Closed Bug 1316950 Opened 6 years ago Closed 6 years ago

Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link

Categories

(Core :: General, defect)

defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 1316104
Tracking Status
firefox52 --- affected

People

(Reporter: tonymec, Unassigned)

Details

(Keywords: crash, topcrash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-62b9b271-1ab5-467f-b8a1-e67e02161111.
=============================================================
bp-84f6e966-ed5e-4c26-ac26-2930f2161110 is similar.

Both of these crashing builds had the following UA string:
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49a1

The older of these two crashes is from the following build:

20161109003001
http://hg.mozilla.org/comm-central/rev/e4ab5c338d81d9c1e457364141e9aeac5fcfe422
http://hg.mozilla.org/mozilla-central/rev/783356f1476e

and had the following crash data (see also my concluding remarks at bottom):

------------------------------ crash data start
Signature 	nsGlobalWindow::SetOpenerWindow More Reports Search
UUID 	84f6e966-ed5e-4c26-ac26-2930f2161110
Date Processed 	2016-11-10 00:43:36
Uptime 	41,325 seconds (11 hours, 28 minutes and 45 seconds)
Last Crash 	11,391,268 seconds before submission (18 weeks, 5 days and 20 hours)
Install Age 	41,325 seconds since version was first installed (11 hours, 28 minutes and 45 seconds)
Install Time 	2016-11-09 13:13:53
Product 	SeaMonkey
Release Channel 	nightly
Version 	2.49a1
Build ID 	20161109003001
OS 	Linux
OS Version 	0.0.0 Linux 4.1.34-33-default #1 SMP PREEMPT Thu Oct 20 08:03:29 UTC 2016 (fe18aba) x86_64
Build Architecture 	amd64
Build Architecture Info 	family 6 model 23 stepping 10 | 2
Adapter Vendor ID 	

Adapter Device ID 	

Startup Crash 	

False

MOZ_CRASH Reason 	MOZ_RELEASE_ASSERT(!contentOpener || !mTabGroup || mTabGroup == Cast(contentOpener)->mTabGroup)
Crash Reason 	SIGSEGV
Crash Address 	0x0
User Comments 	

clicking a link in a message at Gmail webmail
EMCheckCompatibility 	

False

App Notes 	

openSUSE Leap 42.1 (x86_64)FP(D00-L1000-W00000000-T0000) OpenGL: Intel Open Source Technology Center -- Mesa DRI Intel(R) Q45/Q43  -- 2.1 Mesa 11.0.8 -- texture_from_pixmap
libGL.so.1? libGL.so.1+ GL Context? GL Context+ GL Layers? GL Layers+ WebGL? WebGL+ WebGL- 

Processor Notes 	processor_prod-processor-i-0f6d2a17_1318; MozillaProcessorAlgorithm2015; skunk_classifier: reject - not a plugin hang

Bugzilla - Report this bug in SeaMonkey Core External Software Affecting Firefox Toolkit
Related Bugs

Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	libxul.so 	nsGlobalWindow::SetOpenerWindow 	dom/base/nsGlobalWindow.cpp:3231
1 	libxul.so 	nsWindowWatcher::ReadyOpenedDocShellItem 	embedding/components/windowwatcher/nsWindowWatcher.cpp:2148
2 	libxul.so 	nsWindowWatcher::OpenWindowInternal 	embedding/components/windowwatcher/nsWindowWatcher.cpp:1062
3 	libxul.so 	nsWindowWatcher::OpenWindow2 	embedding/components/windowwatcher/nsWindowWatcher.cpp:445
4 	libxul.so 	nsGlobalWindow::OpenInternal 	dom/base/nsGlobalWindow.cpp:12429
5 	libxul.so 	nsGlobalWindow::OpenJS 	dom/base/nsGlobalWindow.cpp:8314
6 	libxul.so 	nsGlobalWindow::OpenOuter 	dom/base/nsGlobalWindow.cpp:8267
7 	libxul.so 	nsGlobalWindow::Open 	dom/base/nsGlobalWindow.cpp:8276
8 	libxul.so 	mozilla::dom::WindowBinding::open 	/builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/WindowBinding.cpp:2194
9 	libxul.so 	mozilla::dom::WindowBinding::genericMethod 	/builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/WindowBinding.cpp:14893
10 	libxul.so 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
11 	libxul.so 	js::Call 	js/src/vm/Interpreter.cpp:522
12 	libxul.so 	js::Wrapper::call 	js/src/proxy/Wrapper.cpp:165
13 	libxul.so 	js::CrossCompartmentWrapper::call 	js/src/proxy/CrossCompartmentWrapper.cpp:333
14 	libxul.so 	js::Proxy::call 	js/src/proxy/Proxy.cpp:400
15 	libxul.so 	js::proxy_Call 	js/src/proxy/Proxy.cpp:689
16 	libxul.so 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
17 	libxul.so 	Interpret 	js/src/vm/Interpreter.cpp:509
18 	libxul.so 	js::RunScript 	js/src/vm/Interpreter.cpp:404
19 	libxul.so 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
20 	libxul.so 	js::Call 	js/src/vm/Interpreter.cpp:522
21 	libxul.so 	js::fun_call 	js/src/jsfun.cpp:1252
22 	libxul.so 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
23 	libxul.so 	Interpret 	js/src/vm/Interpreter.cpp:509
24 	libxul.so 	js::RunScript 	js/src/vm/Interpreter.cpp:404
25 	libxul.so 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
26 	libxul.so 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp:6012
27 		@0x7f2d636eda95 	
28 		@0x7f2cb5b4714f 	
29 		@0x7f2d636ec887 	
30 	libxul.so 	EnterBaseline 	js/src/jit/BaselineJIT.cpp:155
31 	libxul.so 	js::jit::EnterBaselineAtBranch 	js/src/jit/BaselineJIT.cpp:261
32 	libxul.so 	Interpret 	js/src/vm/Interpreter.cpp:1916
33 	libxul.so 	js::RunScript 	js/src/vm/Interpreter.cpp:404
34 	libxul.so 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
35 	libxul.so 	js::Call 	js/src/vm/Interpreter.cpp:522
36 	libxul.so 	js::jit::InvokeFunction 	js/src/jit/VMFunctions.cpp:114
37 		@0x7f2d636f6265 	
38 		@0x7f2cd903d4b7 	
39 		@0x7f2d1615f5f5 	
40 	libxul.so 	js::jit::IonCannon 	js/src/jit/Ion.cpp:2847
41 	libxul.so 	js::RunScript 	js/src/vm/Interpreter.cpp:384
42 	libxul.so 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
43 	libxul.so 	js::Call 	js/src/vm/Interpreter.cpp:522
44 	libxul.so 	js::fun_apply 	js/src/jsfun.cpp:1318
45 	libxul.so 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
46 	libxul.so 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp:6012
47 		@0x7f2d636eda95 	
48 		@0x7f2ca43fd2b7 	
49 	libxul.so 	js::jit::IonCannon 	js/src/jit/Ion.cpp:2847
50 	libxul.so 	libxul.so@0x2c4985f 	
51 	libxul.so 	libxul.so@0x301174f 	
52 	libxul.so 	_fini 	
53 	libxul.so 	js::jit::CanEnter 	js/src/jit/Ion.cpp:2581
54 	libxul.so 	js::RunScript 	js/src/vm/Interpreter.cpp:384
55 	libxul.so 	js::InternalCallOrConstruct 	js/src/vm/Interpreter.cpp:476
56 	libxul.so 	EnterBaseline 	js/src/jit/BaselineJIT.cpp:175
57 	libxul.so 	_fini 	
58 	libxul.so 	js::Call 	js/src/vm/Interpreter.cpp:522
59 	libxul.so 	js::Wrapper::call 	js/src/proxy/Wrapper.cpp:165
60 	libxul.so 	mozilla::net::LoadInfo::GetExternalContentPolicyType 	netwerk/base/LoadInfo.cpp:605
61 		@0x7f2d50f99fff 	
62 	libxul.so 	_fini 	
63 	libxul.so 	js::CrossCompartmentWrapper::call 	js/src/proxy/CrossCompartmentWrapper.cpp:333
64 	libxul.so 	_fini 	
65 	libxul.so 	js::Proxy::call 	js/src/proxy/Proxy.cpp:400
66 	libxul.so 	_fini 	
67 	libxul.so 	libxul.so@0x2f700ff 	
68 	libxul.so 	js::proxy_Call 	js/src/proxy/Proxy.cpp:689
69 	libxul.so 	js::InternalCallOrConstruct 	js/src/jscntxtinlines.h:239
70 	libxul.so 	js::Call 	js/src/vm/Interpreter.cpp:522
71 	libxul.so 	JS::Call 	js/src/jsapi.cpp:2827
72 	libxul.so 	mozilla::dom::AutoJSAPI::ReportException 	dom/base/ScriptSettings.h:267
73 	libxul.so 	mozilla::net::LoadInfo::GetExternalContentPolicyType 	netwerk/base/LoadInfo.cpp:605
74 		@0x7f2d50f99fff 	
75 	libxul.so 	mozilla::dom::GetOrCreateDOMReflectorHelper<mozilla::dom::Event, false>::GetOrCreate 	dom/bindings/BindingUtils.h:942
76 	libxul.so 	mozilla::dom::EventListener::HandleEvent 	/builds/slave/c-cen-t-lnx64-ntly/build/objdir/dom/bindings/EventListenerBinding.cpp:48
77 	libxul.so 	mozilla::net::LoadInfo::GetExternalContentPolicyType 	netwerk/base/LoadInfo.cpp:605
78 		@0x7f2d50f99fff 	
79 	libxul.so 	nsWrapperCache::GetWrapper 	js/public/HeapAPI.h:364
80 	libxul.so 	mozilla::dom::ToJSValue<mozilla::dom::EventTarget> 	dom/bindings/BindingUtils.h:942
81 	libxul.so 	mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget*> 	/builds/slave/c-cen-t-lnx64-ntly/build/objdir/dist/include/mozilla/dom/EventListenerBinding.h:64
82 	libxul.so 	non-virtual thunk to LogStringMessageAsync::~LogStringMessageAsync() 	
------------------------------ crash data end

Both crashes happened when left-clicking a "View it on GitHub" link in a message from github at Gmail webmail.

Right-clicking the same link followed by "Open Link in New Tab" works as expected, with no crash.

I don't have a "last good / first bad" pair: this 2016-11-09 nightly is "bad" but I have no idea whether the previous one was good or bad. I don't even have formal proof that there ever was a "good" build so I'm not setting the "regression" keyword.

For lack of a "SeaMonkey 2.49" tracking flag, I'm leaving the "Firefox 52: affected" flag set by the Socorro/Bugzilla interface. (N.B. SeaMonkey version 2.n, with n > 1, is based on Gecko version (n+3).)
bp-2b882e9a-60fe-4269-9733-a7af22161111

The same crash on left-clicking the button "Add my signature" in a petition email from Avaaz; I'm updating the Summary of this bug to include this new case. Socorro was clever enough to find out without my help that this bug report of mine is relevant.

In this case the button included a link to https://secure.avaaz.org/campaign/fr/president_trump_letter_loc/?bLIcPcb&signup=1&cl=11049561865&v=83874

The github link from one of the previous incidents was to https://github.com/vim/vim/commit/34d72d4b6c1a2b04a214d8a49b7d22c97bc7a8bc#commitcomment-19784926

I don't see any "suspicious similarity" between them.
Summary: Crash in nsGlobalWindow::SetOpenerWindow when clicking a "View it on GitHub" link in Gmail webmail from github → Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link in Gmail webmail
Searching Socorro for this signature displays results for both Firefox and SeaMonkey on both Windows and Linux. One isolated report on 2016-10-13 for Fx 49.0.1 (possibly unrelated), then 66 results for Gecko 52 starting on 2016-11-02.

FYI, here is the search URL I used:
https://crash-stats.mozilla.com/search/?signature=%3DnsGlobalWindow%3A%3ASetOpenerWindow&date=%3E%3D2016-08-11T22%3A36%3A29.000Z&date=%3C2016-11-11T22%3A36%3A29.000Z&_sort=date&_sort=-product&_sort=signature&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
OS: Linux → All
Hardware: x86_64 → All
On the topcrashers' list for 28 days, this signature is currently ranked 233 and new for Firefox, 1 and new for SeaMonkey. I'm setting the topcrash keyword based on its being the #1 SeaMonkey crash with 54 crashes (38.85%) in the last 28 days and the same 54 crashes (but 63.53%) in the last 7 days.
Keywords: topcrash
P.S. In the last 7 days for Firefox, this is topcrash #92 and up 82 places.
(In reply to Tony Mechelynck [:tonymec] from comment #4)
> P.S. In the last 7 days for Firefox, this is topcrash #92 and up 82 places.

P.P.S. ...but #55 (and up 99) when setting the rang type "by build date".
This one probably is a DUP of "Bug 1316104 - CRASH (MOZ_RELEASE_ASSERT) when click link which opens link target in new TAB"

@Tony:
Does the workaround in Bug 1316104 work for you?
See Also: → 1316104
I should have mentioned:
REPRODUCIBLE with server installation of official en-US SeaMonkey 2.49a1  (NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Build 20161107002359  (Default Classic Theme) on German WIN7 64bit
I am not using gmail but I am unable to reproduce any of the crashes with releases were  

https://hg.mozilla.org/comm-central/rev/0fa8bfa73cdec9511df0395c2b1f3af2e5fa2b83

is included. If you find a case were it still does I would be glad. I will not look at the source of any crashes or the follow fix for bug 1316104 till mergeday is over. Completly pointless at the moment. There were 3 different breakages in the last 24h and 2.49a1 might be affected by other changes I saw too. Please use 2.48a2 for the time being. Better to make this one stable because it might take some time for 2.49a1.
bp-fdbc3ede-22c1-4b09-9f4f-1962b2161112

This one is on a link to a PHP program which generates a PDF, so once more I make the Summary more general.

(In reply to Rainer Bielefeld from comment #6)
> This one probably is a DUP of "Bug 1316104 - CRASH (MOZ_RELEASE_ASSERT) when
> click link which opens link target in new TAB"
> 
> @Tony:
> Does the workaround in Bug 1316104 work for you?

Indeed I had "A new tab in the current window" selected, and I hate to have to select something else. Let's see with "A new window"...
Summary: Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link in Gmail webmail → Crash in nsGlobalWindow::SetOpenerWindow when (left-)clicking a link
...No crash
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1316104
See Also: 1316104
Moving from Core::Untriaged to Core::General https://bugzilla.mozilla.org/show_bug.cgi?id=1407598
Component: Untriaged → General
You need to log in before you can comment on or make changes to this bug.