Closed Bug 54257 Opened 25 years ago Closed 25 years ago

crash while browsing

Categories

(Core :: DOM: UI Events & Focus Handling, defect, P3)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: buster, Assigned: joki)

Details

(Keywords: crash, Whiteboard: [wfm?])

sorry, I have no idea what was going on when this happened. debug bits on WinNT from the branch 9/24/00 browser was running, looking at a bugzilla report here's the stack: js_AllocGCThing(JSContext * 0x01ed9c50, unsigned int 0) line 381 + 41 bytes js_NewObject(JSContext * 0x01ed9c50, JSClass * 0x011a82f0 struct JSClass KeyEventClass, JSObject * 0x00d87268, JSObject * 0x00000000) line 1440 + 11 bytes JS_NewObject(JSContext * 0x01ed9c50, JSClass * 0x011a82f0 struct JSClass KeyEventClass, JSObject * 0x00d87268, JSObject * 0x00000000) line 1892 + 21 bytes NS_NewScriptKeyEvent(nsIScriptContext * 0x01ed8050, nsISupports * 0x03eea034, nsISupports * 0x00000000, void * * 0x0012c5a4) line 1014 + 23 bytes nsJSEventListener::HandleEvent(nsIDOMEvent * 0x03eea034) line 141 + 25 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x032787c0, nsIDOMEvent * 0x03eea034, nsIDOMEventTarget * 0x03278ca8, unsigned int 16, unsigned int 2) line 788 + 19 bytes nsEventListenerManager::HandleEvent(nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, nsIDOMEventTarget * 0x03278ca8, unsigned int 2, nsEventStatus * 0x0012d230) line 935 + 39 bytes nsXULElement::HandleDOMEvent(nsXULElement * const 0x03278ca0, nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, nsEventStatus * 0x0012d230) line 3321 nsXULElement::HandleChromeEvent(nsXULElement * const 0x03278cb4, nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, nsEventStatus * 0x0012d230) line 4296 + 39 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x034f63e0, nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, nsEventStatus * 0x0012d230) line 520 nsDocument::HandleDOMEvent(nsDocument * const 0x04500070, nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, nsEventStatus * 0x0012d230) line 3054 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, nsEventStatus * 0x0012d230) line 1433 + 45 bytes nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x04505ed8, nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, nsEventStatus * 0x0012d230) line 186 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 1, nsEventStatus * 0x0012d230) line 1426 + 45 bytes nsHTMLBodyElement::HandleDOMEvent(nsHTMLBodyElement * const 0x044df6d8, nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus * 0x0012d230) line 902 nsEventStateManager::GenerateMouseEnterExit(nsIPresContext * 0x0450caa0, nsGUIEvent * 0x0012d96c) line 1519 nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x044e94f8, nsIPresContext * 0x0450caa0, nsEvent * 0x0012d96c, nsIFrame * 0x02ee281c, nsEventStatus * 0x0012d85c, nsIView * 0x04510130) line 306 PresShell::HandleEventInternal(nsEvent * 0x0012d96c, nsIView * 0x04510130, unsigned int 1, nsEventStatus * 0x0012d85c) line 4249 + 43 bytes PresShell::HandleEvent(PresShell * const 0x044d4544, nsIView * 0x04510130, nsGUIEvent * 0x0012d96c, nsEventStatus * 0x0012d85c, int 0, int & 1) line 4190 + 25 bytes nsView::HandleEvent(nsView * const 0x04510130, nsGUIEvent * 0x0012d96c, unsigned int 8, nsEventStatus * 0x0012d85c, int 0, int & 1) line 379 nsView::HandleEvent(nsView * const 0x04507220, nsGUIEvent * 0x0012d96c, unsigned int 8, nsEventStatus * 0x0012d85c, int 0, int & 1) line 352 nsView::HandleEvent(nsView * const 0x044cc0d0, nsGUIEvent * 0x0012d96c, unsigned int 28, nsEventStatus * 0x0012d85c, int 1, int & 1) line 352 nsViewManager2::DispatchEvent(nsViewManager2 * const 0x044cc2b0, nsGUIEvent * 0x0012d96c, nsEventStatus * 0x0012d85c) line 1429 HandleEvent(nsGUIEvent * 0x0012d96c) line 68 nsWindow::DispatchEvent(nsWindow * const 0x045070e4, nsGUIEvent * 0x0012d96c, nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012d96c) line 702 nsWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000) line 3890 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000) line 4100 nsWindow::ProcessMessage(unsigned int 512, unsigned int 0, long 6750665, long * 0x0012dce8) line 2937 + 24 bytes nsWindow::WindowProc(HWND__ * 0x0f9d04d2, unsigned int 512, unsigned int 0, long 6750665) line 950 + 27 bytes
I get the same stack trace by opening AIM, sending a message to myself and closing the message window. It is preceded by an assertion in nsHTMLEditor::~nsHTMLEditor(), NS_NOTREACHED("~nsHTMLEditor"); Before I have time to dismiss the assertion dialog I get this crash. NOTE: If I am running in debugger I hit the assertion but do not crash! Nominating for RTM.
