Closed Bug 228637 Opened 21 years ago Closed 13 years ago

Obscure Venkman Crash at [@-0x10101010]

Categories

(Core :: JavaScript Engine, defect, P5)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Assigned: timeless)

Details

(Keywords: crash)

Crash Data

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031208 @see bug 228630 for some comments As w/ bug 228630 JSD_GetValueForObject is probably something else. Unlike that bug, i'm not quite sure *what* it is :(. I'm kind of leaning toward blaming jsd for this crash, but... Application exception occurred: App: C:\Documents and Settings\____\Desktop\mozilla\mozilla.exe (pid=3336) When: 12/14/2003 @ 02:39:30.877 Exception number: c0000005 (access violation) *----> State Dump for Thread Id 0xdf0 <----* eax=03906070 ebx=10101010 ecx=039058e7 edx=0012e30c esi=04aef53c edi=01e94ca3 eip=10101010 esp=0012e1b8 ebp=0012e314 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 ChildEBP RetAddr Args to Child 0012e1b4 00b7ffb5 01f11960 03906070 01f1a5e0 0x10101010 0012e314 00b7b608 01f11960 0012e3ac 00000002 js3250!js_Invoke+0x4fa5 0012e3b8 00b7b877 00000001 00000002 00000002 js3250!js_Invoke+0x5f8 0012e438 00b66151 04aef514 02669d58 02669d60 js3250!js_Invoke+0x867 0012e478 00b66017 04b066e8 04b061fc 0012e514 js3250!JS_ArenaShutDown+0xcdf 0012e4b0 00b65ebf 0000003f 0000002f 00000017 js3250!JS_ArenaShutDown+0xba5 0012e4ec 00b66342 04b06148 00000165 00000004 js3250!JS_ArenaShutDown+0xa4d 0012e534 00b7b5c6 00000165 027b6448 00000000 js3250!JS_ArenaShutDown+0xed0 0012e5e4 00b80725 00000001 00000001 00000000 js3250!js_Invoke+0x5b6 0012e740 00b7b608 01f11960 0012e7d8 02783b48 js3250!js_Invoke+0x5715 0012e7e4 00b80725 00000001 00000003 00000000 js3250!js_Invoke+0x5f8 0012e940 00b7b608 01f11960 0012e9d8 027a7cab js3250!js_Invoke+0x5715 0012e9e4 00b80725 00000001 00000002 00000000 js3250!js_Invoke+0x5f8 0012eb40 00b7b608 01f11960 0012ebd8 00000000 js3250!js_Invoke+0x5715 0012ebe4 00f406f9 00000001 00000001 00000002 js3250!js_Invoke+0x5f8 0012ed48 00f3e0d3 02a9b270 019488d0 00000003 xpc3250+0x106f9 0012ee14 10036ea7 00000000 00000003 0012ee3c xpc3250+0xe0d3 0012ee30 0124852a 029488d0 0463dd00 012484ce xpcom!nsXPTCStubBase__Stub3+0x20 0012ee4c 0124286e 009cf510 0463dd00 00000001 jsd3250!JSD_GetValueForObject+0x7146 (_newJSDScript) ;? I can't figure out how jsd called back to xpcom ; It looks like I need to find some path through jsd_xpc.cpp but that's too complicated for me now "jsd_NewScriptHookProc" ;? 