605998 - Crash [@ js::RegExp::executeInternal(JSContext*, js::RegExpStatics*, JSString*, unsigned int*, bool, js::Value*) ]

Status: RESOLVED DUPLICATE of bug 653672

(Core :: JavaScript Engine, defect)

Description

[Marcia Knous [:marcia]]

Seen while running Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101020 Firefox/4.0b8pre. http://tinyurl.com/257lwk2 to the crashes which are all Windows.

https://crash-stats.mozilla.com/report/index/bp-122b6f84-c299-4c57-96a7-360942101020

Frame 	Module 	Signature 	Source
0 		@0x12a1d25e 	
1 	mozjs.dll 	js::RegExp::executeInternal 	js/src/jsregexpinlines.h:311
2 	mozjs.dll 	regexp_exec_sub 	js/src/jsregexp.cpp:819
3 	mozjs.dll 	js_regexp_test 	js/src/jsregexp.cpp:842
4 		@0x1311ff52 	
5 	mozjs.dll 	js::ExecuteTree 	js/src/jstracer.cpp:6708
6 	mozjs.dll 	js::MonitorLoopEdge 	js/src/jstracer.cpp:7202
7 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2829
8 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:638
9 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:747
10 	mozjs.dll 	js::ExternalInvoke 	js/src/jsinterp.cpp:871
11 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:4961
12 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/src/xpconnect/src/xpcwrappedjsclass.cpp:1694
13 	xul.dll 	nsXPCWrappedJS::CallMethod 	js/src/xpconnect/src/xpcwrappedjs.cpp:571
14 	xul.dll 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114
15 	xul.dll 	SharedStub 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141
16 	xul.dll 	nsDOMWorkerMessageHandler::DispatchEvent 	dom/src/threads/nsDOMWorkerMessageHandler.cpp:329

http://bits.blogs.nytimes.com/ is the site I crashed on.

Extensions:

Add-on Compatibility Reporter0.6truecompatibility@addons.mozilla.org
Xmarks3.9.2truefoxmarks@kei.com
HTTPS-Everywhere0.2.2truehttps-everywhere@eff.org
Alexa Toolbar1.54falsetoolbar@alexa.com
RealPlayer Browser Record Plugin1.1.5true{ABDE892B-13A8-4d1b-88E6-365A6E755758}
Firebug1.5.4truefirebug@software.joehewitt.com
Web Developer1.1.8true{c45c406e-ab73-11d8-be73-000a95be3b12}Ghostery2.4truefirefox@ghostery.com
Crash Report Helper1.2false{078fac48-925f-4524-7cfe-85d44b8f4f98}
Adblock Plus1.2.2true{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
NoScript2.0.3.5true{73a6fe31-595d-460b-a920-fcc0f8843232}

Comment 1

[Chris Leary [:cdleary] (not checking bugmail)]

Hrm, not enough to go on from the backtraces, and I can't get this to repro though I've added most of those add-ons -- is there any way to repro from a clean profile?

Comment 2

[Marcia Knous [:marcia]]

Chris: Will try again to repro. After I installed something else and restarted, I crashed again. So I have the browser in a state where it is crashing in this stack, but I haven't yet been able to narrow down what the cause may be.

Comment 3

[chris hofmann]

looks like this have been low volume on the trunk (0-4 crashes per day) since it might have first appeared starting on 20100918 with 1 crash on 4.0b7pre2010091804 

In the last week its been showing up more consistently.

Comment 4

[Marcia Knous [:marcia]]

An interesting data point is the majority of other crash reports crashed with no extensions installed. I think I was the only one running with extensions.

Comment 6

[David Mandelin [:dmandelin]]

(In reply to comment #1)
> Hrm, not enough to go on from the backtraces, and I can't get this to repro
> though I've added most of those add-ons -- is there any way to repro from a
> clean profile?

This is another one where we want to be able to see the jitcode in the minidumps. I haven't looked at this dump, so maybe it is in fact there, but we're generally not seeing it in JM jitcode crash dumps. I'll check when I get time.

Comment 7

[Aki Helin]

Attachment: testcase

Comment 8

[(mostly gone) XtC4UaLL [:xtc4uall]]

(In reply to comment #7)
> Created attachment 529056 [details]
> testcase

bp-b2cd216b-3a17-48da-b5cd-347052110429 for Build http://hg.mozilla.org/mozilla-central/rev/88d3c5bde0ba

bp-64c95cb9-76b7-4dc3-ba82-3ee2f2110429 for Build http://hg.mozilla.org/tracemonkey/rev/3dd6ec45084c