Closed Bug 1850968 Opened 8 months ago Closed 8 months ago

118.0beta blows at startup using --disable-dbus on OpenBSD

Categories

(Core :: Widget: Gtk, defect)

Firefox 118
All
OpenBSD
defect

Tracking

()

VERIFIED FIXED
119 Branch
Tracking Status
firefox-esr102 --- unaffected
firefox-esr115 --- unaffected
firefox117 --- unaffected
firefox118 + fixed
firefox119 --- fixed

People

(Reporter: gaston, Assigned: stransky)

References

(Regression)

Details

(Keywords: regression)

Attachments

(3 files, 1 obsolete file)

starting 118.0b1 or b2 on OpenBSD only gives crashes of the main process, with the following stacktrace seemingly pointing at the js engine:

Thread 1 received signal SIGSEGV, Segmentation fault.
0x00000925ea51965d in nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::Length (this=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta2/build-amd64/dist/include/nsTArray.h:410
410     /usr/obj/ports/firefox-118.0beta2/build-amd64/dist/include/nsTArray.h: No such file or directory.
(gdb) bt
#0  0x00000925ea51965d in nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::Length (this=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta2/build-amd64/dist/include/nsTArray.h:410
#1  nsTArray_Impl<IdleListener, nsTArrayInfallibleAllocator>::AppendElementInternal<nsTArrayInfallibleAllocator, IdleListener&> (this=<optimized out>, 
    aItem=...) at /usr/obj/ports/firefox-118.0beta2/build-amd64/dist/include/nsTArray.h:2691
#2  nsTArray<IdleListener>::AppendElement<IdleListener&> (this=0x925ebc553e0, aItem=...)
    at /usr/obj/ports/firefox-118.0beta2/build-amd64/dist/include/nsTArray.h:2834
#3  nsUserIdleService::AddIdleObserver (this=0x925ebc553c0, aObserver=0x9259659a3e8, aIdleTimeInS=5)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/widget/nsUserIdleService.cpp:466
#4  0x00000925eaea0f73 in mozilla::FOG::GetSingleton () at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/toolkit/components/glean/xpcom/FOG.cpp:75
#5  0x00000925e56e849c in mozilla::xpcom::CreateInstanceImpl (aID=-23576, aIID=..., aResult=0x730428b63938) at StaticComponents.cpp:9824
#6  0x00000925e520ea74 in mozilla::xpcom::StaticModule::CreateInstance (aIID=..., aResult=0x730428b63938, this=<optimized out>)
    at StaticComponents.cpp:12687
#7  (anonymous namespace)::EntryWrapper::CreateInstance (this=0x730428b63a30, aIID=..., aResult=0x730428b63938)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/xpcom/components/nsComponentManager.cpp:188
#8  nsComponentManagerImpl::GetServiceLocked (this=<optimized out>, aLock=..., aEntry=..., aIID=..., aResult=0x730428b63ae0)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/xpcom/components/nsComponentManager.cpp:982
#9  0x00000925e52a671e in nsComponentManagerImpl::GetService (this=0x92664f079c0, aId=<optimized out>, aIID=..., aResult=0x92596ee50c8 <_initial_thread>)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/xpcom/components/nsComponentManager.cpp:1072
#10 0x00000925e52a660e in mozilla::xpcom::GetServiceHelper::operator() (this=0x730428b63b30, aIID=..., aResult=0x0) at StaticComponents.cpp:12829
#11 0x00000925e91d6844 in nsCOMPtr<nsISupports>::assign_from_helper (helper=..., aIID=..., this=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta2/build-amd64/dist/include/nsCOMPtr.h:897
#12 nsCOMPtr<nsISupports>::nsCOMPtr (aHelper=..., this=<optimized out>) at /usr/obj/ports/firefox-118.0beta2/build-amd64/dist/include/nsCOMPtr.h:533
#13 xpc::GetServiceImpl (cx=0x925c28dd610, service=..., aObj=..., aRv=...)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/xpconnect/src/JSServices.cpp:83
#14 xpc::GetService (cx=0x925c28dd610, service=..., aRv=...) at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/xpconnect/src/JSServices.cpp:130
#15 xpc::Services_Resolve (cx=0x925c28dd610, obj=..., id=..., resolvedp=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/xpconnect/src/JSServices.cpp:153
#16 0x00000925e51da543 in js::CallResolveOp (cx=0x925c28dd610, obj=..., id=..., propp=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/NativeObject-inl.h:681
#17 js::NativeLookupOwnPropertyInline<(js::AllowGC)1, (js::LookupResolveMode)1> (cx=0x925c28dd610, id=..., obj=..., propp=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/NativeObject-inl.h:793
#18 NativeGetPropertyInline<(js::AllowGC)1> (cx=0x925c28dd610, obj=..., nameLookup=NotNameLookup, receiver=..., id=..., vp=...)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/NativeObject.cpp:2227
#19 js::NativeGetProperty (cx=0x925c28dd610, obj=..., receiver=..., id=..., vp=...)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/NativeObject.cpp:2275
#20 0x00000925e76ac5db in js::GetProperty (cx=0x925c28dd610, obj=..., receiver=..., id=..., vp=...)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/ObjectOperations-inl.h:117
#21 js::GetProperty (cx=0x925c28dd610, obj=..., receiver=..., name=<optimized out>, vp=...)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/ObjectOperations-inl.h:124
#22 js::GetProperty (cx=0x925c28dd610, v=..., name=..., vp=...) at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/Interpreter.cpp:4787
#23 0x00000925e55942a7 in GetPropertyOperation (cx=0x925c28dd610, vp=..., name=..., lval=...)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/Interpreter.cpp:245
#24 js::Interpret (cx=0x925c28dd610, state=...) at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/Interpreter.cpp:3050
#25 0x00000925e543f012 in MaybeEnterInterpreterTrampoline (cx=0x925c28dd610, state=...)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/Interpreter.cpp:400
#26 js::RunScript (cx=0x925c28dd610, state=...) at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/Interpreter.cpp:458
#27 0x00000925e543eb13 in js::InternalCallOrConstruct (cx=0x925c28dd610, args=..., construct=js::NO_CONSTRUCT, reason=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/Interpreter.cpp:612
#28 InternalCall (args=..., cx=<optimized out>, reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/Interpreter.cpp:647
#29 js::CallFromStack (cx=0x925c28dd610, args=..., reason=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/vm/Interpreter.cpp:652
#30 0x00000925eb1c46aa in js::jit::DoCallFallback (cx=0x925c28dd610, frame=<optimized out>, stub=<optimized out>, argc=<optimized out>, 
    vp=<optimized out>, res=...) at /usr/obj/ports/firefox-118.0beta2/firefox-118.0/js/src/jit/BaselineIC.cpp:1649
#31 0x000009266891017c in ?? ()
#32 0x0000092668919f20 in ?? ()
#33 0x0000730428b645e0 in ?? ()
--Type <RET> for more, q to quit, c to continue without paging--
#34 0xfff9800000000000 in ?? ()
#35 0x00000925e434f0c0 in js::jit::vmFunctions () from /usr/local/lib/firefox/libxul.so.129.0
#36 0x0000730428b64640 in ?? ()
#37 0x0000092668915fa6 in ?? ()
#38 0x0000000000000002 in ?? ()
#39 0x0000730428b64698 in ?? ()
#40 0x000009257a9e5c90 in ?? ()
#41 0x0000000000000000 in ?? ()

ofc 117.0 just works, so something that landed in 118 ?

that doesnt seem related to W|X or such.. maybe some write after free in the JIT ? ktrace gives me this:

 26360 firefox  CALL  write(2,0x72f055be9070,0x1a)
 26360 firefox  GIO   fd 2 wrote 26 bytes
       "firefox(26360) in free(): "
 26360 firefox  RET   write 26/0x1a
 26360 firefox  CALL  write(2,0x72f055be9150,0x1e)
 26360 firefox  GIO   fd 2 wrote 30 bytes
       "write after free 0x9580462d1e0"
 26360 firefox  RET   write 30/0x1e
 26360 firefox  CALL  write(2,0x72f055be9070,0x1)
 26360 firefox  GIO   fd 2 wrote 1 bytes
       "
       "
 26360 firefox  RET   write 1
 26360 firefox  CALL  sigprocmask(SIG_SETMASK,~0x20<SIGABRT>)
 26360 firefox  RET   sigprocmask 0<>
 26360 firefox  CALL  thrkill(0,SIGABRT,0)
 26360 firefox  PSIG  SIGABRT caught handler=0x958587339c0 mask=~0x10120<SIGABRT|SIGKILL|SIGSTOP>

This looks like it's actually crashing in FOG::GetSingleton. Redirecting to the Telemetry component.

Component: JavaScript Engine: JIT → Telemetry
Product: Core → Toolkit

(In reply to Iain Ireland [:iain] from comment #1)

This looks like it's actually crashing in FOG::GetSingleton. Redirecting to the Telemetry component.

can one disable telemetry initialization (with which pref/knob) to rule out/confirm this hypothesis ?

edit: fwiw, trying the large hammer with this local diff:

--- toolkit/components/glean/xpcom/FOG.cpp.orig
+++ toolkit/components/glean/xpcom/FOG.cpp
@@ -66,7 +66,7 @@ already_AddRefed<FOG> FOG::GetSingleton() {
 
   gFOG = new FOG();
 
-  if (XRE_IsParentProcess()) {
+  if (false) {

FOG Service related changes in Fx118 include bug 1839426, but that just ensured it'd be instantiated during shutdown in case the "opportunistically on idle near startup" tasks didn't run. Doesn't sound related, but that's all that comes to mind.

118.0b3 still blows at startup with the patch above, so i'm not sure this is related to FOG initialization. rather memory corruption from the js engine ? since our malloc (sometimes?) complains about write after free before firefox crashes...

