Closed Bug 367285 Opened 19 years ago Closed 16 years ago

startup Crash in [@ nsJSContext::ClearScope(void*, int)]

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: bugzilla-graveyard, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Visiting the above link will kill Camino trunk a high percentage of the time. It may not happen every single time -- I think a rotating ad is doing it, and I can't determine which one -- but if you keep launching Camino and loading that page, you'll hit it eventually.
Talkback ID TB28454869E contains the following, which I got the first time I accessed the URL with a clean profile on the 2007011622 trunk build: Date/Time: 2007-01-17 17:09:54.000 -0500 OS Version: 10.4.8 (Build 8L127) Report Version: 4 Command: Camino Path: /Applications/Internet/Camino Official Nightlies/Camino.app/Contents/MacOS/Camino Parent: WindowServer [61] Version: 1.2+ (1.2+) PID: 23337 Thread: Unknown Link (dyld) error: no suitable image found. Did find: /Library/Internet Plug-Ins/NP-PPC-Dir-Shockwave: unknown file type, first eight bytes: 0x4A 0x6F 0x79 0x21 0x70 0x65 0x66 0x66
Talkback TB28453077G contains the following, which is the same crash I initially saw before I started trying to narrow down the crash. I have seen this stack with my regular profile and with a clean profile. The only difference was in the Exception and Codes lines; the stack was the same. Date/Time: 2007-01-17 16:09:05.711 -0500 OS Version: 10.4.8 (Build 8L127) Report Version: 4 Command: Camino Path: /Applications/Internet/Camino Official Nightlies/Camino.app/Contents/MacOS/Camino Parent: WindowServer [61] Version: 1.2+ (1.2+) PID: 23282 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x20740060 Thread 0 Crashed: 0 <<00000000>> 0x20740060 0 + 544473184 1 org.mozilla.camino 0x0046f298 nsJSContext::ClearScope(void*, int) + 68 2 org.mozilla.camino 0x003d38ec nsGlobalWindow::ClearWindowScope(nsISupports*) + 136 3 org.mozilla.camino 0x0046f388 nsJSContext::ScriptEvaluated(int) + 76 4 org.mozilla.camino 0x0046d554 nsJSContext::CallEventHandler(nsISupports*, void*, void*, nsIArray*, nsIVariant**) + 1136 5 org.mozilla.camino 0x004b09d0 nsJSEventListener::HandleEvent(nsIDOMEvent*) + 1492 6 org.mozilla.camino 0x0035f418 nsEventListenerManager::HandleEventSubType(nsListenerStruct*, nsIDOMEventListener*, nsIDOMEvent*, nsISupports*, unsigned) + 404 7 org.mozilla.camino 0x0035f7b8 nsEventListenerManager::HandleEvent(nsPresContext*, nsEvent*, nsIDOMEvent**, nsISupports*, unsigned, nsEventStatus*) + 892 8 org.mozilla.camino 0x003ee7ac nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor&, unsigned) + 132 9 org.mozilla.camino 0x003ee9fc nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor&, unsigned, nsDispatchingCallback*) + 352 10 org.mozilla.camino 0x003eef2c nsEventDispatcher::Dispatch(nsISupports*, nsPresContext*, nsEvent*, nsIDOMEvent*, nsEventStatus*, nsDispatchingCallback*, int) + 964 11 org.mozilla.camino 0x0032349c DocumentViewerImpl::LoadComplete(unsigned) + 356 12 org.mozilla.camino 0x0021d1dc nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, unsigned) + 112 13 org.mozilla.camino 0x001fafac nsWebShell::EndPageLoad(nsIWebProgress*, nsIChannel*, unsigned) + 208 14 org.mozilla.camino 0x0021d008 nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned, unsigned) + 744 15 org.mozilla.camino 0x001fdf2c nsDocLoader::FireOnStateChange(nsIWebProgress*, nsIRequest*, int, unsigned) + 332 16 org.mozilla.camino 0x001fd37c nsDocLoader::doStopDocumentLoad(nsIRequest*, unsigned) + 56 17 org.mozilla.camino 0x001fd298 nsDocLoader::DocLoaderIsEmpty() + 292 18 org.mozilla.camino 0x001fd014 nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 576 19 org.mozilla.camino 0x000b81e4 nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, unsigned) + 320 20 org.mozilla.camino 0x001017d8 nsHttpChannel::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 748 21 org.mozilla.camino 0x000df1fc nsInputStreamPump::OnStateStop() + 160 22 org.mozilla.camino 0x000deda0 nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) + 128 23 libxpcom_core.dylib 0x2c0825f4 nsInputStreamReadyEvent::OnInputStreamReady(nsIAsyncInputStream*) + 168 24 libxpcom_core.dylib 0x2c044260 nsThread::ProcessNextEvent(int, int*) + 280 25 libxpcom_core.dylib 0x2c00a0d8 NS_ProcessPendingEvents_P(nsIThread*, unsigned) + 84 26 org.mozilla.camino 0x006e8bc4 nsBaseAppShell::NativeEventCallback() + 80 27 org.mozilla.camino 0x006c9f58 nsAppShell::ProcessGeckoEvents() + 172 28 org.mozilla.camino 0x006ca4cc non-virtual thunk [nv:-4] to nsAppShell::AfterProcessNextEvent(nsIThreadInternal*, unsigned) + 336 29 com.apple.Foundation 0x92959918 __NSFireMachPort + 276 30 com.apple.CoreFoundation 0x907ea820 __CFMachPortPerform + 176 31 com.apple.CoreFoundation 0x907ea734 __CFRunLoopDoSource1 + 152 32 com.apple.CoreFoundation 0x907dce4c __CFRunLoopRun + 1556 33 com.apple.CoreFoundation 0x907dc47c CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93208740 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93207dd4 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x93207c40 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9370bae4 _DPSNextEvent + 384 38 com.apple.AppKit 0x9370b7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.AppKit 0x93707cec -[NSApplication run] + 472 40 com.apple.AppKit 0x937f887c NSApplicationMain + 452 41 org.mozilla.camino 0x00008fb8 start + 456 42 dyld 0x8fe01048 _dyld_start + 60
(In reply to comment #1) > Link (dyld) error: > > no suitable image found. Did find: > /Library/Internet Plug-Ins/NP-PPC-Dir-Shockwave: unknown file type, > first eight bytes: 0x4A 0x6F 0x79 0x21 0x70 0x65 0x66 0x66 What does: file /Library/Internet\ Plug-Ins/NP-PPC-Dir-Shockwave give you when run from Terminal?
(In reply to comment #3) > What does: > file /Library/Internet\ Plug-Ins/NP-PPC-Dir-Shockwave > give you when run from Terminal? /Library/Internet Plug-Ins/NP-PPC-Dir-Shockwave: header for PowerPC PEF executable So, uh, yeah...
> Link (dyld) error: > > no suitable image found. Did find: > /Library/Internet Plug-Ins/NP-PPC-Dir-Shockwave: unknown file type, > first eight bytes: 0x4A 0x6F 0x79 0x21 0x70 0x65 0x66 0x66 That can be a spurious error sometimes (often related to wacky Apple plugins, like the iPhoto Podcast plugin and whatnot), pointing at the wrong plugin(!) and totally obscuring the actual crash.
(In reply to comment #6) > *** Bug 367346 has been marked as a duplicate of this bug. *** > Bug 367346 was on SeaMonkey/PC/Linux; if it _is_ a duplicate, this one should be labeled Core/All/All rather than Camino/Macintosh/MacOsX.
sure, but you're fully capable of moving it.
Assignee: nobody → general
Component: General → DOM
OS: Mac OS X → All
Product: Camino → Core
QA Contact: general → ian
Hardware: Macintosh → All
(In reply to comment #8) > sure, but you're fully capable of moving it. > no, I don't have ChangeBug privileges on bugs reported by other people.
