Status

()

P3
normal
VERIFIED WORKSFORME
19 years ago
18 years ago

People

(Reporter: buster, Assigned: joki)

Tracking

({crash})

Trunk
x86
Windows NT
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [wfm?])

(Reporter)

Description

19 years ago
sorry, I have no idea what was going on when this happened.
debug bits on WinNT from the branch 9/24/00
browser was running, looking at a bugzilla report
here's the stack:

js_AllocGCThing(JSContext * 0x01ed9c50, unsigned int 0) line 381 + 41 bytes
js_NewObject(JSContext * 0x01ed9c50, JSClass * 0x011a82f0 struct JSClass  
KeyEventClass, JSObject * 0x00d87268, JSObject * 0x00000000) line 1440 + 11 
bytes
JS_NewObject(JSContext * 0x01ed9c50, JSClass * 0x011a82f0 struct JSClass  
KeyEventClass, JSObject * 0x00d87268, JSObject * 0x00000000) line 1892 + 21 
bytes
NS_NewScriptKeyEvent(nsIScriptContext * 0x01ed8050, nsISupports * 0x03eea034, 
nsISupports * 0x00000000, void * * 0x0012c5a4) line 1014 + 23 bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x03eea034) line 141 + 25 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x032787c0, 
nsIDOMEvent * 0x03eea034, nsIDOMEventTarget * 0x03278ca8, unsigned int 16, 
unsigned int 2) line 788 + 19 bytes
nsEventListenerManager::HandleEvent(nsIPresContext * 0x0450caa0, nsEvent * 
0x0012d1ec, nsIDOMEvent * * 0x0012d128, nsIDOMEventTarget * 0x03278ca8, unsigned 
int 2, nsEventStatus * 0x0012d230) line 935 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x03278ca0, nsIPresContext * 
0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, 
nsEventStatus * 0x0012d230) line 3321
nsXULElement::HandleChromeEvent(nsXULElement * const 0x03278cb4, nsIPresContext 
* 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, 
nsEventStatus * 0x0012d230) line 4296 + 39 bytes
GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x034f63e0, 
nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, 
unsigned int 2, nsEventStatus * 0x0012d230) line 520
nsDocument::HandleDOMEvent(nsDocument * const 0x04500070, nsIPresContext * 
0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, 
nsEventStatus * 0x0012d230) line 3054
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x0450caa0, nsEvent * 
0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 2, nsEventStatus * 
0x0012d230) line 1433 + 45 bytes
nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x04505ed8, 
nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x0012d128, 
unsigned int 2, nsEventStatus * 0x0012d230) line 186
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x0450caa0, nsEvent * 
0x0012d1ec, nsIDOMEvent * * 0x0012d128, unsigned int 1, nsEventStatus * 
0x0012d230) line 1426 + 45 bytes
nsHTMLBodyElement::HandleDOMEvent(nsHTMLBodyElement * const 0x044df6d8, 
nsIPresContext * 0x0450caa0, nsEvent * 0x0012d1ec, nsIDOMEvent * * 0x00000000, 
unsigned int 1, nsEventStatus * 0x0012d230) line 902
nsEventStateManager::GenerateMouseEnterExit(nsIPresContext * 0x0450caa0, 
nsGUIEvent * 0x0012d96c) line 1519
nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x044e94f8, 
nsIPresContext * 0x0450caa0, nsEvent * 0x0012d96c, nsIFrame * 0x02ee281c, 
nsEventStatus * 0x0012d85c, nsIView * 0x04510130) line 306
PresShell::HandleEventInternal(nsEvent * 0x0012d96c, nsIView * 0x04510130, 
unsigned int 1, nsEventStatus * 0x0012d85c) line 4249 + 43 bytes
PresShell::HandleEvent(PresShell * const 0x044d4544, nsIView * 0x04510130, 
nsGUIEvent * 0x0012d96c, nsEventStatus * 0x0012d85c, int 0, int & 1) line 4190 + 
25 bytes
nsView::HandleEvent(nsView * const 0x04510130, nsGUIEvent * 0x0012d96c, unsigned 
int 8, nsEventStatus * 0x0012d85c, int 0, int & 1) line 379
nsView::HandleEvent(nsView * const 0x04507220, nsGUIEvent * 0x0012d96c, unsigned 
int 8, nsEventStatus * 0x0012d85c, int 0, int & 1) line 352
nsView::HandleEvent(nsView * const 0x044cc0d0, nsGUIEvent * 0x0012d96c, unsigned 
int 28, nsEventStatus * 0x0012d85c, int 1, int & 1) line 352
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x044cc2b0, nsGUIEvent * 
0x0012d96c, nsEventStatus * 0x0012d85c) line 1429
HandleEvent(nsGUIEvent * 0x0012d96c) line 68
nsWindow::DispatchEvent(nsWindow * const 0x045070e4, nsGUIEvent * 0x0012d96c, 
nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012d96c) line 702
nsWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000) line 3890 + 
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000) line 
4100
nsWindow::ProcessMessage(unsigned int 512, unsigned int 0, long 6750665, long * 
0x0012dce8) line 2937 + 24 bytes
nsWindow::WindowProc(HWND__ * 0x0f9d04d2, unsigned int 512, unsigned int 0, long 
6750665) line 950 + 27 bytes
I get the same stack trace by opening AIM, sending a message to myself and
closing the message window. It is preceded by an assertion in
nsHTMLEditor::~nsHTMLEditor(), NS_NOTREACHED("~nsHTMLEditor"); Before I have
time to dismiss the assertion dialog I get this crash. NOTE: If I am running in
debugger I hit the assertion but do not crash!

Nominating for RTM.
Keywords: rtm
This could be a dup of http://bugzilla.mozilla.org/show_bug.cgi?id=54371 --
heikki, the fix for that went into the branch and trunk, can you reproduce after
updating and recompiling?

/be
I get the same stack trace when I close the view source window. It is sometimes 
preceded by an assertion, but a different than in the case with AIM, and I do 
not get assertion every time (even though I get crash every  time).
There is the same bt attached into bug 53953. However, that bug is about fast 
window open+close causing crash...
The stack in this bug is crucially different (if complete -- tell me if it is a 
partial backtrace) from the one attached to bug 53953.  That bug's attached 
stacktrace misleadingly assertbotches at line 381 of jsgc.c, but only because of 
another bug (nsDebug::Assertion nests an unsafe event loop on Windows at least, 
using MessageBox).  See later in 53953 where the true stack for that bug is in a 
comment, not an attachment.

For this bug (54257), is the crash a bad address crash (because rt is not a 
valid pointer at line 381 in jsgc.c), or an assertbotch (becaise rt->gcRunning 
is true, botching the assertion)?

/be
I am still crashing, trunk debug build from yesterday.

Ctrl+u, Click on top right close window button. Didn't see assertion dialog.

-
rt
0x00d39bd8
	state	0x00000002
+
gcArenaPool
{...}
+
gcFinalVec
0x00d3be20
+
gcRootsHash
0x00af3970
+
gcLocksHash
0x00000000
+
gcFreeList
0x00d42c58
	gcDisabled	0x00000000
	gcBytes	0x00015e28
	gcLastBytes	0x0001622a
	gcMaxBytes	0x00400000
	gcLevel	0x00000001
	gcNumber	0x00000015
	gcPoke	0x00 ''
	gcRunning	0x01 '.'
	gcCallback	0x0161a260 DOMGCCallback(JSContext *, JSGCStatus)
	gcMallocBytes	0x00000020
+
atomState
{...}
	rngInitialized	0x00000000
	rngMultiplier	0x0000000000000000
	rngAddend	0x0000000000000000
	rngMask	0x0000000000000000
	rngSeed	0x0000000000000000
	rngDscale	0.00000000000000
+
jsNaN
0x00d42720
+
jsNegativeInfinity
0x00d42730
+
jsPositiveInfinity
0x00d42728
+
emptyString
0x00d42738
+
contextList
{...}
	interruptHandler	0x00000000
	interruptHandlerData	0x00000000
	newScriptHook	0x00000000
	newScriptHookData	0x00000000
	destroyScriptHook	0x00000000
	destroyScriptHookData	0x00000000
	debuggerHandler	0x01d21956 xpc_DebuggerKeywordHandler(struct JSContext *,struct JSScript
*,unsigned char *,long *,void *)
	debuggerHandlerData	0x00000000
	sourceHandler	0x00000000
	sourceHandlerData	0x00000000
	executeHook	0x00000000
	executeHookData	0x00000000
	callHook	0x00000000
	callHookData	0x00000000
	objectHook	0x00000000
	objectHookData	0x00000000
	throwHook	0x00000000
	throwHookData	0x00000000
	debugErrorHook	0x00000000
	debugErrorHookData	0x00000000
+
trapList
{...}
+
watchPointList
{...}
+
propertyCache
{...}
	data	0x00000000
	gcLock	0x00af38c0
	gcDone	0x00af3810
	requestDone	0x00af3760
	requestCount	0x00000000
	gcThread	0x00a11210
	rtLock	0x01d7a6a0
	rtLockOwner	0x00000000
	stateChange	0x01d7a5f0
	setSlotLock	0x01d7a540
	inlineCalls	0x000005c9
	nativeCalls	0x00000e2a
	nonInlineCalls	0x00000c8d
	constructs	0x00000039

