startup Crash in [@ mozilla::net::LoadInfo::SetReservedClientInfo] on Amazon
Categories
(Core :: Networking, defect, P1)
Tracking
()
People
(Reporter: aryx, Assigned: kershaw)
References
(Regression)
Details
(Keywords: crash, regression, Whiteboard: [necko-triaged])
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
dmeehan
:
approval-mozilla-beta+
pascalc
:
approval-mozilla-release+
RyanVM
:
approval-mozilla-esr91+
|
Details | Review |
~200 crashes with Firefox 91.7.0esr, ~400 with 91.7.0 (must be an unofficial build), no crashes with Firefox 91.6.*. Crashes on Windows and macOS, >40% in the first minute after launch. Comments mention it is frequently observed on amazon.com (>80% of users with en-US locale).
Eden, please investigate the issue.
Crash report: https://crash-stats.mozilla.org/report/index/38099100-6802-4daf-9e7f-766680220314
MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(!isSome())
Top 10 frames of crashing thread:
0 xul.dll mozilla::net::LoadInfo::SetReservedClientInfo netwerk/base/LoadInfo.cpp:1771
1 xul.dll mozilla::dom::`anonymous namespace'::ClientChannelHelperParent::CreateClientForPrincipal dom/clients/manager/ClientChannelHelper.cpp:247
2 xul.dll mozilla::dom::`anonymous namespace'::ClientChannelHelperParent::CreateClient dom/clients/manager/ClientChannelHelper.cpp:213
3 xul.dll mozilla::dom::`anonymous namespace'::ClientChannelHelper::AsyncOnChannelRedirect dom/clients/manager/ClientChannelHelper.cpp:143
4 xul.dll mozilla::net::nsAsyncRedirectVerifyHelper::DelegateOnChannelRedirect netwerk/base/nsAsyncRedirectVerifyHelper.cpp:153
5 xul.dll mozilla::net::nsAsyncRedirectVerifyHelper::Run netwerk/base/nsAsyncRedirectVerifyHelper.cpp:259
6 xul.dll mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:805
7 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1152
8 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:85
9 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:324
| Reporter | ||
Comment 1•4 years ago
|
||
Also a spike in 98.0
Updated•4 years ago
|
Updated•4 years ago
|
Comment 2•4 years ago
|
||
Unfortunately, I can not reproduce it locally.
The assertion comes from https://searchfox.org/mozilla-central/rev/d4d7611ee4dd0003b492b865bc5988a4e6afc985/mfbt/Maybe.h#837 which complains that LoadInfo::mReservedClientInfo is not Nothing() while emplacing it.
Basically, we expect that when calling ClientChannelHelper::AsyncOnChannelRedirect, the passed new channel's reseervedClient/reservedClientInfo should be null/Nothing(). But it seems that the case violates our assumption. That means the newLoadInfo's SetReservedClientInfo/GiveReservedSource is called before calling ClientChannelHelper::AsyncOnChannelRedirect.
| Assignee | ||
Comment 3•4 years ago
|
||
Basically, we expect that when calling ClientChannelHelper::AsyncOnChannelRedirect, the passed new channel's reseervedClient/reservedClientInfo should be null/Nothing(). But it seems that the case violates our assumption. That means the newLoadInfo's SetReservedClientInfo/GiveReservedSource is called before calling ClientChannelHelper::AsyncOnChannelRedirect.
Is this an uncovered error when a client info is set for a new load info?
Can we just replace the already existed client info?
Updated•4 years ago
|
Comment 4•4 years ago
|
||
The fact that this crash clearly showed up also in 91.7.0esr feels like a pretty solid clue to go off:
https://hg.mozilla.org/releases/mozilla-esr91/pushloghtml?fromchange=FIREFOX_91_6_0esr_RELEASE&tochange=FIREFOX_91_7_0esr_RELEASE
Not seeing anything super-obvious in that range, but maybe bug 1744352?
Comment 5•4 years ago
|
||
Or maybe bug 1711870?
Comment 6•4 years ago
|
||
Well, the immediate cause is certainly bug 1754305. My guess would be that this showed up as something else before that.
Comment 7•4 years ago
|
||
(bug 1754305 is in the range that Ryan posted in comment 4.)
Updated•4 years ago
|
Comment 8•4 years ago
|
||
If this was previously a diagnostic assert, that means we were effectively just ignoring this situation on Release in the past, right? Would it be a viable wallpaper solution to basically do the same more explicitly now (i.e. early return or something) to match the previous behavior? We could potentially ifdef it to builds without MOZ_DIAGNOSTIC_ASSERT_ENABLED set so it doesn't change anything in Nightly and early Beta builds.
