812319 - crash in js::ShapeTable::search

Status: RESOLVED WORKSFORME

(Core :: JavaScript Engine, defect)

Description

[Marcia Knous [:marcia]]

This bug was filed from the Socorro interface and is 
report bp-dc011938-ac09-4a59-a8c0-1117f2121115 .
============================================================= 

Windows crash seen while looking at crash stats and seems to be correlated to Yandex - see https://crash-stats.mozilla.com/report/list?signature=js::ShapeTable::search%28int,%20bool%29. This has happened in other versions as well.

71% (17/24) vs.   2% (414/18719) yasearch@yandex.ru (Yandex.Bar, https://addons.mozilla.org/addon/3495)
63% (15/24) vs.   1% (251/18719) vb@yandex.ru
21% (5/24) vs.   1% (134/18719) {B100D0FF-0001-8CE4-2790-AACE49B8AE35}
21% (5/24) vs.   1% (157/18719) {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} (WOT, https://addons.mozilla.org/addon/3456)
17% (4/24) vs.   0% (34/18719) helper@savefrom.net
17% (4/24) vs.   2% (365/18719) {37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
13% (3/24) vs.   0% (6/18719) s3google@translator
13% (3/24) vs.   0% (39/18719) {fe272bd1-5f76-4ea4-8501-a05d35d823fc}
13% (3/24) vs.   0% (42/18719) dmbarff@westbyte.com
13% (3/24) vs.   0% (45/18719) dmpluginff@westbyte.com
13% (3/24) vs.   1% (158/18719) {9AA46F4F-4DC7-4c06-97AF-5035170634FE} (ImTranslator, https://addons.mozilla.org/addon/2257)
17% (4/24) vs.   5% (998/18719) wrc@avast.com
17% (4/24) vs.   6% (1073/18719) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
13% (3/24) vs.   3% (514/18719) {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
13% (3/24) vs.   3% (598/18719) {0153E448-190B-4987-BDE1-F256CADA672F}
8% (2/24) vs.   0% (5/18719) {7760B465-F757-4443-9A87-78DA5B6C13C3}
8% (2/24) vs.   0% (9/18719) ossen@yandex.ru
8% (2/24) vs.   0% (12/18719) YouTubeVideoDownloadLinks@mattshaw.org
8% (2/24) vs.   0% (13/18719) ALone-live@ya.ru
8% (2/24) vs.   0% (14/18719) extensions@gismeteo.com
8% (2/24) vs.   0% (18/18719) pavel.sherbakov@gmail.com
8% (2/24) vs.   0% (26/18719) tabs@ticno.com
8% (2/24) vs.   0% (41/18719) dmremote@westbyte.com
8% (2/24) vs.   0% (70/18719) smarterwiki@wikiatic.com (FastestFox - Browse Faster, https://addons.mozilla.org/addon/9825)
8% (2/24) vs.   1% (94/18719) {3e0e7d2a-070f-4a47-b019-91fe5385ba79} (AddThis, https://addons.mozilla.org/addon/4076)
8% (2/24) vs.   1% (94/18719) adblockpopups@jessehakanen.net
8% (2/24) vs.   1% (171/18719) {1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox, https://addons.mozilla.org/addon/5791)
8% (2/24) vs.   2% (344/18719) OneClickDownload@OneClickDownload.com
8% (2/24) vs.   3% (622/18719) {b9db16a4-6edc-47ec-a1f4-b86292ed211d} (Video DownloadHelper, https://addons.mozilla.org/addon/3006)


Frame 	Module 	Signature 	Source
0 	mozjs.dll 	js::ShapeTable::search 	js/src/jsscope.cpp:163
1 	mozjs.dll 	js::ObjectImpl::nativeLookup 	js/src/vm/ObjectImpl.cpp:265
2 	mozjs.dll 	js::GetPropertyOperation 	js/src/jsinterpinlines.h:270
3 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2293
4 	xul.dll 	XPCConvert::NativeData2JS 	js/xpconnect/src/XPCConvert.cpp:230
5 	xul.dll 	XPCConvert::NativeData2JS 	js/xpconnect/src/xpcprivate.h:3313
6 	nspr4.dll 	PR_Unlock 	nsprpub/pr/src/threads/combined/prulock.c:315
7 	xul.dll 	XPCCallContext::~XPCCallContext 	js/xpconnect/src/XPCCallContext.cpp:308
8 	xul.dll 	nsIFrame::GetPaddingRect 	layout/generic/nsFrame.cpp:968

Comment 1

[Alex Keybl [:akeybl]]

We haven't been able to reproduce, so we're still trying to reach out to the Yandex Toolbar team and looping in the JS team to see if there's anything we can investigate in the meantime.

Comment 2

[Scoobidiver (away)]

It's #9 top browser crasher in 17.0.

Here are correlations per extension version:
     89% (33/37) vs.   6% (543/8801) yasearch@yandex.ru (Yandex.Bar, https://addons.mozilla.org/addon/3495)
          3% (1/37) vs.   0% (2/8801) 7.1.1
         24% (9/37) vs.   0% (39/8801) 7.2.1
          8% (3/37) vs.   1% (45/8801) 7.2.3
          8% (3/37) vs.   0% (16/8801) 7.2.5
         46% (17/37) vs.   5% (427/8801) 7.2.6
     86% (32/37) vs.   6% (525/8801) vb@yandex.ru
          3% (1/37) vs.   0% (9/8801) 1.1
         35% (13/37) vs.   2% (209/8801) 1.3
          5% (2/37) vs.   1% (112/8801) 1.4
          3% (1/37) vs.   0% (13/8801) 2.0
         41% (15/37) vs.   2% (146/8801) 2.0.1

Comment 3

[Lukas Blakk [:lsblakk] use ?needinfo]

Yandex has pushed an update: in bug 770238 comment 26 so let's see if we get any decrease in crash volume here if they are related issues.

Comment 4

[Robert Kaiser]

This signature is pretty low on 18.0b3 (#115) but remains #8 on release.

As the Yandex Bar add-on is completely JS-based (no binary code), any crash it triggers is very probably a problem in our code and we should investigate that, esp. with how much-used this add-on is in Russia.

sfink, you have done work with debugging crashes with this add-on in bug 770238, can you help here as well?

Comment 5

[Bill McCloskey [inactive unless it's an emergency] (:billm)]

It looks like we don't have an STR or a regression range for this crash. I don't think there's much that we can do.

Comment 6

[Scoobidiver (away)]

It's #111 top browser crasher in 18.0.2 and #88 in 19.0b5 so no longer a top crasher.

There are no extension correlations in 18.0.2.

Comment 7

[David Mandelin [:dmandelin]]

Interestingly, there are still spikes for some build dates, but it's usually low. I don't know what that means--whether it's affecting some very small set of Nightly users, or what.

Comment 8

[Merike Sell (:merike)]

https://crash-stats.mozilla.com/report/index/e2b2c5ba-a73e-4716-b059-8c74a2131020

Comment 9

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year) in Firefox (except some obsolete Fx <46, no crashes starting since Fx 46).