Closed Bug 1316950 Opened 6 years ago Closed 6 years ago

Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link


(Core :: General, defect)

Not set



Tracking Status
firefox52 --- affected


(Reporter: tonymec, Unassigned)


(Keywords: crash, topcrash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-62b9b271-1ab5-467f-b8a1-e67e02161111.
bp-84f6e966-ed5e-4c26-ac26-2930f2161110 is similar.

Both of these crashing builds had the following UA string:
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49a1

The older of these two crashes is from the following build:


and had the following crash data (see also my concluding remarks at bottom):

------------------------------ crash data start
Signature 	nsGlobalWindow::SetOpenerWindow More Reports Search
UUID 	84f6e966-ed5e-4c26-ac26-2930f2161110
Date Processed 	2016-11-10 00:43:36
Uptime 	41,325 seconds (11 hours, 28 minutes and 45 seconds)
Last Crash 	11,391,268 seconds before submission (18 weeks, 5 days and 20 hours)
Install Age 	41,325 seconds since version was first installed (11 hours, 28 minutes and 45 seconds)
Install Time 	2016-11-09 13:13:53
Product 	SeaMonkey
Release Channel 	nightly
Version 	2.49a1
Build ID 	20161109003001
OS 	Linux
OS Version 	0.0.0 Linux 4.1.34-33-default #1 SMP PREEMPT Thu Oct 20 08:03:29 UTC 2016 (fe18aba) x86_64
Build Architecture 	amd64
Build Architecture Info 	family 6 model 23 stepping 10 | 2
Adapter Vendor ID 	

Adapter Device ID 	

Startup Crash 	


MOZ_CRASH Reason 	MOZ_RELEASE_ASSERT(!contentOpener || !mTabGroup || mTabGroup == Cast(contentOpener)->mTabGroup)
Crash Reason 	SIGSEGV
Crash Address 	0x0
User Comments 	

clicking a link in a message at Gmail webmail


App Notes 	

openSUSE Leap 42.1 (x86_64)FP(D00-L1000-W00000000-T0000) OpenGL: Intel Open Source Technology Center -- Mesa DRI Intel(R) Q45/Q43  -- 2.1 Mesa 11.0.8 -- texture_from_pixmap GL Context? GL Context+ GL Layers? GL Layers+ WebGL? WebGL+ WebGL- 

Processor Notes 	processor_prod-processor-i-0f6d2a17_1318; MozillaProcessorAlgorithm2015; skunk_classifier: reject - not a plugin hang

Bugzilla - Report this bug in SeaMonkey Core External Software Affecting Firefox Toolkit
Related Bugs

Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	nsGlobalWindow::SetOpenerWindow 	dom/base/nsGlobalWindow.cpp:3231
1 	nsWindowWatcher::ReadyOpenedDocShellItem 	embedding/components/windowwatcher/nsWindowWatcher.cpp:2148
2 	nsWindowWatcher::OpenWindowInternal 	embedding/components/windowwatcher/nsWindowWatcher.cpp:1062
3 	nsWindowWatcher::OpenWindow2 	embedding/components/windowwatcher/nsWindowWatcher.cpp:445
4 	nsGlobalWindow::OpenInternal 	dom/base/nsGlobalWindow.cpp:12429
5 	nsGlobalWindow::OpenJS 	dom/base/nsGlobalWindow.cpp:8314
6 	nsGlobalWindow::OpenOuter 	dom/base/nsGlobalWindow.cpp:8267
7 	nsGlobalWindow::Open 	dom/base/nsGlobalWindow.cpp:8276
8 	mozilla::dom::WindowBinding::open 	/builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/WindowBinding.cpp:2194
9 	mozilla::dom::WindowBinding::genericMethod 	/builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/WindowBinding.cpp:14893
10 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
11 	js::Call 	js/src/vm/Interpreter.cpp:522
12 	js::Wrapper::call 	js/src/proxy/Wrapper.cpp:165
13 	js::CrossCompartmentWrapper::call 	js/src/proxy/CrossCompartmentWrapper.cpp:333
14 	js::Proxy::call 	js/src/proxy/Proxy.cpp:400
15 	js::proxy_Call 	js/src/proxy/Proxy.cpp:689
16 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
17 	Interpret 	js/src/vm/Interpreter.cpp:509
18 	js::RunScript 	js/src/vm/Interpreter.cpp:404
19 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
20 	js::Call 	js/src/vm/Interpreter.cpp:522
21 	js::fun_call 	js/src/jsfun.cpp:1252
22 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
23 	Interpret 	js/src/vm/Interpreter.cpp:509
24 	js::RunScript 	js/src/vm/Interpreter.cpp:404
25 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
26 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp:6012
27 		@0x7f2d636eda95 	
28 		@0x7f2cb5b4714f 	
29 		@0x7f2d636ec887 	
30 	EnterBaseline 	js/src/jit/BaselineJIT.cpp:155
31 	js::jit::EnterBaselineAtBranch 	js/src/jit/BaselineJIT.cpp:261
32 	Interpret 	js/src/vm/Interpreter.cpp:1916
33 	js::RunScript 	js/src/vm/Interpreter.cpp:404
34 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
35 	js::Call 	js/src/vm/Interpreter.cpp:522
36 	js::jit::InvokeFunction 	js/src/jit/VMFunctions.cpp:114
37 		@0x7f2d636f6265 	
38 		@0x7f2cd903d4b7 	
39 		@0x7f2d1615f5f5 	
40 	js::jit::IonCannon 	js/src/jit/Ion.cpp:2847
41 	js::RunScript 	js/src/vm/Interpreter.cpp:384
42 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
43 	js::Call 	js/src/vm/Interpreter.cpp:522
44 	js::fun_apply 	js/src/jsfun.cpp:1318
45 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
46 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp:6012
47 		@0x7f2d636eda95 	
48 		@0x7f2ca43fd2b7 	
49 	js::jit::IonCannon 	js/src/jit/Ion.cpp:2847
52 	_fini 	
53 	js::jit::CanEnter 	js/src/jit/Ion.cpp:2581
54 	js::RunScript 	js/src/vm/Interpreter.cpp:384
55 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
56 	EnterBaseline 	js/src/jit/BaselineJIT.cpp:175
57 	_fini 	
58 	js::Call 	js/src/vm/Interpreter.cpp:522
59 	js::Wrapper::call 	js/src/proxy/Wrapper.cpp:165
60 	mozilla::net::LoadInfo::GetExternalContentPolicyType 	netwerk/base/LoadInfo.cpp:605
61 		@0x7f2d50f99fff 	
62 	_fini 	
63 	js::CrossCompartmentWrapper::call 	js/src/proxy/CrossCompartmentWrapper.cpp:333
64 	_fini 	
65 	js::Proxy::call 	js/src/proxy/Proxy.cpp:400
66 	_fini 	
68 	js::proxy_Call 	js/src/proxy/Proxy.cpp:689
69 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
70 	js::Call 	js/src/vm/Interpreter.cpp:522
71 	JS::Call 	js/src/jsapi.cpp:2827
72 	mozilla::dom::AutoJSAPI::ReportException 	dom/base/ScriptSettings.h:267
73 	mozilla::net::LoadInfo::GetExternalContentPolicyType 	netwerk/base/LoadInfo.cpp:605
74 		@0x7f2d50f99fff 	
75 	mozilla::dom::GetOrCreateDOMReflectorHelper<mozilla::dom::Event, false>::GetOrCreate 	dom/bindings/BindingUtils.h:942
76 	mozilla::dom::EventListener::HandleEvent 	/builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/EventListenerBinding.cpp:48
77 	mozilla::net::LoadInfo::GetExternalContentPolicyType 	netwerk/base/LoadInfo.cpp:605
78 		@0x7f2d50f99fff 	
79 	nsWrapperCache::GetWrapper 	js/public/HeapAPI.h:364
80 	mozilla::dom::ToJSValue<mozilla::dom::EventTarget> 	dom/bindings/BindingUtils.h:942
81 	mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget*> 	/builds/slave/c-cen-t-lnx64-ntly/build/objdir/dist/include/mozilla/dom/EventListenerBinding.h:64
82 	non-virtual thunk to LogStringMessageAsync::~LogStringMessageAsync() 	
------------------------------ crash data end

Both crashes happened when left-clicking a "View it on GitHub" link in a message from github at Gmail webmail.

