Open Bug 1579492 Opened 3 months ago Updated Yesterday

Crash in [@ (anonymous namespace)::DarwinGamepadService::ReportChangedCallback]

Categories

(Core :: DOM: Device Interfaces, defect, critical)

Desktop
macOS
defect
Not set
critical

Tracking

()

REOPENED
mozilla71
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox69 --- unaffected
firefox70 --- fixed
firefox71 --- fixed

People

(Reporter: marcia, Assigned: daoshengmu)

References

(Regression, )

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

This bug is for crash report bp-5b0b7d03-9e77-4272-a82b-0f4900190906.

Seen while looking at nightly crash stats: https://bit.ly/2kyGTkR. Crashes started in 70 beta. Code was touched in Bug 1523353 in the 70 timeframe. One URL that is crashing is https://html5gamepad.com/.

ni on dmu

Top 10 frames of crashing thread:

0 XUL  dom/gamepad/cocoa/CocoaGamepad.cpp:343
1 IOKit __IOHIDDeviceInputReportApplier 
2 CoreFoundation __CFBasicHashIncSlotCount 
3 CoreFoundation -[CFPrefsSource alreadylocked_copyDictionary] 
4 CoreFoundation __CFBasicHashIncSlotCount 
5 IOKit __IOHIDDeviceInputReportWithTimeStampCallback 
6 IOHIDLib IOHIDLib@0x5135 
7 CoreFoundation __CFRunLoopDoSource1 
8 CoreFoundation __CFRunLoopDoSource1 
9 CoreFoundation __CFRunLoopDoSource1 

Flags: needinfo?(dmu)

Sending a patch r?

Flags: needinfo?(dmu)
Pushed by dmu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3792d6634145
Check if nullptr in DarwinGamepadService::ReportChangedCallback(). r=baku
Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

Please nominate this for Beta approval when you get a chance.

Flags: needinfo?(dmu)
Regressed by: 1523353

Comment on attachment 9091273 [details]
Bug 1579492 - Check if nullptr in DarwinGamepadService::ReportChangedCallback().

Beta/Release Uplift Approval Request

  • User impact if declined: The crash will continue to happen when using Gamepad on Mac OS.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): It just adds a nullptr check to avoid access 0x0 address.
  • String changes made/needed:
Flags: needinfo?(dmu)
Attachment #9091273 - Flags: approval-mozilla-beta?

Comment on attachment 9091273 [details]
Bug 1579492 - Check if nullptr in DarwinGamepadService::ReportChangedCallback().

Fix for a new Mac crash in 70, let's uplift for beta 7.

Attachment #9091273 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
QA Whiteboard: [qa-triaged]

Clearing the QE+ flag since with our devices, we are unable to reproduce the crash.

Flags: qe-verify+

I think the original fix is unharmful and makes it more safe.

I do not have clear STR to reproduce it so far. Currently, I only can suspect it is because we didn't unregister IOHIDDeviceRegisterInputReportCallback [1] while DeviceRemoved().

[1] https://stackoverflow.com/questions/38149072/how-do-i-unregister-an-iokit-hid-callback

Flags: needinfo?(dmu)

https://crash-stats.mozilla.org/report/index/32a9e84a-86ff-4ddd-81ba-351a00191205 points to this signature (from Firefox Dev Edition 72).

The problem surfaced live on-stage, crashing the browser, Wei referred to it as "when I try to use my Joycon controllers from separate tabs, it pretty consistently crashes Firefox". She was using the Joycon controllers (connecting over Bluetooth) to control a slide deck in one tab, and wanted to showcase further opportunities for querying the gamepads with a second tab.
https://twitter.com/reknowledgeable/status/1202583937647689728

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
You need to log in before you can comment on or make changes to this bug.