Program terminated with signal SIGSEGV, Segmentation fault.
#0  thrkill () at /tmp/-:3
3       /tmp/-: No such file or directory.
[Current thread is 1 (process 533443)]
(gdb) bt
#0  thrkill () at /tmp/-:3
#1  0xa82ba1ca1c6686c3 in ?? ()
#2  0x000007e78812bc88 in nsProfileLock::FatalSignalHandler (signo=11, info=0x79c6b4b92b50, context=0x79c6b4b92a60) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/profile/nsProfileLock.cpp:174
#3  0x000007e78853e11c in WasmTrapHandler (signum=11, info=0x79c6b4b92b50, context=0x79c6b4b92a60) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/wasm/WasmSignalHandlers.cpp:794
#4  0x000007e791da8009 in ?? ()
#5  0xdfdfdfdfdfdfdfdf in ?? ()
#6  0x000007e77d2f96aa in ?? () from /usr/lib/libc.so.97.1
#7  0x000007e77d3c72e0 in __strtorx.fpi0 () from /usr/lib/libc.so.97.1
#8  0x000007e77d3c5ff0 in malloc_lock () from /usr/lib/libc.so.97.1
#9  0x000007e77d3c72e0 in __strtorx.fpi0 () from /usr/lib/libc.so.97.1

another garbled trace, this time from running firefox from gdb instead of extracting a traceback from a coredump:

Thread 1 received signal SIGABRT, Aborted.
thrkill () at /tmp/-:3
3       /tmp/-: No such file or directory.
(gdb) rbt
Undefined command: "rbt".  Try "help".
(gdb) bt
#0  thrkill () at /tmp/-:3
#1  0x2743a613a4217d14 in ?? ()
#2  0x0000011368763962 in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51
#3  0x00000113687a992e in wrterror (d=0x1139afac7e8, msg=0x1136872caec "write after free %p") at /usr/src/lib/libc/stdlib/malloc.c:343
#4  0x00000113687aad1d in ofree (argpool=0x724d7ae9d370, p=<optimized out>, clear=<optimized out>, check=<optimized out>, argsz=<optimized out>) at /usr/src/lib/libc/stdlib/malloc.c:733
#5  0x00000113687aa663 in _libc_free (ptr=0x113a9d0aac0) at /usr/src/lib/libc/stdlib/malloc.c:1678
#6  0x000001136eccc5af in xpc::InnerCleanupValue (aType=..., aValue=0x724d7ae9d528, aArrayLen=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCConvert.cpp:1552
#7  0x000001136eccc410 in xpc::CleanupValue (aType=..., aValue=0x724d7ae9d528, aArrayLen=0) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCInlines.h:362
#8  xpc::DestructValue (aType=..., aValue=0x724d7ae9d528, aArrayLen=0) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCConvert.cpp:1636
#9  0x000001136bb8018d in CallMethodHelper::~CallMethodHelper (this=0x724d7ae9d4e0) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNative.cpp:1201
#10 0x000001136ece04c1 in JS::Rooted<CallMethodHelper>::~Rooted (this=0x724d7ae9d4c8) at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/js/RootingAPI.h:1209
#11 XPCWrappedNative::CallMethod (ccx=..., mode=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNative.cpp:1127
#12 0x000001136ece0b76 in XPC_WN_CallMethod (cx=0x1133c4d4610, argc=<optimized out>, vp=0x724d7ae9d7a0) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:966
#13 0x00000113f6e6a302 in ?? ()
#14 0x0000724d7ae9d7a8 in ?? ()
#15 0x0000724d7ae9d778 in ?? ()
#16 0x0000000000000062 in ?? ()
#17 0x0000000000000000 in ?? ()
(gdb) q

i'll look into a gdb update first to make sure i have 'working' tools to debug..

Attached file traceback
with gdb 13.2, i get a more complete trace, which seems to point again at the js engine initialization, with OOM ?
```

```

with gdb 13.2, i get a more complete trace, which seems to point again at the js engine initialization, with OOM ?

[New thread 463468 of process 15281]                                                                                                                                                                                 
Thread 1 received signal SIGSEGV, Segmentation fault.                                                                                                                                                                
NS_ABORT_OOM (aSize=60095856128) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/base/nsDebugImpl.cpp:674                                                                                   
674     /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/base/nsDebugImpl.cpp: No such file or directory.                                                                                                 
(gdb) bt                                                                                                                                                                                                             
#0  NS_ABORT_OOM (aSize=60095856128) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/base/nsDebugImpl.cpp:674                                                               
#1  0x000008a88e95565a in nsTArrayInfallibleAllocator::SizeTooBig (aSize=60095856128) at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/nsTArray.h:263                                                   
#2  0x000008a88e95d258 in nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::EnsureCapacityImpl<nsTArrayInfallibleAllocator> (this=0x8a82bd95860, aCapacity=<optimized out>, aElemSize=16)
    at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/nsTArray-inl.h:165                                                                                                                                 
#3  0x000008a893cd7b73 in nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::EnsureCapacity<nsTArrayInfallibleAllocator> (this=0x8a82bd95860, aCapacity=16, aElemSize=16)
    at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/nsTArray.h:443                                                                                                                                     
#4  nsTArray_Impl<IdleListener, nsTArrayInfallibleAllocator>::AppendElementInternal<nsTArrayInfallibleAllocator, IdleListener&> (this=0x8a82bd95860, aItem=...)                                                      
    at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/nsTArray.h:2690                                                                                                                                    
#5  nsTArray<IdleListener>::AppendElement<IdleListener&> (this=0x8a82bd95860, aItem=...) at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/nsTArray.h:2834                  
#6  nsUserIdleService::AddIdleObserver (this=0x8a82bd95840, aObserver=0x8a8a7e4ede0, aIdleTimeInS=20) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/nsUserIdleService.cpp:466
#7  0x000008a8910d10a6 in NS_InvokeByIndex () at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:101  
#8  0x000008a8929a0143 in CallMethodHelper::Invoke (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNative.cpp:1627
#9  CallMethodHelper::Call (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNative.cpp:1180                                                                 
#10 XPCWrappedNative::CallMethod (ccx=..., mode=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNative.cpp:1126
#11 0x000008a8929a0b76 in XPC_WN_CallMethod (cx=0x8a7b9ae9610, argc=<optimized out>, vp=0x8a86ef34308) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:966
#12 0x000008a88edd14d0 in CallJSNative (cx=0x8a7b9ae9610, native=0x8a8929a09c0 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, reason=<optimized out>, args=...)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:486
#13 js::InternalCallOrConstruct (cx=0x8a7b9ae9610, args=..., construct=<optimized out>, reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:580
#14 0x000008a88ed5b6a7 in InternalCall (cx=0x8a7b9ae9610, args=..., reason=2879726824) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:647
#15 js::CallFromStack (cx=0x8a7b9ae9610, args=..., reason=2879726824) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:652                                          
#16 js::Interpret (cx=0x8a7b9ae9610, state=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:3395                                        
#17 0x000008a88e9a8d18 in MaybeEnterInterpreterTrampoline (cx=0x8a7b9ae9610, state=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:400                      
#18 js::RunScript (cx=0x8a7b9ae9610, state=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:458                                                             
#19 js::InternalCallOrConstruct (cx=0x8a7b9ae9610, args=..., construct=js::NO_CONSTRUCT, reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:612               
#20 InternalCall (cx=0x8a7b9ae9610, args=..., reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:647
#21 js::Call (cx=0x8a7b9ae9610, fval=..., thisv=..., args=..., rval=..., reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:679
#22 0x000008a88f60734b in JS_CallFunctionValue (cx=0x8a7b9ae9610, obj=..., fval=..., args=..., rval=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/CallAndConstruct.cpp:55                  
#23 0x000008a89299d489 in nsXPCWrappedJS::CallMethod (this=<optimized out>, methodIndex=<optimized out>, info=<optimized out>, nativeParams=<optimized out>)   
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedJSClass.cpp:918                                                                                                                    
#24 0x000008a89265cbd2 in PrepareAndDispatch (self=0x8a7c9c947c0, methodIndex=<optimized out>, args=<optimized out>, gpregs=0x6fd522125700, fpregs=0x6fd522125730)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:115                                                               
#25 0x000008a89265c04b in SharedStub () from /usr/local/lib/firefox/libxul.so.129.0                                                                                                                                  
#26 0x000008a892620e53 in nsObserverList::NotifyObservers (this=<optimized out>, aSubject=0x0, aTopic=0x8a7debeb140 "sessionstore-windows-restored", someData=0x0)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/ds/nsObserverList.cpp:70
#27 nsObserverService::NotifyObservers (this=<optimized out>, aSubject=0x0, aTopic=0x8a7debeb140 "sessionstore-windows-restored", aSomeData=0x0)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/ds/nsObserverService.cpp:287
#28 0x000008a8910d10a6 in NS_InvokeByIndex () at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:101
#29 0x000008a8929a0143 in CallMethodHelper::Invoke (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNative.cpp:1627
#30 CallMethodHelper::Call (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNative.cpp:1180
#31 XPCWrappedNative::CallMethod (ccx=..., mode=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNative.cpp:1126
#32 0x000008a8929a0b76 in XPC_WN_CallMethod (cx=0x8a7b9ae9610, argc=<optimized out>, vp=0x8a86ef34170) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:966
#33 0x000008a88edd14d0 in CallJSNative (cx=0x8a7b9ae9610, native=0x8a8929a09c0 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, reason=<optimized out>, args=...)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:486       
#34 js::InternalCallOrConstruct (cx=0x8a7b9ae9610, args=..., construct=<optimized out>, reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:580
#35 0x000008a88ed5b6a7 in InternalCall (cx=0x8a7b9ae9610, args=..., reason=571623872) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:647
#36 js::CallFromStack (cx=0x8a7b9ae9610, args=..., reason=571623872) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:652                                   
#37 js::Interpret (cx=0x8a7b9ae9610, state=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:3395                                                                          
#38 0x000008a88e9a8d18 in MaybeEnterInterpreterTrampoline (cx=0x8a7b9ae9610, state=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:400                             
#39 js::RunScript (cx=0x8a7b9ae9610, state=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:458                                                                               
#40 js::InternalCallOrConstruct (cx=0x8a7b9ae9610, args=..., construct=js::NO_CONSTRUCT, reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:612
#41 InternalCall (cx=0x8a7b9ae9610, args=..., reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:647                               
#42 js::Call (cx=0x8a7b9ae9610, fval=..., thisv=..., args=..., rval=..., reason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:679
#43 0x000008a8947f4157 in js::Call (cx=0x8000ffff, fval=..., arg0=..., rval=..., thisv=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.h:116
#44 PromiseReactionJob (cx=0x8000ffff, argc=<optimized out>, vp=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/builtin/Promise.cpp:2244
#45 0x000008a88e9a8a86 in CallJSNative (cx=0x8a7b9ae9610, native=0x8a8947f3970 <PromiseReactionJob(JSContext*, unsigned int, JS::Value*)>, reason=js::CallReason::Call, args=...)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:486                                                                                                                                 
#46 js::InternalCallOrConstruct (cx=0x8a7b9ae9610, args=..., construct=js::NO_CONSTRUCT, reason=js::CallReason::Call) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:580
#47 InternalCall (cx=0x8a7b9ae9610, args=..., reason=js::CallReason::Call) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:647                             
#48 js::Call (cx=0x8a7b9ae9610, fval=..., thisv=..., args=..., rval=..., reason=js::CallReason::Call) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:679
#49 0x000008a88eac7fa7 in JS::Call (cx=<optimized out>, thisv=..., fval=..., args=..., rval=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/CallAndConstruct.cpp:119
#50 0x000008a88eac7c79 in mozilla::dom::PromiseJobCallback::Call (this=0x8a8687d5540, cx=..., aThisVal=..., aRv=...) at PromiseBinding.cpp:83
#51 0x000008a88eac7835 in mozilla::dom::PromiseJobCallback::Call (this=0x8a8687d5540, aRv=..., aExecutionReason=<optimized out>, aExceptionHandling=mozilla::dom::CallbackObject::eReportExceptions, aRealm=0x0)
    at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/mozilla/dom/PromiseBinding.h:198
#52 mozilla::dom::PromiseJobCallback::Call (this=0x8a8687d5540, aExecutionReason=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/mozilla/dom/PromiseBinding.h:211