Right-clicking the same link followed by "Open Link in New Tab" works as expected, with no crash.

I don't have a "last good / first bad" pair: this 2016-11-09 nightly is "bad" but I have no idea whether the previous one was good or bad. I don't even have formal proof that there ever was a "good" build so I'm not setting the "regression" keyword.

For lack of a "SeaMonkey 2.49" tracking flag, I'm leaving the "Firefox 52: affected" flag set by the Socorro/Bugzilla interface. (N.B. SeaMonkey version 2.n, with n > 1, is based on Gecko version (n+3).)

The same crash on left-clicking the button "Add my signature" in a petition email from Avaaz; I'm updating the Summary of this bug to include this new case. Socorro was clever enough to find out without my help that this bug report of mine is relevant.

In this case the button included a link to

The github link from one of the previous incidents was to

I don't see any "suspicious similarity" between them.
Summary: Crash in nsGlobalWindow::SetOpenerWindow when clicking a "View it on GitHub" link in Gmail webmail from github → Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link in Gmail webmail
Searching Socorro for this signature displays results for both Firefox and SeaMonkey on both Windows and Linux. One isolated report on 2016-10-13 for Fx 49.0.1 (possibly unrelated), then 66 results for Gecko 52 starting on 2016-11-02.

FYI, here is the search URL I used:
OS: Linux → All
Hardware: x86_64 → All
On the topcrashers' list for 28 days, this signature is currently ranked 233 and new for Firefox, 1 and new for SeaMonkey. I'm setting the topcrash keyword based on its being the #1 SeaMonkey crash with 54 crashes (38.85%) in the last 28 days and the same 54 crashes (but 63.53%) in the last 7 days.
Keywords: topcrash
P.S. In the last 7 days for Firefox, this is topcrash #92 and up 82 places.
(In reply to Tony Mechelynck [:tonymec] from comment #4)
> P.S. In the last 7 days for Firefox, this is topcrash #92 and up 82 places.

P.P.S. ...but #55 (and up 99) when setting the rang type "by build date".
This one probably is a DUP of "Bug 1316104 - CRASH (MOZ_RELEASE_ASSERT) when click link which opens link target in new TAB"

Does the workaround in Bug 1316104 work for you?
See Also: → 1316104
I should have mentioned:
REPRODUCIBLE with server installation of official en-US SeaMonkey 2.49a1  (NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Build 20161107002359  (Default Classic Theme) on German WIN7 64bit
I am not using gmail but I am unable to reproduce any of the crashes with releases were

is included. If you find a case were it still does I would be glad. I will not look at the source of any crashes or the follow fix for bug 1316104 till mergeday is over. Completly pointless at the moment. There were 3 different breakages in the last 24h and 2.49a1 might be affected by other changes I saw too. Please use 2.48a2 for the time being. Better to make this one stable because it might take some time for 2.49a1.

This one is on a link to a PHP program which generates a PDF, so once more I make the Summary more general.

(In reply to Rainer Bielefeld from comment #6)
> This one probably is a DUP of "Bug 1316104 - CRASH (MOZ_RELEASE_ASSERT) when
> click link which opens link target in new TAB"
> @Tony:
> Does the workaround in Bug 1316104 work for you?

Indeed I had "A new tab in the current window" selected, and I hate to have to select something else. Let's see with "A new window"...
Summary: Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link in Gmail webmail → Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link
...No crash
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1316104
See Also: 1316104
Moving from Core::Untriaged to Core::General
Component: Untriaged → General
You need to log in before you can comment on or make changes to this bug.