0012ee70 00b9ada2 01f11960 04abcaad 000000cb jsd3250!JSD_GetValueForObject+0x148a 0012ef00 00b9ad4d 01f11960 045eedd0 045ee758 js3250!js_CallNewScriptHook+0x4b 0012ef28 00b719cb 01f11960 00000097 045ee758 js3250!js_NewScriptFromCG+0x18f 0012efa0 00b71b45 01f11960 0463db38 04ad9c18 js3250!js_FinishCodeGenerator+0xb8a 0012f030 00b8de4f 0463db38 0463db38 04ad5870 js3250!js_FinishCodeGenerator+0xd04 0012f054 00b8d98a 00000001 04ad5870 0012f0f4 js3250!js_CompileTokenStream+0x53a 0012f0d0 00b640d7 01f11960 01cc54b0 04ad1b68 js3250!js_CompileTokenStream+0x75 0012f1e4 00b64042 01f11960 01cc54b0 04ad1b68 js3250!JS_CompileUCScriptForPrincipals+0xcc 0012f208 00b64883 01f11960 01cc54b0 03f27464 js3250!JS_CompileUCScriptForPrincipals+0x37 0012f234 01563af0 01f11960 01cc54b0 03f27464 js3250!JS_EvaluateUCScriptForPrincipals+0x20 0012f298 00d76961 00000000 0012f3d8 01cc54b0 jsdom+0x3af0 0012f3bc 00d7674e 04aba748 0012f3d8 04aba748 gklayout!NSGetModule+0xc3cbf 0012f468 00d764a7 04aba748 04ab86b8 04ab8698 gklayout!NSGetModule+0xc3aac 0012f79c 00e5c32e 04a873a0 00000075 04ab86c0 gklayout!NSGetModule+0xc3805 0012f850 00e5be43 04ab8698 0012f8d4 00d4165a gklayout+0x1ac32e 0012f85c 00d4165a 04ab8698 04fb89f0 00000000 gklayout+0x1abe43 0012f8d4 00d9dd04 046799f0 04ab8698 00000000 gklayout!NSGetModule+0x8e9b8 0012f9b4 00d9c257 04abcc90 03396f70 07b05240 gklayout+0xedd04 0012f9c8 013ea8f0 04886dc4 03396f70 00000000 gklayout+0xec257 0012fa04 013e83ad 03396f70 00000000 00000001 gkparser+0xa8f0 0012fa3c 013e8d84 04a9f118 00000001 03396f70 gkparser+0x83ad 0012fa6c 013e7e31 00000054 804e03ef 07b05240 gkparser+0x8d84 0012fadc 013e779c 07b05240 04a9f118 044adda0 gkparser+0x7e31 0012fb08 013f2bb9 04a90ed8 044adda0 04a90ed8 gkparser+0x779c 0012fb30 013f29b5 04a90ed8 044adda0 04a8fad0 gkparser+0x12bb9 0012fb50 013f30a7 00000001 00000000 00000001 gkparser+0x129b5 0012fb98 014f1204 0000110e 04429cf0 00000000 gkparser+0x130a7 0012fbb8 00bfcfdf 04a65298 04429cf0 00000000 docshell+0x11204 0012fbf0 00c3c7be 04a905e0 04429cf0 00000000 necko+0xcfdf 0012fc1c 00bfb6a3 04429cf8 04a65058 00000000 necko+0x4c7be 0012fc64 00bfb55d 04ac0078 30013e40 30013ed0 necko+0xb6a3 0012fc74 1001b8f7 04a6505c 05588c40 04ac004c necko+0xb55d 30013ed0 778b0c24 2f82e804 0e8b0000 74084139 xpcom!NS_NewOutputStreamReadyEvent+0x91 7c8b5756 00000000 00000000 00000000 00000000 SHELL32+0x4e0c24 *----> Raw Stack Dump <----* 000000000012e1b8 b5 ff b7 00 60 19 f1 01 - 70 60 90 03 e0 a5 f1 01 ....`...p`...... 000000000012e1c8 0c e3 12 00 00 00 00 00 - 60 19 f1 01 2c f5 ae 04 ........`...,... 000000000012e1d8 0c 00 00 00 c8 01 00 00 - 00 00 00 00 0e dd d4 00 ................ 000000000012e1e8 28 e6 67 02 ec e4 12 00 - 7c e2 12 00 dd 11 04 10 (.g.....|....... 