Closed
Bug 615098
Opened 14 years ago
Closed 11 years ago
crash [@ js::gc::MarkId ] with TestPilot (Mac, Windows) or Firebug or AdBlock plus (Mac) or Kikin (Windows)
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
blocking2.0 | --- | .x+ |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression, Whiteboard: [softblocker])
Crash Data
This is a new crash signature that exist in 4.0b7 and 4.0b8pre builds. It is #280 top crasher in 4.0b8pre for the last week. Signature js::gc::MarkId UUID 0cd8485f-91fa-4df2-90a9-c32992101127 Time 2010-11-27 21:37:05.751414 Uptime 47900 Last Crash 461141 seconds (5.3 days) before submission Install Age 47900 seconds (13.3 hours) since version was first installed. Product Firefox Version 4.0b8pre Build ID 20101127030319 Branch 2.0 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 15 model 2 stepping 9 Crash Reason EXCEPTION_ACCESS_VIOLATION_WRITE Crash Address 0xafc00c App Notes AdapterVendorID: 10de, AdapterDeviceID: 0322 MSAFD Tcpip [TCP/IP] : 2 : 1 : MSAFD Tcpip [UDP/IP] : 2 : 2 : %SystemRoot%\system32\mswsock.dll MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll RSVP UDP Service Provider : 6 : 2 : %SystemRoot%\system32\rsvpsp.dll RSVP TCP Service Provider : 6 : 1 : %SystemRoot%\system32\rsvpsp.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{06F03DD6-853B-40AE-9562-BA55BA51D8E7}] SEQPACKET 0 : 2 : 5 : %SystemRoot%\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{06F03DD6-853B-40AE-9562-BA55BA51D8E7}] DATAGRAM 0 : 2 : 2 : %SystemRoot%\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{60AFFCC2-DE5D-498D-BADD-A109D06BA9CF}] SEQPACKET 1 : 2 : 5 : %SystemRoot%\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{60AFFCC2-DE5D-498D-BADD-A109D06BA9CF}] DATAGRAM 1 : 2 : 2 : %SystemRoot%\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{6402FFE3-9500-43F2-A899-3BE8D640F226}] SEQPACKET 2 : 2 : 5 : %SystemRoot%\syste Frame Module Signature [Expand] Source 0 mozjs.dll js::gc::MarkId js/src/jsgcinlines.h:403 1 mozjs.dll js::Shape::trace js/src/jsscope.cpp:1460 2 mozjs.dll JSObject::trace js/src/jsscopeinlines.h:163 3 mozjs.dll js_TraceObject js/src/jsobj.cpp:6169 4 mozjs.dll js::gc::MarkChildren js/src/jsgcinlines.h:266 5 mozjs.dll js::gc::MarkObject js/src/jsgcinlines.h:240 6 mozjs.dll js::gc::MarkChildren js/src/jsgcinlines.h:252 7 mozjs.dll js::gc::MarkObject js/src/jsgcinlines.h:240 8 mozjs.dll js::gc::MarkChildren js/src/jsgcinlines.h:254 9 mozjs.dll js::gc::MarkObject js/src/jsgcinlines.h:240 10 mozjs.dll JSWrapper::trace js/src/jswrapper.cpp:284 11 mozjs.dll js::proxy_TraceObject js/src/jsproxy.cpp:924 More reports at: http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=js%3A%3Agc%3A%3AMarkId
Reporter | ||
Comment 1•13 years ago
|
||
It is #35 top crasher in 4.0b9pre for the last week.
blocking2.0: --- → ?
Reporter | ||
Comment 2•13 years ago
|
||
It is #9 top crasher in 4.0b9 for the last week.
blocking2.0: - → ?
Keywords: topcrash
Comment 3•13 years ago
|
||
These are very obscure--there's no way we can hold a release for them unless they are a disaster. We will try to look at them if we have time, though.
blocking2.0: ? → .x
Comment 4•13 years ago
|
||
#9 is pretty scary. We should try to reproduce and capture on a replay box. David, do you mind if we track this as a softblocker? (overrule me if you do)
Updated•13 years ago
|
blocking2.0: .x → final+
Whiteboard: [softblocker]
Comment 5•13 years ago
|
||
Adding chofmann to the bug. Should we get some URLs for this one?
Comment 6•13 years ago
|
||
(In reply to comment #5) > Adding chofmann to the bug. Should we get some URLs for this one? You could try but I doubt you will find much. See bug 613650. I think Bill did have some ideas for investigating these.
Comment 7•13 years ago
|
||
(In reply to comment #6) > (In reply to comment #5) > > Adding chofmann to the bug. Should we get some URLs for this one? > > You could try but I doubt you will find much. See bug 613650. I think Bill did > have some ideas for investigating these. yeah, not much of interest in the url list or other correlations that might help to reproduce. in general, it looks like just general purpose browsing, and this particular signature was introduced sometime during beta8 development Correlation to startup or time of session 250 total crashes for js::gc::MarkId on 20110120-crashdata.csv 25 startup crashes inside 30 sec. 79 startup crashes inside 3 min. 40 repeated crashes inside 3 min. of last crash checking --- js::gc::MarkId 20110120-crashdata.csv found in: 4.0b9 4.0b10pre 4.0b8 4.0b9pre release total-crashes js::gc::MarkId crashes pct. all 286249 250 0.000873365 4.0b9 45733 230 0.00502919 4.0b10pre 2333 11 0.00471496 4.0b8 5579 8 0.00143395 4.0b9pre 233 1 0.00429185 os breakdown js::gc::MarkIdTotal 250 Win5.1 0.68 Win6.0 0.02 Win6.1 0.26 flash versions around at time of crash 249 [blank] -- not loaded? 1 10.0.45.2 addon compatibility checks 22 [unknown or unchecked] 228 checked most frequent url is 14 http://ubactest.com:5000/?auth_id= XXXX someone's id and some youtube and adult video urls 1 http://www.youtube.com/watch?v=oohCQPABS7I&feature=related 1 http://www.youtube.com/watch?v=j850dqa-nTs&feature=related 1 http://www.youtube.com/watch?v=fWcFc2Bm7JE&feature=related 1 http://www.youtube.com/watch?v=ZwN9aqwQ2x4 1 http://www.youtube.com/watch?v=RYVm0qbWIZU 1 http://www.youtube.com/watch?v=R0_lZU8hye0&NR=1 1 http://www.youtube.com/watch?v=DtRhfqbp9MU 1 http://www.youtube.com/results?search_query=the%20time%20-%20black%20eyed%20peas&search=Search&sa=X&oi=spell&resnum=0&spell=1 many wyciwyg:// urls with google talk gaget and gmail around.
Comment 8•13 years ago
|
||
domains of sites 24 http://www.facebook.com 15 \N// 13 http://ubactest.com:5000 12 http://www.youtube.com 8 http://www.orkut.com.br 6 about:blank// 3 jar:file:// 3 http://www.video2mp3.net 3 http://www.google.com 3 http://nav3.zynga.com 3 http://apps.facebook.com
Comment 9•13 years ago
|
||
that combination of facebook and zynga, and yet hardly any flash version reported is an interesting one. maybe a lot of users don't have flash or have it turned off when hitting those.
(In reply to comment #6) > I think Bill did > have some ideas for investigating these. I was just thinking of poisoning objects after they're GCed in opt builds. That way we'd have a better chance of catching mark errors earlier.
Reporter | ||
Comment 11•13 years ago
|
||
It is currently #20 top crasher in 4.0b11 and #22 top crasher in 4.0b12pre over the last week. It still happens in today's build.
OS: Windows XP → All
Comment 12•13 years ago
|
||
There seem to be a hell of a lot of feedback problems reported for facebook/zynga games for some time now facebook games 1854 http://input.mozilla.com/en-US/beta/search?product=firefox&sentiment=sad&date_end=&date_start=&version=--&q=facebook+games farmville 921 http://input.mozilla.com/en-US/beta/search?product=firefox&sentiment=sad&date_end=&date_start=&version=--&q=farmville cityville 533 http://input.mozilla.com/en-US/beta/search?product=firefox&sentiment=sad&date_end=&date_start=&version=--&q=cityville frontierville 189 http://input.mozilla.com/en-US/beta/search?product=firefox&sentiment=sad&date_end=&date_start=&version=--&q=frontierville+ zynga 1025 http://input.mozilla.com/en-US/beta/search?q=zynga&product=firefox&version=--&date_start=&date_end=&sentiment=sad possible related bugs https://bugzilla.mozilla.org/show_bug.cgi?id=618681 https://bugzilla.mozilla.org/show_bug.cgi?id=613532
Comment 13•13 years ago
|
||
re: comment 8 and comment 12 I looked a bit closer at the particular facebook urls for this signature. they seen to have more to do with general facebook use like login, search, navigation, and widgets, than facebook apps and games like mentioned in comment 12. http://www.facebook.com/?ref=home http://www.facebook.com/photo.php?fbid= http://www.facebook.com/search.php?q= http://www.facebook.com/ajax/profile/navigation.php?id=http://www.connect.facebook.com/widgets/serverfbml.php http://27.145.channel.facebook.com/iframe/11?r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2Fy0%2Fr%2FNKjhTtmUUOU.js&r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2Fy-%2Fp%2Fr%2FdXuNX-mcpWo.js&r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2 http://www.facebook.com/extern/login_status.php?api_key=3 http://www.facebook.com/pagelet/generic.php/pagelet/home/morestories.php?__a=5&ajaxpipe=1&data= https://s-static.ak.facebook.com/common/redirectiframe.html
Comment 14•13 years ago
|
||
that could also explain why we don't see flash version info or flash in module list.
Comment 15•13 years ago
|
||
comment 12 is worth investigating, although just not part of this bug AFAICT, so I openned Bug 637532 - input shows problems with flash games on fx4 for more investigation.
Comment 17•13 years ago
|
||
** PRODUCT DRIVERS PLEASE NOTE ** This bug is one of 7 automatically changed from blocking2.0:final+ to blocking2.0:.x during the endgame of Firefox 4 for the following reasons: - it was marked as a soft blocking issue without a requirement for beta coverage
blocking2.0: final+ → .x+
Reporter | ||
Updated•13 years ago
|
Severity: normal → critical
Comment 18•13 years ago
|
||
This spiked very significantly on FF4 release day (yesterday), together with bug 601102 and bug 643746 (all three are in JS and started spiking on 4.0* the day before, so at least the spike cause might be related), which together account for 2800 crashes in a million 4.0* ADU on that day or about 7.4% of all 4.0* crashes on that day, all three are in the top ten top crashers for 4.0* for this day.
Reporter | ||
Comment 19•13 years ago
|
||
4.0 correlations by add-on gives: Mac OS X: 85% (736/869) vs. 26% (3180/12045) testpilot@labs.mozilla.com (Mozilla Labs - Test Pilot, https://addons.mozilla.org/addon/13661) Windows: 72% (252/352) vs. 26% (3180/12045) testpilot@labs.mozilla.com (Mozilla Labs - Test Pilot, https://addons.mozilla.org/addon/13661)
Summary: crash [@ js::gc::MarkId ] → crash [@ js::gc::MarkId ] mainly with TestPilot 1.1 and below
Comment 20•13 years ago
|
||
This crash has been around for longer than this recent spike, and the correlation with testpilot is a lot weaker than for e.g. bug 601102 and bug 643746. I *hypothesize* that there is some deeper problem in GC or so that we are just triggering a lot more likely when testpilot is installed.
Reporter | ||
Updated•13 years ago
|
Summary: crash [@ js::gc::MarkId ] mainly with TestPilot 1.1 and below → crash [@ js::gc::MarkId ] with TestPilot (Mac, Windows) or Firebug or AdBlock plus (Mac) or Kikin (Windows)
Reporter | ||
Comment 21•13 years ago
|
||
It is #2 (#1 unsolved) top crasher on Mac OS X and #6 on Windows in 4.0.
Updated•13 years ago
|
Assignee: general → wmccloskey
Comment 22•13 years ago
|
||
I think I have a fix for this and related id crashes.
Comment 23•13 years ago
|
||
Andreas, where are we with this. Any chance we can get a fix in so we can nominate for Macaw?
Comment 24•13 years ago
|
||
(In reply to comment #23) > Andreas, where are we with this. Any chance we can get a fix in so we can > nominate for Macaw? IIUC, Andreas's fix is for a class of id crashes that is distinct from the Kikin crashes. We're making good progress on those in bug 637304.
Updated•13 years ago
|
Crash Signature: [@ js::gc::MarkId ]
Reporter | ||
Comment 25•13 years ago
|
||
There have been only one crash in 7.0.1 8.0.1 for the last four weeks
Reporter | ||
Comment 26•13 years ago
|
||
The stack trace looks like: Frame Module Signature [Expand] Source 0 XUL js::gc::MarkId js/src/vm/String.h:405 1 XUL js::gc::MarkChildren js/src/jsgcmark.cpp:308 2 XUL js::gc::MarkChildren js/src/jsgcmark.cpp:130 3 XUL nsXPConnect::Traverse js/src/xpconnect/src/nsXPConnect.cpp:881 4 XUL nsCycleCollector::BeginCollection xpcom/base/nsCycleCollector.cpp:1618 5 XUL nsCycleCollectorRunner::Run xpcom/base/nsCycleCollector.cpp:3481 6 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:631 7 XUL NS_ProcessNextEvent_P obj-firefox/i386/xpcom/build/nsThreadUtils.cpp:245 8 XUL nsThread::ThreadFunc xpcom/threads/nsThread.cpp:272 9 libnspr4.dylib _pt_root nsprpub/pr/src/pthreads/ptthread.c:187 10 libSystem.B.dylib _pthread_start 11 libSystem.B.dylib thread_start
Keywords: topcrash
Hardware: x86 → All
Assignee: wmccloskey → general
Reporter | ||
Comment 27•11 years ago
|
||
There have been no crashes for the last four weeks after 8.0.1.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•