(In reply to comment #1) > Talkback ID TB28454869E contains the following, which I got the first time I > accessed the URL with a clean profile on the 2007011622 trunk build: [...] Incident ID: 28454869 Stack Signature _mh_dylib_header() a308fe19 Product ID MozillaTrunk Build ID 2007011701 Trigger Time 2007-01-17 14:09:59.0 Platform MacOSX Operating System Darwin 8.8.0 Module libnspr4.dylib.1.0.0 + (00000000) URL visited User Comments Since Last Crash 913 sec Total Uptime 14724 sec Trigger Reason SIGILL: Illegal Instruction: (signal 4) Source File, Line No. N/A Stack Trace _mh_dylib_header() JS_ClearScope() nsGlobalWindow::ClearWindowScope() [mozilla/dom/src/base/nsGlobalWindow.cpp, line 6378] nsJSContext::ScriptEvaluated() [mozilla/dom/src/base/nsJSEnvironment.cpp, line 3040] nsJSContext::CallEventHandler() [mozilla/dom/src/base/nsJSEnvironment.cpp, line 453] nsJSEventListener::HandleEvent() nsEventListenerManager::HandleEventSubType() [mozilla/content/events/src/nsEventListenerManager.cpp, line 1280] nsEventListenerManager::HandleEvent() [mozilla/content/events/src/nsEventListenerManager.cpp, line 1364] nsEventTargetChainItem::HandleEvent() nsEventTargetChainItem::HandleEventTargetChain() nsEventDispatcher::Dispatch() DocumentViewerImpl::LoadComplete() [mozilla/layout/base/nsDocumentViewer.cpp, line 1650] nsDocShell::EndPageLoad() [mozilla/docshell/base/nsDocShell.cpp, line 4748] nsWebShell::EndPageLoad() [mozilla/docshell/base/nsWebShell.cpp, line 496] nsDocShell::OnStateChange() [mozilla/docshell/base/nsDocShell.cpp, line 205] nsDocLoader::FireOnStateChange() [mozilla/uriloader/base/nsDocLoader.cpp, line 846] nsDocLoader::doStopDocumentLoad() [mozilla/uriloader/base/nsDocLoader.cpp, line 864] nsDocLoader::DocLoaderIsEmpty() [mozilla/uriloader/base/nsDocLoader.cpp, line 1119] nsDocLoader::OnStopRequest() [mozilla/uriloader/base/nsDocLoader.cpp, line 679] nsLoadGroup::RemoveRequest() [mozilla/netwerk/base/src/nsLoadGroup.cpp, line 846] nsDocument::DoUnblockOnload() [mozilla/content/base/src/nsDocument.cpp, line 439] nsUnblockOnloadEvent::Run() nsThread::ProcessNextEvent() NS_ProcessPendingEvents_P() nsBaseAppShell::NativeEventCallback() [mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp, line 115] nsAppShell::ProcessGeckoEvents() - __NSFireMachPort() __CFMachPortPerform() __CFRunLoopDoSource1() __CFRunLoopRun() CFRunLoopRunSpecific() RunCurrentEventLoopInMode() ReceiveNextEventCommon() BlockUntilNextEventMatchingListInMode() _DPSNextEvent() - - NSApplicationMain() _start() 0x8fe01048
Keywords: crash
Summary: Crash in nsJSContext::ClearScope → Crash in [@ nsJSContext::ClearScope]
WARNING: Frame IP not in any known module. Following frames may be wrong. 