798872 - crash in nsRefreshDriver::Tick

Status: RESOLVED DUPLICATE of bug 799242

(Core :: Layout, defect)

Description

[Scoobidiver (away)]

It's currently #4 top crasher in today's build. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=2da1f2bde40e&tochange=9f677c2bb33d
It's likely a regression from bug 731974.

Signature 	nsRefreshDriver::Tick(__int64, mozilla::TimeStamp) More Reports Search
UUID	e635988f-b8ed-414a-808f-df6152121007
Date Processed	2012-10-07 05:46:37
Uptime	867
Last Crash	1.7 weeks before submission
Install Age	14.4 minutes since version was first installed.
Install Time	2012-10-07 05:31:43
Product	Firefox
Version	18.0a1
Build ID	20121006134717
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	AuthenticAMD family 16 model 4 stepping 3
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xc
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x68b8, AdapterSubsysID: 29911682, AdapterDriverVersion: 8.982.0.0
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True
Adapter Vendor ID	0x1002
Adapter Device ID	0x68b8
Total Virtual Memory	4294836224
Available Virtual Memory	3735400448
System Memory Use Percentage	59
Available Page File	5402931200
Available Physical Memory	1748594688

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsRefreshDriver::Tick 	layout/base/nsRefreshDriver.cpp:736
1 	xul.dll 	mozilla::RefreshDriverTimer::Tick 	layout/base/nsRefreshDriver.cpp:150
2 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:473
3 	winmm.dll 	timeGetTime 	
4 	xul.dll 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:556
5 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:612
6 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:82
7 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:201
8 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:175
9 	xul.dll 	nsBaseAppShell::Run 	widget/xpwidgets/nsBaseAppShell.cpp:163
10 	xul.dll 	nsAppShell::Run 	widget/windows/nsAppShell.cpp:232
11 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:290
12 	xul.dll 	XREMain::XRE_mainRun 	toolkit/xre/nsAppRunner.cpp:3792
13 	xul.dll 	XREMain::XRE_main 	toolkit/xre/nsAppRunner.cpp:3858
14 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3933
15 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:105
16 	firefox.exe 	__tmainCRTStartup 	crtexe.c:552
17 	kernel32.dll 	BaseThreadInitThunk 	
18 	ntdll.dll 	__RtlUserThreadStart 	
19 	ntdll.dll 	_RtlUserThreadStart

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsRefreshDriver%3A%3ATick%28__int64%2C+mozilla%3A%3ATimeStamp%29
https://crash-stats.mozilla.com/report/list?signature=nsRefreshDriver%3A%3ATick

Comment 1

[Vladimir Vukicevic [:vlad] [:vladv] (needinfo me, slow to respond)]

Hrm, weird.  Looking into it, need to see how we could get into this situation.  Only thing I can think of is that drivers[i] is somehow invalid; it can't be null, or the earlier check for IsTestControllingRefreshes() would've crashed it as well.

(The stack seems pretty optimized there; there are two functions missing in between the nsTimerImpl and the Tick)

Comment 2

[Scoobidiver (away)]

It's #2 top crasher in today's build.

Comment 3

[Vladimir Vukicevic [:vlad] [:vladv] (needinfo me, slow to respond)]

Still looking into it; it got backed out today due to some WinXP mochitest-o orange.

Comment 4

[Jesse Ruderman]

I have a bizarre fuzz testcase that reliably triggers this crash on my laptop, fwiw.  It involves opening/resizing windows and mjitChunkLimit.

Comment 5

[Vladimir Vukicevic [:vlad] [:vladv] (needinfo me, slow to respond)]

Awesome -- what platform?  Can you attach or mail me the testcase?

Comment 6

[Jesse Ruderman]

I'm on Lion.  Filed bug 799242 with the testcase.

Comment 7

[Vladimir Vukicevic [:vlad] [:vladv] (needinfo me, slow to respond)]

This was backed out of 18, and is the same as bug 799242 -- patch is there.