Closed Bug 47491 Opened 24 years ago Closed 24 years ago

Crash closing window

Categories

(Core :: Layout, defect, P1)

Product:
Core
Component:
Layout
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: mikepinkerton, Assigned: danm.moz)

References

Details

(Keywords: crash, regression, smoketest, Whiteboard: [dogfood+] ON MOZILLA TRUNK ONLY)

Attachments

(2 files)

Linux gdb 'where full' backtrace from a debugging build
10.22 KB, text/plain
Details
call stack on win2k
2.67 KB, text/plain
Details
- launch navigator - close window (with closebox or cmd-w) kaboomie! on both mac and win32, tip from 8/3/00 AM Calling chain using A6/R1 links Back chain ISA Caller 00000000 PPC 10343524 11366FC0 PPC 10329300 main+001AC 11366F60 PPC 10326A34 main1(int, char**, nsISupports*)+00994 11366CE0 PPC 13F7DD84 nsAppShellService::Run()+00054 11366C90 PPC 11ADA404 nsAppShell::Run()+0004C 11366C50 PPC 11ADACE8 nsMacMessagePump::DoMessagePump()+00044 11366C00 PPC 11ADB3E0 nsMacMessagePump::DispatchEvent(int, EventRecord*)+ 0007C 11366BB0 PPC 11ADC050 nsMacMessagePump::DoKey(EventRecord&)+00034 11366B60 PPC 11ADC4DC nsMacMessagePump::DispatchOSEventToRaptor(EventRecord&, GrafPort *)+0004C 11366B10 PPC 11AD6D28 nsMacMessageSink::DispatchOSEvent(EventRecord&, GrafPort*)+00048 11366AD0 PPC 11AD0314 nsMacWindow::HandleOSEvent(EventRecord&)+00038 11366A90 PPC 11AD1684 nsMacEventHandler::HandleOSEvent(EventRecord&)+00050 11366A40 PPC 11AD2974 nsMacEventHandler::HandleKeyEvent(EventRecord&)+ 00118 113669B0 PPC 11AA6830 nsWindow::DispatchWindowEvent(nsGUIEvent&)+00028 11366970 PPC 11AA6738 nsWindow::DispatchEvent(nsGUIEvent*, nsEventStatus& )+000B8 11366920 PPC 115EAE08 HandleEvent(nsGUIEvent*)+00064 113668D0 PPC 115F7334 nsViewManager2::DispatchEvent(nsGUIEvent*, nsEventStatus*)+00830 113666D0 PPC 115ED690 nsView::HandleEvent(nsGUIEvent*, unsigned int, nsEventStatus*, i nt&)+00244 11366650 PPC 0F996704 PresShell::Release()+0008C 11366610 PPC 0F996C64 PresShell::~PresShell()+00160 113665B0 PPC 0FDCCC04 FrameManager::Release()+0008C 11366570 PPC 0FDCCD90 FrameManager::~FrameManager()+00134 11366500 PPC 0FD1BECC ViewportFrame::Destroy(nsIPresContext*)+00034 113664C0 PPC 0F95E7B4 nsContainerFrame::Destroy(nsIPresContext*)+00064 11366470 PPC 0FD55BB0 nsFrameList::DestroyFrames(nsIPresContext*)+00050 11366420 PPC 0FD61EE0 nsBoxFrame::Destroy(nsIPresContext*)+0014C 113663B0 PPC 0F95E7B4 nsContainerFrame::Destroy(nsIPresContext*)+00064 11366360 PPC 0FD55BB0 nsFrameList::DestroyFrames(nsIPresContext*)+00050 11366310 PPC 0FD61EE0 nsBoxFrame::Destroy(nsIPresContext*)+0014C 113662A0 PPC 0F95E7B4 nsContainerFrame::Destroy(nsIPresContext*)+00064 11366250 PPC 0FD55BB0 nsFrameList::DestroyFrames(nsIPresContext*)+00050 11366200 PPC 0FD61EE0 nsBoxFrame::Destroy(nsIPresContext*)+0014C 11366190 PPC 0F95E7B4 nsContainerFrame::Destroy(nsIPresContext*)+00064 11366140 PPC 0FD55BB0 nsFrameList::DestroyFrames(nsIPresContext*)+00050 113660F0 PPC 0FD61EE0 nsBoxFrame::Destroy(nsIPresContext*)+0014C 11366080 PPC 0F95E7B4 nsContainerFrame::Destroy(nsIPresContext*)+00064 11366030 PPC 0FD55BB0 nsFrameList::DestroyFrames(nsIPresContext*)+00050 11365FE0 PPC 0FD61EE0 nsBoxFrame::Destroy(nsIPresContext*)+0014C 11365F70 PPC 0F95E7B4 nsContainerFrame::Destroy(nsIPresContext*)+00064 11365F20 PPC 0FD55BB0 nsFrameList::DestroyFrames(nsIPresContext*)+00050 11365ED0 PPC 0F95E7B4 nsContainerFrame::Destroy(nsIPresContext*)+00064 11365E80 PPC 0FD55BB0 nsFrameList::DestroyFrames(nsIPresContext*)+00050 11365E30 PPC 0F97CB8C nsFrame::Destroy(nsIPresContext*)+00230
I'm seeing this too on Linux (although not on all window closes). This is new in a CVS build from today; yesterday's CVS build didn't have this. My gdb stack backtrace is (gdb) where #0 0x20302e35 in ?? () #1 0x4039f645 in nsContentShellInfo::~nsContentShellInfo () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libnsappshell.so #2 0x4039c80f in nsXULWindow::Destroy () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libnsappshell.so #3 0x403a3d50 in nsWebShellWindow::Destroy () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libnsappshell.so #4 0x40399b01 in nsChromeTreeOwner::Destroy () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libnsappshell.so #5 0x403ef455 in GlobalWindowImpl::Close () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/./libjsdom.so #6 0x403f41b2 in GlobalWindowImpl::CloseWindow () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/./libjsdom.so #7 0x403e389e in nsJSContext::ScriptEvaluated () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/./libjsdom.so #8 0x403e304d in nsJSContext::CallEventHandler () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/./libjsdom.so #9 0x404134be in nsJSEventListener::HandleEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/./libjsdom.so #10 0x40d06cfe in nsEventListenerManager::HandleEventSubType () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgklayout.so #11 0x40d08a66 in nsEventListenerManager::HandleEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgklayout.so ---Type <return> to continue, or q <return> to quit--- #12 0x4053ff3d in nsXULElement::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #13 0x40568379 in nsXULKeyListenerImpl::HandleEventUsingKeyset () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #14 0x40565cc5 in nsXULKeyListenerImpl::LocateAndExecuteKeyBinding () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #15 0x40564f39 in nsXULKeyListenerImpl::DoKey () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #16 0x40564bfa in nsXULKeyListenerImpl::KeyPress () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #17 0x40d078da in nsEventListenerManager::HandleEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgklayout.so #18 0x4054f2eb in nsXULDocument::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #19 0x40540079 in nsXULElement::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #20 0x40540079 in nsXULElement::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #21 0x40540079 in nsXULElement::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #22 0x40540079 in nsXULElement::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #23 0x40540079 in nsXULElement::HandleDOMEvent () ---Type <return> to continue, or q <return> to quit--- from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #24 0x405427ae in nsXULElement::HandleChromeEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/librdf.so #25 0x403eb459 in GlobalWindowImpl::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/./libjsdom.so #26 0x40f1beed in nsDocument::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgklayout.so #27 0x40f311a0 in nsGenericElement::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgklayout.so #28 0x40d939cd in nsHTMLHtmlElement::HandleDOMEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgklayout.so #29 0x40d473ed in PresShell::HandleEventInternal () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgklayout.so #30 0x40d47262 in PresShell::HandleEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgklayout.so #31 0x410537c2 in nsView::HandleEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgkview.so #32 0x4105376c in nsView::HandleEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgkview.so #33 0x4105376c in nsView::HandleEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgkview.so #34 0x4105c3f8 in nsViewManager2::DispatchEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgkview.so ---Type <return> to continue, or q <return> to quit--- #35 0x41052392 in HandleEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libgkview.so #36 0x405fa459 in nsWidget::DispatchEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libwidget_gtk.so #37 0x405fa375 in nsWidget::DispatchWindowEvent () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libwidget_gtk.so #38 0x405f8674 in nsWidget::OnInput () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libwidget_gtk.so #39 0x405f4ec9 in handle_key_press_event () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libwidget_gtk.so #40 