Closed Bug 444918 Opened 16 years ago Closed 16 years ago

Crash when closing epiphany [@ NS_HasPendingEvents_P] ifndef MOZILLA_INTERNAL_API

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.2a1

People

(Reporter: sam, Assigned: timeless)

References

Details

Attachments

(1 file, 3 obsolete files)

without the typo
1.07 KB, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9) Gecko/20080528 Epiphany/2.22
Build Identifier: xulrunner1 .9 rc2

Epiphany crashes when closed.


Distribution: Debian lenny/sid
Gnome Release: 2.22.1 2008-04-08 (Debian)
BugBuddy Version: 2.22.0

System: Linux 2.6.25-1-amd64 #1 SMP Fri Apr 25 14:38:55 UTC 2008 x86_64
X Vendor: The X.Org Foundation
X Vendor Release: 10400090
Selinux: No
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: gnome

Memory status: size: 393383936 vsize: 393383936 resident: 54853632 share:
27402240 rss: 54853632 rss_rlim: 18446744073709551615
CPU usage: start_time: 1210349746 rtime: 128 utime: 110 stime: 18 cutime:2
cstime: 6 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/epiphany-browser'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0x7f9c662d0780 (LWP 10068)]
0x00007f9c5eec0edf in waitpid () from /lib/libpthread.so.0
#0  0x00007f9c5eec0edf in waitpid () from /lib/libpthread.so.0
#1  0x00007f9c5e6165a6 in IA__g_spawn_sync (
    working_directory=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>, flags=<value optimized out>, 
    child_setup=<value optimized out>, user_data=0xffffffff, 
    standard_output=0x0, standard_error=0x0, exit_status=0x0, 
    error=0x7fff6e412358) at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c:374
#2  0x00007f9c5e6168b8 in IA__g_spawn_command_line_sync (
    command_line=<value optimized out>, standard_output=0x0, 
    standard_error=0x0, exit_status=0x0, error=0x7fff6e412358)
    at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c:682
#3  0x00007f9c5aa324b3 in ?? ()
   from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
#4  0x00007f9c5458cb16 in nsProfileLock::FatalSignalHandler (signo=11)
    at nsProfileLock.cpp:216
#5  <signal handler called>
#6  0x00007f9c552ddd40 in GkAtoms_info ()
   from /usr/lib/xulrunner-1.9/libxul.so
#7  0x00007f9c54c8b600 in NS_HasPendingEvents_P (thread=0x154c5f0)
    at nsThreadUtils.cpp:207
#8  0x00007f9c54c0f7d4 in nsBaseAppShell::OnProcessNextEvent (this=0x1a7f4a0, 
    thr=0x154c5f0, mayWait=0, recursionDepth=<value optimized out>)
    at nsBaseAppShell.cpp:288
#9  0x00007f9c54cb62d9 in nsThread::ProcessNextEvent (this=0x154c5f0, 
    mayWait=0, result=0x7fff6e41294c) at nsThread.cpp:497
#10 0x00007f9c54c8b54d in NS_ProcessPendingEvents_P (thread=0x154c5f0, 
    timeout=20) at nsThreadUtils.cpp:180
#11 0x00007f9c54c0f5e4 in nsBaseAppShell::NativeEventCallback (this=0x1a7f4a0)
    at nsBaseAppShell.cpp:121
#12 0x00007f9c54bfc9da in nsAppShell::EventProcessorCallback (
    source=<value optimized out>, condition=<value optimized out>, 
    data=0x1a7f4a0) at nsAppShell.cpp:69
#13 0x00007f9c5e5e30f2 in IA__g_main_context_dispatch (context=0xb01ae0)
    at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c:2009
#14 0x00007f9c5e5e6396 in g_main_context_iterate (context=0xb01ae0, block=1, 
    dispatch=1, self=<value optimized out>)
    at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c:2642
#15 0x00007f9c5e5e6657 in IA__g_main_loop_run (loop=0xae1c40)
    at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c:2850
#16 0x00007f9c6188eb63 in IA__gtk_main ()
    at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163
#17 0x0000000000439fa0 in main (argc=<value optimized out>, argv=0x8)
    at /scratch/build-area/epiphany-browser-2.22.1.1/src/ephy-main.c:739

