Crash [@ mozilla::ipc::RPCChannel::RPCFrame::Describe(int*, char const**, char const**, char const**) ]

RESOLVED FIXED in mozilla2.0b12

Status

()

Core
Plug-ins
--
critical
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: Scoobidiver (away), Assigned: Benjamin Smedberg)

Tracking

({crash})

Trunk
mozilla2.0b12
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
It is a residual crash signature that exists in 3.6 and the trunk.
It is #74 top crasher in 4.0b10 over the last week.
It happens mainly on Windows XP.

Signature	mozilla::ipc::RPCChannel::RPCFrame::Describe(int*, char const**, char const**, char const**)
UUID	7c83bdf8-e868-4061-903c-d68a92110202
Time 	2011-02-02 09:49:33.572162
Uptime	11
Last Crash	2448 seconds (40.8 minutes) before submission
Install Age	169599 seconds (2.0 days) since version was first installed.
Product	Firefox
Version	4.0b10
Build ID	20110121161358
Branch	2.0
OS	Windows NT
OS Version	5.1.2600 Service Pack 3
CPU	x86
CPU Info	AuthenticAMD family 15 model 107 stepping 2
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xd
App Notes 	AdapterVendorID: 10de, AdapterDeviceID: 0240, AdapterDriverVersion: 6.14.11.6218

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	mozilla::ipc::RPCChannel::RPCFrame::Describe 	obj-firefox/dist/include/mozilla/ipc/RPCChannel.h:257
1 	xul.dll 	mozilla::ipc::RPCChannel::DumpRPCStack 	ipc/glue/RPCChannel.cpp:697
2 	xul.dll 	mozilla::ipc::RPCChannel::DebugAbort 	ipc/glue/RPCChannel.cpp:660
3 	xul.dll 	mozilla::ipc::RPCChannel::Call 	ipc/glue/RPCChannel.cpp:159
4 	xul.dll 	mozilla::plugins::PPluginModuleParent::CallPPluginInstanceConstructor 	obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:324
5 	xul.dll 	mozilla::plugins::PluginModuleParent::NPP_New 	dom/plugins/PluginModuleParent.cpp:819
6 	xul.dll 	nsNPAPIPluginInstance::InitializePlugin 	modules/plugin/base/src/nsNPAPIPluginInstance.cpp:415
7 	xul.dll 	nsNPAPIPluginInstance::Initialize 	modules/plugin/base/src/nsNPAPIPluginInstance.cpp:148
8 	xul.dll 	nsPluginHost::TrySetUpPluginInstance 	modules/plugin/base/src/nsPluginHost.cpp:1380
9 	xul.dll 	nsPluginHost::SetUpPluginInstance 	modules/plugin/base/src/nsPluginHost.cpp:1261

More reports at:
https://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=mozilla%3A%3Aipc%3A%3ARPCChannel%3A%3ARPCFrame%3A%3ADescribe%28int*%2C%20char%20const**%2C%20char%20const**%2C%20char%20const**%29
Since this is just fluff past CallPPluginInstanceConstructor followed by DebugAbort, I say this is plugin domain.
Component: IPC → Plug-ins
QA Contact: ipc → plugins
(Assignee)

Comment 2

7 years ago
I don't think that's a safe assumption, but we need more stack. The runtime-abort is about !ProcessingSyncMessage() at http://hg.mozilla.org/mozilla-central/diff/5658b405d622/ipc/glue/RPCChannel.cpp
(Assignee)

Comment 3

7 years ago
Stack according to MSVC:

 	xul.dll!mozilla::ipc::RPCChannel::RPCFrame::Describe(id=0x0012be00, dir=0x0012bde8, sems=0x0012bdec, name=0x0012bdf0)  Line 257	C++
>	xul.dll!mozilla::ipc::RPCChannel::DumpRPCStack(outfile=0x781d4b18, pfx=0x0012be2c)  Line 700	C++
 	xul.dll!mozilla::ipc::RPCChannel::DebugAbort(file=0x0012bed4, line=0x0000009f, cond=0x10b53780, why=0x10b5375c, type=0x0012bed4, reply=false)  Line 662	C++
 	xul.dll!mozilla::ipc::RPCChannel::Call(msg=0x0a0f6f80, reply=0x0012bf00)  Line 160	C++
 	xul.dll!mozilla::plugins::PPluginModuleParent::CallPPluginInstanceConstructor(actor=0x0a6200c0, aMimeType={...}, aMode=0x0001, aNames={...}, aValues={...}, rv=0x0012bfd4)  Line 325	C++
 	xul.dll!mozilla::plugins::PluginModuleParent::NPP_New(pluginType=0x0a0f6ee0, instance=0x0a096a68, mode=0x0001, argc=0x00c0, argn=0x05a4f400, argv=0x098f15e0, saved=0x00000000, error=0x0012bfd4)  Line 819	C++
 	xul.dll!nsNPAPIPluginInstance::InitializePlugin()  Line 415	C++
 	xul.dll!nsNPAPIPluginInstance::Initialize(aOwner=0x0a0fa6a0, aMIMEType=0x0a2a3d38)  Line 148	C++
 	xul.dll!nsPluginHost::TrySetUpPluginInstance(aMimeType=0x0a2a3d38, aURL=0x0a21f240, aOwner=0x0a0fa6a0)  Line 1381	C++
 	xul.dll!nsPluginHost::SetUpPluginInstance(aMimeType=0x0a2a3d38, aURL=0x0a21f240, aOwner=0x0a0fa6a0)  Line 1265	C++
 	xul.dll!nsPluginHost::DoInstantiateEmbeddedPlugin(aMimeType=0x0a2a3d38, aURL=0x0a21f240, aOwner=0x0a0fa6a0, aAllowOpeningStreams=0x00000001)  Line 1086	C++
 	xul.dll!nsPluginHost::InstantiateEmbeddedPlugin(aMimeType=0x0a2a3d38, aURL=0x0a21f240, aOwner=0x0a0fa6a0)  Line 968	C++
 	xul.dll!nsObjectFrame::InstantiatePlugin(aPluginHost=0x088ff2c0, aMimeType=0x0a2a3d38, aURI=0x0a21f240)  Line 1043	C++
 	xul.dll!nsObjectFrame::Instantiate(aMimeType=0x0a2a3d38, aURI=0x0a21f240)  Line 2402	C++
 	xul.dll!nsObjectLoadingContent::Instantiate(aFrame=0x0a28d9c0, aMIMEType={...}, aURI=0x0a21f240)  Line 1892	C++
 	xul.dll!nsAsyncInstantiateEvent::Run()  Line 167	C++
 	xul.dll!nsThread::ProcessNextEvent(mayWait=0x10b22368, result=0x0012c764)  Line 639	C++
 	xul.dll!nsCOMPtr_base::assign_from_gs_contractid(gs={...}, iid={...})  Line 132	C++
 	xul.dll!nsContentTreeOwner::ShowAsModal()  Line 552	C++
 	xul.dll!nsWindowWatcher::OpenWindowJSInternal(aParent=, aUrl=0x00000000, aName=, aFeatures=, aDialog=, argv=, aCalledFromJS=, _retval=0x00000000) 	C++
<<bogus frames here>>
 	xul.dll!NS_InvokeByIndex_P(that=0x039bed80, methodIndex=0x00000003, paramCount=0x00000006, params=0x0012cb58)  Line 103	C++
 	xul.dll!XPC_WN_CallMethod(cx=0x0573d900, argc=0x00000005, vp=0x03c001d8)  Line 1593	C++
 	mozjs.dll!CallCompiler::generateNativeStub()  Line 666	C++
 	mozjs.dll!js::mjit::ic::NativeCall(f={...}, ic=0x00000000)  Line 873	C++
 	mozjs.dll!js::mjit::EnterMethodJIT(cx=0x00000000, fp=0x00000000, code=0x00000000, stackLimit=0x00000000)  Line 748	C++
 	mozjs.dll!CheckStackAndEnterMethodJIT(cx=0x00000000, fp=0x03c000a0, code=0x08aebfc8)  Line 775	C++
 	mozjs.dll!js::mjit::JaegerShot(cx=0x00000000)  Line 791	C++
 	mozjs.dll!js::RunScript(cx=0x0573d900, script=0x066944e0, fp=0x03c000a0)  Line 654	C++
 	mozjs.dll!js::Invoke(cx=0x0573d900, argsRef={...}, flags=0x00000000)  Line 737	C++
 	mozjs.dll!js::ExternalInvoke(cx=0x0573d900, thisv={...}, fval={...}, argc=0x00000008, argv=0x0012d5e0, rval=0x0012d4d8)  Line 858	C++
 	mozjs.dll!JS_CallFunctionValue(cx=0x0573d900, obj=0x0a106360, fval=0xffff000706d80888, argc=0x00000008, argv=0x0012d5e0, rval=0x0012d4d8)  Line 5020	C++
 	xul.dll!nsXPCWrappedJSClass::CallMethod(wrapper=0x0a0f2fc0, methodIndex=0x0007, info=0x0349eee8, nativeParams=0x0012d72c)  Line 1700	C++
 	xul.dll!nsXPCWrappedJS::CallMethod(methodIndex=0x0007, info=0x0349eee8, params=0x0012d72c)  Line 588	C++
 	xul.dll!PrepareAndDispatch(self=0x0a0eea80, methodIndex=0x00000007, args=0x0012d7e4, stackBytesToPop=0x0012d7d4)  Line 114	C++
 	xul.dll!SharedStub()  Line 142	C++
 	xul.dll!nsPluginHost::HandleBadPlugin(aLibrary=0x00000068, aInstance=0x00000009)  Line 3447	C++
 	xul.dll!nsCOMPtr_base::assign_from_gs_contractid_with_error(gs={...}, iid={...})  Line 141	C++
 	xul.dll!nsCOMPtr<nsIPluginHost>::nsCOMPtr<nsIPluginHost>(gs={...})  Line 636	C++
 	xul.dll!nsNPAPIPluginInstance::GetValueFromPlugin(variable=0x00000000, value=0x088ff2c0)  Line 616	C++
 	xul.dll!nsNPAPIPluginInstance::GetJSObject(cx=0x0573d900, outObject=0x0012da0c)  Line 726	C++
 	xul.dll!nsHTMLPluginObjElementSH::GetPluginJSObject(cx=0x0573d900, obj=0x089b62a0, plugin_inst=0x09f56d00, plugin_obj=0x0012da0c, plugin_proto=0x00000001)  Line 9889	C++
 	xul.dll!nsHTMLPluginObjElementSH::SetupProtoChain(wrapper=0x0a01ab40, cx=0x0573d900, obj=0x089b62a0)  Line 9634	C++
 	xul.dll!nsObjectFrame::NotifyContentObjectWrapper()  Line 2712	C++
 	xul.dll!nsObjectFrame::TryNotifyContentObjectWrapper()  Line 2447	C++
 	xul.dll!nsObjectFrame::Instantiate(aMimeType=0x08673cd8, aURI=0x087b91c0)  Line 2410	C++
 	xul.dll!nsObjectLoadingContent::Instantiate(aFrame=0x09f05978, aMIMEType={...}, aURI=0x087b91c0)  Line 1892	C++
 	xul.dll!nsAsyncInstantiateEvent::Run()  Line 167	C++
 	xul.dll!nsThread::ProcessNextEvent(mayWait=0x0035b402, result=0xacf54afb)  Line 639	C++
 	nspr4.dll!PR_AssertCurrentThreadOwnsLock(lock=)  Line 404	C
 	xul.dll!MessageLoop::RunInternal()  Line 219	C++
 	xul.dll!MessageLoop::RunHandler()  Line 203	C++
 	xul.dll!MessageLoop::Run()  Line 177	C++
 	xul.dll!nsBaseAppShell::Run()  Line 201	C++
 	xul.dll!nsAppShell::Run()  Line 264	C++
 	xul.dll!nsAppStartup::Run()  Line 218	C++
 	xul.dll!XRE_main(argc=0x00000001, argv=0x021170b0, aAppData=0x02113200)  Line 3777	C++
 	firefox.exe!wmain(argc=0x00000001, argv=0x02135080)  Line 128	C++
 	firefox.exe!__tmainCRTStartup()  Line 591	C
 	kernel32.dll!_BaseProcessStart@4() 	

What appears to actually be happening is that the __try/__catch blocks in the plugin host are catching a crash somewhere under nsNPAPIPluginInstance::GetValueFromPlugin. I tend to think that we ought to remove all these __try/__catch blocks and just crash here, now that we have OOPP in general. If we don't, we certainly need to be reporting the exception.
(Assignee)

Comment 4

7 years ago
Created attachment 509540 [details] [diff] [review]
Disable SEH crash handling, rev. 1

I want to land this for FF4, and afterwards we can rip this code out entirely.
Assignee: nobody → benjamin
Status: NEW → ASSIGNED
Attachment #509540 - Flags: review?(joshmoz)

Updated

7 years ago
Attachment #509540 - Flags: review?(joshmoz) → review+
(Assignee)

Updated

7 years ago
Attachment #509540 - Flags: approval2.0+
(Assignee)

Comment 5

7 years ago
http://hg.mozilla.org/mozilla-central/rev/958c71be62e0

We should expect some new crash signatures to appear after this lands.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Assignee)

Updated

7 years ago
Blocks: 613314
(Assignee)

Updated

7 years ago
Target Milestone: --- → mozilla2.0b12
Crash Signature: [@ mozilla::ipc::RPCChannel::RPCFrame::Describe(int*, char const**, char const**, char const**) ]
You need to log in before you can comment on or make changes to this bug.