Closed Bug 615993 Opened 14 years ago Closed 13 years ago

Fennec crash [@ js::mjit::JaegerShot ]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
fennec - ---

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, Whiteboard: fennec-related-jscript-crashers, [mobile-crash][native-crash])

Crash Data

It is #7 top crasher in Fennec 4.0b3pre for the last week. It happens only on ARM v5 or v6. Signature js::mjit::JaegerShot UUID 01573a80-e8eb-48de-8699-786552101201 Time 2010-12-01 09:56:06.95135 Uptime 31 Last Crash 274 seconds (4.6 minutes) before submission Install Age 309 seconds (5.2 minutes) since version was first installed. Product Fennec Version 4.0b3pre Build ID 20101201043717 Branch 2.0 OS Linux OS Version 0.0.0 Linux 2.6.32.9-perf #1 PREEMPT Sat Sep 11 12:44:11 CST 2010 armv6l CPU arm CPU Info Crash Reason SIGILL Crash Address 0x4693303c User Comments App Notes nothumb Build HUAWEI Ideos Huawei/U8150/U8150/U8150:2.2/FRF91/eng.huawei.20100911.122209:user/release-keys Frame Module Signature [Expand] Source 0 @0x4693303c 1 libxul.so js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:745 2 libxul.so js::Invoke js/src/jsinterp.cpp:654 3 libxul.so js::ExternalInvoke js/src/jsinterp.cpp:858 4 libxul.so JS_CallFunctionValue js/src/jsinterp.h:962 5 libxul.so nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1694 6 libxul.so nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:588 7 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:132 8 libxul.so libxul.so@0xd3eb6f 9 libxul.so nsDOMEventListenerWrapper::HandleEvent content/events/src/nsDOMEventTargetHelper.cpp:65 10 @0x4a9f0eff 11 libxul.so nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1114 12 libxul.so nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:1210 13 libxul.so nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:146 14 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:341 15 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:628 16 libxul.so nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:691 17 libxul.so nsXMLHttpRequest::DispatchProgressEvent content/base/src/nsXMLHttpRequest.cpp:1596 18 libxul.so nsXMLHttpRequest::DispatchProgressEvent content/base/src/nsXMLHttpRequest.h:271 19 libxul.so nsXMLHttpRequest::RequestCompleted content/base/src/nsXMLHttpRequest.cpp:2204 20 libxul.so nsXMLHttpRequest::OnStopRequest content/base/src/nsXMLHttpRequest.cpp:2158 21 libxul.so nsHTTPCompressConv::OnStopRequest netwerk/streamconv/converters/nsHTTPCompressConv.cpp:127 22 libxul.so nsStreamListenerTee::OnStopRequest netwerk/base/src/nsStreamListenerTee.cpp:71 23 libxul.so nsHttpChannel::OnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:4030 24 libxul.so nsInputStreamPump::OnStateStop netwerk/base/src/nsInputStreamPump.cpp:578 25 libxul.so nsInputStreamPump::OnInputStreamReady netwerk/base/src/nsInputStreamPump.cpp:403 26 libxul.so nsInputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:112 27 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:626 28 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250 29 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:134 30 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:219 31 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:202 32 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:192 33 libxul.so nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:191 34 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3691 35 libxul.so GeckoStart toolkit/xre/nsAndroidStartup.cpp:131 36 libc.so libc.so@0x1103f 37 libc.so libc.so@0x10b23 More reports at: http://crash-stats.mozilla.com/report/list?product=Fennec&version=Fennec%3A4.0b3pre&platform=linux&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=js%3A%3Amjit%3A%3AJaegerShot
tracking-fennec: --- → ?
Keywords: topcrash
tracking-fennec: ? → 2.0-
In Fennec 4.0b3, it happens on ARM v7 and it is #10 top crasher for the last week. Stack traces are different from the ones in comment 0. Signature js::mjit::JaegerShot UUID 9bef9430-0f49-4f48-861b-dbac22110102 Time 2011-01-02 13:08:20.3470 Uptime 0 Install Age 431109 seconds (5.0 days) since version was first installed. Product Fennec Version 4.0b3 Build ID 20101221205132 Branch 1.9 OS Linux OS Version 0.0.0 Linux 2.6.32.15-ge2c73db #1 PREEMPT Thu Sep 9 00:42:30 CST 2010 armv7l CPU arm Crash Reason SIGILL Crash Address 0x42e84f00 Frame Module Signature [Expand] Source 0 @0x42e84f00 1 libxul.so js::mjit::JaegerShot js/src/jsinterp.h:576 2 libxul.so js::Execute js/src/jsinterp.cpp:654 3 libxul.so JS_EvaluateUCScriptForPrincipals js/src/jsapi.cpp:4940 4 libxul.so JS_EvaluateUCScriptForPrincipalsVersion js/src/jsapi.cpp:140 5 libxul.so nsJSContext::EvaluateString dom/base/nsJSEnvironment.cpp:1731 6 libxul.so nsGlobalWindow::RunTimeout nsTSubstring.h:113 7 libxul.so nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:9314 8 libxul.so nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:426 9 libxul.so nsTimerEvent::Run nsAutoPtr.h:969 10 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:626 11 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250 12 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:111 13 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:230 14 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220 15 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512 16 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:198 17 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:631 18 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:222 19 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220 20 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512 21 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:510 22 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:691 23 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:69 24 libc.so libc.so@0xd432
