Closed
Bug 536074
Opened 16 years ago
Closed 7 years ago
Crash [@ JS_ResumeRequest ]
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: chofmann, Unassigned)
Details
(Keywords: crash, Whiteboard: [mobile-crash])
Crash Data
#57 top crash in early 3.6b5 data
#108 in 3.5.6
consistently about 200 crashes per day across all post 3.5 releases.
hecking --- 20091219-crashdata.csv JS_ResumeRequest
release total-crashes
JS_ResumeRequest crashes
pct.
all 208220 210 0.00100855
3.0.15 8049 0
3.0.16 28224 0
3.5.5 21966 25 0.00113812
3.5.6 97104 124 0.00127698
3.6b5 14558 29 0.00199203
3.6b4 7097 16 0.00225447
3.6b3 701 2 0.00285307
3.6b2 752 0
3.6b1 2016 1 0.000496032
stack looks like
http://crash-stats.mozilla.com/report/index/6d8a7094-caa0-4a8f-bb53-234e52091220
Frame Module Signature [Expand] Source
0 js3250.dll JS_ResumeRequest js/src/jsapi.cpp:1020
1 xul.dll nsXPConnect::Pop js/src/xpconnect/src/nsXPConnect.cpp:2567
2 xul.dll nsJSContext::ClearScope dom/base/nsJSEnvironment.cpp:3419
3 xul.dll nsGlobalWindow::SetNewDocument dom/base/nsGlobalWindow.cpp:1748
4 xul.dll nsGlobalWindow::SetNewDocument dom/base/nsGlobalWindow.cpp:1566
5 xul.dll DocumentViewerImpl::InitInternal layout/base/nsDocumentViewer.cpp:958
6 xul.dll DocumentViewerImpl::Init layout/base/nsDocumentViewer.cpp:698
7 xul.dll nsGenericElement::BindToTree content/base/src/nsGenericElement.cpp:2661
8 xul.dll nsContentUtils::RemoveScriptBlocker content/base/src/nsContentUtils.cpp:4474
9 mozcrt19.dll malloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:5790
10 mozcrt19.dll operator new obj-firefox/memory/jemalloc/crtsrc/new.cpp:54
11 xul.dll nsACString_internal::Assign xpcom/string/src/nsTSubstring.cpp:362
12 xul.dll nsSimpleURI::Internal::QueryInterface netwerk/base/src/nsSimpleURI.cpp:73
13 xul.dll nsACString_internal::Assign xpcom/string/src/nsTSubstring.cpp:422
14 xul.dll nsDocument::SetDocumentCharacterSet content/base/src/nsDocument.cpp:2802
15 xul.dll nsCOMPtr_base::~nsCOMPtr_base obj-firefox/xpcom/build/nsCOMPtr.cpp:81
16 xul.dll DocumentViewerImpl::SyncParentSubDocMap layout/base/nsDocumentViewer.cpp:660
more reports at http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=JS_ResumeRequest&version=Firefox%3A3.6b5
|
||
Comment 1•16 years ago
|
||
Looks like this is mostly another RelevantKnowledge issue, but some other plugins are probably doing bad stuff too:
JS_ResumeRequest|EXCEPTION_ACCESS_VIOLATION (36 crashes)
67% (24/36) vs. 2% (329/13600) {6E19037A-12E3-4295-8915-ED48BC341614} (*xg.dll (RelevantKnowledge), http://www.relevantknowledge.com/)
25% (9/36) vs. 1% (115/13600) {8141440E-08F0-4339-9959-5C31C6A69F23}
25% (9/36) vs. 1% (128/13600) {E889F097-B0BE-471B-89AD-B86B6F04B506}
25% (9/36) vs. 1% (133/13600) {E63605FC-D583-4C81-867F-9457BDB3EA1B}
17% (6/36) vs. 0% (17/13600) coc@ble.pl (NEW Glasser by SzymekPL, https://addons.mozilla.org/addon/12951)
42% (15/36) vs. 29% (3955/13600) jqs@sun.com (Java Quick Starter, http://java.sun.com/javase/downloads/)
14% (5/36) vs. 5% (694/13600) {3f963a5b-e555-4543-90e2-c3908898db71}
19% (7/36) vs. 11% (1481/13600) mozilla_cc@internetdownloadmanager.com (IDM CC, https://addons.mozilla.org/addon/6973)
8% (3/36) vs. 0% (26/13600) {40f1eb95-4de4-4f36-a826-054ee36bb905}
14% (5/36) vs. 6% (868/13600) {3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar, https://addons.mozilla.org/addon/6249)
|
|
||
Comment 2•16 years ago
|
||
From the minidump:
- The proximate cause of the crash is that JS_ResumeRequest is called with a NULL cx argument.
- It turns out JS_ResumeRequest is being called with garbage arguments: cx is NULL and saveDepth is 1699388956. The caller of JS_ResumeRequest is XPCJSContextStack::Pop, which gets those arguments from the struct instance at the top of its mStack member.
So, I'm guessing that some bad plugins pop the XPCJSContextStack too many times (however they do it--resuming or ending requests?) and crash that way.
|
Assignee | |
Updated•14 years ago
|
Crash Signature: [@ JS_ResumeRequest ]
|
||
Updated•14 years ago
|
Severity: normal → critical
occurs in mobile as well. see bug 698349
Whiteboard: [mobile-crash]
|
||
Comment 4•14 years ago
|
||
This crash occurred on the latest Nightly build (Native Fennec): https://crash-stats.mozilla.com/report/index/bp-f4f9632d-53b2-4e8b-b65d-0318c2111117
I'll provide more info about this crash when I will find out the reproducing steps for it.
|
||
Comment 5•14 years ago
|
||
It affects all platforms but stacks are various.
Assignee: general → nobody
Component: JavaScript Engine → XPConnect
OS: Windows XP → All
QA Contact: general → xpconnect
Hardware: x86 → All
|
|
||
Comment 6•14 years ago
|
||
The stack on Mac looks like:
Frame Module Signature Source
0 XUL JS_ResumeRequest js/src/jscntxt.h:980
1 XUL XPCJSContextStack::Pop js/xpconnect/src/XPCThreadContext.cpp:107
2 XUL nsCxPusher::Pop content/base/src/nsContentUtils.cpp:2686
3 XUL nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:289
4 XUL nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:402
5 XUL nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:681
6 XUL nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:744
7 XUL nsGlobalWindow::DispatchEvent dom/base/nsGlobalWindow.cpp:7396
8 XUL nsGlobalWindow::DispatchEvent dom/base/nsGlobalWindow.cpp:7379
9 XUL nsContentUtils::DispatchTrustedEvent content/base/src/nsContentUtils.cpp:3065
10 XUL nsFocusManager::WindowRaised dom/base/nsFocusManager.cpp:713
11 XUL nsWebShellWindow::HandleEvent xpfe/appshell/src/nsWebShellWindow.cpp:447
12 XUL nsCocoaWindow::DispatchEvent widget/src/cocoa/nsCocoaWindow.mm:1348
13 XUL -[WindowDelegate sendFocusEvent:] widget/src/cocoa/nsCocoaWindow.mm:1920
14 XUL -[WindowDelegate sendToplevelActivateEvents] widget/src/cocoa/nsCocoaWindow.mm:1955
15 XUL +[TopLevelWindowData activateInWindow:] widget/src/cocoa/nsWindowMap.mm:221
16 Foundation _nsnote_callback
Comments say:
"Disconnecting from a server while playing Quake Live"
|
||
Comment 7•7 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•