It's a startup crash that first appeared in 12.0a1/20120125 with a bunch of other crash signatures that contain mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=cfaee7b043f7&tochange=005488525c43 It might be a regression from bug 622232. Signature mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsIDNServiceConstructor More Reports Search UUID e250b6df-cb36-455b-aca5-70ab22120204 Date Processed 2012-02-04 18:50:28 Uptime 0 Last Crash 1 seconds before submission Install Age 14 seconds since version was first installed. Install Time 2012-02-04 18:50:10 Product Firefox Version 13.0a1 Build ID 20120201031146 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 42 stepping 7 Crash Reason EXCEPTION_BREAKPOINT Crash Address 0x6ecb195f Processor Notes WARNING: JSON file missing Add-ons EMCheckCompatibility False Frame Module Signature [Expand] Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:79 1 mozalloc.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:60 2 mozalloc.dll moz_xrealloc 3 xul.dll nsIDNServiceConstructor netwerk/build/nsNetModule.cpp:352 4 xul.dll mozilla::GenericFactory::CreateInstance obj-firefox/xpcom/build/GenericFactory.cpp:48 5 xul.dll nsComponentManagerImpl::CreateInstanceByContractID xpcom/components/nsComponentManager.cpp:1064 6 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:1466 7 xul.dll nsCOMPtr_base::assign_from_gs_contractid obj-firefox/xpcom/build/nsCOMPtr.cpp:132 8 xul.dll nsDNSService::Init netwerk/dns/nsDNSService2.cpp:455 9 xul.dll nsDNSServiceConstructor netwerk/build/nsNetModule.cpp:85 10 xul.dll mozilla::GenericFactory::CreateInstance obj-firefox/xpcom/build/GenericFactory.cpp:48 11 xul.dll nsComponentManagerImpl::CreateInstanceByContractID xpcom/components/nsComponentManager.cpp:1064 12 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:1466 13 xul.dll CallGetService obj-firefox/xpcom/build/nsComponentManagerUtils.cpp:94 14 xul.dll nsCOMPtr_base::assign_from_gs_contractid_with_error obj-firefox/xpcom/build/nsCOMPtr.cpp:141 15 xul.dll nsIOService::Init netwerk/base/src/nsIOService.cpp:202 16 xul.dll nsIOService::GetInstance netwerk/base/src/nsIOService.cpp:334 17 xul.dll nsIOServiceConstructor netwerk/build/nsNetModule.cpp:82 18 xul.dll mozilla::GenericFactory::CreateInstance obj-firefox/xpcom/build/GenericFactory.cpp:48 19 xul.dll nsComponentManagerImpl::CreateInstanceByContractID xpcom/components/nsComponentManager.cpp:1064 20 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:1466 21 xul.dll nsCOMPtr_base::assign_from_gs_contractid obj-firefox/xpcom/build/nsCOMPtr.cpp:132 22 xul.dll nsCOMPtr<nsIIOService>::nsCOMPtr<nsIIOService> obj-firefox/dist/include/nsCOMPtr.h:615 23 xul.dll NS_NewURI 24 xul.dll nsAppShellService::CreateHiddenWindow xpfe/appshell/src/nsAppShellService.cpp:132 25 xul.dll nsAppStartup::CreateHiddenWindow toolkit/components/startup/nsAppStartup.cpp:189 26 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3462 27 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:107 28 firefox.exe firefox.exe@0x4033 29 firefox.exe __tmainCRTStartup crtexe.c:594 30 firefox.exe _SEH_epilog4 31 kernel32.dll BaseThreadInitThunk 32 ntdll.dll __RtlUserThreadStart 33 ntdll.dll RtlFindClearRuns 34 kernel32.dll LoadStringByReference 35 kernel32.dll LoadStringByReference More reports at: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char%20const*%20const%29%20|%20mozalloc_handle_oom%28unsigned%20int%29%20|%20moz_xrealloc%20|%20nsIDNServiceConstructor

It's #13 top crasher in 12.0a2.

This only appears in 12, not on the trunk. Nobody has looked at it and it's high enough that I think it probably should be looked at. Tracking for 12.

Sheila, sorry I was looking into this on Tue but didn't have much to add yet. Let me collate what I found so far and update here later.

I discussed this with bsmedberg and jfkthame outside the bug and it seems very likely that the stack trace is corrupted a little due to compiler optimization: most likely moz_xmalloc is being called instead of moz_xrealloc, since it's a new object being created. That being said, it doesn't help with the diagnosis of the problem. I don't think it's the suggested patch causing the problem, since that patch was backed out after landing due to build bustage. In any case, that patch shouldn't come into effect until the first page has completed loading, so it's also unlikely (albeit not impossible) that it could have caused it had it not been backed out. Bsmedberg and jfkthame have suggested that it may be something that has corrupted the heap, writing the past of the end of allocated memory. It's also possible that there's a bug in jemalloc, but I don't know enough about it to say more than that. Since there's nothing obvious in the code as is, and the suggested patch was backed out, and nothing else looks obvious from the range of commits (from their descriptions at least), reproducing the issue and getting some debug data is next. However, there's no obvious way to reproduce it; nothing to help in the comments, and nothing to help in the particular stack trace (not that I can see anyway). I've tried just running Aurora from 2/25 (since a lot of crashes were seen with that build), but no crash in my VM. Going to build on Windows and test using valgrind - a stab in the dark, but worth trying in the meantime.

Removing tracking flag for FF12 due to duplicate status. Will make the other bug tracking.