Closed
Bug 595912
Opened 14 years ago
Closed 14 years ago
Crash [@ js::Shape::removeFree() ]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
blocking2.0 | --- | betaN+ |
People
(Reporter: scoobidiver, Assigned: brendan)
Details
(Keywords: crash, regression)
Crash Data
Build : Mozilla/5.0 (Windows NT 6.1; rv:2.0b6pre) Gecko/20100912 Firefox/4.0b6pre This is a new crash signature that was introduced by this build. It is #14 top crasher for this build. Signature js::Shape::removeFree() UUID 84d03124-03cb-4da6-ab89-ea8e52100912 Time 2010-09-12 12:16:08.243956 Uptime 11407 Install Age 11490 seconds (3.2 hours) since version was first installed. Product Firefox Version 4.0b6pre Build ID 20100912041924 Branch 2.0 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 11 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x1564b08c User Comments App Notes AdapterVendorID: 1002, AdapterDeviceID: 68b8 Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll js::Shape::removeFree js/src/jsscope.h:429 1 xul.dll js::PropertyTree::sweepShapes 2 xul.dll MarkAndSweep js/src/jsgc.cpp:2914 The regression range is : http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=73ab2c3c5ad9&tochange=cd3c926a7413
Reporter | ||
Updated•14 years ago
|
blocking2.0: --- → ?
Assignee | ||
Comment 1•14 years ago
|
||
Any common URLs? A testcase would help a lot. /be
Comment 2•14 years ago
|
||
Got this crash on close of browser - its intermittent does not crash on every close and so far no idea as to STR. I did have the tbpl page up in active-tab when I closed - but not sure that has anything to do with the crash. http://crash-stats.mozilla.com/report/index/273537c1-ceb4-40bc-af52-87c792100913
Comment 3•14 years ago
|
||
the shutdown thesis seems to be a good one to pursue. urls are all over the map. 1 wyciwyg://0/http://www.kongregate.com/games/Tukkun/anti-idle-the-game 1 jar:file:///C:/Program%20Files/Minefield/omni.jar!/chrome/toolkit/content/mozapps/extensions/extensions.xul 1 https://privat24.privatbank.ua/p24/nrest 1 http://www2.my-firefox.ru/goto/dl/firefox_40b2-ru-win32.html 1 http://www.youhtc.ru/forum/attachment.php?attachmentid=xxxxxxxx 1 http://www.webtretho.com/forum/f113/index7.html 1 http://www.weatheroffice.gc.ca/city/pages/on-143_metric_e.html 1 http://www.reddit.com/r/sports/comments/dcs44/this_is_how_we_score_touchdowns_in_the_cfl/ 1 http://www.netflix.com/WiPlayer?movieid=xxxxxxxxxxxxxxx 1 http://www.ika-core.org/ikariam.php 1 http://www.gomlab.com/ru/GMP_Introduction.html 1 http://twitter.com/Odieuxconnard 1 http://sms.t-zones.cz/open.jsp 1 http://s1.gr.ikariam.com/index.php?view=island&id=xxxxxxxx 1 http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-win32/ 1 http://diendan.zing.vn/volam/forumdisplay.php?f=73 1 http://dantri.com.vn/ 1 http://cygwinports.dotsrc.org/ 1 http://afterthepostrock.com/forum/viewtopic.php?f=23&t=3517 Correlation to startup or time of session 20 total crashes for js::Shape::removeFree on 20100912-crashdata.csv 0 startup crashes inside 30 sec. 4 startup crashes inside 3 min. 1 repeated crashes inside 3 min. of last crash os breakdown js::Shape::removeFreeTotal 20 Win5.1 0.30 Win6.0 0.00 Win6.1 0.70
Assignee | ||
Updated•14 years ago
|
Assignee: general → brendan
Comment 4•14 years ago
|
||
The 1-day mozilla-central regression range includes the JM merge to MC. This might be a manifestation of bug 596103.
Comment 5•14 years ago
|
||
FWIW it crashed when updating from yesterday's nightly to Mozilla/5.0 (Windows NT 6.0; rv:2.0b7pre) Gecko/20100914 Firefox/4.0b7pre ID:20100914041908 here.
Assignee | ||
Updated•14 years ago
|
Whiteboard: DUPEME
Comment 6•14 years ago
|
||
if crash no longer happens on tracemonkey after 2010-09-14 13:52:08 PDT or when http://hg.mozilla.org/tracemonkey/rev/6e5f17315d3d gets merged to trunk, then we could confirm this as dup of bug 596103 sayer, is this in the queue to get merged to moz central?
Assignee | ||
Comment 7•14 years ago
|
||
(In reply to comment #6) > http://hg.mozilla.org/tracemonkey/rev/6e5f17315d3d gets merged to trunk, then > we could confirm this as dup of bug 596103 > > sayer, is this in the queue to get merged to moz central? Bug 596103 is fixed now (on m-c as well as tm). Can this be dup'ed now? /be
Reporter | ||
Comment 8•14 years ago
|
||
This is not a dupe of bug 596103. Crashes happen in b7pre/20100919 builds. More reports at : http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A4.0b7pre&query_search=signature&query_type=exact&query=js%3A%3AShape%3A%3AremoveFree%28%29&date=09%2F19%2F2010%2023%3A51%3A47&range_value=1&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=js%3A%3AShape%3A%3AremoveFree%28%29
Comment 9•14 years ago
|
||
yeah, crashes on 17,18, an 19 after landing of 596103 on 2010-09-16 10:06:23, but the volume is down from the original spike date tl crashes at, count build, count build, ... js::Shape::removeFree 20100910 20100911 20100912 20 ,20 4.0b6pre2010091204 20100913 42 ,22 4.0b6pre2010091204,20 4.0b6pre2010091304 20100914 17 ,4 4.0b6pre2010091204,12 4.0b6pre2010091304,1 4.0b6pre2010091404 20100915 5 ,2 4.0b7pre2010091507,1 4.0b6pre2010091304,2 4.0b6pre2010091404 20100916 9 ,8 4.0b7pre2010091507,1 4.0b6pre2010091404 20100917 5 ,4 4.0b7pre2010091507,1 4.0b6pre2010091704 20100918 3 ,1 4.0b6pre2010091704,2 4.0b6pre2010091804 20100919 10 ,9 4.0b7pre2010091904,1 4.0b7pre2010091507
Comment 10•14 years ago
|
||
strangely volume has bounced back up on sept 20,21,22 on builds from sept20 and 21 date tl crashes at, count build, count build, ... js::Shape::removeFree 20100920 30 ,17 4.0b7pre2010092004, 12 4.0b7pre2010091904, 20100921 42 ,23 4.0b7pre2010092004, 13 4.0b7pre2010092104, 3 4.0b7pre2010091904, 20100922 41 ,18 4.0b7pre2010092204, 18 4.0b7pre2010092104, 4 4.0b7pre2010092004,
Assignee | ||
Comment 11•14 years ago
|
||
Bug 596805 is fixed in tm, and sayrer says he is going to sync m-c and tm soon. Maybe look at stats after that fix lands on m-c? /be
Updated•14 years ago
|
blocking2.0: ? → betaN+
Comment 12•14 years ago
|
||
I hit this today when closing browser: (today's 9/26/2010 nightly) http://crash-stats.mozilla.com/report/index/bp-f49c9e73-b89a-435c-b469-d7c0b2100926
Still in the topcrash list in today's build.
Assignee | ||
Comment 14•14 years ago
|
||
Has this disappeared? /be
Comment 15•14 years ago
|
||
The last crash I see in this stack with a crash stats UI search is 20100928041914.
Assignee | ||
Comment 16•14 years ago
|
||
If anyone has time to pin the tail on the donkey, mark fixed and cite the fix (or even dup, since DUPEME was set). Thanks, /be
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Updated•13 years ago
|
Crash Signature: [@ js::Shape::removeFree() ]
Comment hidden (spam) |
Comment hidden (spam) |
Comment hidden (spam) |
Comment hidden (spam) |
You need to log in
before you can comment on or make changes to this bug.
Description
•