Closed Bug 1406746 Opened 3 years ago Closed 2 years ago

Intermittent autophone-s1s2 | application crashed [@ DispatchToTracer<JSObject*>]

Categories

(Core :: JavaScript: GC, defect)

defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: intermittent-bug-filer, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, intermittent-failure, Whiteboard: [#jsapi:crashes-retriage])

Crash Data

Attachments

(1 obsolete file)

Filed by: bclary [at] mozilla.com

https://treeherder.mozilla.org/logviewer.html#?job_id=135550192&repo=mozilla-inbound

https://autophone.s3.amazonaws.com/v1/task/MbfFt22rSf63H1--kjie9w/runs/0/artifacts/public/build/c7009d75-7287-4045-b0a8-e09961de447a-autophone.log

Operating system: Android
                  0.0.0 Linux 3.18.31-g895c4a6 #1 SMP PREEMPT Sun Sep 11 20:29:44 UTC 2016 armv8l
CPU: arm
     ARMv1 Qualcomm part(0x51002050) features: half,thumb,fastmult,vfpv2,edsp,neon,vfpv3,tls,vfpv4,idiva,idivt
     4 CPUs

GPU: UNKNOWN

Crash reason:  SIGSEGV
Crash address: 0x8
Process uptime: not available

Thread 11 (crashed)
 0  libxul.so!DispatchToTracer<JSObject*> [jscompartment.h:c2658a2ad200 : 1261 + 0x2]
     r0 = 0xcf6d2da0    r1 = 0xc114a000    r2 = 0x00000001    r3 = 0x00000000
     r4 = 0xcf6d2da0    r5 = 0xb6ed4f00    r6 = 0xcf6d2da0    r7 = 0xce6f1a30
     r8 = 0xe287da0c    r9 = 0xcf6d2da0   r10 = 0x00040000   r12 = 0xb6eff598
     fp = 0xcf6d2018    sp = 0xe287d9d0    lr = 0x00000000    pc = 0xce075420
    Found by: given as instruction pointer in context
 1  libxul.so!js::ctypes::CType::Trace [TracingAPI.h:c2658a2ad200 : 371 + 0x3]
     r3 = 0xb6ed4f00    r4 = 0xb6fdb958    r5 = 0xb6fdb960    r6 = 0xcf6d2da0
     r7 = 0xce6f1a30    r8 = 0xe287da0c    r9 = 0xcf6d2da0   r10 = 0x00040000
     fp = 0xcf6d2018    sp = 0xe287d9e0    pc = 0xcdc7b87d
    Found by: call frame info
 2  libxul.so!js::GCMarker::processMarkStackTop [Class.h:c2658a2ad200 : 890 + 0x5]
     r4 = 0xcea63850    r5 = 0xe287db90    r6 = 0xb6ed5890    r7 = 0xe287da08
     r8 = 0xe287da0c    r9 = 0xcf6d2da0   r10 = 0x00040000    fp = 0xcf6d2018
     sp = 0xe287d9f8    pc = 0xce079683
    Found by: call frame info
 3  libxul.so!js::GCMarker::drainMarkStack [Marking.cpp:c2658a2ad200 : 1606 + 0x7]
     r4 = 0xe287da60    r5 = 0xcf6d2250    r6 = 0xcf6d2da0    r7 = 0xe287db90
     r8 = 0xe287db90    r9 = 0x00000000   r10 = 0x0000002c    fp = 0xcf6d2018
     sp = 0xe287da38    pc = 0xce079a85
    Found by: call frame info
 4  libxul.so!js::gc::GCRuntime::incrementalCollectSlice [jsgc.cpp:c2658a2ad200 : 5701 + 0x7]
     r3 = 0x00000001    r4 = 0xe287da60    r5 = 0xcf6d2250    r6 = 0xcf6d2280
     r7 = 0xcf6d2da0    r8 = 0xe287db90    r9 = 0x00000000   r10 = 0x0000002c
     fp = 0xcf6d2018    sp = 0xe287da50    pc = 0xcdeb3ab3
    Found by: call frame info
