Closed Bug 536772 Opened 15 years ago Closed 15 years ago

crash when viewing bugzilla "pondering" page [@ nsDocShell::GetVisibility(int*) ]

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bws42, Assigned: bzbarsky)

References

(
URL
)

Details

(Keywords: crash, regression, topcrash, Whiteboard: [3.7a1 trunk topcrash])

Crash Data

Attachments

(3 files)

Wallpaper for now
1.01 KB, patch
dbaron
: review-
Details | Diff | Splinter Review
Let's do that
1.07 KB, patch
dbaron
: review+
Details | Diff | Splinter Review
testcase
1.07 KB, text/html
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20091225 Minefield/3.7a1pre Build Identifier: Visit bugzilla with HTML5 enabled and try to load a saved search. http://hg.mozilla.org/mozilla-central/rev/aabd98c04dc9 works http://hg.mozilla.org/mozilla-central/rev/d4802dd1cca9 crashes http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=aabd98c04dc9&tochange=d4802dd1cca9 looks like bug 500882 bp-d9d94e89-3c47-4905-8515-3283e2091226 Reproducible: Always
Depends on: 500882
Version: unspecified → Trunk
it crashes non-reproduceable also with HTML5:off Signature nsDocShell::GetVisibility(int*) UUID ec883612-383c-4875-9ed2-cd03c2091225 Time 2009-12-25 13:06:28.453856 Uptime 17 Last Crash 166639 seconds before submission Product Firefox Version 3.7a1pre Build ID 20091225043000 Branch 1.9.3 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 15 model 2 stepping 9 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x14 0 xul.dll nsDocShell::GetVisibility(int*) docshell/base/nsDocShell.cpp:4500 1 xul.dll nsFocusManager::IsWindowVisible(nsPIDOMWindow*) dom/base/nsFocusManager.cpp:1271 2 xul.dll nsFocusManager::Focus(nsPIDOMWindow*,nsIContent*,unsigned int,int,int,int) dom/base/nsFocusManager.cpp:1525 3 xul.dll nsFocusManager::WindowShown(nsIDOMWindow*,int) dom/base/nsFocusManager.cpp:825 4 xul.dll nsGlobalWindow::SetReadyForFocus() dom/base/nsGlobalWindow.cpp:6927 5 xul.dll PresShell::UnsuppressAndInvalidate() layout/base/nsPresShell.cpp:4574 6 xul.dll PresShell::UnsuppressPainting() layout/base/nsPresShell.cpp:4598 7 xul.dll DocumentViewerImpl::Stop() layout/base/nsDocumentViewer.cpp:1654 8 xul.dll nsDocShell::SetupNewViewer(nsIContentViewer*) docshell/base/nsDocShell.cpp:7296 9 xul.dll nsDocShell::Embed(nsIContentViewer*,char const*,nsISupports*) docshell/base/nsDocShell.cpp:5467 10 xul.dll nsDocShell::CreateContentViewer(char const*,nsIRequest*,nsIStreamListener**) docshell/base/nsDocShell.cpp:7111 11 xul.dll nsDSURIContentListener::DoContent(char const*,int,nsIRequest*,nsIStreamListener**,int*) docshell/base/nsDSURIContentListener.cpp:138 12 xul.dll nsDocumentOpenInfo::TryContentListener(nsIURIContentListener*,nsIChannel*) uriloader/base/nsURILoader.cpp:736 13 xul.dll nsDocumentOpenInfo::DispatchContent(nsIRequest*,nsISupports*) uriloader/base/nsURILoader.cpp:434 14 xul.dll nsDocumentOpenInfo::OnStartRequest(nsIRequest*,nsISupports*) uriloader/base/nsURILoader.cpp:280 15 xul.dll nsMultiMixedConv::SendStart(nsIChannel*) netwerk/streamconv/converters/nsMultiMixedConv.cpp:783 16 xul.dll nsMultiMixedConv::OnDataAvailable(nsIRequest*,nsISupports*,nsIInputStream*,unsigned int,unsigned int) netwerk/streamconv/converters/nsMultiMixedConv.cpp:504 17 xul.dll nsDocumentOpenInfo::OnDataAvailable(nsIRequest*,nsISupports*,nsIInputStream*,unsigned int,unsigned int) uriloader/base/nsURILoader.cpp:306 18 xul.dll nsStreamListenerTee::OnDataAvailable(nsIRequest*,nsISupports*,nsIInputStream*,unsigned int,unsigned int) netwerk/base/src/nsStreamListenerTee.cpp:107 19 xul.dll nsHttpChannel::OnDataAvailable(nsIRequest*,nsISupports*,nsIInputStream*,unsigned int,unsigned int) netwerk/protocol/http/src/nsHttpChannel.cpp:5363 20 xul.dll nsInputStreamPump::OnStateTransfer() netwerk/base/src/nsInputStreamPump.cpp:508 21 mozcrt19.dll free obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:6017 22 xul.dll nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) netwerk/base/src/nsInputStreamPump.cpp:398 23 xul.dll nsInputStreamReadyEvent::Run() xpcom/io/nsStreamUtils.cpp:191 24 xul.dll nsThread::ProcessNextEvent(int,int*) xpcom/threads/nsThread.cpp:527 25 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:142 26 xul.dll xul.dll@0x99bb4b 27 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:194 28 xul.dll _IsNonwritableInCurrentImage 29 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:168 30 xul.dll nsBaseAppShell::Run() widget/src/xpwidgets/nsBaseAppShell.cpp:174 31 nspr4.dll PR_GetEnv 32 xul.dll nsAppShell::Run() widget/src/windows/nsAppShell.cpp:239 http://crash-stats.mozilla.com/report/list?product=Firefox&branch=1.9.3&query_search=signature&query_type=exact&query=nsDocShell%3A%3AGetVisibility%28int*%29&date=&range_value=1&range_unit=weeks&do_query=1&signature=nsDocShell%3A%3AGetVisibility%28int*%29