0x405f52e9 in dispatch_superwin_event () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libwidget_gtk.so #41 0x405f51bc in handle_gdk_event () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libwidget_gtk.so #42 0x407584db in gdk_event_dispatch () from /usr/lib/libgdk-1.2.so.0 #43 0x40788186 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #44 0x40788751 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #45 0x407888f1 in g_main_run () from /usr/lib/libglib-1.2.so.0 #46 0x406ad5b9 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #47 0x405ed9db in nsAppShell::Run () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libwidget_gtk.so #48 0x403a053d in nsAppShellService::Run () from /mnt/mnt/cks/tmp/moz-objdir/dist/bin/components/libnsappshell.so ---Type <return> to continue, or q <return> to quit--- #49 0x804d12e in main1 () #50 0x804d559 in main () #51 0x402579cb in __libc_start_main (main=0x804d450 <main>, argc=1, argv=0xbfffeb94, init=0x804a618 <_init>, fini=0x8051e64 <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbfffeb8c) at ../sysdeps/generic/libc-start.c:92
this is mozilla, debug, mac and win32 (100% repro), erratic on linux.
Spoke with pinkerton. Adding [dogfood+] ON MOZILLA TRUNK ONLY Who should get this? trudelle, do you know?
Assignee: clayton → trudelle
Whiteboard: [dogfood+] ON MOZILLA TRUNK ONLY
->danm, M18, P1
Assignee: trudelle → danm
Priority: P3 → P1
Target Milestone: --- → M18
Here's a 'where full' stack backtrace on a close-window crash. Hopefully this is useful information. Because of its size, I will stick it in as an attachment.
The primary content area docshell is being ~destroyed before all of its owning references release it. Don't know what to do about that but laboriously trace every addref/release through its lifetime and look for anomalies. That and ask the bastard who noticed a new 100% reproducible crash before checking and did so anyway to kindly back it out. But we'll probably go with #1.
Status: NEW → ASSIGNED
Attached file call stack on win2k
added a vaguely similar call stack for the crashes I'm seeing on NT.
*** Bug 47652 has been marked as a duplicate of this bug. ***
*** Bug 47753 has been marked as a duplicate of this bug. ***
See also bug 47781
Oops, I meant 47791
Innocuous in mien but evil in deed JS surfaced a refcounting bug in our favourite, nsBrowserInstance. JS backed out, then later, refcounting bug fixed. All ironclad until the next time.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
This is my fault...I'm very sorry...No, I obviously did not notice the crash, or I obviously wouldn't have checked it in. In fact, even knowing about it now, I *still* can't reproduce the crash on win98. The reviewer couldn't/can't either. Wasn't my idea to add the docshell handle to startup() ... Sorry, Dan.
I also would have helped to track this down had I not been out of town since Friday (I don't get back till wed.) Again, I emphasize that this DIDN'T crash at all in testing...
Dan, I noticed you checked in to nsBrowserInstance.cpp with a checkin comment saying it was the 'real' cause for the crash that this bug reports...?
*** Bug 47576 has been marked as a duplicate of this bug. ***
Hey Blake -- I'm glad to hear it didn't crash for you in testing. I spent a weekend fairly livid because everyone around here was seeing the bug all the time, so it seemed like whoever checked in the crash must have seen it, too. None of these people were running Win98, though. Alright. Sorry for impugning your coding practices. I feel a lot better. Not angry any more. And yes, I checked in two separate fixes. The first was a reversion of the change to navigator.js that exposed the bug. Then several hours later I stumbled into the broken c++ that the js had exposed, and fixed that, too. So actually the js I backed out is safe now, and could be restored.
Adding crash keyword for fix and/or verification escalation
Keywords: crash
vrfy - no more close window crash
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: