DebugBreak | mozilla::ipc::LogicError | mozilla::dom::PBrowser::Transition':
- nightly (version 52): 260 crashes from 2016-09-19.
- aurora (version 51): 404 crashes from 2016-09-19.
- beta (version 50): 0 crashes from 2016-09-20.
- release (version 49): 3 crashes from 2016-09-05.
- esr (version 45): 0 crashes from 2016-06-01.
Crash volume on the last weeks (Week N is from 10-03 to 10-09):
W. N-1 W. N-2
- nightly 24 236
- aurora 93 311
- beta 0 0
- release 2 1
- esr 0 0
Affected platforms: Windows, Linux
Crash rank on the last 7 days:
Browser Content Plugin
- nightly #49
- aurora #678 #16
- beta
- release #3686
- esr
status-firefox49:
--- → affected
Updated•8 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•