Closed Bug 565223 Opened 15 years ago Closed 15 years ago

e10s: Parent shouldn't die while trying to send data to a crashed child

Categories

(Core :: Networking: HTTP, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: jdm, Assigned: jdm)

References

Details

Attachments

(1 file)

While working on suspend/resume stuff, I tried to watch a OGV file embedded in a page.  This action caused the child to die from a DROP_DEAD(), which gave me this backtrace in the parent:

(gdb) bt
#0  0x00d28416 in __kernel_vsyscall ()
#1  0x02b65d96 in nanosleep () from /lib/libc.so.6
#2  0x02b65bb1 in sleep () from /lib/libc.so.6
#3  0x0101336d in ah_crap_handler (signum=6) at /home/t_mattjo/src/firefox/mobilebase/toolkit/xre/nsSigHandlers.cpp:164
#4  0x01017cc2 in nsProfileLock::FatalSignalHandler (signo=6, info=0xbff58f9c, context=0xbff5901c) at nsProfileLock.cpp:221
#5  <signal handler called>
#6  0x00d28416 in __kernel_vsyscall ()
#7  0x02af4a81 in raise () from /lib/libc.so.6
#8  0x02af634a in abort () from /lib/libc.so.6
#9  0x00361f81 in PR_Abort () at /home/t_mattjo/src/firefox/mobilebase/nsprpub/pr/src/io/prlog.c:548
#10 0x022ebe92 in Abort (aMsg=0xbff594ac "###!!! ABORT: not on worker thread!: 'mWorkerLoop == MessageLoop::current()', file ../../dist/include/mozilla/ipc/AsyncChannel.h, line 131")
    at /home/t_mattjo/src/firefox/mobilebase/xpcom/base/nsDebugImpl.cpp:387
#11 0x022ebd96 in NS_DebugBreak_P (aSeverity=3, aStr=0x290d5be "not on worker thread!", aExpr=0x290d598 "mWorkerLoop == MessageLoop::current()", aFile=
    0x290d568 "../../dist/include/mozilla/ipc/AsyncChannel.h", aLine=131) at /home/t_mattjo/src/firefox/mobilebase/xpcom/base/nsDebugImpl.cpp:327
#12 0x02182495 in mozilla::ipc::AsyncChannel::AssertWorkerThread (this=0xb75b2f28) at ../../dist/include/mozilla/ipc/AsyncChannel.h:130
#13 0x0218a17d in mozilla::ipc::RPCChannel::CxxStackFrame::CxxStackFrame (this=0xbff5996c, that=..., direction=OUT_MESSAGE, msg=0xbff5993c) at ../../dist/include/mozilla/ipc/RPCChannel.h:227
#14 0x02187c1c in mozilla::ipc::RPCChannel::Send (this=0xb75b2f28, msg=0xaed49370) at /home/t_mattjo/src/firefox/mobilebase/ipc/glue/RPCChannel.cpp:141
#15 0x021c5f3d in mozilla::net::PHttpChannelParent::SendOnDataAvailable (this=0xaede5100, data=..., offset=@0xbff59a10, count=@0xbff599d8) at PHttpChannelParent.cpp:88
#16 0x0122935c in mozilla::net::HttpChannelParent::OnDataAvailable (this=0xaede5100, aRequest=0xb03ee330, aContext=0x0, aInputStream=0xb0333f40, aOffset=19776, aCount=1448)
    at /home/t_mattjo/src/firefox/mobilebase/netwerk/protocol/http/src/HttpChannelParent.cpp:216
#17 0x01175308 in nsStreamListenerTee::OnDataAvailable (this=0xb0333e60, request=0xb03ee330, context=0x0, input=0xb032f7ec, offset=19776, count=1448)
    at /home/t_mattjo/src/firefox/mobilebase/netwerk/base/src/nsStreamListenerTee.cpp:111
#18 0x0121ff5f in nsHttpChannel::OnDataAvailable (this=0xb03ee300, request=0xaede2100, ctxt=0x0, input=0xb032f7ec, offset=19776, count=1448)
    at /home/t_mattjo/src/firefox/mobilebase/netwerk/protocol/http/src/nsHttpChannel.cpp:4611
#19 0x01143882 in nsInputStreamPump::OnStateTransfer (this=0xaede2100) at /home/t_mattjo/src/firefox/mobilebase/netwerk/base/src/nsInputStreamPump.cpp:510
#20 0x011433d9 in nsInputStreamPump::OnInputStreamReady (this=0xaede2100, stream=0xb032f7ec) at /home/t_mattjo/src/firefox/mobilebase/netwerk/base/src/nsInputStreamPump.cpp:400
#21 0x022b445e in nsInputStreamReadyEvent::Run (this=0xaed04160) at /home/t_mattjo/src/firefox/mobilebase/xpcom/io/nsStreamUtils.cpp:112
#22 0x022dd2e0 in nsThread::ProcessNextEvent (this=0xb757f880, mayWait=1, result=0xbff59c5c) at /home/t_mattjo/src/firefox/mobilebase/xpcom/threads/nsThread.cpp:527
#23 0x02278669 in NS_ProcessNextEvent_P (thread=0xb757f880, mayWait=1) at nsThreadUtils.cpp:250
#24 0x02186ec3 in mozilla::ipc::MessagePump::Run (this=0xb75ce8e0, aDelegate=0xb752f600) at /home/t_mattjo/src/firefox/mobilebase/ipc/glue/MessagePump.cpp:142
#25 0x0234951f in MessageLoop::RunInternal (this=0xb752f600) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:216
#26 0x0234949b in MessageLoop::RunHandler (this=0xb752f600) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:199
#27 0x0234941f in MessageLoop::Run (this=0xb752f600) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:173
#28 0x0203cb24 in nsBaseAppShell::Run (this=0xb368d330) at /home/t_mattjo/src/firefox/mobilebase/widget/src/xpwidgets/nsBaseAppShell.cpp:174
#29 0x01dde6e5 in nsAppStartup::Run (this=0xb331ffd0) at /home/t_mattjo/src/firefox/mobilebase/toolkit/components/startup/src/nsAppStartup.cpp:182
#30 0x010061fb in XRE_main (argc=1, argv=0xbff5b4b4, aAppData=0xb7516380) at /home/t_mattjo/src/firefox/mobilebase/toolkit/xre/nsAppRunner.cpp:3564
#31 0x0804afe7 in main (argc=1, argv=0xbff5b4b4) at /home/t_mattjo/src/firefox/mobilebase/xulrunner/app/nsXULRunnerApp.cpp:463
Blocks: fennecko
Easiest solution I can think of right now is to add an ActorDestroy that updates a member indicating that the protocol is not actually valid anymore.  Just one of the dangers of reference-counting protocol actors.
Attached patch PatchSplinter Review
This fixes the crash described.
Assignee: nobody → josh
Attachment #444818 - Flags: review?(jduell.mcbugs)
Comment on attachment 444818 [details] [diff] [review]
Patch

Yes, after chatting w/cjones on IRC, it seems we want to not send msgs to the child after it's dead, or Bad Things will happen.  We'll need to add such checks to any SendXXX we add in the future.
Attachment #444818 - Flags: review?(jduell.mcbugs) → review+
Note: I changed the name of mActorValid to "mIPCClosed".  

Thanks Josh!

http://hg.mozilla.org/projects/electrolysis/rev/f59f46dc1d4e
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: