crash related to closing windows [@ objc_msgSend | _nsnote_callback] or [@ objc_msgSend | __CFXNotificationPost ]

NEW
Assigned to

Status

Camino Graveyard
General
--
critical
7 years ago
6 years ago

People

(Reporter: Smokey Ardisson (offline for a while; not following bugs - do not email), Assigned: Stuart Morgan)

Tracking

({crash})

Details

(crash signature)

This bug was filed from the Socorro interface and is 
report bp-b232c1a2-c309-44e2-8bc0-4604d2110213 .
============================================================= 

We've had a [@ objc_msgSend | _nsnote_callback] crash for quite a while now in 2.0.x, with occasional spikes into the top 10.  Generally the crash is related to closing windows with the mouse (but occasionally with the keyboard).

Stuart said he had planned to audit our notification registration and make sure that we don't ever forget to unregister somewhere, which could potentially be the cause of this crash.
Flags: camino2.0.7?
(Assignee)

Comment 1

7 years ago
CHPermissionManager needs to remove itself, but since that's the one-shot XPCOM shutdown, that's not the cause.
Same with CHCookieStorage. (Who wrote this garbage?)
That's all I see in our code; could be Sparkle or Growl though, so I'll try to audit those.

Alternately, could be a more subtle issue.
Assignee: nobody → stuart.morgan+bugzilla
On branch, in terms of code we use, both widget and JEP have hits for 'NSNotification':

http://mxr.mozilla.org/seamonkey/search?string=NSNotification&find=&findi=&filter=mozilla%2Fwidget&hitlimit=&tree=seamonkey
http://mxr.mozilla.org/seamonkey/search?string=NSNotification&find=&findi=&filter=mozilla%2Fplugin&hitlimit=&tree=seamonkey
(Actual JEP source is http://javaplugin.cvs.sourceforge.net/viewvc/javaplugin/; you can get random hits on it in Google Code Search, but not useful ones :( )

I don't see any of these crashes on 1.9.2, but it's unclear whether that's just a usage-level issue or what; there aren't any additional files/directories returned for 'NSNotification' in code we use, so it's just http://mxr.mozilla.org/mozilla1.9.2/search?string=NSNotification&find=&findi=&filter=widget%2F&hitlimit=&tree=mozilla1.9.2 (JEP isn't showing up at all; I guess MXR+Hg is smarter about binary files?)
Crash Signature: [@ objc_msgSend | _nsnote_callback]
We'll need to keep monitoring this as we get closer to 2.1.  The fixes in comment 1 would still be good for correctness, though.
Flags: camino2.1?
Flags: camino2.0.8?
Flags: camino2.0.8-
Flags: camino2.0.9?
We should check again for 2.0.10, since 2.0.9 turned out to be a quick turn-around.
Flags: camino2.0.9? → camino2.0.9-
Flags: camino2.0.10?
(In reply to Smokey Ardisson (back-ish; no bugmail - do not email) from comment #3)
> We'll need to keep monitoring this as we get closer to 2.1.  The fixes in
> comment 1 would still be good for correctness, though.

We are seeing a few of these with b2, specifically ones like bp-39821226-39d4-4b5d-8df0-aa8c02110916 where the stack starts [@ objc_msgSend | __CFXNotificationPost ] instead.

That particular report provides us a nice comment, I think perhaps our first ever:

Closing Camino windows. Current focus was on an active Camino window, closing those in the backgound by clicking on the red button in the upper-left of each window. Crash happened after five to seven successful closures.

Since it's 2.1b2, we can rule out our favorite culprits, NSWindow swizzling by Gecko and the JEP :P
Crash Signature: [@ objc_msgSend | _nsnote_callback] → [@ objc_msgSend | _nsnote_callback] or [@ objc_msgSend | __CFXNotificationPost ]
Summary: crash related to closing windows [@ objc_msgSend | _nsnote_callback] → crash related to closing windows [@ objc_msgSend | _nsnote_callback] or [@ objc_msgSend | __CFXNotificationPost ]
(In reply to comment #5)
> Since it's 2.1b2, we can rule out our favorite culprits, NSWindow swizzling
> by Gecko and the JEP :P

For sake of completeness, Chris pointed out that he still sees lots of swizzling in samples on a regular basis.

There's no more NSWindow swizzling, but Steven is still swizzling NSApp, NSView, and the PDE, among others (and some stuff in nsMenuX that shouldn't ever get called in our case): http://mxr.mozilla.org/mozilla1.9.2/search?string=swizzl&find=widget%2Fsrc%2Fcocoa&findi=&filter=^[^\0]*%24&hitlimit=&tree=mozilla1.9.2

None of these are showing up in the stacks, though I guess it's still possible they've previously been called and are messing things up down the road…
[@ objc_msgSend | __CFXNotificationPost ] is currently #2 for 2.1[1], and [@ objc_msgSend | ___CFXNotificationPost_block_invoke_1 ] is #21[2], but I haven't had the chance to drill down into the crashes to look at specifics.

There are also a bunch of [@ nsPrefBranch::Observe ] crashes[3] that have truncated main thread stacks that abruptly end in |_nsnote_callback| just after -[BrowserWindowController windowWillClose:] or -[MainController applicationWillTerminate:]…

[1] https://crash-stats.mozilla.com/report/list?range_value=14&range_unit=days&date=2011-12-20%2014%3A00%3A00&signature=objc_msgSend%20|%20__CFXNotificationPost&version=Camino%3A2.1

[2] https://crash-stats.mozilla.com/report/list?range_value=14&range_unit=days&date=2011-12-20%2014%3A00%3A00&signature=objc_msgSend%20|%20___CFXNotificationPost_block_invoke_1&version=Camino%3A2.1

[3] https://crash-stats.mozilla.com/report/list?range_value=14&range_unit=days&date=2011-12-20%2014%3A00%3A00&signature=nsPrefBranch%3A%3AObserve&version=Camino%3A2.1
Flags: camino2.0.10? → camino2.0.10-
Flags: camino2.1?
Flags: camino2.1.1?
Flags: camino2.1-
I wonder if bp-4a0950f3-c208-4618-b952-b2d1c2111218 is this, too?
Flags: camino2.1.2?
Flags: camino2.1.1?
Flags: camino2.1.1-
You need to log in before you can comment on or make changes to this bug.