Closed Bug 523260 Opened 16 years ago Closed 4 years ago

Crash [@ nsDocShell::EnsureContentViewer ]

Categories

(Core :: DOM: Navigation, defect, P3)

Product:
Core
Component:
DOM: Navigation
Version:
1.9.1 Branch
Platform:
x86
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox88 --- affected

People

(Reporter: cbook, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [crashkill])

Crash Data

Whiteboard: [crashkill]
Those aren't happy-looking stacks, for the most part....
I don't know what's going on with that stack, and without seeing a minidump it'd be tough to say. Maybe we have some minidumps for this from the 24 hours we collected a while ago?
historically this signature has been a sign that someone attacked us. bugzilla will tell who. fwiw, ShouldLoad is an extension point, and basically means "there's probably someone there talking to us". We should of course ensure that ShouldLoad is allowed to call arbitrary code which can reenter gecko for all times that ShouldLoad does indeed call arbitrary code, but beyond that, time to fish for third party culprits. What i wouldn't give for "smart analysis". having to click through each stack in a list sucks. so, there are 4 stacks i can see using http://konigsberg.mozilla.org/crash-stats.html and a quick sampling [2009-11-05 02:16 to 2009-11-04 07:41]. I think that these should probably be split by the signatures i've listed and whether they're 0x0 or not 0x0 crashes. rough numbers: 34 / ~58 Signature nsDocShell::EnsureContentViewer % nsDataDocumentContentPolicy::ShouldLoad UUID dd32cb70-dd7d-4438-ad31-51d402091105 Time 2009-11-05 02:16:15.390043 Uptime 0 Last Crash 4 seconds before submission Product Firefox Version 3.5.3 Build ID 20090824101458 Branch 1.9.1 OS Windows NT OS Version 6.0.6001 Service Pack 1 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 13 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll nsDocShell::EnsureContentViewer docshell/base/nsDocShell.cpp:5453 1 xul.dll nsDocShell::GetInterface docshell/base/nsDocShell.cpp:470 2 xul.dll xul.dll@0x8a186f 3 @0xd23e97 4 xul.dll nsDataDocumentContentPolicy::ShouldLoad content/base/src/nsDataDocumentContentPolicy.cpp:71 5 xul.dll nsContentPolicy::CheckPolicy content/base/src/nsContentPolicy.cpp:157 Here's one with a complete stack (but note that it isn't an 0x0 crasher) Signature nsDocShell::EnsureContentViewer() UUID dea7d856-fbf4-4fff-88b7-cf7242091104 Time 2009-11-04 10:07:25.422771 Uptime 8 Last Crash 7976156 seconds before submission Product Firefox Version 3.5.3 Build ID 20090824085414 Branch 1.9.1 OS Mac OS X OS Version 10.5.8 9L31a CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 6 Crash Reason EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE Crash Address 0x161183f Crashing Thread Frame Module Signature [Expand] Source 0 XUL nsDocShell::EnsureContentViewer docshell/base/nsDocShell.cpp:5453 1 XUL nsDocShell::GetInterface docshell/base/nsDocShell.cpp:469 2 XUL nsGetInterface::operator const nsIInterfaceRequestorUtils.cpp:52 3 XUL nsCOMPtr_base::assign_from_helper nsCOMPtr.cpp:150 4 XUL nsGlobalWindow::GetDocument nsCOMPtr.h:621 5 XUL nsDataDocumentContentPolicy::ShouldLoad content/base/src/nsDataDocumentContentPolicy.cpp:71 6 XUL nsContentPolicy::ShouldLoad content/base/src/nsContentPolicy.cpp:157 7 XUL nsDocShell::InternalLoad tentPolicyUtils.h:223 8 XUL nsDocShell::LoadURI docshell/base/nsDocShell.cpp:963 9 XUL nsWindowWatcher::OpenWindowJSInternal embedding/components/windowwatcher/src/nsWindowWatcher.cpp:929 10 XUL nsWindowWatcher::OpenWindow embedding/components/windowwatcher/src/nsWindowWatcher.cpp:422 11 XUL NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179 12 XUL XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2454 13 XUL XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590 14 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1386 15 libmozjs.dylib js_Interpret js/src/jsinterp.cpp:5179 16 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1394 17 XUL nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1697 18 XUL nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:569 19 XUL PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_unixish_x86.cpp:93 20 XUL PrepareAndDispatch 21 XUL nsCommandLine::EnumerateHandlers toolkit/components/commandlines/src/nsCommandLine.cpp:605 22 XUL nsCommandLine::Run toolkit/components/commandlines/src/nsCommandLine.cpp:679 23 XUL XRE_main toolkit/xre/nsAppRunner.cpp:3297 24 firefox-bin main browser/app/nsBrowserApp.cpp:156 25 firefox-bin firefox-bin@0x1541 26 firefox-bin firefox-bin@0x1468 27 @0x1 17 / 58 Signature nsDocShell::EnsureContentViewer % nsDocShell::DisplayLoadError UUID 67e82ac6-b90c-4e5a-a30d-8d9ed2091105 Time 2009-11-05 00:32:29.231481 Uptime 1 Last Crash 1 seconds before submission Product Firefox Version 3.5.3 Build ID 20090824101458 Branch 1.9.1 OS Windows NT OS Version 5.1.2600 Dodatek Service Pack 2 CPU x86 CPU Info AuthenticAMD family 15 model 104 stepping 1 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll nsDocShell::EnsureContentViewer docshell/base/nsDocShell.cpp:5453 1 xul.dll nsDocShell::GetInterface docshell/base/nsDocShell.cpp:470 2 xul.dll xul.dll@0x8a186f 3 @0x824497 4 xul.dll nsDocShell::DisplayLoadError docshell/base/nsDocShell.cpp:3398 2 / 58 Signature nsDocShell::EnsureContentViewer % NS_InvokeByIndex_P UUID 6b78dae3-62bf-4a4a-8816-254ce2091104 Time 2009-11-04 23:08:26.26833 Uptime 244 Last Crash 254 seconds before submission Product Firefox Version 3.5.3 Build ID 20090824101458 Branch 1.9.1 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 15 model 6 stepping 5 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll nsDocShell::EnsureContentViewer docshell/base/nsDocShell.cpp:5453 1 xul.dll nsDocShell::GetDocument docshell/base/nsDocShell.cpp:3647 2 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 3 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2454 Note that the preceding crashes are all 0x0's, this next single crash is not Signature nsDocShell::EnsureContentViewer % nsWindowSH::NewResolve UUID 5737ea3d-c6d7-477e-9360-648092091104 Time 2009-11-04 11:23:56.288720 Uptime 10 Last Crash 260504 seconds before submission Product Firefox Version 3.5.3 Build ID 20090824085414 Branch 1.9.1 OS Mac OS X OS Version 10.4.11 8S165 CPU ppc CPU Info Crash Reason EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE Crash Address 0x1830a90 Crashing Thread Frame Module Signature [Expand] Source 0 XUL nsDocShell::EnsureContentViewer docshell/base/nsDocShell.cpp:5453 1 XUL nsDocShell::GetInterface docshell/base/nsDocShell.cpp:469 2 XUL nsGetInterface::operator const nsIInterfaceRequestorUtils.cpp:52 3 XUL nsCOMPtr_base::assign_from_helper nsCOMPtr.cpp:150 4 XUL nsGlobalWindow::GetDocument nsCOMPtr.h:621 5 XUL nsWindowSH::NewResolve nsPIDOMWindow.h:312 6 XUL XPC_WN_Helper_NewResolve js/src/xpconnect/src/xpcwrappednativejsops.cpp:1074 7 libmozjs.dylib js_LookupPropertyWithFlags js/src/jsobj.cpp:3851 8 libmozjs.dylib js_GetPropertyHelper js/src/jsobj.cpp:4258 9 libmozjs.dylib js_Interpret js/src/jsinterp.cpp:4546 10 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1394 11 XUL nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1697 12 XUL PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_ppc_rhapsody.cpp:182 13 XUL XUL@0xb1e7d0 14 XUL nsObserverList::NotifyObservers xpcom/ds/nsObserverList.cpp:128 15 XUL nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:181 16 XUL nsWindowWatcher::AddWindow embedding/components/windowwatcher/src/nsWindowWatcher.cpp:1189 17 XUL nsAppShellService::RegisterTopLevelWindow xpfe/appshell/src/nsAppShellService.cpp:489 18 XUL nsAppShellService::CreateTopLevelWindow xpfe/appshell/src/nsAppShellService.cpp:241 19 XUL nsAppStartup::CreateChromeWindow2 toolkit/components/startup/src/nsAppStartup.cpp:493 20 XUL nsWindowWatcher::OpenWindowJSInternal embedding/components/windowwatcher/src/nsWindowWatcher.cpp:702 21 XUL nsWindowWatcher::OpenWindow embedding/components/windowwatcher/src/nsWindowWatcher.cpp:422 22 XUL XUL@0xb1df90 23 XUL XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2454 24 XUL XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590 25 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1386 26 libmozjs.dylib js_Interpret js/src/jsinterp.cpp:5179 27 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1394 28 XUL nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1697 29 XUL PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_ppc_rhapsody.cpp:182 30 XUL XUL@0xb1e7d0 31 XUL nsCommandLine::EnumerateHandlers toolkit/components/commandlines/src/nsCommandLine.cpp:605 32 XUL nsCommandLine::Run toolkit/components/commandlines/src/nsCommandLine.cpp:679 33 XUL XRE_main toolkit/xre/nsAppRunner.cpp:3297 34 firefox-bin main browser/app/nsBrowserApp.cpp:156 35 firefox-bin firefox-bin@0x18b8 36 firefox-bin firefox-bin@0x15bc 37 @0xfffffffe last strange one from my sample (the only outlier with an 0x0 crash): Signature nsDocShell::EnsureContentViewer % nsPIDOMWindow::EnsureInnerWindow UUID 2e0fd7c7-61a1-44c2-9193-492662091104 Time 2009-11-04 08:31:31.404393 Uptime 642 Product Firefox Version 3.5.3 Build ID 20090824101458 Branch 1.9.1 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 15 model 3 stepping 4 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 User Comments Processor Notes Related Bugs Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll nsDocShell::EnsureContentViewer docshell/base/nsDocShell.cpp:5453 1 xul.dll nsDocShell::GetInterface docshell/base/nsDocShell.cpp:470 2 xul.dll xul.dll@0x8a186f 3 @0x294d497 4 xul.dll nsPIDOMWindow::EnsureInnerWindow obj-firefox/dist/include/dom/nsPIDOMWindow.h:312 5 xul.dll XPCCallContext::XPCCallContext js/src/xpconnect/src/xpccallcontext.cpp:165 6 xul.dll xul.dll@0x9bb387 7 js3250.dll JS_SetReservedSlot js/src/jsapi.cpp:4241 8 xul.dll XPCWrapper::ResolveNativeProperty js/src/xpconnect/src/XPCWrapper.cpp:563 9 xul.dll XPC_NW_NewResolve js/src/xpconnect/src/XPCNativeWrapper.cpp:748 10 js3250.dll js_LookupPropertyWithFlags js/src/jsobj.cpp:3851 11 js3250.dll js_GetPropertyHelper js/src/jsobj.cpp:4258 12 js3250.dll js_Interpret js/src/jsinterp.cpp:4451 13 js3250.dll js_Invoke js/src/jsinterp.cpp:1394 14 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447 15 js3250.dll JS_CallFunctionValue js/src/jsapi.cpp:5187 16 xul.dll nsJSContext::CallEventHandler dom/src/base/nsJSEnvironment.cpp:2035 17 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:247 18 xul.dll nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1098 19 xul.dll nsEventListenerManager::HandleEvent content/events/src/nsEventListenerManager.cpp:1206 20 xul.dll nsEventTargetChainItem::HandleEvent content/events/src/nsEventDispatcher.cpp:236 21 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:324 22 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:514 23 xul.dll nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:576 24 xul.dll nsEventListenerManager::DispatchEvent content/events/src/nsEventListenerManager.cpp:1331 25 xul.dll nsDOMEventRTTearoff::DispatchEvent content/base/src/nsGenericElement.cpp:1659 26 xul.dll nsIDOMEventTarget_DispatchEvent obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:5224 27 js3250.dll js_Interpret js/src/jsinterp.cpp:5147 28 js3250.dll js_Invoke js/src/jsinterp.cpp:1394 29 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447 30 js3250.dll js_InternalGetOrSet js/src/jsinterp.cpp:1510 31 js3250.dll js_SetSprop js/src/jsscope.h:390 32 js3250.dll js_SetPropertyHelper js/src/jsobj.cpp:4512 33 js3250.dll js_Interpret js/src/jsinterp.cpp:4789 34 js3250.dll js_Invoke js/src/jsinterp.cpp:1394 35 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447 36 js3250.dll js_InternalGetOrSet js/src/jsinterp.cpp:1510 37 js3250.dll js_SetSprop js/src/jsscope.h:390 38 js3250.dll js_SetPropertyHelper js/src/jsobj.cpp:4512 39 js3250.dll js_Interpret js/src/jsinterp.cpp:4789 40 js3250.dll js_Invoke js/src/jsinterp.cpp:1394 41 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447 42 js3250.dll js_InternalGetOrSet js/src/jsinterp.cpp:1510 43 js3250.dll js_SetSprop js/src/jsscope.h:390 44 js3250.dll js_SetPropertyHelper js/src/jsobj.cpp:4512 45 js3250.dll js_Interpret js/src/jsinterp.cpp:4789 46 js3250.dll js_Invoke js/src/jsinterp.cpp:1394 47 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447 48 js3250.dll js_InternalGetOrSet js/src/jsinterp.cpp:1510 49 js3250.dll js_SetSprop js/src/jsscope.h:390 50 js3250.dll js_SetPropertyHelper js/src/jsobj.cpp:4512 51 js3250.dll js_Interpret js/src/jsinterp.cpp:4789 52 js3250.dll js_Invoke js/src/jsinterp.cpp:1394 53 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447 54 js3250.dll js_InternalGetOrSet js/src/jsinterp.cpp:1510 55 js3250.dll js_SetSprop js/src/jsscope.h:390 56 js3250.dll js_SetPropertyHelper js/src/jsobj.cpp:4512 57 js3250.dll js_Interpret js/src/jsinterp.cpp:4789 58 js3250.dll js_Invoke js/src/jsinterp.cpp:1394 59 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447 60 js3250.dll js_InternalGetOrSet js/src/jsinterp.cpp:1510 61 js3250.dll js_SetSprop js/src/jsscope.h:390 62 js3250.dll js_SetPropertyHelper js/src/jsobj.cpp:4512 63 js3250.dll js_Interpret js/src/jsinterp.cpp:4789 64 js3250.dll js_Invoke js/src/jsinterp.cpp:1394 65 xul.dll nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1697 66 xul.dll nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:569 67 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114 68 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141 69 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 70 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2045
timeless: write a bug or point me at a bug the describes the smart analysis that you're thinking about. we have more webdev attention on improvements to crash-reporting these days. sounds like we should also get this signature split up if we know how the spliting should work, and spin off a few bugs to track the separate problems. this particular signature looks fairly invisible on trunk and 3.6b1 compared to the volume on 3.5.x. could any recent changes mitigated the crash there, or is it just a volume and reduced active user count keeping it less visible. more crashes of this on the trunk that 3.6b1 which looks a bit odd as well. here is a sample of data from 11/03 grep nsDocShell::EnsureContentViewer 20091103* | awk -F\t '{print $1,$14,$8}' | sort | uniq -c 1 nsDocShell::EnsureContentViewer() 0x0 3.0 2 nsDocShell::EnsureContentViewer() 0x0 3.0.1 1 nsDocShell::EnsureContentViewer() 0x0 3.0.10 2 nsDocShell::EnsureContentViewer() 0x0 3.0.11 1 nsDocShell::EnsureContentViewer() 0x0 3.0.13 6 nsDocShell::EnsureContentViewer() 0x0 3.0.14 105 nsDocShell::EnsureContentViewer() 0x0 3.0.15 1 nsDocShell::EnsureContentViewer() 0x0 3.0.5 1 nsDocShell::EnsureContentViewer() 0x0 3.0.8 1 nsDocShell::EnsureContentViewer() 0x0 3.0b5 2 nsDocShell::EnsureContentViewer() 0x0 3.5 2 nsDocShell::EnsureContentViewer() 0x0 3.5.1 15 nsDocShell::EnsureContentViewer() 0x0 3.5.2 107 nsDocShell::EnsureContentViewer() 0x0 3.5.3 131 nsDocShell::EnsureContentViewer() 0x0 3.5.4 1 nsDocShell::EnsureContentViewer() 0x0 3.6b1 5 nsDocShell::EnsureContentViewer() 0x0 3.7a1pre 1 nsDocShell::EnsureContentViewer() 0x12831a2 3.0.11 1 nsDocShell::EnsureContentViewer() 0x160f0bf 3.5.2 1 nsDocShell::EnsureContentViewer() 0x161183f 3.5.3 3 nsDocShell::EnsureContentViewer() 0x1620e4f 3.5.4 1 nsDocShell::EnsureContentViewer() 0x1832e60 3.5.4
bug 527304 (but roughly, smart analysis did what i did by hand in comment 3, and it was automatic and periodic)
Please renominate when we understand this one better. For now I can't really block on this :(
Flags: blocking1.9.2? → blocking1.9.2-
this one has been running at around 300-400 crashes per day for oct-nov, but seems to mostly only be affecting the big releases to this point. distribution of all versions where the nsDocShell::EnsureContentViewer crash was found on 20091118-crashdata.csv 172 Firefox 3.5.5 104 Firefox 3.0.15 30 Firefox 3.5.4 24 Firefox 3.5.3 12 Firefox 3.5.2 11 Firefox 3.7a1pre 6 Firefox 3.6b1 6 Firefox 3.5.1 5 Firefox 3.6b2 <long tail of releases snipped>
Summary: Crash [@nsDocShell::EnsureContentViewer() ] → Crash [@ nsDocShell::EnsureContentViewer() ]
My bet is that this was fixed by Smaug's fix for bug 516113. Smaug, do you agree?
I could guess so, but since c-s.m.c doesn't show full stack traces, can't be 100% sure.
I hit a similar crash today using Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b6pre) Gecko/20091229 Namoroka/3.6b6pre (.NET CLR 3.5.30729) http://crash-stats.mozilla.com/report/index/bp-24ec7f0b-5302-435e-b3e2-ca58a2091229 Here are the extensions I had installed Extensions ID Microsoft .NET Framework Assistant 1.1 true {20a82645-c095-46ed-80e3-08825760534b} RealPlayer Browser Record Plugin 1.0 true {ABDE892B-13A8-4d1b-88E6-365A6E755758} Search Helper Extension 1.0 true {27182e60-b5f3-411c-b545-b44205977502} Coral IE Tab 1.63.20091024 true ietab@ip.cn ChatZilla 0.9.86 true {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} Bing Bar 5.0 true msntoolbar@msn.com
Based on the uptime that last one looks like a different crash.
This still occurs on latest. http://crash-stats.mozilla.com/report/index/947bbed7-51f3-431a-9b51-c3e372100118. nsDocShell::CreateAboutBlankContentViewer() may not return error even if mContentView isn't set. Although mContentView will be set into nsDocShell:: Embed() / nsDocShell::SetupNewViewer(), when about:blank document cannot be created by any reason, it isn't called.
Crash Signature: [@ nsDocShell::EnsureContentViewer() ]
Very low volume on 8.0 and 9.0. Most of the crashes are on 3.6. Removing the top crash keyword.
Keywords: topcrash
Crash Signature: [@ nsDocShell::EnsureContentViewer() ] → [@ nsDocShell::EnsureContentViewer() ] [@ nsDocShell::EnsureContentViewer ]

This ancient crash signature seems to be affecting some Fission users in 77 Nightly. Let's track this bug for Fission M7 Beta to see if the crash volume increases.

Stack track from crash report bp-06cd18d3-8f59-49e6-a344-dde640200423:

Top 10 frames of crashing thread:

0 xul.dll nsDocShell::EnsureContentViewer docshell/base/nsDocShell.cpp:6290
1 xul.dll nsDocShell::CreateContentViewer docshell/base/nsDocShell.cpp:7671
2 xul.dll nsDSURIContentListener::DoContent docshell/base/nsDSURIContentListener.cpp:180
3 xul.dll nsDocumentOpenInfo::TryContentListener uriloader/base/nsURILoader.cpp:630
4 xul.dll nsDocumentOpenInfo::DispatchContent uriloader/base/nsURILoader.cpp:312
5 xul.dll nsDocumentOpenInfo::OnStartRequest uriloader/base/nsURILoader.cpp:190
6 xul.dll mozilla::net::HttpChannelChild::DoOnStartRequest netwerk/protocol/http/HttpChannelChild.cpp:719
7 xul.dll mozilla::net::HttpChannelChild::OnStartRequest netwerk/protocol/http/HttpChannelChild.cpp:565
8 xul.dll std::_Func_impl_no_alloc<`lambda at /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:411:7', void>::_Do_call 
9 xul.dll mozilla::net::ChannelEventQueue::RunOrEnqueue netwerk/ipc/ChannelEventQueue.h:260
Fission Milestone: --- → M7
Component: General → DOM: Navigation
OS: Windows XP → Windows 10
Priority: -- → P3
Summary: Crash [@ nsDocShell::EnsureContentViewer() ] → Crash [@ nsDocShell::EnsureContentViewer ]

I can reproduce this crash at will by watching a YouTube video in a window while opening another tab with embedded YouTube videos.

E.g. I am watching this: https://www.youtube.com/watch?v=SiYuTP5ac8Y and I opened up http://www.simplehtmlguide.com/livedemo.php?e=youtube2

Don't think this is a Fission-specific issue. The report from yesterday https://crash-stats.mozilla.org/report/index/a597421e-5a15-46a0-a3c3-d9fbc0201019 doesn't have Fission-enabled.

Fission Milestone: M7 → ---

This is an ancient bug, but 96% of all nsDocShell::EnsureContentViewer crash reports over the last six months have Fission enabled. We expect Fission to cause more OOMs, but this is a lot.

Fission Milestone: --- → ?

Assigning to kmag because he said he would investigate this crash (probably just adding a null check).

We'll want to uplift this fix to 88 Beta.

Assignee: nobody → kmaglione+bmo
Fission Milestone: ? → M7a
status-firefox88: --- → affected

I misread the stacks in the crash reports the first time, so I got the cause wrong. The line in the second frame calls nsDocShell::CreateContentViewer while the crashing frame is in nsDocShell::EnsureContentViewer. A null mDocShell in the second frame would have caused a different crash. So I'm not sure what's actually going on here.

Regardless, the vast, vast majority of these crashes are from a single installation, so it probably isn't affecting many people, and may just be caused by corruption of some sort. So I'm not going to spend any more time on it right now.

Assignee: kmaglione+bmo → nobody

(In reply to Kris Maglione [:kmag] from comment #20)

Regardless, the vast, vast majority of these crashes are from a single installation, so it probably isn't affecting many people, and may just be caused by corruption of some sort. So I'm not going to spend any more time on it right now.

Clearing Fission Milestone. This bug doesn't need to block Fission if only one installation is hitting this crash.

Fission Milestone: M7a → ---

And the one installation seems to have dom.cross_origin_iframes_loaded_in_background enabled, and that is not supported with Fission.

QA Whiteboard: qa-not-actionable

Moving the Fission crash to bug 1722991.

Crash Signature: [@ nsDocShell::EnsureContentViewer() ] [@ nsDocShell::EnsureContentViewer ] → [@ nsDocShell::EnsureContentViewer() ]
See Also: → 1722991

The last comment in this bug not related to Fission was from a decade ago, so let's just close this.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.