Closed Bug 1712762 Opened 3 years ago Closed 2 years ago

Crash in [@ xpc::NativeGlobal]

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox-esr78 --- wontfix
firefox88 --- unaffected
firefox89 --- wontfix
firefox90 --- wontfix
firefox91 --- wontfix
firefox92 --- wontfix
firefox93 --- wontfix

People

(Reporter: aryx, Assigned: jonco)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1712762 - Check if module load requests have already been cancelled in ModuleLoaderBase::CancelDynamicImport r?yulia
48 bytes, text/x-phabricator-request
Details | Review

Always content crashes, 150-350 installations per release reporting crashes

Crash report: https://crash-stats.mozilla.org/report/index/cb74cf68-bb4d-434d-b5a8-baea80210524

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll xpc::NativeGlobal js/xpconnect/wrappers/WrapperFactory.cpp:778
1 xul.dll mozilla::dom::ScriptLoader::FinishDynamicImportAndReject dom/script/ScriptLoader.cpp:1208
2 xul.dll mozilla::dom::ScriptLoader::ParsingComplete dom/script/ScriptLoader.cpp:4330
3 xul.dll nsContentSink::DidBuildModelImpl dom/base/nsContentSink.cpp:1108
4 xul.dll nsHtml5TreeOpExecutor::DidBuildModel parser/html/nsHtml5TreeOpExecutor.cpp:178
5 xul.dll nsHtml5Parser::Terminate parser/html/nsHtml5Parser.cpp:480
6 xul.dll nsDocumentViewer::Stop layout/base/nsDocumentViewer.cpp:1790
7 xul.dll nsDocShell::Stop docshell/base/nsDocShell.cpp:4357
8 xul.dll nsDocShell::Destroy docshell/base/nsDocShell.cpp:4632
9 xul.dll nsWebBrowser::SetDocShell toolkit/components/browser/nsWebBrowser.cpp:1122
Severity: -- → S2

In triage meeting - this looks bad and we haven't determined if this is actionable.
Andrew, could you please try to look into a bit and suggest the next step?

Flags: needinfo?(continuation)

Here's a more recent crash report: bp-5c673d61-bce3-450e-9484-522cb0220118

This looks like a null deref inside the JS module loading code. Maybe somebody on the SpiderMonkey team could investigate this? Thanks.

Flags: needinfo?(continuation) → needinfo?(sdetar)
Component: DOM: Core & HTML → XPConnect

Yulia, do you think you could help investigate based on comment 2 above.

Flags: needinfo?(sdetar) → needinfo?(yulia.startsev)

I took a look, I am not sure why this started happening, but we can check if the dynamic promise was deallocated and exit early. I will check with jonco.

Redirect a needinfo that is pending on an inactive user to the triage owner.
:peterv, since the bug has high severity and recent activity, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(u587661) → needinfo?(peterv)

The user in question has been inactive since 2017, before this bug was filed, and I don't see where they were needinfo'd. I'll try to file an issue on the auto_nag, as I'm guessing it is a bug there somehow.

Flags: needinfo?(peterv)

Huh, strange. Maybe that phantom account is an old account from :yulia? They're also needinfo'd in bug 1751313, and the bot isn't involved there, so I guess it is some weird bugzilla issue.

Ah yulia has requests blocked (presumably recently due to being on PTO?), so maybe that triggered some weird Bugzilla behavior.

See Also: → 1772833

I guess I'll redirect that request to sdetar as yulia has requests blocked.

Flags: needinfo?(sdetar)
Flags: needinfo?(sdetar) → needinfo?(ystartsev)

Bug 1774111 looks similar... a null deref inside an AutoJSAPI::Init while doing module related stuff. The signature is not great. Maybe this could be some kind of OOM condition?

See Also: → 1774111

The bug is linked to a topcrash signature, which matches the following criterion:

  • Top 10 content process crashes on beta

For more information, please visit auto_nag documentation.

Keywords: topcrash

Hello Yulia, do you have any updates for this ? Thank you.

I haven't had a chance to look into this yet. Maybe jonco has some cycles to take a look?

Flags: needinfo?(jcoppeard)

I don't know whether this is the problem, but if we try and cancel a request
that has already been cancelled it would produce this crash.

Assignee: nobody → jcoppeard
Status: NEW → ASSIGNED
Flags: needinfo?(jcoppeard)
Keywords: leave-open
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d3d8cfbb60df
Check if module load requests have already been cancelled in ModuleLoaderBase::CancelDynamicImport r=yulia

I just noticed the crash volume on nightly has dropped to zero around September 15th. This is probably due to the changes to crash stats to include inlined frames in signatures.

I don't think there's much point keeping this open if the signature has gone away. Any new crashes will show up somewhere else, mostly likely in bug 1774111 which is probably the same issue.

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(ystartsev)
Keywords: topcrash
Resolution: --- → FIXED
Resolution: FIXED → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: