Closed Bug 787885 Opened 13 years ago Closed 13 years ago

Firefox 17 crash in XPCJSRuntime::GCCallback

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Version:
17 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla19
Tracking Flags:
Tracking Status
firefox17 + verified
firefox18 --- verified

People

(Reporter: scoobidiver, Assigned: billm)

References

Details

(4 keywords)

Crash Data

It's #35 top browser crasher in 17.0a2 and #61 in 18.0a1. It first appeared in 17.0a1/20120727. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=20db7c6d82cc&tochange=8b96a33ecbd2 Signature XPCJSRuntime::GCCallback(JSRuntime*, JSGCStatus) More Reports Search UUID f7c8b0d1-04c6-4416-a2b9-9ff742120903 Date Processed 2012-09-03 02:29:25 Uptime 26977 Last Crash more than 3 months before submission Install Age 8.1 hours since version was first installed. Install Time 2012-09-02 18:21:47 Product Firefox Version 18.0a1 Build ID 20120902030516 Release Channel nightly OS Windows NT OS Version 6.1.7600 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 37 stepping 5 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0xffffffffff63c0c2 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x0046, AdapterSubsysID: 1435103c, AdapterDriverVersion: 8.15.10.2202 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x0046 Total Virtual Memory 4294836224 Available Virtual Memory 3687845888 System Memory Use Percentage 39 Available Page File 5910691840 Available Physical Memory 2456469504 Frame Module Signature Source 0 @0x652e1a0 1 xul.dll XPCJSRuntime::GCCallback js/xpconnect/src/XPCJSRuntime.cpp:727 2 mozjs.dll Collect js/src/jsgc.cpp:4505 3 mozjs.dll js::GCSlice js/src/jsgc.cpp:4538 4 mozjs.dll js::NotifyDidPaint js/src/jsfriendapi.cpp:817 5 xul.dll nsXPConnect::NotifyDidPaint js/xpconnect/src/nsXPConnect.cpp:2763 6 xul.dll PresShell::DidPaint layout/base/nsPresShell.cpp:7049 7 xul.dll nsViewManager::CallDidPaintOnObserver view/src/nsViewManager.cpp:1268 8 xul.dll nsViewManager::ProcessPendingUpdates view/src/nsViewManager.cpp:1218 9 xul.dll nsRefreshDriver::Notify layout/base/nsRefreshDriver.cpp:421 10 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:476 11 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:624 12 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:82 13 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:201 14 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:175 15 xul.dll nsBaseAppShell::Run widget/xpwidgets/nsBaseAppShell.cpp:163 16 xul.dll nsAppShell::Run widget/windows/nsAppShell.cpp:232 17 xul.dll nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:273 18 xul.dll XREMain::XRE_mainRun toolkit/xre/nsAppRunner.cpp:3835 19 xul.dll XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:3912 20 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3988 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=XPCJSRuntime%3A%3AGCCallback%28JSRuntime*%2C+JSGCStatus%29
It's #21 top browser crasher in 17.0a2 and #95 in 18.0a1.
tracking-firefox17: --- → ?
Keywords: topcrash
Could be a regression from bug 729760, which is in the changeset range.
Assignee: nobody → wmccloskey
tracking-firefox17: ?+
Keywords: needURLs, qawanted, steps-wanted
5 http://itip.kr/index.php?controller=room 3 http://www.facebook.com/ 3 about:blank 2 http://www.forexfactory.com/calendar.php 2 https://www.facebook.com/?ref=tn_tnmn 1 http://china-cheats.com/login.php?do=login 1 http://www.kitlandoyahoo.com.br/redirect/index_2538545.html 1 http://www.youtube.com/results?search_query=programa+do+jo+2012+completo&page=2 1 http://www.radioekklesia.com/ 1 http://www.fingerhut.com/thumbnail/Bed-Bath/Bedding/Mattress-Pads-Toppers/Mcatp/ 1 http://www.tagged.com/logout.html 1 http://www.godlikeproductions.com/forum1/message1382952/pg1265 1 http://www.huffingtonpost.com/2012/09/19/jon-stewart-romney-47-percent-video_n_1 1 http://www.pixiz.com/page/4?q=mer 1 http://www.marry.vn/nha-cung-cap/mrlee-studio 1 http://www.pokerdeprimera.com/index.php?topic=11703 1 wyciwyg://39/http://js2.wlxrs.com/-09FDk5v32BlbF53uVvNNQ/adloader.html#pgqp:%26P 1 http://datnewcudi.com/2012/09/18/photos-cruel-summer-album-packaging-and-poster/ 1 http://terratv.terra.com/news/4913-424156/un-perro-cuida-desde-hace-seis-anos-la 1 http://soundcloud.com/hossyan 1 http://maps.google.com/maps?f=q&source=s_q&output=js&hl=en&geocode=&abauth=50607 1 http://www.foodnetwork.com/search/delegate.do?fnSearchString=lasagna&fnSearchTyp 1 http://forums.data.bg/index.php?showtopic=2100526 1 http://vn.news.yahoo.com/r%C3%BAt-ng%E1%BA%AFn-b%E1%BA%ADc-ph%E1%BB%95-th%C3%B4n 1 http://www.delfi.lt/news/daily/lithuania/rudens-lygiadienis-dundejo-dangaus-bugn 1 http://www.amazon.com/Tween-Christa-Martin/dp/B001E0TX7Q/ref=sr_1_8?s=movies-tv&
Keywords: needURLs
QA Contact: mozillamarcia.knous
Bill - we're going to ask QA to reproduce asap, but can you look at this crash as well?
Well, from the crash stacks, memory is almost certainly corrupted. We're jumping to a callback that is set in only one or two safe places and we end up in bad memory. I don't think I'll be able to track it back any further than that. I agree with Andrew that bug 729760 is the likely cause of the regression. That bug reduces GC times somewhat, but not hugely. We could disable it for 17 if the crashes are significant enough, although I'd rather not do that.
It's correlated with spyware: *Oct 13: XPCJSRuntime::GCCallback(JSRuntime*, JSGCStatus)|EXCEPTION_ACCESS_VIOLATION_EXEC (25 crashes) 28% (7/25) vs. 6% (319/4975) ffxtlbr@babylon.com 20% (5/25) vs. 5% (271/4975) plugin@yontoo.com 16% (4/25) vs. 4% (185/4975) {EEE6C361-6118-11DC-9C72-001320C79847} 12% (3/25) vs. 2% (116/4975) bbrs_002@blabbers.com 12% (3/25) vs. 4% (222/4975) ffxtlbr@funmoods.com *Oct 14: XPCJSRuntime::GCCallback(JSRuntime*, JSGCStatus)|EXCEPTION_ACCESS_VIOLATION_EXEC (67 crashes) 19% (13/67) vs. 3% (515/15649) {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} (DealPly) 18% (12/67) vs. 2% (381/15649) bbrs_002@blabbers.com 19% (13/67) vs. 8% (1229/15649) ffxtlbr@babylon.com 13% (9/67) vs. 4% (703/15649) ffxtlbr@funmoods.com 13% (9/67) vs. 5% (839/15649) plugin@yontoo.com
Marcia, can you please try to come up with steps to reproduce?
This is topcrash #15 in 18 right now.
I installed some of the addons versions below from the recent correlations and have not yet been able to generate a crash on Windows: XPCJSRuntime::GCCallback(JSRuntime*, JSGCStatus)|EXCEPTION_ACCESS_VIOLATION_EXEC (161 crashes) 21% (34/161) vs. 5% (1947/35497) plugin@yontoo.com (1.20.00) 14% (23/161) vs. 2% (826/35497) bbrs_002@blabbers.com (1.0.5) 17% (27/161) vs. 8% (2861/35497) ffxtlbr@babylon.com 0% (0/161) vs. 0% (1/35497) 1.1.3 0% (0/161) vs. 0% (7/35497) 1.1.8 6% (10/161) vs. 2% (733/35497) 1.1.9 3% (5/161) vs. 1% (377/35497) 1.2.0 7% (12/161) vs. 5% (1743/35497) 1.5.0 9% (14/161) vs. 3% (1115/35497) ffxtlbr@incredibar.com 1% (1/161) vs. 0% (5/35497) 1.1.9 8% (13/161) vs. 3% (1110/35497) 1.5.0 11% (17/161) vs. 5% (1809/35497) avg@toolbar 0% (0/161) vs. 0% (24/35497) 10.0.0.7 0% (0/161) vs. 0% (14/35497) 10.2.0.3 0% (0/161) vs. 0% (8/35497) 11.0.0.10 0% (0/161) vs. 0% (4/35497) 11.0.0.9 2% (4/161) vs. 1% (322/35497) 11.1.0.12 0% (0/161) vs. 0% (10/35497) 11.1.0.7 0% (0/161) vs. 0% (2/35497) 11.1.1.7 0% (0/161) vs. 0% (5/35497) 12.1.0.13 0% (0/161) vs. 0% (8/35497) 12.1.0.20 0% (0/161) vs. 0% (20/35497) 12.1.0.21 1% (1/161) vs. 0% (44/35497) 12.2.0.5 3% (5/161) vs. 2% (666/35497) 12.2.5.32 0% (0/161) vs. 0% (6/35497) 12.2.5.33 3% (5/161) vs. 1% (470/35497) 12.2.5.34 1% (2/161) vs. 0% (52/35497) 12.2.5.4 0% (0/161) vs. 0% (1/35497) 13.0.0.6 0% (0/161) vs. 0% (10/35497) 13.0.0.7 0% (0/161) vs. 0% (2/35497) 13.1.0.1 0% (0/161) vs. 0% (8/35497) 13.1.0.3 0% (0/161) vs. 0% (54/35497) 13.2.0.1 0% (0/161) vs. 0% (34/35497) 13.2.0.3 0% (0/161) vs. 0% (4/35497) 8.0.0.34.1 0% (0/161) vs. 0% (6/35497) 8.0.0.40.2 0% (0/161) vs. 0% (9/35497) 9.0.0.18.3 0% (0/161) vs. 0% (26/35497) 9.0.0.22.1 9% (15/161) vs. 4% (1409/35497) {b9db16a4-6edc-47ec-a1f4-b86292ed211d} (Video DownloadHelper, https://addons.mozilla.org/addon/3006) 9% (15/161) vs. 4% (1379/35497) 4.9.10 0% (0/161) vs. 0% (2/35497) 4.9.5 0% (0/161) vs. 0% (4/35497) 4.9.8 0% (0/161) vs. 0% (24/35497) 4.9.9
I believe that this crash was probably caused by/fixed by bug 791798. It appears to mostly though not completely have gone away on trunk after that landed for the 12-Oct nightly. It appears to have completely gone away on aurora after that bug landed for the 16-Oct aurora build. We should verify in 17b2, but I'm willing to call this FIXED.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
There are no crashes after 18.0a2/20121015 and in 17.0b2.
status-firefox17: --- → verified
status-firefox18: --- → verified
Depends on: 791798
Target Milestone: --- → mozilla19
Dropping qawanted since QA was unable to find steps to reproduce and this has now been verified using crashstats against Firefox 17 and 18.
Keywords: qawanted
You need to log in before you can comment on or make changes to this bug.