000000000012e1f8 78 01 28 00 08 70 b0 04 - 20 61 b0 04 70 3e ad 04 x.(..p.. a..p>.. 000000000012e208 dc fe b7 02 00 00 28 00 - a8 44 f9 77 02 00 00 00 ......(..D.w.... 000000000012e218 e8 06 28 00 00 00 28 00 - 00 00 00 00 14 e2 12 00 ..(...(......... 000000000012e228 36 d0 dd 00 f0 66 b0 04 - f0 66 b0 04 78 01 28 00 6....f...f..x.(. 000000000012e238 12 01 00 00 97 84 f5 77 - 98 7f f5 77 3a 8a f5 77 .......w...w:..w 000000000012e248 2c f5 ae 04 04 00 00 00 - 60 19 f1 01 e0 66 b0 04 ,.......`....f.. 000000000012e258 00 00 00 00 78 01 28 00 - 14 01 00 00 97 84 f5 77 ....x.(........w 000000000012e268 b7 a7 b7 00 70 4c e9 01 - 70 4c e9 01 70 4c e9 01 ....pL..pL..pL.. 000000000012e278 78 01 9d 00 10 f5 9c 00 - d0 e2 12 00 44 aa b7 00 x...........D... 000000000012e288 00 00 00 00 d0 81 01 30 - 00 00 00 00 82 45 01 30 .......0.....E.0 000000000012e298 f9 4c e9 01 00 00 00 00 - ba 2e 56 01 77 36 24 01 .L........V.w6$. 000000000012e2a8 d0 f5 9c 00 10 f5 9c 00 - 70 4c e9 01 d0 f5 9c 00 ........pL...... 000000000012e2b8 00 00 00 00 48 14 95 00 - 03 00 00 00 58 9d 66 02 ....H.......X.f. 000000000012e2c8 70 4c e9 01 01 00 00 00 - 35 00 00 00 28 2a ba 00 pL......5...(*.. 000000000012e2d8 10 f5 9c 00 60 19 f1 01 - 30 e3 12 00 01 00 00 00 ....`...0....... 000000000012e2e8 02 00 00 00 03 00 00 00 - e0 a5 f1 01 70 60 90 03 ............p`..
The stack looks messed up. You sure your vtables and typelibs agree? I really don't think this should be stuck in bugzilla, even if UNCONFIRMED. Take notes on your own, try to get a reproducible testcase, post/mail hypotheses. It's silly to start a bug with so much cybercrud. I don't think such a bug will end well. /be
And I think you should take these bugs rather than dumping them into the default assignee fictitious user bin. /be
Assignee: general → timeless
Sorry, meant to say "if you insist on filing these bugs, you should take them." There surely could be bugs here. It's just not cool, or productive, to file without more evidence and analysis, and to dump on the default assignee. /be
This box had never met mozilla until i grabbed 1.6b (zip). Remember that an offset is not the same as an offset into a function. If this were a debug build with symbols then it'd be limited to the actual function. This build isn't, it's a standard release build. Someone needs to get an opt build w/ symbols from 1.6b, I can't do that from where I am. I don't pack my msvc6 build env when I travel. If mozilla.org were to release talkback builds I'd be using them. Instead wXP has collected reports for all of my crashes and sent them to microsoft who is probably laughing at us.
