Closed Bug 1579492 Opened 6 years ago Closed 5 years ago

Crash in [@ (anonymous namespace)::DarwinGamepadService::ReportChangedCallback]

Categories

(Core :: DOM: Device Interfaces, defect)

Product:
Core
Component:
DOM: Device Interfaces
Platform:
Desktop
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla73
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox69 --- unaffected
firefox70 --- fixed
firefox71 --- fixed
firefox72 --- fixed
firefox73 --- fixed

People

(Reporter: marcia, Assigned: daoshengmu)

References

(Regression,
URL
)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

Bug 1579492 - Check if nullptr in DarwinGamepadService::ReportChangedCallback().
47 bytes, text/x-phabricator-request
lizzard
: approval-mozilla-beta+
Details | Review
Bug 1579492 - Unregister input report callback when removing Cocoa gamepads.
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-5b0b7d03-9e77-4272-a82b-0f4900190906.

Seen while looking at nightly crash stats: https://bit.ly/2kyGTkR. Crashes started in 70 beta. Code was touched in Bug 1523353 in the 70 timeframe. One URL that is crashing is https://html5gamepad.com/.

ni on dmu

Top 10 frames of crashing thread:

0 XUL  dom/gamepad/cocoa/CocoaGamepad.cpp:343
1 IOKit __IOHIDDeviceInputReportApplier 
2 CoreFoundation __CFBasicHashIncSlotCount 
3 CoreFoundation -[CFPrefsSource alreadylocked_copyDictionary] 
4 CoreFoundation __CFBasicHashIncSlotCount 
5 IOKit __IOHIDDeviceInputReportWithTimeStampCallback 
6 IOHIDLib IOHIDLib@0x5135 
7 CoreFoundation __CFRunLoopDoSource1 
8 CoreFoundation __CFRunLoopDoSource1 
9 CoreFoundation __CFRunLoopDoSource1
Flags: needinfo?(dmu)

Sending a patch r?

Flags: needinfo?(dmu)
Pushed by dmu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3792d6634145 Check if nullptr in DarwinGamepadService::ReportChangedCallback(). r=baku

https://hg.mozilla.org/mozilla-central/rev/3792d6634145

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox71: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Assignee: nobody → dmu

Please nominate this for Beta approval when you get a chance.

status-firefox69: --- → unaffected
status-firefox-esr60: --- → unaffected
status-firefox-esr68: --- → unaffected
Flags: needinfo?(dmu)
Regressed by: 1523353

Comment on attachment 9091273 [details]
Bug 1579492 - Check if nullptr in DarwinGamepadService::ReportChangedCallback().

Beta/Release Uplift Approval Request

  • User impact if declined: The crash will continue to happen when using Gamepad on Mac OS.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): It just adds a nullptr check to avoid access 0x0 address.
  • String changes made/needed:
Flags: needinfo?(dmu)
Attachment #9091273 - Flags: approval-mozilla-beta?

Comment on attachment 9091273 [details]
Bug 1579492 - Check if nullptr in DarwinGamepadService::ReportChangedCallback().

Fix for a new Mac crash in 70, let's uplift for beta 7.

Attachment #9091273 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Flags: qe-verify+
QA Whiteboard: [qa-triaged]

Clearing the QE+ flag since with our devices, we are unable to reproduce the crash.

Flags: qe-verify+

I think the original fix is unharmful and makes it more safe.

I do not have clear STR to reproduce it so far. Currently, I only can suspect it is because we didn't unregister IOHIDDeviceRegisterInputReportCallback [1] while DeviceRemoved().

[1] https://stackoverflow.com/questions/38149072/how-do-i-unregister-an-iokit-hid-callback

Flags: needinfo?(dmu)

https://crash-stats.mozilla.org/report/index/32a9e84a-86ff-4ddd-81ba-351a00191205 points to this signature (from Firefox Dev Edition 72).

The problem surfaced live on-stage, crashing the browser, Wei referred to it as "when I try to use my Joycon controllers from separate tabs, it pretty consistently crashes Firefox". She was using the Joycon controllers (connecting over Bluetooth) to control a slide deck in one tab, and wanted to showcase further opportunities for querying the gamepads with a second tab.
https://twitter.com/reknowledgeable/status/1202583937647689728

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Pushed by dmu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/aca53f34817a Unregister input report callback when removing Cocoa gamepads. r=baku

https://hg.mozilla.org/mozilla-central/rev/aca53f34817a

Status: REOPENED → RESOLVED
Closed: 6 years ago5 years ago
status-firefox73: --- → fixed
Resolution: --- → FIXED
Target Milestone: mozilla71 → mozilla73

Change the status for beta to have the same as nightly and release.
For more information, please visit auto_nag documentation.

status-firefox72: --- → fixed
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: