Closed Bug 650136 Opened 15 years ago Closed 9 years ago

crash [@ nsDocShell::LoadHistoryEntry(nsISHEntry*, unsigned int)]

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Version:
1.9.2 Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: kairo, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-133c88bd-fad3-46e0-854d-51e602110413 . ============================================================= 0 xul.dll nsDocShell::LoadHistoryEntry docshell/base/nsDocShell.cpp:9278 1 xul.dll nsDocShell::LoadURI 2 xul.dll nsFrameLoader::ReallyStartLoading content/base/src/nsFrameLoader.cpp:233 3 xul.dll nsDocument::MaybeInitializeFinalizeFrameLoaders content/base/src/nsDocument.cpp:5319 4 xul.dll nsRunnableMethod<nsHTMLImageElement,void>::Run obj-firefox/dist/include/nsThreadUtils.h:282 5 xul.dll nsContentUtils::RemoveScriptBlocker content/base/src/nsContentUtils.cpp:4488 6 xul.dll mozAutoDocUpdate::~mozAutoDocUpdate obj-firefox/dist/include/mozAutoDocUpdate.h:69 7 xul.dll nsGenericElement::doInsertChildAt content/base/src/nsGenericElement.cpp:3255 8 xul.dll nsGenericElement::InsertChildAt content/base/src/nsGenericElement.cpp:3169 9 xul.dll nsINode::AppendChildTo obj-firefox/dist/include/nsINode.h:434 10 xul.dll SinkContext::OpenContainer content/html/document/src/nsHTMLContentSink.cpp:832 11 xul.dll HTMLContentSink::OpenContainer content/html/document/src/nsHTMLContentSink.cpp:2357 12 xul.dll CNavDTD::OpenContainer parser/htmlparser/src/CNavDTD.cpp:2668 13 xul.dll CNavDTD::HandleDefaultStartToken parser/htmlparser/src/CNavDTD.cpp:1039 14 xul.dll CNavDTD::HandleStartToken parser/htmlparser/src/CNavDTD.cpp:1390 15 xul.dll CNavDTD::HandleToken parser/htmlparser/src/CNavDTD.cpp:717 16 xul.dll CNavDTD::BuildModel parser/htmlparser/src/CNavDTD.cpp:304 17 xul.dll nsParser::BuildModel parser/htmlparser/src/nsParser.cpp:2456 18 xul.dll nsParser::ResumeParse parser/htmlparser/src/nsParser.cpp:2337 19 xul.dll nsParser::ContinueInterruptedParsing parser/htmlparser/src/nsParser.cpp:1833 20 xul.dll nsContentSink::ContinueInterruptedParsingIfEnabled content/base/src/nsContentSink.cpp:1769 21 xul.dll nsRunnableMethod<nsServerSocket,void>::Run obj-firefox/dist/include/nsThreadUtils.h:282 22 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:527 23 xul.dll NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:250 24 xul.dll nsThread::Shutdown xpcom/threads/nsThread.cpp:468 25 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 26 xul.dll nsProxyObjectCallInfo::Run xpcom/proxy/src/nsProxyEvent.cpp:181 27 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:527 28 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 29 xul.dll xul.dll@0x9769bb 30 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:199 31 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:2199 32 xul.dll xul.dll@0x2f0f53 33 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:173 34 nspr4.dll PR_SetThreadPrivate nsprpub/pr/src/threads/prtpd.c:199 35 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:174 36 xul.dll nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:183 37 nspr4.dll nspr4.dll@0xd94f 38 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3483 bp-be445b98-db61-4380-ad63-3fa852110413 is another one with a different stack that ends up with the same top frames: 0 xul.dll nsDocShell::LoadHistoryEntry docshell/base/nsDocShell.cpp:9278 1 xul.dll nsDocShell::LoadURI 2 xul.dll nsFrameLoader::ReallyStartLoading content/base/src/nsFrameLoader.cpp:233 3 xul.dll nsDocument::MaybeInitializeFinalizeFrameLoaders content/base/src/nsDocument.cpp:5319 4 xul.dll nsHTMLDocument::EndUpdate content/html/document/src/nsHTMLDocument.cpp:3034 5 xul.dll nsGenericElement::doReplaceOrInsertBefore content/base/src/nsGenericElement.cpp:3956 6 xul.dll nsXULElement::InsertBefore