Keywords: rtm
This could be a dup of http://bugzilla.mozilla.org/show_bug.cgi?id=54371 -- heikki, the fix for that went into the branch and trunk, can you reproduce after updating and recompiling? /be
I get the same stack trace when I close the view source window. It is sometimes preceded by an assertion, but a different than in the case with AIM, and I do not get assertion every time (even though I get crash every time).
There is the same bt attached into bug 53953. However, that bug is about fast window open+close causing crash...
The stack in this bug is crucially different (if complete -- tell me if it is a partial backtrace) from the one attached to bug 53953. That bug's attached stacktrace misleadingly assertbotches at line 381 of jsgc.c, but only because of another bug (nsDebug::Assertion nests an unsafe event loop on Windows at least, using MessageBox). See later in 53953 where the true stack for that bug is in a comment, not an attachment. For this bug (54257), is the crash a bad address crash (because rt is not a valid pointer at line 381 in jsgc.c), or an assertbotch (becaise rt->gcRunning is true, botching the assertion)? /be
I am still crashing, trunk debug build from yesterday. Ctrl+u, Click on top right close window button. Didn't see assertion dialog. - rt 0x00d39bd8 state 0x00000002 + gcArenaPool {...} + gcFinalVec 0x00d3be20 + gcRootsHash 0x00af3970 + gcLocksHash 0x00000000 + gcFreeList 0x00d42c58 gcDisabled 0x00000000 gcBytes 0x00015e28 gcLastBytes 0x0001622a gcMaxBytes 0x00400000 gcLevel 0x00000001 gcNumber 0x00000015 gcPoke 0x00 '' gcRunning 0x01 '.' gcCallback 0x0161a260 DOMGCCallback(JSContext *, JSGCStatus) gcMallocBytes 0x00000020 + atomState {...} rngInitialized 0x00000000 rngMultiplier 0x0000000000000000 rngAddend 0x0000000000000000 rngMask 0x0000000000000000 rngSeed 0x0000000000000000 rngDscale 0.00000000000000 + jsNaN 0x00d42720 + jsNegativeInfinity 0x00d42730 + jsPositiveInfinity 0x00d42728 + emptyString 0x00d42738 + contextList {...} interruptHandler 0x00000000 interruptHandlerData 0x00000000 newScriptHook 0x00000000 newScriptHookData 0x00000000 destroyScriptHook 0x00000000 destroyScriptHookData 0x00000000 debuggerHandler 0x01d21956 xpc_DebuggerKeywordHandler(struct JSContext *,struct JSScript *,unsigned char *,long *,void *) debuggerHandlerData 0x00000000 sourceHandler 0x00000000 sourceHandlerData 0x00000000 executeHook 0x00000000 executeHookData 0x00000000 callHook 0x00000000 callHookData 0x00000000 objectHook 0x00000000 objectHookData 0x00000000 throwHook 0x00000000 throwHookData 0x00000000 debugErrorHook 0x00000000 debugErrorHookData 0x00000000 + trapList {...} + watchPointList {...} + propertyCache {...} data 0x00000000 gcLock 0x00af38c0 gcDone 0x00af3810 requestDone 0x00af3760 requestCount 0x00000000 gcThread 0x00a11210 rtLock 0x01d7a6a0 rtLockOwner 0x00000000 stateChange 0x01d7a5f0 setSlotLock 0x01d7a540 inlineCalls 0x000005c9 nativeCalls 0x00000e2a nonInlineCalls 0x00000c8d constructs 0x00000039 NTDLL! 77f7629c() js_AllocGCThing(JSContext * 0x0280f130, unsigned int 0x00000000) line 381 + 41 bytes js_NewObject(JSContext * 0x0280f130, JSClass * 0x0030c728 _js_FunctionClass, JSObject * 0x00000000, JSObject * 0x02c844b8) line 1440 + 11 bytes js_NewFunction(JSContext * 0x0280f130, JSObject * 0x00000000, int (JSContext *, JSObject *, unsigned int, long *, long *)* 0x00000000, unsigned int 0x00000001, unsigned int 0x00000000, JSObject * 0x02c844b8, JSAtom * 0x06c8b4d0) line 1629 + 20 bytes JS_CompileUCFunctionForPrincipals(JSContext * 0x0280f130, JSObject * 0x02c844b8, JSPrincipals * 0x0283e264, const char * 0x0012c164, unsigned int 0x00000001, const char * * 0x016d0628 char const * * gEventArgv, const unsigned short * 0x06c9cdb0, unsigned int 0x0000008d, const char * 0x00000000, unsigned int 0x00000000) line 2936 + 27 bytes nsJSContext::CompileEventHandler(nsJSContext * const 0x0280ed10, void * 0x02c844b8, nsIAtom * 0x06c98ac0 {"onxblblur"}, const basic_nsAReadableString<unsigned short> & {...}, int 0x00000001, void * * 0x0012c4f0) line 807 + 71 bytes nsXBLPrototypeHandler::ExecuteHandler(nsXBLPrototypeHandler * const 0x042e2570, nsIDOMEventReceiver * 0x0367bde8, nsIDOMEvent * 0x06c99f54) line 303 nsXBLFocusHandler::Blur(nsIDOMEvent * 0x06c99f54) line 105 nsEventListenerManager::HandleEvent(nsIPresContext * 0x02a7faf0, nsEvent * 0x0012d4d0, nsIDOMEvent * * 0x0012d038, nsIDOMEventTarget * 0x0367bde8, unsigned int 0x00000004, nsEventStatus * 0x0012d4f4) line 1180 + 23 bytes nsXULElement::HandleDOMEvent(nsXULElement * const 0x0367bde0, nsIPresContext * 0x02a7faf0, nsEvent * 0x0012d4d0, nsIDOMEvent * * 0x0012d038, unsigned int 0x00000004, nsEventStatus * 0x0012d4f4) line 3321 nsXULElement::HandleDOMEvent(nsXULElement * const 0x042e3690, nsIPresContext * 0x02a7faf0, nsEvent * 0x0012d4d0, nsIDOMEvent * * 0x0012d038, unsigned int 0x00000004, nsEventStatus * 0x0012d4f4) line 3302 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x02a7faf0, nsEvent * 0x0012d4d0, nsIDOMEvent * * 0x0012d038, unsigned int 0x00000001, nsEventStatus * 0x0012d4f4) line 1384 nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x042e349c, nsIPresContext * 0x02a7faf0, nsEvent * 0x0012d4d0, nsIDOMEvent * * 0x00000000, unsigned int 0x00000001, nsEventStatus * 0x0012d4f4) line 897 + 31 bytes nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x04105888, nsIPresContext * 0x02a7faf0, nsEvent * 0x0012d818, nsIFrame * 0x02d54440, nsEventStatus * 0x0012d780, nsIView * 0x02a7f500) line 561 PresShell::HandleEventInternal(nsEvent * 0x0012d818, nsIView * 0x02a7f500, unsigned int 0x00000001, nsEventStatus * 0x0012d780) line 4250 + 43 bytes PresShell::HandleEvent(PresShell * const 0x02a77734, nsIView * 0x02a7f500, nsGUIEvent * 0x0012d818, nsEventStatus * 0x0012d780, int 0x00000001, int & 0x00000001) line 4191 + 25 bytes nsView::HandleEvent(nsView * const 0x02a7f500, nsGUIEvent * 0x0012d818, unsigned int 0x0000001c, nsEventStatus * 0x0012d780, int 0x00000001, int & 0x00000001) line 379 nsViewManager2::DispatchEvent(nsViewManager2 * const 0x02a7f6e0, nsGUIEvent * 0x0012d818, nsEventStatus * 0x0012d780) line 1439 HandleEvent(nsGUIEvent * 0x0012d818) line 68 nsWindow::DispatchEvent(nsWindow * const 0x02a7f3c4, nsGUIEvent * 0x0012d818, nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012d818) line 702 nsWindow::DispatchFocus(unsigned int 0x0000006c) line 4039 + 15 bytes nsWindow::ProcessMessage(unsigned int 0x00000008, unsigned int 0x020a015c, long 0x00000000, long * 0x0012db5c) line 3099 + 19 bytes nsWindow::WindowProc(HWND__ * 0x06360178, unsigned int 0x00000008, unsigned int 0x020a015c, long 0x00000000) line 950 + 27 bytes USER32! 77e719d0() USER32! 77e71982() NTDLL! 77f763a3() USER32! 77e8a5c0() USER32! 77e82d7c() USER32! 77e720ff() USER32! 77e82832() USER32! 77e8903f() USER32! 77e8ad30() USER32! 77e8b044() USER32! 77e8aed8() USER32! 77e8b203() USER32! 77e8a5a6() nsDebug::Assertion(const char * 0x016cee14, const char * 0x016cee04, const char * 0x016cedd8, int 0x00000fbc) line 215 + 22 bytes nsDebug::WarnIfFalse(const char * 0x016cee14, const char * 0x016cee04, const char * 0x016cedd8, int 0x00000fbc) line 358 + 21 bytes GlobalWindowImpl::GetTreeOwner(GlobalWindowImpl * const 0x06680640, nsIDocShellTreeOwner * * 0x0012f058) line 4028 + 38 bytes GlobalWindowImpl::Get_content(GlobalWindowImpl * const 0x06680644, nsIDOMWindowInternal * * 0x0012f078) line 704 + 40 bytes nsBrowserInstance::ReinitializeContentVariables() line 475 + 42 bytes nsBrowserInstance::GetContentAreaDocShell(nsIDocShell * * 0x0012f114) line 497 nsBrowserInstance::Close(nsBrowserInstance * const 0x06c80880) line 1496 + 32 bytes nsBrowserInstance::~nsBrowserInstance() line 460 nsBrowserInstance::`scalar deleting destructor'() + 15 bytes nsBrowserInstance::Release(nsBrowserInstance * const 0x06c80880) line 563 + 158 bytes nsXPCWrappedNative::~nsXPCWrappedNative() line 398 + 27 bytes nsXPCWrappedNative::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes nsXPCWrappedNative::Release(nsXPCWrappedNative * const 0x06c80820) line 71 + 31 bytes nsXPCWrappedNative::JSObjectFinalized(JSContext * 0x06685c30, JSObject * 0x02ddefb0) line 96 WrappedNative_Finalize(JSContext * 0x06685c30, JSObject * 0x02ddefb0) line 783 js_FinalizeObject(JSContext * 0x06685c30, JSObject * 0x02ddefb0) line 1600 + 114 bytes gc_finalize_phase(JSContext * 0x06685c30, unsigned int 0x00000072) line 907 + 11 bytes js_GC(JSContext * 0x06685c30, unsigned int 0x00000000) line 1173 + 13 bytes js_ForceGC(JSContext * 0x06685c30) line 871 + 11 bytes js_DestroyContext(JSContext * 0x06685c30, int 0x00000002) line 258 + 9 bytes JS_DestroyContext(JSContext * 0x06685c30) line 832 + 11 bytes nsJSContext::~nsJSContext() line 366 + 13 bytes nsJSContext::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes nsJSContext::Release(nsJSContext * const 0x06684eb0) line 374 + 154 bytes nsCOMPtr<nsIScriptContext>::assign_assuming_AddRef(nsIScriptContext * 0x00000000) line 472 nsCOMPtr<nsIScriptContext>::assign_with_AddRef(nsISupports * 0x00000000) line 849 nsCOMPtr<nsIScriptContext>::operator=(nsIScriptContext * 0x00000000) line 584 nsDocShell::Destroy(nsDocShell * const 0x06683184) line 1614 nsWebShell::Destroy(nsWebShell * const 0x06683184) line 1394 nsXULWindow::Destroy(nsXULWindow * const 0x06670ab4) line 325 nsWebShellWindow::Destroy(nsWebShellWindow * const 0x06670ab4) line 1750 nsWebShellWindow::Close(nsWebShellWindow * const 0x06670b10) line 339 nsWebShellWindow::HandleEvent(nsGUIEvent * 0x0012f63c) line 418 nsWindow::DispatchEvent(nsWindow * const 0x066708c4, nsGUIEvent * 0x0012f63c, nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f63c) line 702 nsWindow::DispatchStandardEvent(unsigned int 0x00000065) line 722 + 15 bytes nsWindow::ProcessMessage(unsigned int 0x00000010, unsigned int 0x00000000, long 0x00000000, long * 0x0012f974) line 2795 nsWindow::WindowProc(HWND__ * 0x01a601ce, unsigned int 0x00000010, unsigned int 0x00000000, long 0x00000000) line 950 + 27 bytes USER32! 77e719d0() USER32! 77e71982() NTDLL! 77f763a3() USER32! 77e718d2() nsWindow::DefaultWindowProc(HWND__ * 0x01a601ce, unsigned int 0x00000112, unsigned int 0x0000f060, long 0x001803e2) line 977 USER32! 77e727fe() USER32! 77e72889() nsWindow::WindowProc(HWND__ * 0x01a601ce, unsigned int 0x00000112, unsigned int 0x0000f060, long 0x001803e2) line 957 + 31 bytes USER32! 77e719d0() USER32! 77e71982() NTDLL! 77f763a3() USER32! 77e718d2() nsWindow::DefaultWindowProc(HWND__ * 0x01a601ce, unsigned int 0x000000a1, unsigned int 0x00000014, long 0x001803e2) line 977 USER32! 77e727fe() USER32! 77e72889() nsWindow::WindowProc(HWND__ * 0x01a601ce, unsigned int 0x000000a1, unsigned int 0x00000014, long 0x001803e2) line 957 + 31 bytes USER32! 77e71820() AIM myself, click on top right close window button. Got assertion window first, immediately followed by crash. - rt 0x00d39bd8 state 0x00000002 + gcArenaPool {...} + gcFinalVec 0x00d3be20 + gcRootsHash 0x00af3970 + gcLocksHash 0x00000000 + gcFreeList 0x00de5100 gcDisabled 0x00000000 gcBytes 0x00021bb8 gcLastBytes 0x000227c7 gcMaxBytes 0x00400000 gcLevel 0x00000001 gcNumber 0x00000017 gcPoke 0x00 '' gcRunning 0x01 '.' gcCallback 0x0161a260 DOMGCCallback(JSContext *, JSGCStatus) gcMallocBytes 0x00000000 + atomState {...