Closed
Bug 57070
Opened 24 years ago
Closed 24 years ago
new crash [@ gc_find_flags] in branch
Categories
(Core :: Networking, defect, P3)
Core
Networking
Tracking
()
VERIFIED
FIXED
People
(Reporter: jay, Assigned: brendan)
References
Details
(Keywords: crash, topcrash, Whiteboard: [rtm++])
Crash Data
Attachments
(1 file)
635 bytes,
patch
|
Details | Diff | Splinter Review |
A similar crash to the one resolved fixed in bug 53123 has returned, so logging a new bug on it here. Below are the latest talkback entries and a stack trace: gc_find_flags 16ab37bb http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/js/src/jsgc.c line 215 Build: 2000101309 CrashDate: 2000-10-13 UptimeMinutes: 184 Total: 184 OS: Windows NT 4.0 build 1381 URL: Comment: crash trying to send a message Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19039496 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=19039496 gc_find_flags() b7c465b4 jsgc.c line 213 Build: 2000101308 CrashDate: 2000-10-13 UptimeMinutes: 11 Total: 11 OS: MacOS version 8.6 URL: Comment: Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19041783 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=19041783 gc_find_flags 5edf0504 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/js/src/jsgc.c line 215 Build: 2000101213 CrashDate: 2000-10-16 UptimeMinutes: 2926 Total: 2926 OS: Windows NT 4.0 build 1381 URL: Comment: Instant Messenger and Browser crash Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19154390 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=19154390 gc_find_flags 5c2ba49b http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/js/src/jsgc.c line 215 Build: 2000101609 CrashDate: 2000-10-16 UptimeMinutes: 51 Total: 51 OS: Windows NT 4.0 build 1381 URL: www.abcnews.go.com Comment: Just typing in the url and hitting enter crashed Seamonkey. Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19193042 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=19193042 gc_find_flags 80580bed http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/js/src/jsgc.c line 215 Build: 2000101609 CrashDate: 2000-10-16 UptimeMinutes: 6 Total: 19 OS: Windows 95 4.0 build 67109814 URL: Comment: Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19193656 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=19193656 gc_find_flags() feda89fc line Build: 2000101609 CrashDate: 2000-10-16 UptimeMinutes: 1 Total: 1 OS: Linux 2.2.16 URL: Comment: trying to install java 2 plugin Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19197087 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=19197087 gc_find_flags 9a6cceb1 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/js/src/jsgc.c line 215 Build: 2000101609 CrashDate: 2000-10-16 UptimeMinutes: 1 Total: 1 OS: Windows 98 4.10 build 67766222 URL: Comment: Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19211371 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=19211371 gc_find_flags() 877f0bc6 line Build: 2000101609 CrashDate: 2000-10-17 UptimeMinutes: 112 Total: 389 OS: Linux 2.2.14-5.0 URL: Comment: closing window Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19218471 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=19218471 Incident ID 19211371 gc_find_flags [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 215] js_MarkGCThing [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 721] js_GC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 1129] js_ForceGC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 872] JS_GC [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 1543] nsJSContext::GC [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 1288] KERNEL32.DLL + 0xb9b6 (0xbff7b9b6) DocumentViewerImpl::Init [d:\builds\seamonkey\mozilla\layout\base\src\nsDocumentViewer.cpp, line 537] nsDocShell::SetupNewViewer [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 2902] nsWebShell::SetupNewViewer [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 359] nsDocShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 2488] nsWebShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 383] nsDocShell::CreateContentViewer [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 2668] nsDSURIContentListener::DoContent [d:\builds\seamonkey\mozilla\docshell\base\nsDSURIContentListener.cpp, line 104] nsDocumentOpenInfo::DispatchContent [d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 362] nsDocumentOpenInfo::OnStartRequest [d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 234] nsHTTPFinalListener::OnStartRequest [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 1118] InterceptStreamListener::OnStartRequest [d:\builds\seamonkey\mozilla\netwerk\cache\mgr\nsCachedNetData.cpp, line 1186] nsHTTPServerListener::FinishedResponseHeaders [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 1056] nsHTTPServerListener::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 428] nsOnDataAvailableEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 406] nsStreamListenerEvent::HandlePLEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 106] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 581] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 517] _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 1051] KERNEL32.DLL + 0x242e7 (0xbff942e7) 0x00688b52 These stack traces are similar to the ones in bug 57066, so if this is a dup of that bug, please mark it so. I just wanted to log both crashes separately at first to avoid any confusion.
Reporter | ||
Comment 1•24 years ago
|
||
adding topcrash keywords and [@ gc_find_flags] for tracking
Assignee | ||
Comment 2•24 years ago
|
||
Jband and I were trying to reproduce bug 56845, and I noticed with horror a one character typo-botch in jsgc.c that could be the cause of this bug, and of bug 57066. Patch coming up. /be
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•24 years ago
|
||
Assignee | ||
Comment 4•24 years ago
|
||
Adding more r= buddies. Looking to [rtm+] ASAP. /be
Comment 5•24 years ago
|
||
r=mccabe.
Comment 6•24 years ago
|
||
a=jband for sure!
Assignee | ||
Comment 7•24 years ago
|
||
Fix in trunk. This is a topcrash with a one-character fix -- pdt, how about a rtm++? Thanks. /be
Whiteboard: [rtm+]
Assignee | ||
Comment 8•24 years ago
|
||
Phil, we went over talkback that showed JS GC crashes after 53123 was fixed two times, and now I think we've found the topcrash causes. This bug accounts for the stacks, and bug 57096 for others. Both bugs have patches attached now, this one has reviews and is in the trunk. 57096 has a one-line fix that should be reviewed quickly. FYI. /be
Comment 9•24 years ago
|
||
this would a great one for the NS 6.0 branch. jband / brendan: is this the cause of the problems you were seeing last night? (as opposed to a missing JS_PopArguments()?) cc'ing valeski, in case he wants this on the embedding branch.
Comment 10•24 years ago
|
||
[rtm++]. One character for the #1 Talkback crasher? I love that! You've noticed that JS GC is also #3 and #6 on the hit parade?
Whiteboard: [rtm+] → [rtm++]
Assignee | ||
Comment 11•24 years ago
|
||
sspitzer: yes, this is it. The problem is that the JS_PopArguments is "missing" in the sense that the "lower" (stack bottom) call to that function has yet to occur, and the "upper" JS_PopArguments has run, followed by a JS_MaybeGC every 20th XPConnected call into JS, which might just run JS_GC -- which would nuke the entire JS stack on which the lower args were still living, scannable by the subsequent mark phase. Those other bad calls to JS_PopArguments (the ones that were conditioned by a successful rv from OpenDialog) still need to be fixed. The right fix, I think (inspired by nsAutoLock.h) is to make a helper class that hides the jsapi.h usage and has a destructor worry about the pop. I'll work on that in the trunk. /be
Assignee | ||
Comment 12•24 years ago
|
||
Oops, comments in wrong bug. Meant those for bug 57096, an evil older sibling of this bug. /be
Assignee | ||
Comment 13•24 years ago
|
||
phil: #6 is 57096. I'm adding topcrash there. #3 and #1 are both this bug, which is dup'ed by 57066, I bet. I'm going to mark 57066 a dup. /be
Assignee | ||
Comment 14•24 years ago
|
||
*** Bug 57066 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 15•24 years ago
|
||
Fix in branch. (I am the dream engineer of the pdt, two-for-two on one-line changes that fix topcrash bugs! ;-) /be
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 16•24 years ago
|
||
Hey, you planted those bugs!
Assignee | ||
Comment 17•24 years ago
|
||
I wish I planted those, but no such luck. With all due modesty, I'm pretty happy with the way the humongous patch to bug 49816 landed with few bugs, and no major diffs yet required. Knock on wood.... /be
Comment 18•24 years ago
|
||
> phil: #6 is 57096. I'm adding topcrash there. #3 and #1 are both this bug,
> which is dup'ed by 57066, I bet. I'm going to mark 57066 a dup.
Whee! BTW, those rankings seem to be for the trunk, in case that's a surprise to
you (it was a surprise to me).
Updated•13 years ago
|
Crash Signature: [@ gc_find_flags]
You need to log in
before you can comment on or make changes to this bug.
Description
•