Crash in [@ xpc::NativeGlobal]
Categories
(Core :: XPConnect, defect)
Tracking
()
People
(Reporter: aryx, Assigned: jonco)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
Always content crashes, 150-350 installations per release reporting crashes
Crash report: https://crash-stats.mozilla.org/report/index/cb74cf68-bb4d-434d-b5a8-baea80210524
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll xpc::NativeGlobal js/xpconnect/wrappers/WrapperFactory.cpp:778
1 xul.dll mozilla::dom::ScriptLoader::FinishDynamicImportAndReject dom/script/ScriptLoader.cpp:1208
2 xul.dll mozilla::dom::ScriptLoader::ParsingComplete dom/script/ScriptLoader.cpp:4330
3 xul.dll nsContentSink::DidBuildModelImpl dom/base/nsContentSink.cpp:1108
4 xul.dll nsHtml5TreeOpExecutor::DidBuildModel parser/html/nsHtml5TreeOpExecutor.cpp:178
5 xul.dll nsHtml5Parser::Terminate parser/html/nsHtml5Parser.cpp:480
6 xul.dll nsDocumentViewer::Stop layout/base/nsDocumentViewer.cpp:1790
7 xul.dll nsDocShell::Stop docshell/base/nsDocShell.cpp:4357
8 xul.dll nsDocShell::Destroy docshell/base/nsDocShell.cpp:4632
9 xul.dll nsWebBrowser::SetDocShell toolkit/components/browser/nsWebBrowser.cpp:1122
Updated•3 years ago
|
Comment 1•2 years ago
|
||
In triage meeting - this looks bad and we haven't determined if this is actionable.
Andrew, could you please try to look into a bit and suggest the next step?
Comment 2•2 years ago
|
||
Here's a more recent crash report: bp-5c673d61-bce3-450e-9484-522cb0220118
This looks like a null deref inside the JS module loading code. Maybe somebody on the SpiderMonkey team could investigate this? Thanks.
Updated•2 years ago
|
Comment 3•2 years ago
|
||
Yulia, do you think you could help investigate based on comment 2 above.
Comment 4•2 years ago
|
||
I took a look, I am not sure why this started happening, but we can check if the dynamic promise was deallocated and exit early. I will check with jonco.
Updated•2 years ago
|
Comment 5•2 years ago
|
||
Redirect a needinfo that is pending on an inactive user to the triage owner.
:peterv, since the bug has high severity and recent activity, could you have a look please?
For more information, please visit auto_nag documentation.
Comment 6•2 years ago
|
||
The user in question has been inactive since 2017, before this bug was filed, and I don't see where they were needinfo'd. I'll try to file an issue on the auto_nag, as I'm guessing it is a bug there somehow.
Comment 7•2 years ago
|
||
Huh, strange. Maybe that phantom account is an old account from :yulia? They're also needinfo'd in bug 1751313, and the bot isn't involved there, so I guess it is some weird bugzilla issue.
Comment 8•2 years ago
|
||
Ah yulia has requests blocked (presumably recently due to being on PTO?), so maybe that triggered some weird Bugzilla behavior.
Comment 9•2 years ago
|
||
I guess I'll redirect that request to sdetar as yulia has requests blocked.
Updated•2 years ago
|
Comment 10•2 years ago
|
||
Bug 1774111 looks similar... a null deref inside an AutoJSAPI::Init while doing module related stuff. The signature is not great. Maybe this could be some kind of OOM condition?
Comment 11•2 years ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 content process crashes on beta
For more information, please visit auto_nag documentation.
Comment 12•2 years ago
|
||
Hello Yulia, do you have any updates for this ? Thank you.
Comment 13•2 years ago
|
||
I haven't had a chance to look into this yet. Maybe jonco has some cycles to take a look?
Assignee | ||
Comment 14•2 years ago
|
||
I don't know whether this is the problem, but if we try and cancel a request
that has already been cancelled it would produce this crash.
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Comment 15•2 years ago
|
||
Pushed by jcoppeard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d3d8cfbb60df Check if module load requests have already been cancelled in ModuleLoaderBase::CancelDynamicImport r=yulia
Comment 16•2 years ago
|
||
bugherder |
Assignee | ||
Comment 17•2 years ago
|
||
I just noticed the crash volume on nightly has dropped to zero around September 15th. This is probably due to the changes to crash stats to include inlined frames in signatures.
I don't think there's much point keeping this open if the signature has gone away. Any new crashes will show up somewhere else, mostly likely in bug 1774111 which is probably the same issue.
Updated•2 years ago
|
Updated•2 years ago
|
Description
•