Crash in [@ core::option::expect_failed | neqo_transport::connection::Connection::handle_ack]
Categories
(Core :: Networking, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr91 | --- | unaffected |
firefox101 | --- | unaffected |
firefox102 | --- | unaffected |
firefox103 | --- | affected |
People
(Reporter: matt.fagnani, Unassigned)
References
(Regression)
Details
Crash Data
I started Firefox Nightly 103.0a1 20220613215309 on Wayland in Plasma 5.24.5 in a Fedora 36 KDE Plasma installation. Firefox crashed while it was starting. I didn't see this crash with earlier 103.0a1 builds. I'll try to bisect the problem with mozregression.
Crash report: https://crash-stats.mozilla.org/report/index/a7f22921-39bd-44c1-a054-670c80220614
MOZ_CRASH Reason: ACK on discarded space
Top 10 frames of crashing thread:
0 libxul.so RustMozCrash mozglue/static/rust/wrappers.cpp:18
1 libxul.so mozglue_static::panic_hook mozglue/static/rust/lib.rs:91
2 libxul.so core::ops::function::Fn::call library/core/src/ops/function.rs:70
3 libxul.so std::panicking::rust_panic_with_hook library/std/src/panicking.rs:702
4 libxul.so std::panicking::begin_panic_handler::{{closure}} library/std/src/panicking.rs:588
5 libxul.so std::sys_common::backtrace::__rust_end_short_backtrace library/std/src/sys_common/backtrace.rs:138
6 libxul.so rust_begin_unwind library/std/src/panicking.rs:584
7 libxul.so core::panicking::panic_fmt library/core/src/panicking.rs:143
8 libxul.so core::panicking::panic_display library/core/src/panicking.rs:72
9 libxul.so core::panicking::panic_str library/core/src/panicking.rs:56
Reporter | ||
Comment 1•2 years ago
|
||
I reproduced this crash several times when loading instagram.com with 103.0a1 20220613215309. Starting Firefox isn't what led to the initial crash I reported, it was loading instagram.com right after I started Firefox that resulted in the crash.
I ran mozregression --good 2022-06-12 --bad 20220613215309
I loaded instagram.com at each bisection step. Some builds were skipped by mozregression. The bisection process ended with the following.
5:53.47 INFO: Narrowed integration regression window from [8741f625, 02cba603] (3 builds) to [8741f625, ec91915d] (2 builds) (~1 steps left)
5:53.48 INFO: No more integration revisions, bisection finished.
5:53.48 INFO: Last good revision: 8741f6258fd63481ba8cfa83bc0e7c0f64c5d296
5:53.48 INFO: First bad revision: ec91915d325c233bbdc371baa5e53b42a5285426
5:53.48 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=8741f6258fd63481ba8cfa83bc0e7c0f64c5d296&tochange=ec91915d325c233bbdc371baa5e53b42a5285426
The first bad revision was ec91915d325c233bbdc371baa5e53b42a5285426 Dragana Damjanovic — Bug 1772092 - Adjust neqo-glue code to the new neqo version r=necko-reviewers,kershaw
1aadfdf2c85496a40f4d3e5cb49cbcd4164f4b41 Dragana Damjanovic — Bug 1772092 - Update neqo to version 0.6.0 r=necko-reviewers,kershaw,glandium
The crash signature involved neqo_transport::connection::Connection::handle_ack, so the neqo update in those changes might be associated with the problem. The trace involved some functions to do with http3 in frames 16-19 like neqo_http3::connection_client::Http3Client::process_input. Other sites like bugzilla.mozilla.org don't make Firefox crash.
Comment 2•2 years ago
|
||
Set release status flags based on info from the regressing bug 1772092
Comment 3•2 years ago
|
||
:dragana, since you are the author of the regressor, bug 1772092, could you take a look?
For more information, please visit auto_nag documentation.
Also see bug 1774125.
Comment 5•2 years ago
|
||
Comment 6•2 years ago
|
||
Tested even in a new profile: Navigating to https://instagram.com/, signed in or not, will instantly crash Nightly with this regression.
Comment 7•2 years ago
|
||
Repeated startup crash in my profile, I had to revert to an older Nightly to continue to use the browser.
Comment 8•2 years ago
|
||
Duping forward as that has the blocking flag set.
Updated•2 years ago
|
Description
•