Closed Bug 901312 Opened 12 years ago Closed 12 years ago

crash in mozilla::dom::ContentParent::ActorDestroy @ nsFrameMessageManager::Disconnect

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
25 Branch
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla26
Tracking Flags:
Tracking Status
firefox24 --- unaffected
firefox25 + verified
firefox26 + verified

People

(Reporter: scoobidiver, Assigned: smaug)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

patch
1.45 KB, patch
justin.lebar+bug
: review+
akeybl
: approval-mozilla-aurora+
Details | Diff | Splinter Review
With the stack trace below, it first showed up in 25.0a1/20130803. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=76a944fa6b25&tochange=d0edf8086809 It's likely a regression from bug 887781. Signature nsFrameMessageManager::Disconnect(bool) More Reports Search UUID 6b4a79c0-3eb1-4227-b9e7-568052130804 Date Processed 2013-08-04 01:44:52.771479 Uptime 6002 Last Crash 6019 seconds before submission Install Age 8547 since version was first installed. Install Time 2013-08-03 23:22:11 Product Firefox Version 25.0a1 Build ID 20130803030205 Release Channel nightly OS Windows NT OS Version 6.2.9200 Build Architecture x86 Build Architecture Info AuthenticAMD family 21 model 16 stepping 1 | 4 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x22 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x9903, AdapterSubsysID: 184b103c, AdapterDriverVersion: 8.982.10.6000 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- Frame Module Signature Source 0 xul.dll nsFrameMessageManager::Disconnect(bool) content/base/src/nsFrameMessageManager.cpp 1 xul.dll mozilla::dom::ContentParent::ActorDestroy(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason) dom/ipc/ContentParent.cpp 2 xul.dll mozilla::dom::PContentParent::DestroySubtree(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason) obj-firefox/ipc/ipdl/PContentParent.cpp 3 xul.dll mozilla::dom::PContentParent::OnChannelError() obj-firefox/ipc/ipdl/PContentParent.cpp 4 xul.dll mozilla::ipc::AsyncChannel::NotifyMaybeChannelError() ipc/glue/AsyncChannel.cpp 5 xul.dll mozilla::ipc::AsyncChannel::OnNotifyMaybeChannelError() ipc/glue/AsyncChannel.cpp 6 xul.dll MessageLoop::RunTask(Task *) ipc/chromium/src/base/message_loop.cc 7 xul.dll MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) ipc/chromium/src/base/message_loop.cc 8 xul.dll MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc 9 xul.dll mozilla::ipc::DoWorkRunnable::Run() ipc/glue/MessagePump.cpp 10 xul.dll nsThread::ProcessNextEvent(bool,bool *) xpcom/threads/nsThread.cpp 11 xul.dll NS_ProcessNextEvent(nsIThread *,bool) obj-firefox/xpcom/build/nsThreadUtils.cpp 12 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) ipc/glue/MessagePump.cpp 13 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 14 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 15 xul.dll nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 16 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp 17 xul.dll nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 18 xul.dll XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 19 xul.dll XREMain::XRE_main(int,char * * const,nsXREAppData const *) toolkit/xre/nsAppRunner.cpp 20 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp 21 firefox.exe do_main browser/app/nsBrowserApp.cpp 22 firefox.exe NS_internal_main(int,char * *) browser/app/nsBrowserApp.cpp 23 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp 24 firefox.exe __tmainCRTStartup f:/dd/vctools/crt_bld/self_x86/crt/src/crtexe.c 25 kernel32.dll BaseThreadInitThunk 26 ntdll.dll __RtlUserThreadStart 27 ntdll.dll _RtlUserThreadStart More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=nsFrameMessageManager%3A%3ADisconnect%28bool%29
Null check required on mMessageManager.
Yeah, looks like a null pointer crash (+offset). Odd that we have null check just few lines above, for ppm.
Hmm, but why would mMessageManager be null there, if ContentParent hasn't been deleted.
(In reply to Olli Pettay [:smaug] from comment #3) > Hmm, but why would mMessageManager be null there, if ContentParent hasn't > been deleted. ShutDownProcess, which nulls out mMessageListener, can be called from any of ActorDestroy, xpcom-shutdown, NotifyTabDestroyed (from TabParent::Recv__delete__), or KillHard.
Ah, I was looking at my local tree which wasn't up-to-date, so it was missing Bug 899761!
Could be a regression from bug 899761.
Blocks: 899761
Assignee: nobody → bugs
Attached patch patchSplinter Review
Attachment #785549 - Flags: review?(justin.lebar+bug)
Comment on attachment 785549 [details] [diff] [review] patch Thanks, Olli.
Attachment #785549 - Flags: review?(justin.lebar+bug) → review+
https://hg.mozilla.org/mozilla-central/rev/5fd699ed1c55
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
It's #9 crasher in the first hours of 25.0a2. Time to uplift?
Comment on attachment 785549 [details] [diff] [review] patch [Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 899761 User impact if declined: Topcrash Testing completed (on m-c, etc.): m-c Risk to taking this patch (and alternatives if risky): No alternatives, hard to see this making things worse. String or IDL/UUID changes made by this patch: None.
Attachment #785549 - Flags: approval-mozilla-aurora?
Attachment #785549 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
No reports of any crashes here with Firefox 25 after August 12th. Assuming this is fixed.
Status: RESOLVED → VERIFIED
status-firefox25: fixedverified
status-firefox26: fixedverified
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: