If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

crash [@ js::mjit::stubs::SetElem<int>(js::VMFrame&) ]

RESOLVED WORKSFORME

Status

()

Core
JavaScript Engine
--
critical
RESOLVED WORKSFORME
7 years ago
6 years ago

People

(Reporter: Scoobidiver (away), Assigned: dvander)

Tracking

({crash, regression})

Trunk
x86
Windows 7
crash, regression
Points:
---

Firefox Tracking Flags

(blocking2.0 -)

Details

(Whiteboard: softblocker, crash signature)

(Reporter)

Description

7 years ago
It is a new crash signature that exists in trunk build.
Crashes first appeared in 4.0b8pre/20101102 build.
It is #59 top crasher in 4.0b8pre for the last week.

Signature	js::mjit::stubs::SetElem<int>(js::VMFrame&)
UUID	2983fd9c-5b93-434a-aa6d-7a18a2101106
Time 	2010-11-06 04:50:56.547422
Uptime	82
Last Crash	89 seconds before submission
Install Age	130469 seconds (1.5 days) since version was first installed.
Product	Firefox
Version	4.0b8pre
Build ID	20101104045249
Branch	2.0
OS	Windows NT
OS Version	6.1.7600
CPU	x86
CPU Info	GenuineIntel family 6 model 26 stepping 5
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x1da
App Notes 	AdapterVendorID: 10de, AdapterDeviceID: 0dc4

Frame 	Module 	Signature [Expand] 	Source
0 	mozjs.dll 	js::mjit::stubs::SetElem<0> 	js/src/methodjit/StubCalls.cpp:570
1 		@0x2 	
2 	mozjs.dll 	js::mjit::EnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:745
3 	mozjs.dll 	CheckStackAndEnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:770
4 	mozjs.dll 	js::mjit::JaegerShot 	js/src/methodjit/MethodJIT.cpp:787
5 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:662
6 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:768
7 	mozjs.dll 	js_fun_apply 	js/src/jsfun.cpp:2341
8 		@0x12a0af04 	
9 	mozjs.dll 	js::mjit::EnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:745
10 	mozjs.dll 	CheckStackAndEnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:770
11 	mozjs.dll 	js::mjit::JaegerShot 	js/src/methodjit/MethodJIT.cpp:787
12 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:662
13 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:768
14 	mozjs.dll 	js_fun_apply 	js/src/jsfun.cpp:2341
15 	mozjs.dll 	CallCompiler::generateNativeStub 	js/src/methodjit/MonoIC.cpp:627
16 	mozjs.dll 	js::mjit::ic::NativeCall 	js/src/methodjit/MonoIC.cpp:851
17 		@0x121fa807 	
18 	mozjs.dll 	js::mjit::EnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:745
19 	mozjs.dll 	CheckStackAndEnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:770
20 	mozjs.dll 	js::mjit::JaegerShot 	js/src/methodjit/MethodJIT.cpp:787
21 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:662
22 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:768
23 	mozjs.dll 	js_fun_call 	js/src/jsfun.cpp:2224
24 	mozjs.dll 	CallCompiler::generateNativeStub 	js/src/methodjit/MonoIC.cpp:627
25 	mozjs.dll 	js::mjit::ic::NativeCall 	js/src/methodjit/MonoIC.cpp:851
26 		@0x121f952e 	
27 	mozjs.dll 	js::mjit::EnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:745
28 	mozjs.dll 	CheckStackAndEnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:770
29 	mozjs.dll 	js::mjit::JaegerShot 	js/src/methodjit/MethodJIT.cpp:787
30 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:662
31 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:768
32 	mozjs.dll 	js_fun_apply 	js/src/jsfun.cpp:2341
33 		@0x12127154 	
34 	mozjs.dll 	js::mjit::EnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:745
35 	mozjs.dll 	CheckStackAndEnterMethodJIT 	js/src/methodjit/MethodJIT.cpp:770
36 	mozjs.dll 	js::mjit::JaegerShot 	js/src/methodjit/MethodJIT.cpp:787
37 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:662
38 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:768
39 	mozjs.dll 	js::ExternalInvoke 	js/src/jsinterp.cpp:881
40 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:4935
41 	xul.dll 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:2171
42 	xul.dll 	nsGlobalWindow::RunTimeout 	dom/base/nsGlobalWindow.cpp:8916
43 	xul.dll 	nsGlobalWindow::TimerCallback 	dom/base/nsGlobalWindow.cpp:9261
44 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:425
45 	xul.dll 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:517
46 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:609
47 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:110
48 	xul.dll 	xul.dll@0xb074df 	
49 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:202
50 	xul.dll 	_SEH_epilog4 	
51 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:176
52 	xul.dll 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:181
53 	xul.dll 	xul.dll@0xb074df 	
54 	xul.dll 	nsAppShell::Run 	widget/src/windows/nsAppShell.cpp:243
55 		@0x7703ffff 	
56 	dbghelp.dll 	WTI::pSymWidenTi

The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f4ea6992e1c6&tochange=45d6a73ef138

More reports at:
http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=js%3A%3Amjit%3A%3Astubs%3A%3ASetElem%3Cint%3E%28js%3A%3AVMFrame%26%29
blocking2.0: --- → ?

Comment 1

7 years ago
Could we get some URLs for this?
blocking2.0: ? → betaN+
(Assignee)

Comment 2

7 years ago
Regression range doesn't seem to have any JS and is probably a red herring. Given the date, bug 607293 might be likely.
(Assignee)

Updated

7 years ago
Assignee: general → dvander
Status: NEW → ASSIGNED

Comment 3

7 years ago
(In reply to comment #1)
> Could we get some URLs for this?

cc'ing tomcat and marcia, as they have been watching crash reports.
I just did a UI query and I don't see any instances of this showing up in  Firefox/4.0b8pre. All the crashes seemed to be confined to B7.
adding chofmann for the URLs in case this is a crash that requires volume to show up. Several of the reports I looked at had no URLs.

Comment 6

7 years ago
there are b8pre crashes bug none since nov 28.

http://crash-stats.mozilla.com/report/index/5042297f-bc7b-4297-a7e3-8d0002101128

volume is low in general and urls might not be that valuable.  might have some correlation with login and/redirection??   here are the urls for Dec.

http://www.viaworld.in/agent?action1=BSRC \N
http://www.myfreefarm.de/login/proxy_login.php \N

and for Nov.

http://www.flickr.com/photos/minivulcanologi/2677390674/ hotmail.com and flick crashes FF4 Pre 8

http://www.flickr.com/photos/katesokoler/5080998230/ \N
http://www.flickr.com/photos/anchime/5138609127/ \N
http://www.flickr.com/photos/52451337@N00/3596407349/ \N

http://vagos.es/forumdisplay.php?f=283 \N
http://vagos.es/forumdisplay.php?f=71 \N
http://vagos.es/forumdisplay.php?f=279 \N
http://vagos.es/forumdisplay.php?f=71 \N
http://vagos.es/showthread.php?t=937079 \N
http://vagos.es/showthread.php?t=1024951 \N
http://vagos.es/showthread.php?t=1024951 \N
Whiteboard: softblocker
(Assignee)

Comment 7

7 years ago
Volume is low and I don't see any crashes after a Dec 16th build. I looked at a crash and an object's map was the value tag for "uninitialized". There was a tm->mc merge on Dec 15th, so any of the GC related bugs in that cset are very likely to have fixed this. Please re-open if more reports come in with new builds.
Status: ASSIGNED → RESOLVED
blocking2.0: betaN+ → -
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
Crash Signature: [@ js::mjit::stubs::SetElem<int>(js::VMFrame&) ]
You need to log in before you can comment on or make changes to this bug.