Closed
Bug 801516
Opened 13 years ago
Closed 4 years ago
crash in js::gc::IsObjectMarked with AdBlock Plus
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
References
Details
(Keywords: crash, steps-wanted)
Crash Data
This bug was filed from the Socorro interface and is
report bp-cf55f01d-4d7a-4023-b985-81bc22121014 .
=============================================================
Seen while looking at Mac trunk crash stats. Low volume crash which started showing up in crash stats using the 2012101003 build. All the reports seem to have Version 2.1.2 of Adblock Plus.
More Mac and Linux reports: https://crash-stats.mozilla.com/report/list?signature=js::gc::IsObjectMarked%28js::EncapsulatedPtr%3CJSObject,%20unsigned%20long%3E*%29
Possible regression range based on crash stats: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=aa5e3b445810&tochange=ec10630b1a54
Frame Module Signature Source
0 XUL js::gc::IsObjectMarked Heap.h:1017
1 XUL js::WeakMap<js::EncapsulatedPtr<JSObject, unsigned long>, js::RelocatableValue, Marking.h:276
2 XUL js::WeakMapBase::markAllIteratively jsweakmap.cpp:32
3 XUL IncrementalCollectSlice jsgc.cpp:3442
4 XUL GCCycle jsgc.cpp:4533
5 XUL Collect jsgc.cpp:4647
6 XUL js::NotifyDidPaint jsfriendapi.cpp:809
7 XUL nsXPConnect::NotifyDidPaint nsXPConnect.cpp:2729
8 XUL PresShell::Paint nsPresShell.cpp:5212
9 XUL nsViewManager::Refresh nsViewManager.cpp:370
10 XUL nsViewManager::PaintWindow nsViewManager.cpp:704
11 XUL non-virtual thunk to nsView::PaintWindow
12 XUL XUL@0x6e4f0f
13 XUL nsChildView::PaintWindow nsChildView.mm:1442
14 XUL -[ChildView drawRect:inContext:] nsChildView.mm:2451
15 XUL -[ChildView drawRect:] nsChildView.mm:2377
16 AppKit AppKit@0x542cd
17 AppKit AppKit@0x501c9
18 CoreFoundation CoreFoundation@0x12579
19 AppKit AppKit@0x102f5
20 Foundation Foundation@0x3d55e
21 AppKit AppKit@0x8149a
22 libobjc.A.dylib libobjc.A.dylib@0xd299
23 libobjc.A.dylib libobjc.A.dylib@0xd254
24 CoreFoundation CoreFoundation@0x309a8
25 CoreFoundation CoreFoundation@0x4ca74
26 CoreFoundation CoreFoundation@0x4f7bf
27 CoreFoundation CoreFoundation@0x4f566
28 AppKit AppKit@0x4de87
29 AppKit AppKit@0x818c6
30 AppKit AppKit@0x5053d
31 AppKit AppKit@0x42e83
32 AppKit AppKit@0x42d3d
33 AppKit AppKit@0x42e83
34 CoreFoundation CoreFoundation@0x167b97
35 AppKit AppKit@0x5323c
36 AppKit AppKit@0x42b79
37 CoreFoundation CoreFoundation@0x8370b
38 AppKit AppKit@0x9880ef
39 AppKit AppKit@0x518a8
40 AppKit AppKit@0x94f731
41 libobjc.A.dylib libobjc.A.dylib@0xd2c5
42 libobjc.A.dylib libobjc.A.dylib@0xd4f8
43 AppKit AppKit@0x547e3
44 libmozglue.dylib je_malloc jemalloc.c:4217
45 AppKit AppKit@0x52b5d
46 AppKit AppKit@0x94f731
47 CarbonCore CarbonCore@0x2b380
48 CarbonCore CarbonCore@0x2b29f
49 HIToolbox HIToolbox@0x65516
50 HIToolbox HIToolbox@0x18812
51 libmozglue.dylib arena_malloc jemalloc.c:1694
52 AppKit AppKit@0x50da2
53 libobjc.A.dylib libobjc.A.dylib@0xd566
54 libmozglue.dylib arena_dalloc jemalloc.c:1679
55 AppKit AppKit@0x4c1ba
56 CoreFoundation CoreFoundation@0x4d80d
57 CoreFoundation CoreFoundation@0x167b97
58 libmozglue.dylib arena_dalloc jemalloc.c:1679
59 AppKit AppKit@0x44c34
60 libsystem_c.dylib libsystem_c.dylib@0x4d46f
61 libsystem_c.dylib libsystem_c.dylib@0x3e1ef
62 CoreFoundation CoreFoundation@0x4fd92
63 libnspr4.dylib dstParams
64 AppKit AppKit@0x4162c
65 AppKit AppKit@0x44374
66 CoreFoundation CoreFoundation@0x638e6
67 CoreFoundation CoreFoundation@0x63845
68 CoreFoundation CoreFoundation@0x6372f
69 CoreFoundation CoreFoundation@0x38af8
70 XUL nsIHttpHeaderVisitor::COMTypeInfo<int>::kIID
71 CarbonCore CarbonCore@0x18087
72 libsystem_c.dylib libsystem_c.dylib@0x4d6aa
73 AppKit AppKit@0x98f82f
74 Foundation Foundation@0xa4b6
75 Foundation Foundation@0xa1f2
76 CoreFoundation CoreFoundation@0x8bb3
77 XUL XUL@0xdb0a6f
78 CoreFoundation CoreFoundation@0x2a04
79 libobjc.A.dylib libobjc.A.dylib@0xea22
80 CoreFoundation CoreFoundation@0xf0cf
81 libmozglue.dylib arena_malloc jemalloc.c:1694
82 CoreFoundation CoreFoundation@0x38485
83 HIToolbox HIToolbox@0x22be
84 HIToolbox HIToolbox@0x94be
85 CoreFoundation CoreFoundation@0x12579
86 HIToolbox HIToolbox@0x93f9
87 AppKit AppKit@0x8778
88 CoreFoundation CoreFoundation@0x218d
89 libmozglue.dylib arena_dalloc jemalloc.c:4568
90 AppKit AppKit@0x807c
91 AppKit AppKit@0x94922b
92 AppKit AppKit@0x732ca
|
||
Comment 1•13 years ago
|
||
From 19.0a1/20101009, Mac crash signatures have a Windows look, so it's not a new crash.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 2•13 years ago
|
||
Oops! bug 774070 is Android only.
Previous reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3Agc%3A%3AIsObjectMarked
Status: RESOLVED → REOPENED
Crash Signature: [@ js::gc::IsObjectMarked(js::EncapsulatedPtr<JSObject, unsigned long>*)] → [@ js::gc::IsObjectMarked(js::EncapsulatedPtr<JSObject, unsigned long>*)]
[@ js::gc::IsObjectMarked]
Keywords: regression
Resolution: DUPLICATE → ---
Version: 19 Branch → Trunk
|
|
||
Updated•13 years ago
|
Crash Signature: [@ js::gc::IsObjectMarked(js::EncapsulatedPtr<JSObject, unsigned long>*)]
[@ js::gc::IsObjectMarked] → [@ js::gc::IsObjectMarked(js::EncapsulatedPtr<JSObject, unsigned long>*)]
[@ js::gc::IsObjectMarked]
[@ js::WeakMap<js::EncapsulatedPtr<JSObject, unsigned int>, js::RelocatableValue, js::DefaultHasher<js::EncapsulatedPtr<JSObject unsigned int> > >::mark…
|
|
||
Comment 3•13 years ago
|
||
It's #1 top browser crasher on Mac in 16.0.1, 17.0b1, 18.0a2 and 19.0a1.
It's correlated to ABP 2.1.2 in all channels:
*16.0.1:
100% (83/83) vs. 29% (233/803) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
*17.0b1:
js::gc::IsObjectMarked|EXC_BAD_ACCESS / KERN_INVALID_ADDRESS (22 crashes)
100% (22/22) vs. 52% (50/97) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
tracking-firefox16:
--- → ?
tracking-firefox17:
--- → ?
Keywords: topcrash
Summary: crash in js::gc::IsObjectMarked → crash in js::gc::IsObjectMarked with AdBlock Plus
|
||
Comment 4•13 years ago
|
||
May be a spike caused by yesterday's live streaming event.
"Waiting for the near-orbital jump press conference, watching the YouTube stream via the official site. It was in the background (on desktop 3 of 4; I was working in another desktop) and I didn't even notice the crash."
"Just tried to go to wunderground.com. Am running NoScript"
"i show the jump from space record !!"
"i watching flash video + javascript page."
The fact that 16.0b6 and 15.0.1 are unaffected, while 16.0.1 is points at a new change. bholley - could this have been caused by your recent security change in 16.0.1?
QA Contact: anthony.s.hughes
|
||
Comment 5•13 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #4)
> The fact that 16.0b6 and 15.0.1 are unaffected, while 16.0.1 is points at a
> new change. bholley - could this have been caused by your recent security
> change in 16.0.1?
Nothing jumps out at me.
|
|
||
Comment 6•13 years ago
|
||
OK - our last plan of action then is to test on 10.8 with ABP 2.1.2, on YouTube (preferably streaming) and other streaming Flash content.
Keywords: qawanted,
steps-wanted
Juan, can you have a look at this? I don't have access to a Mac OSX 10.8 machine.
QA Contact: anthony.s.hughes → jbecerra
|
||
Comment 8•13 years ago
|
||
Bug 798678 is weakmap-related and may be the fix for this. ABP switched over to weak maps recently-ish, so they are probably the heaviest user of them, and thus more prone to finding problems there.
Depends on: 798678
|
|
||
Comment 9•13 years ago
|
||
That said, I don't see anything in that range that seems related to weak maps, so I'm not sure how that could have caused problems here.
|
|
||
Comment 10•13 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #9)
> That said, I don't see anything in that range that seems related to weak
> maps, so I'm not sure how that could have caused problems here.
It can be related to a new filter added around October 15 in one of the locale lists.
|
||
Comment 11•13 years ago
|
||
I've been trying to reproduce this on Mac OS X 10.8 using Nightly, Aurora, and Beta with AdBlock Plus 2.1.2. I've added all the filters available in the ABP preferences, and I have several tabs open including one with a youtube video, one with a live steam on ustream, and some cat videos.
I've been trying on and off for a couple of days and I haven't been able to crash. During the redbullstratos.com/live streaming I remember having seen the player progress widget spin and spin while it was trying to get the stream, but other than that I don't remember anything out of the ordinary.
I'll leave the machine running for now with a live stream. I'll report back if and when it crashes.
|
|
||
Comment 12•13 years ago
|
||
Thanks for testing juan.
In the one day view for Mac OS X, this is no longer a top crasher.
|
||
Comment 13•12 years ago
|
||
Removing QAwanted since QA can't reproduce this issue locally. Please re-add it if you have more details about how it can be reproduced.
Keywords: qawanted
|
Assignee | |
Updated•11 years ago
|
Assignee: general → nobody
|
||
Updated•10 years ago
|
Crash Signature: , unsigned int> > >::markIteratively(JSTracer*)] → , unsigned int> > >::markIteratively(JSTracer*)]
[@ js::WeakMap<T>::markIteratively]
|
||
Comment 14•4 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: REOPENED → RESOLVED
Closed: 13 years ago → 4 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•