Hit MOZ_CRASH(nsWeakReference not thread-safe) at /builds/worker/checkouts/gecko/xpcom/base/nsISupportsImpl.cpp:43
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
People
(Reporter: tsmith, Assigned: keeler)
References
(Blocks 1 open bug, )
Details
(4 keywords, Whiteboard: [psm-assigned] [adv-main137+r][adv-esr128.9+r] )
Attachments
(3 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
Found with m-c 20250101-b60410fc60da (--enable-debug)
This was found by visiting a live website with a debug build.
STR:
- Launch browser and visit site
This issue was triggered by visiting https://www.techtarget.com/. It is currently one of the most frequently reported live site testing issues. Unfortunately it does not reproduce reliably. A Pernosco session can be found here: https://pernos.co/debug/ATmDqAiX7r4hYCeHTHIGAQ/index.html
Hit MOZ_CRASH(nsWeakReference not thread-safe) at /builds/worker/checkouts/gecko/xpcom/base/nsISupportsImpl.cpp:43
#0 0x7fffe29255d4 in MOZ_CrashSequence /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:267:3
#1 0x7fffe29255d4 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:382:3
#2 0x7fffe29255d4 in AssertCurrentThreadOwnsMe /builds/worker/checkouts/gecko/xpcom/base/nsISupportsImpl.cpp:43:5
#3 0x7fffe29255d4 in AssertOwnership<32> /builds/worker/workspace/obj-build/dist/include/nsISupportsImpl.h:59:5
#4 0x7fffe29255d4 in nsWeakReference::Release() /builds/worker/checkouts/gecko/xpcom/base/nsWeakReference.cpp:123:1
#5 0x7fffe3141a19 in Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:49:40
#6 0x7fffe3141a19 in ~nsCOMPtr /builds/worker/workspace/obj-build/dist/include/nsCOMPtr.h:344:7
#7 0x7fffe3141a19 in ~QuicSocketControl /builds/worker/checkouts/gecko/netwerk/protocol/http/QuicSocketControl.h:54:32
#8 0x7fffe3141a19 in mozilla::net::QuicSocketControl::~QuicSocketControl() /builds/worker/checkouts/gecko/netwerk/protocol/http/QuicSocketControl.h:54:32
#9 0x7fffe8d6cea8 in CommonSocketControl::Release() /builds/worker/checkouts/gecko/security/manager/ssl/CommonSocketControl.cpp:28:1
#10 0x7fffe31418d4 in mozilla::net::QuicSocketControl::Release() /builds/worker/checkouts/gecko/netwerk/protocol/http/QuicSocketControl.h:30:3
#11 0x7fffe8daa704 in ~SSLServerCertVerificationResult /builds/worker/checkouts/gecko/security/manager/ssl/SSLServerCertVerification.h:84:46
#12 0x7fffe8daa704 in non-virtual thunk to mozilla::psm::SSLServerCertVerificationResult::~SSLServerCertVerificationResult() /builds/worker/checkouts/gecko/security/manager/ssl/SSLServerCertVerification.h
#13 0x7fffe29d83f0 in mozilla::Runnable::Release() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:66:1
#14 0x7fffe8daa0e7 in Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:49:40
#15 0x7fffe8daa0e7 in Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:409:36
#16 0x7fffe8daa0e7 in ~RefPtr /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:80:7
#17 0x7fffe8daa0e7 in mozilla::psm::SSLServerCertVerificationJob::~SSLServerCertVerificationJob() /builds/worker/checkouts/gecko/security/manager/ssl/SSLServerCertVerification.h:99:7
#18 0x7fffe8daa27d in mozilla::psm::SSLServerCertVerificationJob::~SSLServerCertVerificationJob() /builds/worker/checkouts/gecko/security/manager/ssl/SSLServerCertVerification.h:99:7
#19 0x7fffe29d83f0 in mozilla::Runnable::Release() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:66:1
#20 0x7fffe29efb1d in Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:49:40
#21 0x7fffe29efb1d in assign_assuming_AddRef /builds/worker/workspace/obj-build/dist/include/nsCOMPtr.h:322:7
#22 0x7fffe29efb1d in operator= /builds/worker/workspace/obj-build/dist/include/nsCOMPtr.h:597:5
#23 0x7fffe29efb1d in nsThreadPool::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadPool.cpp:458:13
#24 0x7fffe29e6b7a in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1153:16
#25 0x7fffe29ecfdf in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10
#26 0x7fffe354e968 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:299:20
#27 0x7fffe34a3891 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3
#28 0x7fffe34a3891 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3
#29 0x7fffe29e2497 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:366:10
#30 0x7ffff71f79df in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:191:3
#31 0x7ffff7abcac2 in start_thread nptl/pthread_create.c:442:8
#32 0x7ffff7b4e84f misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Comment 1•9 months ago
|
||
Looks like a variation of bug 1915008, which was fixed last year.
Updated•9 months ago
|
| Assignee | ||
Updated•9 months ago
|
| Assignee | ||
Comment 2•9 months ago
|
||
| Assignee | ||
Comment 3•9 months ago
|
||
If the result task runs to completion before the verification job finishes, the verification job will still have a reference to the result task, which will still have a reference to the socket control. Thus, the last reference to the socket control is released on a verification thread. This patch should address this by having the result task release its reference to the socket control when it is done running (on the socket thread).
Comment 5•8 months ago
|
||
Updated•8 months ago
|
Comment 6•8 months ago
|
||
The patch landed in nightly and beta is affected.
:keeler, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox137towontfix.
For more information, please visit BugBot documentation.
| Assignee | ||
Comment 7•8 months ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D240234
Updated•8 months ago
|
Comment 8•8 months ago
|
||
beta Uplift Approval Request
- User impact if declined: potential crashes
- Code covered by automated testing: yes
- Fix verified in Nightly: no
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: n/a
- Risk associated with taking this patch: low
- Explanation of risk level: this is a very simple, straightforward patch that should be safe
- String changes made/needed: none
- Is Android affected?: yes
| Assignee | ||
Updated•8 months ago
|
Comment 9•8 months ago
|
||
Dana, ESR128 is also affected, could you request uplift on this branch as well? Thanks
| Assignee | ||
Comment 10•8 months ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D240234
Updated•8 months ago
|
Comment 11•8 months ago
|
||
esr128 Uplift Approval Request
- User impact if declined: potential crashes
- Code covered by automated testing: yes
- Fix verified in Nightly: no
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: n/a
- Risk associated with taking this patch: low
- Explanation of risk level: this is a very small patch that should be safe
- String changes made/needed: none
- Is Android affected?: yes
| Assignee | ||
Updated•8 months ago
|
Updated•8 months ago
|
Updated•8 months ago
|
Comment 12•8 months ago
|
||
| uplift | ||
Updated•8 months ago
|
Comment 13•8 months ago
|
||
| uplift | ||
Updated•8 months ago
|
Updated•8 months ago
|
Updated•8 months ago
|
Updated•8 months ago
|
Updated•2 months ago
|
Description
•