Closed
Bug 1035249
Opened 10 years ago
Closed 10 years ago
crash in jemalloc_crash | arena_dalloc | je_free | free | js::detail::HashTable<JS::Symbol* const, js::HashSet<JS::Symbol*, js::HashSymbolsByDescription, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::changeTableSize(int)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: nhirata, Unassigned)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-74b095d3-8d79-442c-8e04-254602140706.
=============================================================
Crashing Thread
Frame Module Signature Source
0 libmozglue.so jemalloc_crash memory/mozjemalloc/jemalloc.c
1 libmozglue.so arena_dalloc memory/mozjemalloc/jemalloc.c
2 libmozglue.so je_free memory/mozjemalloc/jemalloc.c
3 libmozglue.so free memory/build/replace_malloc.c
4 libxul.so js::detail::HashTable<JS::Symbol* const, js::HashSet<JS::Symbol*, js::HashSymbolsByDescription, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::changeTableSize(int) /builds/slave/b2g_m-cen_ham_ntly-00000000000/build/objdir-gecko/js/src/../../dist/include/js/Utility.h:122
5 libxul.so bool js::HashSet<js::Shape*, js::ShapeHasher, js::SystemAllocPolicy>::putNew<js::Shape*&>(js::StackShape const&, js::Shape*&&&) /builds/slave/b2g_m-cen_ham_ntly-00000000000/build/objdir-gecko/js/src/../../dist/include/js/HashTable.h:1342
6 libxul.so js::PropertyTree::insertChild(js::ExclusiveContext*, js::Shape*, js::Shape*) js/src/jspropertytree.cpp
7 libxul.so js::PropertyTree::getChild(js::ExclusiveContext*, js::Shape*, js::StackShape&) js/src/jspropertytree.cpp
8 libxul.so JSObject::getChildProperty(js::ExclusiveContext*, JS::Handle<JSObject*>, JS::Handle<js::Shape*>, js::StackShape&) js/src/vm/Shape.cpp
9 libxul.so js::Shape* JSObject::addPropertyInternal<(js::ExecutionMode)0>(js::ExecutionModeTraits<(js::ExecutionMode)0>::ExclusiveContextType, JS::Handle<JSObject*>, JS::Handle<jsid>, bool (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>), bool (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, bool, JS::MutableHandle<JS::Value>), unsigned int, unsigned int, unsigned int, js::Shape**, bool) js/src/jsobj.h
10 libxul.so js::StaticBlockObject::addVar(js::ExclusiveContext*, JS::Handle<js::StaticBlockObject*>, JS::Handle<jsid>, unsigned int, bool*) js/src/vm/ScopeObject.cpp
11 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::bindLet(js::frontend::BindData<js::frontend::FullParseHandler>*, JS::Handle<js::PropertyName*>, js::frontend::Parser<js::frontend::FullParseHandler>*) js/src/frontend/Parser.cpp
12 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::variables(js::frontend::ParseNodeKind, bool*, js::StaticBlockObject*, js::frontend::VarContext) js/src/frontend/Parser.cpp
13 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::letDeclaration() js/src/frontend/Parser.cpp
14 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::letStatement() js/src/frontend/Parser.cpp
15 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::statement(bool) js/src/frontend/Parser.cpp
16 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::switchStatement() js/src/frontend/Parser.cpp
17 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::statements() js/src/frontend/Parser.cpp
18 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionBody(js::frontend::FunctionSyntaxKind, js::frontend::Parser<js::frontend::FullParseHandler>::FunctionBodyType) js/src/frontend/Parser.cpp
19 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionArgsAndBodyGeneric(js::frontend::ParseNode*, JS::Handle<JSFunction*>, js::frontend::FunctionType, js::frontend::FunctionSyntaxKind, js::frontend::Directives*) js/src/frontend/Parser.cpp
20 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionArgsAndBody(js::frontend::ParseNode*, JS::Handle<JSFunction*>, js::frontend::FunctionType, js::frontend::FunctionSyntaxKind, js::GeneratorKind, js::frontend::Directives, js::frontend::Directives*) js/src/frontend/Parser.cpp
21 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionDef(JS::Handle<js::PropertyName*>, js::frontend::TokenStream::Position const&, js::frontend::FunctionType, js::frontend::FunctionSyntaxKind, js::GeneratorKind) js/src/frontend/Parser.cpp
22 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionExpr() js/src/frontend/Parser.cpp
23 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::primaryExpr(js::frontend::TokenKind) js/src/frontend/Parser.cpp
24 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::memberExpr(js::frontend::TokenKind, bool) js/src/frontend/Parser.cpp
25 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::unaryExpr() js/src/frontend/Parser.cpp
26 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::orExpr1() js/src/frontend/Parser.cpp
27 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::condExpr1() js/src/frontend/Parser.cpp
28 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::assignExpr() js/src/frontend/Parser.cpp
29 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::objectLiteral() js/src/frontend/Parser.cpp
30 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::primaryExpr(js::frontend::TokenKind) js/src/frontend/Parser.cpp
31 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::memberExpr(js::frontend::TokenKind, bool) js/src/frontend/Parser.cpp
32 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::unaryExpr() js/src/frontend/Parser.cpp
33 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::orExpr1() js/src/frontend/Parser.cpp
34 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::condExpr1() js/src/frontend/Parser.cpp
35 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::assignExpr() js/src/frontend/Parser.cpp
36 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::assignExpr() js/src/frontend/Parser.cpp
37 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::expr() js/src/frontend/Parser.cpp
38 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::expressionStatement() js/src/frontend/Parser.cpp
39 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::statements() js/src/frontend/Parser.cpp
40 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionBody(js::frontend::FunctionSyntaxKind, js::frontend::Parser<js::frontend::FullParseHandler>::FunctionBodyType) js/src/frontend/Parser.cpp
41 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::standaloneFunctionBody(JS::Handle<JSFunction*>, js::AutoNameVector const&, js::GeneratorKind, js::frontend::Directives, js::frontend::Directives*) js/src/frontend/Parser.cpp
42 libxul.so CompileFunctionBody js/src/frontend/BytecodeCompiler.cpp
43 libxul.so js::frontend::CompileFunctionBody(JSContext*, JS::MutableHandle<JSFunction*>, JS::ReadOnlyCompileOptions const&, js::AutoNameVector const&, JS::SourceBufferHolder&) js/src/frontend/BytecodeCompiler.cpp
44 libxul.so JS::CompileFunction(JSContext*, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, char const*, unsigned int, char const* const*, JS::SourceBufferHolder&, JS::MutableHandle<JSFunction*>) js/src/jsapi.cpp
45 libxul.so JS::CompileFunction js/src/jsapi.cpp
46 libxul.so JS::CompileFunction(JSContext*, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, char const*, unsigned int, char const* const*, char const*, unsigned int, JS::MutableHandle<JSFunction*>) js/src/jsapi.cpp
47 libxul.so mozJSComponentLoader::ObjectForLocation(ComponentLoaderInfo&, nsIFile*, JS::MutableHandle<JSObject*>, JS::MutableHandle<JSScript*>, char**, bool, JS::MutableHandle<JS::Value>) js/xpconnect/loader/mozJSComponentLoader.cpp
48 libxul.so mozJSComponentLoader::ImportInto(nsACString_internal const&, JS::Handle<JSObject*>, JSContext*, JS::MutableHandle<JSObject*>) js/xpconnect/loader/mozJSComponentLoader.cpp
49 libxul.so mozJSComponentLoader::Import(nsACString_internal const&, JS::Handle<JS::Value>, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) js/xpconnect/loader/mozJSComponentLoader.cpp
50 libxul.so nsXPCComponents_Utils::Import(nsACString_internal const&, JS::Handle<JS::Value>, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) js/xpconnect/src/XPCComponents.cpp
51 libxul.so NS_InvokeByIndex xpcom/reflect/xptcall/md/unix/xptcinvoke_arm.cpp
52 libxul.so XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp
53 libxul.so XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) js/xpconnect/src/XPCWrappedNativeJSOps.cpp
54 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/jscntxtinlines.h
55 libxul.so Interpret js/src/vm/Interpreter.cpp
56 libxul.so js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp
57 libxul.so js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::ExecuteType, js::AbstractFramePtr, JS::Value*) js/src/vm/Interpreter.cpp
58 libxul.so js::Execute(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value*) js/src/vm/Interpreter.cpp
59 libxul.so Evaluate js/src/jsapi.cpp
60 libxul.so JS::Evaluate(JSContext*, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&) js/src/jsapi.cpp
61 libxul.so nsJSUtils::EvaluateString(JSContext*, JS::SourceBufferHolder&, JS::Handle<JSObject*>, JS::CompileOptions&, nsJSUtils::EvaluateOptions const&, JS::MutableHandle<JS::Value>, void**) dom/base/nsJSUtils.cpp
62 libxul.so nsJSUtils::EvaluateString(JSContext*, JS::SourceBufferHolder&, JS::Handle<JSObject*>, JS::CompileOptions&, void**) dom/base/nsJSUtils.cpp
63 libxul.so nsScriptLoader::EvaluateScript(nsScriptLoadRequest*, JS::SourceBufferHolder&, void**) content/base/src/nsScriptLoader.cpp
64 libxul.so nsScriptLoader::ProcessRequest(nsScriptLoadRequest*, void**) content/base/src/nsScriptLoader.cpp
65 libxul.so nsScriptLoader::ProcessScriptElement(nsIScriptElement*) content/base/src/nsScriptLoader.cpp
66 libxul.so nsScriptElement::MaybeProcessScript() content/base/src/nsScriptElement.cpp
67 libxul.so nsIScriptElement::AttemptToExecute() /builds/slave/b2g_m-cen_ham_ntly-00000000000/build/objdir-gecko/parser/html/../../dist/include/nsIScriptElement.h:220
68 libxul.so nsHtml5TreeOpExecutor::RunScript(nsIContent*) parser/html/nsHtml5TreeOpExecutor.cpp
69 libxul.so nsHtml5TreeOpExecutor::RunFlushLoop() parser/html/nsHtml5TreeOpExecutor.cpp
70 libxul.so nsHtml5ExecutorFlusher::Run() parser/html/nsHtml5StreamParser.cpp
71 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp
72 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp
73 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp
74 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc
75 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc
76 libxul.so nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp
77 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp
78 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp
79 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp
80 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp
81 b2g main b2g/app/nsBrowserApp.cpp
82 libc.so __libc_init bionic/libc/bionic/libc_init_dynamic.c:114
83 @0xb0001dc5
84 b2g NS_StringSetData
More Reports: https://crash-stats.mozilla.com/report/list?signature=jemalloc_crash%20|%20arena_dalloc%20|%20je_free%20|%20free%20|%20js%3A%3Adetail%3A%3AHashTable%3CJS%3A%3ASymbol*%20const%2C%20js%3A%3AHashSet%3CJS%3A%3ASymbol*%2C%20js%3A%3AHashSymbolsByDescription%2C%20js%3A%3ASystemAllocPolicy%3E%3A%3ASetOps%2C%20js%3A%3ASystemAllocPolicy%3E%3A%3AchangeTableSize%28int%29#tab-reports
First crash seen : 7/4
20140704151451
Startup crash
Comment 1•10 years ago
|
||
The jump from frame 5 to frame 4 (different kind of hash table) is surprising.
I don't see any crashes with this signature on Socorro now, so I guess I should close this. If you can reproduce it, reopen and ni? me.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•