Crash at @ mozilla::detail::MutexImpl::lock | nsBrowsingContextReadyCallback::BrowsingContextReady
Categories
(Core :: DOM: Navigation, defect, P3)
Tracking
()
People
(Reporter: shawnjohnjr, Assigned: annyG)
References
Details
Crash Data
Attachments
(1 file, 1 obsolete file)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr78+
|
Details | Review |
https://crash-stats.mozilla.org/report/index/ccb26a4d-fb18-46ac-b5cf-e72e60210214#tab-details
Signature mozilla::detail::MutexImpl::lock | nsBrowsingContextReadyCallback::BrowsingContextReady More Reports Search
UUID f74bcae9-1ae1-4951-aa81-76c9a0210213
Date Processed 2021-02-13 21:30:29 UTC
Uptime 2,019 seconds (33 minutes and 39 seconds)
Last Crash 2,059 seconds before submission (34 minutes and 19 seconds)
Install Age 1,428,628 seconds since version was first installed (2 weeks, 2 days and 12 hours)
Install Time 2021-01-28 08:39:51
Product Firefox
Release Channel esr
Version 78.7.0esr
Build ID 20210119174753 (2021-01-19) Buildhub data
OS Debian GNU/Linux 10 (buster)
OS Version 0.0.0 Linux 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64
Build Architecture amd64
CPU Info family 6 model 45 stepping 7
CPU Count 8
Adapter Vendor ID
NVIDIA Corporation (0x10de)
Adapter Device ID
GK104 [GeForce GTX 670] (0x1189)
Startup Crash
False
Crash Reason SIGSEGV /SEGV_MAPERR
Crash Address 0x28
EMCheckCompatibility
False
App Notes
Debian GNU/Linux 10 (buster)FP(D00-L1000-W00000000-T000) WR? WR- OMTP? OMTP+4
Processor Notes
processor_ip-172-31-46-251_us-west-2_compute_internal_7; ProcessorPipeline
|
Reporter | |
Comment 1•4 years ago
|
||
Frame Module Signature Source Trust
0 libpthread.so.0 __pthread_mutex_lock /build/glibc-vjB4T1/glibc-2.28/nptl/../nptl/pthread_mutex_lock.c:67 context
1 firefox-esr mozilla::detail::MutexImpl::lock() build-browser/mozglue/misc/mozglue/misc/Mutex_posix.cpp:118 cfi
2 libxul.so nsBrowsingContextReadyCallback::BrowsingContextReady(mozilla::dom::BrowsingContext*) cfi
3 libxul.so nsFrameLoader::InvokeBrowsingContextReadyCallback() build-browser/dom/base/dom/base/nsFrameLoader.cpp:3578 cfi
4 libxul.so nsFrameLoader::TryRemoteBrowserInternal() cfi
5 libxul.so nsFrameLoader::TryRemoteBrowser() build-browser/dom/base/dom/base/nsFrameLoader.cpp:2657 cfi
6 libxul.so nsFrameLoader::GetBrowsingContext() build-browser/dom/base/dom/base/nsFrameLoader.cpp:3195 cfi
7 libxul.so mozilla::dom::FrameLoader_Binding::get_browsingContext(JSContext*, JS::Handle<JSObject*>, void*, JSJitGetterCallArgs) build-browser/dom/bindings/build-browser/dom/bindings/FrameLoaderBinding.cpp:163 cfi
8 libxul.so bool mozilla::dom::binding_detail::GenericGetter<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) build-browser/dom/bindings/dom/bindings/BindingUtils.cpp:3079 cfi
9 libxul.so js::jit::CallNativeGetter(JSContext*, JS::Handle<JSFunction*>, JS::Handle<JSObject*>, JS::MutableHandle<JS::Value>) build-browser/js/src/jit/js/src/jit/VMFunctions.cpp:1478 cfi
|
||
Comment 2•4 years ago
|
||
Andreas, is this something you could look at?
|
||
Comment 3•4 years ago
|
||
Nika says we are crashing on null promise here:
We should null check the promise, but include a MOZ_DIAGNOSTIC_ASSERT so we can catch bugs like this in Nightly. No need to uplift to ESR 78 because crash volume is so low (only about 5 crash reports in the last six months).
But why are we getting second promise call?? The same open window is being passed to a BrowsingContext twice? Process switch appears to reuse same nsIOpenWindowInfo and then create a remote browser in that same process, but we should probably create a non-remote browser? Non-remoteness attribute was overwritten?
The ESR 78 code:
is missing some checks from: https://phabricator.services.mozilla.com/D85446
Assigning to Anny because she touched this code in bug 1630323.
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 4•4 years ago
|
||
I could reproduce this crash randomly, let me know if you need my help, although I haven't found deterministic STR.
|
Assignee | |
Comment 5•4 years ago
|
||
|
||
Comment 7•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 8•4 years ago
|
||
Reopening because of the need to uplift to esr78
|
|
Assignee | |
Comment 9•4 years ago
•
|
||
<cut>
|
|
Assignee | |
Comment 10•4 years ago
|
||
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 11•4 years ago
|
||
Comment on attachment 9205222 [details]
Bug 1693946 - Null check the browsing context ready callback in nsOpenWindowInfo, r=nika!
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: want to prevent browser crashes
- User impact if declined: browser crash
- Fix Landed on Version: 88
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): low because it's just a null check
- String or UUID changes made by this patch:
|
||
Comment 12•4 years ago
|
||
Bug resolution tracks landing on m-c. Please don't reopen them for uplifts.
|
|
||
Comment 13•4 years ago
|
||
I don't see any signs of this crash signature on esr78. Was there a reason we felt it may be needed there?
|
|
Assignee | |
Comment 14•4 years ago
|
||
Comment 1 has the link to a crash on ESR 78 https://crash-stats.mozilla.org/report/index/ccb26a4d-fb18-46ac-b5cf-e72e60210214#tab-details
|
|
||
Comment 15•4 years ago
|
||
Comment on attachment 9205222 [details]
Bug 1693946 - Null check the browsing context ready callback in nsOpenWindowInfo, r=nika!
Not a particularly high volume crash on ESR, but also a trivial patch to take. Approved for 78.9esr.
|
|
||
Comment 16•4 years ago
|
||
| bugherder uplift | ||
Description
•