Thread 1 (Thread 0x7f9c662d0780 (LWP 10068)):
#0  0x00007f9c5eec0edf in waitpid () from /lib/libpthread.so.0
No symbol table info available.
#1  0x00007f9c5e6165a6 in IA__g_spawn_sync (
    working_directory=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>, flags=<value optimized out>, 
    child_setup=<value optimized out>, user_data=0xffffffff, 
    standard_output=0x0, standard_error=0x0, exit_status=0x0, 
    error=0x7fff6e412358) at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c:374
        outpipe = -1
        errpipe = -1
        pid = 10093
        fds = {__fds_bits = {0, 140309574971314, 8, 16, 16, 1849762648, 16, 
    0, 20103928, 16817792, 20103904, 140735043150680, 3, 140309574963061, 
    140735043150080, 140735043150184}}
        ret = -512
        outstr = (GString *) 0x0
        errstr = (GString *) 0x0
        failed = 0
        status = <value optimized out>
        __PRETTY_FUNCTION__ = "IA__g_spawn_sync"
#2  0x00007f9c5e6168b8 in IA__g_spawn_command_line_sync (
    command_line=<value optimized out>, standard_output=0x0, 
    standard_error=0x0, exit_status=0x0, error=0x7fff6e412358)
    at /tmp/buildd/glib2.0-2.16.3/glib/gspawn.c:682
        retval = 0
        argv = (gchar **) 0x132c2e0
        __PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync"
#3  0x00007f9c5aa324b3 in ?? ()
   from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
No symbol table info available.
#4  0x00007f9c5458cb16 in nsProfileLock::FatalSignalHandler (signo=11)
    at nsProfileLock.cpp:216
        oldact = (sigaction *) 0x7fff6e4120f0
#5  <signal handler called>
No symbol table info available.
#6  0x00007f9c552ddd40 in GkAtoms_info ()
   from /usr/lib/xulrunner-1.9/libxul.so
No symbol table info available.
#7  0x00007f9c54c8b600 in NS_HasPendingEvents_P (thread=0x154c5f0)
    at nsThreadUtils.cpp:207
        val = <value optimized out>
#8  0x00007f9c54c0f7d4 in nsBaseAppShell::OnProcessNextEvent (this=0x1a7f4a0, 
    thr=0x154c5f0, mayWait=0, recursionDepth=<value optimized out>)
    at nsBaseAppShell.cpp:288
        start = 3463942710
        limit = 20
        oldBlockedWait = (PRBool *) 0x0
        needEvent = 0
#9  0x00007f9c54cb62d9 in nsThread::ProcessNextEvent (this=0x154c5f0, 
    mayWait=0, result=0x7fff6e41294c) at nsThread.cpp:497
        notifyGlobalObserver = <value optimized out>
        obs = {<nsCOMPtr_base> = {mRawPtr = 0x1a7f4a8}, <No data fields>}
        event = {<nsCOMPtr_base> = {mRawPtr = 0x1b1a8e0}, <No data fields>}
        rv = 2147549183
#10 0x00007f9c54c8b54d in NS_ProcessPendingEvents_P (thread=0x154c5f0, 
    timeout=20) at nsThreadUtils.cpp:180
        processedEvent = 32668
        rv = 27784352
        start = 3463942710
#11 0x00007f9c54c0f5e4 in nsBaseAppShell::NativeEventCallback (this=0x1a7f4a0)
    at nsBaseAppShell.cpp:121
        hasPending = <value optimized out>
        thread = (class nsIThread *) 0x154c5f0
        prevVal = nsBaseAppShell::eEventloopNone
#12 0x00007f9c54bfc9da in nsAppShell::EventProcessorCallback (
    source=<value optimized out>, condition=<value optimized out>, 
    data=0x1a7f4a0) at nsAppShell.cpp:69
        self = (nsAppShell *) 0x154c5f0
        c = 250 'ú'
#13 0x00007f9c5e5e30f2 in IA__g_main_context_dispatch (context=0xb01ae0)
    at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c:2009
No locals.
#14 0x00007f9c5e5e6396 in g_main_context_iterate (context=0xb01ae0, block=1, 
    dispatch=1, self=<value optimized out>)
    at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c:2642
        got_ownership = <value optimized out>
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = <value optimized out>
        allocated_nfds = <value optimized out>
        fds = (GPollFD *) 0x1a93b80
        __PRETTY_FUNCTION__ = "g_main_context_iterate"
#15 0x00007f9c5e5e6657 in IA__g_main_loop_run (loop=0xae1c40)
    at /tmp/buildd/glib2.0-2.16.3/glib/gmain.c:2850
        got_ownership = <value optimized out>
        self = (GThread *) 0xacb770
        __PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#16 0x00007f9c6188eb63 in IA__gtk_main ()
    at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163
        tmp_list = (GList *) 0xdbdc80
        functions = (GList *) 0x0
        init = (GtkInitFunction *) 0xb23140
        loop = (GMainLoop *) 0xae1c40
#17 0x0000000000439fa0 in main (argc=<value optimized out>, argv=0x8)
    at /scratch/build-area/epiphany-browser-2.22.1.1/src/ephy-main.c:739
        uri = 0xb124f0 ""
        path = <value optimized out>
        rpath =
"/home/sam/http:\000\2209Af\234\177\000\000ð<Anÿ\177\000\000\000ð-f\234\177\000\000°ä-f\234\177\000\000\000\000\000\000\000\000\000\0008kAf\234\177\000\000°9Anÿ\177\000\000\000\000\000\000\000\000\000\000ï9Anÿ\177\000\0000ûA\000\000\000\000\000\000\000@t\202ÜþÿP\006s",
'\0' <repeats 31 times>, " W\202Üþÿ\000\000¶ö@Ì8ÿ@\006s", '\0' <repeats
32 times>, "X\202Üþÿ\000\000¶ö@Ì8ÿ0\006s", '\0' <repeats 31 times>,
"`X\202Üþÿ\000\000¶ö@Ì8ÿ \006s", '\0' <repeats 21 times>,
"\001\000\000"...
        i = <value optimized out>
        program = <value optimized out>
        option_context = (GOptionContext *) 0xb124f0
        option_group = <value optimized out>
        proxy = <value optimized out>
        error = (GError *) 0x0
        user_time = 52391060
        env = <value optimized out>
        enable_pango = <value optimized out>
#0  0x00007f9c5eec0edf in waitpid () from /lib/libpthread.so.0
The program is running.  Quit anyway (and detach it)? (y or n) [answered Y;
input not from terminal]


