JDK-6921935 : Java Runtime Error (EXCEPTION_ACCESS_VIOLATION) in [mshtml.dll+0x249889]
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 6,6u10,6u11-rev,6u15,6u16,6u18
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS:
    solaris_2.5.1,solaris_8,windows_2000,windows_xp,windows_vista,windows_7 solaris_2.5.1,solaris_8,windows_2000,windows_xp,windows_vista,windows_7
  • CPU: generic,x86
  • Submitted: 2010-02-01
  • Updated: 2010-12-02
  • Resolved: 2010-10-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u23 b02Fixed 7Fixed
Related Reports
Duplicate :  
JDK-6926210 - crash
Duplicate :  
JDK-6943513 - On pogo.com I get kicked out of Windows and anything I am in.
Duplicate :  
JDK-6847511 - plugin2 crash in mshtml.dll / sun.plugin2.main.server.IExplorerPlugin.javaScriptReleaseObject
Duplicate :  
JDK-2190091 - plugin2 crash in mshtml.dll / sun.plugin2.main.server.IExplorerPlugin.javaScriptReleaseObject
Relates :  
JDK-6926603 - Improve robustness of applets
Relates :  
JDK-6984345 - Ensure LiveConnect use correct threading model for IE with COM objects
Description
FULL PRODUCT VERSION :
JRE version: 6.0_15-b03

ADDITIONAL OS VERSION INFORMATION :
Java VM: Java HotSpot(TM) Client VM (14.1-b02 mixed mode windows-x86 )

A DESCRIPTION OF THE PROBLEM :
Problematic frame:
C  [mshtml.dll+0x249889]


ERROR MESSAGES/STACK TRACES THAT OCCUR :
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x3dc69889, pid=1680, tid=3924
#
# JRE version: 6.0_15-b03
# Java VM: Java HotSpot(TM) Client VM (14.1-b02 mixed mode windows-x86 )
# Problematic frame:
# C  [mshtml.dll+0x249889]
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---------------  T H R E A D  ---------------

Current thread (0x0996f800):  JavaThread "Thread-2" [_thread_in_native, id=3924, stack(0x1a810000,0x1a910000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x000000f0

Registers:
EAX=0x00000000, EBX=0x00000000, ECX=0x00000032, EDX=0x12186bb0
ESP=0x1a90f724, EBP=0x1a90f73c, ESI=0x0431dec0, EDI=0x7c8097e0
EIP=0x3dc69889, EFLAGS=0x00010246

  Top of Stack: (sp=0x1a90f724)
0x1a90f724:   00000000 0431dec0 1217f5e8 3db20730
0x1a90f734:   0431dec0 00000000 1a90f750 3db1de89
0x1a90f744:   0431dec0 0996f800 08e4a790 1a90f760
0x1a90f754:   3dafa616 0431dec0 1217f5e8 1a90f7ac
0x1a90f764:   6d4130be 08e4a790 09b49e27 0996f910
0x1a90f774:   1a90f7b4 08e4a790 00000000 00000010
0x1a90f784:   100a4530 00000000 1a90f78c 00000000
0x1a90f794:   1a90f7c0 12186bb0 00000000 1217f5e8

Instructions: (pc=0x3dc69889)
0x3dc69879:   14 eb f4 3d 8b 3d b8 13 a2 3d 8b f1 ff d7 33 db
0x3dc69889:   39 98 f0 00 00 00 74 1f ff 35 14 eb f4 3d ff d7


Stack: [0x1a810000,0x1a910000],  sp=0x1a90f724,  free space=1021k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [mshtml.dll+0x249889]
C  [mshtml.dll+0xfde89]
C  [mshtml.dll+0xda616]
C  [jp2iexp.dll+0x30be]
j  sun.plugin2.main.server.IExplorerPlugin.javaScriptReleaseObject(Lsun/plugin2/liveconnect/BrowserSideObject;)V+4
j  sun.plugin2.main.server.LiveConnectSupport$PerPluginInfo.releaseAllObjects()V+34
j  sun.plugin2.main.server.LiveConnectSupport.shutdown(I)V+42
j  sun.plugin2.main.server.JVMInstance.unregisterApplet(I)V+63
j  sun.plugin2.main.server.JVMInstance.dispose()V+67
j  sun.plugin2.main.server.JVMInstance.access$2600(Lsun/plugin2/main/server/JVMInstance;)V+1
j  sun.plugin2.main.server.JVMInstance$Listener.jvmExited(Lsun/plugin2/jvm/JVMLauncher;)V+86
j  sun.plugin2.jvm.JVMLauncher.fireJVMExited()V+31
j  sun.plugin2.jvm.JVMLauncher.access$300(Lsun/plugin2/jvm/JVMLauncher;)V+1
j  sun.plugin2.jvm.JVMLauncher$JVMWatcher.run()V+50
j  java.lang.Thread.run()V+11
v  ~StubRoutines::call_stub
V  [jvm.dll+0xecfac]
V  [jvm.dll+0x1741d1]
V  [jvm.dll+0xed177]
V  [jvm.dll+0xed1ed]
V  [jvm.dll+0x1162a0]
V  [jvm.dll+0x1d03a4]
V  [jvm.dll+0x173e4c]
C  [MSVCR71.dll+0x9565]
C  [kernel32.dll+0xb729]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  sun.plugin2.main.server.IExplorerPlugin.iUnknownRelease(J)V+0
j  sun.plugin2.main.server.IExplorerPlugin.javaScriptReleaseObject(Lsun/plugin2/liveconnect/BrowserSideObject;)V+4
j  sun.plugin2.main.server.LiveConnectSupport$PerPluginInfo.releaseAllObjects()V+34
j  sun.plugin2.main.server.LiveConnectSupport.shutdown(I)V+42
j  sun.plugin2.main.server.JVMInstance.unregisterApplet(I)V+63
j  sun.plugin2.main.server.JVMInstance.dispose()V+67
j  sun.plugin2.main.server.JVMInstance.access$2600(Lsun/plugin2/main/server/JVMInstance;)V+1
j  sun.plugin2.main.server.JVMInstance$Listener.jvmExited(Lsun/plugin2/jvm/JVMLauncher;)V+86
j  sun.plugin2.jvm.JVMLauncher.fireJVMExited()V+31
j  sun.plugin2.jvm.JVMLauncher.access$300(Lsun/plugin2/jvm/JVMLauncher;)V+1
j  sun.plugin2.jvm.JVMLauncher$JVMWatcher.run()V+50
j  java.lang.Thread.run()V+11
v  ~StubRoutines::call_stub

---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
=>0x0996f800 JavaThread "Thread-2" [_thread_in_native, id=3924, stack(0x1a810000,0x1a910000)]
  0x09947800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=5936, stack(0x0c140000,0x0c240000)]
  0x09903c00 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=6960, stack(0x0bf40000,0x0c040000)]
  0x098fdc00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=7400, stack(0x0be40000,0x0bf40000)]
  0x098fc400 JavaThread "Attach Listener" daemon [_thread_blocked, id=6924, stack(0x096c0000,0x097c0000)]
  0x098fb000 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5804, stack(0x074e0000,0x075e0000)]
  0x098eb000 JavaThread "Finalizer" daemon [_thread_blocked, id=8172, stack(0x0bd40000,0x0be40000)]
  0x098e6800 JavaThread "Reference Handler" daemon [_thread_blocked, id=8168, stack(0x0bc40000,0x0bd40000)]
  0x00d4a000 JavaThread "main" [_thread_in_native, id=7656, stack(0x018f0000,0x01af0000)]

Other Threads:
  0x098e3800 VMThread [stack: 0x0bb40000,0x0bc40000] [id=7596]
  0x09905c00 WatcherThread [stack: 0x0c040000,0x0c140000] [id=7452]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
 def new generation   total 960K, used 674K [0x10010000, 0x10110000, 0x10280000)
  eden space 896K,  68% used [0x10010000, 0x100a8be0, 0x100f0000)
  from space 64K, 100% used [0x10100000, 0x10110000, 0x10110000)
  to   space 64K,   0% used [0x100f0000, 0x100f0000, 0x10100000)
 tenured generation   total 4096K, used 251K [0x10280000, 0x10680000, 0x12010000)
   the space 4096K,   6% used [0x10280000, 0x102bee08, 0x102bf000, 0x10680000)
 compacting perm gen  total 12288K, used 3851K [0x12010000, 0x12c10000, 0x16010000)
   the space 12288K,  31% used [0x12010000, 0x123d2f68, 0x123d3000, 0x12c10000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x0049c000 	C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 - 0x7c9b2000 	C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 	C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 	C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f02000 	C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 	C:\WINDOWS\system32\Secur32.dll
0x7e410000 - 0x7e4a1000 	C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 	C:\WINDOWS\system32\GDI32.dll
0x77c10000 - 0x77c68000 	C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 	C:\WINDOWS\system32\SHLWAPI.dll
0x7c9c0000 - 0x7d1d7000 	C:\WINDOWS\system32\SHELL32.dll
0x774e0000 - 0x7761d000 	C:\WINDOWS\system32\ole32.dll
0x3dfd0000 - 0x3e1b8000 	C:\WINDOWS\system32\iertutil.dll
0x78130000 - 0x78262000 	C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771ab000 	C:\WINDOWS\system32\OLEAUT32.dll
0x76390000 - 0x763ad000 	C:\WINDOWS\system32\IMM32.DLL
0x629c0000 - 0x629c9000 	C:\WINDOWS\system32\LPK.DLL
0x74d90000 - 0x74dfb000 	C:\WINDOWS\system32\USP10.dll
0x773d0000 - 0x774d3000 	C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 - 0x5d12a000 	C:\WINDOWS\system32\comctl32.dll
0x3e1c0000 - 0x3ec52000 	C:\WINDOWS\system32\IEFRAME.dll
0x763b0000 - 0x763f9000 	C:\WINDOWS\system32\comdlg32.dll
0x451f0000 - 0x451f6000 	C:\Program Files\Internet Explorer\xpshims.dll
0x5ad70000 - 0x5ada8000 	C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476c000 	C:\WINDOWS\system32\MSCTF.dll
0x60000000 - 0x60005000 	C:\Program Files\Real\RealPlayer\rpchromebrowserrecordhelper.dll
0x7c340000 - 0x7c396000 	C:\WINDOWS\system32\MSVCR71.dll
0x10000000 - 0x10004000 	C:\Program Files\Unlocker\UnlockerHook.dll
0x00d50000 - 0x00d56000 	c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll
0x671e0000 - 0x671ed000 	C:\Program Files\Support.com\bin\sdchook.dll
0x67c70000 - 0x67cbc000 	C:\Program Files\Support.com\bin\FULLSOFT.DLL
0x77c00000 - 0x77c08000 	C:\WINDOWS\system32\VERSION.dll
0x01620000 - 0x018e5000 	C:\WINDOWS\system32\xpsp2res.dll
0x76fd0000 - 0x7704f000 	C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 	C:\WINDOWS\system32\COMRes.dll
0x439b0000 - 0x439f0000 	C:\Program Files\Internet Explorer\ieproxy.dll
0x77920000 - 0x77a13000 	C:\WINDOWS\system32\SETUPAPI.dll
0x3d930000 - 0x3da16000 	C:\WINDOWS\system32\WININET.dll
0x01e20000 - 0x01e29000 	C:\WINDOWS\system32\Normaliz.dll
0x71ab0000 - 0x71ac7000 	C:\WINDOWS\system32\ws2_32.dll
0x71aa0000 - 0x71aa8000 	C:\WINDOWS\system32\WS2HELP.dll
0x71a50000 - 0x71a8f000 	C:\WINDOWS\System32\mswsock.dll
0x77b40000 - 0x77b62000 	C:\WINDOWS\system32\appHelp.dll
0x76f20000 - 0x76f47000 	C:\WINDOWS\system32\DNSAPI.dll
0x76fc0000 - 0x76fc6000 	C:\WINDOWS\system32\rasadhlp.dll
0x75cf0000 - 0x75d81000 	C:\WINDOWS\system32\MLANG.dll
0x755c0000 - 0x755ee000 	C:\WINDOWS\system32\msctfime.ime
0x02940000 - 0x02975000 	c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
0x029a0000 - 0x02a03000 	c:\PROGRA~1\mcafee\SITEAD~1\mcbrwctl.dll
0x708f0000 - 0x70903000 	C:\WINDOWS\system32\asycfilt.dll
0x69400000 - 0x69411000 	c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL
0x7d1e0000 - 0x7d49c000 	C:\WINDOWS\system32\msi.dll
0x03570000 - 0x03587000 	C:\Program Files\comcasttb\comcastdx.dll
0x74980000 - 0x74a94000 	C:\WINDOWS\system32\msxml3.dll
0x38a70000 - 0x38a7c000 	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
0x03ab0000 - 0x03b4b000 	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x03b70000 - 0x03bfc000 	C:\Program Files\comcasttb\comcasttb.dll
0x4ec50000 - 0x4edf6000 	C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll
0x74c80000 - 0x74cac000 	C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760e5000 	C:\WINDOWS\system32\MSVCP60.dll
0x73000000 - 0x73026000 	C:\WINDOWS\system32\WINSPOOL.DRV
0x3da20000 - 0x3dfcd000 	C:\WINDOWS\system32\mshtml.dll
0x03c50000 - 0x03c79000 	C:\WINDOWS\system32\msls31.dll
0x76bf0000 - 0x76bfb000 	C:\WINDOWS\system32\PSAPI.DLL
0x72ea0000 - 0x72f0f000 	C:\WINDOWS\system32\ieapfltr.dll
0x77a80000 - 0x77b15000 	C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 	C:\WINDOWS\system32\MSASN1.dll
0x04380000 - 0x04463000 	C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
0x71ad0000 - 0x71ad9000 	C:\WINDOWS\system32\WSOCK32.dll
0x76c90000 - 0x76cb8000 	C:\WINDOWS\system32\imagehlp.dll
0x76b40000 - 0x76b6d000 	C:\WINDOWS\system32\WINMM.dll
0x76380000 - 0x76385000 	C:\WINDOWS\system32\MSIMG32.dll
0x76d60000 - 0x76d79000 	C:\WINDOWS\system32\iphlpapi.dll
0x5b860000 - 0x5b8b5000 	C:\WINDOWS\system32\NETAPI32.dll
0x76ee0000 - 0x76f1c000 	C:\WINDOWS\system32\RASAPI32.dll
0x76e90000 - 0x76ea2000 	C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000 	C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 	C:\WINDOWS\system32\rtutils.dll
0x77c70000 - 0x77c94000 	C:\WINDOWS\system32\msv1_0.dll
0x68000000 - 0x68036000 	C:\WINDOWS\system32\rsaenh.dll
0x769c0000 - 0x76a74000 	C:\WINDOWS\system32\USERENV.dll
0x722b0000 - 0x722b5000 	C:\WINDOWS\system32\sensapi.dll
0x7e720000 - 0x7e7d0000 	C:\WINDOWS\system32\SXS.DLL
0x047c0000 - 0x04841000 	C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
0x04c30000 - 0x04ce7000 	C:\Program Files\eBay\eBay Toolbar2\siteUS-Y.dll
0x04d10000 - 0x04d1f000 	C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
0x76360000 - 0x76370000 	C:\WINDOWS\system32\WINSTA.dll
0x04d80000 - 0x04d91000 	C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
0x7c420000 - 0x7c4a7000 	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x04db0000 - 0x04dc0000 	C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x04dd0000 - 0x04ee0000 	C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
0x59a60000 - 0x59b01000 	C:\WINDOWS\system32\dbghelp.dll
0x05110000 - 0x05279000 	C:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll
0x06300000 - 0x063d5000 	C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x5edd0000 - 0x5ede7000 	C:\WINDOWS\system32\olepro32.dll
0x064f0000 - 0x06572000 	C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
0x7c3a0000 - 0x7c41b000 	C:\WINDOWS\system32\MSVCP71.dll
0x06590000 - 0x0690f000 	c:\program files\google\googletoolbar2.dll
0x76c30000 - 0x76c5e000 	C:\WINDOWS\system32\WINTRUST.dll
0x06940000 - 0x069ff000 	C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
0x472b0000 - 0x47337000 	C:\Program Files\Windows Live Toolbar\msntb.dll
0x06a30000 - 0x06a36000 	C:\Program Files\Windows Live Toolbar\en-us\mtbres.dll.mui
0x06a40000 - 0x06a4a000 	C:\Program Files\Windows Live Toolbar\mtbres.dll
0x6d440000 - 0x6d44c000 	C:\Program Files\Java\jre6\bin\jp2ssv.dll
0x6dae0000 - 0x6daf2000 	C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
0x662b0000 - 0x66308000 	C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 	C:\WINDOWS\System32\wshtcpip.dll
0x06a80000 - 0x06aac000 	C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
0x71d40000 - 0x71d5b000 	C:\WINDOWS\system32\actxprxy.dll
0x63380000 - 0x63434000 	C:\WINDOWS\system32\jscript.dll
0x746f0000 - 0x7471a000 	C:\WINDOWS\system32\msimtf.dll
0x63000000 - 0x63057000 	C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\YTBM.dll
0x01120000 - 0x01150000 	C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll
0x01160000 - 0x01180000 	C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\YCAPlugin.dll
0x767f0000 - 0x76817000 	C:\WINDOWS\system32\schannel.dll
0x68100000 - 0x68126000 	C:\WINDOWS\system32\dssenh.dll
0x75e60000 - 0x75e73000 	C:\WINDOWS\system32\cryptnet.dll
0x4d4f0000 - 0x4d549000 	C:\WINDOWS\system32\WINHTTP.dll
0x76f60000 - 0x76f8c000 	C:\WINDOWS\system32\WLDAP32.dll
0x77690000 - 0x776b1000 	C:\WINDOWS\system32\NTMARTA.DLL
0x71bf0000 - 0x71c03000 	C:\WINDOWS\system32\SAMLIB.dll
0x6d410000 - 0x6d42c000 	C:\Program Files\Java\jre6\bin\jp2iexp.dll
0x76fb0000 - 0x76fb8000 	C:\WINDOWS\System32\winrnr.dll
0x6d800000 - 0x6da8b000 	C:\PROGRA~1\Java\jre6\bin\client\jvm.dll
0x6d7b0000 - 0x6d7bc000 	C:\PROGRA~1\Java\jre6\bin\verify.dll
0x6d330000 - 0x6d34f000 	C:\PROGRA~1\Java\jre6\bin\java.dll
0x6d290000 - 0x6d298000 	C:\PROGRA~1\Java\jre6\bin\hpi.dll
0x6d7f0000 - 0x6d7ff000 	C:\PROGRA~1\Java\jre6\bin\zip.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic

Environment Variables:
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystemUSERNAME=gbredehoeft
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel



---------------  S Y S T E M  ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 1 (1 cores per cpu, 1 threads per core) family 15 model 4 stepping 1, cmov, cx8, fxsr, mmx, sse, sse2, sse3

Memory: 4k page, physical 522224k(68612k free), swap 1787388k(243508k free)

vm_info: Java HotSpot(TM) Client VM (14.1-b02) for windows-x86 JRE (1.6.0_15-b03), built on Jul 25 2009 01:22:46 by "java_re" with MS VC++ 7.1

time: Wed Aug 26 22:09:56 2009
elapsed time: 1116 seconds



REPRODUCIBILITY :
This bug can be reproduced often.

SUPPORT :
YES
Comments
EVALUATION The root cause of the crash is that MSHTML is using COM STA thread model, which means any thread other than the one created the object should never use the pointer directly to call the COM object. From the disassembler we can see the NULL comes from a call to TlsGetValue, which tries to access a value put into thread local storage, and obviously won't be there because it's in a different thread than expected. === Trace of plugin Sat Sep 4 11:13:59.143 2010 (UTC - 7:00): IUnknown::Release: 02FB01F8 Sat Sep 4 11:13:59.156 2010 (UTC - 7:00): IUnknown::Release: 02FB01F8 => 1. Error: 0 Sat Sep 4 11:13:59.168 2010 (UTC - 7:00): (15ec.128c): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=00000000 ecx=00000028 edx=003a43a0 esi=03001e20 edi=0038128c eip=3d0228ba esp=09d0f838 ebp=09d0f850 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 mshtml!COmWindowProxy::Passivate+0x17: 3d0228ba 399838010000 cmp dword ptr [eax+138h],ebx ds:0023:00000138=???????? === Disassembler of the code path of the crash mshtml!COmWindowProxy::Passivate: 3d0228a3 8bff mov edi,edi 3d0228a5 53 push ebx 3d0228a6 56 push esi 3d0228a7 57 push edi 3d0228a8 ff35d49c1a3d push dword ptr [mshtml!g_dwTls (3d1a9cd4)] 3d0228ae 8b3d1013ea3c mov edi,dword ptr [mshtml!_imp__TlsGetValue (3cea1310)] 3d0228b4 8bf1 mov esi,ecx 3d0228b6 ffd7 call edi 3d0228b8 33db xor ebx,ebx 3d0228ba 399838010000 cmp dword ptr [eax+138h],ebx ds:0023:00000138=???????? 3d0228c0 741f je mshtml!COmWindowProxy::Passivate+0x3e (3d0228e1) 3d0228c2 ff35d49c1a3d push dword ptr [mshtml!g_dwTls (3d1a9cd4)] === Heap info of the pointer cause the crash 0:023> !heap -p -a 02FB01F8 address 02fb01f8 found in _HEAP @ 250000 HEAP_ENTRY Size Prev Flags UserPtr UserSize - state 02fb01d0 000c 0000 [03] 02fb01f8 00028 - (busy) ? mshtml!g_IndexFEATURE_MSHTML_AUTOLOAD_IEFRAME+28 7c949564 ntdll!RtlAllocateHeapSlowly+0x00000044 7c918f01 ntdll!RtlAllocateHeap+0x00000e64 381504 vfbasics!AVrfpRtlAllocateHeap+0x000000c3 3cf50924 mshtml!_MemAlloc+0x00000023 3cf54488 mshtml!CreateTearOffThunk+0x0000004a 3cf543be mshtml!CreateTearOffThunk+0x0000001f 3cf6abe5 mshtml!CElement::PrivateQueryInterface+0x00000282 3d02238d mshtml!CHeadElement::PrivateQueryInterface+0x00000062 3cf54409 mshtml!PlainQueryInterface+0x0000004e 3e24c3f1 IEFRAME!ATL::CComQIPtr<IHTMLElement,&_GUID_3050f1ff_98b5_11cf_bb82_00aa00bdce0b>::CComQIPtr<IHTMLElement,&_GUID_3050f1ff_98b5_11cf_bb82_00aa00bdce0b>+0x0000001d 3e24c2b4 IEFRAME!CDocObjectHost::_FindFeedLinks+0x00000202 3e2508d9 IEFRAME!CDocObjectHost::_HandleShdocvwCmds+0x0000013b 3e25ebd3 IEFRAME!CDocObjectHost::Exec+0x0000013e 3cf46ea6 mshtml!CTExec+0x00000040 3cf08360 mshtml!CMarkup::OnLoadStatusParseDone+0x0000008a 3cf082de mshtml!CMarkup::OnLoadStatus+0x0000008b
07-09-2010