Trivial steps to crash on first shutdown of each Zip nightly, (or) after <compreg.dat> (re)creation; related to <THEBES.DLL>

RESOLVED DUPLICATE of bug 398084

Status

SeaMonkey
Find In Page
--
critical
RESOLVED DUPLICATE of bug 398084
10 years ago
9 years ago

People

(Reporter: sgautherie, Unassigned)

Tracking

({crash, regression})

Trunk
seamonkey2.0a1
x86
Windows 2000
crash, regression

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

10 years ago
[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a8pre) Gecko/2007081902 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4)

1. Download new Zip nightly.
2. Unzip it.
3. Start Browser (+ Error Console), with new/old profile.
4. Quit.
4r. Crash Reporter dialog saying "crash but no report".

This has been going on for a while;
I think it's a "regression" but I didn't try to look for a timeframe.
I'm not sure now, but maybe it happened before the new Crash Reporter was hooked up and it was DrWatson which was triggered ?

NB: +/- similar reports I found: bug 384939 (Core), bug 388241 (SeaMonkey).
(Reporter)

Comment 1

10 years ago
[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a8pre) Gecko/2007090602 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4)

Narrower steps:
0. (SeaMonkey not being loaded.)
1. Delete <_:\Documents and Settings\___\Application Data\mozilla.org\SeaMonkey\Profiles\___\compreg.dat>.
2. Start Browser. (with/without JS Console)
3. Press Ctrl+C. (selecting a text before doesn't matter) <-- Crash cause.!.
4. (doesn't really matter if you do something else in between either.)
5. Exit/Quit the application. (doesn't matter how either.)
4r. Crash.

NB: If you try it with a new profile, it only happens _after_ the 1st profile use. (This part [maybe the whole bug ?] is most probably related to bug 373512 !)
(Reporter)

Comment 2

10 years ago
(In reply to comment #1)
> NB: If you try it with a new profile, it only happens _after_ the 1st profile
> use. (This part [maybe the whole bug ?] is most probably related to bug 373512
> !)

(Sorry, I can't reproduce that last part :-[ The steps stand.)
Summary: Crash on first shutdown of each Zip nightly. → Trivial steps to crash on first shutdown of each Zip nightly, (or) after <compreg.dat> (re)creation
(Reporter)

Comment 3

10 years ago
[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a8pre) Gecko/2007090504 Minefield/3.0a8pre] (nightly) (W2Ksp4)

No bug with FireFox.
(Reporter)

Comment 4

10 years ago
[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a8pre) Gecko/2007091502 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4)

(Wondering if this bug has changed, or if its behaviour is +/- random, or what...)

"Today", not needing to select text or copy it at all.

1st case, Start usual profile with JSConsole:
Using Alt+F4, closing browser before console: no bug;
Using Alt+F4, closing console before browser: bug.

2nd case, Create and Start new profile with no commandline options:
Use Alt+F4 to close browser after default page loaded: bug.
Use Ctrl+W or Ctrl+Q or mouse to close the window: no bug.

NB:  If only Crash Reporter would work on my computer and send reports...
(Reporter)

Comment 5

10 years ago
[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9b2pre) Gecko/2007111003 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4)

After bug 399341 patch landed,
new <submit.log> is created ... but is empty :-<
(Reporter)

Comment 6

10 years ago
(
Missing dump is caused by bug 382124 :-<

With an updated DLL, I could submit
<http://crash-stats.mozilla.com/report/index/40387f33-8f93-11dc-9653-001a4bd43ed6?date=2007-11-10-13>
(Took a moment before showing up ... Does not show any details (yet) :-()
)
(Reporter)

Comment 7

10 years ago
Dependency Walker reports
[
{...}
Thread 10 exited with code 0 (0x0).
First chance exception 0xC0000005 (Access Violation) occurred in "...\seamonkey\THEBES.DLL" at address 0x61165E82 by thread 1.
Second chance exception 0xC0000005 (Access Violation) occurred in "...\seamonkey\THEBES.DLL" at address 0x61165E82 by thread 1.
Thread 2 exited with code 128 (0x80).
Thread 5 exited with code 128 (0x80).
Thread 4 exited with code 128 (0x80).
Thread 8 exited with code 128 (0x80).
Thread 16 exited with code 128 (0x80).
Thread 3 exited with code 128 (0x80).
Exited "...\seamonkey\SEAMONKEY.EXE" (process 0x27C) with code 128 (0x80) by thread 1.
]
Summary: Trivial steps to crash on first shutdown of each Zip nightly, (or) after <compreg.dat> (re)creation → Trivial steps to crash on first shutdown of each Zip nightly, (or) after <compreg.dat> (re)creation; related to <THEBES.DLL>
(Reporter)

Comment 8

10 years ago
WinDbg reports
{{

(400.6a8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=0340da01 ecx=00000000 edx=007b0608 esi=00000000 edi=0340dac0
eip=61165e82 esp=0012fab0 ebp=0012fb40 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010246
thebes!nsExpirationTracker<gfxFont,3>::AddObject+0x4:
61165e82 8b4618          mov     eax,dword ptr [esi+18h] ds:0023:00000018=????????

0:000> kp
ChildEBP RetAddr  
0012fab4 611661f7 thebes!nsExpirationTracker<gfxFont,3>::AddObject(class gfxFont * aObj = 0x6021ada0)+0x4 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\objdir\dist\include\xpcom\nsexpirationtracker.h @ 125]
0012fac0 61166a55 thebes!gfxFontCache::NotifyReleased(class gfxFont * aFont = 0x6021ada0)+0xc [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\gfx\thebes\src\gfxfont.cpp @ 149]
0012fac8 61167387 thebes!gfxFont::Release(void)+0x14 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\objdir\dist\include\thebes\gfxfont.h @ 364]
0012fad0 611675a7 thebes!gfxTextRun::GlyphRun::`scalar deleting destructor'(void)+0xe
0012fae0 611676b0 thebes!nsTArray<gfxTextRun::GlyphRun>::DestructRange(unsigned int start = 0x6021ada0, unsigned int count = 0x611e268e)+0x1e [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\objdir\dist\include\xpcom\nstarray.h @ 698]
0012faf0 61167c12 thebes!nsTArray<gfxTextRun::GlyphRun>::RemoveElementsAt(unsigned int start = 0x6021ada0, unsigned int count = 0x611e268e)+0x10 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\objdir\dist\include\xpcom\nstarray.h @ 550]
0012fb00 61167c71 thebes!nsTArray<gfxTextRun::GlyphRun>::~nsTArray<gfxTextRun::GlyphRun>(void)+0xe [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\objdir\dist\include\xpcom\nstarray.h @ 267]
0012fb08 61167d9c thebes!gfxTextRun::~gfxTextRun(void)+0x35 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\gfx\thebes\src\gfxfont.cpp @ 1004]
0012fb14 6021aed9 thebes!gfxTextRun::`vector deleting destructor'(void)+0x36
0012fb24 6021aaa8 gklayout!FrameTextRunCache::NotifyExpired(class gfxTextRun * aTextRun = 0x6021ada0)+0x21 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\layout\generic\nstextframethebes.cpp @ 371]
0012fb40 6021ada0 gklayout!nsExpirationTracker<gfxTextRun,3>::AgeOneGeneration(void)+0x4b [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\objdir\dist\include\xpcom\nsexpirationtracker.h @ 211]
0012fb4c 6021ae86 gklayout!nsExpirationTracker<gfxTextRun,3>::AgeAllGenerations(void)+0xe [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\objdir\dist\include\xpcom\nsexpirationtracker.h @ 234]
0012fb54 6021b2be gklayout!FrameTextRunCache::~FrameTextRunCache(void)+0xe [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\layout\generic\nstextframethebes.cpp @ 356]
0012fb5c 601e4014 gklayout!nsTextFrameTextRunCache::Shutdown(void)+0x12 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\layout\generic\nstextframethebes.cpp @ 431]
0012fb60 603782eb gklayout!nsLayoutStatics::Shutdown(void)+0x32 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\layout\build\nslayoutstatics.cpp @ 249]
0012fb78 6037946b gklayout!nsGlobalWindow::~nsGlobalWindow(void)+0x1b7 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\dom\src\base\nsglobalwindow.cpp @ 744]
0012fb80 6036e33e gklayout!nsGlobalWindow::`scalar deleting destructor'(void)+0x8
0012fb90 611e269a gklayout!nsGlobalWindow::Release(void)+0x32 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\dom\src\base\nsglobalwindow.cpp @ 913]
0012fb98 60ac40a5 xpcom_core!nsCOMPtr_base::~nsCOMPtr_base(void)+0xc [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\objdir\xpcom\build\nscomptr.cpp @ 82]
0012fbb0 60ac5255 suitetypeaheadfind!nsTypeAheadFind::~nsTypeAheadFind(void)+0xb0 [d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\extensions\typeaheadfind\src\nstypeaheadfind.cpp @ 173]

0:000> g
(400.6a8): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=0340da01 ecx=00000000 edx=007b0608 esi=00000000 edi=0340dac0
eip=61165e82 esp=0012fab0 ebp=0012fb40 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246
thebes!nsExpirationTracker<gfxFont,3>::AddObject+0x4:
61165e82 8b4618          mov     eax,dword ptr [esi+18h] ds:0023:00000018=????????

}}

Starts at: suitetypeaheadfind!nsTypeAheadFind::~nsTypeAheadFind(void)
Ends at  : thebes!nsExpirationTracker<gfxFont,3>::AddObject(class gfxFont *)

Then, it seems to be a different case, but similar to bug 398084.
Depends on: 398084

Comment 9

10 years ago
Hmm, how is this different from bug 398084?
(Reporter)

Comment 10

10 years ago
Triggering steps for the two bugs are different (keyboard/http, <compreg.dat> involved, ...);
stack trace "inner details" are different (nightly/debug, windows/linux, modified source code in the meantime, ...).

I'm saying that, for the time being, both bugs could have complementary data to help narrow down (and solve) the root cause;
even if both bugs will likely resolve as duplicates (later).
(Reporter)

Comment 11

10 years ago
(In reply to comment #6)
> <http://crash-stats.mozilla.com/report/index/40387f33-8f93-11dc-9653-001a4bd43ed6?date=2007-11-10-13>
> (Took a moment before showing up ... Does not show any details (yet) :-()

I filed the "no details" issue as bug 403529.

***

Here is report with details:
<http://crash-stats.mozilla.com/report/index/0025910a-906c-11dc-a51e-001a4bd43ed6?date=2007-11-11-15>
(Reporter)

Comment 12

10 years ago
[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9b2pre) Gecko/2007112003 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4)

Fixed by (duplicate) bug 398084.
Severity: normal → critical
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Component: General → Keyboard: Find as you Type
No longer depends on: 398084
Product: Mozilla Application Suite → Core
Resolution: --- → DUPLICATE
Target Milestone: --- → M10
Duplicate of bug: 398084
(Reporter)

Updated

10 years ago
Target Milestone: M10 → mozilla1.9 M10
(Reporter)

Comment 13

10 years ago
[
Odd, I can't reproduce this bug anymore, since I ran the fixed 20th/21th nightly (and maybe did other things.!?.):
tried 19th and 11th nightlies,
even rebooted my W2K.

(I'm looking for another mean to crash, to test bug 403529 :-/)
]
Product: Core → SeaMonkey

Updated

9 years ago
Target Milestone: mozilla1.9beta2 → seamonkey2.0a1
You need to log in before you can comment on or make changes to this bug.