Closed
Bug 579959
Opened 15 years ago
Closed 15 years ago
TabChild used after Send__delete__
Categories
(Core :: IPC, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: jdm, Assigned: jdm)
References
Details
Attachments
(3 files, 2 obsolete files)
|
2.20 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
|
2.16 KB,
patch
|
Details | Diff | Splinter Review | |
|
982 bytes,
text/plain
|
smaug
:
review+
|
Details |
I just got this backtrace when shutting down after some random browsing Fennec. Looks like nsDocShell::FirePageHideNotification ends up dispatching events which use the message manager functionality on the TabChild that's being deleted.
#0 0x00f7a416 in __kernel_vsyscall ()
#1 0x00b16df6 in nanosleep () from /lib/libc.so.6
#2 0x00b16c11 in sleep () from /lib/libc.so.6
#3 0x0126c0dd in ah_crap_handler (signum=6) at /home/t_mattjo/src/firefox/mobilebase/toolkit/xre/nsSigHandlers.cpp:132
#4 0x0126c136 in child_ah_crap_handler (signum=6) at /home/t_mattjo/src/firefox/mobilebase/toolkit/xre/nsSigHandlers.cpp:145
#5 <signal handler called>
#6 0x00f7a416 in __kernel_vsyscall ()
#7 0x00aa5a81 in raise () from /lib/libc.so.6
#8 0x00aa734a in abort () from /lib/libc.so.6
#9 0x002e5014 in mozalloc_abort (msg=0xbf92551c "###!!! ABORT: __delete__()d actor: file ../../ipc/ipdl/_ipdlheaders/mozilla/dom/PIFrameEmbedding.h, line 94")
at /home/t_mattjo/src/firefox/mobilebase/memory/mozalloc/mozalloc_abort.cpp:75
#10 0x0265ffba in Abort (aMsg=0xbf92551c "###!!! ABORT: __delete__()d actor: file ../../ipc/ipdl/_ipdlheaders/mozilla/dom/PIFrameEmbedding.h, line 94")
at /home/t_mattjo/src/firefox/mobilebase/xpcom/base/nsDebugImpl.cpp:379
#11 0x0265fede in NS_DebugBreak_P (aSeverity=3, aStr=0x2d31563 "__delete__()d actor", aExpr=0x0, aFile=0x2d31528 "../../ipc/ipdl/_ipdlheaders/mozilla/dom/PIFrameEmbedding.h", aLine=94)
at /home/t_mattjo/src/firefox/mobilebase/xpcom/base/nsDebugImpl.cpp:337
#12 0x024ec1d8 in mozilla::dom::PIFrameEmbedding::Transition (from=__Dead, trigger=..., next=0xb689c114) at ../../ipc/ipdl/_ipdlheaders/mozilla/dom/PIFrameEmbedding.h:94
#13 0x025809ba in mozilla::dom::PIFrameEmbeddingChild::SendsendAsyncMessageToParent (this=0xb689c100, aMessage=..., aJSON=...) at PIFrameEmbeddingChild.cpp:487
#14 0x024872b9 in SendAsyncMessageToParent (aCallbackData=0xb689c100, aMessage=..., aJSON=...) at /home/t_mattjo/src/firefox/mobilebase/dom/ipc/TabChild.cpp:1030
#15 0x01868d8e in nsFrameMessageManager::SendAsyncMessageInternal (this=0xb4e9f740, aMessage=..., aJSON=...) at /home/t_mattjo/src/firefox/mobilebase/content/base/src/nsFrameMessageManager.cpp:263
#16 0x01868ecd in nsFrameMessageManager::SendAsyncMessage (this=0xb4e9f740) at /home/t_mattjo/src/firefox/mobilebase/content/base/src/nsFrameMessageManager.cpp:280
#17 0x02487be8 in mozilla::dom::TabChildGlobal::SendAsyncMessage (this=0xb4e48b40) at /home/t_mattjo/src/firefox/mobilebase/dom/ipc/TabChild.h:92
