Closed Bug 795675 Opened 9 years ago Closed 9 years ago

crash in JSC::Yarr::interpret mainly on JB

Categories

(Core :: JavaScript Engine, defect)

18 Branch
ARM
Android
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox18 --- affected
firefox19 --- affected
firefox20 --- unaffected

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, topcrash, Whiteboard: [native-crash][startupcrash][js:p3])

Crash Data

It's similar to bug 763864 but this one happens on JB at startup.
It's #19 top crasher in 16.0b5.

Signature 	JSC::Yarr::interpret More Reports Search
UUID	3cf1ddba-3db8-4c55-8d41-5aea82120930
Date Processed	2012-09-30 01:25:38
Uptime	7
Last Crash	1.5 weeks before submission
Install Age	1.5 days since version was first installed.
Install Time	2012-09-28 14:35:52
Product	FennecAndroid
Version	16.0
Build ID	20120925201147
Release Channel	beta
OS	Linux
OS Version	0.0.0 Linux 3.1.10-g52027f9 #1 SMP PREEMPT Thu Jun 28 16:19:26 PDT 2012 armv7l
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x0
App Notes 	
AdapterDescription: 'NVIDIA Corporation -- NVIDIA Tegra 3 -- OpenGL ES 2.0 14.01002 -- Model: Nexus 7, Product: nakasi, Manufacturer: asus, Hardware: grouper'
asus Nexus 7
google/nakasi/grouper:4.1.1/JRO03D/402395:user/release-keys
Processor Notes 	This dump is too long and has triggered the automatic truncation routine
EMCheckCompatibility	True
Adapter Vendor ID	NVIDIA Corporation
Adapter Device ID	NVIDIA Tegra 3
Device	asus Nexus 7
Android API Version	16 (REL)
Android CPU ABI	armeabi-v7a

Frame 	Module 	Signature 	Source
0 	libxul.so 	JSC::Yarr::interpret 	js/src/yarr/YarrInterpreter.cpp:93
1 	libxul.so 	js::RegExpShared::execute 	js/src/vm/RegExpObject.cpp:224
2 	libxul.so 	js::ExecuteRegExp 	js/src/builtin/RegExp.cpp:109
3 	libxul.so 	DoMatch 	js/src/jsstr.cpp:1539
4 	libxul.so 	js::str_replace 	js/src/jsstr.cpp:2106
5 	libxul.so 	js::InvokeKernel 	js/src/jscntxtinlines.h:382
6 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:2442
7 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:301
8 	libxul.so 	js::Invoke 	js/src/jsinterp.cpp:355
9 	libxul.so 	js::IndirectProxyHandler::call 	js/src/jsproxy.cpp:442
10 	libxul.so 	js::DirectWrapper::call 	js/src/jswrapper.cpp:295
11 	libxul.so 	js::CrossCompartmentWrapper::call 	js/src/jswrapper.cpp:689
12 	libxul.so 	proxy_Call 	js/src/jsproxy.cpp:1143
13 	libxul.so 	js::Invoke 	js/src/jscntxtinlines.h:382
14 	libxul.so 	JS_CallFunctionValue 	js/src/jsapi.cpp:5604
15 	libxul.so 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1436
16 	libxul.so 	nsXPCWrappedJS::CallMethod 	js/xpconnect/src/XPCWrappedJS.cpp:580
17 	libxul.so 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:105
18 	libxul.so 	libxul.so@0xaa64db 	
19 	libxul.so 	nsEventListenerManager::HandleEventSubType 	content/events/src/nsEventListenerManager.cpp:820
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=JSC%3A%3AYarr%3A%3Ainterpret
From 19.0a1/20121009, every crash signatures on Linux have a Windows look.
For this bug, more reports at: https://crash-stats.mozilla.com/report/list?signature=JSC%3A%3AYarr%3A%3Ainterpret%28JSC%3A%3AYarr%3A%3ABytecodePattern*%2C+unsigned+short+const*%2C+unsigned+int%2C+unsigned+int%2C+int*%29
Crash Signature: [@ JSC::Yarr::interpret] → [@ JSC::Yarr::interpret] [@ JSC::Yarr::interpret(JSC::Yarr::BytecodePattern*, unsigned short const*, unsigned int, unsigned int, int*)]
Summary: crash in JSC::Yarr::interpret on JB → crash in JSC::Yarr::interpret mainly on JB
I see this fairly often in my automated benchmark suite running on a N7; I can probably reproduce it in a reasonable amount of time if that's helpful.

I also see this other crash: https://crash-stats.mozilla.com/report/index/c45a78aa-5678-4939-ba9a-6bd762121106 at roughly similar frequency and at the same spot; so it could be that this isn't necessarily a JSC::Yarr problem, but maybe just memory corruption?
Crash Signature: [@ JSC::Yarr::interpret] [@ JSC::Yarr::interpret(JSC::Yarr::BytecodePattern*, unsigned short const*, unsigned int, unsigned int, int*)] → [@ JSC::Yarr::interpret] [@ JSC::Yarr::interpret(JSC::Yarr::BytecodePattern*, unsigned short const*, unsigned int, unsigned int, int*)] [@ JSC::Yarr::interpret(JSC::Yarr::BytecodePattern*, unsigned short const*, unsigned int, unsigned int unsigned int*)]
Without STR not much we can do other than watch this. It has gone quiet since 11/19. Worth noting that we updated our jsc::yarr in fx19. If :vladv is seeing crashes from bugs would be curious if they get addressed.
Whiteboard: [native-crash][startupcrash] → [native-crash][startupcrash][js:p3]
It's #23 to crasher in 17.0, #20 in 18.0b2, and #29 in 19.0a2, so pretty stable in ranking.
It's #7 top crasher in 18.0 and #17 in 19.0a2.
Keywords: topcrash
Version: 16 Branch → 18 Branch
QA Wanted to try to get STRs per comment 3.  Vlad can you try to get some STRs please?

URLs listed:

38 	about:blank
22 	about:home
1 	http://www.wicount.co.za/ActiveDeals?utm_source=Wicount+South+Africa&utm_campaig
1 	https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-prn1/535791_569340773077336_17
1 	http://ca.blackberry.com/smartphones/blackberry-z10/buy.html?CPID=CRM_E_CNA_01_C
1 	http://www.exquisitequeens.com/
1 	http://t.co/jykH3fEH
1 	http://zh.wikipedia.org/zh/%E9%AB%98%E6%96%AF%E5%AE%9A%E5%BE%8B
1 	https://www.google.com/search?q=famke+janssen+muriel+quotes+pray&oq=famke+jansse
1 	file:///storage/sdcard0/Download/%D1%82%D0%B5%D1%85%D0%BE%D0%B1%D1%81%D0%BB%D1%8
1 	http://v-cdn-r.xshare.com/mp4-mobile/babygotboobs_810.mp4?nva=20130202042844&nvb
1 	http://theoatmeal.com/comics/house
1 	http://192.168.100.1:5280/?redirect=http%3A//www.asus.com/
1 	http://m.scmp.com//business?utm_source=edm&utm_medium=edm&utm_content=20130205&u
1 	file:///storage/sdcard0/Download/Settings.aspx
1 	http://windows.appstorm.net/
1 	http://www.linkedin.com/profile/view?trk=eml-comm_invm-b-pro_txt-inv28&authType=
1 	http://ventura.craigslist.org/search/?areaID=208&subAreaID=&query=wood+door&catA
1 	https://play.google.com/store/apps/details?id=net.eworldui.videouploader.adfree
1 	http://www.mandatory.com/2012/09/11/funny-photo-hall-of-fame/2
1 	http://www.hwupgrade.it/news/telefonia/il-futuro-degli-os-mobile-alternativi-a-i
1 	https://play.google.com/store/apps/details?id=org.mozilla.firefox&rdid=org.mozil
1 	http://en.m.wikipedia.org/wiki/Cefdinir
1 	http://maliactu.net/incroyable-mais-vrai-une-partie-de-la-region-de-kidal-vendue
1 	https://nbillpay.verizonwireless.com/vzw/accountholder/unbilledusage/UnbilledMes
1 	http://m.facebook.com/home.php?ref=bookmark&__user=100001839823598
1 	http://m.youtube.com/watch?v=iDqcnypFEBk&desktop_uri=%2Fwatch%3Fv%3DiDqcnypFEBk
1 	http://m.yahoo.com/w/ygo-mail/forward.bp?f=Inbox&m=2_0_0_1_9639119_AI7TimIAALQ8U
1 	https://www.facebook.com/
Flags: needinfo?(vladimir)
Keywords: qawanted
I loaded all the urls from crash stats directly. No crashes were found.
Flags: needinfo?(vladimir)
Keywords: qawanted
There are no crashes in 20.0 and above.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.