Closed
Bug 1014554
Opened 10 years ago
Closed 6 years ago
Random crashes with [@ js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow)]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox31 | --- | affected |
firefox32 | --- | affected |
firefox33 | --- | affected |
firefox40 | --- | affected |
firefox41 | --- | affected |
firefox42 | --- | affected |
firefox43 | --- | affected |
firefox44 | --- | affected |
firefox45 | --- | affected |
firefox46 | --- | affected |
firefox47 | --- | affected |
firefox48 | --- | ? |
firefox49 | --- | ? |
firefox-esr38 | --- | affected |
firefox-esr45 | --- | affected |
thunderbird_esr38 | --- | affected |
thunderbird_esr45 | --- | affected |
People
(Reporter: whimboo, Unassigned)
References
()
Details
(Keywords: crash, reproducible, Whiteboard: [tbird crash], ShutDownKill)
Crash Data
Attachments
(1 file)
97.58 KB,
text/plain
|
Details |
Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 ID:20140521030200 CSet: 9d8d16695f6a I hit this crash twice in a row after updating Nightly to todays version, and when trying to click the former crash report in about:crashes. Reports: bp-b85e81b7-b5cb-47b3-9aec-874102140522 bp-68922d6d-072f-483d-9648-480842140522 Crash Reason SIGSEGV Crash Address 0x0 0 libxul.so js::UncheckedUnwrap(JSObject*, bool, unsigned int*) js/src/jsfriendapi.h 1 libxul.so js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow) js/src/jswrapper.cpp 2 libxul.so WindowDestroyedEvent::Run() dom/base/nsGlobalWindow.cpp 3 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 4 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 5 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 6 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 7 libxul.so nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 8 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 9 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 10 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp 11 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp 12 firefox do_main browser/app/nsBrowserApp.cpp 13 firefox main browser/app/nsBrowserApp.cpp 14 libc-2.19.so libc-2.19.so@0x21ec5 15 firefox firefox@0x37c0 16 firefox firefox@0x6644 By operating system: Windows 7 67.87 % 676 Windows XP 15.56 % 155 Windows Vista 8.23 % 82 Windows 8.1 2.91 % 29 Linux 2.51 % 25 Windows 8 2.51 % 25 OS X 10.6 0.20 % 2 OS X 10.9 0.10 % 1 OS X 10.7 0.10 % 1
Reporter | ||
Updated•10 years ago
|
Crash Signature: [@ js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow)]
[@ js::UncheckedUnwrap(JSObject*, bool, unsigned int*) ]
Reporter | ||
Comment 1•10 years ago
|
||
Looks like the patch on bug 921171 didn't really fix the topcrash. Brian, can you have a look at?
Comment 2•10 years ago
|
||
(In reply to Henrik Skupin (:whimboo) from comment #1) > Looks like the patch on bug 921171 didn't really fix the topcrash. Brian, > can you have a look at? There are lots of things which could cause this crash, bug 921171 just fixed one case where we were crashing (and definitely did fix that case, since there were STR). Without STR here there's not much I can do.
Updated•10 years ago
|
Comment 3•10 years ago
|
||
Another user in post https://support.mozilla.org/en-US/questions/1004524 But no clues as to STR one of the crashes (44% memory) Report bp-53f967d6-d1b1-45b1-b2e1-8a77c2140609
Comment 4•10 years ago
|
||
It happens to me just now in FF 31b4 bp-fbb64793-4b7f-47ff-9376-a59882140625
Reporter | ||
Comment 5•10 years ago
|
||
Not listed under top-crashers anymore. So removing keyword. Fernando, any chance you can reproduce it?
status-firefox31:
--- → affected
status-firefox32:
--- → affected
status-firefox33:
--- → affected
Keywords: topcrash
Comment 6•10 years ago
|
||
(In reply to Henrik Skupin (:whimboo) from comment #5) > Fernando, any chance you can reproduce it? Unfortunately no :-( I was just opening allot of tabs (not more then usually I open) from RSS feed in Thunderbird and suddenly FF crash massage appeared
Comment 7•10 years ago
|
||
bp-e84a645b-f89a-487d-877f-7c3f92140718 me. never had this sig before crash reporter URL gives about:blank same stack as comment 0 http://hg.mozilla.org/mozilla-central/annotate/095d2a9c2be5/js/src/jswrapper.cpp#l920 wmccloskey@154394 907 for (CompartmentsIter c(rt, SkipAtoms); !c.done(); c.next()) { gkrizsanits@99549 908 if (!sourceFilter.match(c)) khuey@92442 909 continue; khuey@92442 910 khuey@92442 911 // Iterate the wrappers looking for anything interesting. jcoppeard@114799 912 for (JSCompartment::WrapperEnum e(c); !e.empty(); e.popFront()) { khuey@92442 913 // Some cross-compartment wrappers are for strings. We're not khuey@92442 914 // interested in those. jwalden@158689 915 const CrossCompartmentKey &k = e.front().key(); wmccloskey@96352 916 if (k.kind != CrossCompartmentKey::ObjectWrapper) khuey@92442 917 continue; khuey@92442 918 wmccloskey@112847 919 AutoWrapperRooter wobj(cx, WrapperValue(e)); maligree@128491 920 JSObject *wrapped = UncheckedUnwrap(wobj);
See Also: → 921171
Summary: [topcrash] Random crashes with [@ js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow)] → Random crashes with [@ js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow)]
Updated•9 years ago
|
status-firefox40:
--- → affected
I have STR. 100% reproducible, using Firefox 43.01a on MacOS 10.10.4 1. Open telemetry.mozilla.org 2. Click "value being measured" and enter "foo_" 3. Immediate crash.
Flags: needinfo?(bhackett1024)
Comment 10•9 years ago
|
||
(In reply to David Rajchenbach-Teller [:Yoric] (use "needinfo") from comment #9) > I have STR. 100% reproducible, using Firefox 43.01a on MacOS 10.10.4 > > 1. Open telemetry.mozilla.org > 2. Click "value being measured" and enter "foo_" > 3. Immediate crash. Do you have a blame changeset?
Flags: needinfo?(bhackett1024)
Updated•9 years ago
|
Keywords: regressionwindow-wanted,
reproducible
I realize that this depends on the add-ons installed.
Comment 12•9 years ago
|
||
Happens also with TB 38.2 on openSUSE Tumbleweed x86_64
![]() |
||
Comment 13•9 years ago
|
||
Regression window: Enabled e10s, STR of Comment 9 bp-5eb51569-7493-460d-b6c4-b37652150916 https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=0494ce969472&tochange=8a01e921708c Triggered by: Bug 966157
Blocks: 966157
![]() |
||
Comment 14•9 years ago
|
||
STR(step by step) 1. Open https://telemetry.mozilla.org/ 2. Click "Histogram Dashboard" big blue button and wait for repainting of the page 3. Click 1st link in "xxx distribution for ..." paragraph and type "foo" into "Search" input field Actual Results Immediate crash.
Flags: needinfo?(m_kato)
Updated•9 years ago
|
Keywords: regressionwindow-wanted
Updated•9 years ago
|
status-firefox42:
--- → affected
status-firefox43:
--- → affected
Comment 15•9 years ago
|
||
I cannot reproduce this using comment #9 and #14 on the latest nightly (2015-09-22) on OSX 10.10 x86_64 and Linux x86_64 with e10s and non-e10s. Yoric, do you reproduce this on 44 too?
Flags: needinfo?(m_kato) → needinfo?(dteller)
I cannot reproduce anymore on 44, with e10s.
Flags: needinfo?(dteller)
![]() |
||
Comment 17•9 years ago
|
||
crashed on the bad build Nightly 20150915030232. However, no longer crash on latest Nightly. https://hg.mozilla.org/mozilla-central/rev/2235e56c94cf61614902fd3a4ac7b837f7154b97 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0 ID:20150922030204 Progression window: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=dab5c069d6d3428445d448b597aac238600cfc6d&tochange=34606afcc726 Fixed by Bug 1203381, at least with STR Comment 14
Updated•9 years ago
|
status-firefox44:
--- → unaffected
Comment 18•9 years ago
|
||
From comment #17, firefox 43 is fixed.
Updated•9 years ago
|
Crash Signature: [@ js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow)]
[@ js::UncheckedUnwrap(JSObject*, bool, unsigned int*) ] → [@ js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow)]
[@ js::UncheckedUnwrap(JSObject*, bool, unsigned int*) ]
[@ _chkstk | @0x0 | mozilla::StickyScrollContainer::Compute…
Updated•9 years ago
|
Version: 32 Branch → 31 Branch
Comment 19•9 years ago
|
||
#38 crash for Thunderbird 38.2.0. But perhaps won't be able to tell whether this patch happens until it hits beta because other channel crash rates are zero per crash-stats.
Whiteboard: [tbird crash]
Comment 20•9 years ago
|
||
(let's try again) Won't be able to tell whether Bug 1203381 patch HELPS until Thunderbird hits beta 44 ~late December, because other channels' crash rates are zero.
Updated•9 years ago
|
status-thunderbird_esr38:
--- → affected
Keywords: topcrash-thunderbird
Updated•9 years ago
|
Crash Signature: , unsigned int*) ]
[@ _chkstk | @0x0 | mozilla::StickyScrollContainer::ComputeStickyLimits(nsIFrame*, nsRect*, nsRect*) ] → , unsigned int*) ]
[@ _chkstk | @0x0 | mozilla::StickyScrollContainer::ComputeStickyLimits(nsIFrame*, nsRect*, nsRect*) ]
[@ js::NukeCrossCompartmentWrappers]
[@ js::UncheckedUnwrap ]
[@ _chkstk | @0x0 | mozilla::StickyScrollContainer::ComputeStickyLi…
Comment 21•9 years ago
|
||
I'm crashing a lot this morning and got one of these: https://crash-stats.mozilla.com/report/index/baf4e5f4-1f66-466d-995d-9d1022151013 My other crashes this morning are all at different js stackframes, though: https://crash-stats.mozilla.com/report/index/b5978063-e042-49ee-a0c4-5828e2151013 https://crash-stats.mozilla.com/report/index/5ec27b03-d957-43dd-bfab-3cd302151013 https://crash-stats.mozilla.com/report/index/6ea6c314-8ccf-40f0-800b-446c22151013 Not sure if that helps here or if it should be a different bug.
Comment 22•9 years ago
|
||
Yesterday's build (which the crash report is from) had a memory corruption issue, so it is probably just that. If you update again hopefully it will be better.
Comment 23•9 years ago
|
||
https://crash-stats.mozilla.com/report/list?signature=js%3A%3ANukeCrossCompartmentWrappers%28JSContext*%2C+js%3A%3ACompartmentFilter+const%26%2C+js%3A%3ACompartmentFilter+const%26%2C+js%3A%3ANukeReferencesToWindow%29&range_value=7&range_unit=days&date=2015-10-17 Last 7 days ... Operating System: Provides a breakdown of the crashes by OS for version(s) and product(s). Operating System Percentage Number Of Crashes Windows 7 72.44% 791 Windows 10 7.78% 85 Windows XP 7.42% 81 Windows 8.1 4.85% 53 OS X 10.10 2.29% 25 Windows Vista 1.65% 18 Windows 8 1.19% 13 OS X 10.11 0.82% 9 OS X 10.9 0.64% 7 OS X 10.6 0.55% 6 Linux 0.18% 2 OS X 10.7 0.09% 1 OS X 10.8 0.09% 1 Product: Breakdown of total crashes per product and version. Product Version Percentage Number Of Crashes Firefox 41.0.1 37.00% 404 Thunderbird 38.3.0 22.89% 250 Firefox 42.0b5 10.07% 110 Thunderbird 38.2.0 4.30% 47 Firefox 42.0b6 2.56% 28 Thunderbird 38.1.0 2.56% 28 Firefox 43.0a2 1.83% 20 Firefox 40.0.3 1.74% 19 Firefox 44.0a1 1.47% 16 Firefox 42.0b4 1.47% 16 Firefox 41.0b99 1.19% 13 Firefox 39.0 0.73% 8 Firefox 39.0.3 0.46% 5 Firefox 38.0.5b3 0.46% 5 Firefox 40.0.2 0.46% 5 Firefox 42.0b1 0.46% 5 Firefox 38.0.5 0.37% 4 Firefox 40.0 0.37% 4 Firefox 41.0 0.37% 4 Firefox 42.0b3 0.37% 4 Firefox 36.0b4 0.28% 3 Firefox 41.0.2 0.28% 3 Firefox 41.0b5 0.28% 3 Firefox 41.0b9 0.28% 3 Firefox 41.0b6 0.28% 3 Firefox 38.0b9 0.28% 3 Firefox 37.0b4 0.18% 2 Firefox 20.0b7 0.18% 2 Firefox 40.0b99 0.18% 2 SeaMonkey 2.38 0.18% 2 Firefox 36.0b10 0.18% 2 Firefox 38.0.1 0.18% 2 Firefox 38.0b1 0.18% 2 Thunderbird 41.0b2 0.18% 2 Firefox 36.0b3 0.18% 2 Firefox 40.0b1 0.18% 2 Firefox 40.0b9 0.18% 2 Firefox 29.0b4 0.18% 2 Firefox 32.0.3 0.18% 2 Firefox 42.0b2 0.18% 2 Firefox 29.0b8 0.18% 2 Firefox 30.0b9 0.18% 2 Firefox 41.0b3 0.18% 2 Firefox 32.0b1 0.09% 1 Firefox 37.0b99 0.09% 1 Firefox 26.0b5 0.09% 1 Thunderbird 31.7.0 0.09% 1 Firefox 39.0b1 0.09% 1 Firefox 31.0b4 0.09% 1 Firefox 31.0b6 0.09% 1 Firefox 34.0b9 0.09% 1 Firefox 40.0b4 0.09% 1 Firefox 25.0b4 0.09% 1 Firefox 25.0.1 0.09% 1 Thunderbird 38.0.1 0.09% 1 Firefox 36.0b6 0.09% 1 Firefox 40.0b7 0.09% 1 Firefox 22.0b1 0.09% 1 Firefox 31.0 0.09% 1 Firefox 40.0a2 0.09% 1 Firefox 30.0b3 0.09% 1 Firefox 39.0b2 0.09% 1 Firefox 33.0b9 0.09% 1 Firefox 29.0 0.09% 1 Firefox 38.0b8 0.09% 1 Firefox 24.1.1esr 0.09% 1 FennecAndroid 29.0b8 0.09% 1 Firefox 32.0b8 0.09% 1 Firefox 32.0b99 0.09% 1 Firefox 28.0 0.09% 1 FennecAndroid 24.0 0.09% 1 Firefox 28.0b9 0.09% 1 Firefox 41.0a2 0.09% 1 Firefox 39.0b99 0.09% 1 Firefox 38.0b5 0.09% 1 Firefox 31.0b8 0.09% 1 Firefox 36.0b2 0.09% 1 Firefox 36.0.1 0.09% 1 Firefox 36.0b5 0.09% 1 Firefox 23.0b9 0.09% 1 Firefox 39.0b4 0.09% 1 Firefox 39.0b7 0.09% 1 Firefox 30.0 0.09% 1 Thunderbird 31.2.0 0.09% 1 Firefox 41.0b7 0.09% 1 Firefox 37.0.1 0.09% 1 Firefox 32.0b4 0.09% 1 Firefox 35.0b6 0.09% 1
status-firefox41:
--- → affected
status-firefox-esr38:
--- → affected
Updated•9 years ago
|
Blocks: shutdownkill
Whiteboard: [tbird crash] → [tbird crash], ShutDownKill
Updated•9 years ago
|
status-firefox45:
--- → affected
Comment 24•9 years ago
|
||
Win7, FF45.0a1, 64bit https://crash-stats.mozilla.com/report/index/bdd00f33-7787-4915-bf79-c8e092151109 Crashing Thread Frame Module Signature Source 0 xul.dll js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow) js/src/proxy/CrossCompartmentWrapper.cpp 1 xul.dll WindowDestroyedEvent::Run() dom/base/nsGlobalWindow.cpp 2 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 3 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 4 xul.dll nsXMLHttpRequest::Send(nsIVariant*, mozilla::dom::Nullable<nsXMLHttpRequest::RequestBody> const&) dom/base/nsXMLHttpRequest.cpp 5 xul.dll nsXMLHttpRequest::Send(nsXMLHttpRequest::RequestBody const&) dom/base/nsXMLHttpRequest.h 6 xul.dll nsXMLHttpRequest::Send(JSContext*, nsAString_internal const&, mozilla::ErrorResult&) dom/base/nsXMLHttpRequest.h 7 xul.dll mozilla::dom::XMLHttpRequestBinding::send obj-firefox/dom/bindings/XMLHttpRequestBinding.cpp 8 xul.dll mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) dom/bindings/BindingUtils.cpp 9 xul.dll js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp 10 xul.dll js::fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 11 xul.dll js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp 12 xul.dll Interpret js/src/vm/Interpreter.cpp 13 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 14 xul.dll js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp 15 xul.dll js::fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 16 xul.dll js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp 17 xul.dll js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp 18 xul.dll js::jit::DoCallFallback js/src/jit/BaselineIC.cpp 19 @0x1e0a7ac1a5c 20 xul.dll js::jit::DoTypeMonitorFallback js/src/jit/BaselineIC.cpp 21 @0x38de97
From the crash signature js::NukeCrossCompartmentWrappers, the current affected versions are: - Nightly: 47 - Aurora: 46 - Beta: 44.0b1, 44.0b2, 44.0b6, 44.0b8, 44.0b9, 44.0b99, 45.0b1, 45.0b2 - Release: 44.0 From the crash signature UpdateCellPointersTyped<T> , the current affected versions are: - Beta: 44.0b1, 44.0b8, 45.0b1, 45.0b2 - Release: 44.0 From the crash signature js::NukeCrossCompartmentWrappers(JSContext*, js::CompartmentFilter const&, js::CompartmentFilter const&, js::NukeReferencesToWindow), the current affected versions are: - Nightly: 44 From the crash signature js::UncheckedUnwrap, the current affected versions are: - Nightly: 46, 47 - Aurora: 46 - Beta: 44.0b1, 44.0b99, 45.0b1 - Release: 44.0 Tested on Windows 7 x64 with Nightly 45.0a1 and 47.0a1 and Aurora 46.0a2, Linux and Mac OS 10.10 with Nightly 47.0a1 and Aurora 46.0a2. I can't reproduce this issue with the steps provided in Comment 9 and Comment 14.
Comment 26•9 years ago
|
||
I get this crash a lot lately. Only from today, two of these crashes: https://crash-stats.mozilla.com/report/index/c0e97e5e-4b07-416e-8441-b25d22160215 https://crash-stats.mozilla.com/report/index/4a682706-6174-432e-921d-e677d2160215 Firefox was idle while it crashed if that helps somehow.
Updated•8 years ago
|
Whiteboard: [tbird crash], ShutDownKill → [tbird topcrash], ShutDownKill
Updated•8 years ago
|
status-firefox46:
--- → affected
status-firefox47:
--- → affected
status-firefox48:
--- → ?
status-firefox49:
--- → ?
status-firefox-esr45:
--- → affected
status-thunderbird_esr45:
--- → affected
No longer blocks: shutdownkill
Comment 27•8 years ago
|
||
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #20) > (let's try again) > > Won't be able to tell whether Bug 1203381 patch HELPS until Thunderbird hits > beta 44 ~late December, because other channels' crash rates are zero. TB45.1.1 js::UncheckedUnwrap is #21 crash
Comment 28•7 years ago
|
||
TB 52.2.1 js::UncheckedUnwrap https://crash-stats.mozilla.com/report/index/900a0cc2-25c1-4ec2-b6ef-830d20170705
Comment 29•7 years ago
|
||
(In reply to Petr Vones from comment #28) > TB 52.2.1 js::UncheckedUnwrap > https://crash-stats.mozilla.com/report/index/900a0cc2-25c1-4ec2-b6ef- > 830d20170705 Petr no longer crashes
Updated•6 years ago
|
Keywords: topcrash-thunderbird
Whiteboard: [tbird topcrash], ShutDownKill → [tbird crash], ShutDownKill
Comment 30•6 years ago
|
||
Thunderbird 60 crashes for js::UncheckedUnwrap are near zero, and firefox 60 likewise
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•