Closed Bug 51714 Opened 25 years ago Closed 25 years ago

crashes in js_Lock [@ js_Lock]

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 53094

People

(Reporter: dbaron, Assigned: rogerl)

Details

(Keywords: topcrash)

Crash Data

DESCRIPTION: Starting with the builds of 08-31, there have been many talkback reports pointing to crashes in js_Lock. (OS's Windows 95 and 98, and Windows NT 4.0, 4.10, and 5.0) This is now the **number one crash** on the talkback data that hasn't been fixed. I'm assigning this bug to the Javascript Engine component for lack of a better idea, although this seems likely to be a bug in the way the JS engine is being used. For lots of details on the crash, look at the most recent "Seamonkey N6 Recent Build Crash Data Statistical Analysis" post in n.p.m.crash-data.
The line pointed to by the talkback data for the crash is: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/js/src/jslock.c&rev=3.23&mark=598#588 although in my experience talkback reports point to the line after the one causing the crash.
Keywords: topcrash
There are many stack traces for this crash in http://www.mozilla.org/projects/seamonkey/reports/ns6analysis.html The part of the stack that always seems common is: js_Lock [d:\builds\seamonkey\mozilla\js\src\jslock.c line 598] js_AtomizeString [d:\builds\seamonkey\mozilla\js\src\jsatom.c line 516] js_AtomizeChars [d:\builds\seamonkey\mozilla\js\src\jsatom.c line 606] LookupUCProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c line 2014] JS_LookupUCProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c line 2276] GlobalWindowImpl::GetObjectProperty [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp line 2539] nsContentTreeOwner::SetStatus [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsContentTreeOwner.cpp line 212]
The bottom two functions on the stack are at: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/dom/src/base/nsGlobalWindow.cpp&rev=1.331&mark=2539#2529 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/xpfe/appshell/src/nsContentTreeOwner.cpp&rev=1.29&mark=211#201 cc:ing people who touched these functions recently or who touched any DOM/JS related stuff between 2000-08-30 08:00 and 2000-08-31 08:00.
Bug 50481 is probably describing a facet of the same problem. Opinions?
Did this start at the same time as bug 50942?
[@ js_Lock]
Summary: crashes in js_Lock → crashes in js_Lock [@ js_Lock]
Brendan, wasn't JS_Lock modified a few days ago, could this be related to that change?
jslock.c was changed today, by alex@cendio.se aka alla%lysator.liu.se, just to enable thin locks on gcc/x86 platforms. The last change before that was in February. The cvsblame game is not likely to be enlightening here. I think this bug may be a dup of bug 50600. In that bug, there is a different crash site and stack backtrace, but again it seems that a JS lock is corrupt. Can anyone reproduce this under a debugger, if not under purify? /be
many ntdll.dll and kernel32.dll crashes from the talkback data show this as the location of the crash in their stack traces. here are the common lines from one of many similar stack traces: Incident ID 16977682 KERNEL32.DLL + 0xbb07 (0xbff6bb07) js_Lock [d:\builds\seamonkey\mozilla\js\src\jslock.c, line 603] js_AtomizeString [d:\builds\seamonkey\mozilla\js\src\jsatom.c, line 516] js_AtomizeChars [d:\builds\seamonkey\mozilla\js\src\jsatom.c, line 606] LookupUCProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2042] JS_LookupUCProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2304] GlobalWindowImpl::GetObjectProperty [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 2559] nsContentTreeOwner::SetStatus [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsContentTreeOwner.cpp, line 212]
Jpatel: is there more to that stack? We need to see all the way down. The atom state lock should not be trashed, unless someone is corrupting memory, or else we are atomizing after the JSRuntime has been torn down. If the latter, then I would expect this full stack to go through shutdown code. Please post or point us to full stacks if you have them. Thanks, /be
Here's a ntdll.dll crash: ntdll.dll + 0xcde6 (0x77f6cde6) e45e266d line Build: 2000090506 CrashDate: 2000-09-05 UptimeMinutes: 10 Total: 10 OS: Windows NT 4.0 build 1381 URL: Comment: fetching SSL/IMAP mail and trying to view my home page at the same time Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=16901938 Incident ID 16901938 ntdll.dll + 0xcde6 (0x77f6cde6) ntdll.dll + 0x7506 (0x77f67506) js_Lock [d:\builds\seamonkey\mozilla\js\src\jslock.c, line 603] js_AtomizeString [d:\builds\seamonkey\mozilla\js\src\jsatom.c, line 516] js_AtomizeChars [d:\builds\seamonkey\mozilla\js\src\jsatom.c, line 606] LookupUCProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2042] JS_LookupUCProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2304] GlobalWindowImpl::GetObjectProperty [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 2559] nsContentTreeOwner::SetStatus [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsContentTreeOwner.cpp, line 212] GlobalWindowImpl::SetStatus [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 886] GlobalWindowImpl::SetNewDocument [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 277] DocumentViewerImpl::~DocumentViewerImpl [d:\builds\seamonkey\mozilla\layout\base\src\nsDocumentViewer.cpp, line 418] DocumentViewerImpl::`scalar deleting destructor' DocumentViewerImpl::Release [d:\builds\seamonkey\mozilla\layout\base\src\nsDocumentViewer.cpp, line 360] nsCOMPtr_base::assign_with_AddRef [d:\builds\seamonkey\mozilla\xpcom\base\nsCOMPtr.cpp, line 59] 0x80000000 nsWebShell::SetupNewViewer [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 402] nsDocShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 2308] nsWebShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 426] nsDocShell::CreateContentViewer [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 2480] nsDSURIContentListener::DoContent [d:\builds\seamonkey\mozilla\docshell\base\nsDSURIContentListener.cpp, line 107] nsDocumentOpenInfo::DispatchContent [d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 362] nsDocumentOpenInfo::OnStartRequest [d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 234] nsHTTPFinalListener::OnStartRequest [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 1115] InterceptStreamListener::OnStartRequest [d:\builds\seamonkey\mozilla\netwerk\cache\mgr\nsCachedNetData.cpp, line 1168] nsHTTPServerListener::FinishedResponseHeaders [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 1053] nsHTTPServerListener::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 425] nsOnDataAvailableEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 406] nsStreamListenerEvent::HandlePLEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 106] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 590] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 545] _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 1061] USER32.dll + 0x1268 (0x77e71268) And a KERNEL32.DLL crash: KERNEL32.DLL + 0xb9a6 (0xbff7b9a6) 458b3350 line Build: 2000090508 CrashDate: 2000-09-06 UptimeMinutes: 14 Total: 20 OS: Windows 98 4.10 build 67766446 URL: www.csh.rit.edu Comment: Clicked the projects link Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=16963913 Incident ID 16963913 KERNEL32.DLL + 0xb9a6 (0xbff7b9a6) js_Lock [d:\builds\seamonkey\mozilla\js\src\jslock.c, line 603] js_AtomizeString [d:\builds\seamonkey\mozilla\js\src\jsatom.c, line 516] js_AtomizeChars [d:\builds\seamonkey\mozilla\js\src\jsatom.c, line 606] LookupUCProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2042] JS_LookupUCProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2304] GlobalWindowImpl::GetObjectProperty [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 2559] nsContentTreeOwner::SetStatus [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsContentTreeOwner.cpp, line 212] nsWebShell::OnOverLink [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 866] nsGenericElement::TriggerLink [d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp, line 2362] nsGenericHTMLElement::HandleDOMEventForAnchors [d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp, line 1184] nsHTMLAreaElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLAreaElement.cpp, line 236] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp, line 1377] nsHTMLSpanElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSpanElement.cpp, line 172] nsGenericDOMDataNode::HandleDOMEvent [d:\builds\seamonkey\mozilla\layout\base\src\nsGenericDOMDataNode.cpp, line 798] nsTextNode::HandleDOMEvent [d:\builds\seamonkey\mozilla\layout\base\src\nsTextNode.cpp, line 255] nsEventStateManager::GenerateMouseEnterExit [d:\builds\seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line 1476] nsEventStateManager::PreHandleEvent [d:\builds\seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line 300] PresShell::HandleEventInternal [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 4037] PresShell::HandleEvent [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 3977] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 379] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 352] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 352] nsViewManager2::DispatchEvent [d:\builds\seamonkey\mozilla\view\src\nsViewManager2.cpp, line 1429] HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 68] nsWindow::DispatchEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 618] nsWindow::DispatchWindowEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 635] nsWindow::DispatchMouseEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3813] ChildWindow::DispatchMouseEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 4021] nsWindow::ProcessMessage [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2910] nsWindow::WindowProc [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 884] KERNEL32.DLL + 0x363b (0xbff7363b) KERNEL32.DLL + 0x24407 (0xbff94407) 0x00688b3e Let me know if you need more info.
Who is looking at this crash? This is the number one crash in the talkback data. IMO, it should be a high priority.
Is there a bad address reported in the crash data? If it's nearly null (small non-negative integer), I bet this bug is dup'ed by (but should be dup'd against the better-diagnosed) bug 52835. Cc'ing jband, pointing out crash on bad or null rt->atomState.lock. But from these stacks, I'm at a loss as to how 52835 could happen other than at shutdown. /be
*** This bug has been marked as a duplicate of 53094 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Marking Verified -
Status: RESOLVED → VERIFIED
Crash Signature: [@ js_Lock]
You need to log in before you can comment on or make changes to this bug.