NTDLL! 77f7629c()
js_AllocGCThing(JSContext * 0x0280f130, unsigned int 0x00000000) line 381 + 41 bytes
js_NewObject(JSContext * 0x0280f130, JSClass * 0x0030c728 _js_FunctionClass,
JSObject * 0x00000000, JSObject * 0x02c844b8) line 1440 + 11 bytes
js_NewFunction(JSContext * 0x0280f130, JSObject * 0x00000000, int (JSContext *,
JSObject *, unsigned int, long *, long *)* 0x00000000, unsigned int 0x00000001,
unsigned int 0x00000000, JSObject * 0x02c844b8, JSAtom * 0x06c8b4d0) line 1629 +
20 bytes
JS_CompileUCFunctionForPrincipals(JSContext * 0x0280f130, JSObject * 0x02c844b8,
JSPrincipals * 0x0283e264, const char * 0x0012c164, unsigned int 0x00000001,
const char * * 0x016d0628 char const * *  gEventArgv, const unsigned short *
0x06c9cdb0, unsigned int 0x0000008d, const char * 0x00000000, unsigned int
0x00000000) line 2936 + 27 bytes
nsJSContext::CompileEventHandler(nsJSContext * const 0x0280ed10, void *
0x02c844b8, nsIAtom * 0x06c98ac0 {"onxblblur"}, const
basic_nsAReadableString<unsigned short> & {...}, int 0x00000001, void * *
0x0012c4f0) line 807 + 71 bytes
nsXBLPrototypeHandler::ExecuteHandler(nsXBLPrototypeHandler * const 0x042e2570,
nsIDOMEventReceiver * 0x0367bde8, nsIDOMEvent * 0x06c99f54) line 303
nsXBLFocusHandler::Blur(nsIDOMEvent * 0x06c99f54) line 105
nsEventListenerManager::HandleEvent(nsIPresContext * 0x02a7faf0, nsEvent *
0x0012d4d0, nsIDOMEvent * * 0x0012d038, nsIDOMEventTarget * 0x0367bde8, unsigned
int 0x00000004, nsEventStatus * 0x0012d4f4) line 1180 + 23 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x0367bde0, nsIPresContext *
0x02a7faf0, nsEvent * 0x0012d4d0, nsIDOMEvent * * 0x0012d038, unsigned int
0x00000004, nsEventStatus * 0x0012d4f4) line 3321
nsXULElement::HandleDOMEvent(nsXULElement * const 0x042e3690, nsIPresContext *
0x02a7faf0, nsEvent * 0x0012d4d0, nsIDOMEvent * * 0x0012d038, unsigned int
0x00000004, nsEventStatus * 0x0012d4f4) line 3302
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x02a7faf0, nsEvent *
0x0012d4d0, nsIDOMEvent * * 0x0012d038, unsigned int 0x00000001, nsEventStatus *
0x0012d4f4) line 1384
nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x042e349c,
nsIPresContext * 0x02a7faf0, nsEvent * 0x0012d4d0, nsIDOMEvent * * 0x00000000,
unsigned int 0x00000001, nsEventStatus * 0x0012d4f4) line 897 + 31 bytes
nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x04105888,
nsIPresContext * 0x02a7faf0, nsEvent * 0x0012d818, nsIFrame * 0x02d54440,
nsEventStatus * 0x0012d780, nsIView * 0x02a7f500) line 561
PresShell::HandleEventInternal(nsEvent * 0x0012d818, nsIView * 0x02a7f500,
unsigned int 0x00000001, nsEventStatus * 0x0012d780) line 4250 + 43 bytes
PresShell::HandleEvent(PresShell * const 0x02a77734, nsIView * 0x02a7f500,
nsGUIEvent * 0x0012d818, nsEventStatus * 0x0012d780, int 0x00000001, int &
0x00000001) line 4191 + 25 bytes
nsView::HandleEvent(nsView * const 0x02a7f500, nsGUIEvent * 0x0012d818, unsigned
int 0x0000001c, nsEventStatus * 0x0012d780, int 0x00000001, int & 0x00000001)
line 379
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x02a7f6e0, nsGUIEvent *
0x0012d818, nsEventStatus * 0x0012d780) line 1439
HandleEvent(nsGUIEvent * 0x0012d818) line 68
nsWindow::DispatchEvent(nsWindow * const 0x02a7f3c4, nsGUIEvent * 0x0012d818,
nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012d818) line 702
nsWindow::DispatchFocus(unsigned int 0x0000006c) line 4039 + 15 bytes
nsWindow::ProcessMessage(unsigned int 0x00000008, unsigned int 0x020a015c, long
0x00000000, long * 0x0012db5c) line 3099 + 19 bytes
nsWindow::WindowProc(HWND__ * 0x06360178, unsigned int 0x00000008, unsigned int
0x020a015c, long 0x00000000) line 950 + 27 bytes
USER32! 77e719d0()
USER32! 77e71982()
NTDLL! 77f763a3()
USER32! 77e8a5c0()
USER32! 77e82d7c()
USER32! 77e720ff()
USER32! 77e82832()
USER32! 77e8903f()
USER32! 77e8ad30()
USER32! 77e8b044()
USER32! 77e8aed8()
USER32! 77e8b203()
USER32! 77e8a5a6()
nsDebug::Assertion(const char * 0x016cee14, const char * 0x016cee04, const char
* 0x016cedd8, int 0x00000fbc) line 215 + 22 bytes
nsDebug::WarnIfFalse(const char * 0x016cee14, const char * 0x016cee04, const
char * 0x016cedd8, int 0x00000fbc) line 358 + 21 bytes
GlobalWindowImpl::GetTreeOwner(GlobalWindowImpl * const 0x06680640,
nsIDocShellTreeOwner * * 0x0012f058) line 4028 + 38 bytes
GlobalWindowImpl::Get_content(GlobalWindowImpl * const 0x06680644,
nsIDOMWindowInternal * * 0x0012f078) line 704 + 40 bytes
nsBrowserInstance::ReinitializeContentVariables() line 475 + 42 bytes
nsBrowserInstance::GetContentAreaDocShell(nsIDocShell * * 0x0012f114) line 497
nsBrowserInstance::Close(nsBrowserInstance * const 0x06c80880) line 1496 + 32 bytes
nsBrowserInstance::~nsBrowserInstance() line 460
nsBrowserInstance::`scalar deleting destructor'() + 15 bytes
nsBrowserInstance::Release(nsBrowserInstance * const 0x06c80880) line 563 + 158
bytes
nsXPCWrappedNative::~nsXPCWrappedNative() line 398 + 27 bytes
nsXPCWrappedNative::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes
nsXPCWrappedNative::Release(nsXPCWrappedNative * const 0x06c80820) line 71 + 31
bytes
nsXPCWrappedNative::JSObjectFinalized(JSContext * 0x06685c30, JSObject *
0x02ddefb0) line 96
WrappedNative_Finalize(JSContext * 0x06685c30, JSObject * 0x02ddefb0) line 783
js_FinalizeObject(JSContext * 0x06685c30, JSObject * 0x02ddefb0) line 1600 + 114
bytes
gc_finalize_phase(JSContext * 0x06685c30, unsigned int 0x00000072) line 907 + 11
bytes
js_GC(JSContext * 0x06685c30, unsigned int 0x00000000) line 1173 + 13 bytes
js_ForceGC(JSContext * 0x06685c30) line 871 + 11 bytes
js_DestroyContext(JSContext * 0x06685c30, int 0x00000002) line 258 + 9 bytes
JS_DestroyContext(JSContext * 0x06685c30) line 832 + 11 bytes
nsJSContext::~nsJSContext() line 366 + 13 bytes
nsJSContext::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes
nsJSContext::Release(nsJSContext * const 0x06684eb0) line 374 + 154 bytes
nsCOMPtr<nsIScriptContext>::assign_assuming_AddRef(nsIScriptContext *
0x00000000) line 472
nsCOMPtr<nsIScriptContext>::assign_with_AddRef(nsISupports * 0x00000000) line 849
nsCOMPtr<nsIScriptContext>::operator=(nsIScriptContext * 0x00000000) line 584
nsDocShell::Destroy(nsDocShell * const 0x06683184) line 1614
nsWebShell::Destroy(nsWebShell * const 0x06683184) line 1394
nsXULWindow::Destroy(nsXULWindow * const 0x06670ab4) line 325
nsWebShellWindow::Destroy(nsWebShellWindow * const 0x06670ab4) line 1750
nsWebShellWindow::Close(nsWebShellWindow * const 0x06670b10) line 339
nsWebShellWindow::HandleEvent(nsGUIEvent * 0x0012f63c) line 418
nsWindow::DispatchEvent(nsWindow * const 0x066708c4, nsGUIEvent * 0x0012f63c,
nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f63c) line 702
nsWindow::DispatchStandardEvent(unsigned int 0x00000065) line 722 + 15 bytes
nsWindow::ProcessMessage(unsigned int 0x00000010, unsigned int 0x00000000, long
0x00000000, long * 0x0012f974) line 2795
nsWindow::WindowProc(HWND__ * 0x01a601ce, unsigned int 0x00000010, unsigned int
0x00000000, long 0x00000000) line 950 + 27 bytes
USER32! 77e719d0()
USER32! 77e71982()
NTDLL! 77f763a3()
USER32! 77e718d2()
nsWindow::DefaultWindowProc(HWND__ * 0x01a601ce, unsigned int 0x00000112,
unsigned int 0x0000f060, long 0x001803e2) line 977
USER32! 77e727fe()
USER32! 77e72889()
nsWindow::WindowProc(HWND__ * 0x01a601ce, unsigned int 0x00000112, unsigned int
0x0000f060, long 0x001803e2) line 957 + 31 bytes
USER32! 77e719d0()
USER32! 77e71982()
NTDLL! 77f763a3()
USER32! 77e718d2()
nsWindow::DefaultWindowProc(HWND__ * 0x01a601ce, unsigned int 0x000000a1,
unsigned int 0x00000014, long 0x001803e2) line 977
USER32! 77e727fe()
USER32! 77e72889()
nsWindow::WindowProc(HWND__ * 0x01a601ce, unsigned int 0x000000a1, unsigned int
0x00000014, long 0x001803e2) line 957 + 31 bytes
USER32! 77e71820()


