Crash in [@ __syscall_cancel_arch]
Categories
(Core :: XPCOM, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox140 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: crash, Whiteboard: [tbird crash])
Crash Data
Attachments
(1 file)
|
75.79 KB,
image/png
|
Details |
A Screenshot Of KDE Plasma 6's Hang Handler
Crash report: https://crash-stats.mozilla.org/report/index/84928c8e-96ca-4a83-9c36-a41660250511
Reason: SIGABRT
Top 10 frames of crashing thread:
0 libc.so.6 __syscall_cancel_arch sysdeps/unix/sysv/linux/x86_64/syscall_cancel.S:56
1 libc.so.6 __internal_syscall_cancel nptl/nptl/cancellation.c:49
2 libc.so.6 __futex_abstimed_wait_common64 nptl/nptl/futex-internal.c:57
2 libc.so.6 __futex_abstimed_wait_common nptl/nptl/futex-internal.c:87
3 libc.so.6 __pthread_cond_wait_common nptl/nptl/pthread_cond_wait.c:426
3 libc.so.6 pthread_cond_wait@@GLIBC_2.3.2 nptl/nptl/pthread_cond_wait.c:458
4 firefox-bin mozilla::detail::ConditionVariableImpl::wait mozglue/misc/ConditionVariable_posix.cpp:106
4 firefox-bin mozilla::detail::ConditionVariableImpl::wait_for mozglue/misc/ConditionVariable_posix.cpp:113
5 libxul.so mozilla::OffTheBooksCondVar::Wait xpcom/threads/CondVar.h:65
5 libxul.so mozilla::Monitor::Wait xpcom/threads/Monitor.h:39
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2025-03-06
- Process type: Multiple distinct types
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 1 out of 18 crashes happened on null or near null memory address
|
Reporter | |
Comment 1•6 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::XPCOM' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 2•6 months ago
|
||
I think this is more of a new crash signature variation for ConditionVariableImpl::wait than a new crash.
|
||
Comment 3•6 months ago
|
||
Indeed, it's probably worth ignoring that frame.
|
||
Updated•5 months ago
|
|
||
Comment 4•4 months ago
|
||
bugzilla.redhat.com/show_bug.cgi?id=2375067#c14 is an example of when I have encountered this, per #bugzilla.
|
|
||
Comment 5•3 months ago
|
||
I dug a bit through this crashes and there's something I don't understand: it seems that we're waiting on a condition variable w/ a timeout, the timeout expired and we're now trying to cancel the wait, and this operation triggers a SIGABRT at the point where we invoke the syscall, which is bizarre. Anyway the code around the crashing point looks like this.
|
||
Comment 6•3 months ago
|
||
A thing about crashes sent with kill or similar on Linux is that the si_addr field is not used, but si_pid and si_uid occupy the same space, so the crash report includes the pid of the process that sent the signal as part of the “address”. It also includes, in the raw minidump, the thread IDs for every thread in the process. In this case, the SIGABRT was sent by a different process owned by the same user. I think it might be some kind of external hang monitor that's part of the desktop environment, force-killing Firefox because it got stuck.
Looking at the stack for bp-84928c8e-96ca-4a83-9c36-a41660250511, we got an input event (the end of a touchpad drag maybe?), we're trying to delete a popup window, which sends a sync IPC message to the compositor, which is also in the parent process, so, considering the Compositor thread… I think this could be a deadlock in APZC? Other crashes under this signature might have different causes.
|
|
||
Comment 7•3 months ago
|
||
Thanks Jed, this is very useful! So the 3e8 address that keeps coming up is really uid 1000 which makes a lot of sense. The comments are all over the place (there's probably 3 or 4 underlying causes) but these must all be crashes triggered by Firefox hanging and being killed by whatever hang-detection service the desktop environment has.
|
|
||
Comment 8•3 months ago
|
||
Not any desktop environment either. It seems that >90% of these crashes are from users with KDE Plasma on Wayland.
|
||
Comment 9•3 months ago
|
||
I'll chime in here to corroborate that KDE Plasma does indeed have its own hang monitor and crash reporter.
|
|
||
Comment 10•2 months ago
|
||
The crash reporter (drkonqi) is solely utilised for applications distributed by KDE. Though, the OS may hook into it with a myriad of tools (like systemd's coredumpctl, alongside abrt, which consumes its cores, but also monitors crashes for data which it collects, all of which may be invoked alongside drkonqi).
Considering that I most recently encountered this in discuss.kde.org/t/39560/5, which appeared to be an organic example of [Q]DBus being overwhelmed, despite it also occurring in the very different ticket which #c4 cites, I agree that this may generally be a red-herring. However, it definitely occurs in more than hung states.
Description
•