Closed Bug 791999 Opened 13 years ago Closed 12 years ago

crash in js::ObjectImpl::hasClass

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
17 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 790473
Tracking Flags:
Tracking Status
firefox18 - affected

People

(Reporter: scoobidiver, Assigned: dvander)

References

Details

(Keywords: crash, regression, reproducible, Whiteboard: [js:p1])

Crash Data

It first appeared in 17.0a1/20120827. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=b3cce81fef1a&tochange=8af6a22827ec It spiked after the release of IonMonkey. The stack traces are: * Before IonMonkey and in 17.0a2: Frame Module Signature Source 0 mozjs.dll js::ObjectImpl::hasClass js/src/vm/ObjectImpl-inl.h:299 1 mozjs.dll JS::StatsCellCallback js/src/MemoryMetrics.cpp:124 2 mozjs.dll js::IterateCellCallbackOp::operator js/src/jsgc.cpp:4635 3 mozjs.dll js::gc::ForEachArenaAndCell<js::IterateArenaCallbackOp,js::IterateCellCallbackOp js/src/jsgcinlines.h:378 4 mozjs.dll js::IterateCompartmentsArenasCells js/src/jsgc.cpp:4658 5 mozjs.dll JS::CollectRuntimeStats js/src/MemoryMetrics.cpp:230 6 xul.dll xpc::JSMemoryMultiReporter::CollectReports js/xpconnect/src/XPCJSRuntime.cpp:2005 7 xul.dll nsWindowMemoryReporter::CollectReports dom/base/nsWindowMemoryReporter.cpp:319 8 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70 9 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2406 10 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1478 11 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:352 12 mozjs.dll js::Interpret js/src/jsinterp.cpp:2413 13 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:363 14 mozjs.dll js::Invoke js/src/jsinterp.cpp:396 15 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5846 16 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1430 17 xul.dll nsRefreshDriver::Notify layout/base/nsRefreshDriver.cpp:412 * After IonMonkey: Frame Module Signature Source 0 mozjs.dll js::ObjectImpl::hasClass js/src/vm/ObjectImpl-inl.h:337 1 mozjs.dll js::AddValues js/src/jsinterp.cpp:4121 2 @0x36d9e0ef 3 mozjs.dll js::ObjectImpl::nativeLookup js/src/vm/ObjectImpl.cpp:265 4 mozjs.dll js::NameOperation js/src/jsinterpinlines.h:424 5 mozjs.dll EnterIon js/src/ion/Ion.cpp:1325 6 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:378 7 mozjs.dll js::Invoke js/src/jsinterp.h:119 8 mozjs.dll js::CallOrConstructBoundFunction js/src/jsfun.cpp:1078 9 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:367 10 mozjs.dll js::Invoke js/src/jsinterp.cpp:411 11 mozjs.dll js::ion::InvokeFunction js/src/ion/VMFunctions.cpp:62 12 mozjs.dll JSObject::removeProperty js/src/jsscope.cpp:871 More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3AObjectImpl%3A%3AhasClass%28js%3A%3AClass+const*%29
bp-8b53c1fa-7ae0-4d2e-a2da-0a74d2120925 bp-86e9edbb-4413-4cca-9a7a-84b522120925 1. Go to maps.google.com 2. Enable MapsGL 3. Scroll/Zoom in a few times. Crash happens soon afterwards with this signature or the signature in bug 790473.
It's #6 top crasher in today's build.
tracking-firefox18: --- → ?
Keywords: topcrash
I got this because I minimized Firefox while it was starting up and restoring my tabs (app tabs). It is usually frozen in that time and does not react immediatelly. I clicked minimize button (Win XP). It did nothing, but after few seconds instead of minimizing it crashed (bp-28d0d2d0-713f-490b-985a-1469c2121009). Then session-restored itself fine to the state it should be in.
Hi all, I got this on refreshing about:memory after a long browsing session. Haven't been using WebGL for anything. Windows 8 RTM.
(In reply to John Volikas from comment #1) > bp-8b53c1fa-7ae0-4d2e-a2da-0a74d2120925 > bp-86e9edbb-4413-4cca-9a7a-84b522120925 > > 1. Go to maps.google.com > 2. Enable MapsGL > 3. Scroll/Zoom in a few times. > > Crash happens soon afterwards with this signature or the signature in bug > 790473. This is a pretty good way to reproduce this crash as well.
Keywords: reproducible
Got this crash also on Google maps, with Nightly from: http://hg.mozilla.org/mozilla-central/rev/3621795c03e1 While zooming in out on maps, crash report: https://crash-stats.mozilla.com/report/index/bp-68a75ae8-881d-4081-9f42-34a6c2121029 But what is maybe more important, my first crash with same scenario looks like something "new" (no related bug): https://crash-stats.mozilla.com/report/index/bp-30d57cee-d252-400a-8d29-b04dd2121029 Maybe will be helpful, somehow.
This is likely a dupe of bug 790473 as the STR is identical.
Blocks: 793126
Mihaela, comment 26 in Bug 793126 suggests you are crashing with the signature of this bug . Can you please help with some testing to see if this happens on aurora/nightly along with STR and comment here. Will be helpful to know if you are seeing any signatures in Bug 790473 as well, as comment 7 suggests this may be a dup.Thanks !
QA Contact: mihaela.velimiroviciu
Reports: * Nightly: - https://crash-stats.mozilla.com/report/index/bp-8239d71d-4100-4c2f-901f-01a1c2121109 (crash with the signature from this bug) - https://crash-stats.mozilla.com/report/index/bp-b741fe9c-c371-4a3f-8c94-8ef9b2121109 (crash with the signature from bug #790473) * Aurora: - https://crash-stats.mozilla.com/report/index/2483f3a5-61ca-4481-a74d-372262121109 (crash with the signature from this bug) - https://crash-stats.mozilla.com/report/index/bp-77b298a0-e466-40a3-ae7e-1ed382121109 (crash with signature from bug #790473) - https://crash-stats.mozilla.com/report/index/bp-9cac0756-5ec9-4b7b-9cda-4c3212121109 (crash with other signature) The basic steps I did were: 1. Go to maps.google.com 2. Enable MapsGL 3. Search a location and navigate on the map, zoom in and out 4. Enter street view mode and "walk" a while Note: Sometimes it crashed even without step 4, although that step triggered the crash more easily. Basically, using google maps with webgl enabled for a while (especially in street view, but not only) crashes Firefox with these signatures.
(In reply to David Anderson [:dvander] from comment #7) > This is likely a dupe of bug 790473 as the STR is identical. Taking per this comment, if we can get a fix in the other bug I'll verify here.
Assignee: general → dvander
Status: NEW → ASSIGNED
Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/19.0 Firefox/19.0 Build id: 20121115030705 On win XP, I reproduce the crash even easier. Steps: 1. Go to google maps 2. Enable Maps GL 3. Search for Sunnyvale 4. Zoom in Result: Nightly crashes with this signature. Reports: - https://crash-stats.mozilla.com/report/index/bp-54dd87a7-84c8-42ef-b150-8eeb82121115 - https://crash-stats.mozilla.com/report/index/bp-4e82877f-27e5-44d7-8f08-2bf852121115 - https://crash-stats.mozilla.com/report/index/6175784a-e199-4d8c-9537-f917e2121115
This isn't a topcrash any more, but it's still reproducible, so something that probably warrants a look. I'm also re-nominating for 18 as being not a topcrash it probably should not be tracking+ any longer.
tracking-firefox18: +?
Keywords: topcrash
Thanks KaiRo - untracking.
tracking-firefox18: ?-
Whiteboard: [js:p1]
Ok so instead of it happening sometimes when loading about:memory, it happens on startup for me (I have about:memory as an app tab). Something made it worse in the last couple of nightlies.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.