Crashes [@ XPCCycleGCCallback] due to stack overflow

RESOLVED DUPLICATE of bug 383651

Status

()

Core
XPConnect
--
critical
RESOLVED DUPLICATE of bug 383651
11 years ago
6 years ago

People

(Reporter: smaug, Unassigned)

Tracking

({crash, topcrash})

unspecified
crash, topcrash
Points:
---
Dependency tree / graph
Bug Flags:
blocking1.9 +

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(2 obsolete attachments)

According to TB this is a topcrasher
XPCCycleGCCallback  [mozilla/js/src/xpconnect/src/nsxpconnect.cpp, line 520]
JS_GC  [mozilla/js/src/jsapi.c, line 2379]
nsCycleCollector::Collect  [mozilla/xpcom/base/nscyclecollector.cpp, line 1936]
nsCycleCollector_collect  [mozilla/xpcom/base/nscyclecollector.cpp, line 2198]
nsDocShell::Destroy  [mozilla/docshell/base/nsdocshell.cpp, line 3514]
nsFrameLoader::Destroy  [mozilla/content/base/src/nsframeloader.cpp, line 285]
nsGenericHTMLFrameElement::UnbindFromTree  [mozilla/content/html/content/src/nsgenerichtmlelement.cpp, line 3059]
nsGenericElement::UnbindFromTree  [mozilla/content/base/src/nsgenericelement.cpp, line 1860]
nsHTMLBodyElement::UnbindFromTree  [mozilla/content/html/content/src/nshtmlbodyelement.cpp, line 479]
nsDocument::Destroy  [mozilla/content/base/src/nsdocument.cpp, line 5484]
DocumentViewerImpl::Destroy  [mozilla/layout/base/nsdocumentviewer.cpp, line 1579]

(I thought I had filed this bug already but could find it in bugzilla)
er, couldn't find ...
Blocks: 333078

Updated

11 years ago
Severity: normal → critical

Comment 2

11 years ago
From MXR: (nsxpconnect.cpp)

 526     if(status == JSGC_MARK_END)
 527         nsXPConnect::GetXPConnect()->GetJSObjectRefcounts()->MarkEnd();

There are many cases where GetXPConnect() returns nsnull. The question is what do we return when we get nsnull?

Smaug (or anyone else): how can I easily reproduce this?

Comment 3

11 years ago
Created attachment 265467 [details] [diff] [review]
Possible patch

Can anyone please confirm if this solves the problem? I don't know what would happen afterwards if the MarkEnd didn't happen, but it has to be better than a crash.

Comment 4

11 years ago
Created attachment 265498 [details] [diff] [review]
Possible patch 2nd try

Actually, try this one.
Attachment #265467 - Attachment is obsolete: true

Comment 5

11 years ago
Just from talkback, all of the crash logs say the Trigger Reason is Stack Overflow.

Updated

11 years ago
Keywords: crash
Summary: Crashes [@ XPCCycleGCCallback] → Crashes [@ XPCCycleGCCallback] due to stack overflow

Updated

11 years ago
Attachment #265498 - Attachment is obsolete: true

Updated

11 years ago
Flags: blocking1.9?

Comment 6

11 years ago
According to Igor, bug 379718 should fix this, but it needs to be on the radar.
Component: XPCOM → XPConnect
Depends on: 379718
Flags: blocking1.9? → blocking1.9+
QA Contact: xpcom → xpconnect

Comment 7

11 years ago
ak.miller@auckland.ac.nz: is this bug 383651?

Comment 8

11 years ago
(In reply to comment #7)
> ak.miller@auckland.ac.nz: is this bug 383651?
> 

Many of the comments say it happened at shutdown, and the top of the stack would be consistent with that explanation. We need more stack frames to know for sure, however.
I don't see XPCCycleGCCallback in stacks in a8 or a9pre on crash-stats.mozilla.com. Should we just dupe this to bug 383651 now?

Comment 10

10 years ago
Sure
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 383651
(Assignee)

Updated

6 years ago
Crash Signature: [@ XPCCycleGCCallback]
You need to log in before you can comment on or make changes to this bug.