We are releasing talkback still. You have to download the right stuff, and the reports still go to AOL, but we can recover them. /be
Brendan, iirc BuildID 20031028 was the last one on Windows including Talkback. The oldest nightly on the server is from start of december, and Mozilla 1.6b Windows doesn´t contain talkback, as can be seen in the windows-xpi folder. The 1k sized file there is a dummy, the real thing is about 243k, as can be seen in the windows-xpi folder of Mozilla 1.4b
We are releasing talkback.xpi, but now they tell me (chofmann!) that it doesn't work, because symbols aren't being uploaded. We still have our man in Havana, so to speak, and talkback servers on the way here to MF HQ. Chofmann can say more. /be
Stack w/ symbols :) [still pre1.7a, some minor patches applied, nothing interesting] 10101010() > js3250.dll!js_Interpret(JSContext * cx=0x04416d58, long * result=0x0012bb70) Line 2792 + 0x213 C js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 958 + 0xa C js3250.dll!js_InternalInvoke(JSContext * cx=0x04e771f8, JSObject * obj=0x0236d7c0, long fval=0x0236d7c8, unsigned int flags=0x00000000, unsigned int argc=0x00000002, long * argv=0x0012bc28, long * rval=0x0012bc40) Line 1035 + 0xe C js3250.dll!sort_compare(const void * a=0x050b9280, const void * b=0x050b9284, void * arg=0x0012bcd4) Line 769 + 0x55 C js3250.dll!HeapSortHelper(int building=0x00000000, HSortArgs * hsa=0x044ead48, unsigned int lo=0x00000041, unsigned int hi=0x00000084) Line 691 + 0x20 C js3250.dll!js_HeapSort(void * vec=0x050b9080, unsigned int nel=0x00000169, unsigned int elsize=0x00000004, int (const void *, const void *, void *)* cmp=0x00ed60b5, void * arg=0x0012bcd4) Line 727 + 0x10 C js3250.dll!array_sort(JSContext * cx=0x04416d58, JSObject * obj=0x022cad90, unsigned int argc=0x00000169, long * argv=0x04e771f0, long * rval=0x0012bd48) Line 889 + 0x30 C js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 941 + 0x11 C js3250.dll!js_Interpret(JSContext * cx=0x04416d58, long * result=0x0012bb70) Line 2963 C js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 958 + 0xa C js3250.dll!js_Interpret(JSContext * cx=0x04416d58, long * result=0x0012bb70) Line 2963 C js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 958 + 0xa C js3250.dll!js_Interpret(JSContext * cx=0x04416d58, long * result=0x0012bb70) Line 2963 C js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 958 + 0xa C xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x0012bb0c, unsigned short methodIndex=0xbcf6, const nsXPTMethodInfo * info=0x04416d58, nsXPTCMiniVariant * nativeParams=0x0012bb70) Line 1336 + 0x10 C++ xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=0x0003, const nsXPTMethodInfo * info=0x028b3380, nsXPTCMiniVariant * params=0x0012c54c) Line 450 C++ xpcom.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x00000000, unsigned int methodIndex=0x00000003, unsigned int * args=0x0012c604, unsigned int * stackBytesToPop=0x0012c5f4) Line 117 + 0x12 C++ xpcom.dll!SharedStub() Line 147 C++ jsd3250.dll!jsds_ScriptHookProc(JSDContext * jsdc=0x00e587c8, JSDScript * jsdscript=0x050b1e68, int creating=0x050b1ef8, void * callerdata=0x00000000) Line 723 C++ jsd3250.dll!jsd_NewScriptHookProc(JSContext * cx=0x04416d58, const char * filename=0x021e3a75, unsigned int lineno=0x00000068, JSScript * script=0x050b1e18, JSFunction * fun=0x050b1c70, void * callerdata=0x050b1e68) Line 562 + 0x9 C js3250.dll!js_CallNewScriptHook(JSContext * cx=0x04416d58, JSScript * script=0x050b1e18, JSFunction * fun=0x050b1c70) Line 1143 C js3250.dll!js_NewScriptFromCG(JSContext * cx=0x04416d58, JSCodeGenerator * cg=0x00000007, JSFunction * fun=0x050b1c70) Line 1108 + 0xa C js3250.dll!js_CompileFunctionBody(JSContext * cx=0x00eebcf6, JSTokenStream * ts=0x04416d58, JSFunction * fun=0x0012bb70) Line 678 + 0xe C js3250.dll!JS_CompileUCFunctionForPrincipals(JSContext * cx=0x050b1c70, JSObject * obj=0x03a0f1c0, JSPrincipals * principals=0x00e0b694, const char * name=0x050b0548, unsigned int nargs=0x00000001, const char * * argnames=0x018eb080, const unsigned short * chars=0x021ac5a8, unsigned int length=0x00000044, const char * filename=0x0012cbfc, unsigned int lineno=0x00000068) Line 3347 + 0xc C jsdom.dll!nsJSContext::CompileEventHandler(void * aTarget=0x03a0f1c0, nsIAtom * aName=0x050b0548, const nsAString & aBody={...}, const char * aURL=0x0012cbfc, unsigned int aLineNo=0x00000068, int aShared=0x00000001, void * * aHandler=0x0012cca4) Line 1126 + 0x3e C++ gklayout.dll!nsXBLPrototypeHandler::ExecuteHandler(nsIDOMEventReceiver * aReceiver=0x04416d58, nsIDOMEvent * aEvent=0x0012bb70) Line 441 C++ gklayout.dll!nsXBLEventHandler::HandleEvent(nsIDOMEvent * aEvent=0x050b0378) Line 88 C++ gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x04416d58, nsIDOMEvent * aDOMEvent=0x0012bb0c, nsIDOMEventTarget * aCurrentTarget=0x00eebcf6, unsigned int aSubType=0x04416d58, unsigned int aPhaseFlags=0x0012bb70) Line 1434 + 0xb C++ gklayout.dll!nsEventListenerManager::HandleEvent(nsIPresContext * aPresContext=0x00000004, nsEvent * aEvent=0x0012d8f0, nsIDOMEvent * * aDOMEvent=0x0012d714, nsIDOMEventTarget * aCurrentTarget=0x050b0378, unsigned int aFlags=0x00000004, nsEventStatus * aEventStatus=0x0012d944) Line 1527 + 0x21 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 2877 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 2857 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 2857 C++ gklayout.dll!nsGenericElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 1908 C++ gklayout.dll!nsHTMLInputElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 1474 C++ gklayout.dll!nsEventStateManager::PreHandleEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIFrame * aTargetFrame=0x00eebcf6, nsEventStatus * aStatus=0x04416d58, nsIView * aView=0x0012bb70) Line 518 C++ gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012db20, nsIView * aView=0x04c16eb8, unsigned int aFlags=0x00000001, nsEventStatus * aStatus=0x0012da80) Line 6098 C++ gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x04c16eb8, nsGUIEvent * aEvent=0x0012db20, nsEventStatus * aEventStatus=0x0012da80, int aForceHandle=0x03c0fdcc, int & aHandled=0x01547280) Line 5983 + 0x11 C++ gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x00eebcf6, nsGUIEvent * aEvent=0x04416d58, int aCaptured=0x0012bb70) Line 2225 C++ gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x3d888889, nsEventStatus * aStatus=0x0012dae0) Line 2010 + 0x14 C++ gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012db20) Line 79 C++ gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012db20, nsEventStatus & aStatus=nsEventStatus_eIgnore) Line 1064 + 0x3 C++ gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * event=0x00000000) Line 1085 C++ gkwidget.dll!nsWindow::DispatchFocus(unsigned int aEventType=0x00000069, int isMozWindowTakingFocus=0x00000001) Line 5401 + 0xe C++ gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=0x0012bb0c, unsigned int wParam=0x00eebcf6, long lParam=0x04416d58, long * aRetValue=0x0012bb70) Line 4151 C++ gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x00080ec2, unsigned int msg=0x00000000, unsigned int wParam=0x00020f5c, long lParam=0x045f9964) Line 1346 + 0x10 C++ user32.dll!77d43a50() user32.dll!77d43b1f() user32.dll!PostMessageA() + 0xad user32.dll!PostMessageA() + 0xdd ntdll.dll!KiUserCallbackDispatcher() + 