1754508 - Crash in [@ mozilla::dom::PContentParent::OtherPid]

Status: RESOLVED FIXED

(Core :: IPC, defect, P2)

Description

[Ryan VanderMeulen [:RyanVM]]

+++ This bug was initially created as a clone of Bug #1749831 +++

We landed patches during the Fx97 cycle which were intended to mitigate these crashes I thought, but we're still seeing them in the topcrash list :(

Crash report: https://crash-stats.mozilla.org/report/index/d154798e-aaa9-46b1-b5f0-1f7c80220209

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames of crashing thread:

0 XUL mozilla::dom::PContentParent::OtherPid const ipc/ipdl/PContentParent.cpp:261
1 XUL std::__1::__function::__func<mozilla::net::NeckoParent::RecvInitSocketProcessBridge /builds/worker/fetches/clang/include/c++/v1/__functional/function.h:345
2 XUL mozilla::net::nsIOService::OnProcessLaunchComplete netwerk/base/nsIOService.cpp:643
3 XUL mozilla::net::SocketProcessHost::InitAfterConnect netwerk/ipc/SocketProcessHost.cpp:201
4 XUL mozilla::ipc::TaskFactory<mozilla::net::SocketProcessHost>::TaskWrapper<mozilla::ipc::TaskFactory<mozilla::net::SocketProcessHost>::RunnableMethod<void  ipc/glue/TaskFactory.h:37
5 XUL mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:771
6 XUL NS_ProcessPendingEvents xpcom/threads/nsThreadUtils.cpp:432
7 XUL nsAppShell::ProcessGeckoEvents widget/cocoa/nsAppShell.mm:505
8 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 
9 CoreFoundation __CFRunLoopDoSource0 

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

:RyanVM, since this bug is a regression, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.

Comment 2

[Kershaw Chang [:kershaw]]

Attachment: Bug 1754508 - P1: Make PNecko refcounted (for uplifting), r=#necko

Comment 3

[Kershaw Chang [:kershaw]]

Attachment: Bug 1754508 - P2: Add some checkes to avoid creating SocketProcessBridge when content process is destroyed, r=#necko

1. Check if NeckoParent is still able to send IPC before creating SocketProcessBridge
2. Make sure mPendingEvents always be cleared after launching socket process

Depends on D138486

Comment 4

[Kershaw Chang [:kershaw]]

Attachment: Bug 1754508 - P1: Make PNecko refcounted, r=#necko

Comment 5

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

P1: Make PNecko refcounted, r=necko-reviewers,dragana
https://hg.mozilla.org/integration/autoland/rev/584b20af94d31afa1945e62bd25ce45edfb124f0
https://hg.mozilla.org/mozilla-central/rev/584b20af94d3

P2: Add some checkes to avoid creating SocketProcessBridge when content process is destroyed, r=necko-reviewers,valentin
https://hg.mozilla.org/integration/autoland/rev/6cd66e5a2ac36270ea2097c43456bb613fb30b10
https://hg.mozilla.org/mozilla-central/rev/6cd66e5a2ac3

Comment 6

[Kershaw Chang [:kershaw]]

Comment on attachment 9263381 [details]
Bug 1754508 - P2: Add some checkes to avoid creating SocketProcessBridge when content process is destroyed, r=#necko

Beta/Release Uplift Approval Request

• User impact if declined: Could crash.
• Is this code covered by automated tests?: No
• Has the fix been verified in Nightly?: Yes
• Needs manual test from QE?: No
• If yes, steps to reproduce:
• List of other uplifts needed: N/A
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): Basically, this patch only adds some checks to avoid accessing a already released pointer, so this patch should be not risky.
• String changes made/needed: N/A

Comment 8

[Pascal Chevrel:pascalc]

Comment on attachment 9263381 [details]
Bug 1754508 - P2: Add some checkes to avoid creating SocketProcessBridge when content process is destroyed, r=#necko

Approved for 98 beta 6, thanks.

Comment 9

[Pascal Chevrel:pascalc]

https://hg.mozilla.org/releases/mozilla-beta/rev/d890a97428bc
https://hg.mozilla.org/releases/mozilla-beta/rev/f3b99f307b38