Summary: Fennec crash [@ js::mjit::JaegerShot ] on ARM v5 or v6 → Fennec crash [@ js::mjit::JaegerShot ]
occurred once when going to : http://www.ipligence.com/geolocation through a google link. Cannot seem to reproduce with just going to the website. Note: error in console: error: strings is null Source File: resource://gre/modules/CrashSubmit.jsm line:180 http://crash-stats.mozilla.com/report/index/bp-93cc8dae-9400-45d7-9bc6-1fc522110120 (another crash occurred at the same time, however it was throttled: 4913d004-7026-bf2a-383b3a64-4ee4364a) 0 @0x4496733a 1 libxul.so js::mjit::JaegerShot js/src/jscntxt.h:2893 2 libxul.so js::Invoke js/src/jsinterp.cpp:654 3 libxul.so js::ExternalInvoke js/src/jsinterp.cpp:858 4 libxul.so JS_CallFunctionValue js/src/jsinterp.h:961 5 libxul.so nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1702 6 libxul.so nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:589 7 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:134 8 libxul.so libxul.so@0x96693c 9 libxul.so nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1114 10 @0x4406c0df 11 libxul.so nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:1209 12 libxul.so nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:146 13 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:343 14 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:630 15 libxul.so PostMessageEvent::Run nsCOMPtr.h:492 16 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:633 17 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250 18 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:111 19 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:230 20 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220 21 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512 22 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:198 23 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:640 24 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:222 25 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220 26 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512 27 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:519 28 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:761 29 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:69 30 libc.so libc.so@0xd412
tracking-fennec: 2.0- → ?
Am able to reproduce by going to wiki.mozilla.org/WeeklyUpdates on my phone and clicking around
I crashed on wiki.mozilla.org as well.
blocking2.0: --- → ?
tracking-fennec: ? → 2.0+
blocking2.0: ? → ---
Crashed on vBulletin forums. Example, any of the threads in [H]ard|Forum http://www.hardforum.com/forumdisplay.php?s=1ad304e2ce90cd08e188089e2fc83e8c&f=3
(In reply to comment #4) > I crashed on wiki.mozilla.org as well. ditto on wikimo testing. http://crash-stats.mozilla.com/report/index/bp-f6b5f745-2de8-4443-973f-b8e632110128
(In reply to comment #7) > (In reply to comment #4) > > I crashed on wiki.mozilla.org as well. > > ditto on wikimo testing. > > http://crash-stats.mozilla.com/report/index/bp-f6b5f745-2de8-4443-973f-b8e632110128 more specifically, crashed on https://wiki.mozilla.org/Mobile/Notes
Whiteboard: fennec-related-jscript-crashers
Now #2 top crasher in Fennec 4.0b4. Both stack traces in comment 0 and in comment 1 show up in crash reports.
When I try to open wiki.mozilla.org I'm getting the assertion with exactly the same stack as in the bug 626361. Not sure if it's the same issue as the original reported one, but could be the cause of the problem. Assertion failure: (inst & mask) == expected, at /media/data/mozilla/mozilla-central/js/src/methodjit/ICChecker.h:56 Stack: #0 0xafd0ec9c in kill () from /media/data/mozilla/debug/lib/libc.so #1 0xafd13746 in raise () from /media/data/mozilla/debug/lib/libc.so #2 0x82ee8c28 in JS_Assert (s=0x834217f8 "(inst & mask) == expected", file=0x83421814 "/media/data/mozilla/mozilla-central/js/src/methodjit/ICChecker.h", ln=56) at /media/data/mozilla/mozilla-central/js/src/jsutil.cpp:90 #3 0x82fa5f1e in js::mjit::ic::Repatcher::relink(JSC::CodeLocationCall, JSC::FunctionPtr) () from /media/data/mozilla/mozilla-central/objdir/dist/bin/libxul.so #4 0x82fa689c in EqualityCompiler::update() () from /media/data/mozilla/mozilla-central/objdir/dist/bin/libxul.so #5 0x82fa4bc8 in js::mjit::ic::Equality (f=..., ic=0x6) at /media/data/mozilla/mozilla-central/js/src/methodjit/MonoIC.cpp:392 #6 0x82f6ff8e in JaegerStubVeneer () from /media/data/mozilla/mozilla-central/objdir/dist/bin/libxul.so
Neither cdleary nor I have been able to reproduce this by clicking around wiki.mozilla.org. Maybe there is a more detailed procedure? But also, those crashes may have been mostly bug 626361. So maybe we should recheck on builds/betas that have those patches.
If it's not 626361, it's something like it. Hmm. I thought I'd reviewed all the ICs and checked that they did the RESERVE_IC_SPACE stuff properly. I clearly missed (at least) the equality stub in 626361.
This looks like it was fixed by 626361
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Depends on: 626361
Resolution: FIXED → WORKSFORME
Crash Signature: [@ js::mjit::JaegerShot ]
Reopening because the crash reports show that in recent builds, this crash signature is still occurring: https://crash-stats.mozilla.com/report/list?range_value=7&range_unit=days&date=2011-06-20%2012%3A00%3A00&signature=libc-2.5.so%400x2a548&version=Fennec%3A5.0
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Isn't that a different crash?
dup of {{Bug|670603}} - Crash at js::mjit::JaegerShot in Yahoo mail?
Whiteboard: fennec-related-jscript-crashers → fennec-related-jscript-crashers, [mobile-crash]
Keywords: topcrash
Whiteboard: fennec-related-jscript-crashers, [mobile-crash] → fennec-related-jscript-crashers, [mobile-crash][native-crash]
We don't have this code any more.
Status: REOPENED → RESOLVED
tracking-fennec: 2.0+ → -
Closed: 14 years ago13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.