Closed Bug 898387 Opened 11 years ago Closed 11 years ago

Permaorange - PROCESS-CRASH | /tests/content/base/test/test_bug435425.html | application crashed [@ js::ObjectImpl::setSlot(unsigned int, JS::Value const&)]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: cbook, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Android 4.0 Panda mozilla-inbound opt test mochitest-1 on 2013-07-26 01:56:53 PDT for push 44ebfcf61a6c

slave: panda-0810

https://tbpl.mozilla.org/php/getParsedLog.php?id=25764937&tree=Mozilla-Inbound

PROCESS-CRASH | /tests/content/base/test/test_bug435425.html | application crashed [@ js::ObjectImpl::setSlot(unsigned int, JS::Value const&)]

PROCESS-CRASH | /tests/content/base/test/test_bug435425.html | application crashed [@ js::ObjectImpl::setSlot(unsigned int, JS::Value const&)]
02:10:38     INFO -  Crash dump filename: /tmp/tmppZYcOS/654ec57d-5c5a-01d4-0a62b963-4c6be829.dmp
02:10:38     INFO -  Operating system: Android
02:10:38     INFO -                    0.0.0 Linux 3.2.0+ #2 SMP PREEMPT Thu Nov 29 08:06:57 EST 2012 armv7l pandaboard/pandaboard/pandaboard:4.0.4/IMM76I/5:eng/test-keys
02:10:38     INFO -  CPU: arm
02:10:38     INFO -       2 CPUs
02:10:38     INFO -  Crash reason:  SIGBUS
02:10:38     INFO -  Crash address: 0x5d50a4a1
02:10:38     INFO -  Thread 14 (crashed)
02:10:38     INFO -   0  libxul.so!js::ObjectImpl::setSlot(unsigned int, JS::Value const&) [Barrier-inl.h:44ebfcf61a6c : 351 + 0x0]
02:10:38     INFO -       r4 = 0x706f0148    r5 = 0x5d50a4a1    r6 = 0x6b6f0f50    r7 = 0x00ffffff
02:10:38     INFO -       r8 = 0x63d48fb4    r9 = 0x5d50a39c   r10 = 0x00000000    fp = 0x00000000
02:10:38     INFO -       sp = 0x5d50a210    lr = 0x634deb7d    pc = 0x634deb7c
02:10:38     INFO -      Found by: given as instruction pointer in context
02:10:38     INFO -   1  libxul.so!DefinePropertyOrElement [jsobjinlines.h:44ebfcf61a6c : 682 + 0xb]
02:10:38     INFO -       r4 = 0x02000000    r5 = 0x5d50a398    r6 = 0x6b6f0f50    r7 = 0x00ffffff
02:10:38     INFO -       r8 = 0x63d48fb4    r9 = 0x5d50a39c   r10 = 0x00000000    fp = 0x00000000
02:10:38     INFO -       sp = 0x5d50a220    pc = 0x635ad69d
02:10:38     INFO -      Found by: call frame info
02:10:38     INFO -   2  libxul.so!js::DefineNativeProperty(js::ExclusiveContext*, JS::Handle<JSObject*>, JS::Handle<int>, JS::Handle<JS::Value>, int (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<int>, JS::MutableHandle<JS::Value>), int (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<int>, int, JS::MutableHandle<JS::Value>), unsigned int, unsigned int, int, unsigned int) [jsobj.cpp:44ebfcf61a6c : 3665 + 0x21]
02:10:38     INFO -       r4 = 0x6354dfad    r5 = 0x00000000    r6 = 0x5d50a39c    r7 = 0x00000000
02:10:38     INFO -       r8 = 0x5d50a398    r9 = 0x5d50a4a1   r10 = 0x63de66f8    fp = 0x6354dfa9
02:10:38     INFO -       sp = 0x5d50a2c0    pc = 0x635aefb9
02:10:38     INFO -      Found by: call frame info
02:10:38     INFO -   3  libxul.so!js::ion::DoSetPropFallback [BaselineIC.cpp:44ebfcf61a6c : 6320 + 0x2b]
02:10:38     INFO -       r4 = 0x6aba8646    r5 = 0x7103e628    r6 = 0x6b6f0f50    r7 = 0x6c3e4998
02:10:38     INFO -       r8 = 0x5d50a4a1    r9 = 0x63d48fb4   r10 = 0x00000000    fp = 0x0000005d
02:10:38     INFO -       sp = 0x5d50a358    pc = 0x6361836b
02:10:38     INFO -      Found by: call frame info
02:10:38     INFO -   4  0x5d6a17fa
02:10:38     INFO -       r4 = 0x5d50a479    r5 = 0x5d50a491    r6 = 0x710646a0    r7 = 0xffffff87
02:10:38     INFO -       r8 = 0x685ce800    r9 = 0x6c3e4998   r10 = 0x00000720    fp = 0x5d50b0ac
02:10:38     INFO -       sp = 0x5d50a468    pc = 0x5d6a17fc
02:10:38     INFO -      Found by: call frame info
02:10:38     INFO -   5  data@app@org.mozilla.fennec-1.apk@classes.dex + 0x6ac67
02:10:38     INFO -       sp = 0x5d50a48c    pc = 0x5ba3fc69
02:10:38     INFO -      Found by: stack scanning
02:10:38     INFO -   6  dalvik-heap (deleted) + 0xffafffe
02:10:38     INFO -       sp = 0x5d50a494    pc = 0x50b08000
02:10:38     INFO -      Found by: stack scanning
possible caused by bug 888088 backed out now a suspious changeset
Crash Signature: [@js::ObjectImpl::setSlot(unsigned int,JS::Value const&)] → [@ js::ObjectImpl::setSlot(unsigned int, JS::Value const&)]
Looks like Android M1/M8/J1 and B2G M1/M2 did indeed go green after those two changesets were backed out.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.