Crash [@ js::mjit::EnterMethodJIT][@ js::mjit::ic::CallProp(js::VMFrame&, js::mjit::ic::PICInfo*) ]

RESOLVED WORKSFORME

Status

()

Core
JavaScript Engine
--
critical
RESOLVED WORKSFORME
7 years ago
7 years ago

People

(Reporter: bc, Unassigned)

Tracking

(Blocks: 1 bug, {crash, reproducible})

Trunk
x86
All
crash, reproducible
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

7 years ago
1. http://chessinkorea.com/xe/3959
2. crash windows/linux but not mac?

I don't know if this is a recent regression or not. See also bug 595351.
	
Operating system: Linux
                  0.0.0 Linux 2.6.35.11-83.fc14.i686.PAE #1 SMP Mon Feb 7 06:57:55 UTC 2011 i686
CPU: x86
     GenuineIntel family 6 model 44 stepping 2
     1 CPU

Crash reason:  SIGSEGV
Crash address: 0x2a3d603c

Thread 0 (crashed)
 0  0x84eafdb
    eip = 0x084eafdb   esp = 0xbfa8c1ec   ebp = 0xbfa8c228   ebx = 0xb3b96478
    esi = 0xad943a80   edi = 0xffff0007   eax = 0x00000000   ecx = 0x00006093
    edx = 0xad943a80   efl = 0x00010213
    Found by: given as instruction pointer in context
 1  libxul.so!js::mjit::EnterMethodJIT [MethodJIT.cpp : 749 + 0x1f]
    eip = 0x028687a9   esp = 0xbfa8c230   ebp = 0xbfa8c288
    Found by: previous frame's frame pointer
 2  libxul.so!js::InvokeSessionGuard::invoke [jsinterpinlines.h : 619 + 0x22]
    eip = 0x0268516d   esp = 0xbfa8c290   ebp = 0xbfa8c2c8   ebx = 0x03076d14
    Found by: call frame info
 3  libxul.so!sort_compare [jsarray.cpp : 1732 + 0x11]
    eip = 0x0267e673   esp = 0xbfa8c2d0   ebp = 0xbfa8c308   ebx = 0x03076d14
    esi = 0x02f742a0
    Found by: call frame info
 4  libxul.so!js_MergeSort [jsarray.cpp : 1652 + 0x1f]
    eip = 0x0267e26e   esp = 0xbfa8c310   ebp = 0xbfa8c378   ebx = 0x03076d14
    esi = 0x02f742a0
    Found by: call frame info
 5  libxul.so!js::array_sort [jsarray.cpp : 1980 + 0x44]
    eip = 0x0267ef7e   esp = 0xbfa8c380   ebp = 0xbfa8c498   ebx = 0x03076d14
    esi = 0x02f742a0
    Found by: call frame info

Comment 1

7 years ago
I can reproduce but with a different crash signature:
bp-de0251c9-4c70-4fe0-aa29-54acc2110330
Keywords: testcase-wanted → reproducible
OS: Windows XP → All
Summary: Crash [@ js::mjit::EnterMethodJIT] → Crash [@ js::mjit::EnterMethodJIT][@ js::mjit::ic::CallProp(js::VMFrame&, js::mjit::ic::PICInfo*) ]
What do you have to do to make it crash? Loading the page WFM.
(Reporter)

Comment 3

7 years ago
dmandelin, what OS/build type? I reproduced with debug win/linux but not mac. I tried opt mac but not opt win or linux.
(In reply to comment #3)
> dmandelin, what OS/build type? I reproduced with debug win/linux but not mac. I
> tried opt mac but not opt win or linux.

I tried opt and debug Win.
(Reporter)

Comment 5

7 years ago
It took me a serveral times reloading on winxp with java to reproduce. I hit bug 136927 once but finally got the assertion in the debugger. I haven't been able to reproduce it on a vm without java nor in opt. I'll keep it in the debugger for a while. Hit me up on irc.
(Reporter)

Comment 6

7 years ago
I should have said crash, not assertion.
(Reporter)

Comment 7

7 years ago
update crash bugs to critical per guidelines.
Severity: normal → critical
Crash Signature: [@ js::mjit::EnterMethodJIT] [@ js::mjit::ic::CallProp(js::VMFrame&, js::mjit::ic::PICInfo*) ]

Updated

7 years ago
Crash Signature: [@ js::mjit::EnterMethodJIT] [@ js::mjit::ic::CallProp(js::VMFrame&, js::mjit::ic::PICInfo*) ] → [@ js::mjit::EnterMethodJIT] [@ js::mjit::ic::CallProp(js::VMFrame&, js::mjit::ic::PICInfo*) ]
Can you still reproduce this with Firefox 7 or newer?

Comment 9

7 years ago
I am not the reporter but I can no longer reproduce it in Firefox 6.0.2 while I was able to do that in 4.0.
(Reporter)

Comment 10

7 years ago
I can't reproduce on beta, aurora or nightly debug builds on windows 2003 server. I'll go ahead and mark it wfm.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.