#53 mozilla::PromiseJobRunnable::Run (this=0x8a8a7e774e0, aAso=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/base/CycleCollectedJSContext.cpp:213
#54 0x000008a88f21df78 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint (this=0x8a86978f000, aForce=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/base/CycleCollectedJSContext.cpp:676
#55 0x000008a8935374a7 in mozilla::CycleCollectedJSContext::LeaveMicroTask (this=0x8000ffff) at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/mozilla/CycleCollectedJSContext.h:246
#56 mozilla::nsAutoMicroTask::~nsAutoMicroTask (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/mozilla/CycleCollectedJSContext.h:394
#57 mozilla::EventListenerManager::HandleEventSingleListener (this=0x8a7f24390f0, aListener=<optimized out>, aTypeAtom=0x8a88d776634 <mozilla::detail::gGkAtoms+70964>, aEvent=0x8a81cd8cdc0, 
    aDOMEvent=<optimized out>, aCurrentTarget=<optimized out>, aItemInShadowTree=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/dom/events/EventListenerManager.cpp:1356
#58 mozilla::EventListenerManager::HandleEventWithListenerArray (this=<optimized out>, aListeners=0x8a7ddb91940, aTypeAtom=0x8a88d776634 <mozilla::detail::gGkAtoms+70964>, aEventMessage=mozilla::eAfterPaint, 
    aPresContext=<optimized out>, aEvent=0x8a81cd8cdc0, aDOMEvent=<optimized out>, aCurrentTarget=0x8a85f8bc800, aItemInShadowTree=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/dom/events/EventListenerManager.cpp:1669
#59 0x000008a893536244 in mozilla::EventListenerManager::HandleEventInternal (this=0x8a7f24390f0, aPresContext=0x8a7cab48600, aEvent=0x8a81cd8cdc0, aDOMEvent=<optimized out>, aCurrentTarget=<optimized out>, 
    aEventStatus=0x6fd522126ca0, aItemInShadowTree=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/dom/events/EventListenerManager.cpp:1566
#60 mozilla::EventListenerManager::HandleEvent (aPresContext=0x8a7cab48600, aEvent=0x8a81cd8cdc0, aDOMEvent=<optimized out>, aCurrentTarget=<optimized out>, aEventStatus=0x6fd522126ca0, this=<optimized out>, 
    aItemInShadowTree=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/dom/events/EventListenerManager.h:465
#61 mozilla::EventTargetChainItem::HandleEvent (this=<optimized out>, aVisitor=..., aCd=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/dom/events/EventDispatcher.cpp:342
#62 0x000008a8935357b0 in mozilla::EventTargetChainItem::HandleEventTargetChain (aChain=..., aVisitor=..., aCallback=0x0, aCd=...)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/dom/events/EventDispatcher.cpp:551
#63 0x000008a88ec013e1 in mozilla::EventDispatcher::Dispatch (aTarget=<optimized out>, aPresContext=0x8a7cab48600, aEvent=<optimized out>, aDOMEvent=0x8a89eff5460, aEventStatus=0x0, aCallback=0xfe847290, 
    aTargets=0x0) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/dom/events/EventDispatcher.cpp:1152
#64 0x000008a88ebfff85 in mozilla::EventDispatcher::DispatchDOMEvent (aTarget=0x8a85f8bc800, aEvent=<optimized out>, aDOMEvent=0x8a89eff5460, aPresContext=0x8a7cab48600, aEventStatus=0x0)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/dom/events/EventDispatcher.cpp:1279
#65 0x000008a88ed507e0 in nsPresContext::FireDOMPaintEvent (this=0x8a7cab48600, aList=0x8a879759bf8, aTransactionId=..., aTimeStamp=...)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/layout/base/nsPresContext.cpp:2226
#66 DelayedFireDOMPaintEvent::Run (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/layout/base/nsPresContext.cpp:2354
#67 0x000008a88ea680b9 in mozilla::RunnableTask::Run (this=0x8a879765000) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/TaskController.cpp:559
#68 0x000008a8926480c5 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal (this=0x8a86bdfd000, aProofOfLock=...)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/TaskController.cpp:886
#69 0x000008a892646b14 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal (this=0x8a86bdfd000, aProofOfLock=...)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/TaskController.cpp:709
#70 mozilla::TaskController::ProcessPendingMTTask (this=0x8a86bdfd000, aMayWait=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/TaskController.cpp:495
#71 0x000008a89264ac6f in mozilla::TaskController::TaskController()::$_3::operator()() const (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/TaskController.cpp:218
#72 mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_3>::Run() (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/nsThreadUtils.h:548
#73 0x000008a88eb3a737 in nsThread::ProcessNextEvent (this=0x8a825b38000, aMayWait=<optimized out>, aResult=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/nsThread.cpp:1199
#74 0x000008a88eb3a156 in NS_ProcessNextEvent (aThread=0x8000ffff, aMayWait=false) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/nsThreadUtils.cpp:480
#75 0x000008a88f2583d4 in mozilla::ipc::MessagePump::Run (this=0x8a87f1d9e00, aDelegate=0x8a825b58780) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/ipc/glue/MessagePump.cpp:85
#76 0x000008a88f2b8a1f in MessageLoop::RunInternal (this=0x6fd522124b08) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/ipc/chromium/src/base/message_loop.cc:370
#77 MessageLoop::RunHandler (this=0x6fd522124b08) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/ipc/chromium/src/base/message_loop.cc:363
#78 MessageLoop::Run (this=0x6fd522124b08) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/ipc/chromium/src/base/message_loop.cc:345
#79 0x000008a88f2b8977 in nsBaseAppShell::Run (this=0x8a7c4828d80) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/nsBaseAppShell.cpp:148
#80 0x000008a8946b009c in nsAppStartup::Run (this=0x8a825b4fd20) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/components/startup/nsAppStartup.cpp:295
#81 0x000008a88f598c81 in XREMain::XRE_mainRun (this=0x6fd522127300) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/xre/nsAppRunner.cpp:5673
#82 XREMain::XRE_main (this=0x6fd522127300, argc=<optimized out>, argv=<optimized out>, aConfig=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/xre/nsAppRunner.cpp:5874
#83 0x000008a88f5954b5 in XRE_main (argc=571624200, argv=0xfe847290, aConfig=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/xre/nsAppRunner.cpp:5930
#84 0x000008a5aba2988b in do_main (argc=4, argv=0x6fd522127918, envp=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/browser/app/nsBrowserApp.cpp:227
#85 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/browser/app/nsBrowserApp.cpp:445

a recursive loop ?

