Closed Bug 820905 Opened 12 years ago Closed 12 years ago

crash in nsNPAPIPluginInstance::UnscheduleTimer

Categories

(Core Graveyard :: Plug-ins, defect)

18 Branch
ARM
Android
defect
Not set
blocker

Tracking

(firefox18+ fixed, firefox19+ fixed, firefox20 fixed, b2g18 fixed, fennec18+)

RESOLVED FIXED
mozilla20
Tracking Status
firefox18 + fixed
firefox19 + fixed
firefox20 --- fixed
b2g18 --- fixed
fennec 18+ ---

People

(Reporter: scoobidiver, Assigned: snorp)

References

Details

(Keywords: crash, regression, topcrash, Whiteboard: [native-crash])

Crash Data

It's #1 top crasher in 19.0a2 over the last day. It first showed up in 20.0a1/20121212 and 19.0a2/20121212. The regression ranges are: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4dfe323a663d&tochange=634180132e68 http://hg.mozilla.org/releases/mozilla-aurora/pushloghtml?fromchange=c042ea08a2b4&tochange=cb34bd8957ec It's likely a regression from bug 800838. 18.0b4 will be affected. Signature @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int) More Reports Search UUID ef746b24-3096-44fd-b0fd-d9a5d2121212 Date Processed 2012-12-12 16:58:19 Uptime 56 Install Age 56 seconds since version was first installed. Install Time 2012-12-12 16:57:08 Product FennecAndroid Version 19.0a2 Build ID 20121212042015 Release Channel aurora OS Android OS Version 0.0.0 Linux 3.0.15-1029495-user #1 SMP PREEMPT Mon Aug 13 22:20:09 KST 2012 armv7l samsung/m0bv/m0:4.0.4/IMM76D/I9300BVBLH2:user/release-keys Build Architecture arm Build Architecture Info Crash Reason SIGSEGV Crash Address 0x0 App Notes AdapterDescription: 'ARM -- Mali-400 MP -- OpenGL ES 2.0 -- Model: GT-I9300, Product: m0bv, Manufacturer: samsung, Hardware: smdk4x12' EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ samsung GT-I9300 samsung/m0bv/m0:4.0.4/IMM76D/I9300BVBLH2:user/release-keys Processor Notes /data/socorro/stackwalk/bin/exploitable: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID ARM Adapter Device ID Mali-400 MP Device samsung GT-I9300 Android API Version 15 (REL) Android CPU ABI armeabi-v7a Frame Module Signature Source 0 @0x0 1 libxul.so nsNPAPIPluginInstance::UnscheduleTimer nsNPAPIPluginInstance.cpp:1482 2 @0x4001 3 libxul.so nsTimerEvent::Run nsTimerImpl.cpp:565 4 libxul.so nsThread::ProcessNextEvent nsThread.cpp:627 5 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:221 6 libxul.so mozilla::ipc::MessagePump::Run MessagePump.cpp:117 7 libxul.so MessageLoop::RunInternal message_loop.cc:215 8 libxul.so MessageLoop::Run message_loop.cc:208 9 libxul.so nsBaseAppShell::Run nsBaseAppShell.cpp:163 10 libxul.so nsAppStartup::Run nsAppStartup.cpp:290 11 libxul.so XREMain::XRE_mainRun nsAppRunner.cpp:3823 12 libxul.so XREMain::XRE_main nsAppRunner.cpp:3890 13 libxul.so XRE_main nsAppRunner.cpp:4084 More reports at: https://crash-stats.mozilla.com/report/list?signature=%400x0+|+nsNPAPIPluginInstance%3A%3AUnscheduleTimer%28unsigned+int%29
Crash Signature: [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] → [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ PluginTimerCallback]
Snorp - can you start looking at this already given the impact to FF19 and likely impact to FF18? If the crash volume is higher than bug 800838, we'll obviously back it out, but we'd prefer a forward fix landed asap.
Assignee: nobody → snorp
(In reply to Alex Keybl [:akeybl] from comment #2) > If the crash volume is higher than bug 800838, we'll obviously back it out Yes, it is. It accounts for 64% of crashes in 19.0a2 over the last day. 18.0b4 will be unusable.
Severity: critical → blocker
I'm seeing this crash on http://www.youtube.com/embed/oa2EQpbgKpc with my Samsung Galaxy Nexus, using latest Aurora build with plugins enabled.
Crash Signature: [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ PluginTimerCallback] → [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback]
tracking-fennec: ? → 18+
Fixed by the backout of bug 800838 not yet landed in m-c.
Crash Signature: [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback] → [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback]
Crash Signature: [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback] → [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ nsNPAPIPluginInstance::UnscheduleTimer(unsigned int)] [@ @0x0 | nsNPAPIPluginInstance::UnscheduleTimer] [@ PluginTimerCallback] [@ nsDocShell::GetInterface(nsID const& void**)] [@ nsD…
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.