Closed Bug 1316950 Opened 8 years ago Closed 8 years ago

Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1316104
Tracking Flags:
Tracking Status
firefox52 --- affected

People

(Reporter: tonymec, Unassigned)

Details

(Keywords: crash, topcrash)

Crash Data

This bug was filed from the Socorro interface and is report bp-62b9b271-1ab5-467f-b8a1-e67e02161111. ============================================================= bp-84f6e966-ed5e-4c26-ac26-2930f2161110 is similar. Both of these crashing builds had the following UA string: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49a1 The older of these two crashes is from the following build: 20161109003001 http://hg.mozilla.org/comm-central/rev/e4ab5c338d81d9c1e457364141e9aeac5fcfe422 http://hg.mozilla.org/mozilla-central/rev/783356f1476e and had the following crash data (see also my concluding remarks at bottom): ------------------------------ crash data start Signature nsGlobalWindow::SetOpenerWindow More Reports Search UUID 84f6e966-ed5e-4c26-ac26-2930f2161110 Date Processed 2016-11-10 00:43:36 Uptime 41,325 seconds (11 hours, 28 minutes and 45 seconds) Last Crash 11,391,268 seconds before submission (18 weeks, 5 days and 20 hours) Install Age 41,325 seconds since version was first installed (11 hours, 28 minutes and 45 seconds) Install Time 2016-11-09 13:13:53 Product SeaMonkey Release Channel nightly Version 2.49a1 Build ID 20161109003001 OS Linux OS Version 0.0.0 Linux 4.1.34-33-default #1 SMP PREEMPT Thu Oct 20 08:03:29 UTC 2016 (fe18aba) x86_64 Build Architecture amd64 Build Architecture Info family 6 model 23 stepping 10 | 2 Adapter Vendor ID Adapter Device ID Startup Crash False MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!contentOpener || !mTabGroup || mTabGroup == Cast(contentOpener)->mTabGroup) Crash Reason SIGSEGV Crash Address 0x0 User Comments clicking a link in a message at Gmail webmail EMCheckCompatibility False App Notes openSUSE Leap 42.1 (x86_64)FP(D00-L1000-W00000000-T0000) OpenGL: Intel Open Source Technology Center -- Mesa DRI Intel(R) Q45/Q43 -- 2.1 Mesa 11.0.8 -- texture_from_pixmap libGL.so.1? libGL.so.1+ GL Context? GL Context+ GL Layers? GL Layers+ WebGL? WebGL+ WebGL- Processor Notes processor_prod-processor-i-0f6d2a17_1318; MozillaProcessorAlgorithm2015; skunk_classifier: reject - not a plugin hang Bugzilla - Report this bug in SeaMonkey Core External Software Affecting Firefox Toolkit Related Bugs Crashing Thread (0) Frame Module Signature Source 0 libxul.so nsGlobalWindow::SetOpenerWindow dom/base/nsGlobalWindow.cpp:3231 1 libxul.so nsWindowWatcher::ReadyOpenedDocShellItem embedding/components/windowwatcher/nsWindowWatcher.cpp:2148 2 libxul.so nsWindowWatcher::OpenWindowInternal embedding/components/windowwatcher/nsWindowWatcher.cpp:1062 3 libxul.so nsWindowWatcher::OpenWindow2 embedding/components/windowwatcher/nsWindowWatcher.cpp:445 4 libxul.so nsGlobalWindow::OpenInternal dom/base/nsGlobalWindow.cpp:12429 5 libxul.so nsGlobalWindow::OpenJS dom/base/nsGlobalWindow.cpp:8314 6 libxul.so nsGlobalWindow::OpenOuter dom/base/nsGlobalWindow.cpp:8267 7 libxul.so nsGlobalWindow::Open dom/base/nsGlobalWindow.cpp:8276 8 libxul.so mozilla::dom::WindowBinding::open /builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/WindowBinding.cpp:2194 9 libxul.so mozilla::dom::WindowBinding::genericMethod /builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/WindowBinding.cpp:14893 10 libxul.so js::InternalCallOrConstruct js/src/jscntxtinlines.h:239 11 libxul.so js::Call js/src/vm/Interpreter.cpp:522 12 libxul.so js::Wrapper::call js/src/proxy/Wrapper.cpp:165 13 libxul.so js::CrossCompartmentWrapper::call js/src/proxy/CrossCompartmentWrapper.cpp:333 14 libxul.so js::Proxy::call js/src/proxy/Proxy.cpp:400 15 libxul.so js::proxy_Call js/src/proxy/Proxy.cpp:689 16 libxul.so js::InternalCallOrConstruct js/src/jscntxtinlines.h:239 17 libxul.so Interpret js/src/vm/Interpreter.cpp:509 18 libxul.so js::RunScript js/src/vm/Interpreter.cpp:404 19 libxul.so js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:476 20 libxul.so js::Call js/src/vm/Interpreter.cpp:522 21 libxul.so js::fun_call js/src/jsfun.cpp:1252 22 libxul.so js::InternalCallOrConstruct js/src/jscntxtinlines.h:239 23 libxul.so Interpret js/src/vm/Interpreter.cpp:509 24 libxul.so js::RunScript js/src/vm/Interpreter.cpp:404 25 libxul.so js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:476 26 libxul.so js::jit::DoCallFallback js/src/jit/BaselineIC.cpp:6012 27 @0x7f2d636eda95 28 @0x7f2cb5b4714f 29 @0x7f2d636ec887 30 libxul.so EnterBaseline js/src/jit/BaselineJIT.cpp:155 31 libxul.so js::jit::EnterBaselineAtBranch js/src/jit/BaselineJIT.cpp:261 32 libxul.so Interpret js/src/vm/Interpreter.cpp:1916 33 libxul.so js::RunScript js/src/vm/Interpreter.cpp:404 34 libxul.so js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:476 35 libxul.so js::Call js/src/vm/Interpreter.cpp:522 36 libxul.so js::jit::InvokeFunction js/src/jit/VMFunctions.cpp:114 37 @0x7f2d636f6265 38 @0x7f2cd903d4b7 39 @0x7f2d1615f5f5 40 libxul.so js::jit::IonCannon js/src/jit/Ion.cpp:2847 41 libxul.so js::RunScript js/src/vm/Interpreter.cpp:384 42 libxul.so js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:476 43 libxul.so js::Call js/src/vm/Interpreter.cpp:522 44 libxul.so js::fun_apply js/src/jsfun.cpp:1318 45 libxul.so js::InternalCallOrConstruct js/src/jscntxtinlines.h:239 46 libxul.so js::jit::DoCallFallback js/src/jit/BaselineIC.cpp:6012 47 @0x7f2d636eda95 48 @0x7f2ca43fd2b7 49 libxul.so js::jit::IonCannon js/src/jit/Ion.cpp:2847 50 libxul.so libxul.so@0x2c4985f 51 libxul.so libxul.so@0x301174f 52 libxul.so _fini 53 libxul.so js::jit::CanEnter js/src/jit/Ion.cpp:2581 54 libxul.so js::RunScript js/src/vm/Interpreter.cpp:384 55 libxul.so js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:476 56 libxul.so EnterBaseline js/src/jit/BaselineJIT.cpp:175 57 libxul.so _fini 58 libxul.so js::Call js/src/vm/Interpreter.cpp:522 59 libxul.so js::Wrapper::call js/src/proxy/Wrapper.cpp:165 60 libxul.so mozilla::net::LoadInfo::GetExternalContentPolicyType netwerk/base/LoadInfo.cpp:605 61 @0x7f2d50f99fff 62 libxul.so _fini 63 libxul.so js::CrossCompartmentWrapper::call js/src/proxy/CrossCompartmentWrapper.cpp:333 64 libxul.so _fini 65 libxul.so js::Proxy::call js/src/proxy/Proxy.cpp:400 66 libxul.so _fini 67 libxul.so libxul.so@0x2f700ff 68 libxul.so js::proxy_Call js/src/proxy/Proxy.cpp:689 69 libxul.so js::InternalCallOrConstruct js/src/jscntxtinlines.h:239 70 libxul.so js::Call js/src/vm/Interpreter.cpp:522 71 libxul.so JS::Call js/src/jsapi.cpp:2827 72 libxul.so mozilla::dom::AutoJSAPI::ReportException dom/base/ScriptSettings.h:267 73 libxul.so mozilla::net::LoadInfo::GetExternalContentPolicyType netwerk/base/LoadInfo.cpp:605 74 @0x7f2d50f99fff 75 libxul.so mozilla::dom::GetOrCreateDOMReflectorHelper<mozilla::dom::Event, false>::GetOrCreate dom/bindings/BindingUtils.h:942 76 libxul.so mozilla::dom::EventListener::HandleEvent /builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/EventListenerBinding.cpp:48 77 libxul.so mozilla::net::LoadInfo::GetExternalContentPolicyType netwerk/base/LoadInfo.cpp:605 78 @0x7f2d50f99fff 79 libxul.so nsWrapperCache::GetWrapper js/public/HeapAPI.h:364 80 libxul.so mozilla::dom::ToJSValue<mozilla::dom::EventTarget> dom/bindings/BindingUtils.h:942 81 libxul.so mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget*> /builds/slave/c-cen-t-lnx64-ntly/build/objdir/dist/include/mozilla/dom/EventListenerBinding.h:64 82 libxul.so non-virtual thunk to LogStringMessageAsync::~LogStringMessageAsync() ------------------------------ crash data end Both crashes happened when left-clicking a "View it on GitHub" link in a message from github at Gmail webmail. Right-clicking the same link followed by "Open Link in New Tab" works as expected, with no crash. I don't have a "last good / first bad" pair: this 2016-11-09 nightly is "bad" but I have no idea whether the previous one was good or bad. I don't even have formal proof that there ever was a "good" build so I'm not setting the "regression" keyword. For lack of a "SeaMonkey 2.49" tracking flag, I'm leaving the "Firefox 52: affected" flag set by the Socorro/Bugzilla interface. (N.B. SeaMonkey version 2.n, with n > 1, is based on Gecko version (n+3).)
