Open Bug 1630257 Opened 5 years ago Updated 3 years ago

Crash in [@ js::SCOutput::writeArray<T>]

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox77 --- affected
firefox78 --- affected

People

(Reporter: sg, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

This bug is for crash report bp-90aed8e5-f2f9-4df6-96a3-1e9620200415.

Top 10 frames of crashing thread:

0 xul.dll js::SCOutput::writeArray<unsigned short> js/src/vm/StructuredClone.cpp:883
1 xul.dll WriteStructuredClone js/src/vm/StructuredClone.cpp:672
2 xul.dll JS_WriteStructuredClone js/src/vm/StructuredClone.cpp:3162
3 xul.dll JSAutoStructuredCloneBuffer::write js/src/vm/StructuredClone.cpp:3282
4 xul.dll mozilla::dom::IDBObjectStore::GetAddInfo dom/indexedDB/IDBObjectStore.cpp:744
5 xul.dll mozilla::dom::IDBObjectStore::AddOrPut dom/indexedDB/IDBObjectStore.cpp:780
6 xul.dll mozilla::dom::IDBObjectStore::Put dom/indexedDB/IDBObjectStore.cpp:1038
7 xul.dll mozilla::dom::IDBObjectStore_Binding::put dom/bindings/IDBObjectStoreBinding.cpp:410
8 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3205
9 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:582

There have been several reports on Nightly, starting with build id 20200322212426. So far on Windows only.

There's a single report with this signature from beta (https://crash-stats.mozilla.org/report/index/d57021b2-c1a9-432a-b9a0-b5daa0200411), but the stack trace looks different there.

Steve, this bugs might be actionable, looking at the crashing addresses it seems that we get a pointer which is aligned on the top of a page, or a null pointer.

Flags: needinfo?(sphink)

Note that all the crashes affecting nightly and having addresses ending with 0x000 seem to be coming from the same machine (the CPU information is the same). There's also a lot of orphaned crashes which seem like duplicates of the complete submissions, that's quite suspicious.

Severity: -- → S4
status-firefox78: --- → affected
Priority: -- → P3

Nothing jumps out at me, and there's only one recent report (at this point, the original one is gone): https://crash-stats.mozilla.org/report/index/c76c8fde-d6b9-4661-9663-ebe010210620

But that's a shutdown hang, which I'm not sure what to make of.

Flags: needinfo?(sphink)
Keywords: stalled

Looking over a 6 month period shows 77 crashes where the majority ends with 0x000.
On the other hand, the majority of the crashes is also on esr + Windows-NT, despite noticing a few on Release + MacOS.

If you do not think this is actionable, feel free to mark it as Incomplete.

Clearly I'm using this thing wrong.

Ok, I see it now, I was looking at the wrong signature (an overly restrictive one). I'll figure out how to look at minidumps again so I can read the disassembly.

Keywords: stalled
You need to log in before you can comment on or make changes to this bug.