0x13 jsdom.dll!GlobalWindowImpl::Focus() Line 2518 + 0x8 C++ xpcom.dll!XPTC_InvokeByIndex(nsISupports * that=0x04544c7c, unsigned int methodIndex=0x00000042, unsigned int paramCount=0x00000000, nsXPTCVariant * params=0x0012df4c) Line 102 C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2022 + 0x16 C++ xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x04416d58, JSObject * obj=0x03c818c0, unsigned int argc=0x00000000, long * argv=0x00e246c8, long * vp=0x0012e1a8) Line 1272 + 0xa C++ js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 941 + 0x11 C js3250.dll!js_Interpret(JSContext * cx=0x04416d58, long * result=0x0012bb70) Line 2963 C js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 958 + 0xa C js3250.dll!fun_apply(JSContext * cx=0x04416d58, JSObject * obj=0x03a0f1c0, unsigned int argc=0x00000002, long * argv=0x04e76b7c, long * rval=0x0012e484) Line 1569 C js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 941 + 0x11 C js3250.dll!js_Interpret(JSContext * cx=0x04416d58, long * result=0x0012bb70) Line 2963 C js3250.dll!js_Invoke(JSContext * cx=0x00eebcf6, unsigned int argc=0x04416d58, unsigned int flags=0x0012bb70) Line 958 + 0xa C js3250.dll!js_InternalInvoke(JSContext * cx=0x04416d84, JSObject * obj=0x03a0f1c0, long fval=0x050a41d0, unsigned int flags=0x00000000, unsigned int argc=0x00000001, long * argv=0x0012e8a4, long * rval=0x0012e8d4) Line 1035 + 0xe C js3250.dll!JS_CallFunctionValue(JSContext * cx=0x04416d58, JSObject * obj=0x03a0f1c0, long fval=0x050a41d0, unsigned int argc=0x00000001, long * argv=0x0012e8a4, long * rval=0x0012e8d4) Line 3592 + 0x1a C jsdom.dll!nsJSContext::CallEventHandler(JSObject * aTarget=0x03a0f1c0, JSObject * aHandler=0x050a41d0, unsigned int argc=0x00000001, long * argv=0x0012e8a4, long * rval=0x0012e8d4) Line 1231 + 0x18 C++ jsdom.dll!nsJSEventListener::HandleEvent(nsIDOMEvent * aEvent=0x0012bb70) Line 174 + 0x1c C++ gklayout.dll!nsXBLPrototypeHandler::ExecuteHandler(nsIDOMEventReceiver * aReceiver=0x04416d58, nsIDOMEvent * aEvent=0x0012bb70) Line 461 C++ gklayout.dll!nsXBLKeyEventHandler::HandleEvent(nsIDOMEvent * aEvent=0x050944f8) Line 146 + 0xc C++ gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x04416d58, nsIDOMEvent * aDOMEvent=0x0012bb0c, nsIDOMEventTarget * aCurrentTarget=0x00eebcf6, unsigned int aSubType=0x04416d58, unsigned int aPhaseFlags=0x0012bb70) Line 1434 + 0xb C++ gklayout.dll!nsEventListenerManager::HandleEvent(nsIPresContext * aPresContext=0x00000000, nsEvent * aEvent=0x0012fa04, nsIDOMEvent * * aDOMEvent=0x0012f704, nsIDOMEventTarget * aCurrentTarget=0x050944f8, unsigned int aFlags=0x00000004, nsEventStatus * aEventStatus=0x0012f968) Line 1527 + 0x21 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 2877 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 2857 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 2857 C++ gklayout.dll!nsGenericElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 1908 C++ gklayout.dll!nsHTMLInputElement::HandleDOMEvent(nsIPresContext * aPresContext=0x04416d58, nsEvent * aEvent=0x0012bb0c, nsIDOMEvent * * aDOMEvent=0x00eebcf6, unsigned int aFlags=0x04416d58, nsEventStatus * aEventStatus=0x0012bb70) Line 1474 C++ gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012fa04, nsIView * aView=0x04e47070, unsigned int aFlags=0x00000001, nsEventStatus * aStatus=0x0012f968) Line 6109 + 0xf C++ gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x04e47070, nsGUIEvent * aEvent=0x0012fa04, nsEventStatus * aEventStatus=0x0012f968, int aForceHandle=0x00000001, int & aHandled=0x00000001) Line 5983 + 0x11 C++ gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x00eebcf6, nsGUIEvent * aEvent=0x04416d58, int