#18 0x0266c35d in NS_InvokeByIndex_P () at /home/t_mattjo/src/firefox/mobilebase/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_gcc_x86_unix.cpp:69
#19 0x01f6e9d3 in CallMethodHelper::Invoke (this=0xbf925b74) at /home/t_mattjo/src/firefox/mobilebase/js/src/xpconnect/src/xpcwrappednative.cpp:3061
#20 0x01f6cd0a in CallMethodHelper::Call (this=0xbf925b74) at /home/t_mattjo/src/firefox/mobilebase/js/src/xpconnect/src/xpcwrappednative.cpp:2340
#21 0x01f68fdf in XPCWrappedNative::CallMethod (ccx=..., mode=CALL_METHOD) at /home/t_mattjo/src/firefox/mobilebase/js/src/xpconnect/src/xpcwrappednative.cpp:2304
#22 0x01f784ad in XPC_WN_CallMethod (cx=0xb4e7f400, obj=0xb4d15ba0, argc=2, argv=0xb4fff098, vp=0xb4fff0e4) at /home/t_mattjo/src/firefox/mobilebase/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1796
#23 0x007bb49e in js::callJSNative (cx=0xb4e7f400, native=0x1f78252 <XPC_WN_CallMethod(JSContext*, JSObject*, uintN, jsval*, jsval*)>, thisobj=0xb4d15ba0, argc=2, argv=0xb4fff098, rval=0xb4fff0e4)
at /home/t_mattjo/src/firefox/mobilebase/js/src/jscntxtinlines.h:339
#24 0x007bab9d in Invoke<JSBool (*)(JSContext*, JSObject*, uintN, jsval*, jsval*)> (cx=0xb4e7f400, fun=0xb4d282a0, script=0x0, native=0x1f78252 <XPC_WN_CallMethod(JSContext*, JSObject*, uintN, jsval*, jsval*)>,
args=..., flags=2) at /home/t_mattjo/src/firefox/mobilebase/js/src/jsinterp.cpp:591
#25 0x007b86cf in js_Invoke (cx=0xb4e7f400, args=..., flags=2) at /home/t_mattjo/src/firefox/mobilebase/js/src/jsinterp.cpp:693
#26 0x007a6e71 in js_Interpret (cx=0xb4e7f400) at /home/t_mattjo/src/firefox/mobilebase/js/src/jsops.cpp:2155
#27 0x007bac23 in Invoke<JSBool (*)(JSContext*, JSObject*, uintN, jsval*, jsval*)> (cx=0xb4e7f400, fun=0xb4d28118, script=0xb3372000, native=0, args=..., flags=0)
at /home/t_mattjo/src/firefox/mobilebase/js/src/jsinterp.cpp:602
#28 0x007b86cf in js_Invoke (cx=0xb4e7f400, args=..., flags=0) at /home/t_mattjo/src/firefox/mobilebase/js/src/jsinterp.cpp:693
#29 0x01f614ca in nsXPCWrappedJSClass::CallMethod (this=0xb332a400, wrapper=0xb3351040, methodIndex=3, info=0xb6837c28, nativeParams=0xbf92695c)
at /home/t_mattjo/src/firefox/mobilebase/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1689
#30 0x01f5917f in nsXPCWrappedJS::CallMethod (this=0xb3351040, methodIndex=3, info=0xb6837c28, params=0xbf92695c) at /home/t_mattjo/src/firefox/mobilebase/js/src/xpconnect/src/xpcwrappedjs.cpp:570
#31 0x0266c5db in PrepareAndDispatch (methodIndex=3, self=0xb335c7f0, args=0xbf926a34) at /home/t_mattjo/src/firefox/mobilebase/xpcom/reflect/xptcall/src/md/unix/xptcstubs_gcc_x86_unix.cpp:95
#32 0x0189b18a in nsEventListenerManager::HandleEventSubType (this=0xb334a340, aListenerStruct=0xb33729a0, aListener=0xb335c7f0, aDOMEvent=0xb0dfbc80, aCurrentTarget=0xb4e48b40, aPhaseFlags=2, aPusher=
0xbf926d38) at /home/t_mattjo/src/firefox/mobilebase/content/events/src/nsEventListenerManager.cpp:1094
#33 0x0189b56f in nsEventListenerManager::HandleEventInternal (this=0xb334a340, aPresContext=0x0, aEvent=0xb0e2b520, aDOMEvent=0xbf926d50, aCurrentTarget=0xb4e48b40, aFlags=2, aEventStatus=0xbf926d54, aPusher=
0xbf926d38) at /home/t_mattjo/src/firefox/mobilebase/content/events/src/nsEventListenerManager.cpp:1190
#34 0x018c3e9c in nsEventListenerManager::HandleEvent (this=0xb334a340, aPresContext=0x0, aEvent=0xb0e2b520, aDOMEvent=0xbf926d50, aCurrentTarget=0xb4e48b40, aFlags=2, aEventStatus=0xbf926d54, aPusher=
0xbf926d38) at /home/t_mattjo/src/firefox/mobilebase/content/events/src/nsEventListenerManager.h:146
#35 0x018c435e in nsEventTargetChainItem::HandleEvent (this=0xb332c1a0, aVisitor=..., aFlags=2, aMayHaveNewListenerManagers=0, aPusher=0xbf926d38)
at /home/t_mattjo/src/firefox/mobilebase/content/events/src/nsEventDispatcher.cpp:212
#36 0x018c2294 in nsEventTargetChainItem::HandleEventTargetChain (this=0xb332c1a0, aVisitor=..., aFlags=6, aCallback=0x0, aMayHaveNewListenerManagers=0, aPusher=0xbf926d38)
at /home/t_mattjo/src/firefox/mobilebase/content/events/src/nsEventDispatcher.cpp:364
#37 0x018c2e23 in nsEventDispatcher::Dispatch (aTarget=0xb410cac8, aPresContext=0x0, aEvent=0xb0e2b520, aDOMEvent=0xb0dfbc80, aEventStatus=0x0, aCallback=0x0, aTargets=0x0)
at /home/t_mattjo/src/firefox/mobilebase/content/events/src/nsEventDispatcher.cpp:628
#38 0x018c31d6 in nsEventDispatcher::DispatchDOMEvent (aTarget=0xb410cac8, aEvent=0x0, aDOMEvent=0xb0dfbc80, aPresContext=0x0, aEventStatus=0x0)
at /home/t_mattjo/src/firefox/mobilebase/content/events/src/nsEventDispatcher.cpp:691
#39 0x017c223f in nsDocument::DispatchPageTransition (this=0xb108d800, aDispatchTarget=0xb410cac8, aType=..., aPersisted=0) at /home/t_mattjo/src/firefox/mobilebase/content/base/src/nsDocument.cpp:7004
#40 0x017c2785 in nsDocument::OnPageHide (this=0xb108d800, aPersisted=0, aDispatchStartTarget=0x0) at /home/t_mattjo/src/firefox/mobilebase/content/base/src/nsDocument.cpp:7110
#41 0x014cc83e in DocumentViewerImpl::PageHide (this=0xb128deb0, aIsUnload=1) at /home/t_mattjo/src/firefox/mobilebase/layout/base/nsDocumentViewer.cpp:1272
#42 0x0202eb8c in nsDocShell::FirePageHideNotification (this=0xb415c190, aIsUnload=1) at /home/t_mattjo/src/firefox/mobilebase/docshell/base/nsDocShell.cpp:1485
#43 0x020393cb in nsDocShell::Destroy (this=0xb415c190) at /home/t_mattjo/src/firefox/mobilebase/docshell/base/nsDocShell.cpp:4316
#44 0x020d8b56 in nsWebBrowser::SetDocShell (this=0xb760fcc0, aDocShell=0x0) at /home/t_mattjo/src/firefox/mobilebase/embedding/browser/webBrowser/nsWebBrowser.cpp:1640
#45 0x020d1bda in nsWebBrowser::InternalDestroy (this=0xb760fcc0) at /home/t_mattjo/src/firefox/mobilebase/embedding/browser/webBrowser/nsWebBrowser.cpp:140
#46 0x020d6ff6 in nsWebBrowser::Destroy (this=0xb760fcc0) at /home/t_mattjo/src/firefox/mobilebase/embedding/browser/webBrowser/nsWebBrowser.cpp:1248
#47 0x02484b70 in mozilla::dom::TabChild::destroyWidget (this=0xb689c100) at /home/t_mattjo/src/firefox/mobilebase/dom/ipc/TabChild.cpp:460
#48 0x02484c28 in mozilla::dom::TabChild::~TabChild (this=0xb689c100, __in_chrg=<value optimized out>) at /home/t_mattjo/src/firefox/mobilebase/dom/ipc/TabChild.cpp:467
#49 0x02484d83 in mozilla::dom::TabChild::~TabChild (this=0xb689c100, __in_chrg=<value optimized out>) at /home/t_mattjo/src/firefox/mobilebase/dom/ipc/TabChild.cpp:481
#50 0x02484298 in mozilla::dom::TabChild::Release (this=0xb689c100) at /home/t_mattjo/src/firefox/mobilebase/dom/ipc/TabChild.cpp:162
#51 0x0247f068 in mozilla::dom::ContentProcessChild::DeallocPIFrameEmbedding (this=0xb762d038, iframe=0xb689c100) at /home/t_mattjo/src/firefox/mobilebase/dom/ipc/ContentProcessChild.cpp:96
#52 0x0257ab1f in mozilla::dom::PContentProcessChild::RemoveManagee (this=0xb762d038, aProtocolId=11, aListener=0xb689c100) at PContentProcessChild.cpp:946
#53 0x02581251 in mozilla::dom::PIFrameEmbeddingChild::OnMessageReceived (this=0xb689c100, __msg=...) at PIFrameEmbeddingChild.cpp:628
#54 0x02579b43 in mozilla::dom::PContentProcessChild::OnMessageReceived (this=0xb762d038, __msg=...) at PContentProcessChild.cpp:618
#55 0x024a5929 in mozilla::ipc::AsyncChannel::OnDispatchMessage (this=0xb762d040, msg=...) at /home/t_mattjo/src/firefox/mobilebase/ipc/glue/AsyncChannel.cpp:262
#56 0x024aceb7 in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0xb762d040) at /home/t_mattjo/src/firefox/mobilebase/ipc/glue/RPCChannel.cpp:438
#57 0x024b288b in void DispatchToMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)()>(mozilla::ipc::RPCChannel*, bool (mozilla::ipc::RPCChannel::*)(), Tuple0 const&) ()
from /home/t_mattjo/src/firefox/mobilebase/fennec-dbg/dist/bin/libxul.so
#58 0x024b2817 in RunnableMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)(), Tuple0>::Run() () from /home/t_mattjo/src/firefox/mobilebase/fennec-dbg/dist/bin/libxul.so
#59 0x024ae61c in mozilla::ipc::RPCChannel::RefCountedTask::Run() () from /home/t_mattjo/src/firefox/mobilebase/fennec-dbg/dist/bin/libxul.so
#60 0x024ae714 in mozilla::ipc::RPCChannel::DequeueTask::Run() () from /home/t_mattjo/src/firefox/mobilebase/fennec-dbg/dist/bin/libxul.so
#61 0x026b5c70 in MessageLoop::RunTask (this=0xbf9284fc, task=0xb0e114c0) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:339
#62 0x026b5cd9 in MessageLoop::DeferOrRunPendingTask (this=0xbf9284fc, pending_task=...) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:347
#63 0x026b6099 in MessageLoop::DoWork (this=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:447
#64 0x024aa90f in mozilla::ipc::DoWorkRunnable::Run (this=0xb7601780) at /home/t_mattjo/src/firefox/mobilebase/ipc/glue/MessagePump.cpp:75
#65 0x026515e6 in nsThread::ProcessNextEvent (this=0xb763b1a0, mayWait=1, result=0xbf9278ec) at /home/t_mattjo/src/firefox/mobilebase/xpcom/threads/nsThread.cpp:547
#66 0x025e5be9 in NS_ProcessNextEvent_P (thread=0xb763b1a0, mayWait=1) at nsThreadUtils.cpp:250
#67 0x024aace7 in mozilla::ipc::MessagePump::Run (this=0xb7611130, aDelegate=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/glue/MessagePump.cpp:142
#68 0x024ab114 in mozilla::ipc::MessagePumpForChildProcess::Run (this=0xb7611130, aDelegate=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/glue/MessagePump.cpp:232
#69 0x026b57cd in MessageLoop::RunInternal (this=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:219
#70 0x026b574d in MessageLoop::RunHandler (this=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:202
#71 0x026b56f1 in MessageLoop::Run (this=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:176
#72 0x0236ac26 in nsBaseAppShell::Run (this=0xb4ea5b50) at /home/t_mattjo/src/firefox/mobilebase/widget/src/xpwidgets/nsBaseAppShell.cpp:175
#73 0x0126d307 in XRE_RunAppShell () at /home/t_mattjo/src/firefox/mobilebase/toolkit/xre/nsEmbedFunctions.cpp:546
#74 0x024ab034 in mozilla::ipc::MessagePumpForChildProcess::Run (this=0xb7611130, aDelegate=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/glue/MessagePump.cpp:218
#75 0x026b57cd in MessageLoop::RunInternal (this=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:219
#76 0x026b574d in MessageLoop::RunHandler (this=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:202
#77 0x026b56f1 in MessageLoop::Run (this=0xbf9284fc) at /home/t_mattjo/src/firefox/mobilebase/ipc/chromium/src/base/message_loop.cc:176
#78 0x0126cd84 in XRE_InitChildProcess (aArgc=1, aArgv=0xbf928754, aProcess=GeckoProcessType_Content) at /home/t_mattjo/src/firefox/mobilebase/toolkit/xre/nsEmbedFunctions.cpp:427
#79 0x08049080 in main (argc=3, argv=0xbf928754) at /home/t_mattjo/src/firefox/mobilebase/ipc/app/MozillaRuntimeMain.cpp:87
|
Assignee | |
Comment 1•15 years ago
|
||
This is easily reproducible for me by visiting google.com then shutting down. I'll see if that's still the case after pulling from tip.
|
||
Comment 2•15 years ago
|
||
(In reply to comment #1)
> This is easily reproducible for me by visiting google.com then shutting down.
Using what? Fennec+e10s or test-ipc.xul?
But yeah, it is possible that TabChild should Disconnect itself from
TabChildGlobal when Delete is called
|
|
Assignee | |
Comment 3•15 years ago
|
||
This is with fennect+e10s.
|
|
Assignee | |
Updated•15 years ago
|
Severity: normal → critical
|
|
Assignee | |
Comment 4•15 years ago
|
||
This really needs immediate attention; I'm hitting it just closing a tab in Fennec.
|
|
Assignee | |
Comment 5•15 years ago
|
||
Here's a first stab that gets rid of the crash. Since the PBrowser protocol is being deleted, no further messages will be able to be sent, so we choose to forget all about the message manager. This causes an NS_ERROR_INVALID_POINTER on tab close since the crashing sendAsyncMessage call now just fails.
Assignee: nobody → josh
|
|
Assignee | |
Updated•15 years ago
|
Attachment #459203 -
Flags: review?(Olli.Pettay)
|
|
||
Comment 6•15 years ago
|
||
Comment on attachment 459203 [details] [diff] [review]
Patch
>+void
>+TabChild::ActorDestroy(ActorDestroyReason why)
>+{
>+ // The messageManager relays messages via the TabChild which
>+ // no longer exists.
>+ mTabChildGlobal->mMessageManager = nsnull;
>+}
Could you do
static_cast<nsFrameMessageManager*>(mTabChildGlobal->mMessageManager.get())->Disconnect();
|
||
Comment 7•15 years ago
|
||
Fixed comment
Attachment #459203 -
Attachment is obsolete: true
Attachment #459350 -
Flags: review?(Olli.Pettay)
Attachment #459203 -
Flags: review?(Olli.Pettay)
|
|
||
Comment 8•15 years ago
|
||
Comment on attachment 459350 [details] [diff] [review]
comment updated patch
>+void
>+TabChild::ActorDestroy(ActorDestroyReason why)
>+{
>+ // The messageManager relays messages via the TabChild which
>+ // no longer exists.
>+ static_cast<nsFrameMessageManager*>(mTabChildGlobal->mMessageManager.get())
>+ ->Disconnect();
-> should be in the previous line, and 2 space indentation
Attachment #459350 -
Flags: review?(Olli.Pettay) → review+
|
|
||
Comment 9•15 years ago
|
||
|
|
||
Comment 10•15 years ago
|
||
|
|
||
Updated•15 years ago
|
Attachment #459367 -
Attachment description: 2 space offset everywhere, indent pretty random in this file... → 2 space offset everywhere, indent pretty random in this file..., push me
|
|
||
Updated•15 years ago
|
Attachment #459363 -
Attachment is obsolete: true
|
|
||
Updated•15 years ago
|
Attachment #459367 -
Flags: approval2.0?
|
||
Updated•15 years ago
|
blocking2.0: --- → betaN+
|
|
||
Comment 11•15 years ago
|
||
I got one more crash about TabChildUsage after delete...
#0 0x42cf46f8 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
#1 0x42cf8df8 in *__GI_abort () at abort.c:88
#2 0x40060e7c in mozalloc_abort (msg=<value optimized out>)
at memory/mozalloc/mozalloc_abort.cpp:75
#3 0x413d2540 in Abort (aSeverity=1121946620, aStr=0x416f4aa4 "__delete__()d actor", aExpr=0x0,
aFile=0x416f7c18 "../../ipc/ipdl/_ipdlheaders/mozilla/dom/PBrowser.h", aLine=93)
at xpcom/base/nsDebugImpl.cpp:379
#4 NS_DebugBreak_P (aSeverity=1121946620, aStr=0x416f4aa4 "__delete__()d actor", aExpr=0x0, aFile=0x416f7c18 "../../ipc/ipdl/_ipdlheaders/mozilla/dom/PBrowser.h",
aLine=93) at xpcom/base/nsDebugImpl.cpp:337
#5 0x41329488 in Transition (this=0x45308660, stateFlags=<value optimized out>, status=@0xbef21908) at ../../ipc/ipdl/_ipdlheaders/mozilla/dom/PBrowser.h:93
#6 mozilla::dom::PBrowserChild::SendNotifyStateChange (this=0x45308660, stateFlags=<value optimized out>, status=@0xbef21908) at PBrowserChild.cpp:263
#7 0x4127ab14 in mozilla::dom::TabChild::OnStateChange (this=0x0, aWebProgress=<value optimized out>, aRequest=<value optimized out>, aStateFlags=1158721440,
aStatus=2152398850) at dom/ipc/TabChild.cpp:492
#8 0x4104ff40 in nsDocLoader::FireOnStateChange (this=0x46759190, aProgress=0x467591a4, aRequest=0x4760d154, aStateFlags=65552, aStatus=2152398850)
at uriloader/base/nsDocLoader.cpp:1321
#9 0x41050654 in nsDocLoader::doStopURLLoad (this=0x0, request=<value optimized out>, aStatus=<value optimized out>)
at uriloader/base/nsDocLoader.cpp:894
#10 0x41050fd4 in nsDocLoader::OnStopRequest (this=0x46759190, aRequest=0x4760d154, aCtxt=<value optimized out>, aStatus=2152398850)
at uriloader/base/nsDocLoader.cpp:689
#11 0x4075c3c8 in nsLoadGroup::RemoveRequest (this=0x46728340, request=0x4760d154, ctxt=0x0, aStatus=2152398850)
at netwerk/base/src/nsLoadGroup.cpp:680
#12 0x4075c888 in nsLoadGroup::Cancel (this=0x46728340, status=2152398850)
---Type <return> to continue, or q <return> to quit---
at netwerk/base/src/nsLoadGroup.cpp:331
#13 0x410513b0 in nsDocLoader::Stop (this=0x46759190)
at uriloader/base/nsDocLoader.cpp:327
#14 0x4103c034 in nsDocShell::Stop (this=0x46759190, aStopFlags=3)
at docshell/base/nsDocShell.cpp:4063
#15 0x4103a2b0 in nsDocShell::Destroy (this=0x46759190)
at docshell/base/nsDocShell.cpp:4340
#16 0x4109386c in nsWebBrowser::SetDocShell (this=0x460ee690, aDocShell=0x0)
at embedding/browser/webBrowser/nsWebBrowser.cpp:1640
#17 0x41094bf8 in nsWebBrowser::InternalDestroy (this=0x460ee690)
at embedding/browser/webBrowser/nsWebBrowser.cpp:140
#18 0x41093918 in nsWebBrowser::Destroy (this=0x0)
at embedding/browser/webBrowser/nsWebBrowser.cpp:1248
#19 0x4127a608 in mozilla::dom::TabChild::DestroyWidget (this=<value optimized out>)
at dom/ipc/TabChild.cpp:453
#20 0x4127bd90 in ~TabChild (this=0x0, __in_chrg=<value optimized out>)
at dom/ipc/TabChild.cpp:470
#21 0x4127958c in mozilla::dom::TabChild::Release (this=0x0) at dom/ipc/TabChild.cpp:162
#22 0x412760b4 in mozilla::dom::ContentChild::DeallocPBrowser (this=<value optimized out>, iframe=0x1b25)
at dom/ipc/ContentChild.cpp:100
#23 0x4132b960 in mozilla::dom::PContentChild::RemoveManagee (this=0x45337198, aProtocolId=<value optimized out>, aListener=0x45308660) at PContentChild.cpp:1014
#24 0x4132809c in mozilla::dom::PBrowserChild::OnMessageReceived (this=0x45308660, __msg=<value optimized out>) at PBrowserChild.cpp:657
---Type <return> to continue, or q <return> to quit---
#25 0x4132ec04 in mozilla::dom::PContentChild::OnMessageReceived (this=0x45337198, __msg=...) at PContentChild.cpp:662
#26 0x412931bc in mozilla::ipc::AsyncChannel::OnDispatchMessage (this=0x453371a0, msg=...)
at ipc/glue/AsyncChannel.cpp:262
#27 0x4129970c in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x453371a0)
at ipc/glue/RPCChannel.cpp:438
#28 0x4129c408 in DispatchToMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)()> (this=<value optimized out>)
at ipc/chromium/src/base/tuple.h:383
#29 RunnableMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)(), Tuple0>::Run (this=<value optimized out>)
at ipc/chromium/src/base/task.h:307
#30 0x4129c370 in mozilla::ipc::RPCChannel::RefCountedTask::Run (this=<value optimized out>) at ../../dist/include/mozilla/ipc/RPCChannel.h:448
#31 mozilla::ipc::RPCChannel::DequeueTask::Run (this=<value optimized out>) at ../../dist/include/mozilla/ipc/RPCChannel.h:473
#32 0x41412ff4 in MessageLoop::RunTask (this=0xbef22938, task=0x466c7b18)
at ipc/chromium/src/base/message_loop.cc:339
#33 0x414137f0 in MessageLoop::DeferOrRunPendingTask (this=0xbef22938, pending_task=...)
