Closed
Bug 542286
Opened 15 years ago
Closed 13 years ago
Crash on vizworld.com [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ]
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: randall.hand, Unassigned)
References
()
Details
(Keywords: crash, crashreportid, regression)
Crash Data
Attachments
(1 obsolete file)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) At random intervals, the browser crashes upon completing load of a page. Complete crash to desktop with Access Violation or SEGSEV. Reproducible: Sometimes Steps to Reproduce: 1. Load any page on VizWorld.com 2. Reload the page 3. Repeat until Crash. bpids: 7b25c8dd-6ef4-44ea-9340-4fe982100126 8e45c72d-fdc9-4222-a013-95ab22100125 e01c74b8-7fe8-42fd-a21b-f39862100126 d5004e82-ced0-43bb-9b5f-608112100126 8b23c052-ddde-410c-b250-8ee472100126 463a642b-f66f-4af5-ad3a-ca4b12100126 64266522-a204-442d-ac5d-711ec2100126 793f418c-d649-4038-8642-ab29c2100126 Tried it in Safe-Mode (no plugins), still crashes. Confirmed on Mac, Windows, & Linux. Crash does not occur under 3.5 or 3.5.1 The crash appears to be introduced in 3.5.2. Versions 3.5 and 3.5.1 were tested for 1 hour with no crashes. All others crashed within 2 minutes. 3.5 ----> OK 3.5.1 --> OK 3.5.2 --> Crash 3.5.3 --> Crash 3.5.4 --> Crash 3.5.5 --> Crash 3.5.6 --> Crash 3.6 ----> Crash Testing consisted of simply reloading http://www.vizworld.com every 30s. Also tested in : Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a1pre) Gecko/20100126 Minefield/3.7a1pre Same problem.
Comment 1•15 years ago
|
||
bp-7b25c8dd-6ef4-44ea-9340-4fe982100126 bp-8e45c72d-fdc9-4222-a013-95ab22100125 bp-e01c74b8-7fe8-42fd-a21b-f39862100126 bp-d5004e82-ced0-43bb-9b5f-608112100126 bp-8b23c052-ddde-410c-b250-8ee472100126 bp-463a642b-f66f-4af5-ad3a-ca4b12100126 bp-64266522-a204-442d-ac5d-711ec2100126 bp-793f418c-d649-4038-8642-ab29c2100126
Assignee: nobody → general
Status: UNCONFIRMED → NEW
Component: General → JavaScript Engine
Ever confirmed: true
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Summary: FireFox Crash related to Javascript CC → Crash on vizworld.com [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ]
Updated•15 years ago
|
Summary: Crash on vizworld.com [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ] → Crash on vizworld.com [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ]
Updated•15 years ago
|
Assignee: general → nobody
Component: JavaScript Engine → XPCOM
QA Contact: general → xpcom
Updated•15 years ago
|
Comment 2•15 years ago
|
||
Here is my Mac crash on trunk: http://crash-stats.mozilla.com/report/index/e52aa848-8207-492f-8b9c-efc9b2100126.
Reporter | ||
Comment 3•15 years ago
|
||
Ok, new information. After digging into wordpress I found that the combination of W3 Total Cache & WordPRess.com Stats is to blame. I edited the Wordpress.com Stats plugin to remove the 'Link: <http://wp.me/asdf>; rel=shortlink' HTTP Header it returned, and remove the <link rel="shortlink"> it added in the HEAD block. That seems to have eliminated the crash. Perhaps a conflict in the "X-Powered-By: W3 Total Cache/0.8.5.1" Header and the "Link" header tickled some rare Bug? If I re-enabled the Link header, the crash returns.
Comment 4•15 years ago
|
||
Had this crash on me twice in the past couple of days, with a Firefox 3.6.4 beta on Mac OS X 10.4 (build ID: 20100513134853). bp-51d52ccb-4502-43fa-b636-5b22e2100518 bp-e254f837-7f99-4fed-bcff-4bb8e2100520 Any progress on getting this fixed? Or any insight as to why it's recently cropped back up?
Comment 5•15 years ago
|
||
(To answer my second question, I can only assume this has something to do with the backporting of Lorentz.) But I also seem to have found a new website that crashes fairly consistently in this build: http://tvbythenumbers.com/ It's crashed twice more since I last commented. (One of the crash reports I linked to earlier was also from this website.) However, one of the crashes is apparently from [@ nsTimerEvent::Run() ], which isn't mentioned in the bug summary. bp-a53991ce-c6f8-4658-b866-9e2122100520 bp-5dad8e81-6193-48c1-ab0e-1c0922100520
Comment 6•15 years ago
|
||
Gordon: I don't crash following your steps using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4, but I would have to go down to the lab to try 10.4. (In reply to comment #5) > (To answer my second question, I can only assume this has something to do with > the backporting of Lorentz.) > > But I also seem to have found a new website that crashes fairly consistently in > this build: > http://tvbythenumbers.com/ > > It's crashed twice more since I last commented. (One of the crash reports I > linked to earlier was also from this website.) However, one of the crashes is > apparently from [@ nsTimerEvent::Run() ], which isn't mentioned in the bug > summary. > > bp-a53991ce-c6f8-4658-b866-9e2122100520 > bp-5dad8e81-6193-48c1-ab0e-1c0922100520
Comment 7•15 years ago
|
||
One more to show that this is still happening: http://crash-stats.mozilla.com/report/index/33cc383a-8fde-4310-b7d7-aa7672100616 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4
Comment 8•14 years ago
|
||
The lower volume nsXULControllers::cycleCollection::UnmarkPurple.nsISupports.. crash seems to have strangely disappeared or shifted in 3.6.10. date tl crashes at, count build, count build, ... nsXULControllers::cycleCollection::UnmarkPurple.nsISupports.. 20100920 54 46 3.6.92010082415, 4 3.5.122010082411, 2 3.5.72009122116, 1 3.5.82010020216, 1 3.5.22009072922, 20100921 46 37 3.6.92010082415, 6 3.5.122010082411, 2 3.5.72009122116, 1 3.5.22009072922, 20100922 41 35 3.6.92010082415, 2 3.5.72009122116, 2 3.5.22009072922, 2 3.5.122010082411, 20100923 31 26 3.6.92010082415, 2 3.5.72009122116, 1 3.7a12010020810, 1 3.5.22009072922, 1 3.5.122010082411, 20100924 16 12 3.6.92010082415, 3 3.5.72009122116, 1 3.5.22009072922, 20100925 25 21 3.6.92010082415, 2 3.5.82010020216, 1 3.5.72009122116, 1 3.5.22009072922, 20100926 14 12 3.6.92010082415, 1 3.5.72009122116, 1 3.5.22009072922, and nsXULPDGlobalObject::cycleCollection::UnmarkPurple.nsISupports.. is only seen on older 3.5.x releases in small volume. date tl crashes at, count build, count build, ... nsXULPDGlobalObject::cycleCollection::UnmarkPurple.nsISupports.. 20100920 2 3.5.62009120122 2 , 20100921 3 3.5.32009082410 3 , 20100922 20100923 1 3.5.32009082410 1 , 20100924 1 3.5.32009082410 1 , 20100925 1 3.5.62009120122 1 , 20100926 4 2 3.5.32009082410, 1 3.5b992009060516, 1 3.5.62009120122, looks like at this point this is mostly about nsJSArgArray::cycleCollection::UnmarkPurple.nsISupports.. date tl crashes at, count build, count build, ... nsJSArgArray::cycleCollection::UnmarkPurple.nsISupports.. 20100920 675 614 3.6.102010091412, 18 3.6.82010072215, 9 3.6.92010082414, 8 3.5.132010091412, 7 3.6.62010062522, 6 3.6.32010040106, 5 3.5.112010070101, 2 3.62010011513, 1 3.6.82010072214, 1 3.6.22010031605, 1 3.6.10pre2010091503, 1 3.5.92010031508, 1 3.5.72009122115, 1 3.5.122010082410,
This error seems to cause the majority of my crashes on Firefox—which have reached 11 per day at the top end now. To Randall Hand above, there may be a link with Wordpress Stats, because I use this plug-in, though I don't use the W3 Total Cache.
Comment 10•14 years ago
|
||
Noting that I have this same crash on Windows Vista (I typically get it on XP, from which I filed the comment above). It is far more widespread than I believe Mozilla would like to acknowledge.
Comment 11•14 years ago
|
||
(In reply to comment #10) > Noting that I have this same crash on Windows Vista (I typically get it on XP, > from which I filed the comment above). It is far more widespread than I believe > Mozilla would like to acknowledge. Mozilla doesn't take the time to actively not acknowledge something. If it were more "widespread", there would be more than 10 comments here. Comment 8 shows the crash stats as of the end of September. If you have seen a sharp increase of crashes in recent builds, please provide your crash IDs.
Comment 12•14 years ago
|
||
Thank you, Gordon. I would have filed more, but they have disappeared from my about:crashes. On the 9th, for example, I had 11 crashes (http://jackyan.com/blog/2010/1209b4.png). Now it shows only seven. Typically, Firefox crashes four times per day, more often than not with this crash, regardless of the platform I use (XP or Vista). As requested, here are the most recent ones that about:crashes has not deleted from my XP PC; will have to go on to my Vista laptop to get those separately. I’ve stopped at the last 3.6.12 crash I could find: bp-ea466628-76ad-42e0-881b-8032e2101217 bp-c28da65d-d843-4ce4-a45f-0ef022101220 bp-9292cae5-6881-4aa9-b365-e7d1a2101215 bp-3121ca66-e15b-4b77-bc58-3c5c02101214 bp-4caf473a-2119-4a3f-97c4-ef7ce2101212 bp-df829354-1f5a-4fb8-b80e-c86922101204 Unlike others, I have seen a sharp increase in crashes since 3.6.10 (no crashes per day to an average of four), but never knew about Bugzilla or about:crashes till fairly recently. I realize everything is relative, and you’ve seen other things that crash Firefox a lot more, but there’s a strong possibility that many netizens don’t even know about this site.
Comment 13•14 years ago
|
||
From the Vista laptop: bp-6271d23b-ae8b-41de-a060-e815b2101220 918e4fa1-806e-4724-a82b-9c5502101219 bp-9a2efd3b-9355-4f1f-82dc-2551b2101128 Again, there were far more on the day (e.g. about:crashes shows three from yesterday; in fact there were five—I hope this means they are either getting solved or consolidated), but these are the only two remaining for 3.6.13 (the last for 3.6.12).
Comment 14•14 years ago
|
||
Hmm... you're right. In the past week, there have been over 3600 crashes of this sort in 3.6.13 on Windows. In the past month, ~4900. It does appear that there is a significant difference between build 2010113000 and build 2010120300, in terms of the number of crashes, though that may be a result of the disparity between number of users of those builds. Interestingly, there is a large number of crashes for 3.5.15, and significantly smaller for 3.5.16. I'm not the right person to be looking into this, but that should help whoever is.
Comment 15•14 years ago
|
||
Thank you, Gordon—it’s nice to have confirmation of the error, especially from someone who knows more than the average punter. Do you think I should keep filing here as the crashes recur or will this be annoying for everyone?
Comment 16•14 years ago
|
||
extension (amulet-jslib?) 3112ca9c-de6d-4884-a869-9855de68056c frozen.dll http://spywarefiles.prevx.com/RRFHFG43217130/AMULET-JSLIB.EXE.html Malware Family: Part of Malware group - Trojan Spyware Perfect Keylogger Determination: Automatically determined using Prevx centralized heuristics Malware Form: EXPLOIT 4. PROPAGATION ANALYSIS OF: AMULET-JSLIB.EXE Malware Group Propagation Rate: Moderate (spreading)Malware Group: Trojan Spyware Perfect Keylogger Jack: you're using mcafee antivirus? could you please try using MSE2 and see if it complains? Also, please attach frozen.dll to this bug be sure to mark it as 'suspicious library requested by timeless'
Summary: Crash on vizworld.com [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ] → [frozen.dll malware] Crash on vizworld.com [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ]
Summary: [frozen.dll malware] Crash on vizworld.com [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ] → Crash on vizworld.com [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ][@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ]
Comment 17•14 years ago
|
||
Hi Timeless: Thank you. Can I ask what is MSE2? (I have searched but there seems to be many explanations for what that stands for.) I will attach frozen.dll as soon as I figure out how to do it—thank you for checking it out for me, in advance. Meanwhile, this is from my laptop: cf19ace1-60e2-4a4a-9f10-dc83b2101228
Comment 18•14 years ago
|
||
Timeless, here is my frozen.dll as requested. Any help would be most welcome.
Comment 19•14 years ago
|
||
Microsoft Security Essentials 2.0 http://www.microsoft.com/security_essentials/
Comment 20•14 years ago
|
||
Comment on attachment 500577 [details]
Google signed library (frozen.dll)
thanks, mse2 doesn't object and there's a digital signature which windows seems to accept as coming from google.
Attachment #500577 -
Attachment description: Suspicious library requested by timeless → Google signed library (frozen.dll)
Attachment #500577 -
Attachment is obsolete: true
Comment 21•14 years ago
|
||
Sorry for disappearing. Ryan, thank you, I will download it.
Comment 22•14 years ago
|
||
(In reply to comment #20) > Comment on attachment 500577 [details] > Google signed library (frozen.dll) > > thanks, mse2 doesn't object and there's a digital signature which windows seems > to accept as coming from google. Timeless, thank you. In other words, my frozen.dll is OK? Or is there something afoot with a Google add-on I might have?
Comment 23•14 years ago
|
||
Quick note: this error no longer seems to creep up with my crashes—figuring it could be a plug-in?
Comment 24•14 years ago
|
||
Ha ha, spoke too soon! f46633ac-2d7c-4dcc-a50c-0e52c2110126 Two crashes in half an hour. The first one was not this, but imgCacheExpirationTracker::NotifyExpired(imgCacheEntry*), which has also been coming up a lot.
Assignee | ||
Updated•14 years ago
|
Crash Signature: [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ]
[@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ]
[@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ]
Comment 25•13 years ago
|
||
So these 3 signatures only appear in 3.5 and 3.6. Since they don't happen in current versions, resolving this bug as works for me. There are other bugs logged for similar signatures already.
Status: NEW → RESOLVED
Crash Signature: [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ]
[@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ]
[@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ] → [@ nsJSArgArray::cycleCollection::UnmarkPurple(nsISupports*) ]
[@ nsXULControllers::cycleCollection::UnmarkPurple(nsISupports*) ]
[@ nsXULPDGlobalObject::cycleCollection::UnmarkPurple(nsISupports*) ]
Closed: 13 years ago
Resolution: --- → WORKSFORME
Comment 26•10 years ago
|
||
Issue is resolved - clearing old keywords - qa-wanted clean-up
Keywords: regressionwindow-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•