Closed
Bug 428478
Opened 17 years ago
Closed 16 years ago
Crash after closing tab on which I had Gmail opened (with remember the milk extension)
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: miguel.ventura, Unassigned)
Details
(Keywords: crash)
Attachments
(3 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5
This happened after some interaction with Gmail. It was the tab that was currently opened. When it crashed, windbg was attached and I was able to create a dump.
Reproducible: Couldn't Reproduce
Steps to Reproduce:
1. Open Gmail in a new tab.
2. Interact for a while with it (leave it open for some hours).
3. Close that tab!
Actual Results:
Browser crashed
Expected Results:
Browser should have closed the tab and remain working properly.
Stack from the dump:
0:000> kb
ChildEBP RetAddr Args to Child
0012e61c 7c90e9ab 7c86372c 00000002 0012e790 ntdll!KiFastSystemCallRet
0012e620 7c86372c 00000002 0012e790 00000001 ntdll!ZwWaitForMultipleObjects+0xc
0012ed8c 7c8436da 0012edb4 7c839b09 0012edbc kernel32!UnhandledExceptionFilter+0x8e4
0012ed94 7c839b09 0012edbc 00000000 0012edbc kernel32!BaseProcessStart+0x39
0012edbc 7c9037bf 0012eea8 0012ffe0 0012eec4 kernel32!_except_handler3+0x61
0012ede0 7c90378b 0012eea8 0012ffe0 0012eec4 ntdll!ExecuteHandler2+0x26
0012ee90 7c90eafa 00000000 0012eec4 0012eea8 ntdll!ExecuteHandler+0x24
0012ee90 60006b6c 00000000 0012eec4 0012eea8 ntdll!KiUserExceptionDispatcher+0xe
0012f194 60006c3e 00290040 01600000 01637000 mozcrt19!arena_dalloc_small+0x1c [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\memory\jemalloc\src\jemalloc.c @ 4016]
0012f1ac 60007c90 01637000 0012f26d 0012f3b8 mozcrt19!arena_dalloc+0x2e [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\memory\jemalloc\src\jemalloc.c @ 4209]
0012f1bc 604ef8eb 01637000 00377c80 00000000 mozcrt19!free+0x20 [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\memory\jemalloc\src\jemalloc.c @ 6067]
0012f394 604f3152 00000000 0434d028 00377c80 xul!XPCWrappedNative::CallMethod+0xc6b [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp @ 2547]
0012f45c 60131d4c 00377c80 04da3a80 00000000 xul!XPC_WN_CallMethod+0x122 [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp @ 1470]
0012f520 6013222a 00377c80 00000000 0434d020 js3250!js_Invoke+0x2cc [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsinterp.c @ 1287]
0012f554 60135522 00377c80 04da3a80 031e3cb0 js3250!js_InternalInvoke+0xea [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsinterp.c @ 1359]
0012f580 601363df 04da3a80 00dd124c 00000000 js3250!js_TryMethod+0x82 [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsobj.c @ 4756]
0012f5a8 60134791 00377c80 04da3a80 00000003 js3250!js_DefaultValue+0x7f [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsobj.c @ 4055]
0012f610 6014164b 00377c80 04da3a80 00000000 js3250!js_ValueToString+0x101 [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsstr.c @ 2694]
0012f684 60135d56 00000000 04da3a60 60504b6b js3250!js_ReportUncaughtException+0xab [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsexn.c @ 1304]
0012f690 60504b6b 00377c80 04020660 01758b28 js3250!JS_CallFunctionValue+0x56 [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 5037]
Reporter | ||
Comment 1•17 years ago
|
||
wrt attachments, combining output is fine, if there are pieces someone wants to see prominently in the bug, they can paste them later, and for commands someone (esp. me) wants run, they can use find to jump through a log.
try this (written from memory, if they don't work as written, please check the docs and try to get something akin to the spirit):
.frame 0b
dv
dt -v methodInfo
dt -v ifaceInfo
what i'm fishing for here is the name of the interface/method being called. The methdo name is typically only easily available as a number, but if you get the interface name, then xpt_dump.exe will give you the items in order and we can count. (you can also do the counting using the .idl files, it's basically 0=qi, 1=addref, 2=release, 3=first method in interface closest to nsisupports along the direct [* there's only one inheritance path, we don't allow MI for interfaces] inheritance path to the named interface, attributes that aren't readonly count for 2 (get+set)) - but we can do this later.
The other way is to try to convert jsval name into a string, which requires some bit twiddling, which I'd rather skip today.
.frame 0d
dv
dt cx
dt cx JSContext fp
dt cx JSContext fp->down
dt cx JSContext fp->down->pc
dt cx JSContext fp->down->script.
dt cx JSContext fp->down->down (repeat as with previous down)
what i'm fishing for here is the filenames and linenumbers for each function frame (from down->script), you use (pc) - (script->main) or something like that to calculate the byte offset into the script. and jsshell (info on this later) to find out the actual code that's unhappy.
references:
.hh dv
.hh dt
.hh ??
http://blogs.msdn.com/doronh/archive/2006/03/22/558329.aspx
Component: General → XPConnect
Keywords: crash
Product: Firefox → Core
QA Contact: general → xpconnect
Version: unspecified → Trunk
Reporter | ||
Comment 3•17 years ago
|
||
.frame 0b
can you fish through param_iid, the goal is to find the iid.
also, try using view locals and poking through callee, you should be able to find out which class it is (typically the QueryInterface method will include the proper c++ classname).
hey, i missed the obvious one :),
.frame 0d
dt cx JSContext fp->pc
dt cx JSContext fp->script.
Reporter | ||
Comment 5•17 years ago
|
||
Sorry for the late reply... I thought I had done it already.
@timeless: sorry, I don't know how to fish iid through param_iid :(
0:000> dt -v param_iid
Local var [AddrFlags 90 AddrOff ffffff50 Reg/Val ebp (8)] @ 0x12f2e4 Type nsID
struct nsID, 8 elements, 0x10 bytes
+0x000 m0 : 0
+0x004 m1 : 0x2f5
+0x006 m2 : 0x604f
+0x008 m3 : [8] "@???"
try searching components/xpti.dat for 604f ? the fields in param_iid are indeed what we're looking for... I'm getting sick so i'm not going to try to write more detailed instructions.
Reporter | ||
Comment 7•17 years ago
|
||
I can find no 604f nor 24655 (same in decimal) nor "\0x60\0x4f" in components\xpti.dat or <my profile dir>\xpti.dat.
Hope you get well soon :)
Comment 8•16 years ago
|
||
Miguel, still seeing this?
Reporter | ||
Comment 9•16 years ago
|
||
No, I haven't hit this crash again for a while now.
I've been upgrading to the latest 3.5 nightly every week or so.
Reporter | ||
Comment 10•16 years ago
|
||
it's been too much time without occurring again
changing status as per Wayne's suggestion
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•