Open Bug 1507141 Opened Last year Updated 4 months ago

Crash in mozilla::net::nsSocketTransportService::Run

Categories

(Core :: Networking, defect, P3, critical)

Unspecified
All
defect

Tracking

()

Tracking Status
firefox-esr60 --- affected
firefox63 --- wontfix
firefox64 --- wontfix
firefox65 --- wontfix
firefox66 --- wontfix
firefox67 --- wontfix
firefox68 --- wontfix
firefox69 --- fix-optional
firefox70 --- fix-optional

People

(Reporter: marcia, Unassigned)

Details

(Keywords: crash, regression, Whiteboard: [necko-triaged])

Crash Data

This bug was filed from the Socorro interface and is
report bp-c31f7861-a9a5-459a-a805-38eaa0181025.
=============================================================

Seen while looking at nightly crash stats https://bit.ly/2PSL1tR. Mac crashes on nightly go back to at least 20181023100120. 11 crashes/5 installs in the last 2 weeks. There are a few instances of this crash signature in other branches, but it is much more noticeable in nightly.

Top 10 frames of crashing thread:

0  @0x8010a77bced 
1 XUL mozilla::net::nsSocketTransportService::Run netwerk/base/nsSocketTransportService2.cpp:579
2 XUL non-virtual thunk to mozilla::net::nsSocketTransportService::Run netwerk/base/nsSocketTransportService2.cpp
3 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1245
4 XUL NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:530
5 XUL mozilla::ipc::MessagePumpForNonMainThreads::Run ipc/glue/MessagePump.cpp:334
6 XUL nsThread::ThreadFunc ipc/chromium/src/base/message_loop.cc:325
7 libnss3.dylib _pt_root nsprpub/pr/src/pthreads/ptthread.c:201
8 libsystem_pthread.dylib _pthread_body 
9 libsystem_pthread.dylib _pthread_start 

=============================================================
Not a new regression, volume is not too high.
What stands out from the crash reports is that this is a content process crash.
P3 based on comment 1.  This is also hard to act on.
Priority: -- → P3
Whiteboard: [necko-triaged]
(In reply to Valentin Gosu [:valentin] from comment #2)
> What stands out from the crash reports is that this is a content process
> crash.

Can you show how you determine that?
(In reply to Honza Bambas (:mayhemer) from comment #4)
> (In reply to Valentin Gosu [:valentin] from comment #2)
> > What stands out from the crash reports is that this is a content process
> > crash.
> 
> Can you show how you determine that?

I was looking at the more reports dashboard.
In fact they are not all content process crashes, just a few of them. At it seems they are crashing in different places in the method, not in PR_Poll.
Marking fix-optional for 65 and 66 since it is already triaged and has a priority set. We can still take a patch in nightly.

Adding 67 as affected. Still fairly low volume. In 66.0b4 this is flagged as a startup crash, but there are relatively few crashes.

Crash Signature: [@ mozilla::net::nsSocketTransportService::Run] → [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run]

Adding another signature seen in nightly crash triage.

Crash Signature: [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] → [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozilla::net::nsSocketTransportService::Run]

Adding another signature. There are a number of comments in these various signatures that reference Twitter, and the URLs in the Mac crashes are almost exclusively Twitter:

*https://twitter.com/home

Perhaps this is a dupe of one of the other bugs such as Bug 1521922? Adding Adam for his thoughts.

Crash Signature: [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozilla::net::nsSocketTransportService::Run] → [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | <name omitted> | mozilla::detail::MutexImpl::lock | mozilla::detail::Mut…
Flags: needinfo?(astevenson)

Without steps to reproduce I don't think Twitter will be able to help much here unfortunately. I reached out about #1521922 but nothing came of it.

Flags: needinfo?(astevenson)
Crash Signature: [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | <name omitted> | mozilla::detail::MutexImpl::lock | mozilla::detail::Mut… → [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozilla::net::nsSocketTransportService::Run] [@ PR_Cleanup | mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | <name omit…

I took a look at the correlations for the signature that is the highest volume. Here is what it shows on Nightly:

(84.62% in signature vs 03.21% overall) Addon "React Developer Tools" = true
(76.92% in signature vs 06.08% overall) reason = EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
(76.92% in signature vs 10.18% overall) Addon "Firefox Multi-Account Containers" = true
(61.54% in signature vs 01.81% overall) Addon "onepassword4@agilebits.com" = true
(61.54% in signature vs 04.01% overall) Module "SpotlightIndex" = true
(61.54% in signature vs 04.45% overall) Module "CloudDocs" = true
(53.85% in signature vs 00.55% overall) Addon "Cetus" = true
(53.85% in signature vs 00.71% overall) Addon "{b1f2a5fa-600c-4a9a-bb5d-ec3849f1bbe7}" = true
(53.85% in signature vs 00.89% overall) Addon "zotero@chnm.gmu.edu" = true
(53.85% in signature vs 01.28% overall) Addon "https-everywhere-eff@eff.org" = true
(53.85% in signature vs 01.63% overall) Addon "Refined GitHub" = true
(53.85% in signature vs 01.73% overall) Addon "jid1-MnnxcxisBPnSXQ-eff@jetpack" = true
(53.85% in signature vs 01.99% overall) Addon "Firefox Pioneer" = true
(53.85% in signature vs 04.07% overall) Addon "Greasemonkey" = true

Several of the other signature appear to have a password manager installed, such as support@lastpass.com. So that seems to be the one common denominator I have seen in the reports so far.

Bug 1528756 has a user that is hitting this regularly, and he does have a password manager installed.

Adding another nightly Mac signature seen during triage. One of the 2 URLs is https://twitter.com/home. I also pinged the reporter in the Bug in Comment 12 to see if they have STR.

Crash Signature: omitted> | mozilla::detail::MutexImpl::lock | mozilla::detail::MutexImpl::unlock | mozilla::net::nsSocketTransportService::Run] → omitted> | mozilla::detail::MutexImpl::lock | mozilla::detail::MutexImpl::unlock | mozilla::net::nsSocketTransportService::Run] [@ CERT_SerialNumberFromDERCert | CERT_NewTempCertificate | mozilla::net::nsSocketTransportService::Run]
Crash Signature: [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozilla::net::nsSocketTransportService::Run] [@ PR_Cleanup | mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | <name omit… → [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_CreatePipe | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozilla::net::nsSocketTransportService::Run] [@ PR_Cleanup | mozi…
Crash Signature: [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_CreatePipe | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozilla::net::nsSocketTransportService::Run] [@ PR_Cleanup | mozi… → [@ mozilla::net::nsSocketTransportService::Run] [@ PR_Poll | mozilla::net::nsSocketTransportService::Run] [@ PR_Select | mozilla::net::nsSocketTransportService::Run] [@ PR_CreatePipe | mozilla::net::nsSocketTransportService::Run] [@ PR_ReadDir | mozil…
Crash Signature: mozilla::net::nsSocketTransportService::Run] [@ CERT_SerialNumberFromDERCert | CERT_NewTempCertificate | mozilla::net::nsSocketTransportService::Run] → mozilla::net::nsSocketTransportService::Run] [@ CERT_SerialNumberFromDERCert | CERT_NewTempCertificate | mozilla::net::nsSocketTransportService::Run] [@ nssSlot_IsTokenPresent | mozilla::net::nsSocketTransportService::Run]

6 to 10 crashes per beta in 67, the bug is not currently assigned and we are past the beta cycle midpoint, so wontfix for 67.

There are crashes on Windows and Android as well, updating flags accordingly.

Bulk change of P3 carryover bugs to wontfix for 68.

This is low enough volume now that we might consider just closing this one out.

You need to log in before you can comment on or make changes to this bug.