Closed Bug 1926456 Opened 1 year ago Closed 1 year ago

Crash in [@ mozilla::dom::CanonicalBrowsingContext::ClearRestoreState] with NS_SUCCEEDED(SetHasRestoreData(false))

Categories

(Core :: Session Restore, defect)

Product:
Core
Component:
Session Restore
Platform:
Unspecified
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
133 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- disabled
firefox-esr128 --- disabled
firefox131 --- disabled
firefox132 --- disabled
firefox133 --- fixed

People

(Reporter: mccr8, Assigned: farre)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1926456 - Skip discarded contexts when setting synced field. r=peterv!
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/0a5d4873-709d-484b-a62c-e34690241022

MOZ_CRASH Reason:

MOZ_DIAGNOSTIC_ASSERT(false) (NS_SUCCEEDED(SetHasRestoreData(false)))

Top 10 frames:

0  libxul.so  mozilla::dom::CanonicalBrowsingContext::ClearRestoreState()  docshell/base/CanonicalBrowsingContext.cpp:2622
1  libxul.so  mozilla::dom::PWindowGlobalParent::OnMessageReceived(IPC::Message const&)  ipc/ipdl/PWindowGlobalParent.cpp:0
2  libxul.so  mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&)  ipc/ipdl/PContentParent.cpp:6435
3  libxul.so  mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecyc...  ipc/glue/MessageChannel.cpp:1785
3  libxul.so  mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecyclePro...  ipc/glue/MessageChannel.cpp:1712
3  libxul.so  mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, ...  ipc/glue/MessageChannel.cpp:1503
3  libxul.so  mozilla::ipc::MessageChannel::MessageTask::Run()  ipc/glue/MessageChannel.cpp:1603
4  libxul.so  mozilla::RunnableTask::Run()  xpcom/threads/TaskController.cpp:618
4  libxul.so  mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::det...  xpcom/threads/TaskController.cpp:945
5  libxul.so  mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detai...  xpcom/threads/TaskController.cpp:768

This showed up on the Nightly crash spike report. It is on Android. Maybe related to the Android SHIP rollout?

Blocks: 1736121
status-firefox132: --- → affected
status-firefox133: --- → affected
Summary: Crash in [@ mozilla::dom::CanonicalBrowsingContext::ClearRestoreState] with NS_SUCCEEDED(SetHasRestoreData(false) → Crash in [@ mozilla::dom::CanonicalBrowsingContext::ClearRestoreState] with NS_SUCCEEDED(SetHasRestoreData(false))

That is part of session restore, implemented in bug 1702055 and elsewhere.

Component: DOM: Navigation → Session Restore
Product: Core → Firefox
Product: Firefox → Core

I looked into these crashes a bit, but I'm clearly missing something. I think we always set HasRestoreData and mRestoreState together. https://searchfox.org/mozilla-central/rev/360b702e1ec793c49dc66122e50fe580d43350b3/docshell/base/CanonicalBrowsingContext.cpp#2657-2658 is a bit weird, since it sets HasRestoreData to false but doesn’t clear mRestoreState, but that should not trigger the assertion.

I think that the problem is that this can call CanonicalBrowsingContext::ClearRestoreState() async, which means that the context could've been discarded while we were restoring.

Assignee: nobody → afarre
Status: NEW → ASSIGNED
Pushed by afarre@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2a521dd562a5 Skip discarded contexts when setting synced field. r=peterv

https://hg.mozilla.org/mozilla-central/rev/2a521dd562a5

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox133: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 133 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: