Closed Bug 1218322 Opened 10 years ago Closed 10 years ago

Crash in js::ConstraintTypeSet::sweep(JS::Zone*, js::AutoClearTypeInferenceStateOnOOM&)

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Version:
41 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1191465

People

(Reporter: letharion, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36 Steps to reproduce: Unfortunately this keeps happening "all the time", so I don't have specific reproduction instructions. I have tried to see some pattern among the crashes, and the only one I've found so far is that image-heavy sites tend to be more likely to crash. Actual results: Program received signal SIGSEGV, Segmentation fault. Expected results: No segmentation fault would be nice. :)
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff7fb3780 (LWP 15092)] 0x0000000000000000 in ?? () (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00007ffff4f8f710 in js::ConstraintTypeSet::sweep(JS::Zone*, js::AutoClearTypeInferenceStateOnOOM&) () from /usr/lib64/firefox/libxul.so #2 0x00007ffff4f6dd25 in JSScript::maybeSweepTypes(js::AutoClearTypeInferenceStateOnOOM*) () from /usr/lib64/firefox/libxul.so #3 0x00007ffff53113b3 in js::gc::GCRuntime::sweepPhase(js::SliceBudget&) () from /usr/lib64/firefox/libxul.so #4 0x00007ffff5311b6d in js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason) () from /usr/lib64/firefox/libxul.so #5 0x00007ffff5312855 in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason) () from /usr/lib64/firefox/libxul.so #6 0x00007ffff5312b4d in js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason) () from /usr/lib64/firefox/libxul.so #7 0x00007ffff53140e4 in JS::NotifyDidPaint(JSRuntime*) () from /usr/lib64/firefox/libxul.so #8 0x00007ffff2f5e1a3 in nsXPConnect::NotifyDidPaint() () from /usr/lib64/firefox/libxul.so #9 0x00007ffff437969f in nsRefreshDriver::Tick(long, mozilla::TimeStamp) () from /usr/lib64/firefox/libxul.so #10 0x00007ffff437bb42 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) () from /usr/lib64/firefox/libxul.so #11 0x00007ffff437bcc2 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) () from /usr/lib64/firefox/libxul.so #12 0x00007ffff437a1a9 in nsRunnableMethodImpl<void (mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp), true, mozilla::TimeStamp>::Run() () from /usr/lib64/firefox/libxul.so #13 0x00007ffff28a7882 in nsThread::ProcessNextEvent(bool, bool*) () from /usr/lib64/firefox/libxul.so #14 0x00007ffff28cfa5b in NS_ProcessNextEvent(nsIThread*, bool) () from /usr/lib64/firefox/libxul.so #15 0x00007ffff2b5264e in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) () from /usr/lib64/firefox/libxul.so #16 0x00007ffff2b24646 in MessageLoop::Run() () from /usr/lib64/firefox/libxul.so #17 0x00007ffff41de9be in nsBaseAppShell::Run() () from /usr/lib64/firefox/libxul.so #18 0x00007ffff4991bdf in nsAppStartup::Run() () from /usr/lib64/firefox/libxul.so #19 0x00007ffff49ddef9 in XREMain::XRE_mainRun() () from /usr/lib64/firefox/libxul.so #20 0x00007ffff49de211 in XREMain::XRE_main(int, char**, nsXREAppData const*) () from /usr/lib64/firefox/libxul.so #21 0x00007ffff49de457 in XRE_main () from /usr/lib64/firefox/libxul.so #22 0x000055555555bcfd in do_main(int, char**, nsIFile*) () #23 0x000055555555b347 in main () $ firefox --version Mozilla Firefox 41.0.2
"Self-built" with -ggdb using Gentoo's package manager.
Looks somewhat similar to https://bugzilla.mozilla.org/show_bug.cgi?id=1112741 in that they end in js::ConstraintTypeSet::sweep, but the bt to there looks different, so I'm filing a new bug.
Don't know if it's relevant, but one of the last things I get as output in the CLI where FF is running is: [NPAPI 15269] ###!!! ABORT: Aborting on channel error.: file /var/tmp/portage/www-client/firefox-41.0.2/work/mozilla-release/ipc/glue/MessageChannel.cpp, line 1768
Got another crash of what might be the same error: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4f8f65b in js::ConstraintTypeSet::sweep(JS::Zone*, js::AutoClearTypeInferenceStateOnOOM&) () from /usr/lib64/firefox/libxul.so (gdb) bt #0 0x00007ffff4f8f65b in js::ConstraintTypeSet::sweep(JS::Zone*, js::AutoClearTypeInferenceStateOnOOM&) () from /usr/lib64/firefox/libxul.so #1 0x00007ffff4f6dd25 in JSScript::maybeSweepTypes(js::AutoClearTypeInferenceStateOnOOM*) () from /usr/lib64/firefox/libxul.so #2 0x00007ffff53113b3 in js::gc::GCRuntime::sweepPhase(js::SliceBudget&) () from /usr/lib64/firefox/libxul.so #3 0x00007ffff5311b6d in js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason) () from /usr/lib64/firefox/libxul.so #4 0x00007ffff5312855 in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason) () from /usr/lib64/firefox/libxul.so #5 0x00007ffff5312b4d in js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason) () from /usr/lib64/firefox/libxul.so #6 0x00007ffff5314330 in JS::IncrementalGCSlice(JSRuntime*, JS::gcreason::Reason, long) () from /usr/lib64/firefox/libxul.so #7 0x00007ffff343f09c in nsJSContext::GarbageCollectNow(JS::gcreason::Reason, nsJSContext::IsIncremental, nsJSContext::IsShrinking, long) () from /usr/lib64/firefox/libxul.so #8 0x00007ffff28a9198 in nsTimerImpl::Fire() () from /usr/lib64/firefox/libxul.so #9 0x00007ffff28a9525 in nsTimerEvent::Run() () from /usr/lib64/firefox/libxul.so #10 0x00007ffff28a7882 in nsThread::ProcessNextEvent(bool, bool*) () from /usr/lib64/firefox/libxul.so #11 0x00007ffff28cfa5b in NS_ProcessNextEvent(nsIThread*, bool) () from /usr/lib64/firefox/libxul.so #12 0x00007ffff2b5264e in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) () from /usr/lib64/firefox/libxul.so #13 0x00007ffff2b24646 in MessageLoop::Run() () from /usr/lib64/firefox/libxul.so #14 0x00007ffff41de9be in nsBaseAppShell::Run() () from /usr/lib64/firefox/libxul.so #15 0x00007ffff4991bdf in nsAppStartup::Run() () from /usr/lib64/firefox/libxul.so #16 0x00007ffff49ddef9 in XREMain::XRE_mainRun() () from /usr/lib64/firefox/libxul.so #17 0x00007ffff49de211 in XREMain::XRE_main(int, char**, nsXREAppData const*) () from /usr/lib64/firefox/libxul.so #18 0x00007ffff49de457 in XRE_main () from /usr/lib64/firefox/libxul.so #19 0x000055555555bcfd in do_main(int, char**, nsIFile*) () #20 0x000055555555b347 in main ()
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Should be fixed in Firefox 42 See Bug 1191465
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.