Closed
Bug 1233723
Opened 10 years ago
Closed 9 years ago
crash in mozalloc_abort | NS_DebugBreak | mozilla::dom::PBrowser::Transition
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1269036
People
(Reporter: khalid32, Unassigned)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-ae20a091-0701-4ecf-8eb6-697382151218.
=============================================================
Top frames:
0 firefox mozalloc_abort(char const*) memory/mozalloc/mozalloc_abort.cpp
1 libxul.so NS_DebugBreak xpcom/base/nsDebugImpl.cpp
2 libxul.so mozilla::dom::PBrowser::Transition(mozilla::dom::PBrowser::State, mozilla::ipc::Trigger, mozilla::dom::PBrowser::State*) obj-firefox/ipc/ipdl/PBrowser.cpp
3 libxul.so mozilla::dom::PBrowserParent::SendDestroy() obj-firefox/ipc/ipdl/PBrowserParent.cpp
4 libxul.so mozilla::dom::TabParent::DestroyInternal() dom/ipc/TabParent.cpp
5 libxul.so mozilla::dom::TabParent::Destroy() dom/ipc/TabParent.cpp
6 libxul.so nsFrameLoader::DestroyComplete() dom/base/nsFrameLoader.cpp
7 libxul.so mozilla::dom::TabParent::ActorDestroy(mozilla::ipc::IProtocolManager<mozilla::ipc::IProtocol>::ActorDestroyReason) dom/ipc/TabParent.cpp
[...]
|
||
Comment 1•9 years ago
|
||
Investigating.
The call flow should looks like this:
nsFrameLoader::StartDestroy()
nsFrameLoader::DestroyDocShell()
TabParent::Destroy()
TabParent::DestroyInternal()
TabParent::SendDestroy()
TabParent::mIsDestroyed = true
PBrowserParent::OnMessageReceived (should be __delete__)
TabParent::Recv__delete__()
TabParent::ActorDestroy()
nsFrameLoader::DestroyComplete()
TabParent::Destroy()
TabParent::DestroyInternal() <-- should not run if mIsDestroyed == true
TabParent::SendDestroy()
abort() because mState == _Dead
Not sure why we could reach TabParent::SendDestroy when mIsDestroyed is true. We should never receive __delete__ when mIsDestroyed is false.
Assignee: nobody → kchen
|
||
Comment 2•9 years ago
|
||
Maybe this is abnormal shutdown. ContentChild could also call PBrowserChild::Send__delete__(). If this happens then TabParent could call DestroyInternal() indirectly from ActorDestroy() without prior Destroy().
|
|
||
Comment 3•9 years ago
|
||
(In reply to Cervantes Yu [:cyu] [:cervantes] from comment #2)
> Maybe this is abnormal shutdown. ContentChild could also call
> PBrowserChild::Send__delete__(). If this happens then TabParent could call
> DestroyInternal() indirectly from ActorDestroy() without prior Destroy().
Oh, I didn't see that. So if for some reason we run into
https://dxr.mozilla.org/mozilla-central/rev/a4929411c0aa3ec6b727e2bc2fc050c8199c6573/dom/ipc/ContentChild.cpp#905 then we have a problem.
|
|
||
Updated•9 years ago
|
tracking-e10s:
--- → ?
|
|
||
Updated•9 years ago
|
Blocks: e10s-crashes
|
||
Updated•9 years ago
|
Priority: -- → P1
|
|
||
Comment 4•9 years ago
|
||
No longer shows up under the new experiment data. Untracking.
|
||
Comment 6•9 years ago
|
||
:Kan-Ru, what URL are you using to see the latest experiment data? Thank you.
Flags: needinfo?(kchen)
|
|
||
Comment 7•9 years ago
|
||
(In reply to Erin Lancaster [:elan] from comment #6)
> :Kan-Ru, what URL are you using to see the latest experiment data? Thank you.
I'm using http://www.unbiased.name/ff/e10scrashes/ec.html?ex=5&common=process_type%3Dbrowser%26process_type%3Dcontent%26ActiveExperiment%3D%253De10s-beta46-noapz%2540experiments.mozilla.org%26date%3D%3E%253D2016-03-11%26date%3D%3C2016-03-25&p1=ActiveExperimentBranch%3D%253Dcontrol-no-addons&p2=ActiveExperimentBranch%3D%253Dexperiment-no-addons&ratio=0.935
It looks like it's getting higher.
Flags: needinfo?(kchen)
|
|
||
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•