Closed Bug 787885 Opened 9 years ago Closed 9 years ago

Firefox 17 crash in XPCJSRuntime::GCCallback

Categories

(Core :: XPConnect, defect)

17 Branch
x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla19
Tracking Status
firefox17 + verified
firefox18 --- verified

People

(Reporter: scoobidiver, Assigned: billm)

References

Details

(4 keywords)

Crash Data

It's #35 top browser crasher in 17.0a2 and #61 in 18.0a1.

It first appeared in 17.0a1/20120727. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=20db7c6d82cc&tochange=8b96a33ecbd2

Signature 	XPCJSRuntime::GCCallback(JSRuntime*, JSGCStatus) More Reports Search
UUID	f7c8b0d1-04c6-4416-a2b9-9ff742120903
Date Processed	2012-09-03 02:29:25
Uptime	26977
Last Crash	more than 3 months before submission
Install Age	8.1 hours since version was first installed.
Install Time	2012-09-02 18:21:47
Product	Firefox
Version	18.0a1
Build ID	20120902030516
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7600
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 37 stepping 5
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xffffffffff63c0c2
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x0046, AdapterSubsysID: 1435103c, AdapterDriverVersion: 8.15.10.2202
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 
EMCheckCompatibility	True
Adapter Vendor ID	0x8086
Adapter Device ID	0x0046
Total Virtual Memory	4294836224
Available Virtual Memory	3687845888
System Memory Use Percentage	39
Available Page File	5910691840
Available Physical Memory	2456469504

Frame 	Module 	Signature 	Source
0 		@0x652e1a0 	
1 	xul.dll 	XPCJSRuntime::GCCallback 	js/xpconnect/src/XPCJSRuntime.cpp:727
2 	mozjs.dll 	Collect 	js/src/jsgc.cpp:4505
3 	mozjs.dll 	js::GCSlice 	js/src/jsgc.cpp:4538
4 	mozjs.dll 	js::NotifyDidPaint 	js/src/jsfriendapi.cpp:817
5 	xul.dll 	nsXPConnect::NotifyDidPaint 	js/xpconnect/src/nsXPConnect.cpp:2763
6 	xul.dll 	PresShell::DidPaint 	layout/base/nsPresShell.cpp:7049
7 	xul.dll 	nsViewManager::CallDidPaintOnObserver 	view/src/nsViewManager.cpp:1268
8 	xul.dll 	nsViewManager::ProcessPendingUpdates 	view/src/nsViewManager.cpp:1218
9 	xul.dll 	nsRefreshDriver::Notify 	layout/base/nsRefreshDriver.cpp:421
10 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:476
11 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:624
12 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:82
13 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:201
14 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:175
15 	xul.dll 	nsBaseAppShell::Run 	widget/xpwidgets/nsBaseAppShell.cpp:163
16 	xul.dll 	nsAppShell::Run 	widget/windows/nsAppShell.cpp:232
17 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:273
18 	xul.dll 	XREMain::XRE_mainRun 	toolkit/xre/nsAppRunner.cpp:3835
19 	xul.dll 	XREMain::XRE_main 	toolkit/xre/nsAppRunner.cpp:3912
20 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3988
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=XPCJSRuntime%3A%3AGCCallback%28JSRuntime*%2C+JSGCStatus%29
It's #21 top browser crasher in 17.0a2 and #95 in 18.0a1.
Keywords: topcrash
Could be a regression from bug 729760, which is in the changeset range.
Assignee: nobody → wmccloskey
5 	http://itip.kr/index.php?controller=room
3 	http://www.facebook.com/
3 	about:blank
2 	http://www.forexfactory.com/calendar.php
2 	https://www.facebook.com/?ref=tn_tnmn
1 	http://china-cheats.com/login.php?do=login
1 	http://www.kitlandoyahoo.com.br/redirect/index_2538545.html
1 	http://www.youtube.com/results?search_query=programa+do+jo+2012+completo&page=2
1 	http://www.radioekklesia.com/
1 	http://www.fingerhut.com/thumbnail/Bed-Bath/Bedding/Mattress-Pads-Toppers/Mcatp/
1 	http://www.tagged.com/logout.html
1 	http://www.godlikeproductions.com/forum1/message1382952/pg1265
1 	http://www.huffingtonpost.com/2012/09/19/jon-stewart-romney-47-percent-video_n_1
1 	http://www.pixiz.com/page/4?q=mer
1 	http://www.marry.vn/nha-cung-cap/mrlee-studio
1 	http://www.pokerdeprimera.com/index.php?topic=11703
1 	wyciwyg://39/http://js2.wlxrs.com/-09FDk5v32BlbF53uVvNNQ/adloader.html#pgqp:%26P
1 	http://datnewcudi.com/2012/09/18/photos-cruel-summer-album-packaging-and-poster/
1 	http://terratv.terra.com/news/4913-424156/un-perro-cuida-desde-hace-seis-anos-la
1 	http://soundcloud.com/hossyan
1 	http://maps.google.com/maps?f=q&source=s_q&output=js&hl=en&geocode=&abauth=50607
1 	http://www.foodnetwork.com/search/delegate.do?fnSearchString=lasagna&fnSearchTyp
1 	http://forums.data.bg/index.php?showtopic=2100526
1 	http://vn.news.yahoo.com/r%C3%BAt-ng%E1%BA%AFn-b%E1%BA%ADc-ph%E1%BB%95-th%C3%B4n
1 	http://www.delfi.lt/news/daily/lithuania/rudens-lygiadienis-dundejo-dangaus-bugn
1 	http://www.amazon.com/Tween-Christa-Martin/dp/B001E0TX7Q/ref=sr_1_8?s=movies-tv&
Keywords: needURLs
QA Contact: mozillamarcia.knous
Bill - we're going to ask QA to reproduce asap, but can you look at this crash as well?
Well, from the crash stacks, memory is almost certainly corrupted. We're jumping to a callback that is set in only one or two safe places and we end up in bad memory. I don't think I'll be able to track it back any further than that.

I agree with Andrew that bug 729760 is the likely cause of the regression. That bug reduces GC times somewhat, but not hugely. We could disable it for 17 if the crashes are significant enough, although I'd rather not do that.
It's correlated with spyware:
*Oct 13:
  XPCJSRuntime::GCCallback(JSRuntime*, JSGCStatus)|EXCEPTION_ACCESS_VIOLATION_EXEC (25 crashes)
     28% (7/25) vs.   6% (319/4975) ffxtlbr@babylon.com
     20% (5/25) vs.   5% (271/4975) plugin@yontoo.com
     16% (4/25) vs.   4% (185/4975) {EEE6C361-6118-11DC-9C72-001320C79847}
     12% (3/25) vs.   2% (116/4975) bbrs_002@blabbers.com
     12% (3/25) vs.   4% (222/4975) ffxtlbr@funmoods.com
*Oct 14:
  XPCJSRuntime::GCCallback(JSRuntime*, JSGCStatus)|EXCEPTION_ACCESS_VIOLATION_EXEC (67 crashes)
     19% (13/67) vs.   3% (515/15649) {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} (DealPly)
     18% (12/67) vs.   2% (381/15649) bbrs_002@blabbers.com
     19% (13/67) vs.   8% (1229/15649) ffxtlbr@babylon.com
     13% (9/67) vs.   4% (703/15649) ffxtlbr@funmoods.com
     13% (9/67) vs.   5% (839/15649) plugin@yontoo.com
Marcia, can you please try to come up with steps to reproduce?
This is topcrash #15 in 18 right now.
I installed some of the addons versions below from the recent correlations and have not yet been able to generate a crash on Windows:

XPCJSRuntime::GCCallback(JSRuntime*, JSGCStatus)|EXCEPTION_ACCESS_VIOLATION_EXEC (161 crashes)
     21% (34/161) vs.   5% (1947/35497) plugin@yontoo.com (1.20.00)
     14% (23/161) vs.   2% (826/35497) bbrs_002@blabbers.com (1.0.5)
     17% (27/161) vs.   8% (2861/35497) ffxtlbr@babylon.com
          0% (0/161) vs.   0% (1/35497) 1.1.3
          0% (0/161) vs.   0% (7/35497) 1.1.8
          6% (10/161) vs.   2% (733/35497) 1.1.9
          3% (5/161) vs.   1% (377/35497) 1.2.0
          7% (12/161) vs.   5% (1743/35497) 1.5.0
      9% (14/161) vs.   3% (1115/35497) ffxtlbr@incredibar.com
          1% (1/161) vs.   0% (5/35497) 1.1.9
          8% (13/161) vs.   3% (1110/35497) 1.5.0
     11% (17/161) vs.   5% (1809/35497) avg@toolbar
          0% (0/161) vs.   0% (24/35497) 10.0.0.7
          0% (0/161) vs.   0% (14/35497) 10.2.0.3
          0% (0/161) vs.   0% (8/35497) 11.0.0.10
          0% (0/161) vs.   0% (4/35497) 11.0.0.9
          2% (4/161) vs.   1% (322/35497) 11.1.0.12
          0% (0/161) vs.   0% (10/35497) 11.1.0.7
          0% (0/161) vs.   0% (2/35497) 11.1.1.7
          0% (0/161) vs.   0% (5/35497) 12.1.0.13
          0% (0/161) vs.   0% (8/35497) 12.1.0.20
          0% (0/161) vs.   0% (20/35497) 12.1.0.21
          1% (1/161) vs.   0% (44/35497) 12.2.0.5
          3% (5/161) vs.   2% (666/35497) 12.2.5.32
          0% (0/161) vs.   0% (6/35497) 12.2.5.33
          3% (5/161) vs.   1% (470/35497) 12.2.5.34
          1% (2/161) vs.   0% (52/35497) 12.2.5.4
          0% (0/161) vs.   0% (1/35497) 13.0.0.6
          0% (0/161) vs.   0% (10/35497) 13.0.0.7
          0% (0/161) vs.   0% (2/35497) 13.1.0.1
          0% (0/161) vs.   0% (8/35497) 13.1.0.3
          0% (0/161) vs.   0% (54/35497) 13.2.0.1
          0% (0/161) vs.   0% (34/35497) 13.2.0.3
          0% (0/161) vs.   0% (4/35497) 8.0.0.34.1
          0% (0/161) vs.   0% (6/35497) 8.0.0.40.2
          0% (0/161) vs.   0% (9/35497) 9.0.0.18.3
          0% (0/161) vs.   0% (26/35497) 9.0.0.22.1
      9% (15/161) vs.   4% (1409/35497) {b9db16a4-6edc-47ec-a1f4-b86292ed211d} (Video DownloadHelper, https://addons.mozilla.org/addon/3006)
          9% (15/161) vs.   4% (1379/35497) 4.9.10
          0% (0/161) vs.   0% (2/35497) 4.9.5
          0% (0/161) vs.   0% (4/35497) 4.9.8
          0% (0/161) vs.   0% (24/35497) 4.9.9
I believe that this crash was probably caused by/fixed by bug 791798.

It appears to mostly though not completely have gone away on trunk after that landed for the 12-Oct nightly.


It appears to have completely gone away on aurora after that bug landed for the 16-Oct aurora build.

We should verify in 17b2, but I'm willing to call this FIXED.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
There are no crashes after 18.0a2/20121015 and in 17.0b2.
Depends on: 791798
Target Milestone: --- → mozilla19
Dropping qawanted since QA was unable to find steps to reproduce and this has now been verified using crashstats against Firefox 17 and 18.
Keywords: qawanted
You need to log in before you can comment on or make changes to this bug.