Closed Bug 1451293 Opened 2 years ago Closed 9 months ago
Crash in mozilla::net::ns
Http Connection::Dont Reuse
This bug was filed from the Socorro interface and is report bp-bed8e1f5-9467-4205-942b-1dbfb0180404. ============================================================= Top 10 frames of crashing thread: 0 xul.dll mozilla::net::nsHttpConnection::DontReuse netwerk/protocol/http/nsHttpConnection.cpp:958 1 xul.dll mozilla::net::nsHttpChannel::OnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:7131 2 xul.dll nsInputStreamPump::OnStateStop netwerk/base/nsInputStreamPump.cpp:700 3 xul.dll nsInputStreamPump::OnInputStreamReady netwerk/base/nsInputStreamPump.cpp:428 4 xul.dll nsInputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:97 5 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1040 6 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:97 7 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:319 8 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:299 9 xul.dll nsBaseAppShell::Run widget/nsBaseAppShell.cpp:157 ============================================================= crash reports with a signature and a stack similar to this are showing up on windows since firefox 56 - tentatively related to bug 1351462. overall it's happening with a fairly low volume on release though.
Someone is still manipulating (means: refs+-) nsHttpTransaction::mConnection outside nsHttpTransaction::mLock. That needs to be found and fixed. We have improved this in bug 1011354, but I think we need to make more finer audit.
See Also: → 1011354
This is very cyclic (incredibly low crash rate during the weekend), and looks to be most commonly happening on ESR builds, which says to me there's some sort of strange enterprise environment making this more likely. Also an indicator that this could be quite tricky to track down.
Priority: -- → P2
Kershaw -- can you have a look at this please? See comment #1.
Assignee: nobody → kershaw
(In reply to Selena Deckelmann :selenamarie :selena use ni? pronoun: she from comment #3) > Kershaw -- can you have a look at this please? See comment #1. Sure.
A possible reason of crash could be ConnectionHandle::TakeHttpConnection() is called in sts thread and someone wants to call nsHttpConnection::DontReuse from main thread. To avoid the crash, this patch simply adds some null checks in ConnectionHandle.
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/83f419699bf1 single thread access to ConnectionHandle::mConn r=mayhemer https://hg.mozilla.org/integration/autoland/rev/51df10abf1da P2: Call SetConnRefTaken r=michal
You need to log in before you can comment on or make changes to this bug.