bp-2b882e9a-60fe-4269-9733-a7af22161111 The same crash on left-clicking the button "Add my signature" in a petition email from Avaaz; I'm updating the Summary of this bug to include this new case. Socorro was clever enough to find out without my help that this bug report of mine is relevant. In this case the button included a link to https://secure.avaaz.org/campaign/fr/president_trump_letter_loc/?bLIcPcb&signup=1&cl=11049561865&v=83874 The github link from one of the previous incidents was to https://github.com/vim/vim/commit/34d72d4b6c1a2b04a214d8a49b7d22c97bc7a8bc#commitcomment-19784926 I don't see any "suspicious similarity" between them.
Summary: Crash in nsGlobalWindow::SetOpenerWindow when clicking a "View it on GitHub" link in Gmail webmail from github → Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link in Gmail webmail
Searching Socorro for this signature displays results for both Firefox and SeaMonkey on both Windows and Linux. One isolated report on 2016-10-13 for Fx 49.0.1 (possibly unrelated), then 66 results for Gecko 52 starting on 2016-11-02. FYI, here is the search URL I used: https://crash-stats.mozilla.com/search/?signature=%3DnsGlobalWindow%3A%3ASetOpenerWindow&date=%3E%3D2016-08-11T22%3A36%3A29.000Z&date=%3C2016-11-11T22%3A36%3A29.000Z&_sort=date&_sort=-product&_sort=signature&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
OS: Linux → All
Hardware: x86_64 → All
On the topcrashers' list for 28 days, this signature is currently ranked 233 and new for Firefox, 1 and new for SeaMonkey. I'm setting the topcrash keyword based on its being the #1 SeaMonkey crash with 54 crashes (38.85%) in the last 28 days and the same 54 crashes (but 63.53%) in the last 7 days.
Keywords: topcrash
P.S. In the last 7 days for Firefox, this is topcrash #92 and up 82 places.
(In reply to Tony Mechelynck [:tonymec] from comment #4) > P.S. In the last 7 days for Firefox, this is topcrash #92 and up 82 places. P.P.S. ...but #55 (and up 99) when setting the rang type "by build date".
This one probably is a DUP of "Bug 1316104 - CRASH (MOZ_RELEASE_ASSERT) when click link which opens link target in new TAB" @Tony: Does the workaround in Bug 1316104 work for you?
See Also: → 1316104
I should have mentioned: REPRODUCIBLE with server installation of official en-US SeaMonkey 2.49a1 (NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Build 20161107002359 (Default Classic Theme) on German WIN7 64bit
I am not using gmail but I am unable to reproduce any of the crashes with releases were https://hg.mozilla.org/comm-central/rev/0fa8bfa73cdec9511df0395c2b1f3af2e5fa2b83 is included. If you find a case were it still does I would be glad. I will not look at the source of any crashes or the follow fix for bug 1316104 till mergeday is over. Completly pointless at the moment. There were 3 different breakages in the last 24h and 2.49a1 might be affected by other changes I saw too. Please use 2.48a2 for the time being. Better to make this one stable because it might take some time for 2.49a1.
bp-fdbc3ede-22c1-4b09-9f4f-1962b2161112 This one is on a link to a PHP program which generates a PDF, so once more I make the Summary more general. (In reply to Rainer Bielefeld from comment #6) > This one probably is a DUP of "Bug 1316104 - CRASH (MOZ_RELEASE_ASSERT) when > click link which opens link target in new TAB" > > @Tony: > Does the workaround in Bug 1316104 work for you? Indeed I had "A new tab in the current window" selected, and I hate to have to select something else. Let's see with "A new window"...
Summary: Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link in Gmail webmail → Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link
...No crash
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
See Also: 1316104
Moving from Core::Untriaged to Core::General https://bugzilla.mozilla.org/show_bug.cgi?id=1407598
Component: Untriaged → General
You need to log in before you can comment on or make changes to this bug.