Closed
Bug 1351558
Opened 8 years ago
Closed 8 years ago
Crash in mozalloc_abort | NS_DebugBreak | mozilla::ipc::LogicError | mozilla::net::PHttpChannel::Transition
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
FIXED
mozilla55
| Tracking | Status | |
|---|---|---|
| firefox52 | --- | unaffected |
| firefox-esr52 | --- | unaffected |
| firefox53 | --- | unaffected |
| firefox54 | --- | unaffected |
| firefox55 | --- | fixed |
People
(Reporter: calixte, Assigned: schien)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, Whiteboard: [clouseau][necko-active][PBg-HTTP-M1])
Crash Data
Attachments
(2 files)
This bug was filed from the Socorro interface and is
report bp-19ce3974-195f-4c6a-aae6-ee3782170328.
=============================================================
There are 7 crashes in nightly 55 with buildid 20170328095415. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1320744.
[1] https://hg.mozilla.org/mozilla-central/rev?node=de9bccfe404e04fce4ba2ace7561e01404459448
Flags: needinfo?(schien)
|
Assignee | |
Comment 1•8 years ago
|
||
Checking and keep the ni?
|
|
Assignee | |
Updated•8 years ago
|
Flags: needinfo?(schien)
Whiteboard: [clouseau] → [clouseau][necko-active][PBg-HTTP-M1]
|
|
Assignee | |
Comment 2•8 years ago
|
||
This crash is about trying to send IPC messages on a dead IPC actor. I suspect that we trigger the `TrySendDeletingChannel` more than once. There are two boolean flags we depends on that in not thread safe: `mIPCOpen` and `mKeptAlive`. [1]
My first guess is that making `mIPCOpen` atomic might be sufficient. Trying to reproduce it locally to prove my theory.
[1] https://searchfox.org/mozilla-central/rev/7419b368156a6efa24777b21b0e5706be89a9c2f/netwerk/protocol/http/HttpChannelChild.h#233-234
|
Reporter | |
Comment 3•8 years ago
|
||
An other signature with 4 crashes where the backtrace has some similarities with the previous one:
https://crash-stats.mozilla.com/report/index/cd395b8b-3d36-4843-9e01-c85cb2170328
Crash Signature: [@ mozalloc_abort | NS_DebugBreak | mozilla::ipc::LogicError | mozilla::net::PHttpChannel::Transition] → [@ mozalloc_abort | NS_DebugBreak | mozilla::ipc::LogicError | mozilla::net::PHttpChannel::Transition]
[@ mozalloc_abort | NS_DebugBreak | mozilla::ipc::LogicError | mozilla::net::PHttpChannelChild::SendDeletingChannel ]
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 6•8 years ago
|
||
@mayhemer maybe too busy to review my patch today. Ask @dragana to do this quick review since she is familiar with the code as well.
@dragana, HttpChannelChild can now destroys itself on non-main-thread. From the code inspection, `mIPCOpen` is not thread safe so we might call TrySendDeletingChannel more than once.
I implement two safe mechanisms here:
1) make `mIPCOpen` atomic and check again before SendDeletingChannel is called;
2) introduce `mDeletingChannelSent` to ensure SendDeletingChannel procedure is run at most once within the HttpChannelChild life cycle.
Assignee: nobody → schien
Flags: needinfo?(dd.mozilla)
|
||
Comment 7•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8852389 [details]
Bug 1351558 - double check mIPCOpen flag before we send IPC message. .
https://reviewboard.mozilla.org/r/124632/#review127240
Attachment #8852389 -
Flags: review?(dd.mozilla) → review+
|
|
||
Comment 8•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8852390 [details]
Bug 1351558 - make sure PHttpChannel destroy procedure will only be done once.
https://reviewboard.mozilla.org/r/124634/#review127250
Attachment #8852390 -
Flags: review?(dd.mozilla) → review+
|
|
||
Updated•8 years ago
|
Flags: needinfo?(dd.mozilla)
Pushed by schien@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/065baa8ca93c
double check mIPCOpen flag before we send IPC message. r=dragana.
https://hg.mozilla.org/integration/autoland/rev/a1d6a86da1e3
make sure PHttpChannel destroy procedure will only be done once. r=dragana
|
||
Comment 10•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/065baa8ca93c
https://hg.mozilla.org/mozilla-central/rev/a1d6a86da1e3
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
|
||
Updated•8 years ago
|
status-firefox52:
--- → unaffected
status-firefox53:
--- → unaffected
status-firefox54:
--- → unaffected
status-firefox-esr52:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•