Comment 9•4 years ago
|
||
That at least seems like it'd be a low-risk upliftable option to address this spike in the short-term while we investigate how we're getting into this state in the first place.
| Assignee | ||
Comment 10•4 years ago
|
||
Updated•4 years ago
|
| Assignee | ||
Updated•4 years ago
|
Comment 11•4 years ago
•
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #8)
If this was previously a diagnostic assert, that means we were effectively just ignoring this situation on Release in the past, right? Would it be a viable wallpaper solution to basically do the same more explicitly now (i.e. early return or something) to match the previous behavior?
Before the assert, we would overwritten the value in the Maybe<> without calling the destructor. In this case, it looks like it wouldn't cause anything worse than a leak. So, probably not a crash, like I was guessing before.
Comment 12•4 years ago
|
||
| Assignee | ||
Comment 13•4 years ago
|
||
Comment on attachment 9268121 [details]
Bug 1759506 - Avoid crashing if mReservedClientInfo already has something, r=#necko
Beta/Release Uplift Approval Request
- User impact if declined: Could crash.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: N/A
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The logic of this patch is straightforward.
- String changes made/needed: N/A
Comment 14•4 years ago
|
||
| bugherder | ||
Comment 15•4 years ago
|
||
Comment on attachment 9268121 [details]
Bug 1759506 - Avoid crashing if mReservedClientInfo already has something, r=#necko
Approved for 99.0b5. Thanks.
Comment 16•4 years ago
|
||
| bugherder uplift | ||
Updated•4 years ago
|
Updated•4 years ago
|
Comment 17•4 years ago
|
||
Comment on attachment 9268121 [details]
Bug 1759506 - Avoid crashing if mReservedClientInfo already has something, r=#necko
We're going to want this on ESR too.
Updated•4 years ago
|
Comment 18•4 years ago
|
||
Hi,
I'm attempting to verify the fix but unfortunately I'm unable able to reproduce the crash on my end.
Are there any more detailed steps through which I could try to reproduce it?
Thank you!
| Reporter | ||
Comment 19•4 years ago
|
||
I hadn't been able to reproduce the issue and based on the fix there is nothing to verify here.
Comment 20•4 years ago
|
||
Based on previous comments, I'm removing the qe-verify+ flag
Comment 21•4 years ago
•
|
||
New report from Beta showing the diagnostic assert being hit now as expected:
https://crash-stats.mozilla.org/report/index/c25f55a3-89bd-41cc-94e2-dbd3f0220320
And as expected, no reports from 99.0b6 so far since diagnostic asserts are tied to early beta or earlier.
Comment 22•4 years ago
|
||
Comment on attachment 9268121 [details]
Bug 1759506 - Avoid crashing if mReservedClientInfo already has something, r=#necko
Wallpapers us back to where we were before the regressing bug landed. Approved for 91.8esr.
Comment 23•4 years ago
|
||
| bugherder uplift | ||
Comment 24•4 years ago
|
||
Comment on attachment 9268121 [details]
Bug 1759506 - Avoid crashing if mReservedClientInfo already has something, r=#necko
P1/S2 crash. Fix works on Beta, approved for 98.0.2, thanks.
Comment 25•4 years ago
|
||
| bugherder uplift | ||
Comment 26•4 years ago
|
||
(In reply to Kershaw Chang [:kershaw] from comment #3)
Basically, we expect that when calling ClientChannelHelper::AsyncOnChannelRedirect, the passed new channel's reseervedClient/reservedClientInfo should be null/Nothing(). But it seems that the case violates our assumption. That means the newLoadInfo's SetReservedClientInfo/GiveReservedSource is called before calling ClientChannelHelper::AsyncOnChannelRedirect.
Is this an uncovered error when a client info is set for a
newload info?
I think it depends on why the ReservedClientInfo had already been set.
Can we just replace the already existed client info?
According to the context, I think we can replace the existing client Info since it is a cross-origin redirect for document loading.
According to the cross-origin redirection for ClientInfo, the previous ClientInfo should not be valid anymore, so it should be okay to replace the existing one.
But we probably should also clean up the LoadInfo::mReservedClient.
| Assignee | ||
Comment 27•4 years ago
|
||
Let's close this bug and investigate further in bug 1761208.
Updated•4 years ago
|
Description
•