 5  libxul.so!js::gc::GCRuntime::gcCycle [jsgc.cpp:c2658a2ad200 : 7151 + 0xb]
     r4 = 0xcf6d2250    r5 = 0xe287dadc    r6 = 0xcf6d2280    r7 = 0x0000002c
     r8 = 0xe287db90    r9 = 0x00000001   r10 = 0x00000000    fp = 0x00000001
     sp = 0xe287daa8    pc = 0xcdeb4515
    Found by: call frame info
 6  libxul.so!js::gc::GCRuntime::collect [jsgc.cpp:c2658a2ad200 : 7294 + 0xb]
     r4 = 0xcf6d2250    r5 = 0x0000002c    r6 = 0xe287db40    r7 = 0xcf6d2000
     r8 = 0x00000001    r9 = 0x00000001   r10 = 0xffffffff    fp = 0x7fffffff
     sp = 0xe287db40    pc = 0xcdeb471b
    Found by: call frame info
 7  libxul.so!JS::GCForReason [jsgc.cpp:c2658a2ad200 : 7361 + 0x17]
     r4 = 0xe287dba8    r5 = 0xe287dbd0    r6 = 0xcf6d2000    r7 = 0x00000000
     r8 = 0xffffffff    r9 = 0xffffffff   r10 = 0xffffffff    fp = 0x7fffffff
     sp = 0xe287db98    pc = 0xcdeb4c23
    Found by: call frame info
 8  libxul.so!nsJSContext::GarbageCollectNow [nsJSEnvironment.cpp:c2658a2ad200 : 1219 + 0x9]
     r4 = 0xcf62f000    r5 = 0x00000000    r6 = 0x00000000    r7 = 0x00000000
     r8 = 0x0000002c    r9 = 0x00000001   r10 = 0xe287dc04    fp = 0xe287dcbc
     sp = 0xe287dbf8    pc = 0xccd7def3
    Found by: call frame info
 9  libxul.so!nsDOMWindowUtils::GarbageCollect [nsDOMWindowUtils.cpp:c2658a2ad200 : 1425 + 0x11]
     r4 = 0xe287dc34    r5 = 0x00000000    r6 = 0x0000002b    r7 = 0xe287dc60
     r8 = 0x00000012    r9 = 0xe287dd10   r10 = 0x00000001    fp = 0xe287dcbc
     sp = 0xe287dc28    pc = 0xccce9ca7
    Found by: call frame info
10  libxul.so!NS_InvokeByIndex [xptcinvoke_arm.cpp:c2658a2ad200 : 169 + 0x11]
     r4 = 0xe287dc58    r5 = 0xccce9c79    r6 = 0x0000002b    r7 = 0xe287dc60
     r8 = 0x00000012    r9 = 0xe287dd10   r10 = 0x00000001    fp = 0xe287dcbc
     sp = 0xe287dc48    pc = 0xcc6ca0e1
    Found by: call frame info
Attached patch bug1406746-ctypes-fn-info (obsolete) — Splinter Review
This is probably caused by tracing a partially-initialised FunctionInfo.  Here's a patch to make CreateFunctionInfo() only set the SLOT_FNINFO slot when it has a fully initialised FunctionInfo to write there.
Assignee: nobody → jcoppeard
Attachment #8916551 - Flags: review?(sphink)
Attachment #8916551 - Flags: review?(sphink) → review+
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/3b19f13cf22a
Fix ctypes error handling when creating FunctionInfo r=sfink
Comment on attachment 8916551 [details] [diff] [review]
bug1406746-ctypes-fn-info

Looking at the code again, I no longer think this is then problem.
Attachment #8916551 - Attachment is obsolete: true
Blocks: GCCrashes
Assignee: jcoppeard → nobody
Whiteboard: [#jsapi:crashes-retriage]

Moving these bugs (intermittent test failures with crashes) out of P5.

Priority: P5 → --
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.