Status

()

Core
JavaScript Engine
--
critical
RESOLVED DUPLICATE of bug 1360961
7 months ago
7 months ago

People

(Reporter: ting, Unassigned)

Tracking

({crash, regression, topcrash})

Trunk
Unspecified
Windows
crash, regression, topcrash
Points:
---

Firefox Tracking Flags

(firefox55+ fixed)

Details

(crash signature)

This bug was filed from the Socorro interface and is 
report bp-0dbc8b09-6383-49e0-9418-1b0db0170503.
=============================================================
Top #5 of Nightly 20170430030208 on Windows, 41 reports from 21 installations.
See Also: → bug 1361595
#5 crash on the 5-4 Nightly also.

Searching for crashes with this signature on Nightly, and faceting on proto signatures, I see a lot of crashes under nsGlobalWindow::RunTimeoutHandler (such as bp-451bb569-0498-403d-9bc2-1a2030170503 ) and a number being called from plugin code (such as c6985cff-6829-4c48-beb3-b16120170502 ), but I don't know if that means anything.

It looks like it first showed up in high volume on Nightly in the 20170427030231 build. Based on that, here's a possible regression Window: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0b77ed3f26c5335503bc16e85b8c067382e7bb1e&tochange=84762dbeb5380461fe27f0afa0e27e8ba9dd3b01

Nothing really leaps out at me in that range, though I do see the reenabling of intersection observers (bug 1321865), which has caused stability problems in the past. Bug 1339909 looks timer related. I see very few actual JS engine changes.
status-firefox55: --- → affected
tracking-firefox55: --- → ?
Keywords: regression, topcrash
Boris, do you have any idea what might be causing this regression?
Flags: needinfo?(bzbarsky)
> I see a lot of crashes under nsGlobalWindow::RunTimeoutHandler (such as bp-451bb569-0498-403d-9bc2-1a2030170503)

That basically shows a timeout firing, JS running, and then while it's running getting a property and crashing.

The crash address is being listed as 0xffffffffffffffff but I can't recall how reliable that is on amd64.

The couple of crashes I just looked at all seem to be on return statements.

In terms of stuff in that regression range...  First of all, it's not the right range.  If things started crashing with 20170427030231 then the right range is more like https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0f5ba06c4c5959030a05cb852656d854065e2226&tochange=0b77ed3f26c5335503bc16e85b8c067382e7bb1e

In that range, bug 1352430 is rather suspicious-looking.  Especially given the known crash regression from it in bug 1360961, which would likely affect plugin cases.

We should see whether landing that helps here.
Depends on: 1360961
Flags: needinfo?(bzbarsky)
Oops. Thanks for taking a look. That does make a lot of sense. I wonder if this means there's a still-unfixed issue with window timeouts.
Flags: needinfo?(jcoppeard)
tracking as a regression in 55.
tracking-firefox55: ? → +
No crashes on Nightly after bug 1360961 landed there.
Status: NEW → RESOLVED
Last Resolved: 7 months ago
Flags: needinfo?(jcoppeard)
Resolution: --- → DUPLICATE
Duplicate of bug: 1360961
No longer depends on: 1360961
status-firefox55: affected → fixed
You need to log in before you can comment on or make changes to this bug.