Closed Bug 798872 Opened 12 years ago Closed 12 years ago

crash in nsRefreshDriver::Tick

Categories

(Core :: Layout, defect)

18 Branch
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 799242
Tracking Status
firefox17 --- unaffected
firefox18 --- unaffected

People

(Reporter: scoobidiver, Assigned: vlad)

References

Details

(Keywords: crash, regression, topcrash)

Crash Data

It's currently #4 top crasher in today's build. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=2da1f2bde40e&tochange=9f677c2bb33d
It's likely a regression from bug 731974.

Signature 	nsRefreshDriver::Tick(__int64, mozilla::TimeStamp) More Reports Search
UUID	e635988f-b8ed-414a-808f-df6152121007
Date Processed	2012-10-07 05:46:37
Uptime	867
Last Crash	1.7 weeks before submission
Install Age	14.4 minutes since version was first installed.
Install Time	2012-10-07 05:31:43
Product	Firefox
Version	18.0a1
Build ID	20121006134717
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	AuthenticAMD family 16 model 4 stepping 3
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xc
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x68b8, AdapterSubsysID: 29911682, AdapterDriverVersion: 8.982.0.0
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True
Adapter Vendor ID	0x1002
Adapter Device ID	0x68b8
Total Virtual Memory	4294836224
Available Virtual Memory	3735400448
System Memory Use Percentage	59
Available Page File	5402931200
Available Physical Memory	1748594688

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsRefreshDriver::Tick 	layout/base/nsRefreshDriver.cpp:736
1 	xul.dll 	mozilla::RefreshDriverTimer::Tick 	layout/base/nsRefreshDriver.cpp:150
2 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:473
3 	winmm.dll 	timeGetTime 	
4 	xul.dll 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:556
5 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:612
6 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:82
7 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:201
8 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:175
9 	xul.dll 	nsBaseAppShell::Run 	widget/xpwidgets/nsBaseAppShell.cpp:163
10 	xul.dll 	nsAppShell::Run 	widget/windows/nsAppShell.cpp:232
11 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:290
12 	xul.dll 	XREMain::XRE_mainRun 	toolkit/xre/nsAppRunner.cpp:3792
13 	xul.dll 	XREMain::XRE_main 	toolkit/xre/nsAppRunner.cpp:3858
14 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3933
15 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:105
16 	firefox.exe 	__tmainCRTStartup 	crtexe.c:552
17 	kernel32.dll 	BaseThreadInitThunk 	
18 	ntdll.dll 	__RtlUserThreadStart 	
19 	ntdll.dll 	_RtlUserThreadStart

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsRefreshDriver%3A%3ATick%28__int64%2C+mozilla%3A%3ATimeStamp%29
https://crash-stats.mozilla.com/report/list?signature=nsRefreshDriver%3A%3ATick
Hrm, weird.  Looking into it, need to see how we could get into this situation.  Only thing I can think of is that drivers[i] is somehow invalid; it can't be null, or the earlier check for IsTestControllingRefreshes() would've crashed it as well.

(The stack seems pretty optimized there; there are two functions missing in between the nsTimerImpl and the Tick)
Assignee: nobody → vladimir
Keywords: topcrash
It's #2 top crasher in today's build.
Still looking into it; it got backed out today due to some WinXP mochitest-o orange.
I have a bizarre fuzz testcase that reliably triggers this crash on my laptop, fwiw.  It involves opening/resizing windows and mjitChunkLimit.
Awesome -- what platform?  Can you attach or mail me the testcase?
I'm on Lion.  Filed bug 799242 with the testcase.
Depends on: 799242
This was backed out of 18, and is the same as bug 799242 -- patch is there.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
No longer depends on: 799242
You need to log in before you can comment on or make changes to this bug.