Closed
Bug 809458
Opened 12 years ago
Closed 12 years ago
crash in nsWindow::GetToplevelWidget
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
RESOLVED
FIXED
mozilla19
People
(Reporter: tonymec, Unassigned)
References
Details
(Keywords: crash, regression, reproducible)
Crash Data
This bug was filed from the Socorro interface and is report bp-c730cfc7-6683-444b-99e9-48cb12121107 . ============================================================= Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/19.0 Firefox/19.0 SeaMonkey/2.16a1 ID:20121106230402 c-c:73850fe23239 m-c:70c55e9a3ef6 Reproducible: Always Steps to Reproduce: 1. Start SeaMonkey with ChatZilla enabled. Actual result: Crash after opening all tabs and joining most (but not all) channels Expected result: No crash Additional information: This crash did not happen yesterday, and yet ChatZilla was not reinstalled (in particular, no SeaMonkey version number change and no recheck of extensions' maxVersion settings) This is an hourly build (today's linux-x86_64 had "exception" status) so Socorro doesn't know its symbols; I'll fetch them manually from the crasreporter-symbols.zip Startup with -browser: no crash Restart (cZ enabled): bp-c299bfbf-9261-4d64-b68d-b27212121107 Normal startup (cZ, browser & Mail): bp-f9396d91-3b49-4f55-9e3f-039bb2121107 Startup with -mail: no crash Startup with -chat: bp-c730cfc7-6683-444b-99e9-48cb12121107 All three at libxul.so@0x12c2031. Here is the stack from the "cZ-only" startup: 0: libxul.so@0x12c2031 in nsWindow::GetToplevelWidget() 1: libxul.so@0x12c2534 in nsWindow::GetAttention(int) 2: libxul.so@0x2196d97 in ??? 3: libxul.so@0xe3b796 in nsGlobalChromeWindow::GetAttentionWithCycleCount(int) 4: libxul.so@0x1731b87 in NS_InvokeByIndex_P 5: libxul.so@0x10cf525 in XPCWrappedNative::FindTearOff(XPCCallContext&, XPCNativeInterface*, int, tag_nsresult*) 6: libxul.so@0x3095277 in ??? 7: libxul.so@0xf4b865 in nsScriptSecurityManager::CheckPropertyAccessImpl(unsigned int, nsAXPCNativeCallContext*, JSContext*, JSObject*, nsISupports*, nsIClassInfo*, char const*, long, void**) 8: ld-2.14.1.so@0x10efc 9: libxul.so@0x10d27d0 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) 10: libxul.so@0x1cf5c64 in JSObject::addPropertyInternal(JSContext*, long, int (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<long>, JS::MutableHandle<JS::Value>), int (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<long>, int, JS::MutableHandle<JS::Value>), unsigned int, unsigned int, unsigned int, int, js::Shape**, bool) 11: libxul.so@0x1ce7f41 in js::PropertyTree::getChild(JSContext*, js::Shape*, unsigned int, js::StackShape const&) 12: libxul.so@0x1cb831b in JSObject::setLastProperty(JSContext*, JS::Handle<JSObject*>, js::Shape*) 13: libxul.so@0x1cf3792 in JSObject::getChildProperty(JSContext*, js::Shape*, js::StackShape&) 14: libxul.so@0x1cb7d34 in JSObject::growSlots(JSContext*, JS::Handle<JSObject*>, unsigned int, unsigned int) 15: libxul.so@0x1cf5c64 in JSObject::addPropertyInternal(JSContext*, long, int (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<long>, JS::MutableHandle<JS::Value>), int (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<long>, int, JS::MutableHandle<JS::Value>), unsigned int, unsigned int, unsigned int, int, js::Shape**, bool) 16: libxul.so@0x1cb81ca in JSObject::updateSlotsForSpan(JSContext*, JS::Handle<JSObject*>, unsigned long, unsigned long) 17: libxul.so@0x1ce72ff in js::detail::HashTable<js::Shape* const, js::HashSet<js::Shape*, js::ShapeHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::lookup(js::StackShape const&, unsigned int, unsigned int) const 18: libxul.so@0xe1b0fc in js::IsProxy(JSObject*) 19: libxul.so@0xe1b117 in js::GetProxyHandler(JSObject*) 20: libxul.so@0xe1b244 in js::IsWrapper(JSObject*) 21: libxul.so@0x1d3c996 in js::UnwrapObject(JSObject*, bool, unsigned int*) 22: libxul.so@0xe1b117 in js::GetProxyHandler(JSObject*) 23: libxul.so@0xe1b0fc in js::IsProxy(JSObject*) 24: libxul.so@0xe1b234 in js::IsWrapper(JSObject*) 25: libxul.so@0x1d3c94f in js::UnwrapObject(JSObject*, bool, unsigned int*) 26: libxul.so@0x10ce8a5 in XPCWrappedNative::GetWrappedNativeOfJSObject(JSContext*, JSObject*, JSObject*, JSObject**, XPCWrappedNativeTearOff**) 27: libxul.so@0xbc676d in xpc_UnmarkGrayObject(JSObject*) 28: libxul.so@0x10a9ffd in XPCCallContext::Init(XPCContext::LangType, int, JSObject*, JSObject*, XPCCallContext::WrapperInitOptions, long, unsigned int, JS::Value*, JS::Value*) 29: libxul.so@0xe1b0fc in js::IsProxy(JSObject*) 30: libxul.so@0xe1b234 in js::IsWrapper(JSObject*) 31: libxul.so@0x1d3c996 in js::UnwrapObject(JSObject*, bool, unsigned int*) 32: libxul.so@0x10d5a52 in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) 33: libxul.so@0x113fe57 in nsDocShell::FindChildWithName(unsigned short const*, bool, bool, nsIDocShellTreeItem*, nsIDocShellTreeItem*, nsIDocShellTreeItem**) 34: libxul.so@0x2f8b45f in ??? 35: libxul.so@0x1c1fbf2 in JS_EndRequest(JSContext*) 36: libxul.so@0x1e3d9c8 in js::mjit::CallCompiler::generateNativeStub() 37: libxul.so@0x304e5bf in ??? 38: libxul.so@0x1cb9538 in js::LookupNameWithGlobalDefault(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JSObject*>, JS::MutableHandle<JSObject*>) 39: libxul.so@0x1d5b13d in js::CallObject::createForFunction(JSContext*, js::StackFrame*) 40: libxul.so@0x10ce888 in XPCWrappedNative::GetWrappedNativeOfJSObject(JSContext*, JSObject*, JSObject*, JSObject**, XPCWrappedNativeTearOff**) 41: libxul.so@0xbc676d in xpc_UnmarkGrayObject(JSObject*) 42: libxul.so@0x10a9ffd in XPCCallContext::Init(XPCContext::LangType, int, JSObject*, JSObject*, XPCCallContext::WrapperInitOptions, long, unsigned int, JS::Value*, JS::Value*) 43: libxul.so@0x3095277 in ??? 44: ld-2.14.1.so@0x10efc 45: libxul.so@0x10a7595 in nsXPConnect::GetXPConnect() 46: libxul.so@0x10a6472 in nsXPConnect::Release() 47: libxul.so@0x10a76cc in XPCJSRuntime::Get() 48: libxul.so@0x10a9b04 in XPCCallContext::~XPCCallContext 49: libxul.so@0x10d72c1 in XPC_WN_Helper_NewResolve 50: libxul.so@0x2f8b45f in ??? etc.
Reporter | ||
Updated•12 years ago
|
Crash Signature: [@ nsWindow::GetTopLevelWidget()] → [@ nsWindow::GetToplevelWidget()]
Reporter | ||
Comment 1•12 years ago
|
||
At cZ startup, I connect automatically to the moznet server with the following list of "autoperform" actions (where I use "echo" as the next-best thing for commenting-out a line without actually removing it). j is an alias for join. disable-plugin joinint query NickServ nickserv identify --censored-- j #chatzilla j #calendar j #developers echo 'j #smafa' j #seamonkey j #bugday query firebot echo 'query firewolfbot' j #firebot echo 'j #testday' j #bugs j #ateam echo 'j #extdev' echo 'j #addons' echo 'j #maildev' j #tb-qa j #tb-bugs j #thunderbird echo 'j #qa' j #build j #buildduty echo 'j #xul' echo 'j #womoz' echo 'j #mozillazine' echo 'j #b2g' query memoserv list echo 'j #mozillians' j #Mozilla-eo query ChanServ server moznet My Konversation client (not having /join'ed #build and #buildduty) shows join and ping-timeout messages for tonymec on #thunderbird but not on #Mozilla-eo
Comment 2•12 years ago
|
||
Can you recheck in a more recent build? Seems a nullcheck accidentally disappeared from GTK2's nsWindow.cpp implementation ( http://hg.mozilla.org/mozilla-central/filelog/8776d96f0099/widget/gtk2/nsWindow.cpp ). Should be fixed now. Not sure that's it, but might as well give it a shot before going down all the relevant rabbit holes! :-)
Reporter | ||
Comment 3•12 years ago
|
||
(In reply to Gijs Kruitbosch from comment #2) > Can you recheck in a more recent build? Seems a nullcheck accidentally > disappeared from GTK2's nsWindow.cpp implementation ( > http://hg.mozilla.org/mozilla-central/filelog/8776d96f0099/widget/gtk2/ > nsWindow.cpp ). Should be fixed now. Not sure that's it, but might as well > give it a shot before going down all the relevant rabbit holes! :-) There isn't any yet (according to http://tinderbox.mozilla.org/showbuilds.cgi?tree=SeaMonkey&hours=36 the latest SeaMonkey linux x86_64 successful build was built from the m-c and c-c changesets I mentioned after my User-Agent string near the top of comment #0) but as soon as I notice one, I shall try it.
Reporter | ||
Comment 4•12 years ago
|
||
Gijs: Even though I haven't yet been able to recheck, I bet you've hit the jackpot: see bug 808873 comment #6 where the top two levels of the stack (no others are mentioned) are the same as those I got.
Comment 5•12 years ago
|
||
It happens in Firefox and Thunderbird as well. It first in 19.0a1/20121107. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f9c2c266e7aa&tochange=e587aa26326e It's likely a regression from bug 808873. More reports at: https://crash-stats.mozilla.com/report/list?signature=nsWindow%3A%3AGetToplevelWidget%28%29
Blocks: 808873
Component: General → Widget: Gtk
Keywords: reproducible
Product: SeaMonkey → Core
Hardware: x86_64 → All
Summary: crash in libxul at ChatZilla startup → crash in nsWindow::GetToplevelWidget
Version: Trunk → 19 Branch
Reporter | ||
Comment 6•12 years ago
|
||
Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/19.0 Firefox/19.0 SeaMonkey/2.16a1 ID:20121109003004 c-c:cc55366365ad m-c:90cea19e27e2 Now that the null check has been added back in bug 808873, this bug does not appear anymore. I'm setting FIXED rather than WORKSFORME because the fix is in mozilla-central changeset 8671bfc8e9a8.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Target Milestone: --- → mozilla19
Updated•12 years ago
|
Reporter | ||
Comment 7•12 years ago
|
||
(In reply to Tony Mechelynck [:tonymec] from comment #6) [...] > I'm setting FIXED rather than WORKSFORME because the fix is in > mozilla-central changeset 8671bfc8e9a8. oops, 8671bfc8e9a8 is a merge. The actual fix is in mozilla-central changeset 3985e437a262.
You need to log in
before you can comment on or make changes to this bug.
Description
•