Closed
Bug 901312
Opened 11 years ago
Closed 11 years ago
crash in mozilla::dom::ContentParent::ActorDestroy @ nsFrameMessageManager::Disconnect
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
FIXED
mozilla26
Tracking | Status | |
---|---|---|
firefox24 | --- | unaffected |
firefox25 | + | verified |
firefox26 | + | verified |
People
(Reporter: scoobidiver, Assigned: smaug)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
1.45 KB,
patch
|
justin.lebar+bug
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
With the stack trace below, it first showed up in 25.0a1/20130803. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=76a944fa6b25&tochange=d0edf8086809 It's likely a regression from bug 887781. Signature nsFrameMessageManager::Disconnect(bool) More Reports Search UUID 6b4a79c0-3eb1-4227-b9e7-568052130804 Date Processed 2013-08-04 01:44:52.771479 Uptime 6002 Last Crash 6019 seconds before submission Install Age 8547 since version was first installed. Install Time 2013-08-03 23:22:11 Product Firefox Version 25.0a1 Build ID 20130803030205 Release Channel nightly OS Windows NT OS Version 6.2.9200 Build Architecture x86 Build Architecture Info AuthenticAMD family 21 model 16 stepping 1 | 4 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x22 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x9903, AdapterSubsysID: 184b103c, AdapterDriverVersion: 8.982.10.6000 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- Frame Module Signature Source 0 xul.dll nsFrameMessageManager::Disconnect(bool) content/base/src/nsFrameMessageManager.cpp 1 xul.dll mozilla::dom::ContentParent::ActorDestroy(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason) dom/ipc/ContentParent.cpp 2 xul.dll mozilla::dom::PContentParent::DestroySubtree(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason) obj-firefox/ipc/ipdl/PContentParent.cpp 3 xul.dll mozilla::dom::PContentParent::OnChannelError() obj-firefox/ipc/ipdl/PContentParent.cpp 4 xul.dll mozilla::ipc::AsyncChannel::NotifyMaybeChannelError() ipc/glue/AsyncChannel.cpp 5 xul.dll mozilla::ipc::AsyncChannel::OnNotifyMaybeChannelError() ipc/glue/AsyncChannel.cpp 6 xul.dll MessageLoop::RunTask(Task *) ipc/chromium/src/base/message_loop.cc 7 xul.dll MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) ipc/chromium/src/base/message_loop.cc 8 xul.dll MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc 9 xul.dll mozilla::ipc::DoWorkRunnable::Run() ipc/glue/MessagePump.cpp 10 xul.dll nsThread::ProcessNextEvent(bool,bool *) xpcom/threads/nsThread.cpp 11 xul.dll NS_ProcessNextEvent(nsIThread *,bool) obj-firefox/xpcom/build/nsThreadUtils.cpp 12 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) ipc/glue/MessagePump.cpp 13 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 14 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 15 xul.dll nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 16 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp 17 xul.dll nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 18 xul.dll XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 19 xul.dll XREMain::XRE_main(int,char * * const,nsXREAppData const *) toolkit/xre/nsAppRunner.cpp 20 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp 21 firefox.exe do_main browser/app/nsBrowserApp.cpp 22 firefox.exe NS_internal_main(int,char * *) browser/app/nsBrowserApp.cpp 23 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp 24 firefox.exe __tmainCRTStartup f:/dd/vctools/crt_bld/self_x86/crt/src/crtexe.c 25 kernel32.dll BaseThreadInitThunk 26 ntdll.dll __RtlUserThreadStart 27 ntdll.dll _RtlUserThreadStart More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=nsFrameMessageManager%3A%3ADisconnect%28bool%29
Comment 1•11 years ago
|
||
Null check required on mMessageManager.
Assignee | ||
Comment 2•11 years ago
|
||
Yeah, looks like a null pointer crash (+offset). Odd that we have null check just few lines above, for ppm.
Assignee | ||
Comment 3•11 years ago
|
||
Hmm, but why would mMessageManager be null there, if ContentParent hasn't been deleted.
Comment 4•11 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #3) > Hmm, but why would mMessageManager be null there, if ContentParent hasn't > been deleted. ShutDownProcess, which nulls out mMessageListener, can be called from any of ActorDestroy, xpcom-shutdown, NotifyTabDestroyed (from TabParent::Recv__delete__), or KillHard.
Assignee | ||
Comment 5•11 years ago
|
||
Ah, I was looking at my local tree which wasn't up-to-date, so it was missing Bug 899761!
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → bugs
Assignee | ||
Comment 7•11 years ago
|
||
Attachment #785549 -
Flags: review?(justin.lebar+bug)
Comment 8•11 years ago
|
||
Comment on attachment 785549 [details] [diff] [review] patch Thanks, Olli.
Attachment #785549 -
Flags: review?(justin.lebar+bug) → review+
Assignee | ||
Comment 9•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/5fd699ed1c55
Comment 10•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5fd699ed1c55
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
Reporter | ||
Comment 11•11 years ago
|
||
It's #9 crasher in the first hours of 25.0a2. Time to uplift?
Comment 12•11 years ago
|
||
Comment on attachment 785549 [details] [diff] [review] patch [Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 899761 User impact if declined: Topcrash Testing completed (on m-c, etc.): m-c Risk to taking this patch (and alternatives if risky): No alternatives, hard to see this making things worse. String or IDL/UUID changes made by this patch: None.
Attachment #785549 -
Flags: approval-mozilla-aurora?
Updated•11 years ago
|
Updated•11 years ago
|
Attachment #785549 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 14•11 years ago
|
||
No reports of any crashes here with Firefox 25 after August 12th. Assuming this is fixed.
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•