Component: Telemetry → JavaScript Engine: JIT
Product: Toolkit → Core

a build from m-c runs fine. puzzling.... the only difference in environment/configuration i can see is that this m-c build has wayland enabled but other than that.. starts fine.

looking at more beta traces within gdb there's definitely something fishy in terms of memory corruption:

#17 0x00000b254eb2c842 in MaybeEnterInterpreterTrampoline (cx=0xb2510005610, state=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:400
#18 js::RunScript (cx=0xb2510005610, state=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:458
#19 0x00000b254ed12c77 in js::ExecuteKernel (cx=0xdfdfdfdfdfdfdfdf, script=..., envChainArg=..., evalInFrame=..., result=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:845
#20 0x00000b254ed12b4b in js::Execute (cx=<optimized out>, script=..., envChain=..., rval=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Interpreter.cpp:877
#21 0x00000b2550d5a19e in js::ModuleObject::execute (cx=0xdfdfdfdfdfdfdfdf, self=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/builtin/ModuleObject.cpp:1286
#22 0x00000b254ec460f2 in InnerModuleEvaluation (cx=0xb2510005610, module=..., stack=..., index=<optimized out>, indexOut=0x7919763d46f8)
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Modules.cpp:1503
#23 0x00000b254ec45588 in js::ModuleEvaluate (cx=0xb2510005610, result=..., moduleArg=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Modules.cpp:1296
#24 JS::ModuleEvaluate (cx=0xb2510005610, moduleRecord=..., rval=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/js/src/vm/Modules.cpp:166

0xdfdfdfdfdf in frames #19 & #21 feels bogus as iirc that's what our malloc writes in pages that have been free()'ed. Or that's corruption of what gdb sees...

i can now reproduce the crash at will with 118.0b3, just showing the profile selection window, after some seconds firefox will crash. looking at the trace for all threads, i see lots of rust threads waiting on a condition (std::sync::condvar::Condvar::wait), some c threads on mozilla::detail::ConditionVariableImpl::wait, some rust threads on crossbeam_channel::context::Context::wait_until, and the main thread crashing on a write after free detected by our malloc:

#1  0x98010f2d971899e3 in ?? ()                                                                                                                                                                                      
#2  0x00000f7c6c8af952 in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51                                                                                                                                      
#3  0x00000f7c6c8f34de in wrterror (d=0xf7c3fecc040, msg=0xf7c6c893c72 "write after free %p") at /usr/src/lib/libc/stdlib/malloc.c:343                                                                               #4  0x00000f7c6c8f48cd in ofree (argpool=0x74337ad47b50, p=<optimized out>, clear=<optimized out>, check=<optimized out>, argsz=<optimized out>) at /usr/src/lib/libc/stdlib/malloc.c:733                            
#5  0x00000f7c6c8f4213 in _libc_free (ptr=0xf7c841c5da0) at /usr/src/lib/libc/stdlib/malloc.c:1678                                                                                                                   #6  0x00000f7cee0a022b in _XReply () from /usr/X11R6/lib/libX11.so.18.0                                                                                                                                              
#7  0x00000f7cee07f072 in XGetKeyboardControl () from /usr/X11R6/lib/libX11.so.18.0                                                                                                                                  
#8  0x00000f7c66fa73b6 in mozilla::widget::KeymapWrapper::InitXKBExtension (this=0xf7d0bcae5a0) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:464                                  
#9  0x00000f7c66fa7070 in mozilla::widget::KeymapWrapper::KeymapWrapper (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:371                                   
#10 0x00000f7c66fa67c5 in mozilla::widget::KeymapWrapper::GetInstance () at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:336                                                         
#11 0x00000f7c66f71aba in mozilla::widget::KeymapWrapper::InitInputEvent (aInputEvent=..., aModifierState=16) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:1089                   
#12 0x00000f7c6a5b41e1 in nsWindow::OnMotionNotifyEvent (this=0xf7d2be3bc00, aEvent=0xf7d0bcae140) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/gtk/nsWindow.cpp:4496                                   #13 motion_notify_event_cb (widget=<optimized out>, event=0xf7d0bcae140) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/gtk/nsWindow.cpp:8069                                                             
#14 0x00000f7cdec1e5a0 in _gtk_marshal_BOOLEAN__BOXED () from /usr/local/lib/libgtk-3.so.2201.0                                                                                                                      #15 0x00000f7c8a616bc5 in g_closure_invoke () from /usr/local/lib/libgobject-2.0.so.4200.17                                                                                                                          
#16 0x00000f7c8a63151d in signal_emit_unlocked_R () from /usr/local/lib/libgobject-2.0.so.4200.17                                                                                                                    #17 0x00000f7c8a63268f in g_signal_emit_valist () from /usr/local/lib/libgobject-2.0.so.4200.17                                                                                                                      
#18 0x00000f7c8a632a15 in g_signal_emit () from /usr/local/lib/libgobject-2.0.so.4200.17                                                                                                                             #19 0x00000f7cdef476c9 in gtk_widget_event_internal () from /usr/local/lib/libgtk-3.so.2201.0                                                                                                                        
#20 0x00000f7cdedc3abf in gtk_propagate_event () from /usr/local/lib/libgtk-3.so.2201.0                                                                                                                              #21 0x00000f7cdedc35f2 in gtk_main_do_event () from /usr/local/lib/libgtk-3.so.2201.0                                                                                                                                
#22 0x00000f7c447b4adb in _gdk_event_emit () from /usr/local/lib/libgdk-3.so.2201.1                                                                                                                                  #23 0x00000f7c4480e4f8 in gdk_event_source_dispatch () from /usr/local/lib/libgdk-3.so.2201.1                                                                                                                        
#24 0x00000f7c355963ef in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.4201.10                                                                                                                      
#25 0x00000f7c35596757 in g_main_context_iterate () from /usr/local/lib/libglib-2.0.so.4201.10                                                                                                                       #26 0x00000f7c3559680b in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.4201.10                                                                                                                     
#27 0x00000f7c6a5cb122 in nsAppShell::ProcessNextNativeEvent (this=<optimized out>, mayWait=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/gtk/nsAppShell.cpp:418                        
#28 0x00000f7c6a590681 in nsBaseAppShell::DoProcessNextNativeEvent (this=0xf7c841f28a0, mayWait=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/nsBaseAppShell.cpp:131                    
#29 nsBaseAppShell::OnProcessNextEvent (this=0xf7c841f28a0, thr=0xf7d1b61bc00, mayWait=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/widget/nsBaseAppShell.cpp:267                             
#30 0x00000f7c6a59079a in non-virtual thunk to nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) () at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/nsISupportsImpl.h:361                   
#31 0x00000f7c653d16c8 in nsThread::ProcessNextEvent (this=0xf7d1b61bc00, aMayWait=<optimized out>, aResult=0x74337ad48687) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/nsThread.cpp:1114       
#32 0x00000f7c653d1456 in NS_ProcessNextEvent (aThread=0x0, aMayWait=true) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpcom/threads/nsThreadUtils.cpp:480                                                    
#33 0x00000f7c674e37cc in mozilla::SpinEventLoopUntil<(mozilla::ProcessFailureBehavior)1, mozilla::AppWindow::ShowModal()::$_0>(nsTSubstring<char> const&, mozilla::AppWindow::ShowModal()::$_0&&, nsIThread*) (     
    aVeryGoodReasonToDoThis=..., aThread=0x0, aPredicate=...) at /usr/obj/ports/firefox-118.0beta3/build-amd64/dist/include/mozilla/SpinEventLoopUntil.h:176                                                         
#34 mozilla::AppWindow::ShowModal (this=0xf7c80977c80) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/xpfe/appshell/AppWindow.cpp:504                                                                            #35 0x00000f7c65d1a085 in nsWindowWatcher::OpenWindowInternal (this=<optimized out>, aParent=<optimized out>, aUrl=..., aName=..., aFeatures=..., aCalledFromJS=false, aDialog=<optimized out>,                      
    aNavigate=<optimized out>, aArgv=<optimized out>, aIsPopupSpam=<optimized out>, aForceNoOpener=<optimized out>, aForceNoReferrer=<optimized out>, aPrintKind=<optimized out>, aLoadState=<optimized out>,  aResult=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/components/windowwatcher/nsWindowWatcher.cpp:1438                                                                            
#36 0x00000f7c6afbc5a6 in nsWindowWatcher::OpenWindow (this=<optimized out>, aParent=0x0, aUrl=..., aName=..., aFeatures=..., aArguments=<optimized out>, aResult=<optimized out>)                                   
    at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/components/windowwatcher/nsWindowWatcher.cpp:295
#37 0x00000f7c6afde284 in ShowProfileManager (aProfileSvc=<optimized out>, aNative=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/xre/nsAppRunner.cpp:2853                              
#38 0x00000f7c6afdaf6d in XREMain::XRE_mainStartup (this=0x74337ad492e0, aExitFlag=0x74337ad4917b) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/xre/nsAppRunner.cpp:4958                               
#39 0x00000f7c65e2b6a3 in XREMain::XRE_main (this=0x74337ad492e0, argc=<optimized out>, argv=<optimized out>, aConfig=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/xre/nsAppRunner.cpp:5862       
#40 0x00000f7c65e29b65 in XRE_main (argc=6, argv=0x0, aConfig=...) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/toolkit/xre/nsAppRunner.cpp:5930
#41 0x00000f7a342c688b in do_main (argc=1, argv=0x74337ad498f8, envp=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/browser/app/nsBrowserApp.cpp:227                                            
#42 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/obj/ports/firefox-118.0beta3/firefox-118.0/browser/app/nsBrowserApp.cpp:445        

at that point i dont know what has free'd the memory that the main thread tries to write to, and on OpenBSD i cant really use all the tooling available on linux (rr, llvm *san etc) so im a bit out of ideas. having a build from m-c running is puzzling.. guess i can try a build from m-b branch to rule out differences between builds from a source tree and builds from a release with port/package options.

what could have changed between 117 and 118 in terms of process initialization ?
help welcome...

another puzzling data point.. a build from the current tip of m-b just runs fine (mach build, mach package, uncompress archive, run ./firefox/firefox. So it might have something to do with the build options or systemwide dependencies we use for the port/package..

tried a build of 118.0b4 without PGO, still blows.

edit: tried a build without PGO/lto/--with-system-icu, same thing, still blows. really puzzling.

calling out mike for help.. any idea what could cause random memory corruptions at startup, starting with 118 ? toolchains upgrade, wasi upgrade, binary layout, lto, PGO, something different in the process initialization ? i'm a bit stuck..

id like to be able to compare logs from a working build from m-b and a broken build from 118.0b4 but i wouldnt really know what values to put into MOZ_LOG to get something understandable.

Flags: needinfo?(mh+mozilla)

Compare config.status between the build that works and the one that doesn't?

Flags: needinfo?(mh+mozilla)

(In reply to Mike Hommey [:glandium] from comment #14)

Compare config.status between the build that works and the one that doesn't?

that was also my idea.. tried ruling out telemetry by unsetting MOZILLA_OFFICIAL=1 (that in turns sets MOZ_TELEMETRY_REPORTING) but that didnt help. It really feels like memory gets corrupted at startup/global initialization when all the calls are made to mozilla::xpcom::StaticModule::CreateInstance, since i can repro at will just running firefox -P and let the profile selector window idle for some seconds, i suppose lots of components are initialized at that time.. is there some particular MOZ_LOG class i could toggle to pinpoint the guilty one ?

here another trace..

Thread 1 received signal SIGSEGV, Segmentation fault.                                                                                                                                                                
RefPtr<UserIdleServiceImpl>::assign_assuming_AddRef (this=0xea2dd03a828, aNewPtr=0xea36dd31600) at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/mozilla/RefPtr.h:73                               
73      /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/mozilla/RefPtr.h: No such file or directory.                                             
(gdb) bt                                                                                                                                                                                                             
#0  RefPtr<UserIdleServiceImpl>::assign_assuming_AddRef (this=0xea2dd03a828, aNewPtr=0xea36dd31600) at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/mozilla/RefPtr.h:73           
#1  RefPtr<UserIdleServiceImpl>::assign_with_AddRef (this=0xea2dd03a828, aRawPtr=0xea36dd31600) at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/mozilla/RefPtr.h:66
#2  RefPtr<UserIdleServiceImpl>::operator= (this=0xea2dd03a828, aRhs=...) at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/mozilla/RefPtr.h:195
#3  nsUserIdleServiceGTK::ProbeService (this=0xea2dd03a7e0) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsUserIdleServiceGTK.cpp:261
#4  0x00000ea31049c34a in nsUserIdleServiceGTK::GetInstance () at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/components/../../widget/gtk/nsUserIdleServiceGTK.h:47
#5  mozilla::xpcom::CreateInstanceImpl (aID=<optimized out>, aIID=..., aResult=0x72195a1ace18) at /usr/obj/ports/firefox-118.0beta4/build-amd64/xpcom/components/StaticComponents.cpp:9802
#6  0x00000ea30ffe4d54 in mozilla::xpcom::StaticModule::CreateInstance (aIID=..., aResult=0x72195a1ace18, this=<optimized out>) at StaticComponents.cpp:12687
#7  (anonymous namespace)::EntryWrapper::CreateInstance (this=0x72195a1acf30, aIID=..., aResult=0x72195a1ace18) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/components/nsComponentManager.cpp:188
#8  nsComponentManagerImpl::GetServiceLocked (this=<optimized out>, aLock=..., aEntry=..., aIID=..., aResult=0x72195a1acf88)
    at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/components/nsComponentManager.cpp:982
#9  0x00000ea30ffe46d4 in nsComponentManagerImpl::GetServiceByContractID (this=0xea2f1dbb900, aContractID=<optimized out>, aIID=..., aResult=0x72195a1acf88)
    at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/components/nsComponentManager.cpp:1171
#10 CallGetService (aContractID=<optimized out>, aIID=..., aResult=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/components/nsComponentManagerUtils.cpp:61
#11 nsGetServiceByContractID::operator() (this=<optimized out>, aIID=..., aInstancePtr=0x72195a1acf88) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/components/nsComponentManagerUtils.cpp:240
#12 0x00000ea3153018e9 in nsCOMPtr<nsIUserIdleServiceInternal>::assign_from_gs_contractid (aGS=..., aIID=..., this=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/nsCOMPtr.h:867
#13 nsCOMPtr<nsIUserIdleServiceInternal>::nsCOMPtr (aGS=..., this=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/nsCOMPtr.h:509
#14 UpdateLastInputEventTime (aGdkEvent=0xea345f575a0) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsWindow.cpp:366
#15 key_press_event_cb (widget=0xea2a4676110, event=0xea345f575a0) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsWindow.cpp:8183
#16 0x00000ea32c308ac0 in _gtk_marshal_BOOLEAN__BOXED () from /usr/local/lib/libgtk-3.so.2201.0

is there a global killswitch to not enable telemetry components at startup ?

another datapoint, still dunno if that's 'interesting' or not.. i can start firefox -P and leave the profile manager window idle for many seconds without crashing.. but it crashes as soon as the mouse pointer enters the window, which matches the above trace, or the trace below ?

#1  0x3521ebe4712f5bb3 in ?? ()
#2  0x000007544c136c82 in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51
#3  0x000007544c0b07ce in wrterror (d=0x7547c185040, msg=0x7544c08e3d6 "write after free %p") at /usr/src/lib/libc/stdlib/malloc.c:343
#4  0x000007544c0b1bbd in ofree (argpool=0x723b04411320, p=<optimized out>, clear=<optimized out>, check=<optimized out>, argsz=<optimized out>) at /usr/src/lib/libc/stdlib/malloc.c:733
#5  0x000007544c0b1503 in _libc_free (ptr=0x75460e84960) at /usr/src/lib/libc/stdlib/malloc.c:1678
#6  0x00000754c29a38c2 in handle_response () from /usr/X11R6/lib/libX11.so.18.0
#7  0x00000754c29a41c0 in _XReply () from /usr/X11R6/lib/libX11.so.18.0
#8  0x00000754c2983072 in XGetKeyboardControl () from /usr/X11R6/lib/libX11.so.18.0
#9  0x00000754fd61d77e in mozilla::widget::KeymapWrapper::InitXKBExtension (this=0x7547e8ef640) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:464
#10 0x00000754fd61d634 in mozilla::widget::KeymapWrapper::KeymapWrapper (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:371
#11 0x00000754fd61f2b6 in mozilla::widget::KeymapWrapper::GetInstance () at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:336
#12 mozilla::widget::KeymapWrapper::InitInputEvent (aInputEvent=..., aModifierState=16) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:1089
#13 0x00000754fd5b5385 in nsWindow::OnMotionNotifyEvent (this=0x754a6e6e000, aEvent=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsWindow.cpp:4496
#14 0x00000754fd5be41a in motion_notify_event_cb (widget=<optimized out>, event=0x7540fdddb40) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsWindow.cpp:8069
#15 0x0000075486f005a0 in _gtk_marshal_BOOLEAN__BOXED () from /usr/local/lib/libgtk-3.so.2201.0
#16 0x00000754d4a04bc5 in g_closure_invoke () from /usr/local/lib/libgobject-2.0.so.4200.17
#17 0x00000754d4a1f51d in signal_emit_unlocked_R () from /usr/local/lib/libgobject-2.0.so.4200.17
#18 0x00000754d4a2068f in g_signal_emit_valist () from /usr/local/lib/libgobject-2.0.so.4200.17
#19 0x00000754d4a20a15 in g_signal_emit () from /usr/local/lib/libgobject-2.0.so.4200.17
#20 0x00000754872296c9 in gtk_widget_event_internal () from /usr/local/lib/libgtk-3.so.2201.0
#21 0x00000754870a5abf in gtk_propagate_event () from /usr/local/lib/libgtk-3.so.2201.0
#22 0x00000754870a55f2 in gtk_main_do_event () from /usr/local/lib/libgtk-3.so.2201.0
#23 0x00000754f4745adb in _gdk_event_emit () from /usr/local/lib/libgdk-3.so.2201.1
#24 0x00000754f479f4f8 in gdk_event_source_dispatch () from /usr/local/lib/libgdk-3.so.2201.1
#25 0x00000754eaed43ef in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.4201.10
#26 0x00000754eaed4757 in g_main_context_iterate () from /usr/local/lib/libglib-2.0.so.4201.10
#27 0x00000754eaed480b in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.4201.10
#28 0x00000754fd6001c6 in nsAppShell::ProcessNextNativeEvent (this=<optimized out>, mayWait=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsAppShell.cpp:418
#29 0x00000754fd56b544 in nsBaseAppShell::DoProcessNextNativeEvent (this=0x754b7813f00, mayWait=false) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/nsBaseAppShell.cpp:131
#30 nsBaseAppShell::OnProcessNextEvent (this=0x754b7813f00, thr=0x7549fcdb900, mayWait=true) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/nsBaseAppShell.cpp:250
#31 0x00000754fd56b73a in non-virtual thunk to nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) () at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/nsISupportsImpl.h:361
#32 0x00000754fa7694c7 in nsThread::ProcessNextEvent (this=0x7549fcdb900, aMayWait=false, aResult=0x723b04411e07) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/threads/nsThread.cpp:1114
#33 0x00000754fa76d292 in NS_ProcessNextEvent (aThread=0x0, aMayWait=true) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/threads/nsThreadUtils.cpp:480
#34 0x00000754fe78a2cb in mozilla::SpinEventLoopUntil<(mozilla::ProcessFailureBehavior)1, mozilla::AppWindow::ShowModal()::$_0>(nsTSubstring<char> const&, mozilla::AppWindow::ShowModal()::$_0&&, nsIThread*) (
    aVeryGoodReasonToDoThis=..., aThread=0x0, aPredicate=...) at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/mozilla/SpinEventLoopUntil.h:176
#35 mozilla::AppWindow::ShowModal (this=0x75469bf6c80) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpfe/appshell/AppWindow.cpp:504
#36 0x00000754feae0832 in nsWindowWatcher::OpenWindowInternal (this=<optimized out>, aParent=<optimized out>, aUrl=..., aName=..., aFeatures=..., aCalledFromJS=<optimized out>, aDialog=<optimized out>, 
    aNavigate=<optimized out>, aArgv=<optimized out>, aIsPopupSpam=<optimized out>, aForceNoOpener=<optimized out>, aForceNoReferrer=<optimized out>, aPrintKind=<optimized out>, aLoadState=<optimized out>, 
    aResult=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/components/windowwatcher/nsWindowWatcher.cpp:1438
#37 0x00000754feade473 in nsWindowWatcher::OpenWindow (this=0x754a6e77400, aParent=0x0, aUrl=..., aName=..., aFeatures=..., aArguments=<optimized out>, aResult=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/components/windowwatcher/nsWindowWatcher.cpp:295
#38 0x00000754feb34326 in ShowProfileManager (aProfileSvc=<optimized out>, aNative=<optimized out>, aNative@entry=0x7545dd3ac20) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/xre/nsAppRunner.cpp:2853
#39 0x00000754feb33f5e in SelectProfile (aProfileSvc=0x7545dd1e900, aProfileSvc@entry=0x723b044125e0, aNative=aNative@entry=0x7545dd3ac20, aRootDir=0x723b044125e0, aRootDir@entry=0x723b044125e8, 
    aLocalDir=aLocalDir@entry=0x723b044125e8, aProfile=<optimized out>, aProfile@entry=0x723b04412470, aWasDefaultSelection=<optimized out>, aWasDefaultSelection@entry=0x723b0441246f)
    at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/xre/nsAppRunner.cpp:3002
#40 0x00000754feb32e91 in XREMain::XRE_mainStartup (this=0x723b044125d0, aExitFlag=0x723b04412577) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/xre/nsAppRunner.cpp:4822
#41 0x00000754feb37e10 in XREMain::XRE_main (this=0x723b044125d0, argc=2, argv=0x723b04412bf8, aConfig=...) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/xre/nsAppRunner.cpp:5862

it feels like things go off the rails as soon as there's a gtk event past the initial window display. same thing if the profile dialog is open/focused and a key is typed:

#1  0x3521ebe4712f5bb3 in ?? ()
#2  0x000007544c136c82 in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51
#3  0x000007544c0b07ce in wrterror (d=0x7547c185040, msg=0x7544c08e3d6 "write after free %p") at /usr/src/lib/libc/stdlib/malloc.c:343
#4  0x000007544c0b1bbd in ofree (argpool=0x723b04411320, p=<optimized out>, clear=<optimized out>, check=<optimized out>, argsz=<optimized out>) at /usr/src/lib/libc/stdlib/malloc.c:733
#5  0x000007544c0b1503 in _libc_free (ptr=0x75460e84960) at /usr/src/lib/libc/stdlib/malloc.c:1678
#6  0x00000754c29a38c2 in handle_response () from /usr/X11R6/lib/libX11.so.18.0
#7  0x00000754c29a41c0 in _XReply () from /usr/X11R6/lib/libX11.so.18.0
#8  0x00000754c2983072 in XGetKeyboardControl () from /usr/X11R6/lib/libX11.so.18.0
#9  0x00000754fd61d77e in mozilla::widget::KeymapWrapper::InitXKBExtension (this=0x7547e8ef640) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:464
#10 0x00000754fd61d634 in mozilla::widget::KeymapWrapper::KeymapWrapper (this=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:371
#11 0x00000754fd61f2b6 in mozilla::widget::KeymapWrapper::GetInstance () at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:336
#12 mozilla::widget::KeymapWrapper::InitInputEvent (aInputEvent=..., aModifierState=16) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsGtkKeyUtils.cpp:1089
#13 0x00000754fd5b5385 in nsWindow::OnMotionNotifyEvent (this=0x754a6e6e000, aEvent=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsWindow.cpp:4496
#14 0x00000754fd5be41a in motion_notify_event_cb (widget=<optimized out>, event=0x7540fdddb40) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsWindow.cpp:8069
#15 0x0000075486f005a0 in _gtk_marshal_BOOLEAN__BOXED () from /usr/local/lib/libgtk-3.so.2201.0
#16 0x00000754d4a04bc5 in g_closure_invoke () from /usr/local/lib/libgobject-2.0.so.4200.17
#17 0x00000754d4a1f51d in signal_emit_unlocked_R () from /usr/local/lib/libgobject-2.0.so.4200.17
#18 0x00000754d4a2068f in g_signal_emit_valist () from /usr/local/lib/libgobject-2.0.so.4200.17
#19 0x00000754d4a20a15 in g_signal_emit () from /usr/local/lib/libgobject-2.0.so.4200.17
#20 0x00000754872296c9 in gtk_widget_event_internal () from /usr/local/lib/libgtk-3.so.2201.0
#21 0x00000754870a5abf in gtk_propagate_event () from /usr/local/lib/libgtk-3.so.2201.0
#22 0x00000754870a55f2 in gtk_main_do_event () from /usr/local/lib/libgtk-3.so.2201.0
#23 0x00000754f4745adb in _gdk_event_emit () from /usr/local/lib/libgdk-3.so.2201.1
#24 0x00000754f479f4f8 in gdk_event_source_dispatch () from /usr/local/lib/libgdk-3.so.2201.1
#25 0x00000754eaed43ef in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.4201.10
#26 0x00000754eaed4757 in g_main_context_iterate () from /usr/local/lib/libglib-2.0.so.4201.10
#27 0x00000754eaed480b in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.4201.10
#28 0x00000754fd6001c6 in nsAppShell::ProcessNextNativeEvent (this=<optimized out>, mayWait=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/gtk/nsAppShell.cpp:418
#29 0x00000754fd56b544 in nsBaseAppShell::DoProcessNextNativeEvent (this=0x754b7813f00, mayWait=false) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/nsBaseAppShell.cpp:131
#30 nsBaseAppShell::OnProcessNextEvent (this=0x754b7813f00, thr=0x7549fcdb900, mayWait=true) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/widget/nsBaseAppShell.cpp:250
#31 0x00000754fd56b73a in non-virtual thunk to nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) () at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/nsISupportsImpl.h:361
#32 0x00000754fa7694c7 in nsThread::ProcessNextEvent (this=0x7549fcdb900, aMayWait=false, aResult=0x723b04411e07) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/threads/nsThread.cpp:1114
#33 0x00000754fa76d292 in NS_ProcessNextEvent (aThread=0x0, aMayWait=true) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpcom/threads/nsThreadUtils.cpp:480
#34 0x00000754fe78a2cb in mozilla::SpinEventLoopUntil<(mozilla::ProcessFailureBehavior)1, mozilla::AppWindow::ShowModal()::$_0>(nsTSubstring<char> const&, mozilla::AppWindow::ShowModal()::$_0&&, nsIThread*) (
    aVeryGoodReasonToDoThis=..., aThread=0x0, aPredicate=...) at /usr/obj/ports/firefox-118.0beta4/build-amd64/dist/include/mozilla/SpinEventLoopUntil.h:176
#35 mozilla::AppWindow::ShowModal (this=0x75469bf6c80) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/xpfe/appshell/AppWindow.cpp:504
#36 0x00000754feae0832 in nsWindowWatcher::OpenWindowInternal (this=<optimized out>, aParent=<optimized out>, aUrl=..., aName=..., aFeatures=..., aCalledFromJS=<optimized out>, aDialog=<optimized out>, 
    aNavigate=<optimized out>, aArgv=<optimized out>, aIsPopupSpam=<optimized out>, aForceNoOpener=<optimized out>, aForceNoReferrer=<optimized out>, aPrintKind=<optimized out>, aLoadState=<optimized out>, 
    aResult=<optimized out>) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/components/windowwatcher/nsWindowWatcher.cpp:1438
#37 0x00000754feade473 in nsWindowWatcher::OpenWindow (this=0x754a6e77400, aParent=0x0, aUrl=..., aName=..., aFeatures=..., aArguments=<optimized out>, aResult=<optimized out>)
    at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/components/windowwatcher/nsWindowWatcher.cpp:295
#38 0x00000754feb34326 in ShowProfileManager (aProfileSvc=<optimized out>, aNative=<optimized out>, aNative@entry=0x7545dd3ac20) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/xre/nsAppRunner.cpp:2853
#39 0x00000754feb33f5e in SelectProfile (aProfileSvc=0x7545dd1e900, aProfileSvc@entry=0x723b044125e0, aNative=aNative@entry=0x7545dd3ac20, aRootDir=0x723b044125e0, aRootDir@entry=0x723b044125e8, 
    aLocalDir=aLocalDir@entry=0x723b044125e8, aProfile=<optimized out>, aProfile@entry=0x723b04412470, aWasDefaultSelection=<optimized out>, aWasDefaultSelection@entry=0x723b0441246f)
    at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/xre/nsAppRunner.cpp:3002
#40 0x00000754feb32e91 in XREMain::XRE_mainStartup (this=0x723b044125d0, aExitFlag=0x723b04412577) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/xre/nsAppRunner.cpp:4822
#41 0x00000754feb37e10 in XREMain::XRE_main (this=0x723b044125d0, argc=2, argv=0x723b04412bf8, aConfig=...) at /usr/obj/ports/firefox-118.0beta4/firefox-118.0/toolkit/xre/nsAppRunner.cpp:5862
Component: JavaScript Engine: JIT → Widget: Gtk
Summary: 118.0beta blows in JS engine at startup on OpenBSD → 118.0beta blows at first gtk event at startup on OpenBSD

trying with MOZ_LOG=nsComponentManager:5 doesnt give much more clue at what happens between a working profile manager session with my build from m-b and an exploding profile manager session with my 118.0b4 build.

other discrepancies between build configs, m-b has the default:

    'MOZ_CONFIGURE_OPTIONS': 'CC=/usr/local/llvm13/bin/clang-13 '
                             'CXX=/usr/local/llvm13/bin/clang++-13 '
                             '--with-libclang-path=/usr/local/llvm13/lib '
                             '--with-wasi-sysroot=/usr/local/share/wasi-sysroot '
                             'M4=/usr/local/bin/gm4',

while the 118.0b4 build has:

    'MOZ_CONFIGURE_OPTIONS': "--disable-tests '--enable-optimize=-O2 -pipe -g "
                             "' CC=cc CXX=c++ --enable-profile-use "
                             '--with-pgo-profile-path=/usr/obj/ports/firefox-118.0beta4/merged.profdata '
                             '--enable-lto=thin SO_VERSION=129.0 '
                             '--with-libclang-path=/usr/local/llvm13/lib '
                             '--with-system-icu '
                             '--with-wasi-sysroot=/usr/local/share/wasi-sysroot '
                             '--with-system-nss --disable-updater '
                             'MOZ_APP_REMOTINGNAME=firefox --disable-dbus '
                             'AWK=/usr/bin/awk MAKE=gmake '
                             '--disable-install-strip --with-system-zlib '
                             'M4=/usr/local/bin/gm4 --enable-official-branding '
                             '--prefix=/usr/local',

so far from this differences, i've tried (without success ofc..):

  • disabling pgo
  • disabling pgo/lto
  • disabling systemwide icu (same 73.2 version anyway)

what i havent tried yet but doubt would make a difference:

  • building with bundled nss/nspr/zlib
  • enabling dbus ?

im also working on having a wip wayland support working but i doubt that's related anyway, because the 118.0b4 build blows the same on two laptops, one with gtk having wayland enabled and the other not.

using MOZ_LOG=Widget:5 gives this when the profile manager blows upon mouse hover (ofc that doesnt mean the problem comes from gtk, its rather what 'exposes' it ?):

[Parent 2857: Main Thread]: D/Widget [5de5ab05000]: nsWindow::OnExposeEvent GdkWindow [5de8af36700] XWindow [0x2a00039]
[Parent 2857: Main Thread]: D/Widget [5de5ab05000]: enter notify (win=5de8af36700, sub=0): 147.000000, 360.000000 mode 0, detail 3
[Parent 2857: Main Thread]: D/Widget [5de5ab05000]: OnEnterNotify
firefox(2857) in realloc(): write after free 0x5ddd3e980c0
Abort trap (core dumped) 

when opening the regular firefox window, the crash is after the window being painted:

[Parent 36000: Main Thread]: D/Widget [963925f6000]:   moz_container_wayland_add_or_fire_initial_draw_callback ConfigureCompositor
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::ResumeCompositorImpl()
[Parent 36000: Main Thread]: D/Widget [963925f6000]: GtkCompositorWidget::EnableRendering() [963925f6000]
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   configure XWindow 2a0004c shaped 0
[Parent 36000: Renderer]: D/Widget [963925f6000]: Get NS_NATIVE_EGL_WINDOW mGdkWindow 963aceff8c0 returned eglWindow 2a0004c
[Parent 36000: Renderer]: D/Widget [963925f6000]: GtkCompositorWidget::GetEGLNativeWindow [963925f6000] window 2a0004c
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   finished, new GdkWindow 963aceff8c0 XID 0x2a0004c
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::OnWindowStateEvent for 963ea0a6860 changed 0x81 new_window_state 0x80
[Parent 36000: Main Thread]: D/Widget [963925f6000]:    early return because no interesting bits changed
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::OnWindowStateEvent for 963da71ab10 changed 0x81 new_window_state 0x80
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::SetHasMappedToplevel(1)
[Parent 36000: Main Thread]: D/Widget [963925f6000]:    quick return because IS_MOZ_CONTAINER(aWidget) is true
[Parent 36000: Main Thread]: D/Widget [963925f6000]: configure event 0,0 -> 1652 x 986 direct mGdkWindow scale 1 (scaled size 1652 x 986)
[Parent 36000: Main Thread]: D/Widget [963925f6000]: GetScreenBounds -26,18 -> 1600 x 934, unscaled -26,18 -> 1600 x 934
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::CheckForRollup() aAlwaysRollup 1
[Parent 36000: Main Thread]: D/Widget [963925f6000]: configure event -26,18 -> 1652 x 986 direct mGdkWindow scale 1 (scaled size 1652 x 986)
[Parent 36000: Main Thread]: D/Widget [963925f6000]: configure event -26,18 -> 1652 x 986 direct mGdkWindow scale 1 (scaled size 1652 x 986)
[Parent 36000: Main Thread]: D/Widget [963925f6000]: OnContainerFocusInEvent
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   nsWindow::SetUrgencyHint widget 963ea0a6860
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::SetFocus Raise 0
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   gFocusWindow [0]
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   mContainer [963da71ab10]
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   Toplevel widget [963ea0a6860]
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   widget now has focus in SetFocus()
[Parent 36000: Main Thread]: D/Widget [963925f6000]: Events sent from focus in event
[Parent 36000: Main Thread]: D/Widget moz_container_size_allocate [963925f6000] 26,23 -> 1600 x 934
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::OnSizeAllocate 26,23 -> 1600 x 934
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   Already the same size
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::OnExposeEvent GdkWindow [963aceff8c0] XWindow [0x2a0004c]
[Parent 36000: Main Thread]: D/Widget [963925f6000]: nsWindow::SetFocus Raise 0
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   gFocusWindow [963925f6000]
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   mContainer [963da71ab10]
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   Toplevel widget [963ea0a6860]
[Parent 36000: Main Thread]: D/Widget [963925f6000]:   already have focus
[Parent 36000: Main Thread]: D/Widget [963f896ec00]: nsWindow::Create
[Parent 36000: Main Thread]: D/Widget [963f896ec00]:   mBounds: x:0 y:0 w:100 h:100
[Parent 36000: Main Thread]: D/Widget [963f896ec00]: nsWindow::Create() Initial resize to 100 x 100
[Parent 36000: Main Thread]: D/Widget [963f896ec00]: nsWindow::Create() Toplevel
[Parent 36000: Main Thread]: D/Widget moz_container_init [0]
[Parent 36000: Main Thread]: D/Widget [963f896ec00]:   nsWindow type 5 
[Parent 36000: Main Thread]: D/Widget [963f896ec00]:   mShell 963f8951860 mContainer 9636c554910 mGdkWindow 0 XID 0x0
firefox(36000) in free(): write after free 0x9639a8da3c0
Exiting due to channel error.
Abort trap (core dumped) 

going deeper in this rabbit hole.. this time with MOZ_LOG=Widget:5,nsIUserIdleService:5,idleService:5 (again i have no idea if those traces can make any sense at all..)

[Parent 9812: Main Thread]: D/Widget [b6818269c00]: nsWindow::OnExposeEvent GdkWindow [b67624f2a80] XWindow [0x2c00039]
[Parent 9812: Main Thread]: D/Widget [b6818269c00]: enter notify (win=b67624f2a80, sub=0): 0.000000, 26.000000 mode 0, detail 3
[Parent 9812: Main Thread]: D/Widget [b6818269c00]: OnEnterNotify
[Parent 9812: Main Thread]: D/idleService nsUserIdleServiceDaily: Init: seconds since last daily: 1693898455
[Parent 9812: Main Thread]: D/idleService nsUserIdleServiceDaily: has been long wait? 0
[Parent 9812: Main Thread]: D/idleService nsUserIdleServiceDaily: Registering Idle observer callback (short wait requested? 0)
[Parent 9812: Main Thread]: D/idleService idleService: Register idle observer b678435fc00 for 180 seconds
[Parent 9812: Main Thread]: D/idleService idleService: Register: adjusting next switch from -1 to 180 seconds
[Parent 9812: Main Thread]: D/idleService idleService: next timeout 180000 msec from now
[Parent 9812: Main Thread]: D/idleService idleService: SetTimerExpiryIfBefore: next timeout 180000 msec from now
[Parent 9812: Main Thread]: D/idleService idleService: IdleService reset timer expiry to 180010 msec from now
[Parent 9812: Main Thread]: I/nsIUserIdleService nsUserIdleServiceGTK::ProbeService() mIdleServiceType 1
[Parent 9812: Main Thread]: I/nsIUserIdleService UserIdleServiceX11::UserIdleServiceX11()
[Parent 9812: Main Thread]: I/nsIUserIdleService nsUserIdleServiceGTK::AcceptServiceCallback() type 1
[Parent 9812: Main Thread]: D/idleService idleService: Reset idle timeout (last interaction 0 msec)
[Parent 9812: Main Thread]: D/idleService idleService: Reset idle timeout: no idle observers
[Parent 9812: Main Thread]: D/idleService idleService: Reset idle timeout (last interaction 0 msec)
[Parent 9812: Main Thread]: D/idleService idleService: Reset idle timeout: no idle observers
firefox(9812) in free(): write after free 0xb681267ca80
Abort trap (core dumped) 

i can now reproduce the random corruptions with a build from m-b tree... still chasing that crazy situation. i've try so many build configurations i've lost track, but now im sure its not with/without dbus. suspecting a side effect of --disable-updater now.

edit even more lost... a build of m-b without --disable-dbus blows, but in the end a build of 118.0b4 without --disable-dbus (so with the dbus-glib dependency) seems to run. Or there's something fishy in the dbus/glib/gtk stack... but then how would 117.0 just run fine in the same environment...

:stransky, from what i've found from what has changed related to dbus in 118, there's bug #1847287 but... looking at the code that changed, all the modified codepaths in that bug are within MOZ_ENABLE_DBUS so a build with --disable-dbus shouldnt be affected by it.

just retrying clean builds to confirm my findings... but im still super puzzled.

Flags: needinfo?(stransky)

oh there's also bug #1848084 that was in 118, and this one has codepaths for disabled dbus.. now examining https://hg.mozilla.org/mozilla-central/rev/1c8dec8815d5

Hm, no idea. May valgrind help here?

Flags: needinfo?(stransky)

(In reply to Martin Stránský [:stransky] (ni? me) from comment #23)

Hm, no idea. May valgrind help here?

valgrind is in a proof-of-concept state on OpenBSD, eg it 'works' on very simple programs but on firefox it blows early on Couldn't load XPCOM.

since my last tries were a bit confusing, i'll make sure to pinpoint the exact issue being related to dbus beind enabled or not, and related to that bug or not.
i'll check that:

  • a build from m-c runs fine with the default options (eg dbus enabled)
  • a build from m-c also blows if --disable-dbus is used
  • if i locally revert bug #1848084 then a dbus-disabled build runs fine.

But so far i've been using a dbus-enabled 118.0b4 on two laptops (typing this comment from it)

looking at the aforementioned commit, running working/broken binaries with MOZ_LOG=LinuxWakeLock:5 didnt yield obvious differences for now, but i'll try singlestepping there in gdb, especially in the !MOZ_ENABLE_DBUS codepaths.

(In reply to Landry Breuil (:gaston) from comment #24)

  • a build from m-c also blows if --disable-dbus is used

a build from m-c with --disable-dbus indeed blows at startup.

  • if i locally revert bug #1848084 then a dbus-disabled build runs fine.

a build from m-b with --disable-dbus and https://hg.mozilla.org/mozilla-central/raw-rev/1c8dec8815d5 locally reverted still blows. Unexpected, but seems to say that bug #1848084 isnt the one ?

