Closed Bug 1022910 Opened 10 years ago Closed 9 years ago

Intermittent b2ginstance.py | application crashed [@ js::GCMarker::GrayCallback(JSTracer*, void**, JSGCTraceKind)]

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: RyanVM, Unassigned)

Details

(Keywords: crash, intermittent-failure) 

Hard to believe this isn't related to one of the other eleventy billion B2G b2ginstance.py crashes, but the stack was different enough from the others on file that I decided it might as well have its own bug.

https://tbpl.mozilla.org/php/getParsedLog.php?id=41377797&tree=Mozilla-Inbound

b2g_emulator_vm mozilla-inbound opt test crashtest-2 on 2014-06-09 12:58:42 PDT for push 687e8799e88f
slave: tst-linux64-spot-984

13:04:24     INFO -  REFTEST INFO | runreftest.py | Running tests: start.
13:06:40     INFO -  mozcrash INFO | Downloading symbols from: http://pvtbuilds.pvt.build.mozilla.org/pub/mozilla.org/b2g/tinderbox-builds/mozilla-inbound-emulator/20140609110339/b2g-32.0a1.en-US.android-arm.crashreporter-symbols.zip
13:07:04  WARNING -  PROCESS-CRASH | b2ginstance.py | application crashed [@ js::GCMarker::GrayCallback(JSTracer*, void**, JSGCTraceKind)]
13:07:04     INFO -  Crash dump filename: /tmp/tmp0mHbzA/1ffc6661-7eac-b335-4be5c535-45a51313.dmp
13:07:04     INFO -  Operating system: Android
13:07:04     INFO -                    0.0.0 Linux 2.6.29-00302-g586075d #31 Mon Feb 24 10:28:23 PST 2014 armv7l Android/full/generic:4.0.4.0.4.0.4/OPENMASTER/eng.cltbld.20140609.144041:eng/test-keys
13:07:04     INFO -  CPU: arm
13:07:04     INFO -       0 CPUs
13:07:04     INFO -  Crash reason:  SIGSEGV
13:07:04     INFO -  Crash address: 0x0
13:07:04     INFO -  Thread 0 (crashed)
13:07:04     INFO -   0  libxul.so!js::GCMarker::GrayCallback(JSTracer*, void**, JSGCTraceKind) [HeapAPI.h : 157 + 0x0]
13:07:04     INFO -       r4 = 0x402c221c    r5 = 0x00000000    r6 = 0x4864d270    r7 = 0x40ca07f5
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2c88    lr = 0x41c16ed3    pc = 0x41c1b5a2
13:07:04     INFO -      Found by: given as instruction pointer in context
13:07:04     INFO -   1  libxul.so!MarkInternal<JSString> [Marking.cpp:687e8799e88f : 283 + 0x3]
13:07:04     INFO -       r4 = 0x402c221c    r5 = 0x402c221c    r6 = 0x46977b80    r7 = 0x40ca07f5
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2cb0    pc = 0x41c16ed3
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -   2  libxul.so!js::gc::MarkKind [Marking.cpp:687e8799e88f : 559 + 0x5]
13:07:04     INFO -       r4 = 0x402c221c    r5 = 0x402c221c    r6 = 0x46977b80    r7 = 0x40ca07f5
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2cb8    pc = 0x41c18183
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -   3  libxul.so!js::gc::MarkSlot + 0x45
13:07:04     INFO -       r4 = 0x46977ba8    r5 = 0x402c221c    r6 = 0x46977b80    r7 = 0x40ca07f5
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2cc8    pc = 0x41c1846b
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -   4  libxul.so!JS_CallHeapValueTracer(JSTracer*, JS::Heap<JS::Value>*, char const*) [Tracer.cpp:687e8799e88f : 61 + 0x3]
13:07:04     INFO -       r4 = 0xbeec2d04    r5 = 0x402c221c    r6 = 0x46977b80    r7 = 0x40ca07f5
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2cd8    pc = 0x41c1ae5b
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -   5  libxul.so!JsGcTracer::Trace(JS::Heap<JS::Value>*, char const*, void*) const [CycleCollectedJSRuntime.cpp:687e8799e88f : 792 + 0x5]
13:07:04     INFO -       r4 = 0xbeec2d04    r5 = 0x402c221c    r6 = 0x46977b80    r7 = 0x40ca07f5
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2ce0    pc = 0x40ca07fd
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -   6  libxul.so!mozilla::dom::DOMRequest::cycleCollection::Trace(void*, TraceCallbacks const&, void*) [DOMRequest.cpp:687e8799e88f : 46 + 0x11]
13:07:04     INFO -       r4 = 0xbeec2d04    r5 = 0x402c221c    r6 = 0x46977b80    r7 = 0x40ca07f5
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2ce8    pc = 0x413c4051
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -   7  libxul.so!TraceJSHolder [CycleCollectedJSRuntime.cpp:687e8799e88f : 829 + 0x3]
13:07:04     INFO -       r4 = 0x413c4031    r5 = 0x46977b80    r6 = 0x40c9ff79    r7 = 0x00000800
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2d00    pc = 0x40c9feaf
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -   8  libxul.so!nsBaseHashtable<nsPtrHashKey<void>, nsScriptObjectTracer*, nsScriptObjectTracer*>::s_EnumStub(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*) [nsBaseHashtable.h : 404 + 0x7]
13:07:04     INFO -       r4 = 0x40c9fe91    r5 = 0x450a99b4    r6 = 0x40c9ff79    r7 = 0x00000800
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2d18    pc = 0x40c9ff89
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -   9  libxul.so!PL_DHashTableEnumerate(PLDHashTable*, PLDHashOperator (*)(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*), void*) [pldhash.cpp:687e8799e88f : 662 + 0x11]
13:07:04     INFO -       r4 = 0x40283018    r5 = 0x450a99b4    r6 = 0x40c9ff79    r7 = 0x00000800
13:07:04     INFO -       r8 = 0x0000000c    r9 = 0x0000024a   r10 = 0x00000000    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2d20    pc = 0x40c951f7
13:07:04     INFO -      Found by: call frame info
13:07:04     INFO -  10  libxul.so!mozilla::CycleCollectedJSRuntime::TraceNativeGrayRoots(JSTracer*) [nsBaseHashtable.h : 208 + 0x3]
13:07:04     INFO -       r4 = 0x40283000    r5 = 0x402c221c    r6 = 0x402c22d8    r7 = 0x00000001
13:07:04     INFO -       r8 = 0x00000000    r9 = 0x00000000   r10 = 0x402c221c    fp = 0x00000000
13:07:04     INFO -       sp = 0xbeec2d60    pc = 0x40ca0297
13:07:04     INFO -      Found by: call frame info
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #2)
It's unlikely to be related to Waldo's patch AFAICS.
We're dereferencing null while marking a string value gray.  Null string value perhaps?
I agree with comment 3.  That push was purely moving code around, no changes at all.
Flags: needinfo?(jwalden+bmo)
FWIW, I agree too or I would have backed this out a long time ago ;)
Inactive; closing (see bug 1180138).
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.