Closed Bug 820905 Opened 7 years ago Closed 7 years ago

crash in nsNPAPIPluginInstance::UnscheduleTimer

Categories

(Core :: Plug-ins, defect, blocker)

18 Branch
ARM
Android
defect
Not set
blocker

Tracking

()

RESOLVED FIXED
mozilla20
Tracking Status
firefox18 + fixed
firefox19 + fixed
firefox20 --- fixed
b2g18 --- fixed
fennec 18+ ---

People

(Reporter: scoobidiver, Assigned: snorp)

References

Details

(Keywords: crash, regression, topcrash, Whiteboard: [native-crash])

Crash Data

It's #1 top crasher in 19.0a2 over the last day.
It first showed up in 20.0a1/20121212 and 19.0a2/20121212. The regression ranges are:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4dfe323a663d&tochange=634180132e68
http://hg.mozilla.org/releases/mozilla-aurora/pushloghtml?fromchange=c042ea08a2b4&tochange=cb34bd8957ec
It's likely a regression from bug 800838.
18.0b4 will be affected.

Signature 	@0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int) More Reports Search
UUID	ef746b24-3096-44fd-b0fd-d9a5d2121212
Date Processed	2012-12-12 16:58:19
Uptime	56
Install Age	56 seconds since version was first installed.
Install Time	2012-12-12 16:57:08
Product	FennecAndroid
Version	19.0a2
Build ID	20121212042015
Release Channel	aurora
OS	Android
OS Version	0.0.0 Linux 3.0.15-1029495-user #1 SMP PREEMPT Mon Aug 13 22:20:09 KST 2012 armv7l samsung/m0bv/m0:4.0.4/IMM76D/I9300BVBLH2:user/release-keys
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x0
App Notes 	
AdapterDescription: 'ARM -- Mali-400 MP -- OpenGL ES 2.0 -- Model: GT-I9300, Product: m0bv, Manufacturer: samsung, Hardware: smdk4x12'
EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ 
samsung GT-I9300
samsung/m0bv/m0:4.0.4/IMM76D/I9300BVBLH2:user/release-keys
Processor Notes 	/data/socorro/stackwalk/bin/exploitable: ERROR: unable to analyze dump
EMCheckCompatibility	True
Adapter Vendor ID	ARM
Adapter Device ID	Mali-400 MP
Device	samsung GT-I9300
Android API Version	15 (REL)
Android CPU ABI	armeabi-v7a

Frame 	Module 	Signature 	Source
0 		@0x0 	
1 	libxul.so 	nsNPAPIPluginInstance::UnscheduleTimer 	nsNPAPIPluginInstance.cpp:1482
2 		@0x4001 	
3 	libxul.so 	nsTimerEvent::Run 	nsTimerImpl.cpp:565
4 	libxul.so 	nsThread::ProcessNextEvent 	nsThread.cpp:627
5 	libxul.so 	NS_ProcessNextEvent_P 	nsThreadUtils.cpp:221
6 	libxul.so 	mozilla::ipc::MessagePump::Run 	MessagePump.cpp:117
7 	libxul.so 	MessageLoop::RunInternal 	message_loop.cc:215
8 	libxul.so 	MessageLoop::Run 	message_loop.cc:208
9 	libxul.so 	nsBaseAppShell::Run 	nsBaseAppShell.cpp:163
10 	libxul.so 	nsAppStartup::Run 	nsAppStartup.cpp:290
11 	libxul.so 	XREMain::XRE_mainRun 	nsAppRunner.cpp:3823
12 	libxul.so 	XREMain::XRE_main 	nsAppRunner.cpp:3890
13 	libxul.so 	XRE_main 	nsAppRunner.cpp:4084 

More reports at:
https://crash-stats.mozilla.com/report/list?signature=%400x0+|+nsNPAPIPluginInstance%3A%3AUnscheduleTimer%28unsigned+int%29
More reports also at:
https://crash-stats.mozilla.com/report/list?signature=PluginTimerCallback
Crash Signature: [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] → [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ PluginTimerCallback]
Snorp - can you start looking at this already given the impact to FF19 and likely impact to FF18? If the crash volume is higher than bug 800838, we'll obviously back it out, but we'd prefer a forward fix landed asap.
Assignee: nobody → snorp
(In reply to Alex Keybl [:akeybl] from comment #2)
> If the crash volume is higher than bug 800838, we'll obviously back it out
Yes, it is. It accounts for 64% of crashes in 19.0a2 over the last day.
18.0b4 will be unusable.
Severity: critical → blocker
I'm seeing this crash on http://www.youtube.com/embed/oa2EQpbgKpc
with my Samsung Galaxy Nexus, using latest Aurora build with plugins enabled.
Crash Signature: [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ PluginTimerCallback] → [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback]
tracking-fennec: ? → 18+
Fixed by the backout of bug 800838 not yet landed in m-c.
Crash Signature: [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback] → [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback]
Crash Signature: [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback] → [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback] [@ nsDocShell::GetInterface(nsID const& void**)] [@ nsD…
https://hg.mozilla.org/mozilla-central/rev/437aa90c4fe7
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
You need to log in before you can comment on or make changes to this bug.