Open Bug 1711734 Opened 3 years ago Updated 1 year ago

Crash in [@ IPCError-browser | RecvCreateBrowsingContext Parent has different group object]

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
Unspecified
All
Type:
defect

Tracking

()

Status:
REOPENED
Tracking Flags:
Tracking Status
firefox89 --- affected
firefox90 --- affected

People

(Reporter: aryx, Unassigned, NeedInfo)

References

Details

(Keywords: crash)

Crash Data

This signature is only observed with Nightly (92 crashes for 63 installations of 90.0a1 over the past weeks).

Crash report: https://crash-stats.mozilla.org/report/index/906aaf86-401d-4b3b-bdfb-1b5220210517

Reason: EXC_BREAKPOINT / EXC_I386_BPT

Top 10 frames of crashing thread:

0 libmozglue.dylib arena_t::DallocSmall memory/build/mozjemalloc.cpp:3288
1 libmozglue.dylib free memory/build/malloc_decls.h:54
2 XUL mozilla::ipc::URIParams::MaybeDestroy ipc/ipdl/URIParams.cpp:701
3 XUL void mozilla::ipc::WriteIPDLParam<nsIURI*> ipc/glue/IPDLParamTraits.h:64
4 XUL mozilla::ipc::IPDLParamTraits<mozilla::dom::DocShellLoadStateInit>::Write ipc/ipdl/DOMTypes.cpp:2149
5 XUL mozilla::ipc::IPDLParamTraits<mozilla::net::DocumentChannelCreationArgs>::Write ipc/ipdl/NeckoChannelParams.cpp:3390
6 XUL mozilla::net::PNeckoChild::SendPDocumentChannelConstructor ipc/ipdl/PNeckoChild.cpp:1331
7 XUL mozilla::net::DocumentChannelChild::AsyncOpen netwerk/ipc/DocumentChannelChild.cpp:162
8 XUL nsURILoader::OpenURI uriloader/base/nsURILoader.cpp:696
9 XUL nsDocShell::InternalLoad docshell/base/nsDocShell.cpp:9610
Severity: -- → S2

This crash will probably be fixed by bug 1535913, which landed yesterday.

Status: NEW → RESOLVED
Closed: 3 years ago
Depends on: 1535913
Resolution: --- → DUPLICATE

There are still some cases, it seems. Recent report

Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Severity: S2 → --

I'm confused, the reports doesn't seem to have anything to do with ContentParent::RecvCreateBrowsingContext, :jstutte do you see something that I'm missing?

Flags: needinfo?(jstutte)

In fact this looks a bit unactionable as a report. IIUC, this is a content process kill initiated from the parent process by ContentParent::RecvCreateBrowsingContext via IPC_FAIL. This seems to be caused by this call inside BrowsingContext::Attach, introduced/modified by bug 1580565. Being this an async send, the stack traces in the reports at the time the crash happens are not helpful and should not be looked at, only the IPCError-browser | RecvCreateBrowsingContext Parent has different group object is interesting here. This makes it hard to understand, why we can get into this situation and if it is even the child's fault or an error in the parent's book-keeping.

Flags: needinfo?(jstutte) → needinfo?(nika)

S3 - according to the very low crash volume and not a security issue.
Let me know if the severity rating doesn't fit.

Severity: -- → S3

There might be some relation to bug 1815480 here (at least also there we might end up with a misaligned book keeping around BrowsingContextGroups).

See Also: → 1815480
You need to log in before you can comment on or make changes to this bug.