at ipc/chromium/src/base/message_loop.cc:347
#34 0x41414da8 in MessageLoop::DoWork (this=0xbef22938)
at ipc/chromium/src/base/message_loop.cc:447
#35 0x41296eac in mozilla::ipc::DoWorkRunnable::Run (this=<value optimized out>)
at ipc/glue/MessagePump.cpp:75
#36 0x413c9564 in nsThread::ProcessNextEvent (this=0x45327ce0, mayWait=1, result=0xbef2201c)
at xpcom/threads/nsThread.cpp:547
#37 0x413878e0 in NS_ProcessNextEvent_P (thread=<value optimized out>, mayWait=1) at nsThreadUtils.cpp:250
---Type <return> to continue, or q <return> to quit---
#38 0x41296cfc in mozilla::ipc::MessagePump::Run (this=0x45328eb0, aDelegate=0xbef22938)
at ipc/glue/MessagePump.cpp:142
#39 0x414136d8 in MessageLoop::RunInternal (this=0xbef22938)
at ipc/chromium/src/base/message_loop.cc:219
#40 0x4141375c in MessageLoop::Run (this=0xbef22938)
at ipc/chromium/src/base/message_loop.cc:176
#41 0x412286dc in nsBaseAppShell::Run (this=0x460901f8)
at widget/src/xpwidgets/nsBaseAppShell.cpp:175
#42 0x40744d7c in XRE_RunAppShell () at toolkit/xre/nsEmbedFunctions.cpp:548
#43 0x414136d8 in MessageLoop::RunInternal (this=0xbef22938)
at ipc/chromium/src/base/message_loop.cc:219
#44 0x4141375c in MessageLoop::Run (this=0xbef22938)
at ipc/chromium/src/base/message_loop.cc:176
#45 0x407451c0 in XRE_InitChildProcess (aArgc=2, aArgv=0x45337180, aProcess=GeckoProcessType_Content)
at toolkit/xre/nsEmbedFunctions.cpp:429
#46 0x00009254 in main (argc=3, argv=0xbef22bd4) at ipc/app/MozillaRuntimeMain.cpp:87
|
|
Assignee | |
Comment 12•15 years ago
|
||
I find the this=0x0 values in that backtrace worrisome.
#18 0x41093918 in nsWebBrowser::Destroy (this=0x0)
at embedding/browser/webBrowser/nsWebBrowser.cpp:1248
#19 0x4127a608 in mozilla::dom::TabChild::DestroyWidget (this=<value optimized
out>)
at dom/ipc/TabChild.cpp:453
#20 0x4127bd90 in ~TabChild (this=0x0, __in_chrg=<value optimized out>)
at dom/ipc/TabChild.cpp:470
#21 0x4127958c in mozilla::dom::TabChild::Release (this=0x0) at
dom/ipc/TabChild.cpp:162
|
|
||
Comment 13•15 years ago
|
||
Attachment #459461 -
Flags: review?(josh)
|
|
Assignee | |
Comment 14•15 years ago
|
||
I'm not the right reviewer for this. I recommend smaug or bz, or somebody who actually understands how all these bits work. This feels similar to bug 561456 comment 2, however.
|
|
||
Comment 15•15 years ago
|
||
Comment on attachment 459461 [details]
Fix for last backtrase
Why you need to set weak to nsnull?
Attachment #459461 -
Flags: review?(josh) → review+
|
|
||
Comment 16•15 years ago
|
||
> Why you need to set weak to nsnull?
Not really, just remember this from some embedding code...
|
|
||
Updated•15 years ago
|
Attachment #459367 -
Flags: approval2.0?
|
|
||
Comment 17•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/dfa1076b0ab9
http://hg.mozilla.org/mozilla-central/rev/3433d89bbea9
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•