Reproducible: Sometimes

Steps to Reproduce:
1. Close epiphany
Actual Results:  
Crash

Expected Results:  
No Crash

Forwarded from <http://bugzilla.gnome.org/show_bug.cgi?id=532370>.
Adding myself to cc
reporter: afaict the report is missing symbols for libxul, which makes it useless.

#6  0x00007f9c552ddd40 in GkAtoms_info ()
   from /usr/lib/xulrunner-1.9/libxul.so
No symbol table info available.

reinout: please don't comment when you add yourself to the cc list.
Hm. Debugging symbols are definitely present--they have been picked up for the other stack frames.

Please observe the stack traces of some of the duplicates of this bug (tracked at <http://bugzilla.gnome.org/show_bug.cgi?id=509083>). None of them have symbols for the GKAtoms_info frame, some don't have the frame at all, but are otherwise identical; see these for examples:

 * http://bugzilla.gnome.org/show_bug.cgi?id=537750
 * http://bugzilla.gnome.org/show_bug.cgi?id=538377
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/xpcom/glue/nsThreadUtils.cpp&rev=1.8&mark=191,193,198,199,201,203,204,207#190

the comptr is destroyed and then we try to use the pointer ... :(
Summary: Crash when closing epiphany → Crash when closing epiphany [@ NS_HasPendingEvents_P] ifndef MOZILLA_INTERNAL_API
Attached patch use comptr locally (obsolete) — Splinter Review 
Assignee: nobody → timeless
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

        Attachment #329294 -
        Flags: review?(benjamin)

    
    

    
  
Comment on attachment 329294 [details] [diff] [review]
use comptr locally

The HASPENDINGEVENTS macro is ugly and IMO unnecessary. Use an inline function if you need to.

        Attachment #329294 -
        Flags: review?(benjamin) → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        use inline (obsolete)
        — Splinter Review
      

    


  
i just wanted to make sure people didn't accidentally change just one part

        Attachment #329294 -
        Attachment is obsolete: true

        Attachment #330904 -
        Flags: review?(benjamin)

    
  

        Attachment #330904 -
        Flags: review?(benjamin) → review+

    
    

    
  
Why is the if (!thread) test changed into if (thread) ? It looks wrong.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch applied to debian package (obsolete)
        — Splinter Review
      

    


  
FWIW, I applied this patch to the debian xulrunner package, which should also fix this issue.

    
    

    
  
Could the patch from comment #9 be reviewed please? Thanks!

    
  

        Attachment #331701 -
        Flags: review?(benjamin)

    
    

    
  
Comment on attachment 331701 [details] [diff] [review]
patch applied to debian package

This patch makes no sense. If "current" is non-null, how could "thread" possibly end up null?

        Attachment #331701 -
        Flags: review?(benjamin) → review-

    
    

    
  
i will land my patch (w/ the typo fixed) if i can ever find a green period for the tree.

    
    

    
  
Mike: I'm still seeing this on Debian systems, with xulrunner-1.9 version 1.9.0.1-1 installed. So the patch does not seem to work.

    
    

    
  
timeless, what's the typo? thread instead of !thread? Would like to get this landed.

    
    

    
  
(In reply to comment #14)
> timeless, what's the typo? thread instead of !thread? Would like to get this
> landed.

timeless e-mailed me with "yeah, that's the typo."

For future note, please comment in the bug rather than e-mailing me. E-mail gets lost and forgotten while bug comments are forever.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        without the typoSplinter Review
      

    


  
Fixed patch

        Attachment #330904 -
        Attachment is obsolete: true

    
    

    
  
timeless: attach the patch you want checked in, mark everything else obsolete, add the checkin-needed keyword. kthxbye.
Whiteboard: [timeless: need new patch]

        Attachment #331701 -
        Attachment is obsolete: true
Whiteboard: [timeless: need new patch]

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/26994892da30
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: