Closed
Bug 323371
Opened 19 years ago
Closed 18 years ago
domwindow leak or crash [@ ClassifyWrapper] involving search bar when Greasemonkey is installed
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Assigned: dbaron)
References
Details
(Keywords: crash, memory-leak, Whiteboard: [sg:critical?])
Crash Data
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20060113 Firefox/1.6a1 Steps to reproduce: 1. Create a new profile. 2. Install Nightly Tester Tools, and restart Firefox. 3. Install Greasemonkey 0.6.4 (using NTT's "override compat"), and restart Firefox. 4. Click the monkey in the lower-right corner to disable Greasemonkey, and restart Firefox. 5a. Cmd+K, foo, Enter, Cmd+Q. (It is important that you quit immediately after the search page loads, before doing anything else.) Result: Leaked inner window 41958e0 (outer 35a4680) at address 41958e0. ... with URI "http://www.google.com/search?q=foo&start=0&ie=utf-8&oe=utf-8&client=firefox&rls=org.mozilla:en-US:unofficial". Leaked outer window 35a4680 at address 35a4680. 5b. Do the same thing, but instead of searching with Google, search with Yahoo!. Result: Similar leak. 5c. Do the same thing, but instead of searching with Google, search with Answers.com. Result: Crash [@ ClassifyWrapper] during quit. TB13933470E: 0xfc800100 ClassifyWrapper() [mozilla/dom/src/base/nsDOMClassInfo.cpp, line 5094] nsDOMClassInfo::BeginGCMark() [mozilla/dom/src/base/nsDOMClassInfo.cpp, line 5150] nsDOMClassInfo::MarkReachablePreservedWrappers() [mozilla/dom/src/base/nsDOMClassInfo.cpp, line 5032] nsEventReceiverSH::Mark() [mozilla/dom/src/base/nsDOMClassInfo.cpp, line 6706] XPC_WN_Helper_Mark() [mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1030] js_Mark() [mozilla/js/src/jsobj.c, line 4254] MarkGCThing() [mozilla/js/src/jsgc.c, line 1144] gc_lock_marker() [mozilla/js/src/jsgc.c, line 1499] JS_DHashTableEnumerate() [mozilla/js/src/jsdhash.c, line 621] js_GC() [mozilla/js/src/jsgc.c, line 1704] js_ForceGC() [mozilla/js/src/jsgc.c, line 1511] js_DestroyContext() [mozilla/js/src/jscntxt.c, line 285] nsJSContext::~nsJSContext() [mozilla/dom/src/base/nsJSEnvironment.cpp, line 775] nsJSContext::Release() [mozilla/dom/src/base/nsJSEnvironment.cpp, line 799] nsXBLDocGlobalObject::SetContext() [mozilla/content/xbl/src/nsXBLDocumentInfo.cpp, line 830] nsXBLDocumentInfo::~nsXBLDocumentInfo() [mozilla/content/xbl/src/nsXBLDocumentInfo.cpp, line 830] nsXBLDocumentInfo::Release() [mozilla/content/xbl/src/nsXBLDocumentInfo.cpp, line 358] nsBaseHashtableET<nsURIHashKey, nsCOMPtr<nsIXBLDocumentInfo> >::~nsBaseHashtableET<nsURIHashKey, nsCOMPtr<nsIXBLDocumentInfo> >() PL_DHashTableFinish() [mozilla/xpcom/build/pldhash.c, line 347] nsBindingManager::~nsBindingManager() nsBindingManager::Release() nsDocument::~nsDocument() [mozilla/content/base/src/nsDocument.cpp, line 62] nsXMLDocument::~nsXMLDocument() [mozilla/content/xml/document/src/nsXMLDocument.cpp, line 189] nsXULDocument::~nsXULDocument() [mozilla/content/xul/document/src/nsXULDocument.cpp, line 375] nsDocument::Release() [mozilla/content/base/src/nsDocument.cpp, line 850] nsEventStateManager::~nsEventStateManager() [mozilla/content/events/src/nsEventStateManager.cpp, line 213] nsEventStateManager::Release() [mozilla/content/events/src/nsEventStateManager.cpp, line 398] nsCOMArray_base::~nsCOMArray_base() [mozilla/xpcom/build/nsCOMArray.cpp, line 59] nsObserverEnumerator::Release() [mozilla/xpcom/ds/nsObserverList.cpp, line 149] nsObserverService::NotifyObservers() [mozilla/xpcom/ds/nsObserverService.cpp, line 830] NS_ShutdownXPCOM_P() [mozilla/xpcom/build/nsXPComInit.cpp, line 736] ScopedXPCOMStartup::~ScopedXPCOMStartup() [mozilla/toolkit/xre/nsAppRunner.cpp, line 556] XRE_main() [mozilla/toolkit/xre/nsAppRunner.cpp, line 2342] _start() start()
|
Reporter | |
Comment 1•19 years ago
|
||
The leak still happens in the Jan 19 nightly for Mac OS X. So does the crash (in the answers.com case), but the crash signature is different now.
Whiteboard: [sg:critical?]
|
|
Reporter | |
Comment 2•19 years ago
|
||
Thread 0 Crashed: 0 <<00000000>> 0x00000000 0 + 0 1 libxpcom_core.dylib 0x10001e64 PL_DHashTableEnumerate + 120 2 org.mozilla.firefox 0x00273e94 nsDOMClassInfo::BeginGCMark() + 100 3 org.mozilla.firefox 0x00273c28 nsDOMClassInfo::MarkReachablePreservedWrappers(nsIDOMGCParticipant*, JSContext*, void*) + 60 4 org.mozilla.firefox 0x002770d8 nsDOMGCParticipantSH::Mark(nsIXPConnectWrappedNative*, JSContext*, JSObject*, void*, unsigned*) + 76 5 org.mozilla.firefox 0x00471e78 GetIdentityObject(JSContext*, JSObject*) + 3080 6 libmozjs.dylib 0x06048658 js_Mark + 292 7 libmozjs.dylib 0x0602a8bc js_MarkAtom + 596 8 libmozjs.dylib 0x0602ae04 js_MarkGCThing + 200 9 libmozjs.dylib 0x06017d40 JS_DHashTableEnumerate + 120 10 libmozjs.dylib 0x0602b100 js_GC + 660 11 libmozjs.dylib 0x0602ae58 js_ForceGC + 64 12 libmozjs.dylib 0x0600e698 js_DestroyContext + 380 13 org.mozilla.firefox 0x00292c40 nsJSContext::~nsJSContext [unified]() + 244 14 org.mozilla.firefox 0x00292f3c nsJSContext::Release() + 68 15 org.mozilla.firefox 0x0075fde4 nsXBLDocGlobalObject::SetContext(nsIScriptContext*) + 28 16 org.mozilla.firefox 0x007604b4 nsXBLDocumentInfo::~nsXBLDocumentInfo [unified]() + 92 17 org.mozilla.firefox 0x00760190 nsXBLDocumentInfo::Release() + 68 18 org.mozilla.firefox 0x009c24ac MOZ_Z__length_code + 106288 19 libxpcom_core.dylib 0x10001860 PL_DHashTableFinish + 108 20 org.mozilla.firefox 0x0058a170 nsBindingManager::~nsBindingManager [unified]() + 180 21 org.mozilla.firefox 0x00589e14 nsBindingManager::Release() + 64 22 org.mozilla.firefox 0x001fc678 nsDocument::~nsDocument [unified]() + 1492 23 org.mozilla.firefox 0x001b45fc nsXMLDocument::~nsXMLDocument [unified]() + 216 24 org.mozilla.firefox 0x001b6c00 nsXULDocument::~nsXULDocument [unified]() + 912 25 org.mozilla.firefox 0x001fd06c nsDocument::Release() + 68 26 org.mozilla.firefox 0x00527804 nsEventStateManager::~nsEventStateManager [unified]() + 348 27 org.mozilla.firefox 0x00527c70 nsEventStateManager::Release() + 68 28 libxpcom_core.dylib 0x10002508 nsCOMArray_base::~nsCOMArray_base [unified]() + 96 29 libxpcom_core.dylib 0x10012964 nsObserverEnumerator::Release() + 92 30 libxpcom_core.dylib 0x10013138 nsObserverService::NotifyObservers(nsISupports*, char const*, unsigned short const*) + 288 31 libxpcom_core.dylib 0x1000ae3c NS_ShutdownXPCOM_P + 292 32 org.mozilla.firefox 0x00010090 ScopedXPCOMStartup::~ScopedXPCOMStartup [unified]() + 60 33 org.mozilla.firefox 0x00014504 XRE_main + 4284 34 org.mozilla.firefox 0x0000f6a8 start + 432 35 org.mozilla.firefox 0x0000f528 start + 48
|
|
Reporter | |
Comment 3•19 years ago
|
||
Sometimes it aborts instead of crashing, and sometimes it crashes with a scarier signature. It always crashes or aborts, except when I run it under gdb, in which case it always exits normally.
|
|
Reporter | |
Updated•19 years ago
|
Flags: blocking1.9a1?
|
|
Reporter | |
Comment 4•19 years ago
|
||
Bug 325279 is another crash [@ ClassifyWrapper] that involves Greasemonkey.
|
||
Comment 5•19 years ago
|
||
I can also reproduce: Incident ID: TB14028513 Stack Signature 0x00000000 6f262c31 Product ID FirefoxTrunk Build ID 2006011506 Trigger Time 2006-01-16 07:58:37.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module URL visited about:blank User Comments Crash on startup. TBID: monks Since Last Crash 5995 sec Total Uptime 5995 sec Trigger Reason Access violation Source File, Line No. N/A Stack Trace 0x00000000 ClassifyWrapper [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 5096] nsDOMClassInfo::BeginGCMark [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 5139] nsDOMClassInfo::MarkReachablePreservedWrappers [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 5032] nsEventReceiverSH::Mark [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 6706] XPC_WN_Helper_Mark [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1030] js_Mark [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsobj.c, line 4252] MarkGCThing [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1146] MarkGCThing [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1233] MarkGCThing [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1233] MarkGCThing [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1233] MarkGCThing [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1233] js_MarkGCThing [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1446] js_GC [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1702] js_ForceGC [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1510] Only for me, it happened on open, and only happened once after upgrading to 2006011506 with the AUS.
|
Assignee | |
Comment 6•19 years ago
|
||
This is almost definitely the same as bug 325279. Bug 325279 comment 10 describes a simple scenario that causes a leak to turn into a shutdown crash.
|
|
Assignee | |
Updated•19 years ago
|
Assignee: general → dbaron
|
|
Reporter | |
Comment 7•18 years ago
|
||
I can't reproduce the crash with yesterday's nightly (before the patch for bug 325279 went in), so I'll mark this as wfm instead of dup/fixed. I'll file a new bug for the leak if I can still reproduce it.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
|
|
Reporter | |
Comment 8•18 years ago
|
||
The leak is gone too (testing with leak-gauge.pl and today's nightly).
|
||
Updated•17 years ago
|
Flags: blocking1.9a1?
|
||
Updated•13 years ago
|
Crash Signature: [@ ClassifyWrapper]
|
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•