Open Bug 1685642 Opened 10 months ago Updated 1 month ago

Crash in [@ mozilla::SandboxFork::SandboxFork]

Categories

(Core :: Security: Process Sandboxing, defect, P5)

All
Linux
defect

Tracking

()

Tracking Status
firefox-esr78 --- affected
firefox86 --- affected
firefox87 --- affected
firefox88 --- affected
firefox89 --- affected
firefox90 --- affected
firefox91 --- affected

People

(Reporter: sefeng, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [not-a-fission-bug])

Crash Data

Maybe Fission related. (DOMFissionEnabled=1)

Crash report: https://crash-stats.mozilla.org/report/index/19f3b6a8-c652-4f46-bb4d-b7bb90210107

MOZ_CRASH Reason: MOZ_CRASH(socketpair failed)

Top 10 frames of crashing thread:

0 libxul.so mozilla::SandboxFork::SandboxFork security/sandbox/linux/launch/SandboxLaunch.cpp:409
1 libxul.so mozilla::SandboxLaunchPrepare security/sandbox/linux/launch/SandboxLaunch.cpp:353
2 libxul.so mozilla::ipc::GeckoChildProcessHost::AsyncLaunch ipc/glue/GeckoChildProcessHost.cpp:686
3 libxul.so mozilla::dom::ContentParent::BeginSubprocessLaunch dom/ipc/ContentParent.cpp:2414
4 libxul.so mozilla::dom::ContentParent::PreallocateProcess dom/ipc/ContentParent.cpp:658
5 libxul.so mozilla::PreallocatedProcessManagerImpl::AllocateNow dom/ipc/PreallocatedProcessManager.cpp:304
6 libxul.so mozilla::detail::RunnableMethodImpl<mozilla::PreallocatedProcessManagerImpl*, void  xpcom/threads/nsThreadUtils.h:1201
7 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:739
8 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1200
9 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:87

We've had this assertion for a few years, however, we start to hit this assertion regularly since mid last year.

This link gives us all the crashes since the beginning of 2020, 5 of them had fission enabled. So this is might not be fission related. (Not sure when did we add the fission enabled flag to crash reports)

Component: DOM: Content Processes → Security: Process Sandboxing

Very low volume, we have some ideas and will re-investigate if it raises (might be fd exhaustion).

Severity: -- → S4
Priority: -- → P5
Whiteboard: [not-a-fission-bug]

I can reproduce this with fission enabled and a lot of tabs, if right after startup I try to close all tabs by keeping Ctrl+W pressed:

https://crash-stats.mozilla.org/report/index/541fc4ab-1e62-4ea7-9c68-ef3f90210416

It does look like FD exhaustion of some sort, because I get a similar crash with `MOZ_RELEASE_ASSERT(result.mFd.fd != -1) (DuplicateDescriptor failed) with the same STR:

https://crash-stats.mozilla.org/report/index/b68af5c4-5689-4442-9d51-9bff60210416

(In reply to Emilio Cobos Álvarez (:emilio) from comment #3)

I can reproduce this with fission enabled and a lot of tabs, if right after startup I try to close all tabs by keeping Ctrl+W pressed:

https://crash-stats.mozilla.org/report/index/541fc4ab-1e62-4ea7-9c68-ef3f90210416

It does look like FD exhaustion of some sort, because I get a similar crash with `MOZ_RELEASE_ASSERT(result.mFd.fd != -1) (DuplicateDescriptor failed) with the same STR:

https://crash-stats.mozilla.org/report/index/b68af5c4-5689-4442-9d51-9bff60210416

Could this come from bug 1719391 ?

You need to log in before you can comment on or make changes to this bug.