} rngInitialized 0x00000000 rngMultiplier 0x0000000000000000 rngAddend 0x0000000000000000 rngMask 0x0000000000000000 rngSeed 0x0000000000000000 rngDscale 0.00000000000000 + jsNaN 0x00d42720 + jsNegativeInfinity 0x00d42730 + jsPositiveInfinity 0x00d42728 + emptyString 0x00d42738 + contextList {...} interruptHandler 0x00000000 interruptHandlerData 0x00000000 newScriptHook 0x00000000 newScriptHookData 0x00000000 destroyScriptHook 0x00000000 destroyScriptHookData 0x00000000 debuggerHandler 0x01d21956 xpc_DebuggerKeywordHandler(struct JSContext *,struct JSScript *,unsigned char *,long *,void *) debuggerHandlerData 0x00000000 sourceHandler 0x00000000 sourceHandlerData 0x00000000 executeHook 0x00000000 executeHookData 0x00000000 callHook 0x00000000 callHookData 0x00000000 objectHook 0x00000000 objectHookData 0x00000000 throwHook 0x00000000 throwHookData 0x00000000 debugErrorHook 0x00000000 debugErrorHookData 0x00000000 + trapList {...} + watchPointList {...} + propertyCache {...} data 0x00000000 gcLock 0x00af38c0 gcDone 0x00af3810 requestDone 0x00af3760 requestCount 0x00000000 gcThread 0x00a11210 rtLock 0x01d7a6a0 rtLockOwner 0x00000000 stateChange 0x01d7a5f0 setSlotLock 0x01d7a540 inlineCalls 0x00000999 nativeCalls 0x0000197d nonInlineCalls 0x000016e0 constructs 0x000000f9 NTDLL! 77f7629c() js_AllocGCThing(JSContext * 0x0280f130, unsigned int 0x00000000) line 381 + 41 bytes js_NewObject(JSContext * 0x0280f130, JSClass * 0x016d82f0 struct JSClass KeyEventClass, JSObject * 0x00d5f268, JSObject * 0x00000000) line 1440 + 11 bytes JS_NewObject(JSContext * 0x0280f130, JSClass * 0x016d82f0 struct JSClass KeyEventClass, JSObject * 0x00d5f268, JSObject * 0x00000000) line 1892 + 21 bytes NS_NewScriptKeyEvent(nsIScriptContext * 0x0280ed10, nsISupports * 0x06cee344, nsISupports * 0x00000000, void * * 0x0012add4) line 1014 + 23 bytes nsJSEventListener::HandleEvent(nsIDOMEvent * 0x06cee344) line 141 + 25 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x036b4100, nsIDOMEvent * 0x06cee344, nsIDOMEventTarget * 0x036b45e8, unsigned int 0x00000010, unsigned int 0x00000002) line 788 + 19 bytes nsEventListenerManager::HandleEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, nsIDOMEventTarget * 0x036b45e8, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 935 + 39 bytes nsXULElement::HandleDOMEvent(nsXULElement * const 0x036b45e0, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 3321 nsXULElement::HandleChromeEvent(nsXULElement * const 0x036b45f4, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 4296 + 39 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x04234eb0, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 523 nsDocument::HandleDOMEvent(nsDocument * const 0x04956e80, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 3054 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1433 + 45 bytes nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x04957ca8, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 186 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLBodyElement::HandleDOMEvent(nsHTMLBodyElement * const 0x049a3658, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 902 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLTableElement::HandleDOMEvent(nsHTMLTableElement * const 0x049c1858, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1345 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLTableSectionElement::HandleDOMEvent(nsHTMLTableSectionElement * const 0x049c13c8, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 355 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLTableRowElement::HandleDOMEvent(nsHTMLTableRowElement * const 0x04927a08, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 