Crash in [@ mozilla::dom::syncedcontext::Transaction<T>::Commit | mozilla::dom::BrowsingContext::SetHasSiblings ] (when loading browser.xhtml in a tab)
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr102 | --- | unaffected |
firefox113 | --- | wontfix |
firefox114 | --- | wontfix |
firefox115 | --- | wontfix |
People
(Reporter: pehrsons, Unassigned)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/57f56f42-f4c7-44c9-861e-8c7720230504
MOZ_CRASH Reason: CanSet failed for field(s): HasSiblings
Top 10 frames of crashing thread:
0 libxul.so MOZ_Crash mfbt/Assertions.h:261
0 libxul.so mozilla::dom::syncedcontext::Transaction<mozilla::dom::BrowsingContext>::Commit docshell/base/SyncedContextInlines.h:103
1 libxul.so mozilla::dom::BrowsingContext::SetHasSiblings docshell/base/BrowsingContext.h:285
2 libxul.so mozilla::dom::BrowsingContext::SetHasSiblings docshell/base/BrowsingContext.h:285
2 libxul.so mozilla::dom::BrowsingContext_Binding::set_hasSiblings dom/bindings/BrowsingContextBinding.cpp:1461
3 libxul.so mozilla::dom::binding_detail::GenericSetter<mozilla::dom::binding_detail::NormalThisPolicy> dom/bindings/BindingUtils.cpp:3283
4 libxul.so CallJSNative js/src/vm/Interpreter.cpp:486
4 libxul.so js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:580
4 libxul.so InternalCall js/src/vm/Interpreter.cpp:647
4 libxul.so js::Call js/src/vm/Interpreter.cpp:679
Steps to reproduce:
- In a new tab open chrome://browser/content/browser.xhtml
- Click the icon for Firefox View on the top left
Expected:
Something not so dramatic
Actual:
Parent process crash
Comment hidden (obsolete) |
Updated•1 year ago
|
Comment 2•1 year ago
|
||
Regression range:
Bug 1718082 - track current tab using browserId instead of top browsing context id for network prioritization purposes, r=nika,mconley,necko-reviewers,kershaw,valentin
Comment 3•1 year ago
•
|
||
Within the xhtml tabs, If for some reason you dont see the Firefox view button, right click on the tab-bar- > Click on "Customize Toolbar" to repro the crash.
Or Right Click->Duplicate tab
Comment 4•1 year ago
|
||
:Gijs, since you are the author of the regressor, bug 1718082, could you take a look?
For more information, please visit BugBot documentation.
Comment 5•1 year ago
|
||
Set release status flags based on info from the regressing bug 1718082
Comment 6•1 year ago
|
||
One day, when I have nothing better to do, I'll prevent people from deliberately loading browser.xhtml
in a tab altogether, because it is not a useful thing to do and it breaks lots and lots of assumptions that we have no intention of fixing.
But today is not that day.
Comment 7•1 year ago
|
||
FWIW, the Fenix attributed crashes cannot be related to the STR in comment 0 so I think they may warrant a separate investigation. Looks like that's being done in bug 1823817. The desktop volume for this specific crash is non-existent, unlike the Fenix volume for the OpenerPolicy
version.
Updated•1 year ago
|
Comment hidden (obsolete) |
Comment 9•1 year ago
|
||
(In reply to BugBot [:suhaib / :marco/ :calixte] from comment #8)
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 AArch64 and ARM crashes on release
For more information, please visit BugBot documentation.
How can we teach the crash matching to take the moz_crash reason into account, and/or get it to stop flagging bugs that we've already assessed?
Comment 10•1 year ago
•
|
||
(In reply to :Gijs (he/him) from comment #9)
How can we teach the crash matching to take the moz_crash reason into account, and/or get it to stop flagging bugs that we've already assessed?
We could update the criteria on https://wiki.mozilla.org/index.php?title=CrashKill%2FTopcrash to skip crashes with the moz_crash reasons that we want to ignore. Next, I will reflect that on the topcrash rule in BugBot.
Comment 11•1 year ago
|
||
Another tact to take would be to get Socorro signature generation changed to include the field name. That might take longer to get done, though.
Comment 12•10 months ago
|
||
Based on the topcrash criteria, the crash signature linked to this bug is not a topcrash signature anymore.
For more information, please visit BugBot documentation.
Comment 13•10 months ago
|
||
Thanks for bug 1834536, the signature has changed.
Description
•