crash in js_CloneFunctionObject

RESOLVED WORKSFORME

Status

()

--
critical
RESOLVED WORKSFORME
6 years ago
5 years ago

People

(Reporter: scoobidiver, Unassigned)

Tracking

({crash})

19 Branch
crash
Points:
---

Firefox Tracking Flags

(firefox19 affected, firefox20 affected)

Details

(Whiteboard: [native-crash][ARMv6], crash signature)

(Reporter)

Description

6 years ago
It's a low volume crash but #5 top crasher in 19.0 on ARMv6 (see https://crash-analysis.mozilla.com/rkaiser/2013-03-02/2013-03-02.fennecandroid.19.0.armv6.topcrash.html). That qualifies it for the topcrash keyword according to https://wiki.mozilla.org/CrashKill/Topcrash

Signature 	js_CloneFunctionObject(JSContext*, JS::Handle<JSFunction*>, JS::Handle<JSObject*>, JS::Handle<JSObject*>, js::gc::AllocKind) More Reports Search
UUID	901f8707-758f-4631-aad0-c634d2130227
Date Processed	2013-02-27 17:46:54
Uptime	173
Install Age	1.9 days since version was first installed.
Install Time	2013-02-25 20:44:33
Product	FennecAndroid
Version	19.0
Build ID	20130215125331
Release Channel	release
OS	Android
OS Version	0.0.0 Linux 3.0.8-perf-T989UVLI1-CL905735 #1 SMP PREEMPT Sat Sep 22 00:14:50 KST 2012 armv7l samsung/SGH-T989/SGH-T989:4.0.4/IMM76D/UVLI1:user/release-keys
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x72363250
App Notes 	
AdapterDescription: 'Qualcomm -- Adreno (TM) 220 -- OpenGL ES 2.0 2184622 -- Model: SGH-T989, Product: SGH-T989, Manufacturer: samsung, Hardware: qcom'
EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ WebGL? WebGL+ Stagefright? Stagefright+ 
samsung SGH-T989
samsung/SGH-T989/SGH-T989:4.0.4/IMM76D/UVLI1:user/release-keys
Processor Notes 	sp-processor03.phx1.mozilla.com_4632:2008; exploitablity tool: ERROR: unable to analyze dump
EMCheckCompatibility	True
Adapter Vendor ID	Qualcomm
Adapter Device ID	Adreno (TM) 220
Device	samsung SGH-T989
Android API Version	15 (REL)
Android CPU ABI	armeabi-v7a

Frame 	Module 	Signature 	Source
0 	libxul.so 	js_CloneFunctionObject 	js/src/jsscope.h:600
1 	libxul.so 	js::CloneFunctionObjectIfNotSingleton 	js/src/jsfuninlines.h:236
2 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:2864
3 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:324
4 	libxul.so 	js::Execute 	js/src/jsinterp.cpp:510
5 	libxul.so 	JS::Evaluate 	js/src/jsapi.cpp:5590
6 	libxul.so 	nsJSContext::EvaluateString 	dom/base/nsJSEnvironment.cpp:1522
7 	libxul.so 	nsScriptLoader::EvaluateScript 	content/base/src/nsScriptLoader.cpp:851
8 	libxul.so 	nsScriptLoader::ProcessRequest 	content/base/src/nsScriptLoader.cpp:743
9 	libxul.so 	nsScriptLoader::ProcessPendingRequests 	content/base/src/nsScriptLoader.cpp:883
10 	libxul.so 	nsScriptLoader::OnStreamComplete 	content/base/src/nsScriptLoader.cpp:1128
11 	libxul.so 	nsStreamLoader::OnStopRequest 	netwerk/base/src/nsStreamLoader.cpp:101
12 	libxul.so 	nsHTTPCompressConv::OnStopRequest 	netwerk/streamconv/converters/nsHTTPCompressConv.cpp:94
13 	libxul.so 	mozilla::net::nsHttpChannel::OnStopRequest 	netwerk/protocol/http/nsHttpChannel.cpp:5014
14 	libxul.so 	nsInputStreamPump::OnStateStop 	netwerk/base/src/nsInputStreamPump.cpp:552
15 	libxul.so 	nsInputStreamPump::OnInputStreamReady 	netwerk/base/src/nsInputStreamPump.cpp:374
16 	libxul.so 	nsInputStreamReadyEvent::Run 	xpcom/io/nsStreamUtils.cpp:82
17 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:627
18 	libxul.so 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:238
19 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:82
20 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:215
21 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:208
22 	libxul.so 	nsBaseAppShell::Run 	widget/xpwidgets/nsBaseAppShell.cpp:163
23 	libxul.so 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:290
24 	libxul.so 	XREMain::XRE_mainRun 	toolkit/xre/nsAppRunner.cpp:3823
25 	libxul.so 	XREMain::XRE_main 	toolkit/xre/nsAppRunner.cpp:3890
26 	libxul.so 	XRE_main 	toolkit/xre/nsAppRunner.cpp:4084

More reports at:
https://crash-stats.mozilla.com/report/list?signature=js_CloneFunctionObject%28JSContext*%2C+JS%3A%3AHandle%3CJSFunction*%3E%2C+JS%3A%3AHandle%3CJSObject*%3E%2C+JS%3A%3AHandle%3CJSObject*%3E%2C+js%3A%3Agc%3A%3AAllocKind%29
(Reporter)

Comment 1

6 years ago
It's a low volume crash in 20.0 including for ARMv6 devices.
Keywords: topcrash
(Reporter)

Comment 2

5 years ago
There have been no crashes for the last four weeks after 20.0.1.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.