Status: UNCONFIRMED → NEW
Component: HTML: Parser → Layout
Ever confirmed: true
Keywords: crash
OS: Windows Vista → All
QA Contact: parser → layout
Hardware: x86 → All
Summary: [HTML5] crash when viewing bugzilla "pondering" page @ nsDocShell::GetVisibility → crash when viewing bugzilla "pondering" page [@ nsDocShell::GetVisibility(int*) ]
This is now a topcrash and a lot of people seem to get it when they close a printing window. I have not been able to reproduce this, and I can't see the crash on the link you provided.
As of now, I don't have that pref at all in my about:config. I know I've had it on other installations though, set to "0" as it was apparently improving performance. What does it do, why would it cause a crash?
The crash is also reproducible in a plain empty profile but more rarely.
Magne: http://kb.mozillazine.org/Nglayout.initialpaint.delay It seems to be one of the factors that stimulate the crash.
Keywords: topcrash
Whiteboard: [3.7a1 trunk topcrash]
Assignee: nobody → bzbarsky
Keywords: regression
The problem is that during a pageload, we change the "current subdocument for this content" when the new document viewer gets its container set, which is apparently before the old one gets stopped. Then the focus stuff tries to mess with the old viewer during stop, and we die. We can just add a null-check for the content (and leave the assertion that was there anyway), but it would be better to fix the page transition to not change the subdoc map before it's time. I'll try to do that.
But chances are, Monday morning...
I'll do a followup for the real fix.
Attachment #419222 - Flags: review?(dbaron)
Comment on attachment 419222 [details] [diff] [review] Wallpaper for now Given that this is in a loop, isn't what you should really do enclose the next chunk in if (shellContent) to be compatible with what this code used to do? (Or change frame = ... to frame = shellContent ? ... : nsnull .)
Attachment #419222 - Flags: review?(dbaron) → review-
> Given that this is in a loop Good catch.... > (Or change frame = ... to frame = shellContent ? ... : nsnull .) Should have just done this.
Attached patch Let's do thatSplinter Review
Attachment #419226 - Flags: review?(dbaron)
Comment on attachment 419226 [details] [diff] [review] Let's do that r=dbaron
Attachment #419226 - Flags: review?(dbaron) → review+
Pushed http://hg.mozilla.org/mozilla-central/rev/62d3936eb3f0 I'll think about writing a test, but it's pretty timing-dependent...
Status: NEW → RESOLVED
Closed: 15 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Oh, I should have noted that I wasn't using the VPN, so that URL should be giving a Server Not Found error page.
Attached file testcase
I'm hitting this crash with this testcase, with the 2nd day of Christmas build: http://crash-stats.mozilla.com/report/index/786e7ed3-0e24-4213-9301-104b22091229 0 xul.dll nsDocShell::GetVisibility docshell/base/nsDocShell.cpp:4500 1 xul.dll PresShell::IsVisible layout/base/nsPresShell.cpp:6929 2 xul.dll IsViewVisible view/src/nsViewManager.cpp:120 3 xul.dll nsViewManager::SetWindowDimensions view/src/nsViewManager.cpp:355 4 xul.dll DocumentViewerImpl::SetBounds
For what it's worth, that testcase doesn't hit the assert that would be hit in the crashing case for me (using a current m-c tip debug build)...
I can't reproduce using the steps from comment 15 either (though I can see how the error page load _might_ be able to trigger this bug, maybe... but it doesn't reliably).
Crash Signature: [@ nsDocShell::GetVisibility(int*) ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: