It first showed up in 20.0a1/20121214 and is #1 top crasher in this build. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=edd45de440ba&tochange=b11065872128 It's likely a regression from bug 782818. One comment says it happens when previewing print. Signature js::CompartmentChecker::fail(JSCompartment*, JSCompartment*) More Reports Search UUID a862a6de-4ba8-475f-ab60-011742121214 Date Processed 2012-12-14 16:27:59 Uptime 2531 Last Crash 2.3 weeks before submission Install Age 42.2 minutes since version was first installed. Install Time 2012-12-14 15:45:38 Product Firefox Version 20.0a1 Build ID 20121214030827 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 45 stepping 6 Crash Reason EXCEPTION_BREAKPOINT Crash Address 0x697c493c App Notes AdapterVendorID: 0x10de, AdapterDeviceID: 0x1180, AdapterSubsysID: 26823842, AdapterDriverVersion: 9.18.13.1070 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ EMCheckCompatibility True Adapter Vendor ID 0x10de Adapter Device ID 0x1180 Total Virtual Memory 4294836224 Available Virtual Memory 3091460096 System Memory Use Percentage 22 Available Page File 29547761664 Available Physical Memory 13258416128 Frame Module Signature Source 0 mozjs.dll js::CompartmentChecker::fail js/src/jscntxtinlines.h:204 1 mozjs.dll JS_GetGlobalForObject js/src/jsapi.cpp:2233 2 xul.dll mozilla::dom::URLBinding::revokeObjectURL obj-firefox/dom/bindings/URLBinding.cpp:268 3 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:389 4 mozjs.dll js::Interpret js/src/jsinterp.cpp:2348 5 mozjs.dll js::RunScript js/src/jsinterp.cpp:338 6 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:404 7 mozjs.dll js::Invoke js/src/jsinterp.cpp:437 8 mozjs.dll js::CrossCompartmentWrapper::call js/src/jswrapper.cpp:633 9 xul.dll XPCConvert::NativeInterface2JSObject js/xpconnect/src/XPCConvert.cpp:1002 10 xul.dll XPCCallContext::`scalar deleting destructor' 11 mozjs.dll js::Invoke js/src/jsinterp.cpp:437 12 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5792 13 xul.dll mozilla::dom::EventHandlerNonNull::Call obj-firefox/dom/bindings/EventHandlerBinding.cpp:46 14 xul.dll mozilla::dom::EventHandlerNonNull::Call<nsISupports*> obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:59 15 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:249 16 xul.dll nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:994 ... More reports at; https://crash-stats.mozilla.com/report/list?signature=js%3A%3ACompartmentChecker%3A%3Afail%28JSCompartment*%2C+JSCompartment*%29

Can we skiplist js::CompartmentChecker::* and assertSameCompartment? bug 782818 was basically just turning on extra assertions for release builds. The more interesting part is _where_ the compartment check fails, which should show up in the stacks as caller of those functions. This particular stack looks interesting for bz.

I kind of like having all compartment mismatches show up in one bin. They're usually really easy to fix when we have a stack, so hopefully we can get them down to zero and then just watch this signature for any new ones.

(In reply to Bill McCloskey (:billm) from comment #2) > I kind of like having all compartment mismatches show up in one bin. They're > usually really easy to fix when we have a stack, so hopefully we can get > them down to zero and then just watch this signature for any new ones. Fair enough.

Tracking the fix in bug 821760, leaving this open per Bill's request so people can find it while searching for dups.

I've looked at every one of these crashes that have been reported so far, and bug 821760 should account for almost all of them, so once the patch for that is landed, this shouldn't be a top crash any more.

The signatures from bug 821760 have gone away. Unfortunately, the signatures from bug 821842 appear to be fairly common. There are about 15 on the 12-16 build.

Tracking this since it's a topcrasher.

I've been categorizing and filing bugs for these crashes, so I'll just assign myself.

These crashes are intentional, and will only happen on Nightly and maybe Aurora. Though without them, they may turn into other crashes. Basically, the goal here is to turn random weird crashes into things we can identify and fix.

(In reply to Andrew McCreight [:mccr8] from comment #9) > These crashes are intentional, and will only happen on Nightly and maybe > Aurora. Though without them, they may turn into other crashes. Basically, > the goal here is to turn random weird crashes into things we can identify > and fix. Ah, good. I hope this instrumentation works out in showing us the real problems, then. :)

Crashes have almost completely stopped since 21.0a1/20130111: https://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A20.0a1&version=Firefox%3A21.0a1&query_search=signature&query_type=contains&reason_type=contains&range_value=4&range_unit=weeks&do_query=1&signature=js%3A%3ACompartmentChecker%3A%3Afail%28JSCompartment*%2C%20JSCompartment*%29 The working range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0a6e5a67c4e8&tochange=8592c41069c2 It seems the fix of bug 817342 is the one that has drastically improved the situation. Can you uplift it to Aurora and maybe Beta (if they were other crashes previously)?

Yes, that's the plan, after some more testing is done.

I can reproduce the crash. Steps to reproduce: 0. Start Aurora20.0a2 with Newly created profile 1. Install https://addons.mozilla.org/en-US/firefox/addon/custom-buttons/ 2. Restart 3. Print Preview Actual results: Crash bp-cfc29fb6-5094-4cb2-b32b-5cfb82130118

That's fixed by the patch in bug 817342, which will land in Aurora when there's been enough testing, and when Aurora is open again for patch landing.

It's only #41 top browser crasher in 20.0a2 and #68 in 21.0a1 over the last three days, because of the various fixes in dependent bugs, so no longer a top crasher.

Yes, there's no reason to track this anyhow as it's a meta bug, so I'm just unsetting this. Even the status flag doesn't make sense, as this is Nightly/Aurora-only tooling, so it won't live the whole train.

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #17) > this is Nightly/Aurora-only tooling, so it won't live the whole train. It's no longer true.

(In reply to Scoobidiver from comment #18) > (In reply to Robert Kaiser (:kairo@mozilla.com) from comment #17) > > this is Nightly/Aurora-only tooling, so it won't live the whole train. > It's no longer true. From all I understand, if this signature leaks into beta or release, that's a bug.

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #19) > From all I understand, if this signature leaks into beta or release, that's > a bug. That's correct. It might be worth tracking just to check that it doesn't happen at all in beta. I'll also check if I remember a few weeks after 20 gets into beta.

Got repeatable crash by visiting this page on the latest Nightly : http://qt-project.org/downloads

Can you please link to the crash report that shows up in about:crashes? Thanks.

I also got a crash on that page, but with the signature JSRope::flatten https://crash-stats.mozilla.com/report/index/bp-8eb0023b-c561-4bba-8414-f276c2130421

(In reply to mayankleoboy1 from comment #21) > http://qt-project.org/downloads Look like this crash is already filed as bug 864037. Thanks for the report!

(In reply to Jan Honza Odvarko from comment #28) > https://crash-stats.mozilla.com/report/index/01dbc791-168c-4d54-8e74- > ea1fb2130723 It's bug 896900.

(In reply to Jan Honza Odvarko from comment #28) > Here is another STR I found yesterday: This is a tracking bug for a large class of issues. Please file new bugs blocking this one.

I don't see any of these crashes on Nightly or Aurora which is a little concerning. I wonder if they got disabled somehow.

This bug has been tagged for regression and or closure. https://addons.mozilla.org/en-US/firefox/addon/custom-buttons/ [Print Preview] http://www.qt.io/download/ Version 46.0.1 - Good Build ID 20160502172042 Version 48.0a2 - Good Build ID 20160513004028 Version 49.0a1 - Oops Build ID 20160513030539 User Agent Mozilla/5.0 (Windows NT 5.1; rv:49.0) Gecko/20100101 Firefox/49.0 Produces: only when applying Print Preview while on about:addons [Exception... "Component returned failure code: 0x8000ffff (NS_ERROR_UNEXPECTED) [nsIWebBrowserPrint.printPreview]" nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: chrome://global/content/browser-content.js :: enterPrintPreview :: line 485" data: no] However no crash as reported earlier. Bug 1154921 is denied for me. Please let me know if can close, or if there are additional steps QA can assist with.

Thanks. This is just a meta bug. It doesn't really need the regression tag, so I'll remove that. There's nothing for QA to do here.