Open Bug 1865443 Opened 2 years ago Updated 2 years ago

Crash in [@ mozilla::WeakPtr<T>::operator bool] from nsContentUtils::FirePageHideEventForFrameLoaderSwap

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
ARM64
All
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox122 --- affected

People

(Reporter: release-mgmt-account-bot, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/4cc499f6-7d81-42bf-82f3-b69f10231023

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  RefPtr<mozilla::detail::WeakReference>::get const  mfbt/RefPtr.h:325
0  xul.dll  RefPtr<mozilla::detail::WeakReference>::operator-> const  mfbt/RefPtr.h:355
0  xul.dll  mozilla::WeakPtr<nsDocShell, 0>::operator bool const  mfbt/WeakPtr.h:302
0  xul.dll  mozilla::dom::Document::OnPageHide  dom/base/Document.cpp:11820
1  xul.dll  nsContentUtils::FirePageHideEventForFrameLoaderSwap  dom/base/nsContentUtils.cpp:8680
2  xul.dll  mozilla::dom::BrowserChild::RecvSwappedWithOtherRemoteLoader  dom/ipc/BrowserChild.cpp:2234
3  xul.dll  mozilla::dom::PBrowserChild::OnMessageReceived  ipc/ipdl/PBrowserChild.cpp:7366
4  xul.dll  mozilla::dom::PContentChild::OnMessageReceived  ipc/ipdl/PContentChild.cpp:8694
5  xul.dll  mozilla::ipc::MessageChannel::DispatchAsyncMessage  ipc/glue/MessageChannel.cpp:1800
5  xul.dll  mozilla::ipc::MessageChannel::DispatchMessage  ipc/glue/MessageChannel.cpp:1725

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

  • First crash report: 2023-09-10
  • Process type: Content
  • Is startup crash: No
  • Has user comments: No
  • Is null crash: Yes - all crashes happened on null or near null memory address

Maybe doc is null on this line? doc->OnPageHide(true, aChromeEventHandler, aOnlySystemGroup);

Component: General → DOM: Core & HTML
Summary: Crash in [@ mozilla::WeakPtr<T>::operator bool] → Crash in [@ mozilla::WeakPtr<T>::operator bool] from nsContentUtils::FirePageHideEventForFrameLoaderSwap
Severity: -- → S3

(In reply to Andrew McCreight [:mccr8] from comment #1)

Maybe doc is null on this line? doc->OnPageHide(true, aChromeEventHandler, aOnlySystemGroup);

Yeah, it looks like that. I can confirm it by cracking open a minidump. BTW there's at least a couple of unrelated crashes under this signature, we should improve it by dropping the first frames related to WeakPtr.

You need to log in before you can comment on or make changes to this bug.