Closed
Bug 584437
Opened 14 years ago
Closed 14 years ago
TOP Crash [@ js::MonitorLoopEdge(JSContext*, unsigned int&, js::RecordReason)]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | beta3+ |
People
(Reporter: Myzar74, Assigned: sayrer)
References
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(1 file)
1.77 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (Windows; Windows NT 6.1; WOW64; rv:2.0b3pre) Gecko/20100804 Mozilla.Firefox.4.0b3pre Firefox/3.6.7 Build Identifier: 20100804040859 With today nightly i get an instant crash trying to visit those sites: http://fudzilla.com/ http://www.dazebao.org/ http://www.fcmatera.it/ http://partedmagic.com/ http://www.theclevelandfan.com/boards/viewforum.php?f=3 http://www.ogelektra.ee/ crash reports http://crash-stats.mozilla.com/report/index/bp-269ec26d-f67e-4e87-b788-f06db2100804 http://crash-stats.mozilla.com/report/index/bp-ea1611b1-78f6-4944-ae0e-19dc52100804 Reproducible: Always Steps to Reproduce: 1. Open a site in details 2. 3. Actual Results: Instant Crash Expected Results: Not crashing :)
Keywords: crash
Summary: TOP Crash js::MonitorLoopEdge(JSContext*, unsigned int&, js::RecordReason) → TOP Crash [@ js::MonitorLoopEdge(JSContext*, unsigned int&, js::RecordReason)]
Signature js::MonitorLoopEdge(JSContext*, unsigned int&, js::RecordReason) UUID 269ec26d-f67e-4e87-b788-f06db2100804 Time 2010-08-04 10:53:31.901861 Uptime 10957 Last Crash 10961 seconds (3.0 hours) before submission Install Age 16996 seconds (4.7 hours) since version was first installed. Product Firefox Version 4.0b3pre Build ID 20100804040859 Branch 2.0 OS Windows NT OS Version 6.1.7601 Service Pack 1, v.178 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 11 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x4 Frame Module Signature [Expand] Source 0 @0x286ef7a 1 mozjs.dll js::MonitorLoopEdge js/src/jstracer.cpp:7252 2 mozjs.dll js::Interpret js/src/jsinterp.cpp:2907 3 mozjs.dll js::Execute js/src/jsinterp.cpp:907 4 mozjs.dll JS_EvaluateUCScriptForPrincipals js/src/jsapi.cpp:4761 5 xul.dll nsJSContext::EvaluateString dom/base/nsJSEnvironment.cpp:1811 6 xul.dll nsScriptLoader::EvaluateScript content/base/src/nsScriptLoader.cpp:764 7 xul.dll nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:674 8 xul.dll nsScriptLoader::ProcessPendingRequests
OS: Windows 7 → Windows XP
Comment 2•14 years ago
|
||
I'm not sure if the "topcrash" is appropriate just yet, and I haven't tested this myself, but the reason Myzar (who filed this bug) added that is because a bunch of MozillaZine users were able to reproduce ( http://forums.mozillazine.org/viewtopic.php?p=9712367#p9712367 ) Possibly related to (or dupe of) bug 561813 or bug 584158, but those are security sensitive so it's hard to know.
Comment 3•14 years ago
|
||
There is a list of many sites that crash on the forum. I hope this gets fixed before B3 spins out because that was started right after the TM merge landed.
Assignee | ||
Updated•14 years ago
|
blocking2.0: --- → beta3+
Comment 5•14 years ago
|
||
Blocking beta 3, stopping current builds until we get a fix. When we have the fix, it should land both on mozilla-central default and on GECKO20b3_20100804_RELBRANCH
Updated•14 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 6•14 years ago
|
||
No crash on a 08-03-nightly
Comment 7•14 years ago
|
||
(In reply to comment #3) > There is a list of many sites that crash on the forum. I hope this gets fixed > before B3 spins out because that was started right after the TM merge landed. ur B3 was tagged already :-/
(In reply to comment #7) > (In reply to comment #3) > > There is a list of many sites that crash on the forum. I hope this gets fixed > > before B3 spins out because that was started right after the TM merge landed. > > ur B3 was tagged already :-/ The builds were stopped until this can be dealt with.
Comment 9•14 years ago
|
||
(In reply to comment #6) > No crash on a 08-03-nightly Regression range: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=79aa28daf1f4&tochange=c761f8e85b8c build prior to the TM merge is OK, so appears one of the patches in merge is tickling bug https://bugzilla.mozilla.org/show_bug.cgi?id=561813
Assignee | ||
Comment 10•14 years ago
|
||
mootools.js
Comment 11•14 years ago
|
||
see also bug 579551 comment 8 and 10.
Comment 12•14 years ago
|
||
FWIW, on Tracemonkey-Branch using http://fudzilla.com/ Example I found this Regression Range: http://hg.mozilla.org/tracemonkey/pushloghtml?fromchange=b8d51faf7ee5&tochange=898ab54a0ce9 (08-02/03 Nightlies)
Comment 13•14 years ago
|
||
It looks like this has to do with the property cache. We record JSOP_LENGTH (where the objects is a function) and the property cache tells to hard-code slot 3 (which is dslots[0]), even though obj->dslots == NULL (at record-time and on trace). Any prop-cache-affecting changes pulled in by the last merge?
Assignee | ||
Updated•14 years ago
|
Assignee: general → sayrer
Assignee | ||
Comment 14•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/f7478476c9a5
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 15•14 years ago
|
||
Shouldn't this be checked-in to GECKO20b3_20100804_RELBRANCH per Comment 5 before marking as FIXED? I didn't see anything for this in the branch changelog.
No, we mark things fixed when they're fixed on trunk.
Comment 17•14 years ago
|
||
(In reply to comment #15) > Shouldn't this be checked-in to GECKO20b3_20100804_RELBRANCH per Comment 5 > before marking as FIXED? I didn't see anything for this in the branch > changelog. sayrer just landed it on the relbranch. http://hg.mozilla.org/mozilla-central/rev/69f2d0457750
Comment 18•14 years ago
|
||
Luke and I think that bug 584565 is the root cause of this crash. The test case in that bug crashes near NULL even after the backout that we've landed, but not every site on the web that uses mootools.
Comment 19•14 years ago
|
||
Crashed at once when i tryed to go into that site : http://www.ogelektra.ee/ Report: http://crash-stats.mozilla.com/report/index/fe2c5a9b-e33d-4f48-8d9e-d8ed72100804
Comment 20•14 years ago
|
||
sorry, forgot to put my minefield data Mozilla/5.0 (Windows; Windows NT 5.1; rv:2.0b3pre) Gecko/20100804 Minefield/4.0b3pre using windows xp sp3
(In reply to comment #19) > Crashed at once when i tryed to go into that site : http://www.ogelektra.ee/ > > Report: > http://crash-stats.mozilla.com/report/index/fe2c5a9b-e33d-4f48-8d9e-d8ed72100804 That's because you're on a build from before the backout.
Comment 22•14 years ago
|
||
i m using latest nigtly build i havent noticed this kinda bug in last one, after updating to the latest it popped in :)
Yes, and this will be fixed in the next nightly build. Please take any issues you see tomorrow to separate bugs.
Updated•13 years ago
|
Crash Signature: [@ js::MonitorLoopEdge(JSContext*, unsigned int&, js::RecordReason)]
You need to log in
before you can comment on or make changes to this bug.
Description
•