Closed
Bug 1580194
Opened 5 years ago
Closed 4 years ago
[Fission] Crash in [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
Categories
(Core :: DOM: Navigation, defect, P2)
Tracking
()
People
(Reporter: vlucaci, Assigned: farre)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
675.34 KB,
image/gif
|
Details |
crash with fission on.gif
This bug is for crash report bp-671f9811-6deb-42f2-b9d2-45f040190910.
Top 10 frames of crashing thread:
0 XUL PLDHashTable::Search const xpcom/ds/PLDHashTable.cpp:511
1 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7729
2 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7739
3 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7739
4 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7739
5 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7739
6 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7739
7 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7739
8 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7739
9 XUL nsGlobalWindowOuter::TabGroupOuter dom/base/nsGlobalWindowOuter.cpp:7739
Affected versions
- 71.0a1 (2019-09-09)
Affected platforms
- macOS 10.14.6
Steps to reproduce
- Launch FF.
- Go to about:config.
- Search for fission.autostart and toggle it to True.
- Go to the following link https://tinyurl.com/y6h7yrzp.
- Once the page has loaded, right click the opened image and select View.
Expected result
- The image is opened and the tab does not crash.
Actual result
- When selecting the View Image from the context menu, the tab crashes.
Regression range
- Not a regression.
Additional notes
- This crash occurs only once per profile per session. Once it is occurred, following the same steps will not render another crash.
|
Reporter | |
Updated•5 years ago
|
Summary: Crash in [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter] → [Fission] Crash in [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
|
||
Comment 1•5 years ago
|
||
Looks related to bug 1580191 and may also be fixed by removal of TabGroups (bug 1561715).
Fission Milestone: --- → M5
Priority: -- → P2
|
||
Comment 2•5 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
Keywords: regression
|
||
Updated•5 years ago
|
|
||
Comment 7•5 years ago
|
||
Note: This is an infinite recursion bug, so the top frame of the crash depends on exactly where we are when we run out of stack space, but it's exactly the same bug regardless. Any crash with a bunch of recursive nsGlobalWindowOuter::TabGroupOuter calls near the top of the stack should be duped to this bug.
|
|
||
Updated•5 years ago
|
Crash Signature: [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter] → [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
[@ mozilla::dom::BrowsingContext::Get]
[@ nsDocShell::QueryInterface]
|
|
||
Updated•5 years ago
|
Crash Signature: [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
[@ mozilla::dom::BrowsingContext::Get]
[@ nsDocShell::QueryInterface] → [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
[@ mozilla::dom::BrowsingContext::Get]
[@ nsDocShell::QueryInterface]
[@ PLDHashTable::Search | <name omitted> | mozilla::dom::BrowsingContext::GetOpener]
|
|
||
Updated•5 years ago
|
Crash Signature: [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
[@ mozilla::dom::BrowsingContext::Get]
[@ nsDocShell::QueryInterface]
[@ PLDHashTable::Search | <name omitted> | mozilla::dom::BrowsingContext::GetOpener] → [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
[@ mozilla::dom::BrowsingContext::Get]
[@ nsDocShell::QueryInterface]
[@ PLDHashTable::Search | <name omitted> | mozilla::dom::BrowsingContext::GetOpener]
[@ PLDHashTable::Search | mozilla::dom…
|
|
||
Updated•5 years ago
|
Crash Signature: mozilla::dom::BrowsingContext::GetOpener] → mozilla::dom::BrowsingContext::GetOpener]
[@ PLDHashTable::Search | mozilla::dom::BrowsingContext::Get]
|
||
Updated•5 years ago
|
Crash Signature: [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
[@ mozilla::dom::BrowsingContext::Get]
[@ nsDocShell::QueryInterface]
[@ PLDHashTable::Search | <name omitted> | mozilla::dom::BrowsingContext::GetOpener]
[@ PLDHashTable::Search | mozilla::dom… → [@ PLDHashTable::Search | nsGlobalWindowOuter::TabGroupOuter]
[@ mozilla::dom::BrowsingContext::Get]
[@ nsDocShell::QueryInterface]
[@ PLDHashTable::Search | <name omitted> | mozilla::dom::BrowsingContext::GetOpener]
[@ PLDHashTable::Search | mozilla:…
|
|
||
Updated•4 years ago
|
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
|
|
||
Updated•4 years ago
|
Crash Signature: mozilla::dom::BrowsingContext::GetOpener]
[@ PLDHashTable::Search | mozilla::dom::BrowsingContext::Get]
[@ <name omitted> | <name omitted> | mozilla::dom::BrowsingContext::GetOpener ] → mozilla::dom::BrowsingContext::GetOpener]
[@ PLDHashTable::Search | mozilla::dom::BrowsingContext::Get]
[@ <name omitted> | <name omitted> | mozilla::dom::BrowsingContext::GetOpener ]
[@ nsDocShell::GetSameTypeParentIgnoreBrowserBoundaries]
|
||
Updated•4 years ago
|
Assignee: nobody → afarre
Crash Signature: mozilla::dom::BrowsingContext::GetOpener]
[@ PLDHashTable::Search | mozilla::dom::BrowsingContext::Get]
[@ <name omitted> | <name omitted> | mozilla::dom::BrowsingContext::GetOpener ]
[@ nsDocShell::GetSameTypeParentIgnoreBrowserBoundaries] → mozilla::dom::BrowsingContext::GetOpener]
[@ PLDHashTable::Search | mozilla::dom::BrowsingContext::Get]
[@ <name omitted> | <name omitted> | mozilla::dom::BrowsingContext::GetOpener ]
[@ nsDocShell::GetSameTypeParentIgnoreBrowserBoundaries]
status-firefox72:
--- → disabled
status-firefox73:
--- → fixed
status-firefox-esr68:
--- → unaffected
Target Milestone: --- → mozilla73
|
|
||
Comment 9•4 years ago
|
||
Bug 1561715 has not actually been fixed yet.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
||
Updated•4 years ago
|
Target Milestone: mozilla73 → ---
|
||
Comment 11•4 years ago
|
||
This crash also happened with windows 10, just checked my recent crash history and found one.
|
||
Comment 12•4 years ago
|
||
Reproduced this crash on Firefox 74.0a1 while trying to access this website on Windows 10 64bit.
status-firefox74:
--- → affected
OS: macOS → All
|
||
Comment 13•4 years ago
|
||
QA says they hit this crash when testing Office365 with Fission.
|
|
||
Comment 14•4 years ago
|
||
- bp-eb145a1c-e57d-44cc-b7bb-c26d10200215: Googled Malta and got a tab crash after clicking on the Wikipedia result.
- bp-7b19b91a-f555-4d97-aa83-983d90200215: STR from bug 1605337 is still reproducible.
|
||
Updated•4 years ago
|
status-firefox75:
--- → affected
|
|
||
Updated•4 years ago
|
|
Assignee | |
Comment 15•4 years ago
|
||
Hopefully this will be fixed by bug 1620594.
|
|
Assignee | |
Comment 17•4 years ago
|
||
With Bug 1620594 fixed, this should also not happen any more, since nsGlobalWindowOuter::TabGroupOuter has disappeared.
Status: REOPENED → RESOLVED
Closed: 4 years ago → 4 years ago
Resolution: --- → FIXED
|
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
Flags: qe-verify+
You need to log in
before you can comment on or make changes to this bug.
Description
•