Closed
Bug 1135286
Opened 10 years ago
Closed 8 years ago
crash in js::types::TypeSet::addType(js::types::Type, js::LifoAlloc*)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
People
(Reporter: MatsPalmgren_bugz, Unassigned)
References
()
Details
(5 keywords)
Crash Data
This bug was filed from the Socorro interface and is
report bp-eaf7ce9f-1ccc-400f-ad99-51be02150214.
=============================================================
Currently at #41 in the "Top Crashers for Firefox 35.0.1" list,
with 1776 crashes in the past week in that channel (I suspect the
real number is higher). Almost all crashes are on OSX.
(It's #3 when restricting the search to crashes on OSX.)
Many user comments mentions Pinterest:
https://crash-stats.mozilla.com/report/list?product=Firefox&range_unit=days&range_value=28&signature=js%3A%3Atypes%3A%3ATypeSet%3A%3AaddType%28js%3A%3Atypes%3A%3AType%2C+js%3A%3ALifoAlloc*%29#tab-comments
It might be possible to find Steps To Reproduce the crash
by using Pinterest with an OSX build.
Stack:
@0x14c95bcc0
js::types::TypeSet::addType(js::types::Type, js::LifoAlloc*)
@0xfffc00013b75d60f
EnterBaseline
js::jit::EnterBaselineMethod(JSContext*, js::RunState&)
Interpret
js::RunScript(JSContext*, js::RunState&)
js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)
js_fun_apply(JSContext*, unsigned int, JS::Value*)
js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)
Interpret
js::RunScript(JSContext*, js::RunState&)
js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)
js::CallOrConstructBoundFunction(JSContext*, unsigned int, JS::Value*)
js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)
js_fun_call(JSContext*, unsigned int, JS::Value*)
@0x1007c7a84
...
Reporter | ||
Comment 1•10 years ago
|
||
[Tracking Requested - why for this release]: topcrash
Comment 2•10 years ago
|
||
I don't think that it's worth tracking for 36 as it is about to ship. I have tracked for 37+ but we need to confirm that this is still an issue on these branches. 37 moves to Beta next week so we should get more data on that branch shortly.
ni Naveed to find an owner
status-firefox35:
--- → wontfix
status-firefox36:
--- → wontfix
status-firefox37:
--- → ?
status-firefox38:
--- → ?
Flags: needinfo?(nihsanullah)
Comment 3•10 years ago
|
||
Jan can you find someone to take a look? I suspect alloc is null or corrupted so the insertion is crashing. It's not much of a stack. We probably need an owner with OSX who can repro this.
Flags: needinfo?(nihsanullah) → needinfo?(jdemooij)
Comment 4•10 years ago
|
||
I fixed a crash on Pinterest a few weeks ago, the fix for that is in Firefox 36. It was responsible for one of our topcrashes in Firefox 35 and this could very well be the same issue.
I don't see this as a topcrash for 36, can you confirm?
Flags: needinfo?(jdemooij)
Comment 5•10 years ago
|
||
Although the crash signature has not dropped to zero, there is only a trickle of crash reports in every release since 35.0.1. Specifically, 37 Beta has only seen 3 crashes, all on Beta 3.
Comment 6•10 years ago
|
||
As the crash rate is not actually zero, I'll let Jan make the call about whether to close the bug. However, at the current volume, I don't think we need to track this for 37 or 38.
Updated•9 years ago
|
Crash Signature: [@ js::types::TypeSet::addType(js::types::Type, js::LifoAlloc*)] → [@ js::types::TypeSet::addType(js::types::Type, js::LifoAlloc*)]
[@ js::types::TypeSet::addType]
Comment 7•8 years ago
|
||
(In reply to Lawrence Mandel [:lmandel] (use needinfo) from comment #6)
> As the crash rate is not actually zero, I'll let Jan make the call about
> whether to close the bug. However, at the current volume, I don't think we
> need to track this for 37 or 38.
Way less than a trickle, there is only one version 37 crash in the past two months, and none for newer versions.
FWIW, almost no crash comments match pinterest for any crash sigs https://crash-stats.mozilla.com/search/?user_comments=~pinterest&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•