AIM myself, click on top right close window button. Got assertion window first,
immediately followed by crash.

-
rt
0x00d39bd8
	state	0x00000002
+
gcArenaPool
{...}
+
gcFinalVec
0x00d3be20
+
gcRootsHash
0x00af3970
+
gcLocksHash
0x00000000
+
gcFreeList
0x00de5100
	gcDisabled	0x00000000
	gcBytes	0x00021bb8
	gcLastBytes	0x000227c7
	gcMaxBytes	0x00400000
	gcLevel	0x00000001
	gcNumber	0x00000017
	gcPoke	0x00 ''
	gcRunning	0x01 '.'
	gcCallback	0x0161a260 DOMGCCallback(JSContext *, JSGCStatus)
	gcMallocBytes	0x00000000
+
atomState
{...}
	rngInitialized	0x00000000
	rngMultiplier	0x0000000000000000
	rngAddend	0x0000000000000000
	rngMask	0x0000000000000000
	rngSeed	0x0000000000000000
	rngDscale	0.00000000000000
+
jsNaN
0x00d42720
+
jsNegativeInfinity
0x00d42730
+
jsPositiveInfinity
0x00d42728
+
emptyString
0x00d42738
+
contextList
{...}
	interruptHandler	0x00000000
	interruptHandlerData	0x00000000
	newScriptHook	0x00000000
	newScriptHookData	0x00000000
	destroyScriptHook	0x00000000
	destroyScriptHookData	0x00000000
	debuggerHandler	0x01d21956 xpc_DebuggerKeywordHandler(struct JSContext *,struct JSScript
*,unsigned char *,long *,void *)
	debuggerHandlerData	0x00000000
	sourceHandler	0x00000000
	sourceHandlerData	0x00000000
	executeHook	0x00000000
	executeHookData	0x00000000
	callHook	0x00000000
	callHookData	0x00000000
	objectHook	0x00000000
	objectHookData	0x00000000
	throwHook	0x00000000
	throwHookData	0x00000000
	debugErrorHook	0x00000000
	debugErrorHookData	0x00000000
+
trapList
{...}
+
watchPointList
{...}
+
propertyCache
{...}
	data	0x00000000
	gcLock	0x00af38c0
	gcDone	0x00af3810
	requestDone	0x00af3760
	requestCount	0x00000000
	gcThread	0x00a11210
	rtLock	0x01d7a6a0
	rtLockOwner	0x00000000
	stateChange	0x01d7a5f0
	setSlotLock	0x01d7a540
	inlineCalls	0x00000999
	nativeCalls	0x0000197d
	nonInlineCalls	0x000016e0
	constructs	0x000000f9

NTDLL! 77f7629c()
js_AllocGCThing(JSContext * 0x0280f130, unsigned int 0x00000000) line 381 + 41 bytes
js_NewObject(JSContext * 0x0280f130, JSClass * 0x016d82f0 struct JSClass
KeyEventClass, JSObject * 0x00d5f268, JSObject * 0x00000000) line 1440 + 11 bytes
JS_NewObject(JSContext * 0x0280f130, JSClass * 0x016d82f0 struct JSClass
KeyEventClass, JSObject * 0x00d5f268, JSObject * 0x00000000) line 1892 + 21 bytes
NS_NewScriptKeyEvent(nsIScriptContext * 0x0280ed10, nsISupports * 0x06cee344,
nsISupports * 0x00000000, void * * 0x0012add4) line 1014 + 23 bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x06cee344) line 141 + 25 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x036b4100,
nsIDOMEvent * 0x06cee344, nsIDOMEventTarget * 0x036b45e8, unsigned int
0x00000010, unsigned int 0x00000002) line 788 + 19 bytes
nsEventListenerManager::HandleEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, nsIDOMEventTarget * 0x036b45e8, unsigned
int 0x00000002, nsEventStatus * 0x0012cd34) line 935 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x036b45e0, nsIPresContext *
0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int
0x00000002, nsEventStatus * 0x0012cd34) line 3321
nsXULElement::HandleChromeEvent(nsXULElement * const 0x036b45f4, nsIPresContext
* 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int
0x00000002, nsEventStatus * 0x0012cd34) line 4296 + 39 bytes
GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x04234eb0,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c,
unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 523
nsDocument::HandleDOMEvent(nsDocument * const 0x04956e80, nsIPresContext *
0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int
0x00000002, nsEventStatus * 0x0012cd34) line 3054
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1433 + 45 bytes
nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x04957ca8,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c,
unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 186
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLBodyElement::HandleDOMEvent(nsHTMLBodyElement * const 0x049a3658,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c,
unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 902
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLTableElement::HandleDOMEvent(nsHTMLTableElement * const 0x049c1858,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c,
unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1345
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLTableSectionElement::HandleDOMEvent(nsHTMLTableSectionElement * const
0x049c13c8, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * *
0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 355
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLTableRowElement::HandleDOMEvent(nsHTMLTableRowElement * const 0x04927a08,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c,
unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 713
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLTableCellElement::HandleDOMEvent(nsHTMLTableCellElement * const
0x04918bbc, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * *
0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 525
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLTableElement::HandleDOMEvent(nsHTMLTableElement * const 0x0491ef08,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c,
unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 1345
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLTableSectionElement::HandleDOMEvent(nsHTMLTableSectionElement * const
0x04918ef8, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * *
0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 355
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLTableRowElement::HandleDOMEvent(nsHTMLTableRowElement * const 0x04916958,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c,
unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 713
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLTableCellElement::HandleDOMEvent(nsHTMLTableCellElement * const
0x0495455c, nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * *
0x0012cc2c, unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 525
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000002, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x0495015c,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x0012cc2c,
unsigned int 0x00000002, nsEventStatus * 0x0012cd34) line 897 + 31 bytes
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x04916210, nsEvent *
0x0012ccf0, nsIDOMEvent * * 0x0012cc2c, unsigned int 0x00000001, nsEventStatus *
0x0012cd34) line 1426 + 45 bytes
nsHTMLDivElement::HandleDOMEvent(nsHTMLDivElement * const 0x04a0bd98,
nsIPresContext * 0x04916210, nsEvent * 0x0012ccf0, nsIDOMEvent * * 0x00000000,
unsigned int 0x00000001, nsEventStatus * 0x0012cd34) line 222
nsEventStateManager::GenerateMouseEnterExit(nsIPresContext * 0x04916210,
nsGUIEvent * 0x0012d508) line 1519
nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x049b4c68,
nsIPresContext * 0x04916210, nsEvent * 0x0012d508, nsIFrame * 0x02e6a628,
nsEventStatus * 0x0012d3f8, nsIView * 0x04a0ea90) line 306
PresShell::HandleEventInternal(nsEvent * 0x0012d508, nsIView * 0x04a0ea90,
unsigned int 0x00000001, nsEventStatus * 0x0012d3f8) line 4250 + 43 bytes
PresShell::HandleEvent(PresShell * const 0x0491da14, nsIView * 0x04a0ea90,
nsGUIEvent * 0x0012d508, nsEventStatus * 0x0012d3f8, int 0x00000000, int &
0x00000001) line 4191 + 25 bytes
nsView::HandleEvent(nsView * const 0x04a0ea90, nsGUIEvent * 0x0012d508, unsigned
int 0x00000008, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001)
line 379
nsView::HandleEvent(nsView * const 0x04a0ef60, nsGUIEvent * 0x0012d508, unsigned
int 0x00000008, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001)
line 352
nsView::HandleEvent(nsView * const 0x049bff80, nsGUIEvent * 0x0012d508, unsigned
int 0x00000008, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001)
line 352
nsView::HandleEvent(nsView * const 0x049be750, nsGUIEvent * 0x0012d508, unsigned
int 0x00000008, nsEventStatus * 0x0012d3f8, int 0x00000000, int & 0x00000001)
line 352
nsView::HandleEvent(nsView * const 0x0491b0f0, nsGUIEvent * 0x0012d508, unsigned
int 0x0000001c, nsEventStatus * 0x0012d3f8, int 0x00000001, int & 0x00000001)
line 352
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x049160a0, nsGUIEvent *
0x0012d508, nsEventStatus * 0x0012d3f8) line 1439
HandleEvent(nsGUIEvent * 0x0012d508) line 68
nsWindow::DispatchEvent(nsWindow * const 0x049be614, nsGUIEvent * 0x0012d508,
nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012d508) line 702
nsWindow::DispatchMouseEvent(unsigned int 0x0000012c, nsPoint * 0x00000000) line
3890 + 21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 0x0000012c, nsPoint * 0x00000000)
line 4100
nsWindow::ProcessMessage(unsigned int 0x00000200, unsigned int 0x00000000, long
0x004600c9, long * 0x0012d884) line 2937 + 24 bytes
nsWindow::WindowProc(HWND__ * 0x03020268, unsigned int 0x00000200, unsigned int
0x00000000, long 0x004600c9) line 950 + 27 bytes
USER32! 77e71820()
NETSCP6!


