Closed Bug 1710687 Opened 4 years ago Closed 4 years ago

Crash in [@ nsDocShell::SetVisibility]

Categories

(Core :: DOM: Navigation, defect, P3)

Product:
Core
Component:
DOM: Navigation
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
90 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- wontfix
firefox88 --- wontfix
firefox89 --- wontfix
firefox90 --- fixed

People

(Reporter: aryx, Assigned: smaug)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1710687, null check mDocShell before using it, r=peterv
48 bytes, text/x-phabricator-request
Details | Review

These crashes are interesting because 50-80 reports per release until 87, then 1 for 88.0 releases and the 88 betas, and for the 89 betas 4-5 reports per beta seem to be the median.

99% of crashes on Windows 10, >80% on x86-64, 60% in first minute after launch.

Crash report: https://crash-stats.mozilla.org/report/index/4866a848-dec2-43d5-914d-4cc6d0210511

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll nsDocShell::SetVisibility docshell/base/nsDocShell.cpp:5048
1 xul.dll mozilla::AppWindow::SetVisibility xpfe/appshell/AppWindow.cpp:965
2 xul.dll mozilla::AppWindow::OnStateChange xpfe/appshell/AppWindow.cpp:3197
3 xul.dll nsDocLoader::DoFireOnStateChange uriloader/base/nsDocLoader.cpp:1332
4 xul.dll nsDocLoader::doStopDocumentLoad uriloader/base/nsDocLoader.cpp:949
5 xul.dll nsDocLoader::DocLoaderIsEmpty uriloader/base/nsDocLoader.cpp:757
6 xul.dll nsDocLoader::OnStopRequest uriloader/base/nsDocLoader.cpp:640
7 xul.dll mozilla::net::nsLoadGroup::NotifyRemovalObservers netwerk/base/nsLoadGroup.cpp:616
8 xul.dll mozilla::net::nsLoadGroup::Cancel netwerk/base/nsLoadGroup.cpp:250
9 xul.dll nsDocLoader::Stop uriloader/base/nsDocLoader.cpp:253

Assigning to Olli because he has a patch. Since this is a long-standing crash and the patch will be simple, we should consider uplifting this fix to 89 Beta.

We seem to be trying to close the first browser window very early and then crashing. Should we ignore visibility changes when the window is destroyed (perhaps checking whether mDocShell is null)?

mDocShell is null. The first XUL browser window tried to load a JSM but then called Stop here?

https://searchfox.org/mozilla-central/rev/cecdac0aa5733fee515a166b6e31e38cc58abf32/browser/components/BrowserGlue.jsm#831-832

Assignee: nobody → bugs
Severity: -- → S2
status-firefox88: --- → affected
status-firefox89: --- → affected
status-firefox90: --- → affected
status-firefox-esr78: --- → affected
Priority: -- → P3

The patch is based on code inspection. SizeShell may run scripts
https://searchfox.org/mozilla-central/rev/cecdac0aa5733fee515a166b6e31e38cc58abf32/xpfe/appshell/AppWindow.cpp#1180,1182

The patch is very conservative. It keeps returning success code in the cases where it would return such without the patch and only
adds null check right before accessing mDocShell. mDebuting value stays false after the method call.

Pushed by opettay@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b586b87e1135 null check mDocShell before using it, r=peterv

https://hg.mozilla.org/mozilla-central/rev/b586b87e1135

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox90: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: