Closed
Bug 801516
Opened 12 years ago
Closed 3 years ago
crash in js::gc::IsObjectMarked with AdBlock Plus
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
References
Details
(Keywords: crash, steps-wanted)
Crash Data
This bug was filed from the Socorro interface and is report bp-cf55f01d-4d7a-4023-b985-81bc22121014 . ============================================================= Seen while looking at Mac trunk crash stats. Low volume crash which started showing up in crash stats using the 2012101003 build. All the reports seem to have Version 2.1.2 of Adblock Plus. More Mac and Linux reports: https://crash-stats.mozilla.com/report/list?signature=js::gc::IsObjectMarked%28js::EncapsulatedPtr%3CJSObject,%20unsigned%20long%3E*%29 Possible regression range based on crash stats: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=aa5e3b445810&tochange=ec10630b1a54 Frame Module Signature Source 0 XUL js::gc::IsObjectMarked Heap.h:1017 1 XUL js::WeakMap<js::EncapsulatedPtr<JSObject, unsigned long>, js::RelocatableValue, Marking.h:276 2 XUL js::WeakMapBase::markAllIteratively jsweakmap.cpp:32 3 XUL IncrementalCollectSlice jsgc.cpp:3442 4 XUL GCCycle jsgc.cpp:4533 5 XUL Collect jsgc.cpp:4647 6 XUL js::NotifyDidPaint jsfriendapi.cpp:809 7 XUL nsXPConnect::NotifyDidPaint nsXPConnect.cpp:2729 8 XUL PresShell::Paint nsPresShell.cpp:5212 9 XUL nsViewManager::Refresh nsViewManager.cpp:370 10 XUL nsViewManager::PaintWindow nsViewManager.cpp:704 11 XUL non-virtual thunk to nsView::PaintWindow 12 XUL XUL@0x6e4f0f 13 XUL nsChildView::PaintWindow nsChildView.mm:1442 14 XUL -[ChildView drawRect:inContext:] nsChildView.mm:2451 15 XUL -[ChildView drawRect:] nsChildView.mm:2377 16 AppKit AppKit@0x542cd 17 AppKit AppKit@0x501c9 18 CoreFoundation CoreFoundation@0x12579 19 AppKit AppKit@0x102f5 20 Foundation Foundation@0x3d55e 21 AppKit AppKit@0x8149a 22 libobjc.A.dylib libobjc.A.dylib@0xd299 23 libobjc.A.dylib libobjc.A.dylib@0xd254 24 CoreFoundation CoreFoundation@0x309a8 25 CoreFoundation CoreFoundation@0x4ca74 26 CoreFoundation CoreFoundation@0x4f7bf 27 CoreFoundation CoreFoundation@0x4f566 28 AppKit AppKit@0x4de87 29 AppKit AppKit@0x818c6 30 AppKit AppKit@0x5053d 31 AppKit AppKit@0x42e83 32 AppKit AppKit@0x42d3d 33 AppKit AppKit@0x42e83 34 CoreFoundation CoreFoundation@0x167b97 35 AppKit AppKit@0x5323c 36 AppKit AppKit@0x42b79 37 CoreFoundation CoreFoundation@0x8370b 38 AppKit AppKit@0x9880ef 39 AppKit AppKit@0x518a8 40 AppKit AppKit@0x94f731 41 libobjc.A.dylib libobjc.A.dylib@0xd2c5 42 libobjc.A.dylib libobjc.A.dylib@0xd4f8 43 AppKit AppKit@0x547e3 44 libmozglue.dylib je_malloc jemalloc.c:4217 45 AppKit AppKit@0x52b5d 46 AppKit AppKit@0x94f731 47 CarbonCore CarbonCore@0x2b380 48 CarbonCore CarbonCore@0x2b29f 49 HIToolbox HIToolbox@0x65516 50 HIToolbox HIToolbox@0x18812 51 libmozglue.dylib arena_malloc jemalloc.c:1694 52 AppKit AppKit@0x50da2 53 libobjc.A.dylib libobjc.A.dylib@0xd566 54 libmozglue.dylib arena_dalloc jemalloc.c:1679 55 AppKit AppKit@0x4c1ba 56 CoreFoundation CoreFoundation@0x4d80d 57 CoreFoundation CoreFoundation@0x167b97 58 libmozglue.dylib arena_dalloc jemalloc.c:1679 59 AppKit AppKit@0x44c34 60 libsystem_c.dylib libsystem_c.dylib@0x4d46f 61 libsystem_c.dylib libsystem_c.dylib@0x3e1ef 62 CoreFoundation CoreFoundation@0x4fd92 63 libnspr4.dylib dstParams 64 AppKit AppKit@0x4162c 65 AppKit AppKit@0x44374 66 CoreFoundation CoreFoundation@0x638e6 67 CoreFoundation CoreFoundation@0x63845 68 CoreFoundation CoreFoundation@0x6372f 69 CoreFoundation CoreFoundation@0x38af8 70 XUL nsIHttpHeaderVisitor::COMTypeInfo<int>::kIID 71 CarbonCore CarbonCore@0x18087 72 libsystem_c.dylib libsystem_c.dylib@0x4d6aa 73 AppKit AppKit@0x98f82f 74 Foundation Foundation@0xa4b6 75 Foundation Foundation@0xa1f2 76 CoreFoundation CoreFoundation@0x8bb3 77 XUL XUL@0xdb0a6f 78 CoreFoundation CoreFoundation@0x2a04 79 libobjc.A.dylib libobjc.A.dylib@0xea22 80 CoreFoundation CoreFoundation@0xf0cf 81 libmozglue.dylib arena_malloc jemalloc.c:1694 82 CoreFoundation CoreFoundation@0x38485 83 HIToolbox HIToolbox@0x22be 84 HIToolbox HIToolbox@0x94be 85 CoreFoundation CoreFoundation@0x12579 86 HIToolbox HIToolbox@0x93f9 87 AppKit AppKit@0x8778 88 CoreFoundation CoreFoundation@0x218d 89 libmozglue.dylib arena_dalloc jemalloc.c:4568 90 AppKit AppKit@0x807c 91 AppKit AppKit@0x94922b 92 AppKit AppKit@0x732ca
|
||
Comment 1•12 years ago
|
||
From 19.0a1/20101009, Mac crash signatures have a Windows look, so it's not a new crash.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 2•12 years ago
|
||
Oops! bug 774070 is Android only. Previous reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3Agc%3A%3AIsObjectMarked
Status: RESOLVED → REOPENED
Crash Signature: [@ js::gc::IsObjectMarked(js::EncapsulatedPtr<JSObject, unsigned long>*)] → [@ js::gc::IsObjectMarked(js::EncapsulatedPtr<JSObject, unsigned long>*)]
[@ js::gc::IsObjectMarked]
Keywords: regression
Resolution: DUPLICATE → ---
Version: 19 Branch → Trunk
|
|
||
Updated•12 years ago
|
Crash Signature: [@ js::gc::IsObjectMarked(js::EncapsulatedPtr<JSObject, unsigned long>*)]
[@ js::gc::IsObjectMarked] → [@ js::gc::IsObjectMarked(js::EncapsulatedPtr<JSObject, unsigned long>*)]
[@ js::gc::IsObjectMarked]
[@ js::WeakMap<js::EncapsulatedPtr<JSObject, unsigned int>, js::RelocatableValue, js::DefaultHasher<js::EncapsulatedPtr<JSObject unsigned int> > >::mark…
|
|
||
Comment 3•12 years ago
|
||
It's #1 top browser crasher on Mac in 16.0.1, 17.0b1, 18.0a2 and 19.0a1.
It's correlated to ABP 2.1.2 in all channels:
*16.0.1:
100% (83/83) vs. 29% (233/803) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
*17.0b1:
js::gc::IsObjectMarked|EXC_BAD_ACCESS / KERN_INVALID_ADDRESS (22 crashes)
100% (22/22) vs. 52% (50/97) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
tracking-firefox16:
--- → ?
tracking-firefox17:
--- → ?
Keywords: topcrash
Summary: crash in js::gc::IsObjectMarked → crash in js::gc::IsObjectMarked with AdBlock Plus
|
||
Comment 4•12 years ago
|
||
May be a spike caused by yesterday's live streaming event. "Waiting for the near-orbital jump press conference, watching the YouTube stream via the official site. It was in the background (on desktop 3 of 4; I was working in another desktop) and I didn't even notice the crash." "Just tried to go to wunderground.com. Am running NoScript" "i show the jump from space record !!" "i watching flash video + javascript page." The fact that 16.0b6 and 15.0.1 are unaffected, while 16.0.1 is points at a new change. bholley - could this have been caused by your recent security change in 16.0.1?
QA Contact: anthony.s.hughes
|
||
Comment 5•12 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #4) > The fact that 16.0b6 and 15.0.1 are unaffected, while 16.0.1 is points at a > new change. bholley - could this have been caused by your recent security > change in 16.0.1? Nothing jumps out at me.
|
|
||
Comment 6•12 years ago
|
||
OK - our last plan of action then is to test on 10.8 with ABP 2.1.2, on YouTube (preferably streaming) and other streaming Flash content.
Keywords: qawanted,
steps-wanted
Juan, can you have a look at this? I don't have access to a Mac OSX 10.8 machine.
QA Contact: anthony.s.hughes → jbecerra
|
||
Comment 8•12 years ago
|
||
Bug 798678 is weakmap-related and may be the fix for this. ABP switched over to weak maps recently-ish, so they are probably the heaviest user of them, and thus more prone to finding problems there.
Depends on: 798678
|
|
||
Comment 9•12 years ago
|
||
That said, I don't see anything in that range that seems related to weak maps, so I'm not sure how that could have caused problems here.
|
|
||
Comment 10•12 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #9) > That said, I don't see anything in that range that seems related to weak > maps, so I'm not sure how that could have caused problems here. It can be related to a new filter added around October 15 in one of the locale lists.
|
||
Comment 11•12 years ago
|
||
I've been trying to reproduce this on Mac OS X 10.8 using Nightly, Aurora, and Beta with AdBlock Plus 2.1.2. I've added all the filters available in the ABP preferences, and I have several tabs open including one with a youtube video, one with a live steam on ustream, and some cat videos. I've been trying on and off for a couple of days and I haven't been able to crash. During the redbullstratos.com/live streaming I remember having seen the player progress widget spin and spin while it was trying to get the stream, but other than that I don't remember anything out of the ordinary. I'll leave the machine running for now with a live stream. I'll report back if and when it crashes.
|
|
||
Comment 12•12 years ago
|
||
Thanks for testing juan. In the one day view for Mac OS X, this is no longer a top crasher.
|
||
Comment 13•11 years ago
|
||
Removing QAwanted since QA can't reproduce this issue locally. Please re-add it if you have more details about how it can be reproduced.
Keywords: qawanted
|
Assignee | |
Updated•10 years ago
|
Assignee: general → nobody
|
||
Updated•9 years ago
|
Crash Signature: , unsigned int> > >::markIteratively(JSTracer*)] → , unsigned int> > >::markIteratively(JSTracer*)]
[@ js::WeakMap<T>::markIteratively]
|
||
Comment 14•3 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 3 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•