Closed
Bug 610116
Opened 14 years ago
Closed 14 years ago
crash [@ js::mjit::stubs::SetElem<int>(js::VMFrame&) ]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
blocking2.0 | --- | - |
People
(Reporter: scoobidiver, Assigned: dvander)
Details
(Keywords: crash, regression, Whiteboard: softblocker)
Crash Data
It is a new crash signature that exists in trunk build. Crashes first appeared in 4.0b8pre/20101102 build. It is #59 top crasher in 4.0b8pre for the last week. Signature js::mjit::stubs::SetElem<int>(js::VMFrame&) UUID 2983fd9c-5b93-434a-aa6d-7a18a2101106 Time 2010-11-06 04:50:56.547422 Uptime 82 Last Crash 89 seconds before submission Install Age 130469 seconds (1.5 days) since version was first installed. Product Firefox Version 4.0b8pre Build ID 20101104045249 Branch 2.0 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 26 stepping 5 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x1da App Notes AdapterVendorID: 10de, AdapterDeviceID: 0dc4 Frame Module Signature [Expand] Source 0 mozjs.dll js::mjit::stubs::SetElem<0> js/src/methodjit/StubCalls.cpp:570 1 @0x2 2 mozjs.dll js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:745 3 mozjs.dll CheckStackAndEnterMethodJIT js/src/methodjit/MethodJIT.cpp:770 4 mozjs.dll js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:787 5 mozjs.dll js::RunScript js/src/jsinterp.cpp:662 6 mozjs.dll js::Invoke js/src/jsinterp.cpp:768 7 mozjs.dll js_fun_apply js/src/jsfun.cpp:2341 8 @0x12a0af04 9 mozjs.dll js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:745 10 mozjs.dll CheckStackAndEnterMethodJIT js/src/methodjit/MethodJIT.cpp:770 11 mozjs.dll js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:787 12 mozjs.dll js::RunScript js/src/jsinterp.cpp:662 13 mozjs.dll js::Invoke js/src/jsinterp.cpp:768 14 mozjs.dll js_fun_apply js/src/jsfun.cpp:2341 15 mozjs.dll CallCompiler::generateNativeStub js/src/methodjit/MonoIC.cpp:627 16 mozjs.dll js::mjit::ic::NativeCall js/src/methodjit/MonoIC.cpp:851 17 @0x121fa807 18 mozjs.dll js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:745 19 mozjs.dll CheckStackAndEnterMethodJIT js/src/methodjit/MethodJIT.cpp:770 20 mozjs.dll js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:787 21 mozjs.dll js::RunScript js/src/jsinterp.cpp:662 22 mozjs.dll js::Invoke js/src/jsinterp.cpp:768 23 mozjs.dll js_fun_call js/src/jsfun.cpp:2224 24 mozjs.dll CallCompiler::generateNativeStub js/src/methodjit/MonoIC.cpp:627 25 mozjs.dll js::mjit::ic::NativeCall js/src/methodjit/MonoIC.cpp:851 26 @0x121f952e 27 mozjs.dll js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:745 28 mozjs.dll CheckStackAndEnterMethodJIT js/src/methodjit/MethodJIT.cpp:770 29 mozjs.dll js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:787 30 mozjs.dll js::RunScript js/src/jsinterp.cpp:662 31 mozjs.dll js::Invoke js/src/jsinterp.cpp:768 32 mozjs.dll js_fun_apply js/src/jsfun.cpp:2341 33 @0x12127154 34 mozjs.dll js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:745 35 mozjs.dll CheckStackAndEnterMethodJIT js/src/methodjit/MethodJIT.cpp:770 36 mozjs.dll js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:787 37 mozjs.dll js::RunScript js/src/jsinterp.cpp:662 38 mozjs.dll js::Invoke js/src/jsinterp.cpp:768 39 mozjs.dll js::ExternalInvoke js/src/jsinterp.cpp:881 40 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:4935 41 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:2171 42 xul.dll nsGlobalWindow::RunTimeout dom/base/nsGlobalWindow.cpp:8916 43 xul.dll nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:9261 44 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:425 45 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:517 46 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:609 47 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 48 xul.dll xul.dll@0xb074df 49 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:202 50 xul.dll _SEH_epilog4 51 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:176 52 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:181 53 xul.dll xul.dll@0xb074df 54 xul.dll nsAppShell::Run widget/src/windows/nsAppShell.cpp:243 55 @0x7703ffff 56 dbghelp.dll WTI::pSymWidenTi The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f4ea6992e1c6&tochange=45d6a73ef138 More reports at: http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=js%3A%3Amjit%3A%3Astubs%3A%3ASetElem%3Cint%3E%28js%3A%3AVMFrame%26%29
Updated•14 years ago
|
blocking2.0: --- → ?
Assignee | ||
Comment 2•14 years ago
|
||
Regression range doesn't seem to have any JS and is probably a red herring. Given the date, bug 607293 might be likely.
Assignee | ||
Updated•14 years ago
|
Assignee: general → dvander
Status: NEW → ASSIGNED
Comment 3•14 years ago
|
||
(In reply to comment #1) > Could we get some URLs for this? cc'ing tomcat and marcia, as they have been watching crash reports.
Comment 4•14 years ago
|
||
I just did a UI query and I don't see any instances of this showing up in Firefox/4.0b8pre. All the crashes seemed to be confined to B7.
Comment 5•14 years ago
|
||
adding chofmann for the URLs in case this is a crash that requires volume to show up. Several of the reports I looked at had no URLs.
Comment 6•14 years ago
|
||
there are b8pre crashes bug none since nov 28. http://crash-stats.mozilla.com/report/index/5042297f-bc7b-4297-a7e3-8d0002101128 volume is low in general and urls might not be that valuable. might have some correlation with login and/redirection?? here are the urls for Dec. http://www.viaworld.in/agent?action1=BSRC \N http://www.myfreefarm.de/login/proxy_login.php \N and for Nov. http://www.flickr.com/photos/minivulcanologi/2677390674/ hotmail.com and flick crashes FF4 Pre 8 http://www.flickr.com/photos/katesokoler/5080998230/ \N http://www.flickr.com/photos/anchime/5138609127/ \N http://www.flickr.com/photos/52451337@N00/3596407349/ \N http://vagos.es/forumdisplay.php?f=283 \N http://vagos.es/forumdisplay.php?f=71 \N http://vagos.es/forumdisplay.php?f=279 \N http://vagos.es/forumdisplay.php?f=71 \N http://vagos.es/showthread.php?t=937079 \N http://vagos.es/showthread.php?t=1024951 \N http://vagos.es/showthread.php?t=1024951 \N
Updated•14 years ago
|
Whiteboard: softblocker
Assignee | ||
Comment 7•14 years ago
|
||
Volume is low and I don't see any crashes after a Dec 16th build. I looked at a crash and an object's map was the value tag for "uninitialized". There was a tm->mc merge on Dec 15th, so any of the GC related bugs in that cset are very likely to have fixed this. Please re-open if more reports come in with new builds.
Status: ASSIGNED → RESOLVED
blocking2.0: betaN+ → -
Closed: 14 years ago
Resolution: --- → WORKSFORME
Updated•13 years ago
|
Crash Signature: [@ js::mjit::stubs::SetElem<int>(js::VMFrame&) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•