00 0x20 01 js3250!JS_ClearScope(struct JSContext * cx = 0x241d4fd0, struct JSObject * obj = 0x44633120)+0x27 02 gklayout!nsJSContext::ClearScope(void * aGlobalObj = 0x44633120, int aClearFromProtoChain = 1)+0x39 03 gklayout!nsGlobalWindow::FreeInnerObjects(int aClearScope = 1)+0x10a 04 gklayout!nsGlobalWindow::SetDocShell(class nsIDocShell * aDocShell = 0x00000000)+0x8b 05 docshell!nsDocShell::Destroy(void)+0x34f 06 gklayout!nsFrameLoader::Destroy(void)+0x1f6 07 gklayout!nsGenericHTMLFrameElement::UnbindFromTree(int aDeep = 1, int aNullParent = 0)+0x34 08 gklayout!nsGenericElement::UnbindFromTree(int aDeep = 1, int aNullParent = 0)+0x115 09 gklayout!nsGenericElement::UnbindFromTree(int aDeep = 1, int aNullParent = 0)+0x115 0a gklayout!nsGenericElement::UnbindFromTree(int aDeep = 1, int aNullParent = 1)+0x115 0b gklayout!nsDocument::Destroy(void)+0x8f 0c gklayout!DocumentViewerImpl::Destroy(void)+0x381 0d docshell!nsSHEntry::~nsSHEntry(void)+0x7f 0e docshell!nsSHEntry::`scalar deleting destructor'(void)+0xf 0f docshell!nsSHEntry::Release(void)+0x4d 10 xpc3250!XPCJSRuntime::GCCallback(struct JSContext * cx = 0x026db350, JSGCStatus status = JSGC_END (1))+0x5f9 11 jsd3250!jsds_GCCallbackProc(struct JSContext * cx = 0x026db350, JSGCStatus status = JSGC_END (1))+0x3d 12 gklayout!DOMGCCallback(struct JSContext * cx = 0x026db350, JSGCStatus status = JSGC_END (1))+0x1d 13 js3250!js_GC(struct JSContext * cx = 0x026db350, JSGCInvocationKind gckind = GC_NORMAL (0))+0xcea 14 js3250!JS_GC(struct JSContext * cx = 0x026db350)+0x54 15 xpc3250!nsXPConnect::BeginCycleCollection(void)+0xb9 16 xpcom_core!nsCycleCollector::Collect(void)+0x48 17 xpcom_core!nsCycleCollector_collect(void)+0x18 18 gklayout!nsJSContext::Notify(class nsITimer * timer = 0x23da6458)+0x54 19 xpcom_core!nsTimerImpl::Fire(void)+0xc4 1a xpcom_core!nsTimerEvent::Run(void)+0x57 1b xpcom_core!nsThread::ProcessNextEvent(int mayWait = 1, int * result = 0x0012f6c4)+0x12a 1c xpcom_core!NS_ProcessNextEvent_P(class nsIThread * thread = 0x003f9f18, int mayWait = 1)+0x3f 1d gkwidget!nsBaseAppShell::Run(void)+0x45 1e tkitcmps!nsAppStartup::Run(void)+0x41 1f xul!XRE_main(int argc = 1, char ** argv = 0x003f8388, struct nsXREAppData * aAppData = 0x00402164)+0x2259 20 firefox!main(int argc = 1, char ** argv = 0x003f8388)+0x16 21 firefox!WinMain(struct HINSTANCE__ * __formal = 0x00400000, struct HINSTANCE__ * __formal = 0x00000000, char * args = 0x00152306 "", int __formal = 10)+0x19 22 firefox!__tmainCRTStartup(void)+0x140 23 kernel32!BaseProcessStart+0x23 0:000> .frame 1 01 0012f070 01547139 js3250!JS_ClearScope+0x27 [mozilla\js\src\jsapi.c @ 3222] 0:000> ?? obj->map->ops->clear <function> * 0x00000020 0:000> .frame 3 03 0012f0b8 0152ee7b gklayout!nsGlobalWindow::FreeInnerObjects+0x10a [mozilla\dom\src\base\nsglobalwindow.cpp @ 637] 0:000> dt this mScriptGlobals[0] Local var @ 0x12f0ac Type nsGlobalWindow* 0x24d3c308 +0x0f0 mScriptGlobals : [0] 0x44633120 0:000> .frame 4 04 0012f124 00f54d3f gklayout!nsGlobalWindow::SetDocShell+0x8b [mozilla\dom\src\base\nsglobalwindow.cpp @ 1694] 0:000> dv inner = 0x24d3c308 currentInner = 0x0012f124 st_ndx = 0x12f17c this = 0x3f2397c0 aDocShell = 0x00000000 langCtx = 0x0012f128 lang_id = 0xf764c3 0:000> ?? this->next struct PRCListStr * 0x24eeab30 +0x000 next : 0x24d3c360 PRCListStr +0x004 prev : 0x3f239818 PRCListStr 0:000> ?? this->next->next struct PRCListStr * 0x24d3c360 +0x000 next : 0x239dd5a8 PRCListStr +0x004 prev : 0x24eeab30 PRCListStr this->next->next is the thing that's basically inner. are we properly walking through these inner references? 