[crash] repeatable crashes on [@ js_Invoke - nsXPCWrappedJSClass::CallMethod]

VERIFIED DUPLICATE of bug 425499

Status

()

Firefox
General
--
critical
VERIFIED DUPLICATE of bug 425499
10 years ago
7 years ago

People

(Reporter: Andreas Goetz, Unassigned)

Tracking

({crash})

Trunk
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008032705 Minefield/3.0pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008032705 Minefield/3.0pre

Recently, I'm seing multiple crashes with FF3 nightlies. I've been sofar unable to identify a single action or addon to cause this and could not reproduce it in safe mode yet. While frame 0 differes the frame stack is always the same:

1 	js_Invoke 	mozilla/js/src/jsinterp.c:1303
2 	nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) 	mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1475
3 	nsXPCWrappedJS::CallMethod(unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) 	mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp:559
4 	PrepareAndDispatch 	mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114
5 	SharedStub 	mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141
6 	NS_InvokeByIndex_P 	mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
7 	XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) 	mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:2369

Sample crash reports showing this behaviour are bp-af6d3fb5-fcb7-11dc-b608-001a4bd43ef6 p-515a1f6e-fcb7-11dc-b430-001a4bd43e5c bp-88ae66b3-fcb6-11dc-bb53-001a4bd43ef6

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
(Reporter)

Comment 1

10 years ago
bp-68eb5647-fb90-11dc-8cca-001a4bd43ef6 is another one with a different frame 0 signature. Since other frame are identical I believe this is all the same issue?
(Reporter)

Comment 2

10 years ago
So frame 0 signatures I've seen sofar with the same stack are: @0x0, @0x1, @0x200020, xpsp2res.dll@0x2000a0
(Reporter)

Comment 3

10 years ago
Another frame 0 seen is xpsp2res.dll@0x202113 in bp-91d6ecfd-fcbc-11dc-8135-001a4bd43e5c

Comment 4

10 years ago
0x20.. is a garbage collection signature (and it will appear as xpsp2res because that loads at 0x20000000)
0x0 is of course a null pointer, and 0x1 is probably a tagged something.

could you at least list all extensions you have? also please disable compatibility bypass and try enabling only half of your extension (some sort of binary search to find a crashing extension is appreciated)
Keywords: crash, stackwanted
Summary: [crash] repeatable crashes on js_Invoke → [crash] repeatable crashes on [@ js_Invoke - nsXPCWrappedJSClass::CallMethod]
(Reporter)

Comment 5

10 years ago
Started doing that. Basically waiting for next crash now. As they're not easy to reproduce this might take some time. Any chance to get more info out of the (next) crash regarding hints? Deeper frames for identifying the caller?
(Reporter)

Comment 6

10 years ago
I believe the culprit is Adblock Plus, potentially in conjunction with something else. I've had best success in repducing with https://greenhouse.lotus.com/lotus/quickr (requires registration). Usually crashes right when logging into the site, sometimes requires to navigate to a blog first.
Can consistenly see crashes with ABP 0.7.5.3 or later nightly build.

Comment 7

10 years ago
we do have bugs relating to content policies the crashes are listed w/ either abp or noscript.
(Reporter)

Comment 8

10 years ago
Not sure what you're saying (content policy)- where could I check if this is the behaviour I'm seing?

Comment 9

10 years ago
Even if these crashes are linked to adblock plus, they should not be crashes.
Somewhere exceptions are not being properly caught it seems.
I've had at least 2 or 3 times these crashes every day for the past few days.
Some other people around me have too:
see these(possibly) related crash ids:
http://crash-stats.mozilla.com/report/index/c8ed22fa-fc45-11dc-9569-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/b99a17f5-fc45-11dc-813d-001a4bd43ef6
http://crash-stats.mozilla.com/report/index/9d1184e6-fb84-11dc-a77e-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/8c0421eb-fb84-11dc-90cb-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/11815e0f-fac8-11dc-8f2c-001a4bd43ed6
http://crash-stats.mozilla.com/report/index/404e6c19-faa3-11dc-acdb-001a4bd43ef6
http://crash-stats.mozilla.com/report/index/72000080-f9d5-11dc-b8cf-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/2097ecab-fb6b-11dc-bc15-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/cdc8471e-fb64-11dc-8c43-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/46b9174f-fb64-11dc-aa6a-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/91b79033-fb63-11dc-bbb2-001a4bd43ef6

or these devenv stack traces:
http://saber.kawaii-shoujo.net/Various/trace.txt
(or the same in windbg: http://saber.kawaii-shoujo.net/Various/trace3.txt )
http://saber.kawaii-shoujo.net/Various/meh.txt

I will confirm(or not) that these are linked to adblock plus by disabling it and seeing if it improves anything.
However there is definitely something fishy in these uncaught exceptions.

Comment 10

10 years ago
If this crash is adblock related, it's not adblock all alone. Just had one more with adblock disabled. I will try progressively turning off all extensions(especially more intrusive ones).

Here's the trace for the latest crash:
http://saber.kawaii-shoujo.net/Various/another.txt
It's not adblock related. Firebug 1.1b causes this crash.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Keywords: stackwanted
OS: Windows XP → All
Hardware: PC → All
Resolution: --- → DUPLICATE
Version: unspecified → Trunk
Duplicate of bug: 425499

Updated

10 years ago
Status: RESOLVED → VERIFIED
(Assignee)

Updated

7 years ago
Crash Signature: [@ js_Invoke - nsXPCWrappedJSClass::CallMethod]
You need to log in before you can comment on or make changes to this bug.