Closed Bug 785370 Opened 12 years ago Closed 11 years ago

Tbird crash in XPCWrappedNative::cycleCollection::TraverseImpl with QuickText addon

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox17 - ---
firefox18 - ---

People

(Reporter: wsmwk, Assigned: standard8)

References

(
URL
)

Details

(Keywords: crash, regression, reproducible, Whiteboard: [Update Quicktext to 0.9.11.5 if you see this crash][startupcrash][tbird crash][addon][gs])

Crash Data

#1 crash for thunderbird trunk. startup crash according to crash-stats, crash started on 2012-08-09 This bug was filed from the Socorro interface and is report bp-0e01f759-49ce-4974-8204-60b702120809 . ============================================================= 0 @0x103d4a50 1 xul.dll XPCWrappedNative::cycleCollection::TraverseImpl js/xpconnect/src/XPCWrappedNative.cpp:97 2 xul.dll GCGraphBuilder::Traverse xpcom/base/nsCycleCollector.cpp:1759 3 xul.dll nsCycleCollector::MarkRoots xpcom/base/nsCycleCollector.cpp:2082 4 xul.dll nsCycleCollectorRunner::Run xpcom/base/nsCycleCollector.cpp:3083 5 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:624 only *one* firefox crash in one month, and it is not startup bp-bc56bfab-7377-4e9d-b3a0-fa6982120815 Fx16.0a2
Component: General → XPCOM
Product: Thunderbird → Core
https://crash-stats.mozilla.com/report/index/bp-64b098b9-37ee-4f2f-80aa-a00c22120903 Appears after you click send. The window for writing and in 15-20 seconds crashes. If you disable the add error disappears.
This is currently the top crasher for Thunderbird 17 - Benjamin any idea what could be going on here ?
(In reply to adminnu from comment #1) > If you disable the add error disappears. It looks like QuickText Version 0.9.11.1 stops working in TB17 bp-12d653d4-d556-431e-97d1-9d5d22121013 nails the cause at QuickText addon. And all the crashes I examined have QuickText installed.
Whiteboard: [startupcrash] → [startupcrash][tbird topcrash][addon]
This bug has also been reported on Geckozone. Has anyone contacted QuickText's author?
The quicktext addon does not appear to use any binary components, and a pure-JS really shouldn't be able to make the cycle collector crash. mccr8, want to take a look?
That's odd. The line in question that is crashing for both of those is: cb.NoteXPCOMChild(tmp->GetIdentityObject()); GetIdentityObject just grabs a field, and cb and tmp have been touched before this, so I'm not sure what could be wrong.
Assignee: nobody → continuation
http://extensions.hesslow.se/forum/thread/622/0.9.11.3+crashes+18.x+Thunderbird+in+nightly+build/ reports crashes using TB18 but no comments from the author yet
Can anyone reproduce with QuickText installed? A straw poll of the crashes indicates QuickText on the majority of them.
URL: https://getsatisfaction.com/mozilla_m...
Whiteboard: [startupcrash][tbird topcrash][addon] → [startupcrash][tbird topcrash][addon][gs]
Steps to reproduce: 1. Launch Thunderbird 17 Beta 2. Install QuickText 0.9.11.3 3. Reply to an email. 4. Wait a few seconds until Thunderbird crashes.
Component: XPCOM → XPConnect
Summary: crash in XPCWrappedNative::cycleCollection::TraverseImpl → Tbird crash in XPCWrappedNative::cycleCollection::TraverseImpl with QuickText addon
no sign yet of a new version, so I've posted more info at hesslow.se
(In reply to Andrew McCreight [:mccr8] from comment #6) > That's odd. The line in question that is crashing for both of those is: > cb.NoteXPCOMChild(tmp->GetIdentityObject()); > > GetIdentityObject just grabs a field, and cb and tmp have been touched > before this, so I'm not sure what could be wrong. Given that this is #1 TB17 crash, this could use some immediate attention. bp-ac826979-82f9-428a-8098-438832121109 @ hang | XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)
tracking-firefox17: --- → ?
tracking-firefox18: --- → ?
Keywords: regressionwindow-wanted, reproducible, topcrash+
Somebody who knows Thunderbird needs to figure out where this corrupted XPCWrappedNative is coming from. Probably the most useful thing to do is to get the tmp->GetScriptableInfo()->GetJSClass()->name of the native, if any. I'll try poking around the addon code and see if anything jumps out at me.
Assignee: continuation → nobody
While it's an important TB topcrash, it's not a Firefox topcrasher or release-blocking priority, so we won't track this - especially for 17 which is about to ship.
tracking-firefox17: ?-
tracking-firefox18: ?-
TB17 officially released and this is #1 crash - 2k crashes in 4 hours. The original support topic is a month old, so I'm not going to be pointing users to it and invite flames. The canonical support topic will be a more recent https://getsatisfaction.com/mozilla_messaging/topics/upgrade_to_ver17_results_in_crashes_on_new_email_creation_including_replies
Has somebody contacted QuickText's author? Can we get a reduced test case?
(In reply to Andrew McCreight [:mccr8] from comment #16) > Has somebody contacted QuickText's author? Can we get a reduced test case? comment 7 - not a peep from the author. I'm not a user of quicktext, so I have no vested interest in hounding the author, etc. Do we really need a reduced testcase? My impression is it crashes outright when making a reply.
I was using QuickText 0.9.11.3 all the time, and now with Thunderbird 17 it causes a crash as soon as I open a mail. Disabling QuickText fixes the problem, re-enabling it brings back the crashes. The problem is new for Thunderbird 17.
(In reply to Andrew McCreight [:mccr8] from comment #13) > Somebody who knows Thunderbird needs to figure out where this corrupted > XPCWrappedNative is coming from. Probably the most useful thing to do is to > get the tmp->GetScriptableInfo()->GetJSClass()->name of the native, if any. tmp->GetScriptableInfo() returns 0x0, so we can't get the name. tmp->mRefCnt.get() is 1, tmp->IsValid() is also 1. I couldn't really see any other way to determine what the bad wrapper might be.
Blocks: 813899
Depends on: 813954
So, IsValid() is true, so mFlatJSObject should be non-null. You can try mFlatJSObject->dump() and hopefully that will print out some useful information about the reflector, which should give us some idea of what the XPCWN is.
Ok, here's what I get: object 0x149023610 class 0x106b0cdd0 XPCWrappedNative_NoHelper flags: proto <XPC_WN_NoHelper_Proto_JSClass object at 0x1490270a0> parent <BackstagePass object at 0x149022060> private 0x12007c320 reserved slots: 0 (reserved) = null properties: ((Shape *) 0x149021290) enumerate readonly permanent setterOp=0x102cf13f0 JSString* (0x14902c2c0) = jschar * (0x14902c2d0) = "getCardFromAttribute" : slot 1 = <function getCardFromAttribute at 0x149038e20> There's two calls to nsIAddrDatabase::getCardFromAttribute in the extension, so that would probably be right.
I have not had time to look at this. And if you guys are not able to figure out why Thunderbird is crashing because of my Javascript I'm not sure if I would be able to. And my extension is in Javascript so this should be a bug in Thunderbird and not my extension. If you are able to figure out a work around I can update the extension. But I will not have time to look at this for at least 2 more weeks.
if you add a "return;" just at the beginning of the function "wzQuicktextVar()" in the file "wzQuicktextVar.js" then the addon works again, but it seems that the variables (TO, FROM etc) don't work anymore. Can I upload the addon somewhere, so others can check the problem is indeed there?
I have been testing,comment out the line "this.mDatabases.push(dir.database);"in the function "wzQuicktextVar()" in the file "wzQuicktextVar.js",it works well! Hope it helps
That helps. Today I use getCardFromAttribute to get a nsIAbCard from an email address. Is there any better way of doing that?
Is cardForEmailAddress on nsIAbCollection a better way of doing this?
Found http://lxr.mozilla.org/comm-central/source/mailnews/db/gloda/modules/utils.js#91 and that doesn't crash so I'm just going to use that.
There is now a beta version up on http://extensions.hesslow.se/extension/4/Quicktext/ (there is a Beta section under the Download button in the upper right corner). I will email the hundred of people that have emailed me today and ask them to test it. And if they don't find any problems I will update it on AMO tomorrow. And people here please test it and send me feedback
Put 0.9.11.4, falls far from happening. I will continue to test.
(In reply to Emil Hesslow from comment #30) > There is now a beta version up on > http://extensions.hesslow.se/extension/4/Quicktext/ > And people here please test it and send me feedback Your 0.9.11.4 beta works perfect for me. Thanks for quick reaction although you only got limited time. Your Users will appreciate it.
Crash Signature: [@ XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)] → [@ XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)] [@ ToParticipant ]
Crash Signature: [@ XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)] [@ ToParticipant ] → [@ XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)] [@ ToParticipant ] [@ CallQueryInterface<nsISupports, nsXPCOMCycleCollectionParticipant> ]
Quicktext 0.9.11.4 works for me in Thunderbird 17, but it repeatedly crashed Firefox when I tried to download it at http://extensions.hesslow.se/extension/4/Quicktext/ in the new Firefox 17 by clicking on it. I only resolved this when I right-clicked and used "save link as".
0.9.11.5 is now live on AMO which fixes the crash
Thanks Emil. I'm going to leave this bug open for now, as I'd to see if I can track down if there is an issue with the interfaces the previous version of the extension was using.
Assignee: nobody → mbanner
Whiteboard: [startupcrash][tbird topcrash][addon][gs] → [Update Quicktext to 0.9.11.5 if you see this crash][startupcrash][tbird topcrash][addon][gs]
(In reply to Emil Hesslow from comment #35) > 0.9.11.5 is now live on AMO which fixes the crash It seems so based on correlations: XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)|EXCEPTION_ACCESS_VIOLATION_EXEC (266 crashes) 85% (225/266) vs. 2% (311/14500) {8845e3b3-e8fb-40e2-95e9-ec40294818c4} 58% (153/266) vs. 1% (182/14500) 0.9.11.2 27% (72/266) vs. 1% (89/14500) 0.9.11.3 0% (0/266) vs. 0% (40/14500) 0.9.11.5
Keywords: topcrash+topcrash
OS: Windows NT → Windows 7
It's #30 top crasher in TB 17.0.2 so not a top crasher according to https://wiki.mozilla.org/CrashKill/Topcrash
Keywords: topcrash
Whiteboard: [Update Quicktext to 0.9.11.5 if you see this crash][startupcrash][tbird topcrash][addon][gs] → [Update Quicktext to 0.9.11.5 if you see this crash][startupcrash][tbird crash][addon][gs]
This seems to have gone away from the topcrash list. So I'm going to close it. If there's still same around with the same signature, they need investigating to check it is with the latest version of the add-on etc.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.