0:000> ?? this->next->next->next struct PRCListStr * 0x239dd5a8 +0x000 next : 0x3f239818 PRCListStr +0x004 prev : 0x24d3c360 PRCListStr 0:000> ?? this->next->next->next->next struct PRCListStr * 0x3f239818 +0x000 next : 0x24eeab30 PRCListStr +0x004 prev : 0x239dd5a8 PRCListStr 0:000> .frame 11 0b 0012f2cc 0127ae61 gklayout!nsDocument::Destroy+0x8f [mozilla\content\base\src\nsdocument.cpp @ 5382] 0:000> dt mDocumentTitle mData Symbol mDocumentTitle not found. 0:000> dt this mDocumentTitle.mData Local var @ 0x12f2b4 Type nsDocument* 0x249be008 +0x010 mDocumentTitle : +0x004 mData : 0x23de84e0 "Freeware for Solaris" 0:000> dt this mDocumentURI.mRawPtr Local var @ 0x12f2b4 Type nsDocument* 0x249be008 +0x020 mDocumentURI : +0x000 mRawPtr : 0x24c98090 nsISupports 0:000> dt necko!nsStandardURL 0x24c98090 mSpec.mData +0x014 mSpec : +0x004 mData : 0x24c17210 "http://sunfreeware.mirrors.tds.net/indexintel10.html" fwiw, I've been using undo close tab more often than i used to, but i don't know if that's relevant. In this session, I loaded sunfreeware (which has frames), clicked on a mirror link, went back, and clicked on a new link. The page listed here would be the mirror. my build should be from a pull from 02/08/07 03:53 PM finnish local time (EEST?).
Assignee: general → nobody
QA Contact: ian → general
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.6pre) Gecko/20091114 SeaMonkey/2.0.1pre - Build ID: 20091114000507 I reported a dupe of this bug while on Sm 1.5a; it's been a long time since I last saw it. I see no significant activity since 2007. Anyone been bugged by this recently?
Whiteboard: CLOSEME 2009-12-15 WFM
still a rare crash, about 7 per month ... nsJSContext::ClearScope(void*, int). mostly, but not all, are startup
Summary: Crash in [@ nsJSContext::ClearScope] → startup Crash in [@ nsJSContext::ClearScope(void*, int)]
extension related? bp-0259fa29-70ae-4652-aeed-65eb62091124 0 xul.dll nsJSContext::ClearScope dom/src/base/nsJSEnvironment.cpp:3321 1 xul.dll nsGlobalWindow::SetNewDocument dom/src/base/nsGlobalWindow.cpp:1717 2 xul.dll nsGlobalWindow::SetNewDocument dom/src/base/nsGlobalWindow.cpp:1535 3 xul.dll DocumentViewerImpl::InitInternal layout/base/nsDocumentViewer.cpp:930 4 xul.dll DocumentViewerImpl::Init layout/base/nsDocumentViewer.cpp:684 5 xul.dll nsDocShell::SetupNewViewer docshell/base/nsDocShell.cpp:6707 6 xul.dll nsDocShell::Embed docshell/base/nsDocShell.cpp:5139 https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=nsJSContext%3A%3AClearScope%28void*%2C%20int%29&date=11%2F10%2F2009&range_value=4&range_unit=weeks&do_query=1&signature=nsJSContext%3A%3AClearScope%28void*%2C%20int%29&page=1 https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=nsJSContext%3A%3AClearScope%28void*%2C%20int%29&date=11%2F10%2F2009&range_value=4&range_unit=weeks&do_query=1&signature=nsJSContext%3A%3AClearScope%28void*%2C%20int%29&page=1
Whiteboard: CLOSEME 2009-12-15 WFM
The URL is gone. I don't think it's worth it to chase such a rare crash signature based on crash-stats info alone.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INCOMPLETE
Crash Signature: [@ nsJSContext::ClearScope(void*, int)]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.