Re: Common crashes due to MOZ_CRASH and MOZ_RELEASE_ASSERT

Wed, 01 Jun 2016 06:45:45 -0700 

On 6/1/16 2:32 AM, Nicholas Nethercote wrote:

4  MOZ_CRASH(Unexpected error during FakeBlack creation.)  1679    0.13 %



This is https://bugzilla.mozilla.org/show_bug.cgi?id=1247977 (credit to 
Milan for noticing that).



49 MOZ_CRASH(Accessing the Subject Principal without an AutoJSAPI on
the stack is forbidden)       7       0.00 %



I looked at these.  One of these was real and got fixed by 
https://bugzilla.mozilla.org/show_bug.cgi?id=1235411


The next six signatures look like a tour of busted vtables or something:



https://crash-stats.mozilla.com/report/index/5edf0db2-44d4-4a00-94b2-89b752160527 
-- shows _moz_cairo_surface_destroy calling 
XPCJSRuntime::InterruptCallback(JSContext*) which then calls 
nsContentUtils::IsCallerChrome().  The latter call makes sense, but the 
former does not.




https://crash-stats.mozilla.com/report/index/95363c0a-bdab-4810-b4be-a07552160526 
-- shows XPCJSRuntime::PrepareForForgetSkippable() calling 
"BRFrame::`scalar deleting destructor'(unsigned int)" calling 
nsGlobalWindow::UnmarkGrayTimers() calling nsXPCComponents_ID::Call 
which does in fact end up touching the subject principal.  But the other 
calls in that stack are bunk.  :(




https://crash-stats.mozilla.com/report/index/a7b5408d-1087-4fe6-914e-5320f2160527 
-- shows mozilla::ipc::MessageChannel::DispatchAsyncMessage calling 
mozilla::dom::SubtleCrypto::Verify calling "@0x10db" calling 
nsContentUtils::SubjectPrincipal.  Still nonsense.  :(




https://crash-stats.mozilla.com/report/index/e981363d-5bd5-4a09-b121-1263c2160527 
-- Shows nsCOMPtr_base::~nsCOMPtr_base calling 
mozilla::dom::StructuredCloneHolder::CustomReadHandler, which is pretty 
darned unlikely, I think.  Apart from that, this stack actually makes 
sense, but that one spot is really going off the rails.




https://crash-stats.mozilla.com/report/index/089ba17c-d2cf-4cc5-bf02-6134b2160530 
-- shows nsImageFrame::GetLogicalSkipSides calling 
nsGenericHTMLElement::Click on this line:


    if (nullptr != GetNextInFlow()) {



https://crash-stats.mozilla.com/report/index/95391d22-6236-4397-b694-61c102160527 
-- shows nsIContent::PreHandleEvent calling nsGenericHTMLElement::Click 
on this line:


  nsTArray<nsIContent*>* destPoints = GetExistingDestInsertionPoints();


Finally, 
https://crash-stats.mozilla.com/report/index/8c472aa1-7eff-409a-b9b0-4abaa2160527 
and 
https://crash-stats.mozilla.com/report/index/8c472aa1-7eff-409a-b9b0-4abaa2160527 
-- the stack is totally sensible, but it should have an AutoJSAPI on the 
stack!  It's coming through nsFrameMessageManager::ReceiveMessage which 
totally uses one (via AutoEntryScript) to get its JSContext.  No idea 
what's going on there.


-Boris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform























					Reply via email to