aCaptured=0x0012bb70) Line 2225 C++ gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x3d888889, nsEventStatus * aStatus=0x0012f9c8) Line 2010 + 0x14 C++ gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012fa04) Line 79 C++ gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012fa04, nsEventStatus & aStatus=nsEventStatus_eIgnore) Line 1064 + 0x3 C++ gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * event=0x00000000) Line 1085 C++ gkwidget.dll!nsWindow::DispatchKeyEvent(unsigned int aEventType=0x00000083, unsigned short aCharCode=0x0000, unsigned int aVirtualCharCode=0x0000000d, long aKeyData=0x00000000) Line 2940 + 0xe C++ gkwidget.dll!nsWindow::OnChar(unsigned int mbcsCharCode=0x0000000d, unsigned int virtualKeyCode=0x0000000d, bool isMultiByte=false) Line 3124 + 0x11 C++ gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=0x0012bb0c, unsigned int wParam=0x00eebcf6, long lParam=0x04416d58, long * aRetValue=0x0012bb70) Line 3834 C++ gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x00020f5c, unsigned int msg=0x00000000, unsigned int wParam=0x0000000d, long lParam=0x04272b1c) Line 1346 + 0x10 C++ user32.dll!77d43a50() user32.dll!77d43b1f() user32.dll!TranslateMessage() + 0xef user32.dll!GetMessageW() + 0x125 user32.dll!DispatchMessageW() + 0xb appshell.dll!nsAppShellService::Run() Line 484 C++ mozilla.exe!main1(int argc=0x04416d58, char * * argv=0x0012bb70, nsISupports * nativeApp=0x044ead48) Line 1291 + 0x9 C++ mozilla.exe!main(int argc=0x00000001, char * * argv=0x002a40a8) Line 1678 + 0x16 C++ mozilla.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ * __formal=0x00400000, char * args=0x00152303, HINSTANCE__ * __formal=0x00400000) Line 1702 + 0x17 C++ mozilla.exe!WinMainCRTStartup() Line 392 + 0xf C kernel32.dll!GetCurrentDirectoryW() + 0x44 In random order [frame] js3250.dll!js_Interpret(JSContext * cx=0x04416d58, long * result=0x0012bb70) Line 2792 + 0x213 C [object@frame - 1] - fp 0x0012baec {callobj=0x00000000 {map=??? slots=??? } argsobj=0x00000000 {map=??? slots=??? } varobj=0x00000000 {map=??? slots=??? } ...} JSStackFrame * \- script 0x029bcb78 {code=0x029bcba8 "T" length=0x00000059 main=0x029bcba8 "T" ...} JSScript * |+ filename 0x029b799d "chrome://venkman/content/venkman-records.js" const char * | lineno 0x00000192 unsigned int | depth 0x00000003 unsigned int |+ principals 0x00e0b694 {codebase=0x00e0b6b8 "[System Principal]" getPrincipalArray=0x00f3250c nsGetPrincipalArray(JSContext *, JSPrincipals *) globalPrivilegesEnabled=0x00f3250f nsGlobalPrivilegesEnabled(JSContext *, JSPrincipals *) ...} JSPrincipals * [frame] xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=0x0003, const nsXPTMethodInfo * info=0x028b3380, nsXPTCMiniVariant * params=0x0012c54c) Line 450 C++ this->+ mGCRootName 0x02bbe568 "nsXPCWrappedJS::mJSObj[jsdIScriptHook,0x2b0f6b8,0x1bf1a18]" char * I'm thinking about instrumenting JSVAL_TO_OBJECT to do a DebugBreak if it catches ops being 0x10101010 <brendan> that pattern looks like GCF_FINAL flag-tombstones Anyway, the general way to get this crash is run venkman, run some scripts (especially chrome or xpconnect) w/ venkman interfering (at least tracing exceptions, maybe stopping for them). eventually you get the script running slowly dialog. today i clicked cancel twice. i think that or clicking ok give you the best chances of crashing, although simply clicking cancel can give you a chance of crashing.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
Summary: Crash at [@ 0x10101010] → Obscure Venkman Crash at [@-0x10101010]
QA Contact: pschwartau → general
Crash Signature: [@-0x10101010]
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.