According to TB this is a topcrasher XPCCycleGCCallback [mozilla/js/src/xpconnect/src/nsxpconnect.cpp, line 520] JS_GC [mozilla/js/src/jsapi.c, line 2379] nsCycleCollector::Collect [mozilla/xpcom/base/nscyclecollector.cpp, line 1936] nsCycleCollector_collect [mozilla/xpcom/base/nscyclecollector.cpp, line 2198] nsDocShell::Destroy [mozilla/docshell/base/nsdocshell.cpp, line 3514] nsFrameLoader::Destroy [mozilla/content/base/src/nsframeloader.cpp, line 285] nsGenericHTMLFrameElement::UnbindFromTree [mozilla/content/html/content/src/nsgenerichtmlelement.cpp, line 3059] nsGenericElement::UnbindFromTree [mozilla/content/base/src/nsgenericelement.cpp, line 1860] nsHTMLBodyElement::UnbindFromTree [mozilla/content/html/content/src/nshtmlbodyelement.cpp, line 479] nsDocument::Destroy [mozilla/content/base/src/nsdocument.cpp, line 5484] DocumentViewerImpl::Destroy [mozilla/layout/base/nsdocumentviewer.cpp, line 1579] (I thought I had filed this bug already but could find it in bugzilla)
er, couldn't find ...
From MXR: (nsxpconnect.cpp) 526 if(status == JSGC_MARK_END) 527 nsXPConnect::GetXPConnect()->GetJSObjectRefcounts()->MarkEnd(); There are many cases where GetXPConnect() returns nsnull. The question is what do we return when we get nsnull? Smaug (or anyone else): how can I easily reproduce this?
Created attachment 265467 [details] [diff] [review] Possible patch Can anyone please confirm if this solves the problem? I don't know what would happen afterwards if the MarkEnd didn't happen, but it has to be better than a crash.
Created attachment 265498 [details] [diff] [review] Possible patch 2nd try Actually, try this one.
Just from talkback, all of the crash logs say the Trigger Reason is Stack Overflow.
According to Igor, bug 379718 should fix this, but it needs to be on the radar.
(In reply to comment #7) > email@example.com: is this bug 383651? > Many of the comments say it happened at shutdown, and the top of the stack would be consistent with that explanation. We need more stack frames to know for sure, however.
I don't see XPCCycleGCCallback in stacks in a8 or a9pre on crash-stats.mozilla.com. Should we just dupe this to bug 383651 now?