713 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLTableCellElement::HandleDOMEvent(nsHTMLTableCellElement * const 0x04918bbc, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 525 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLTableElement::HandleDOMEvent(nsHTMLTableElement * const 0x0491ef08, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1345 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLTableSectionElement::HandleDOMEvent(nsHTMLTableSectionElement * const 0x04918ef8, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 355 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLTableRowElement::HandleDOMEvent(nsHTMLTableRowElement * const 0x04916958, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 713 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLTableCellElement::HandleDOMEvent(nsHTMLTableCellElement * const 0x0495455c, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 525 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x0495015c, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 897 + 31 bytes nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000001, nsEventStatus * 0x0012cd34) line 1426 + 45 bytes nsHTMLDivElement::HandleDOMEvent(nsHTMLDivElement * const 0x04a0bd98, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x00000000, unsigned int 0x00000001, nsEventStatus * 0x0012cd34) line 222 nsEventStateManager::GenerateMouseEnterExit(nsIPresContext * 0x04916210, nsGUIEvent * 0x0012d508) line 1519 nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x049b4c68, nsIPresContext * 0x04916210, nsEvent * 0x0012d508, nsIFrame * 0x02e6a628, nsEventStatus * 0x0012d3f8, nsIView * 0x04a0ea90) line 306 PresShell::HandleEventInternal(nsEvent * 0x0012d508, nsIView * 0x04a0ea90, unsigned int 0x00000001, nsEventStatus * 0x0012d3f8) line 4250 + 43 bytes PresShell::HandleEvent(PresShell * const 0x0491da14, nsIView * 0x04a0ea90, nsGUIEvent * 0x0012d508, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001) line 4191 + 25 bytes nsView::HandleEvent(nsView * const 0x04a0ea90, nsGUIEvent * 0x0012d508, unsigned int 0x00000008, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001) line 379 nsView::HandleEvent(nsView * const 0x04a0ef60, nsGUIEvent * 0x0012d508, unsigned int 0x00000008, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001) line 352 nsView::HandleEvent(nsView * const 0x049bff80, nsGUIEvent * 0x0012d508, unsigned int 0x00000008, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001) line 352 nsView::HandleEvent(nsView * const 0x049be750, nsGUIEvent * 0x0012d508, unsigned int 0x00000008, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001) line 352 nsView::HandleEvent(nsView * const 0x0491b0f0, nsGUIEvent * 0x0012d508, unsigned int 0x0000001c, nsEventStatus * 0x0012d3f8, int 0x00000001, int & 0x00000001) line 352 nsViewManager2::DispatchEvent(nsViewManager2 * const 0x049160a0, nsGUIEvent * 0x0012d508, nsEventStatus * 0x0012d3f8) line 1439 HandleEvent(nsGUIEvent * 0x0012d508) line 68 nsWindow::DispatchEvent(nsWindow * const 0x049be614, nsGUIEvent * 0x0012d508, nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012d508) line 702 nsWindow::DispatchMouseEvent(unsigned int 0x0000012c, nsPoint * 0x00000000) line 3890 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 0x0000012c, nsPoint * 0x00000000) line 4100 nsWindow::ProcessMessage(unsigned int 0x00000200, unsigned int 0x00000000, long 0x004600c9, long * 0x0012d884) line 2937 + 24 bytes nsWindow::WindowProc(HWND__ * 0x03020268, unsigned int 0x00000200, unsigned int 0x00000000, long 0x004600c9) line 950 + 27 bytes USER32! 77e71820() NETSCP6! Ctrl+u, Ctrl+w. Didn't see assertion window. - mDOMWindow 0x05196bb4 - nsIDOMWindow {...} - nsISupports {...} + __vfptr 0xdddddddd nsBrowserInstance::ReinitializeContentVariables() line 475 + 39 bytes nsBrowserInstance::GetContentAreaDocShell(nsIDocShell * * 0x0012f110) line 497 nsBrowserInstance::Close(nsBrowserInstance * const 0x06c83040) line 1496 + 32 bytes nsBrowserInstance::~nsBrowserInstance() line 460 nsBrowserInstance::`scalar deleting destructor'() + 15 bytes nsBrowserInstance::Release(nsBrowserInstance * const 0x06c83040) line 563 + 158 bytes nsXPCWrappedNative::~nsXPCWrappedNative() line 398 + 27 bytes nsXPCWrappedNative::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes nsXPCWrappedNative::Release(nsXPCWrappedNative * const 0x06c7ec90) line 71 + 31 bytes nsXPCWrappedNative::JSObjectFinalized(JSContext * 0x06511c20, JSObject * 0x02ee8270) line 96 WrappedNative_Finalize(JSContext * 0x06511c20, JSObject * 0x02ee8270) line 783 js_FinalizeObject(JSContext * 0x06511c20, JSObject * 0x02ee8270) line 1600 + 114 bytes gc_finalize_phase(JSContext * 0x06511c20, unsigned int 0x00000086) line 907 + 11 bytes js_GC(JSContext * 0x06511c20, unsigned int 0x00000000) line 1173 + 13 bytes js_ForceGC(JSContext * 0x06511c20) line 871 + 11 bytes js_DestroyContext(JSContext * 0x06511c20, int 0x00000002) line 258 + 9 bytes JS_DestroyContext(JSContext * 0x06511c20) line 832 + 11 bytes nsJSContext::~nsJSContext() line 366 + 13 bytes nsJSContext::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes nsJSContext::Release(nsJSContext * const 0x06511dd0) line 374 + 154 bytes nsCOMPtr<nsIScriptContext>::~nsCOMPtr<nsIScriptContext>() line 490 GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x06511e40, nsIPresContext * 0x06c83f00, nsEvent * 0x0012f8bc, nsIDOMEvent * * 0x0012f5d8, unsigned int 0x00000002, nsEventStatus * 0x0012f828) line 541 + 14 bytes nsDocument::HandleDOMEvent(nsDocument * const 0x06c956c0, nsIPresContext * 0x06c83f00, nsEvent * 0x0012f8bc, nsIDOMEvent * * 0x0012f5d8, unsigned int 0x00000002, nsEventStatus * 0x0012f828) line 3054 nsGenericElement::HandleDOMEvent(nsIPresContext * 0x06c83f00, nsEvent * 0x0012f8bc, nsIDOMEvent * * 0x0012f5d8, unsigned int 0x00000001, nsEventStatus * 0x0012f828) line 1433 + 45 bytes nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x06c97158, nsIPresContext * 0x06c83f00, nsEvent * 0x0012f8bc, nsIDOMEvent * * 0x00000000, unsigned int 0x00000001, nsEventStatus * 0x0012f828) line 186 PresShell::HandleEventInternal(nsEvent * 0x0012f8bc, nsIView * 0x06511f80, unsigned int 0x00000001, nsEventStatus * 0x0012f828) line 4256 + 47 bytes PresShell::HandleEvent(PresShell * const 0x06c818f4, nsIView * 0x06511f80, nsGUIEvent * 0x0012f8bc, nsEventStatus * 0x0012f828, int 0x00000000, int & 0x00000001) line 4191 + 25 bytes nsView::HandleEvent(nsView * const 0x06511f80, nsGUIEvent * 0x0012f8bc, unsigned int 0x00000008, nsEventStatus * 0x0012f828, int 0x00000000, int & 0x00000001) line 379 nsView::HandleEvent(nsView * const 0x064f02e0, nsGUIEvent * 0x0012f8bc, unsigned int 0x00000008, nsEventStatus * 0x0012f828, int 0x00000000, int & 0x00000001) line 352 nsView::HandleEvent(nsView * const 0x06c81f80, nsGUIEvent * 0x0012f8bc, unsigned int 0x0000001c, nsEventStatus * 0x0012f828, int 0x00000001, int & 0x00000001) line 352 nsViewManager2::DispatchEvent(nsViewManager2 * const 0x06c82180, nsGUIEvent * 0x0012f8bc, nsEventStatus * 0x0012f828) line 1439 HandleEvent(nsGUIEvent * 0x0012f8bc) line 68 nsWindow::DispatchEvent(nsWindow * const 0x06c81e44, nsGUIEvent * 0x0012f8bc, nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f8bc) line 702 nsWindow::DispatchKeyEvent(unsigned int 0x00000083, unsigned short 0x0077, unsigned int 0x00000000) line 2284 + 15 bytes nsWindow::OnChar(unsigned int 0x00000017, unsigned int 0x00000000, unsigned char 0x00) line 2408 nsWindow::ProcessMessage(unsigned int 0x00000102, unsigned int 0x00000017, long 0x00110001, long * 0x0012fc44) line 2841 + 33 bytes nsWindow::WindowProc(HWND__ * 0x036501f8, unsigned int 0x00000102, unsigned int 0x00000017, long 0x00110001) line 950 + 27 bytes USER32! 77e71820()
