Closed
Bug 347053
Opened 17 years ago
Closed 17 years ago
Firefox on 1.8 branch topcrash [@ 0xffffff4d] [@ js_GC]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
mozilla1.8.1
People
(Reporter: dbaron, Unassigned)
Details
(Keywords: crash, fixed1.8.1, topcrash, Whiteboard: rcinvestigate)
Crash Data
Attachments
(2 files)
This bug is almost exactly like bug 314484, but brendan suggested I file a new bug rather than reopen since that bug was rather long already, and it does really seem to have disappeared (I don't see it in 1.5.0.x talkback data). We're seeing a lot of crashes with this signature: http://talkback-public.mozilla.org/search/start.jsp?search=1&searchby=stacksig&match=contains&searchfor=0xffffff4d&vendor=MozillaOrg&product=Firefox2&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid the stacks are generally: Most of the stacks are: 0xffffff4d 0x011????? (????? == varies) js_GC js_ForceGC nsAppStartup::Run main Some stack traces stop at js_ForceGC (so they're only four frames long) or js_GC (only three frames long). They're all on Windows, and the comments don't appear very useful.
Reporter | ||
Updated•17 years ago
|
Reporter | ||
Updated•17 years ago
|
Severity: normal → critical
Reporter | ||
Comment 1•17 years ago
|
||
Note that this doesn't appear in Fx 2.0b1 topcrash data, so either: * it's a regression since then * it's something that only appears in nightlies (e.g., related to zip builds or some particular testing)
Reporter | ||
Updated•17 years ago
|
Flags: blocking1.8.1? → blocking1.8.1+
Reporter | ||
Comment 2•17 years ago
|
||
This appears to have gone away around a week ago.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 3•17 years ago
|
||
Back in 2006081104, with reports from 3 users.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 4•17 years ago
|
||
TB22040324E looks similar, but is slightly longer. The user reports from http://forums.mozillazine.org/viewtopic.php?p=2428658#2428658 : "on http://mindfactory.de/ I just clicked through the categories on the left side and clicked on some articles... I sorted articles by price and scrolled up/down.... then it crashed. I also saw these both entries in errorconsole: Error: uncaught exception: A script from "http://www.mindfactory.de" was denied UniversalXPConnect privileges. Error: uncaught exception: Permission denied to get property HTMLDocument.referrer"
Comment 5•17 years ago
|
||
Steve England, thanks for adding my comment. Here's another crash report... I just got it, but I can't remember what I did :) TB22073206Z
Comment 6•17 years ago
|
||
I had problems with this too. I updated to new versions every day via automatic updates. I tried to remove directory with Firefox, download full version from FTP (FF 2.0 Branch - 20060813) and now all works fine. No crash. Problem with some automatic update?
Reporter | ||
Comment 7•17 years ago
|
||
Any idea why this crash wouldn't have occured at all between MozillaOrgFirefox2Win322006073104 and MozillaOrgFirefox2Win322006081104?
Updated•17 years ago
|
Target Milestone: --- → mozilla1.8.1
Comment 8•17 years ago
|
||
(In reply to comment #7) > Any idea why this crash wouldn't have occured at all between > MozillaOrgFirefox2Win322006073104 and MozillaOrgFirefox2Win322006081104? Could it be just that the guys who run the builds do not update every day? I do not see what changes around those days can prevent the bug from happening.
Target Milestone: mozilla1.8.1 → ---
Updated•17 years ago
|
Target Milestone: --- → mozilla1.8.1
Reporter | ||
Comment 9•17 years ago
|
||
Analysis of the only 1 of the 10 incidents that I looked at that had a usable raw stack in talkback -- presumably because EBP was still good in this incident whereas in most it is 0.
Comment 10•17 years ago
|
||
(In reply to comment #9) > Created an attachment (id=233883) [edit] > analysis of TB22112461 > > Analysis of the only 1 of the 10 incidents that I looked at that had a usable > raw stack in talkback -- presumably because EBP was still good in this incident > whereas in most it is 0. Is it possible to know from a talkback how much memory the browser is using when the crash happens?
Comment 11•17 years ago
|
||
(In reply to comment #9) > Created an attachment (id=233883) [edit] > analysis of TB22112461 One more thing, does that implies that the crash happened when js_GC was trying to call js_SweepAtomState which failed due to a damaged C stack?
Comment 12•17 years ago
|
||
Has this bug disappeared as mysteriously as it re-appeared? I see no reports of crashing with yesterday's 20060815 build or today's 20060816 builds. And personally, this bug used to crash me a lot, but hasn't yesterday or so far today.
Reporter | ||
Comment 13•17 years ago
|
||
Yep.
Status: REOPENED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 14•17 years ago
|
||
It's back in 20060831 (1.8 branch).
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Reporter | ||
Comment 15•17 years ago
|
||
Disappearance / reappearance may be related to bug 346494 and bug 350312, somehow.
Comment 16•17 years ago
|
||
Any sign on trunk? I need to land patch for lexical catch vars (bug 336379) on the 1.8 branch still, and soon. That may have a good effect, but I'd like to know for sure. /be
Reporter | ||
Comment 17•17 years ago
|
||
For what it's worth, this seems to have come back only in a single build (although for multiple users) and then gone away again.
Reporter | ||
Comment 18•17 years ago
|
||
But then a bunch more reports in 2006-09-04-04-1.8 Firefox.
Reporter | ||
Comment 19•17 years ago
|
||
It went away, came back, and went away again. The last time it went away corresponds to the checkin of bug 350787, which I suppose could be related.
Reporter | ||
Comment 20•17 years ago
|
||
OK, worksforme again, since it's been gone since my last comment.
Status: REOPENED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → WORKSFORME
Comment 21•17 years ago
|
||
Since this isn't showing up in recent TB reports anymore - removing it from 1.8.1 blocker list...
Flags: blocking1.8.1+ → blocking1.8.1-
Comment 22•17 years ago
|
||
This crash popped up for one day on the trunk. (2006091304)
Comment 23•17 years ago
|
||
This may be back based on a few reports on mozillazine...here are two TBIDs: TB23488602W TB23489597X Leaving resolved though to wait a day just to see if this isn't just one person with a screwed profile or something.
Comment 24•17 years ago
|
||
This bug appears to have returned, so I am reopening this topcrasher and requesting blocking for 2.0 (previously minused because the bug mysteriously disappeared).
Status: RESOLVED → REOPENED
Flags: blocking1.8.1- → blocking1.8.1?
Resolution: WORKSFORME → ---
Comment 25•17 years ago
|
||
I've lots of crashes in the last two days. Some are: TB23491217Y, TB23493454Q, TB23523508H, TB23522365Y They happen if I click on any link on different pages... or if I close firefox. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060920 BonEcho/2.0 ID:2006092004 Console² 0.3.6 Disable Targets For Downloads 1.0.1 DOM Inspector 1.8.1 DownThemAll! 0.9.9.6.5 Flashblock 1.5.1 Image Zoom 0.2.7 Nightly Tester Tools 1.1 Password Save [de] 0.5 Popup Count 0.3.4 ProxyButton 0.2.5 Talkback 2.0 Update Channel Selector 1.0.1 VideoDownloader 1.1
Comment 26•17 years ago
|
||
Brian C/Brendan can you take a look and see if we know what's going on?
Flags: blocking1.8.1? → blocking1.8.1+
Whiteboard: rcinvestigate
Comment 27•17 years ago
|
||
That address is -179. It doesn't ring a bell. Igor, any thoughts? /be
Comment 28•17 years ago
|
||
(In reply to comment #27) > That address is -179. It doesn't ring a bell. > > Igor, any thoughts? No. But it does not look for me like an integer that overwrote function pointer. It looks more like a bit pattern or a hash value. The later is probable since the crashes are around hash enumeration functions.
Comment 29•17 years ago
|
||
TB23690203X TB23686072H
Reporter | ||
Comment 30•17 years ago
|
||
People who are seeing this: * does disabling extensions make it go away? Is there a particular extension triggering it? * if you have some crash logging tool other than talkback that includes a raw stack dump, a report from that tool would be useful (but just one or two -- not more). However, to be useful, I need to know *exactly* which build you were using when you crashed (and be able to get that build).
Reporter | ||
Comment 31•17 years ago
|
||
There are a bunch of crashes reported as being in js_SweepScopeProperties: either at line 1587 or 1563 of jsscope.c (line numbers on 1.8 branch, post JS 1.7 landing). I can't get more details, though, since spike is down. (Only one of them was this month, though.)
Reporter | ||
Comment 32•17 years ago
|
||
Except the one report this month was marked as line 1585.
Reporter | ||
Comment 33•17 years ago
|
||
Reporter | ||
Comment 34•17 years ago
|
||
It looks like this may have gone away on the branch with the fix to bug 353227 (and it started around the same time, too).
Comment 35•17 years ago
|
||
re: comment 30, I have crashed at 0xffffff4d with a new profile; so the only extensions installed were Talkback and Domi.
Reporter | ||
Comment 36•17 years ago
|
||
Marking worksforme, since there have been no crashes with 2006-09-26 builds and none so far with 2006-09-27 builds.
Status: REOPENED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → WORKSFORME
Updated•17 years ago
|
Keywords: fixed1.8.1
Comment 37•17 years ago
|
||
ive been hgavikng this crash on latest trunk nightly
Comment 38•17 years ago
|
||
TB23869554Y TB23869061M seems too still affect trunk
Comment 39•17 years ago
|
||
Looks like it is back in the RC1 top crash reports... Ranked as #2 with 19% of the early crashes Windows Build 091818 http://talkback-public.mozilla.org/reports/firefox/FF2rc1/FF2rc1-topcrashers.html #2 0xffffff4d 19.2% 2350 149109 2350 2350 http://talkback-public.mozilla.org/reports/firefox/FF2rc1/smart-analysis.win 2 0xffffff4d 2350 ==================================================================================================== Count Offset Real Signature [ 17 0xffffff4d da2edacf - js_GC ] [ 15 0xffffff4d 5e24c79e - js_GC ] [ 14 0xffffff4d 9b02f666 - js_GC ] [ 11 0xffffff4d b303d2b0 - js_GC ] [ 11 0xffffff4d a173024d - js_GC ] [ 11 0xffffff4d 87279285 - js_GC ] [ 11 0xffffff4d 0eaa4b1a - js_GC ] [ 10 0xffffff4d fc9e44e1 - js_GC ] [ 10 0xffffff4d 92585901 - js_GC ] [ 10 0xffffff4d 098ad2ce - js_GC ] [ 9 0xffffff4d f36210e8 - js_GC ] [ 9 0xffffff4d aba387a8 - js_GC ] [ 9 0xffffff4d a6539b99 - js_GC ] [ 9 0xffffff4d 72f4b34c - js_GC ] [ 9 0xffffff4d 598980e1 - js_GC ] Crash date range: 20-SEP-06 to 29-SEP-06 Min/Max Seconds since last crash: 28 - 191376 Min/Max Runtime: 228 - 221381 Count Platform List 165 Windows XP [Windows NT 5.1 build 2600] Count Build Id List 165 2006091818 No of Unique Users 58 Stack trace(Frame) 0xffffff4d 0x01183008 js_GC [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsgc.c line 2873] JS_GC [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsapi.c line 1944] nsAppStartup::Run [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp line 152] main [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp line 61] kernel32.dll + 0x16fd7 (0x7c816fd7) (23903190) URL: www.bild.de (23903190) Comments: Reading article (23898263) URL: basketball.fantasysports.yahoo.com/nba (23898236) URL: basketball.fantasysports.yahoo.com/nba (23897503) URL: basketball.fantasysports.yahoo.com/nba (23897028) URL: basketball.fantasysports.yahoo.com/nba (23897028) Comments: Checking on my fantasy basketball team (23889330) URL: www.circles99.com (23883054) URL: http://www.youtube.com/watch?v=FFf7AtAOagw&mode=related&search= (23883054) Comments: Using a Jump feature on a forum to go from one room to the next. (23879931) URL: www.gmail.com (23879931) Comments: When i started to look an profile on orkut browser crashes. (23873710) URL: http://www.youtube.com/watch?v=FFf7AtAOagw&mode=related&search= (23873710) Comments: Again clicking on a link. This is getting annoying (23867799) URL: www.free-mobile.net (23867799) Comments: page had just loaded was not loading anything new (23852764) URL: www.studivz.net (23852764) Comments: Browsing and downloading a 35MB program (iTunes) (23851244) URL: www.pcinpact.com (23851244) Comments: I wasn't in front of my screen (23850211) Comments: I closed som tabs (23827857) URL: www.loveandseek.com (23827857) Comments: clicking the back button (23827592) URL: www.torncity.com (23827275) URL: www.torncity.com (23827215) URL: www.torncity.com (23816197) URL: www.torncity.com (23813189) URL: www.torncity.com (23811726) URL: http://www.miacrew.com/forums/viewtopic.php?t=61 (23811726) Comments: I was just reading forum posts when the browser crashed this is the 3rd time (23810538) URL: www.graysonline.com.au (23799330) URL: www.circles99.com (23690456) URL: endless-fantasy.de (23677770) URL: endless-fantasy.de (23675159) URL: endless-fantasy.de (23664320) URL: endless-fantasy.de (23645524) URL: endless-fantasy.de (23640634) URL: endless-fantasy.de (23640150) URL: endless-fantasy.de (23639717) URL: endless-fantasy.de (23587780) URL: endless-fantasy.de (23584356) URL: endless-fantasy.de (23571123) URL: endless-fantasy.de
Comment 40•17 years ago
|
||
Right. RC1 is still going to show this crash because it wasn't fixed until after we built RC1.
Reporter | ||
Comment 41•17 years ago
|
||
Seems to have gone away on the trunk with the fix to bug 352520 (between the 2006-09-28 and 2006-09-29 builds).
Reporter | ||
Comment 42•17 years ago
|
||
Then again, that could just be insufficient data volume. In any case, if it's still around on the trunk, that should probably be a separate bug.
Updated•13 years ago
|
Crash Signature: [@ 0xffffff4d]
[@ js_GC]
You need to log in
before you can comment on or make changes to this bug.
Description
•