crash in nsJSNPRuntime::OnPluginDestroy @ XPCWrappedNative::GetUsedOnly




5 years ago
5 years ago


(Reporter: Scoobidiver (away), Unassigned)


(4 keywords)

15 Branch
Windows 7
crash, regression, testcase, topcrash

Firefox Tracking Flags

(firefox14 unaffected, firefox15- fixed, firefox16 fixed)


(crash signature)


(1 attachment)



5 years ago
With that stack, it first appeared in 15.0a1/20120504. The regression range is:

Signature 	XPCWrappedNative::GetUsedOnly(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**) More Reports Search
UUID	82d7c9b4-4f1c-4232-b69c-b02582120506
Date Processed	2012-05-06 03:00:56
Uptime	3096
Last Crash	51.6 minutes before submission
Install Age	8.3 hours since version was first installed.
Install Time	2012-05-05 18:45:29
Product	Firefox
Version	15.0a1
Build ID	20120505030510
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7600
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 15 stepping 13
Crash Address	0xffffffffdadadae2
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x71c2, AdapterSubsysID: 01701043, AdapterDriverVersion: 8.593.100.0
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True	
Total Virtual Memory	4294836224
Available Virtual Memory	3877707776
System Memory Use Percentage	71
Available Page File	1609187328
Available Physical Memory	616361984

Frame 	Module 	Signature 	Source
0 	xul.dll 	XPCWrappedNative::GetUsedOnly 	js/xpconnect/src/XPCWrappedNative.cpp:864
1 	xul.dll 	nsXPConnect::GetWrappedNativeOfNativeObject 	js/xpconnect/src/nsXPConnect.cpp:1526
2 	xul.dll 	nsJSNPRuntime::OnPluginDestroy 	dom/plugins/base/nsJSNPRuntime.cpp:2049
3 	xul.dll 	nsNPAPIPluginInstance::Stop 	dom/plugins/base/nsNPAPIPluginInstance.cpp:218
4 	xul.dll 	nsPluginHost::StopPluginInstance 	dom/plugins/base/nsPluginHost.cpp:3175
5 	xul.dll 	nsObjectLoadingContent::DoStopPlugin 	content/base/src/nsObjectLoadingContent.cpp:2212
6 	xul.dll 	nsObjectLoadingContent::StopPluginInstance 	content/base/src/nsObjectLoadingContent.cpp:2248
7 	xul.dll 	nsObjectLoadingContent::NotifyOwnerDocumentActivityChanged 	content/base/src/nsObjectLoadingContent.cpp:761
8 	xul.dll 	NotifyActivityChanged 	content/base/src/nsDocument.cpp:3799
9 	xul.dll 	EnumerateFreezables 	content/base/src/nsDocument.cpp:8059
10 	xul.dll 	nsTHashtable<mozilla::plugins::PluginModuleChild::NPObjectData>::s_EnumStub 	obj-firefox/dist/include/nsTHashtable.h:500
11 	xul.dll 	PL_DHashTableEnumerate 	obj-firefox/xpcom/build/pldhash.cpp:750
12 	xul.dll 	nsTHashtable<nsPtrHashKey<nsIContent> >::EnumerateEntries 	obj-firefox/dist/include/nsTHashtable.h:251
13 	xul.dll 	nsDocument::RemovedFromDocShell 	content/base/src/nsDocument.cpp:7106
14 	xul.dll 	DocumentViewerImpl::Close 	layout/base/nsDocumentViewer.cpp:1478
15 	xul.dll 	nsDocShell::Destroy 	docshell/base/nsDocShell.cpp:4707
16 	xul.dll 	nsFrameLoader::Finalize 	content/base/src/nsFrameLoader.cpp:577
17 	xul.dll 	nsDocument::MaybeInitializeFinalizeFrameLoaders 	content/base/src/nsDocument.cpp:5518
18 	xul.dll 	nsDocument::EndUpdate 	content/base/src/nsDocument.cpp:4053
19 	xul.dll 	nsXULDocument::EndUpdate 	content/xul/document/src/nsXULDocument.cpp:3347
20 	xul.dll 	mozAutoDocUpdate::~mozAutoDocUpdate 	content/base/src/mozAutoDocUpdate.h:67
21 	xul.dll 	nsINode::doRemoveChildAt 	content/base/src/nsGenericElement.cpp:3875
22 	xul.dll 	nsXULElement::RemoveChildAt 	content/xul/content/src/nsXULElement.cpp:983
23 	xul.dll 	nsINode::RemoveChild 	content/base/src/nsGenericElement.cpp:538
24 	xul.dll 	nsIDOMNode_RemoveChild 	obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:5462
25 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:524
26 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2772
27 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:472
28 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:540
29 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:572
30 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5448

More reports at:*%2C+XPCWrappedNativeScope*%2C+XPCNativeInterface*%2C+XPCWrappedNative**%29

Comment 1

5 years ago
The regression range in comment 1 is false because there were two builds on May 4th. The right one is:
It might be a regression from bug 748701 or bug 751641.


5 years ago
Crash Signature: [@ XPCWrappedNative::GetUsedOnly(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**)] → [@ XPCWrappedNative::GetUsedOnly(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**) ]


5 years ago
Crash Signature: [@ XPCWrappedNative::GetUsedOnly(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**) ] → [@ XPCWrappedNative::GetUsedOnly(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**)]

Comment 2

5 years ago
I am able to consistently reproduce this crash with the following steps:
1. Open any website.
2. View the source.
3. Hit File --> Print Preview and then the Esc key once in the preview.
4. Repeat Step 3 repeatedly (go right back to Print Preview after hitting Esc). It will crash after about four times doing this process repeatedly.

Comment 3

5 years ago
I forgot to mention that I'm running the latest nightly (20120601).

Comment 4

5 years ago
I can't reproduce with the STR in comment 2 and a new profile.

Comment 5

5 years ago
It's #12 top browser crasher in 15.0a2 and #50 in 16.0a1.

Some comments and correlations per module show it's related to printing:
XPCWrappedNative::GetUsedOnly(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**)|EXCEPTION_ACCESS_VIOLATION_READ (29 crashes)
     83% (24/29) vs.  33% (1393/4167) netapi32.dll (LAN Manager)
     83% (24/29) vs.  36% (1484/4167) mpr.dll (Multiple Provider Router)
     86% (25/29) vs.  39% (1631/4167) winspool.drv (Windows Printer Spooler)
tracking-firefox15: --- → ?
Keywords: topcrash

Comment 6

5 years ago
Dupe of bug 752340?

Comment 7

5 years ago
Given the fact that bug 748701 or bug 751641 are suspected, and this may be a dupe of bug bug 752340, including Jaws/Josh/Andrew.

Given the high correlation to netapi32.dll, starting this out with Josh.

Also adding qawanted to further attempt the STR in Comment 2.
tracking-firefox15: ? → +
Keywords: qawanted
It does sound very similar to bug 752340.  Regression range here is the same, assuming that the part of comment 1 saying that comment 1 is wrong is wrong.


5 years ago
Crash Signature: [@ XPCWrappedNative::GetUsedOnly(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**)] → [@ XPCWrappedNative::GetUsedOnly(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**)] [@ XPCWrappedNative::GetUsedOnly]
OS: Windows 7 → All
Depends on: 752340
Keywords: qawanted
Created attachment 636102 [details]

I can reproduce this crash with this testcase, using current trunk build.
The first iframe content is this:
<html xmlns="">
<object  type="application/x-shockwave-flash" id="a"/>

Just visit the testcase, and let it reload for a while to get the crash.
0 	mozjs.dll 	mozjs.dll@0x21f5c8 	
1 	xul.dll 	XPCWrappedNative::GetUsedOnly 	js/xpconnect/src/XPCWrappedNative.cpp:824
2 	xul.dll 	nsXPConnect::GetWrappedNativeOfNativeObject 	js/xpconnect/src/nsXPConnect.cpp:1526
3 	xul.dll 	nsJSNPRuntime::OnPluginDestroy 	dom/plugins/base/nsJSNPRuntime.cpp:2021
4 	nspr4.dll 	PR_LogFlush 	nsprpub/pr/src/io/prlog.c:533
5 	xul.dll 	_SEH_epilog4


5 years ago
Keywords: testcase
OS: All → Windows 7
Currently XPCWrappedNative::GetUsedOnly ranks as #17 top browser crash in Aurora while XPCWrappedNative::GetUsedOnly ranks #294.
This should be fixed by bug 752340, maybe in tomorrow's nightly.
status-firefox14: --- → unaffected
status-firefox15: --- → affected
status-firefox16: --- → affected

Comment 12

5 years ago
(In reply to Andrew McCreight [:mccr8] from comment #11)
> This should be fixed by bug 752340, maybe in tomorrow's nightly.
It seems so as crashes that happened after the fix in Nightly and Aurora have a different stack: bp-505e8092-4925-451c-a066-ca15c2120709, bp-e28b4e02-b6fe-456e-90a8-682422120709, bp-60124e08-2904-4d34-85b6-f9b0a2120710
Last Resolved: 5 years ago
No longer depends on: 752340
Resolution: --- → DUPLICATE
Duplicate of bug: 752340


5 years ago
status-firefox15: affected → fixed
status-firefox16: affected → fixed
tracking-firefox15: + → -
You need to log in before you can comment on or make changes to this bug.