Closed
Bug 492325
Opened 15 years ago
Closed 15 years ago
crash while installing addon CSSParserImpl::`scalar deleting destructor' under ScopedXPCOMStartup::~ScopedXPCOMStartup
Categories
(Firefox for Android Graveyard :: General, defect)
Firefox for Android Graveyard
General
All
Windows Mobile 6 Professional
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: blassey, Unassigned)
Details
Data Abort: Thread=88ad9880 Proc=80458840 'fennec.exe'
AKY=00400001 PC=79177014(mozce_shunt.dll+0x00007014) RA=7917b790(mozce_shunt.dll+0x0000b790) BVA=68200408 FSR=00000007
Unhandled exception at 0x79177014 in fennec.exe: 0xC0000005: Access violation reading location 0x68200408.
stack:
> mozce_shunt.dll!arena_avail_tree_remove(arena_avail_tree_t* tree = 0x64a000f0, arena_chunk_map_s* node = 0x64a000f0) Line: 3062, Byte Offsets: 0x2c C
mozce_shunt.dll!arena_run_dalloc(arena_s* arena = 0x64a000f0, arena_run_s* run = 0x64a000f0, unsigned char dirty = 255 'ÿ') Line: 3673, Byte Offsets: 0x260 C
mozce_shunt.dll!arena_dalloc_large(arena_s* arena = 0x64a000f0, arena_chunk_s* chunk = 0x64a000f0, void* ptr = 0x00000fff) Line: 4527, Byte Offsets: 0x90 C
mozce_shunt.dll!arena_dalloc(arena_s* arena = 0x64a000f0, arena_chunk_s* chunk = 0x64a000f0, void* ptr = 0x00000fff) Line: 4553, Byte Offsets: 0x268 C
mozce_shunt.dll!idalloc(void* ptr = 0x64a000f0) Line: 4567, Byte Offsets: 0x7c C
mozce_shunt.dll!free(void* ptr = 0x64a000f0) Line: 6389, Byte Offsets: 0x74 C
xul.dll!CSSParserImpl::`scalar deleting destructor'(void) Line: 0, Byte Offsets: 0xffffffff C++
xul.dll!CSSParserImpl::Release(void) Line: 704, Byte Offsets: 0xb0 C++
xul.dll!nsCanvasRenderingContext2D::~nsCanvasRenderingContext2D(void) Line: 688, Byte Offsets: 0xbc C++
xul.dll!nsCanvasRenderingContext2D::`scalar deleting destructor'(void) Line: 0, Byte Offsets: 0xffffffff C++
xul.dll!nsCanvasRenderingContext2D::Release(void) Line: 654, Byte Offsets: 0xb4 C++
xul.dll!nsHTMLCanvasElement::~nsHTMLCanvasElement(void) Line: 157, Byte Offsets: 0x14c C++
xul.dll!nsHTMLCanvasElement::`scalar deleting destructor'(void) Line: 0, Byte Offsets: 0xffffffff C++
xul.dll!nsNodeUtils::LastRelease(nsINode* aNode = 0x64a000f0) Line: 247, Byte Offsets: 0x460 C++
xul.dll!nsGenericElement::Release(void) Line: 4147, Byte Offsets: 0xb8 C++
xul.dll!nsHTMLCanvasElement::Release(void) Line: 160, Byte Offsets: 0x0c C++
xul.dll!nsXPCOMCycleCollectionParticipant::Unroot(void* p = 0x64a000f0) Line: 75, Byte Offsets: 0x14 C++
xul.dll!nsCycleCollector::CollectWhite(void) Line: 1728, Byte Offsets: 0xf4 C++
xul.dll!nsCycleCollector::FinishCollection(void) Line: 2555, Byte Offsets: 0x0c C++
xul.dll!XPCCycleCollectGCCallback(JSContext* cx = 0x64a000f0, JSGCStatus status = 1688207600) Line: 403, Byte Offsets: 0xd0 C++
js3250.dll!js_GC(JSContext* cx = 0x64a000f0, JSGCInvocationKind gckind = 1688207600) Line: 3780, Byte Offsets: 0xaa8 C++
xul.dll!nsXPConnect::Collect(void) Line: 478, Byte Offsets: 0xe0 C++
xul.dll!nsCycleCollector::Collect(unsigned int aTryCollections = 1688207600) Line: 2369, Byte Offsets: 0xc0 C++
xul.dll!nsJSContext::CC(void) Line: 3430, Byte Offsets: 0x3c C++
xul.dll!nsJSContext::MaybeCC(int aHigherProbability = 1688207600) Line: 3499, Byte Offsets: 0x134 C++
xul.dll!GCTimerFired(nsITimer* aTimer = 0x64a000f0, void* aClosure = 0x64a000f0) Line: 3543, Byte Offsets: 0x60 C++
xul.dll!nsTimerImpl::Fire(void) Line: 428, Byte Offsets: 0x338 C++
xul.dll!nsTimerEvent::Run(void) Line: 521, Byte Offsets: 0xd4 C++
xul.dll!nsThread::ProcessNextEvent(int mayWait = 1688207600, int* result = 0x00000fff) Line: 511, Byte Offsets: 0x24c C++
xul.dll!NS_ProcessNextEvent_P(nsIThread* thread = 0x64a000f0, int mayWait = 1688207600) Line: 230, Byte Offsets: 0x64 C++
xul.dll!nsThread::Shutdown(void) Line: 465, Byte Offsets: 0x1d0 C++
xul.dll!nsSocketTransportService::Shutdown(void) Line: 459, Byte Offsets: 0x110 C++
xul.dll!nsIOService::SetOffline(int offline = 1688207600) Line: 662, Byte Offsets: 0x194 C++
xul.dll!nsIOService::Observe(nsISupports* subject = 0x64a000f0, const char* topic = 0x00000fff, const wchar_t* data = 0x011301f0) Line: 830, Byte Offsets: 0xec C++
xul.dll!nsObserverList::NotifyObservers(nsISupports* aSubject = 0x64a000f0, const char* aTopic = 0x00000fff, const wchar_t* someData = 0x011301f0) Line: 128, Byte Offsets: 0xa8 C++
xul.dll!nsObserverService::NotifyObservers(nsISupports* aSubject = 0x64a000f0, const char* aTopic = 0x00000fff, const wchar_t* someData = 0x011301f0) Line: 184, Byte Offsets: 0x10c C++
xul.dll!nsXREDirProvider::DoShutdown(void) Line: 862, Byte Offsets: 0xe8 C++
xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup(void) Line: 993, Byte Offsets: 0x48 C++
xul.dll!XRE_main(int argc = 1688207600, char** argv = 0x64a000f0, nsXREAppData* aAppData = 0x00000fff) Line: 3407, Byte Offsets: 0x2604 C++
0x00012220
0x00012404
0x0001295c
0x03f67274
Comment 1•15 years ago
|
||
Is this after you attempt to "restart"?
Reporter | ||
Comment 2•15 years ago
|
||
This is before the restart, but I had been stepping the through the code so the expected timing of things may have been way off.
Comment 3•15 years ago
|
||
I faced this crash, but in my case it is in arena_avail_tree_insert instead of arena_avail_tree_remove. And I can reproduce this crash without add-ons installation. The step to reproduce is: 1. Run fennec 2. Open add-ons preference 3. Kill fennec from task manager 4. Bomb! But the crash does not always happen. Anyway, I guess this is an issue of tracemonkey. mozce_shunt.dll!arena_avail_tree_insert(arena_avail_tree_t* tree = 0x510000f0, arena_chunk_map_s* node mozce_shunt.dll!arena_run_dalloc(arena_s* arena = 0x51000040, arena_run_s* run = 0x518f8000, unsigned mozce_shunt.dll!arena_dalloc_large(arena_s* arena = 0x51000040, arena_chunk_s* chunk = 0x51800000, voi mozce_shunt.dll!arena_dalloc(arena_s* arena = 0x51000040, arena_chunk_s* chunk = 0x51800000, void* ptr mozce_shunt.dll!idalloc(void* ptr = 0x518f8000) Line: 4565, Byte Offsets: 0xb4 C mozce_shunt.dll!free(void* ptr = 0x518f8000) Line: 6389, Byte Offsets: 0x90 C mozce_shunt.dll!operator delete(void* ptr = 0x518f8000) Line: 52, Byte Offsets: 0x14 C++ xul.dll!CSSParserImpl::`scalar deleting destructor'(void) Line: 0, Byte Offsets: 0xffffffff C++ xul.dll!CSSParserImpl::Release(void) Line: 704, Byte Offsets: 0x12c C++ xul.dll!nsCOMPtr<nsICSSParser>::~nsCOMPtr<nsICSSParser>(void) Line: 511, Byte Offsets: 0x60 C++ xul.dll!nsCanvasRenderingContext2D::~nsCanvasRenderingContext2D(void) Line: 688, Byte Offsets: 0x60 C+ xul.dll!nsCanvasRenderingContext2D::`scalar deleting destructor'(void) Line: 0, Byte Offsets: 0xffffff xul.dll!nsCanvasRenderingContext2D::Release(void) Line: 654, Byte Offsets: 0x134 C++ xul.dll!nsCOMPtr<nsICanvasRenderingContextInternal>::~nsCOMPtr<nsICanvasRenderingContextInternal>(void xul.dll!nsHTMLCanvasElement::~nsHTMLCanvasElement(void) Line: 157, Byte Offsets: 0xe0 C++ xul.dll!nsHTMLCanvasElement::`scalar deleting destructor'(void) Line: 0, Byte Offsets: 0xffffffff C+ xul.dll!nsNodeUtils::LastRelease(nsINode* aNode = 0x513f3700) Line: 246, Byte Offsets: 0x3b4 C++ xul.dll!nsGenericElement::Release(void) Line: 4147, Byte Offsets: 0x104 C++ xul.dll!nsHTMLCanvasElement::Release(void) Line: 160, Byte Offsets: 0x18 C++ xul.dll!nsXPCOMCycleCollectionParticipant::Unroot(void* p = 0x513f3700) Line: 74, Byte Offsets: 0x34 xul.dll!nsCycleCollector::CollectWhite(void) Line: 1727, Byte Offsets: 0x154 C++ xul.dll!nsCycleCollector::FinishCollection(void) Line: 2555, Byte Offsets: 0x18 C++ xul.dll!nsCycleCollector_finishCollection(void) Line: 3070, Byte Offsets: 0x24 C++ xul.dll!XPCCycleCollectGCCallback(JSContext* cx = 0x512a8000, JSGCStatus status = 1) Line: 403, Byte O js3250.dll!js_GC(JSContext* cx = 0x512a8000, JSGCInvocationKind gckind = 0) Line: 3785, Byte Offsets: js3250.dll!JS_GC(JSContext* cx = 0x512a8000) Line: 2463, Byte Offsets: 0x70 C++ xul.dll!nsXPConnect::Collect(void) Line: 478, Byte Offsets: 0x12c C++ xul.dll!nsCycleCollector::Collect(unsigned int aTryCollections = 1) Line: 2369, Byte Offsets: 0x1b4 C+ xul.dll!nsCycleCollector_collect(void) Line: 3052, Byte Offsets: 0x28 C++ xul.dll!nsJSContext::CC(void) Line: 3445, Byte Offsets: 0x68 C++ xul.dll!nsJSContext::CCIfUserInactive(void) Line: 3534, Byte Offsets: 0x24 C++ xul.dll!GCTimerFired(nsITimer* aTimer = 0x513e8c40, void* aClosure = 0x00000000) Line: 3554, Byte Offs xul.dll!nsTimerImpl::Fire(void) Line: 428, Byte Offsets: 0x4e0 C++ xul.dll!nsTimerEvent::Run(void) Line: 521, Byte Offsets: 0x11c C++ xul.dll!nsThread::ProcessNextEvent(int mayWait = 0, int* result = 0x1bbae970) Line: 511, Byte Offsets: xul.dll!NS_ProcessPendingEvents_P(nsIThread* thread = 0x5122b0b0, unsigned int timeout = 4294967295) L xul.dll!NS_ShutdownXPCOM_P(nsIServiceManager* servMgr = 0x51245104) Line: 775, Byte Offsets: 0x1e4 C+ xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup(void) Line: 996, Byte Offsets: 0xb0 C++ xul.dll!XRE_main(int argc = 1, char** argv = 0x51204060, nsXREAppData* aAppData = 0x5122a040) Line: 33 0x0001224c 0x0001137c 0x0001348c 0x03f67274
Comment 4•15 years ago
|
||
I can not get valid stack traces for a few days, but still sometimes face crash. Stack trace at this time: 0x7a092fd0 0x7820c108 0x78205308 0x78209b54 0x03f6732c Unfortunately, there is no symbols since these addresses (at least top four addresses) seem to be functions in xul.dll. But xul.dll is already unloaded. The last log is: Unload module: xpcom.dll Unload module: softokn3.dll nsStringStats => mAllocCount: 13354 => mReallocCount: 2151 => mFreeCount: 12264 -- LEAKED 1090 !!! => mShareCount: 14363 => mAdoptCount: 1150 => mAdoptFreeCount: 1148 -- LEAKED 2 !!! Unload module: xul.dll Unload module: sqlite3.dll Unload module: js3250.dll Unload module: smime3.dll Unload module: ssl3.dll Prefetch Abort: Thread=9fc01000 Proc=80096ec0 'fennec.exe' Unload module: nss3.dll AKY=00001001 PC=7a092fd0(???+0x7a092fd0) RA=7820c108(nspr4.dll+0x0003c108) BVA=7a092fd0 FSR=00000407 Unload module: nssutil3.dll Unload module: plc4.dll Unhandled exception at 0x7a092fd0 in fennec.exe: 0xC0000005: Access violation reading location 0x7a092fd0. ~
Comment 5•15 years ago
|
||
(In reply to comment #4) > I can not get valid stack traces for a few days, but still sometimes face > crash. > > Stack trace at this time: > > 0x7a092fd0 > 0x7820c108 > 0x78205308 > 0x78209b54 > 0x03f6732c The first address (0x7a092fd0) seems to be this line. http://mxr.mozilla.org/mozilla-central/source/js/src/xpconnect/src/xpcjsruntime.cpp#807
ok, that's a different crash. specifically what it means is that someone managed to unload xul.dll before the watchdogthread noticed it was dead and quit.
Comment 7•15 years ago
|
||
(In reply to comment #6) > ok, that's a different crash. Yes. I can not reproduce original crash any more. Brad, can you still reproduce this crash?
hiroyuki: we don't keep using a bug every time the general description matches. if we did, we'd only need 5 bugs ("make it fast", "something crashed", "it looks wrong", "do something cool", "it hurts my eyes"). please file a new bug. For bugs involving module unloading, please get stack traces to where the module is unloaded.
Summary: crash while installing addon → crash while installing addon CSSParserImpl::`scalar deleting destructor' under ScopedXPCOMStartup::~ScopedXPCOMStartup
Reporter | ||
Comment 9•15 years ago
|
||
(In reply to comment #7) > Brad, can you still reproduce this crash? I haven't seen this crash since I reported it, but I haven't been exercising this code path since then either.
Comment 10•15 years ago
|
||
I thought this crash can reproduce when the crash (bug 494721) I mentioned in comment #4 is fixed because fix for the crash must make GC working again. I confirmed ScopedXPCOMStartup::~ScopedXPCOMStartup had never called at exit of Fennec while I faced the bug 494721. Now bug 494721 is fixed by patch for bug 494973, and ScopedXPCOMStartup::~ScopedXPCOMStartup is called again, nevertheless I can not reproduce this crash. So if Brad can not confirm this crash again, this bug should be closed.
Reporter | ||
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment 11•15 years ago
|
||
I was able to install GeoGuide and URL Fixer addons without any issue. Moving to verified via build: Mozilla/5.0 (Windows; U; WindowsCE 5.2; en-US; rv:1.9.3a1pre) Gecko/20090826 Fennec/1.0a3pre
Status: RESOLVED → VERIFIED
Updated•14 years ago
|
Component: Windows Mobile → General
QA Contact: mobile-windows → general
Hardware: ARM → All
You need to log in
before you can comment on or make changes to this bug.
Description
•