Closed
Bug 347053
Opened 19 years ago
Closed 19 years ago
Firefox on 1.8 branch topcrash [@ 0xffffff4d] [@ js_GC]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
mozilla1.8.1
People
(Reporter: dbaron, Unassigned)
Details
(Keywords: crash, fixed1.8.1, topcrash, Whiteboard: rcinvestigate)
Crash Data
Attachments
(2 files)
This bug is almost exactly like bug 314484, but brendan suggested I file a new bug rather than reopen since that bug was rather long already, and it does really seem to have disappeared (I don't see it in 1.5.0.x talkback data).
We're seeing a lot of crashes with this signature:
http://talkback-public.mozilla.org/search/start.jsp?search=1&searchby=stacksig&match=contains&searchfor=0xffffff4d&vendor=MozillaOrg&product=Firefox2&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid
the stacks are generally:
Most of the stacks are:
0xffffff4d
0x011????? (????? == varies)
js_GC
js_ForceGC
nsAppStartup::Run
main
Some stack traces stop at js_ForceGC (so they're only four frames long) or js_GC (only three frames long).
They're all on Windows, and the comments don't appear very useful.
Reporter | ||
Updated•19 years ago
|
Reporter | ||
Updated•19 years ago
|
Severity: normal → critical
Reporter | ||
Comment 1•19 years ago
|
||
Note that this doesn't appear in Fx 2.0b1 topcrash data, so either:
* it's a regression since then
* it's something that only appears in nightlies (e.g., related to zip builds or some particular testing)
Reporter | ||
Updated•19 years ago
|
Flags: blocking1.8.1? → blocking1.8.1+
Reporter | ||
Comment 2•19 years ago
|
||
This appears to have gone away around a week ago.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 3•19 years ago
|
||
Back in 2006081104, with reports from 3 users.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 4•19 years ago
|
||
TB22040324E looks similar, but is slightly longer.
The user reports from http://forums.mozillazine.org/viewtopic.php?p=2428658#2428658 :
"on http://mindfactory.de/ I just clicked through the categories on the left side and clicked on some articles... I sorted articles by price and scrolled up/down.... then it crashed.
I also saw these both entries in errorconsole:
Error: uncaught exception: A script from "http://www.mindfactory.de" was denied UniversalXPConnect privileges.
Error: uncaught exception: Permission denied to get property HTMLDocument.referrer"
Comment 5•19 years ago
|
||
Steve England, thanks for adding my comment.
Here's another crash report... I just got it, but I can't remember what I did :)
TB22073206Z
Comment 6•19 years ago
|
||
I had problems with this too. I updated to new versions every day via automatic updates. I tried to remove directory with Firefox, download full version from FTP (FF 2.0 Branch - 20060813) and now all works fine. No crash. Problem with some automatic update?
Reporter | ||
Comment 7•19 years ago
|
||
Any idea why this crash wouldn't have occured at all between MozillaOrgFirefox2Win322006073104 and MozillaOrgFirefox2Win322006081104?
Updated•19 years ago
|
Target Milestone: --- → mozilla1.8.1
Comment 8•19 years ago
|
||
(In reply to comment #7)
> Any idea why this crash wouldn't have occured at all between
> MozillaOrgFirefox2Win322006073104 and MozillaOrgFirefox2Win322006081104?
Could it be just that the guys who run the builds do not update every day? I do not see what changes around those days can prevent the bug from happening.
Target Milestone: mozilla1.8.1 → ---
Updated•19 years ago
|
Target Milestone: --- → mozilla1.8.1
Reporter | ||
Comment 9•19 years ago
|
||
Analysis of the only 1 of the 10 incidents that I looked at that had a usable raw stack in talkback -- presumably because EBP was still good in this incident whereas in most it is 0.
Comment 10•19 years ago
|
||
(In reply to comment #9)
> Created an attachment (id=233883) [edit]
> analysis of TB22112461
>
> Analysis of the only 1 of the 10 incidents that I looked at that had a usable
> raw stack in talkback -- presumably because EBP was still good in this incident
> whereas in most it is 0.
Is it possible to know from a talkback how much memory the browser is using when the crash happens?
Comment 11•19 years ago
|
||
(In reply to comment #9)
> Created an attachment (id=233883) [edit]
> analysis of TB22112461
One more thing, does that implies that the crash happened when js_GC was trying to call js_SweepAtomState which failed due to a damaged C stack?
Comment 12•19 years ago
|
||
Has this bug disappeared as mysteriously as it re-appeared? I see no reports of crashing with yesterday's 20060815 build or today's 20060816 builds. And personally, this bug used to crash me a lot, but hasn't yesterday or so far today.
Reporter | ||
Comment 13•19 years ago
|
||
Yep.
Status: REOPENED → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 14•19 years ago
|
||
It's back in 20060831 (1.8 branch).
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Reporter | ||
Comment 15•19 years ago
|
||
Disappearance / reappearance may be related to bug 346494 and bug 350312, somehow.
Comment 16•19 years ago
|
||
Any sign on trunk? I need to land patch for lexical catch vars (bug 336379) on the 1.8 branch still, and soon. That may have a good effect, but I'd like to know for sure.
/be
Reporter | ||
Comment 17•19 years ago
|
||
For what it's worth, this seems to have come back only in a single build (although for multiple users) and then gone away again.
Reporter | ||
Comment 18•19 years ago
|
||
But then a bunch more reports in 2006-09-04-04-1.8 Firefox.
Reporter | ||
Comment 19•19 years ago
|
||
It went away, came back, and went away again. The last time it went away corresponds to the checkin of bug 350787, which I suppose could be related.
Reporter | ||
Comment 20•19 years ago
|
||
OK, worksforme again, since it's been gone since my last comment.
Status: REOPENED → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → WORKSFORME
Comment 21•19 years ago
|
||
Since this isn't showing up in recent TB reports anymore - removing it from 1.8.1 blocker list...
Flags: blocking1.8.1+ → blocking1.8.1-
Comment 22•19 years ago
|
||
This crash popped up for one day on the trunk. (2006091304)
Comment 23•19 years ago
|
||
This may be back based on a few reports on mozillazine...here are two TBIDs:
TB23488602W
TB23489597X
Leaving resolved though to wait a day just to see if this isn't just one person with a screwed profile or something.
Comment 24•19 years ago
|
||
This bug appears to have returned, so I am reopening this topcrasher and requesting blocking for 2.0 (previously minused because the bug mysteriously disappeared).
Status: RESOLVED → REOPENED
Flags: blocking1.8.1- → blocking1.8.1?
Resolution: WORKSFORME → ---
Comment 25•19 years ago
|
||
I've lots of crashes in the last two days. Some are: TB23491217Y, TB23493454Q, TB23523508H, TB23522365Y
They happen if I click on any link on different pages... or if I close firefox.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060920 BonEcho/2.0 ID:2006092004
Console² 0.3.6
Disable Targets For Downloads 1.0.1
DOM Inspector 1.8.1
DownThemAll! 0.9.9.6.5
Flashblock 1.5.1
Image Zoom 0.2.7
Nightly Tester Tools 1.1
Password Save [de] 0.5
Popup Count 0.3.4
ProxyButton 0.2.5
Talkback 2.0
Update Channel Selector 1.0.1
VideoDownloader 1.1
Comment 26•19 years ago
|
||
Brian C/Brendan can you take a look and see if we know what's going on?
Flags: blocking1.8.1? → blocking1.8.1+
Whiteboard: rcinvestigate
Comment 27•19 years ago
|
||
That address is -179. It doesn't ring a bell.
Igor, any thoughts?
/be
Comment 28•19 years ago
|
||
(In reply to comment #27)
> That address is -179. It doesn't ring a bell.
>
> Igor, any thoughts?
No. But it does not look for me like an integer that overwrote function pointer. It looks more like a bit pattern or a hash value. The later is probable since the crashes are around hash enumeration functions.
Comment 29•19 years ago
|
||
TB23690203X
TB23686072H
Reporter | ||
Comment 30•19 years ago
|
||
People who are seeing this:
* does disabling extensions make it go away? Is there a particular extension triggering it?
* if you have some crash logging tool other than talkback that includes a raw stack dump, a report from that tool would be useful (but just one or two -- not more). However, to be useful, I need to know *exactly* which build you were using when you crashed (and be able to get that build).
Reporter | ||
Comment 31•19 years ago
|
||
There are a bunch of crashes reported as being in js_SweepScopeProperties: either at line 1587 or 1563 of jsscope.c (line numbers on 1.8 branch, post JS 1.7 landing). I can't get more details, though, since spike is down. (Only one of them was this month, though.)
Reporter | ||
Comment 32•19 years ago
|
||
Except the one report this month was marked as line 1585.
Reporter | ||
Comment 33•19 years ago
|
||
Reporter | ||
Comment 34•19 years ago
|
||
It looks like this may have gone away on the branch with the fix to bug 353227 (and it started around the same time, too).
Comment 35•19 years ago
|
||
re: comment 30, I have crashed at 0xffffff4d with a new profile; so the only extensions installed were Talkback and Domi.
Reporter | ||
Comment 36•19 years ago
|
||
Marking worksforme, since there have been no crashes with 2006-09-26 builds and none so far with 2006-09-27 builds.
Status: REOPENED → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → WORKSFORME
Updated•19 years ago
|
Keywords: fixed1.8.1
Comment 37•19 years ago
|
||
ive been hgavikng this crash on latest trunk nightly
Comment 38•19 years ago
|
||
TB23869554Y
TB23869061M
seems too still affect trunk
Comment 39•19 years ago
|
||
Looks like it is back in the RC1 top crash reports...
Ranked as #2 with 19% of the early crashes
Windows Build 091818
http://talkback-public.mozilla.org/reports/firefox/FF2rc1/FF2rc1-topcrashers.html
#2 0xffffff4d 19.2% 2350 149109 2350 2350
http://talkback-public.mozilla.org/reports/firefox/FF2rc1/smart-analysis.win
2 0xffffff4d 2350
====================================================================================================
Count Offset Real Signature
[ 17 0xffffff4d da2edacf - js_GC ]
[ 15 0xffffff4d 5e24c79e - js_GC ]
[ 14 0xffffff4d 9b02f666 - js_GC ]
[ 11 0xffffff4d b303d2b0 - js_GC ]
[ 11 0xffffff4d a173024d - js_GC ]
[ 11 0xffffff4d 87279285 - js_GC ]
[ 11 0xffffff4d 0eaa4b1a - js_GC ]
[ 10 0xffffff4d fc9e44e1 - js_GC ]
[ 10 0xffffff4d 92585901 - js_GC ]
[ 10 0xffffff4d 098ad2ce - js_GC ]
[ 9 0xffffff4d f36210e8 - js_GC ]
[ 9 0xffffff4d aba387a8 - js_GC ]
[ 9 0xffffff4d a6539b99 - js_GC ]
[ 9 0xffffff4d 72f4b34c - js_GC ]
[ 9 0xffffff4d 598980e1 - js_GC ]
Crash date range: 20-SEP-06 to 29-SEP-06
Min/Max Seconds since last crash: 28 - 191376
Min/Max Runtime: 228 - 221381
Count Platform List
165 Windows XP [Windows NT 5.1 build 2600]
Count Build Id List
165 2006091818
No of Unique Users 58
Stack trace(Frame)
0xffffff4d
0x01183008
js_GC [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsgc.c line 2873]
JS_GC [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsapi.c line 1944]
nsAppStartup::Run [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp line 152]
main [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp line 61]
kernel32.dll + 0x16fd7 (0x7c816fd7)
(23903190) URL: www.bild.de
(23903190) Comments: Reading article
(23898263) URL: basketball.fantasysports.yahoo.com/nba
(23898236) URL: basketball.fantasysports.yahoo.com/nba
(23897503) URL: basketball.fantasysports.yahoo.com/nba
(23897028) URL: basketball.fantasysports.yahoo.com/nba
(23897028) Comments: Checking on my fantasy basketball team
(23889330) URL: www.circles99.com
(23883054) URL: http://www.youtube.com/watch?v=FFf7AtAOagw&mode=related&search=
(23883054) Comments: Using a Jump feature on a forum to go from one room to the next.
(23879931) URL: www.gmail.com
(23879931) Comments: When i started to look an profile on orkut browser crashes.
(23873710) URL: http://www.youtube.com/watch?v=FFf7AtAOagw&mode=related&search=
(23873710) Comments: Again clicking on a link. This is getting annoying
(23867799) URL: www.free-mobile.net
(23867799) Comments: page had just loaded was not loading anything new
(23852764) URL: www.studivz.net
(23852764) Comments: Browsing and downloading a 35MB program (iTunes)
(23851244) URL: www.pcinpact.com
(23851244) Comments: I wasn't in front of my screen
(23850211) Comments: I closed som tabs
(23827857) URL: www.loveandseek.com
(23827857) Comments: clicking the back button
(23827592) URL: www.torncity.com
(23827275) URL: www.torncity.com
(23827215) URL: www.torncity.com
(23816197) URL: www.torncity.com
(23813189) URL: www.torncity.com
(23811726) URL: http://www.miacrew.com/forums/viewtopic.php?t=61
(23811726) Comments: I was just reading forum posts when the browser crashed this is the 3rd time
(23810538) URL: www.graysonline.com.au
(23799330) URL: www.circles99.com
(23690456) URL: endless-fantasy.de
(23677770) URL: endless-fantasy.de
(23675159) URL: endless-fantasy.de
(23664320) URL: endless-fantasy.de
(23645524) URL: endless-fantasy.de
(23640634) URL: endless-fantasy.de
(23640150) URL: endless-fantasy.de
(23639717) URL: endless-fantasy.de
(23587780) URL: endless-fantasy.de
(23584356) URL: endless-fantasy.de
(23571123) URL: endless-fantasy.de
Comment 40•19 years ago
|
||
Right. RC1 is still going to show this crash because it wasn't fixed until after we built RC1.
Reporter | ||
Comment 41•19 years ago
|
||
Seems to have gone away on the trunk with the fix to bug 352520 (between the 2006-09-28 and 2006-09-29 builds).
Reporter | ||
Comment 42•19 years ago
|
||
Then again, that could just be insufficient data volume. In any case, if it's still around on the trunk, that should probably be a separate bug.
Updated•14 years ago
|
Crash Signature: [@ 0xffffff4d]
[@ js_GC]
You need to log in
before you can comment on or make changes to this bug.
Description
•