Closed Bug 978892 Opened 11 years ago Closed 11 years ago

[e10s] Lightbeam addon crashes tabs during e10s session restore with ContentChild::ProcessingError() abort

Categories

(Core :: IPC, defect)

Product:
Core
Component:
IPC
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla32
Tracking Flags:
Tracking Status
e10s + ---
firefox31 --- affected
firefox32 --- fixed
firefox34 --- verified

People

(Reporter: cpeterson, Assigned: billm)

References

(
URL
)

Details

(Whiteboard: crash)

Attachments

(1 file)

cpow-creation
3.42 KB, patch
mrbkap
: review+
Details | Diff | Splinter Review
STR: 1. Install Mozilla's Lightbeam addon: https://addons.mozilla.org/en-US/firefox/addon/lightbeam 2. Set browser.tabs.remote.autostart pref to true. 3. Restart Firefox. RESULT: CRASH! bp-b692f0fc-bef4-4f78-bacc-619de2140303 bp-c849ddf2-38b5-4db8-9613-f579c2140303 Frame Module Signature Source 0 libmozalloc.dylib mozalloc_abort(char const*) memory/mozalloc/mozalloc_abort.cpp 1 XUL Abort xpcom/base/nsDebugImpl.cpp 2 XUL NS_DebugBreak xpcom/base/nsDebugImpl.cpp 3 XUL mozilla::dom::ContentChild::ProcessingError(mozilla::ipc::HasResultCodes::Result) dom/ipc/ContentChild.cpp 4 XUL mozilla::ipc::MessageChannel::DispatchUrgentMessage(IPC::Message const&) ipc/glue/MessageChannel.cpp 5 XUL mozilla::ipc::MessageChannel::ProcessPendingUrgentRequest() ipc/glue/MessageChannel.cpp 6 XUL mozilla::ipc::MessageChannel::SendAndWait(IPC::Message*, IPC::Message*) ipc/glue/MessageChannel.cpp 7 XUL mozilla::ipc::MessageChannel::Send(IPC::Message*, IPC::Message*) ipc/glue/MessageChannel.cpp 8 XUL mozilla::dom::PBrowserChild::SendSyncMessage(nsString const&, mozilla::dom::ClonedMessageData const&, nsTArray<mozilla::jsipc::CpowEntry> const&, IPC::Principal const&, nsTArray<nsString>*) obj-firefox/x86_64/ipc/ipdl/PBrowserChild.cpp 9 XUL mozilla::dom::TabChild::DoSendBlockingMessage(JSContext*, nsAString_internal const&, mozilla::dom::StructuredCloneData const&, JS::Handle<JSObject*>, nsIPrincipal*, nsTArray<nsString>*, bool) dom/ipc/TabChild.cpp 10 XUL _ZThn224_N7mozilla3dom8TabChild21DoSendBlockingMessageEP9JSContextRK18nsAString_internalRKNS0_19StructuredCloneDataEN2JS6HandleIP8JSObjectEEP12nsIPrincipalP8nsTArrayI8nsStringEb obj-firefox/x86_64/dom/ipc/Unified_cpp_dom_ipc0.cpp 11 XUL nsFrameMessageManager::SendMessage(nsAString_internal const&, JS::Handle<JS::Value>, JS::Handle<JS::Value>, nsIPrincipal*, JSContext*, unsigned char, JS::MutableHandle<JS::Value>, bool) content/base/src/nsFrameMessageManager.cpp 12 XUL nsFrameMessageManager::SendSyncMessage(nsAString_internal const&, JS::Handle<JS::Value>, JS::Handle<JS::Value>, nsIPrincipal*, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) content/base/src/nsFrameMessageManager.cpp 13 XUL NS_InvokeByIndex xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp 14 XUL XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp 15 XUL XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) js/xpconnect/src/XPCWrappedNativeJSOps.cpp 16 XUL js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/jscntxtinlines.h 17 XUL Interpret js/src/vm/Interpreter.cpp 18 XUL js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 19 XUL js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 20 XUL js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp 21 XUL JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) js/src/jsapi.cpp 22 XUL nsFrameMessageManager::ReceiveMessage(nsISupports*, nsAString_internal const&, bool, mozilla::dom::StructuredCloneData const*, CpowHolder*, nsIPrincipal*, nsTArray<nsString>*) content/base/src/nsFrameMessageManager.cpp 23 XUL mozilla::dom::TabChild::RecvAsyncMessage(nsString const&, mozilla::dom::ClonedMessageData const&, nsTArray<mozilla::jsipc::CpowEntry> const&, IPC::Principal const&) dom/ipc/TabChild.cpp 24 XUL mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) obj-firefox/x86_64/ipc/ipdl/PBrowserChild.cpp 25 XUL mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) obj-firefox/x86_64/ipc/ipdl/PContentChild.cpp 26 XUL mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) ipc/glue/MessageChannel.cpp 27 XUL mozilla::ipc::MessageChannel::OnMaybeDequeueOne() ipc/glue/MessageChannel.cpp 28 XUL MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) ipc/chromium/src/base/message_loop.cc 29 XUL MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc 30 XUL mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 31 XUL MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 32 XUL XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp 33 XUL MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 34 XUL XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp 35 plugin-container main ipc/app/MozillaRuntimeMain.cpp 36 plugin-container start
See Also: → 978417
Assignee: nobody → evilpies
Blocks: e10s-it2
Status: NEW → ASSIGNED
I can't reproduce this. Lightbeam doesn't seem to gather any data, but it also doesn't crash.
tracking-e10s: --- → +
Attached patch cpow-creationSplinter Review
I was able to reproduce this. The problem is that both the parent and the child are trying to create PJavaScript instances at the same time. They both end up succeeding, so we have two PJavaScript instances in each process. We only expect to have one, and we end up very confused later on when there are more than one. I think the easiest way to fix this is to require that the child always creates the PJavaScript instance. The parent really has no use for one until the child has tried to send up a CPOW. Right now, the parent needlessly tries to ensure the existence of a PJavaScript instance whenever it sends a message. By returning null here, we're saying that the parent should never be the first to send a CPOW. Currently we never send CPOWs from the parent though. If we change that, we'll have to fix this in some other way.
Assignee: evilpies → wmccloskey
Attachment #8411421 - Flags: review?(mrbkap)
Attachment #8411421 - Flags: review?(mrbkap) → review+
I was seeing this with Lightbeam, in addtion I was getting the tab crash notification looking the crash ids up lead to bug 961343.
https://hg.mozilla.org/mozilla-central/rev/f5421fcfb39c
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 32
Component: Session Restore → IPC
Product: Firefox → Core
Target Milestone: Firefox 32 → ---
Target Milestone: --- → mozilla32
Blocks: 1053007
I verified that Lightbeam does not crash Nightly 34, but I filed bug 1053007 because the Lightbeam UI's buttons do not work.
Status: RESOLVED → VERIFIED
status-firefox31: --- → affected
status-firefox32: --- → fixed
status-firefox34: --- → verified
Keywords: verifyme
See Also: → 1212248
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: