Closed
Bug 1142787
Opened 10 years ago
Closed 9 years ago
Intermittent browser_ruleview_style-editor-link.js | application crashed [@ 0x5a5a5a5a][@ mozilla::dom::NodeBinding::appendChild]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: RyanVM, Unassigned)
Details
(Keywords: crash, intermittent-failure, sec-other)
13:39:56 INFO - 5582 ERROR TEST-UNEXPECTED-FAIL | browser/devtools/styleinspector/test/browser_ruleview_style-editor-link.js | application terminated with exit code 11
13:39:56 INFO - runtests.py | Application ran for: 0:03:31.631212
13:39:56 INFO - zombiecheck | Reading PID log: /tmp/tmpx7gdx2pidlog
13:39:56 INFO - mozcrash Downloading symbols from: https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/fx-team-linux/1426185837/firefox-39.0a1.en-US.linux-i686.crashreporter-symbols.zip
13:40:18 INFO - mozcrash Saved minidump as /builds/slave/test/build/blobber_upload_dir/2bbc411c-92ee-b670-5d949a88-29d503d9.dmp
13:40:18 INFO - mozcrash Saved app info as /builds/slave/test/build/blobber_upload_dir/2bbc411c-92ee-b670-5d949a88-29d503d9.extra
13:40:18 WARNING - PROCESS-CRASH | browser/devtools/styleinspector/test/browser_ruleview_style-editor-link.js | application crashed [@ 0x5a5a5a5a]
13:40:18 INFO - Crash dump filename: /tmp/tmpEBEOqq.mozrunner/minidumps/2bbc411c-92ee-b670-5d949a88-29d503d9.dmp
13:40:18 INFO - Operating system: Linux
13:40:18 INFO - 0.0.0 Linux 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686
13:40:18 INFO - CPU: x86
13:40:18 INFO - GenuineIntel family 6 model 45 stepping 7
13:40:18 INFO - 1 CPU
13:40:18 INFO - Crash reason: SIGSEGV
13:40:18 INFO - Crash address: 0x5a5a5a5a
13:40:18 INFO - Thread 0 (crashed)
13:40:18 INFO - 0 0x5a5a5a5a
13:40:18 INFO - eip = 0x5a5a5a5a esp = 0xbf9a24fc ebp = 0xbf9a2698 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xb7225500 edi = 0x8719dea0 eax = 0x8719dea4 ecx = 0x00000000
13:40:18 INFO - edx = 0xbf9a26e0 efl = 0x00210282
13:40:18 INFO - Found by: given as instruction pointer in context
13:40:18 INFO - 1 libxul.so!mozilla::dom::NodeBinding::appendChild [nsINode.h:749740c78886 : 1680 + 0x9]
13:40:18 INFO - eip = 0xb3deb1a7 esp = 0xbf9a26a0 ebp = 0xbf9a2708
13:40:18 INFO - Found by: previous frame's frame pointer
13:40:18 INFO - 2 libxul.so!mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) [BindingUtils.cpp:749740c78886 : 2492 + 0x5]
13:40:18 INFO - eip = 0xb413ae11 esp = 0xbf9a2710 ebp = 0xbf9a2768 ebx = 0xb6efec68
13:40:18 INFO - esi = 0x873c34c0 edi = 0x00000162
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 3 libxul.so!js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) [jscntxtinlines.h:749740c78886 : 235 + 0x15]
13:40:18 INFO - eip = 0xb5043ecd esp = 0xbf9a2770 ebp = 0xbf9a2ad8 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xb7225500 edi = 0xb413acf4
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 4 libxul.so!Interpret [Interpreter.cpp:749740c78886 : 2596 + 0x21]
13:40:18 INFO - eip = 0xb503e3b8 esp = 0xbf9a2ae0 ebp = 0xbf9a2f38 ebx = 0xb6efec68
13:40:18 INFO - esi = 0x873160a0 edi = 0xb7225500
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 5 libxul.so!js::RunScript(JSContext*, js::RunState&) [Interpreter.cpp:749740c78886 : 448 + 0x9]
13:40:18 INFO - eip = 0xb50422a7 esp = 0xbf9a2f40 ebp = 0xbf9a2f88 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xbf9a2fe8 edi = 0xbf9a2f68
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 6 libxul.so!js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) [Interpreter.cpp:749740c78886 : 517 + 0x11]
13:40:18 INFO - eip = 0xb5043e0c esp = 0xbf9a2f90 ebp = 0xbf9a32f8 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xb7225500 edi = 0xbf9a3370
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 7 libxul.so!js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) [Interpreter.cpp:749740c78886 : 554 + 0x1e]
13:40:18 INFO - eip = 0xb5044b43 esp = 0xbf9a3300 ebp = 0xbf9a33b8 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xbf9a3460 edi = 0xb722550c
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 8 libxul.so!js::DirectProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [DirectProxyHandler.cpp:749740c78886 : 77 + 0x4]
13:40:18 INFO - eip = 0xb53a859c esp = 0xbf9a33c0 ebp = 0xbf9a33f8 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xbf9a353c edi = 0xb7225500
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 9 libxul.so!js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [CrossCompartmentWrapper.cpp:749740c78886 : 288 + 0x19]
13:40:18 INFO - eip = 0xb53bfaff esp = 0xbf9a3400 ebp = 0xbf9a34b8 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xb7225500 edi = 0xb7225500
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 10 libxul.so!js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) [Proxy.cpp:749740c78886 : 391 + 0x16]
13:40:18 INFO - eip = 0xb53c4668 esp = 0xbf9a34c0 ebp = 0xbf9a3518 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xb7225500 edi = 0xbf9a354c
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 11 libxul.so!js::proxy_Call(JSContext*, unsigned int, JS::Value*) [Proxy.cpp:749740c78886 : 703 + 0xf]
13:40:18 INFO - eip = 0xb53c4765 esp = 0xbf9a3520 ebp = 0xbf9a3558 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xb7225500 edi = 0xb53c4720
13:40:18 INFO - Found by: call frame info
13:40:18 INFO - 12 libxul.so!js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) [jscntxtinlines.h:749740c78886 : 235 + 0x15]
13:40:18 INFO - eip = 0xb5043ecd esp = 0xbf9a3560 ebp = 0xbf9a38c8 ebx = 0xb6efec68
13:40:18 INFO - esi = 0xb7225500 edi = 0xb53c4720
13:40:18 INFO - Found by: call frame info
Reporter | ||
Comment 1•10 years ago
|
||
Comment 2•10 years ago
|
||
Boris, has something in this code changed recently that you can think of? (We've also had some weird crashes that seem to be jemalloc3 fallout, so this could be more of that.)
Flags: needinfo?(bzbarsky)
Comment 3•10 years ago
|
||
Nothing obvious recently changed here.
What slightly confuses me is that eip=0x5a5a5a5a business. The crash is claimed to be on this line:
return ReplaceOrInsertBefore(false, &aNode, aChild, aError);
in nsINode::InsertBefore. That's fine as far as it goes, but that's a non-virtual function call, so it's odd that it ended up with a bogus eip. Note that Firebot claiims that 0x5a5a5a5a is "jemalloc freed junk memory"...
Flags: needinfo?(bzbarsky)
Comment 4•10 years ago
|
||
I'm going to leave this open for now, but a crash that happened once could just be some random memory corruption or jemalloc3 fallout.
Keywords: sec-other
Comment 5•9 years ago
|
||
Inactive; closing (see bug 1180138).
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•7 years ago
|
Group: core-security-release
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•