Closed Bug 1035249 Opened 10 years ago Closed 10 years ago

crash in jemalloc_crash | arena_dalloc | je_free | free | js::detail::HashTable<JS::Symbol* const, js::HashSet<JS::Symbol*, js::HashSymbolsByDescription, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::changeTableSize(int)

Categories

(Core :: JavaScript Engine, defect)

33 Branch
ARM
Gonk (Firefox OS)
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: nhirata, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-74b095d3-8d79-442c-8e04-254602140706. ============================================================= Crashing Thread Frame Module Signature Source 0 libmozglue.so jemalloc_crash memory/mozjemalloc/jemalloc.c 1 libmozglue.so arena_dalloc memory/mozjemalloc/jemalloc.c 2 libmozglue.so je_free memory/mozjemalloc/jemalloc.c 3 libmozglue.so free memory/build/replace_malloc.c 4 libxul.so js::detail::HashTable<JS::Symbol* const, js::HashSet<JS::Symbol*, js::HashSymbolsByDescription, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::changeTableSize(int) /builds/slave/b2g_m-cen_ham_ntly-00000000000/build/objdir-gecko/js/src/../../dist/include/js/Utility.h:122 5 libxul.so bool js::HashSet<js::Shape*, js::ShapeHasher, js::SystemAllocPolicy>::putNew<js::Shape*&>(js::StackShape const&, js::Shape*&&&) /builds/slave/b2g_m-cen_ham_ntly-00000000000/build/objdir-gecko/js/src/../../dist/include/js/HashTable.h:1342 6 libxul.so js::PropertyTree::insertChild(js::ExclusiveContext*, js::Shape*, js::Shape*) js/src/jspropertytree.cpp 7 libxul.so js::PropertyTree::getChild(js::ExclusiveContext*, js::Shape*, js::StackShape&) js/src/jspropertytree.cpp 8 libxul.so JSObject::getChildProperty(js::ExclusiveContext*, JS::Handle<JSObject*>, JS::Handle<js::Shape*>, js::StackShape&) js/src/vm/Shape.cpp 9 libxul.so js::Shape* JSObject::addPropertyInternal<(js::ExecutionMode)0>(js::ExecutionModeTraits<(js::ExecutionMode)0>::ExclusiveContextType, JS::Handle<JSObject*>, JS::Handle<jsid>, bool (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>), bool (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, bool, JS::MutableHandle<JS::Value>), unsigned int, unsigned int, unsigned int, js::Shape**, bool) js/src/jsobj.h 10 libxul.so js::StaticBlockObject::addVar(js::ExclusiveContext*, JS::Handle<js::StaticBlockObject*>, JS::Handle<jsid>, unsigned int, bool*) js/src/vm/ScopeObject.cpp 11 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::bindLet(js::frontend::BindData<js::frontend::FullParseHandler>*, JS::Handle<js::PropertyName*>, js::frontend::Parser<js::frontend::FullParseHandler>*) js/src/frontend/Parser.cpp 12 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::variables(js::frontend::ParseNodeKind, bool*, js::StaticBlockObject*, js::frontend::VarContext) js/src/frontend/Parser.cpp 13 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::letDeclaration() js/src/frontend/Parser.cpp 14 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::letStatement() js/src/frontend/Parser.cpp 15 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::statement(bool) js/src/frontend/Parser.cpp 16 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::switchStatement() js/src/frontend/Parser.cpp 17 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::statements() js/src/frontend/Parser.cpp 18 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionBody(js::frontend::FunctionSyntaxKind, js::frontend::Parser<js::frontend::FullParseHandler>::FunctionBodyType) js/src/frontend/Parser.cpp 19 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionArgsAndBodyGeneric(js::frontend::ParseNode*, JS::Handle<JSFunction*>, js::frontend::FunctionType, js::frontend::FunctionSyntaxKind, js::frontend::Directives*) js/src/frontend/Parser.cpp 20 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionArgsAndBody(js::frontend::ParseNode*, JS::Handle<JSFunction*>, js::frontend::FunctionType, js::frontend::FunctionSyntaxKind, js::GeneratorKind, js::frontend::Directives, js::frontend::Directives*) js/src/frontend/Parser.cpp 21 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionDef(JS::Handle<js::PropertyName*>, js::frontend::TokenStream::Position const&, js::frontend::FunctionType, js::frontend::FunctionSyntaxKind, js::GeneratorKind) js/src/frontend/Parser.cpp 22 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionExpr() js/src/frontend/Parser.cpp 23 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::primaryExpr(js::frontend::TokenKind) js/src/frontend/Parser.cpp 24 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::memberExpr(js::frontend::TokenKind, bool) js/src/frontend/Parser.cpp 25 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::unaryExpr() js/src/frontend/Parser.cpp 26 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::orExpr1() js/src/frontend/Parser.cpp 27 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::condExpr1() js/src/frontend/Parser.cpp 28 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::assignExpr() js/src/frontend/Parser.cpp 29 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::objectLiteral() js/src/frontend/Parser.cpp 30 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::primaryExpr(js::frontend::TokenKind) js/src/frontend/Parser.cpp 31 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::memberExpr(js::frontend::TokenKind, bool) js/src/frontend/Parser.cpp 32 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::unaryExpr() js/src/frontend/Parser.cpp 33 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::orExpr1() js/src/frontend/Parser.cpp 34 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::condExpr1() js/src/frontend/Parser.cpp 35 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::assignExpr() js/src/frontend/Parser.cpp 36 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::assignExpr() js/src/frontend/Parser.cpp 37 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::expr() js/src/frontend/Parser.cpp 38 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::expressionStatement() js/src/frontend/Parser.cpp 39 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::statements() js/src/frontend/Parser.cpp 40 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::functionBody(js::frontend::FunctionSyntaxKind, js::frontend::Parser<js::frontend::FullParseHandler>::FunctionBodyType) js/src/frontend/Parser.cpp 41 libxul.so js::frontend::Parser<js::frontend::FullParseHandler>::standaloneFunctionBody(JS::Handle<JSFunction*>, js::AutoNameVector const&, js::GeneratorKind, js::frontend::Directives, js::frontend::Directives*) js/src/frontend/Parser.cpp 42 libxul.so CompileFunctionBody js/src/frontend/BytecodeCompiler.cpp 43 libxul.so js::frontend::CompileFunctionBody(JSContext*, JS::MutableHandle<JSFunction*>, JS::ReadOnlyCompileOptions const&, js::AutoNameVector const&, JS::SourceBufferHolder&) js/src/frontend/BytecodeCompiler.cpp 44 libxul.so JS::CompileFunction(JSContext*, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, char const*, unsigned int, char const* const*, JS::SourceBufferHolder&, JS::MutableHandle<JSFunction*>) js/src/jsapi.cpp 45 libxul.so JS::CompileFunction js/src/jsapi.cpp 46 libxul.so JS::CompileFunction(JSContext*, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, char const*, unsigned int, char const* const*, char const*, unsigned int, JS::MutableHandle<JSFunction*>) js/src/jsapi.cpp 47 libxul.so mozJSComponentLoader::ObjectForLocation(ComponentLoaderInfo&, nsIFile*, JS::MutableHandle<JSObject*>, JS::MutableHandle<JSScript*>, char**, bool, JS::MutableHandle<JS::Value>) js/xpconnect/loader/mozJSComponentLoader.cpp 48 libxul.so mozJSComponentLoader::ImportInto(nsACString_internal const&, JS::Handle<JSObject*>, JSContext*, JS::MutableHandle<JSObject*>) js/xpconnect/loader/mozJSComponentLoader.cpp 49 libxul.so mozJSComponentLoader::Import(nsACString_internal const&, JS::Handle<JS::Value>, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) js/xpconnect/loader/mozJSComponentLoader.cpp 50 libxul.so nsXPCComponents_Utils::Import(nsACString_internal const&, JS::Handle<JS::Value>, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) js/xpconnect/src/XPCComponents.cpp 51 libxul.so NS_InvokeByIndex xpcom/reflect/xptcall/md/unix/xptcinvoke_arm.cpp 52 libxul.so XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp 53 libxul.so XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) js/xpconnect/src/XPCWrappedNativeJSOps.cpp 54 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/jscntxtinlines.h 55 libxul.so Interpret js/src/vm/Interpreter.cpp 56 libxul.so js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 57 libxul.so js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::ExecuteType, js::AbstractFramePtr, JS::Value*) js/src/vm/Interpreter.cpp 58 libxul.so js::Execute(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value*) js/src/vm/Interpreter.cpp 59 libxul.so Evaluate js/src/jsapi.cpp 60 libxul.so JS::Evaluate(JSContext*, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&) js/src/jsapi.cpp 61 libxul.so nsJSUtils::EvaluateString(JSContext*, JS::SourceBufferHolder&, JS::Handle<JSObject*>, JS::CompileOptions&, nsJSUtils::EvaluateOptions const&, JS::MutableHandle<JS::Value>, void**) dom/base/nsJSUtils.cpp 62 libxul.so nsJSUtils::EvaluateString(JSContext*, JS::SourceBufferHolder&, JS::Handle<JSObject*>, JS::CompileOptions&, void**) dom/base/nsJSUtils.cpp 63 libxul.so nsScriptLoader::EvaluateScript(nsScriptLoadRequest*, JS::SourceBufferHolder&, void**) content/base/src/nsScriptLoader.cpp 64 libxul.so nsScriptLoader::ProcessRequest(nsScriptLoadRequest*, void**) content/base/src/nsScriptLoader.cpp 65 libxul.so nsScriptLoader::ProcessScriptElement(nsIScriptElement*) content/base/src/nsScriptLoader.cpp 66 libxul.so nsScriptElement::MaybeProcessScript() content/base/src/nsScriptElement.cpp 67 libxul.so nsIScriptElement::AttemptToExecute() /builds/slave/b2g_m-cen_ham_ntly-00000000000/build/objdir-gecko/parser/html/../../dist/include/nsIScriptElement.h:220 68 libxul.so nsHtml5TreeOpExecutor::RunScript(nsIContent*) parser/html/nsHtml5TreeOpExecutor.cpp 69 libxul.so nsHtml5TreeOpExecutor::RunFlushLoop() parser/html/nsHtml5TreeOpExecutor.cpp 70 libxul.so nsHtml5ExecutorFlusher::Run() parser/html/nsHtml5StreamParser.cpp 71 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 72 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 73 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 74 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 75 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 76 libxul.so nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 77 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 78 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 79 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp 80 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp 81 b2g main b2g/app/nsBrowserApp.cpp 82 libc.so __libc_init bionic/libc/bionic/libc_init_dynamic.c:114 83 @0xb0001dc5 84 b2g NS_StringSetData More Reports: https://crash-stats.mozilla.com/report/list?signature=jemalloc_crash%20|%20arena_dalloc%20|%20je_free%20|%20free%20|%20js%3A%3Adetail%3A%3AHashTable%3CJS%3A%3ASymbol*%20const%2C%20js%3A%3AHashSet%3CJS%3A%3ASymbol*%2C%20js%3A%3AHashSymbolsByDescription%2C%20js%3A%3ASystemAllocPolicy%3E%3A%3ASetOps%2C%20js%3A%3ASystemAllocPolicy%3E%3A%3AchangeTableSize%28int%29#tab-reports First crash seen : 7/4 20140704151451 Startup crash
The jump from frame 5 to frame 4 (different kind of hash table) is surprising. I don't see any crashes with this signature on Socorro now, so I guess I should close this. If you can reproduce it, reopen and ni? me.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.