Closed Bug 1302411 Opened 8 years ago Closed 8 years ago

Assertion failure: id == prev, at js/src/vm/TraceLogging.cpp:547 with OOM

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1302417
Tracking Flags:
Tracking Status
firefox51 --- affected

People

(Reporter: decoder, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, bugmon, testcase, Whiteboard: [jsbugmon:update,bisect])

The following testcase crashes on mozilla-central revision cfdb7af3af2e (build with --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --disable-tests --enable-debug --without-intl-api --enable-optimize --target=i686-pc-linux-gnu, run with --fuzzing-safe): lfLogBuffer = ` du = new Debugger; du.setupTraceLoggerScriptCalls(); startTraceLogger(); `; oomTest(Function(lfLogBuffer)); oomTest(Function(lfLogBuffer)); Backtrace: received signal SIGSEGV, Segmentation fault. 0x0815235f in js::TraceLoggerThread::stopEvent (this=0xf79661a0, id=<optimized out>) at js/src/vm/TraceLogging.cpp:547 #0 0x0815235f in js::TraceLoggerThread::stopEvent (this=0xf79661a0, id=<optimized out>) at js/src/vm/TraceLogging.cpp:547 #1 0x08704dc9 in js::TraceLogStopEvent (event=..., logger=<optimized out>) at js/src/vm/TraceLogging.h:444 #2 Interpret (cx=0xf7953000, state=...) at js/src/vm/Interpreter.cpp:4172 #3 0x0870a0ba in js::RunScript (cx=0xf7953000, state=...) at js/src/vm/Interpreter.cpp:400 #4 0x0870a373 in js::InternalCallOrConstruct (cx=0xf7953000, args=..., construct=js::NO_CONSTRUCT) at js/src/vm/Interpreter.cpp:472 #5 0x0870a5ad in InternalCall (cx=cx@entry=0xf7953000, args=...) at js/src/vm/Interpreter.cpp:499 #6 0x0870a73b in js::Call (cx=0xf7953000, fval=..., thisv=..., args=..., rval=...) at js/src/vm/Interpreter.cpp:518 #7 0x0851b7fb in JS_CallFunction (cx=0xf7953000, obj=..., fun=..., args=..., rval=...) at js/src/jsapi.cpp:2794 #8 0x08865e34 in OOMTest (cx=0xf7953000, argc=1, vp=0xf1234058) at js/src/builtin/TestingFunctions.cpp:1369 #9 0x08712f1b in js::CallJSNative (cx=0xf7953000, native=0x8865b70 <OOMTest(JSContext*, unsigned int, JS::Value*)>, args=...) at js/src/jscntxtinlines.h:235 [...] #23 main (argc=3, argv=0xffffce54, envp=0xffffce64) at js/src/shell/js.cpp:7668 eax 0x0 0 ebx 0x8c46ff4 147091444 ecx 0xf7da4864 -136689564 edx 0x0 0 esi 0xf79661a0 -141139552 edi 0x2 2 ebp 0xffffbc98 4294950040 esp 0xffffbc70 4294950000 eip 0x815235f <js::TraceLoggerThread::stopEvent(unsigned int)+511> => 0x815235f <js::TraceLoggerThread::stopEvent(unsigned int)+511>: movl $0x0,0x0 0x8152369 <js::TraceLoggerThread::stopEvent(unsigned int)+521>: ud2
Dup?
Flags: needinfo?(hv1989)
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(hv1989)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.