Opened 5 years ago

Closed 4 years ago

#14454 closed defect (duplicate)

Tor Browser crashes during exit if "Work Offline" is ticked (Win7 64)

Reported by: jah Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-crash
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

v4.0.3 on Win7 64b

An easy one to reproduce:

  • Open Tor Browser
  • Head to the File menu (Alt-F) and select "Work Offline"
  • Close Tor Browser

Windows shows a werfault pop-up announcing that "Tor Browser has stopped working" and providing a button to close the program. There is no visible indication as to why it crashes.

This is what Process Explorer thinks the stack for the Tor Browser process looked like, while the werfault pop-up was waiting for me to kill the process

wow64cpu.dll!TurboDispatchJumpAddressEnd+0x6c0
wow64cpu.dll!TurboDispatchJumpAddressEnd+0x4a8
wow64.dll!Wow64SystemServiceEx+0x1ce
wow64.dll!Wow64LdrpInitialize+0x42a
ntdll.dll!RtlUniform+0x6e6
ntdll.dll!RtlCreateTagHeap+0xa7
ntdll.dll!LdrInitializeThunk+0xe
ntdll.dll!ZwWaitForSingleObject+0x15
kernel32.dll!WaitForSingleObjectEx+0x43
kernel32.dll!WaitForSingleObject+0x12
xul.dll!NS_InvokeByIndex+0x341b2
xul.dll!XRE_AddStaticComponent+0x7ac9

Child Tickets

Attachments (3)

bug14454_upstream.patch (1.3 KB) - added by disgleirio 4 years ago.
Fix for code logic, workaround for this bug.
bug14454_upstream_v2.patch (1.1 KB) - added by disgleirio 4 years ago.
Shutdown threads, and allows to go online after profile restored.
hackcrash.patch (2.6 KB) - added by disgleirio 4 years ago.
Just for fun

Download all attachments as: .zip

Change History (13)

comment:1 Changed 5 years ago by gk

Keywords: tbb-crash added; offline crash removed
Status: newneeds_information

I can't reproduce the crash. Neither on Win7 (64bit), nor OS, nor Linux. Did you test with a fresh 4.0.3 Tor Browser?

comment:2 in reply to:  1 ; Changed 5 years ago by gk

Replying to gk:

I can't reproduce the crash. Neither on Win7 (64bit), nor OS, nor Linux. Did you test with a fresh 4.0.3 Tor Browser?

Which locale?

comment:3 in reply to:  2 ; Changed 5 years ago by jah

Replying to gk:

Did you test with a fresh 4.0.3 Tor Browser?

Which locale?

I can indeed reproduce it in a fresh install of 4.0.3.

The system locale is English (UK): is that what you meant?

comment:4 in reply to:  3 ; Changed 5 years ago by gk

Replying to jah:

Replying to gk:

Did you test with a fresh 4.0.3 Tor Browser?

Which locale?

I can indeed reproduce it in a fresh install of 4.0.3.

The system locale is English (UK): is that what you meant?

Well, more the Tor Browser locale but I guess you are using en-US then. Do you have some Antivirus/Firewall software running? If so that could be a good candidate for causing these crashes. Could you remove them for testing purposes and check whether the crash is still happening?

comment:5 in reply to:  4 Changed 5 years ago by jah

Replying to gk:

Well, more the Tor Browser locale but I guess you are using en-US then.

Yes, en-US.

Do you have some Antivirus/Firewall software running? If so that could be a good candidate for causing these crashes. Could you remove them for testing purposes and check whether the crash is still happening?

I stopped the "Real-time Protection" of Microsoft Security Essentials (MSE) and then repeated the steps to reproduce the crash with the same outcome. Then I uninstalled MSE, rebooted and repeated the steps: same outcome.

There's no other security software on this machine, but I also shut down Process Explorer in case it had any effect. It didn't.

comment:6 Changed 4 years ago by jah

Affects v4.0.4 too (all else being the same).

comment:7 Changed 4 years ago by jah

Affects v4.0.5 too.

Managed to get a little more information this time:

Unhandled exception at 0x614BE828 in firefox.exe: 0xC0000005:
Access violation executing location 0x614BE828.

comment:8 Changed 4 years ago by cypherpunks

Reproducible here too, need several tries, then it reproducible every run. Major details from event logs:

Faulting application name: firefox.exe, version: 31.5.3.0, time stamp: 0x00000000
Faulting module name: nssckbi.dll_unloaded, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6debe828
Faulting module path: nssckbi.dll

Offset is different because ASLR

It's duplicate of #10761 or at least bug that happens because the same compiler bug/feature.

Changed 4 years ago by disgleirio

Attachment: bug14454_upstream.patch added

Fix for code logic, workaround for this bug.

comment:9 Changed 4 years ago by disgleirio

Status: needs_informationneeds_review

This ticket uncovers possible bug in upstream code. Attached patch that makes code more consistent and fixes (hides) crash as well.

Changed 4 years ago by disgleirio

Attachment: bug14454_upstream_v2.patch added

Shutdown threads, and allows to go online after profile restored.

Changed 4 years ago by disgleirio

Attachment: hackcrash.patch added

Just for fun

comment:10 Changed 4 years ago by gk

Resolution: duplicate
Status: needs_reviewclosed

Seems to be a duplicate of #10761.

Note: See TracTickets for help on using tickets.