Closed Bug 1764045 Opened 2 years ago Closed 2 years ago

Crash in xul.dll!nsObserverService::EnsureValidCall()

Categories

(Core :: DOM: Content Processes, defect)

x86_64
Windows 11
defect

Tracking

()

RESOLVED FIXED
101 Branch
Tracking Status
firefox101 --- fixed

People

(Reporter: calixte, Assigned: calixte)

References

Details

Attachments

(1 file)

STR:

It leads to a crash:

>	[Inline Frame] xul.dll!nsObserverService::EnsureValidCall() Line 172	C++
 	xul.dll!nsObserverService::AddObserver(nsIObserver * aObserver, const char * aTopic, bool aOwnsWeak) Line 211	C++
 	xul.dll!mozilla::EnsureWin32kInitialized() Line 817	C++
 	xul.dll!mozilla::GetWin32kLockdownState() Line 856	C++
 	xul.dll!mozilla::GetContentWin32kLockdownState::<lambda_1>::operator()() Line 100	C++
 	xul.dll!mozilla::GetContentWin32kLockdownState() Line 110	C++
 	xul.dll!mozilla::SandboxBroker::SetSecurityLevelForContentProcess(int aSandboxLevel, bool aIsFileProcess) Line 713	C++
 	xul.dll!mozilla::ipc::WindowsProcessLauncher::DoSetup() Line 1375	C++
 	xul.dll!mozilla::ipc::BaseProcessLauncher::PerformAsyncLaunch() Line 1000	C++
 	[Inline Frame] xul.dll!mozilla::detail::RunnableMethodArguments<>::applyImpl(mozilla::ipc::BaseProcessLauncher * o, RefPtr<mozilla::MozPromise<mozilla::ipc::LaunchResults,mozilla::ipc::LaunchError,1>>(mozilla::ipc::BaseProcessLauncher::*)() m, mozilla::Tuple<> & args, std::integer_sequence<unsigned long long>) Line 1147	C++
 	[Inline Frame] xul.dll!mozilla::detail::RunnableMethodArguments<>::apply(mozilla::ipc::BaseProcessLauncher * o, RefPtr<mozilla::MozPromise<mozilla::ipc::LaunchResults,mozilla::ipc::LaunchError,1>>(mozilla::ipc::BaseProcessLauncher::*)() m) Line 1153	C++
 	[Inline Frame] xul.dll!mozilla::detail::MethodCall<mozilla::MozPromise<mozilla::ipc::LaunchResults,mozilla::ipc::LaunchError,1>,RefPtr<mozilla::MozPromise<mozilla::ipc::LaunchResults,mozilla::ipc::LaunchError,1>> (mozilla::ipc::BaseProcessLauncher::*)(),mozilla::ipc::BaseProcessLauncher>::Invoke() Line 1518	C++
 	xul.dll!mozilla::detail::ProxyRunnable<mozilla::MozPromise<mozilla::ipc::LaunchResults,mozilla::ipc::LaunchError,1>,RefPtr<mozilla::MozPromise<mozilla::ipc::LaunchResults,mozilla::ipc::LaunchError,1>> (mozilla::ipc::BaseProcessLauncher::*)(),mozilla::ipc::BaseProcessLauncher>::Run() Line 1539	C++
 	xul.dll!mozilla::TaskQueue::Runner::Run() Line 203	C++
 	xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1182	C++
 	xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 465	C++
 	xul.dll!mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate * aDelegate) Line 330	C++
 	[Inline Frame] xul.dll!MessageLoop::RunInternal() Line 380	C++
 	xul.dll!MessageLoop::RunHandler() Line 374	C++
 	xul.dll!MessageLoop::Run() Line 356	C++
 	xul.dll!nsThread::ThreadFunc(void * aArg) Line 387	C++
 	nss3.dll!_PR_NativeRunThread(void * arg) Line 421	C
 	nss3.dll!pr_root(void * arg) Line 140	C
 	[External Code]	

The two "commented" blocks in the STR avoids to call:
https://searchfox.org/mozilla-central/rev/0e93b94f4c2045c6a5f5260ee48bbf7a94a993bc/toolkit/components/telemetry/app/TelemetryEnvironment.jsm#1623
this way the EnsureWin32kInitialized is not called on the main thread:
https://searchfox.org/mozilla-central/rev/0e93b94f4c2045c6a5f5260ee48bbf7a94a993bc/toolkit/xre/nsAppRunner.cpp#787
and it's called at some point in the IPC Launch thread, hence the crash.

It looks pretty similar to:
https://crash-stats.mozilla.org/report/index/7e3cc60a-f1a0-403b-b846-44d310220407

this crash report comes from a pine built and it's very likely caused by:
https://searchfox.org/mozilla-pine/rev/d763e215b2d6bdca8361f4314b7a342ac3e67b37/browser/components/BrowserGlue.jsm#1428

My feeling is that the telemetry thing is not called when we create this hidden window and so the win32k stuff is never initialized on the main thread.
The first "commented" block really looks like a workaround so it could be not there.

:bobowen, :tjr, wdyt ?

Flags: needinfo?(tom)
Flags: needinfo?(bobowencode)
Assignee: nobody → cdenizet

Right now it should be initialized thanks to TelemetryEnvironment be if
for any reasons it isn't, then it can happen on the IPC Launch thread, hence
it crashes because EnsureWin32kInitialized has to use nsObserverService.

Pushed by cdenizet@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4f2c06cf5188
Ensure that win32k is initialized on the main thread r=bobowen
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 101 Branch
Blocks: 1764544
Flags: needinfo?(bobowencode)
Flags: needinfo?(tom)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: