Closed
Bug 858648
Opened 11 years ago
Closed 9 years ago
crash in js::UnwrapObject
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox21 | --- | unaffected |
| firefox22 | - | affected |
| firefox23 | --- | affected |
People
(Reporter: scoobidiver, Assigned: bholley)
References
Details
(Keywords: crash, regression)
Crash Data
It started spiking in 22.0a1/20130325105600 and is currently #3 top browser crasher in 23.0a1. The regression range for the spike is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0a10eca0c521&tochange=4d3250f3afea The patch of bug 858642 will likely fix most crashes. Signature js::UnwrapObject(JSObject*, bool, unsigned int*) More Reports Search UUID ce4db26c-6eef-4fc8-a620-bb4622130405 Date Processed 2013-04-05 16:14:37 Uptime 8325 Last Crash 3.4 weeks before submission Install Age 1.0 days since version was first installed. Install Time 2013-04-04 16:02:42 Product Firefox Version 23.0a1 Build ID 20130404030859 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 58 stepping 9 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x4 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x0162, AdapterSubsysID: 21111462, AdapterDriverVersion: 9.18.10.3071 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers+ Processor Notes sp-processor09.phx1.mozilla.com_20732:2008; MDSW emitted too many frames, triggering truncation EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x0162 Total Virtual Memory 4294836224 Available Virtual Memory 416178176 System Memory Use Percentage 28 Available Page File 7816855552 Available Physical Memory 5947572224 Frame Module Signature Source 0 mozjs.dll js::UnwrapObject js/src/jswrapper.cpp:78 1 xul.dll xpc::GetXBLScope js/xpconnect/src/XPCWrappedNativeScope.cpp:271 2 xul.dll nsXBLProtoImpl::InstallImplementation content/xbl/src/nsXBLProtoImpl.cpp:104 3 xul.dll nsXBLService::LoadBindings content/xbl/src/nsXBLService.cpp:517 4 xul.dll nsCSSFrameConstructor::AddFrameConstructionItemsInternal layout/base/nsCSSFrameConstructor.cpp:5098 5 xul.dll nsCSSFrameConstructor::AddFrameConstructionItems layout/base/nsCSSFrameConstructor.cpp:5042 6 xul.dll nsCSSFrameConstructor::FrameConstructionItemList::~FrameConstructionItemList layout/base/nsCSSFrameConstructor.h:803 7 xul.dll nsCSSFrameConstructor::CreateAnonymousFrames layout/base/nsCSSFrameConstructor.cpp:3757 8 xul.dll nsHTMLScrollFrame::nsHTMLScrollFrame layout/generic/nsGfxScrollFrame.cpp:78 9 xul.dll nsCSSFrameConstructor::BeginBuildingScrollFrame layout/base/nsCSSFrameConstructor.cpp:4132 10 xul.dll nsCSSFrameConstructor::SetUpDocElementContainingBlock layout/base/nsCSSFrameConstructor.cpp:2725 11 xul.dll nsCSSFrameConstructor::ConstructDocElementFrame layout/base/nsCSSFrameConstructor.cpp:2490 12 xul.dll nsCSSFrameConstructor::ContentRangeInserted layout/base/nsCSSFrameConstructor.cpp:6892 13 xul.dll nsCSSFrameConstructor::ContentInserted layout/base/nsCSSFrameConstructor.cpp:6781 14 xul.dll PresShell::Initialize layout/base/nsPresShell.cpp:1731 15 xul.dll nsContentSink::StartLayout content/base/src/nsContentSink.cpp:1174 16 xul.dll nsHtml5TreeOpExecutor::StartLayout parser/html/nsHtml5TreeOpExecutor.cpp:737 17 xul.dll nsHtml5TreeOperation::Perform parser/html/nsHtml5TreeOperation.cpp:653 18 xul.dll nsHtml5TreeOpExecutor::RunFlushLoop parser/html/nsHtml5TreeOpExecutor.cpp:557 19 xul.dll nsHtml5ExecutorReflusher::Run parser/html/nsHtml5TreeOpExecutor.cpp:61 20 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627 21 xul.dll NS_ProcessNextEvent obj-firefox/xpcom/build/nsThreadUtils.cpp:238 22 xul.dll nsThread::Shutdown xpcom/threads/nsThread.cpp:474 23 xul.dll nsRunnableMethodImpl<tag_nsresult obj-firefox/dist/include/nsThreadUtils.h:350 24 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627 25 xul.dll NS_ProcessNextEvent obj-firefox/xpcom/build/nsThreadUtils.cpp:238 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3AUnwrapObject%28JSObject*%2C+bool%2C+unsigned+int*%29
|
Reporter | |
Comment 1•11 years ago
|
||
Crashes have stopped since 23.0a1/20130405 so before the fix of bug 858642. The working range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c232bec6974d&tochange=55f9e3e3dae7
|
||
Comment 2•11 years ago
|
||
This continues to be the #4 topcrash on 22 Aurora. We should find what fixed it on Nightly and port that fix to aurora.
tracking-firefox22:
--- → ?
|
||
Comment 3•11 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #2) > This continues to be the #4 topcrash on 22 Aurora. We should find what fixed > it on Nightly and port that fix to aurora. Over to bholley to find out whether he agrees that bug 858642 is the fix, in which case we should get that nominated for uplift.
Assignee: general → bobbyholley+bmo
|
Assignee | |
Comment 4•11 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #3) > (In reply to Robert Kaiser (:kairo@mozilla.com) from comment #2) > > This continues to be the #4 topcrash on 22 Aurora. We should find what fixed > > it on Nightly and port that fix to aurora. > > Over to bholley to find out whether he agrees that bug 858642 is the fix, in > which case we should get that nominated for uplift. Well, comment 1 suggests it might not be, right? But from the stacks I see here, this is what would fix it. I'll nominate that for uplift.
|
||
Comment 5•11 years ago
|
||
Crash reported in 20.0.1; https://support.mozilla.org/en-US/questions/956594#answer-427155 https://crash-stats.mozilla.com/report/index/bp-30dd2157-e230-449e-964b-125b22130413
|
|
Reporter | |
Comment 6•11 years ago
|
||
(In reply to Feer56 (Andrew T.) from comment #5) > Crash reported in 20.0.1; > https://support.mozilla.org/en-US/questions/956594#answer-427155 It's a low volume crash in 20.0 and 20.0.1, less than eleven crashes, so I assume it's caused by malware or changes in Windows configuration such as registry keys (registry cleaners do more harm than good).
|
|
Reporter | |
Comment 7•11 years ago
|
||
After the fix of bug 858642 in Aurora, the volume has dropped from about 40 crashes per build to one crash per build. The first frames of the stack trace are: Frame Module Signature Source 0 mozjs.dll js::UnwrapObject js/src/jswrapper.cpp:78 1 xul.dll mozilla::dom::CallbackObject::CallSetup::CallSetup dom/bindings/CallbackObject.cpp:53 2 xul.dll mozilla::dom::EventHandlerNonNull::Call<nsISupports*> obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:59 3 xul.dll nsCOMPtr_base::assign_from_qi obj-firefox/xpcom/build/nsCOMPtr.cpp:58 4 xul.dll NS_TableDrivenQI obj-firefox/xpcom/build/nsISupportsImpl.cpp:16 5 xul.dll nsCOMPtr_base::assign_with_AddRef obj-firefox/xpcom/build/nsCOMPtr.cpp:48 6 xul.dll nsGlobalWindow::QueryInterface dom/base/nsGlobalWindow.cpp:1507 7 xul.dll nsQueryReferent::operator obj-firefox/xpcom/build/nsWeakReference.cpp:56 There's also one crash in m-c with the following first frames of the stack trace: Frame Module Signature Source 0 mozjs.dll js::UnwrapObject js/src/jswrapper.cpp:78 1 mozjs.dll js::NukeCrossCompartmentWrappers js/src/jswrapper.cpp:945 2 xul.dll WindowDestroyedEvent::Run dom/base/nsGlobalWindow.cpp:7401 3 xul.dll mozilla::HangMonitor::NotifyActivity xpcom/threads/HangMonitor.cpp:334 4 nss3.dll PR_Unlock nsprpub/pr/src/threads/combined/prulock.c:315 5 xul.dll TimerThread::RemoveTimer xpcom/threads/TimerThread.cpp:348 6 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:82 7 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:209
|
||
Updated•11 years ago
|
|
||
Comment 8•9 years ago
|
||
There are no reports on crash-stats newer than version 21
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•