content/xul/content/src/nsXULElement.h:571 7 xul.dll nsXULElement::AppendChild content/html/content/src/nsHTMLDivElement.cpp:56 8 xul.dll nsIDOMNode_AppendChild obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:3671 9 js3250.dll js_Interpret js/src/jsops.cpp:2208 10 js3250.dll js_Execute js/src/jsinterp.cpp:1601 11 js3250.dll JS_EvaluateUCScriptForPrincipals js/src/jsapi.cpp:5057 12 xul.dll nsJSContext::EvaluateString dom/base/nsJSEnvironment.cpp:1764 13 xul.dll nsScriptLoader::EvaluateScript content/base/src/nsScriptLoader.cpp:711 14 xul.dll nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:625 15 xul.dll nsCOMArray_base::RemoveObject obj-firefox/xpcom/build/nsCOMArray.cpp:125 16 xul.dll nsScriptLoader::ProcessPendingRequests And bp-11b7caa3-0877-48fe-b75c-157752110414 is a variant on Mac that also ends up with the same set of top frames. Correlations: 99% (341/343) vs. 64% (74556/115916) shdocvw.dll 100% (343/343) vs. 70% (80715/115916) nssckbi.dll 100% (343/343) vs. 70% (80870/115916) freebl3.dll 100% (343/343) vs. 70% (80875/115916) nssdbm3.dll 100% (343/343) vs. 70% (80979/115916) softokn3.dll 100% (342/343) vs. 73% (84734/115916) ntmarta.dll 100% (343/343) vs. 75% (86968/115916) brwsrcmp.dll 100% (342/343) vs. 75% (86641/115916) t2embed.dll 100% (343/343) vs. 76% (87560/115916) winrnr.dll 100% (343/343) vs. 76% (88394/115916) browserdirprovider.dll 100% (343/343) vs. 77% (89366/115916) firefox.exe 100% (343/343) vs. 77% (89394/115916) xpcom.dll 100% (343/343) vs. 77% (89769/115916) dbghelp.dll 43% (149/343) vs. 21% (24289/115916) icm32.dll 100% (342/343) vs. 78% (90703/115916) rasadhlp.dll 71% (245/343) vs. 52% (60506/115916) apphelp.dll 75% (258/343) vs. 56% (64998/115916) samlib.dll 55% (190/343) vs. 37% (43271/115916) cryptui.dll 100% (342/343) vs. 82% (94752/115916) dnsapi.dll 78% (269/343) vs. 63% (73264/115916) dsound.dll 87% (300/343) vs. 73% (84439/115916) NPSWF32.dll Judging from the comments, this happens mostly when interacting with Flash, e.g. playing Facebook games like Farmville. It also seems to happen mostly on 3.6 - the signature itself is seen on 4.0 as well, but not sure if in connection with Flash, the one report I looked into didn't have Flash loaded from what I saw.
I wonder whether we end up in the the CreateAboutBlankContentViewer codepath here and whether it somehow destroys |this|....
Crash Signature: [@ nsDocShell::LoadHistoryEntry(nsISHEntry*, unsigned int)]
kairo, do you see correlations for this signature i examined 14 crashes for current versions and none involve facebook, farmville or flash. except bp-44926007-c755-44bd-9b85-d24d72130315 citing installing flash player. and none had CNavDTD::OpenContainer or nsContentUtils::RemoveScriptBlocker on stack. most crashes are more like your second example in comment 0. one user consistently reports https://ib24.csob.cz/ for example bp-736c737d-b4af-4eec-8976-e08382130311 bp-5a5b9fc1-5945-42f1-b1a8-3f2582130218
Flags: needinfo?(kairo)
This signjature is so low volume nowadays that no correlations are being produced for it.
Flags: needinfo?(kairo)
removing Flash, Farmville, Facebook games
Summary: crash [@ nsDocShell::LoadHistoryEntry(nsISHEntry*, unsigned int)] (with Flash, Farmville, Facebook games) → crash [@ nsDocShell::LoadHistoryEntry(nsISHEntry*, unsigned int)]
Crash Signature: [@ nsDocShell::LoadHistoryEntry(nsISHEntry*, unsigned int)] → [@ nsDocShell::LoadHistoryEntry(nsISHEntry*, unsigned int)] [@ nsDocShell::LoadHistoryEntry]
I think this one is gone for currrent versions, based on examination of https://crash-stats.mozilla.com/signature/?date=%3E2016-06-01&signature=nsDocShell%3A%3ALoadHistoryEntry&_columns=date&_columns=version&_columns=reason&_columns=address&_columns=url&_sort=-version&_sort=&page=1
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.