Summary: 118.0beta blows at first gtk event at startup on OpenBSD → 118.0beta blows at startup using --disable-dbus on OpenBSD

looking a bit more, here's what i did:

  • look for all files with MOZ_ENABLE_DBUS
  • for all files, look for the ones who got changed somewhat between 117 and 118
  • in those, look for the changes that could be related to !MOZ_ENABLE_DBUS codepaths.

that also seems to show that https://hg.mozilla.org/mozilla-central/rev/2534c74b04a7231e98f91a2e80432c1b4dcdddff from bug #1846729 and https://hg.mozilla.org/mozilla-central/rev/8508522a874d0d3f9be2a513f96ce5b2f70c644a from bug #1847699 could be candidates.

and as said in https://bugzilla.mozilla.org/show_bug.cgi?id=1850968#c21 i doubt https://hg.mozilla.org/mozilla-central/rev/49284146400e91f8ede2ab75ff6c3e2e0518eea5 from bug #1847287 could be related since the changed codepaths are all within MOZ_ENABLE_DBUS

will try bisecting/reverting those aforementioned commits.

looking deeper in the code i have doubts at https://hg.mozilla.org/mozilla-central/file/8508522a874d0d3f9be2a513f96ce5b2f70c644a/widget/gtk/nsUserIdleServiceGTK.cpp#l241

from my understanding, ProbeService() will be called with 1 first because of int mIdleServiceType = IDLE_SERVICE_XSCREENSAVER; when !MOZ_ENABLE_DBUS but if for whatever reason that fails and go to the default in the switch case, then the idleService variable is undefined/unset/garbage in https://hg.mozilla.org/mozilla-central/file/8508522a874d0d3f9be2a513f96ce5b2f70c644a/widget/gtk/nsUserIdleServiceGTK.cpp#l255 ? What does RefPtr<UserIdleServiceImpl> idleService; initializes it to ?

more data points:

  • firefox 118.0b5 built with --enable-dbus runs fine, typing this comment from it. with MOZ_LOG=nsIUserIdleService:5 in the env i get this
[Parent 44782: Main Thread]: I/nsIUserIdleService nsUserIdleServiceGTK::ProbeService() mIdleServiceType 0
[Parent 44782: Main Thread]: I/nsIUserIdleService UserIdleServiceMutter::UserIdleServiceMutter()
[Parent 44782: Main Thread]: I/nsIUserIdleService nsUserIdleServiceGTK::AcceptServiceCallback() type 0
[Parent 44782: Main Thread]: I/nsIUserIdleService UserIdleServiceMutter::PollIdleTime()
[Parent 44782: Main Thread]: I/nsIUserIdleService UserIdleServiceMutter::PollIdleTime() failed, message: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.Mutter.IdleMonitor was not provided by any .service files

that build from https://hg.mozilla.org/mozilla-central/rev/8508522a874d0d3f9be2a513f96ce5b2f70c644a fails at runtime:

[Parent 8404: Main Thread]: I/nsIUserIdleService nsUserIdleServiceGTK::ProbeService() mIdleServiceType 1
[Parent 8404: Main Thread]: I/nsIUserIdleService UserIdleServiceX11::UserIdleServiceX11()
[Parent 8404: Main Thread]: W/nsIUserIdleService Failed to find libXss.so!
[Parent 8404: Main Thread]: I/nsIUserIdleService nsUserIdleServiceGTK::RejectAndTryNextServiceCallback() type 1
[Parent 8404: Main Thread]: I/nsIUserIdleService nsUserIdleServiceGTK failed
Segmentation fault (core dumped) 

the failure to find libXss.so is 'expected' since unpatched m-c doesnt have an nspr patch we carry for years, cf https://github.com/openbsd/ports/blob/master/devel/nspr/patches/patch-nspr_pr_src_linking_prlink_c & bug #650772 -- and it shouldnt be related to the crash i'm seeing since my 118.0b5 builds are done against the systemwide patched nspr.

now retrying with a build from https://hg.mozilla.org/mozilla-central/rev/2534c74b04a7231e98f91a2e80432c1b4dcdddff to figure out which of the two is the offending commit, this one runs in the same conditions. So my conclusion is that this bug is .. a regression from bug #1847699

Keywords: regression
Regressed by: 1847699

Set release status flags based on info from the regressing bug 1847699

Flags: needinfo?(stransky)
Assignee: nobody → stransky
Status: NEW → ASSIGNED
Flags: needinfo?(stransky)

Comment on attachment 9352293 [details]
Bug 1850968 [Linux] Don't ref/unref nsUserIdleServiceGTK in its constructor r?emilio

fwiw, testing a build of m-b on rev https://hg.mozilla.org/mozilla-central/rev/8508522a874d0d3f9be2a513f96ce5b2f70c644a with https://phabricator.services.mozilla.com/D187809 applied on top, and using --disable-dbus, it starts & runs fine. Woo! would have never found the right fix... after hours of staring at the code.

will confirm in the coming hours:

  • that a build from m-c tip with the patch (and using --disable-dbus) runs fine
  • that a build of 118.0b6 with the patch (and using --disable-dbus) runs fine

that leaves me with one interrogation.. if i understood it right, if dbus is found, the x11 codepaths are never taken, so if there's no org.gnome.Mutter.IdleMonitor service on the bus, then idle timeout won't be detected/x11 wont be used as a fallback ? shouldnt that be taken into account ?

with dbus, not using gnome, that's just a constant stream of error msgs from UserIdleServiceMutter::PollIdleTime()

...
[Parent 58669: Main Thread]: I/nsIUserIdleService UserIdleServiceMutter::PollIdleTime()
[Parent 58669: Main Thread]: I/nsIUserIdleService UserIdleServiceMutter::PollIdleTime() failed, message: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.Mutter.IdleMonitor was not provided by any .service files
[Parent 58669: Main Thread]: I/nsIUserIdleService UserIdleServiceMutter::PollIdleTime()
[Parent 58669: Main Thread]: I/nsIUserIdleService UserIdleServiceMutter::PollIdleTime() failed, message: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.Mutter.IdleMonitor was not provided by any .service files
...
Attachment #9352293 - Flags: feedback+

(In reply to Landry Breuil (:gaston) from comment #32)

  • that a build of 118.0b6 with the patch (and using --disable-dbus) runs fine

confirmed working fine

(In reply to Landry Breuil (:gaston) from comment #32)

  • that a build from m-c tip with the patch (and using --disable-dbus) runs fine

confirmed also working fine

Attachment #9352293 - Attachment is obsolete: true

Reworked to make sure we don't add ref from promise handler.

Comment on attachment 9352439 [details]
Bug 1850968 [Linux] Don't ref/unref nsUserIdleServiceGTK in its constructor r?emilio

can't comment on the changes themselves but this also works fine for me applied on top of 118.0b7, still using --disable-dbus

Attachment #9352439 - Flags: feedback+
Pushed by stransky@redhat.com:
https://hg.mozilla.org/integration/autoland/rev/2e2360c55e7b
[Linux] Don't ref/unref nsUserIdleServiceGTK in its constructor r=emilio

[Tracking Requested - why for this release]:

Comment on attachment 9352439 [details]
Bug 1850968 [Linux] Don't ref/unref nsUserIdleServiceGTK in its constructor r?emilio

Beta/Release Uplift Approval Request

  • User impact if declined: crashes at startup with --disable-dbus
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): not risky because --disable-dbus is not used for tier1 binaries, and probably very few distributors
  • String changes made/needed: none
  • Is Android affected?: No
Attachment #9352439 - Flags: approval-mozilla-beta?
Status: ASSIGNED → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch

(In reply to Landry Breuil (:gaston) from comment #40)

Comment on attachment 9352439 [details]
Bug 1850968 [Linux] Don't ref/unref nsUserIdleServiceGTK in its constructor r?emilio

Beta/Release Uplift Approval Request

  • User impact if declined: crashes at startup with --disable-dbus

I'd like to clarify that the crash may happen with enabled-dbus too (i.e. stock Mozilla binaries) if DBus Mutter idle interface is missing.

Flags: needinfo?(stransky)

(In reply to [:fabrice] Fabrice Desré from comment #43)

This assert fails in debug builds with mutter: https://hg.mozilla.org/mozilla-central/rev/2e2360c55e7b#l1.124 since https://hg.mozilla.org/mozilla-central/file/tip/widget/gtk/nsUserIdleServiceGTK.h#l68 set mIdleService to 0. Is that intentional?

Err, that's typo. Will fix it.

Flags: needinfo?(stransky)
Duplicate of this bug: 1852860
Pushed by stransky@redhat.com:
https://hg.mozilla.org/integration/autoland/rev/ff3b223bcb34
[Linux] Assert if mIdleService is already set in nsUserIdleServiceGTK::ProbeService() r=emilio

Happy to take a safe NPOTB patch, no need to track for our own releases though.

Per comment 42 it seems to affect our builds too.

Flags: needinfo?(pascalc)

(In reply to Emilio Cobos Álvarez (:emilio) from comment #49)

Per comment 42 it seems to affect our builds too.

Thanks, I missed that comment, tracking for 118 then :)

Flags: needinfo?(pascalc)

Comment on attachment 9352439 [details]
Bug 1850968 [Linux] Don't ref/unref nsUserIdleServiceGTK in its constructor r?emilio

Approved for 118.0b9 (last beta) thanks.

Attachment #9352439 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Comment on attachment 9352826 [details]
Bug 1850968 [Linux] Assert if mIdleService is already set in nsUserIdleServiceGTK::ProbeService() r?emilio

Beta/Release Uplift Approval Request

  • User impact if declined: cf comments in the bug, this should be backported to beta too
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky):
  • String changes made/needed:
  • Is Android affected?: No
Attachment #9352826 - Flags: approval-mozilla-beta?

Comment on attachment 9352826 [details]
Bug 1850968 [Linux] Assert if mIdleService is already set in nsUserIdleServiceGTK::ProbeService() r?emilio

Approved for 118.0b9 (last beta) thanks.

Attachment #9352826 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

can confirm that 118.0b9 works fine on OpenBSD using --disable-dbus

Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: