crash in JSCompartment::addDebuggee @ JSFunction::createScriptForLazilyInterpretedFunction

NEW
Unassigned

Status

()

--
critical
5 years ago
2 years ago

People

(Reporter: scoobidiver, Unassigned)

Tracking

({crash, regression})

24 Branch
crash, regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox23 unaffected, firefox24 affected, firefox25 affected, firefox31 affected, firefox47 affected, firefox48 fix-optional, firefox49 fix-optional, firefox-esr31 affected, firefox-esr45 affected, firefox50 fix-optional, firefox51 fix-optional)

Details

(crash signature)

(Reporter)

Description

5 years ago
This bug tracks crashes not fixed by bug 883544's patch.

Signature 	JSFunction::createScriptForLazilyInterpretedFunction(JSContext*, JS::Handle<JSFunction*>) More Reports Search
UUID 	1e727ec6-8c68-4cf1-99ea-37db72130731
Date Processed	2013-07-31 09:05:17.876593
Uptime	1880
Last Crash	321535 seconds before submission
Install Age 	64346 since version was first installed.
Install Time 	2013-07-30 15:12:45
Product 	Firefox
Version 	24.0a2
Build ID 	20130730004004
Release Channel 	aurora
OS 	Windows NT
OS Version 	6.1.7601 Service Pack 1
Build Architecture 	x86
Build Architecture Info 	GenuineIntel family 6 model 30 stepping 5 | 8
Crash Reason 	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 	0xffffffffdadadae2
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x6899, AdapterSubsysID: 29701682, AdapterDriverVersion: 12.104.0.0
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 

Frame 	Module 	Signature 	Source
0 	mozjs.dll 	JSFunction::createScriptForLazilyInterpretedFunction(JSContext *,JS::Handle<JSFunction *>) 	js/src/jsfun.cpp
1 	mozjs.dll 	JSFunction::getOrCreateScript(JSContext *) 	js/src/jsfun.h
2 	mozjs.dll 	JSFunction::createScriptForLazilyInterpretedFunction(JSContext *,JS::Handle<JSFunction *>) 	js/src/jsfun.cpp
3 	mozjs.dll 	JSFunction::getOrCreateScript(JSContext *) 	js/src/jsfun.h
4 	mozjs.dll 	CreateLazyScriptsForCompartment 	js/src/jscompartment.cpp
5 	mozjs.dll 	JSCompartment::addDebuggee(JSContext *,js::GlobalObject *,js::AutoDebugModeGC &) 	js/src/jscompartment.cpp
6 	mozjs.dll 	js::Debugger::addDebuggeeGlobal(JSContext *,JS::Handle<js::GlobalObject *>,js::AutoDebugModeGC &) 	js/src/vm/Debugger.cpp
7 	mozjs.dll 	js::Debugger::addDebuggeeGlobal(JSContext *,JS::Handle<js::GlobalObject *>) 	js/src/vm/Debugger.cpp
8 	mozjs.dll 	js::Debugger::addDebuggee(JSContext *,unsigned int,JS::Value *) 	js/src/vm/Debugger.cpp
9 	mozjs.dll 	js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
10 	mozjs.dll 	Interpret 	js/src/vm/Interpreter.cpp
11 	mozjs.dll 	js::RunScript(JSContext *,js::RunState &) 	js/src/vm/Interpreter.cpp
12 	mozjs.dll 	js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
13 	mozjs.dll 	js::CallOrConstructBoundFunction(JSContext *,unsigned int,JS::Value *) 	js/src/jsfun.cpp
14 	mozjs.dll 	js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
15 	mozjs.dll 	Interpret 	js/src/vm/Interpreter.cpp
16 	mozjs.dll 	js::RunScript(JSContext *,js::RunState &) 	js/src/vm/Interpreter.cpp
17 	mozjs.dll 	js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
18 	mozjs.dll 	Interpret 	js/src/vm/Interpreter.cpp
19 	mozjs.dll 	js::BaseShape::getUnowned(JSContext *,js::StackBaseShape const &) 	js/src/vm/Shape.cpp
...

More reports at:
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=JSFunction%3A%3AcreateScriptForLazilyInterpretedFunction%28JSContext*%2C+JS%3A%3AHandle%3CJSFunction*%3E%29
(Assignee)

Updated

4 years ago
Assignee: general → nobody
Duplicate of this bug: 1059355
status-firefox31: --- → affected
status-firefox-esr31: --- → affected
Jim, the debugger seems to be on the stack, do you happen to know what's going on here?
Flags: needinfo?(jimb)
At least some of this is bug 1005306, which I'm currently looking into again. Looking over the crash signatures there might be multiple causes, though. I'll update this bug accordingly.
Flags: needinfo?(jimb)
See Also: → bug 1157963
Bug 1157963 might be a dupe of this?

Till, are you still working on this?
Flags: needinfo?(till)

Updated

3 years ago
Crash Signature: [@ JSFunction::createScriptForLazilyInterpretedFunction(JSContext*, JS::Handle<JSFunction*>)] → [@ JSFunction::createScriptForLazilyInterpretedFunction(JSContext*, JS::Handle<JSFunction*>)] [@ JSFunction::createScriptForLazilyInterpretedFunction]
Flags: needinfo?(till)
Crash volume for signature 'JSFunction::createScriptForLazilyInterpretedFunction':
 - nightly(version 50):0 crashes from 2016-06-06.
 - aurora (version 49):0 crashes from 2016-06-07.
 - beta   (version 48):51 crashes from 2016-06-06.
 - release(version 47):71 crashes from 2016-05-31.
 - esr    (version 45):2 crashes from 2016-04-07.

Crash volume on the last weeks:
            W. N-1  W. N-2  W. N-3  W. N-4  W. N-5  W. N-6  W. N-7
 - nightly       0       0       0       0       0       0       0
 - aurora        0       0       0       0       0       0       0
 - beta          5       5       1       3      11      12      13
 - release      11      22       7       5       7       9       8
 - esr           0       0       0       0       2       0       0

Affected platforms: Windows, Mac OS X, Linux
status-firefox47: --- → affected
status-firefox48: --- → affected
status-firefox-esr45: --- → affected
status-firefox48: affected → fix-optional
status-firefox49: --- → fix-optional
status-firefox50: --- → fix-optional
status-firefox51: --- → fix-optional
You need to log in before you can comment on or make changes to this bug.