Ctrl+u, Ctrl+w. Didn't see assertion window.

-
mDOMWindow
0x05196bb4
-
nsIDOMWindow
{...}
-
nsISupports
{...}
+
__vfptr
0xdddddddd

nsBrowserInstance::ReinitializeContentVariables() line 475 + 39 bytes
nsBrowserInstance::GetContentAreaDocShell(nsIDocShell * * 0x0012f110) line 497
nsBrowserInstance::Close(nsBrowserInstance * const 0x06c83040) line 1496 + 32 bytes
nsBrowserInstance::~nsBrowserInstance() line 460
nsBrowserInstance::`scalar deleting destructor'() + 15 bytes
nsBrowserInstance::Release(nsBrowserInstance * const 0x06c83040) line 563 + 158
bytes
nsXPCWrappedNative::~nsXPCWrappedNative() line 398 + 27 bytes
nsXPCWrappedNative::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes
nsXPCWrappedNative::Release(nsXPCWrappedNative * const 0x06c7ec90) line 71 + 31
bytes
nsXPCWrappedNative::JSObjectFinalized(JSContext * 0x06511c20, JSObject *
0x02ee8270) line 96
WrappedNative_Finalize(JSContext * 0x06511c20, JSObject * 0x02ee8270) line 783
js_FinalizeObject(JSContext * 0x06511c20, JSObject * 0x02ee8270) line 1600 + 114
bytes
gc_finalize_phase(JSContext * 0x06511c20, unsigned int 0x00000086) line 907 + 11
bytes
js_GC(JSContext * 0x06511c20, unsigned int 0x00000000) line 1173 + 13 bytes
js_ForceGC(JSContext * 0x06511c20) line 871 + 11 bytes
js_DestroyContext(JSContext * 0x06511c20, int 0x00000002) line 258 + 9 bytes
JS_DestroyContext(JSContext * 0x06511c20) line 832 + 11 bytes
nsJSContext::~nsJSContext() line 366 + 13 bytes
nsJSContext::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes
nsJSContext::Release(nsJSContext * const 0x06511dd0) line 374 + 154 bytes
nsCOMPtr<nsIScriptContext>::~nsCOMPtr<nsIScriptContext>() line 490
GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x06511e40,
nsIPresContext * 0x06c83f00, nsEvent * 0x0012f8bc, nsIDOMEvent * * 0x0012f5d8,
unsigned int 0x00000002, nsEventStatus * 0x0012f828) line 541 + 14 bytes
nsDocument::HandleDOMEvent(nsDocument * const 0x06c956c0, nsIPresContext *
0x06c83f00, nsEvent * 0x0012f8bc, nsIDOMEvent * * 0x0012f5d8, unsigned int
0x00000002, nsEventStatus * 0x0012f828) line 3054
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x06c83f00, nsEvent *
0x0012f8bc, nsIDOMEvent * * 0x0012f5d8, unsigned int 0x00000001, nsEventStatus *
0x0012f828) line 1433 + 45 bytes
nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x06c97158,
nsIPresContext * 0x06c83f00, nsEvent * 0x0012f8bc, nsIDOMEvent * * 0x00000000,
unsigned int 0x00000001, nsEventStatus * 0x0012f828) line 186
PresShell::HandleEventInternal(nsEvent * 0x0012f8bc, nsIView * 0x06511f80,
unsigned int 0x00000001, nsEventStatus * 0x0012f828) line 4256 + 47 bytes
PresShell::HandleEvent(PresShell * const 0x06c818f4, nsIView * 0x06511f80,
nsGUIEvent * 0x0012f8bc, nsEventStatus * 0x0012f828, int 0x00000000, int &
0x00000001) line 4191 + 25 bytes
nsView::HandleEvent(nsView * const 0x06511f80, nsGUIEvent * 0x0012f8bc, unsigned
int 0x00000008, nsEventStatus * 0x0012f828, int 0x00000000, int & 0x00000001)
line 379
nsView::HandleEvent(nsView * const 0x064f02e0, nsGUIEvent * 0x0012f8bc, unsigned
int 0x00000008, nsEventStatus * 0x0012f828, int 0x00000000, int & 0x00000001)
line 352
nsView::HandleEvent(nsView * const 0x06c81f80, nsGUIEvent * 0x0012f8bc, unsigned
int 0x0000001c, nsEventStatus * 0x0012f828, int 0x00000001, int & 0x00000001)
line 352
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x06c82180, nsGUIEvent *
0x0012f8bc, nsEventStatus * 0x0012f828) line 1439
HandleEvent(nsGUIEvent * 0x0012f8bc) line 68
nsWindow::DispatchEvent(nsWindow * const 0x06c81e44, nsGUIEvent * 0x0012f8bc,
nsEventStatus & nsEventStatus_eIgnore) line 681 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f8bc) line 702
nsWindow::DispatchKeyEvent(unsigned int 0x00000083, unsigned short 0x0077,
unsigned int 0x00000000) line 2284 + 15 bytes
nsWindow::OnChar(unsigned int 0x00000017, unsigned int 0x00000000, unsigned char
0x00) line 2408
nsWindow::ProcessMessage(unsigned int 0x00000102, unsigned int 0x00000017, long
0x00110001, long * 0x0012fc44) line 2841 + 33 bytes
nsWindow::WindowProc(HWND__ * 0x036501f8, unsigned int 0x00000102, unsigned int
0x00000017, long 0x00110001) line 950 + 27 bytes
USER32! 77e71820()
Heikki, your first and third stacks are dups of bug 53953's symptom (the first
also shows bug 54792 biting).

The second stack you show, if I'm not misreading your inline comment as three
stack traces when it is really only two (please use attachments, one per
backtrace -- and use the right bugs per the above) is the mystery.  If
rt->gcRunning is true, the GC is running somewhere -- but since it can run only
on the main thread, we should see it.  In that way, it is like buster's original
backtrace (in the first comment).  I suspect a partial backtrace (perhaps due to
XPConnect?  Cc'ing jband for his stack backtrace vs. XPConnect SharedStub
experience).

I see no distinct joki bug here, in any case, and I'm hopeful that (with a full
backtrace) this bug will turn out to be a dup of bug 53953.

/be
Forgot to cc: jband, fragit.

/be

Comment 9

19 years ago
I believe the stack that includes the NS assertion before going on and hitting 
the JS assertion exists because the Windows assert modal dialog that warren 
talked travis into adding...
http://lxr.mozilla.org/seamonkey/source/xpcom/base/nsDebug.cpp#206
...allows windows messages to leak through our message pump at a time when we 
would otherwise not be reentered.

I'm sorry I didn't file a bug specifically about this the first time I hit this 
(bug 51825).

I did try changing some flags to ::MessageBox hoping to avoid the message leaks 
with no luck.

Any ideas?
Jband: the unsafe nested event loop from MessageBox is bug 54792.  The question 
here is, how did buster and heikki (his "second" of "three" stack backtraces in 
the big comment today) manage to botch the js_AllocGCThing assertion on the main 
thread, without showing js_GC under some MessageBox and nested event loop frames 
in the backtraces?

Do those backtraces look complete?  Can you tell which (if any) WindowProc is 
outermost?

/be
be: Yes, there were three back traces. I sometimes seem to get the assertion
dialog, sometimes not. Maybe the cases I do not see it it is really coming but
the crash happens before I see it? The stack traces are complete (as far as VC++
will show them, that is).

I did not use the attachments because I prefer to see stack traces in the
comments...

Comment 12

19 years ago
I can't tell if that stack trace is complete. I have seen the assert sometimes 
not yet show its window yet still be the cause of the problem bug 54792 (visible 
in the stack). It is very possible that the debugger can not show a deep enough 
stack trace as it digs back through USER32 etc. I've seen that before. Jumping 
over the abort in the JS_Assert and letting the stack unwind *might* give a 
further clue if this is reproducable for you.

FWIW I see this assert from bug 53953 predicatably. Running under the debugger 
or not gates bug 54792. I tried on my purify build and under purify it catches 
bug 53953. The same release build run w/o Purify does not crash there, but who 
knows what damage was done. Otherwise, i dunno. I've been trying to reproduce 
something that looks like this and have not seen it.

Also FWIW attached stack traces are *much* easier to read since it avoid the eye 
confusing line wrapping.
NT branch debug build today: I no longer crash closing view source or AIM
message window. WFM?
Whiteboard: [wfm?]
(Reporter)

Comment 14

18 years ago
all these steps now WFM as well.  probably was a dup.
Allright, marking WORKSFORME.
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → WORKSFORME

Comment 16

18 years ago
Marking VERIFIED.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.