Heikki, your first and third stacks are dups of bug 53953's symptom (the first also shows bug 54792 biting). The second stack you show, if I'm not misreading your inline comment as three stack traces when it is really only two (please use attachments, one per backtrace -- and use the right bugs per the above) is the mystery. If rt->gcRunning is true, the GC is running somewhere -- but since it can run only on the main thread, we should see it. In that way, it is like buster's original backtrace (in the first comment). I suspect a partial backtrace (perhaps due to XPConnect? Cc'ing jband for his stack backtrace vs. XPConnect SharedStub experience). I see no distinct joki bug here, in any case, and I'm hopeful that (with a full backtrace) this bug will turn out to be a dup of bug 53953. /be
Forgot to cc: jband, fragit. /be
I believe the stack that includes the NS assertion before going on and hitting the JS assertion exists because the Windows assert modal dialog that warren talked travis into adding... http://lxr.mozilla.org/seamonkey/source/xpcom/base/nsDebug.cpp#206 ...allows windows messages to leak through our message pump at a time when we would otherwise not be reentered. I'm sorry I didn't file a bug specifically about this the first time I hit this (bug 51825). I did try changing some flags to ::MessageBox hoping to avoid the message leaks with no luck. Any ideas?
Jband: the unsafe nested event loop from MessageBox is bug 54792. The question here is, how did buster and heikki (his "second" of "three" stack backtraces in the big comment today) manage to botch the js_AllocGCThing assertion on the main thread, without showing js_GC under some MessageBox and nested event loop frames in the backtraces? Do those backtraces look complete? Can you tell which (if any) WindowProc is outermost? /be
be: Yes, there were three back traces. I sometimes seem to get the assertion dialog, sometimes not. Maybe the cases I do not see it it is really coming but the crash happens before I see it? The stack traces are complete (as far as VC++ will show them, that is). I did not use the attachments because I prefer to see stack traces in the comments...
I can't tell if that stack trace is complete. I have seen the assert sometimes not yet show its window yet still be the cause of the problem bug 54792 (visible in the stack). It is very possible that the debugger can not show a deep enough stack trace as it digs back through USER32 etc. I've seen that before. Jumping over the abort in the JS_Assert and letting the stack unwind *might* give a further clue if this is reproducable for you. FWIW I see this assert from bug 53953 predicatably. Running under the debugger or not gates bug 54792. I tried on my purify build and under purify it catches bug 53953. The same release build run w/o Purify does not crash there, but who knows what damage was done. Otherwise, i dunno. I've been trying to reproduce something that looks like this and have not seen it. Also FWIW attached stack traces are *much* easier to read since it avoid the eye confusing line wrapping.
NT branch debug build today: I no longer crash closing view source or AIM message window. WFM?
Whiteboard: [wfm?]
all these steps now WFM as well. probably was a dup.
Allright, marking WORKSFORME.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
Marking VERIFIED.
Status: RESOLVED → VERIFIED
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.