Closed
Bug 459858
Opened 16 years ago
Closed 15 years ago
TM: (x86_64) Crash in js_GetGCThingTraceKind when viewing dromaeo.com
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: Swatinem, Unassigned)
References
Details
(Keywords: 64bit, crash)
This time dromaeo.com loaded up correctly and Firefox didn't crash before rendering the page.
However after a short delay (~1s) it crashes.
0x00007f8e3e20f2bf in js_GetGCThingTraceKind (thing=0x21a3fd90)
at /mnt/data/Coding/mozilla-central/js/src/jsgc.cpp:1132
1132 if (!a->list)
(gdb) p a
$1 = (JSGCArenaInfo *) 0x21a3ffe0
(gdb) p *a
Cannot access memory at address 0x21a3ffe0
(gdb) bt
#0 0x00007f8e3e20f2bf in js_GetGCThingTraceKind (thing=0x21a3fd90)
at /mnt/data/Coding/mozilla-central/js/src/jsgc.cpp:1132
#1 0x00007f8e30f8cb5b in nsXPConnect::Traverse (this=0x7f8e35df0100,
p=0x21a3fd90, cb=@0x7fff46c42200)
at /mnt/data/Coding/mozilla-central/js/src/xpconnect/src/nsXPConnect.cpp:720
#2 0x00007f8e3dd09be9 in GCGraphBuilder::Traverse (this=0x7fff46c42200,
aPtrInfo=0x7f8e20484290)
at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:1319
#3 0x00007f8e3dd09c84 in nsCycleCollector::MarkRoots (this=0x7f8e35d5a000,
builder=@0x7fff46c42200)
at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:1519
#4 0x00007f8e3dd09d89 in nsCycleCollector::BeginCollection (
this=0x7f8e35d5a000)
at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:2374
#5 0x00007f8e3dd09dfa in nsCycleCollector_beginCollection ()
at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:2916
#6 0x00007f8e30f8dc54 in XPCCycleCollectGCCallback (cx=0x7f8e2e34dc00,
status=JSGC_MARK_END)
at /mnt/data/Coding/mozilla-central/js/src/xpconnect/src/nsXPConnect.cpp:400
#7 0x00007f8e3e2138c1 in js_GC (cx=0x7f8e2e34dc00, gckind=GC_NORMAL)
at /mnt/data/Coding/mozilla-central/js/src/jsgc.cpp:3427
#8 0x00007f8e3e1c0e0c in JS_GC (cx=0x7f8e2e34dc00)
at /mnt/data/Coding/mozilla-central/js/src/jsapi.cpp:2478
#9 0x00007f8e30f8cfc0 in nsXPConnect::Collect (this=0x7f8e35df0100)
at /mnt/data/Coding/mozilla-central/js/src/xpconnect/src/nsXPConnect.cpp:489
#10 0x00007f8e3dd09f3a in nsCycleCollector::Collect (this=0x7f8e35d5a000,
aTryCollections=1)
at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:2256
#11 0x00007f8e3dd0a04b in nsCycleCollector_collect ()
at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:2904
#12 0x00007f8e2d0f560c in nsJSContext::CC ()
at /mnt/data/Coding/mozilla-central/dom/src/base/nsJSEnvironment.cpp:3425
#13 0x00007f8e2d0f5747 in nsJSContext::CCIfUserInactive ()
at /mnt/data/Coding/mozilla-central/dom/src/base/nsJSEnvironment.cpp:3496
#14 0x00007f8e2d0f5979 in nsJSContext::Notify (this=0x7f8e23675e20,
timer=0x7f8e21a3a7a0)
at /mnt/data/Coding/mozilla-central/dom/src/base/nsJSEnvironment.cpp:3518
#15 0x00007f8e3dcf8586 in nsTimerImpl::Fire (this=0x7f8e21a3a7a0)
at /mnt/data/Coding/mozilla-central/xpcom/threads/nsTimerImpl.cpp:423
#16 0x00007f8e3dcf878a in nsTimerEvent::Run (this=0x7f8e28c41c40)
at /mnt/data/Coding/mozilla-central/xpcom/threads/nsTimerImpl.cpp:512
#17 0x00007f8e3dcf2516 in nsThread::ProcessNextEvent (this=0x7f8e35eeb1f0,
mayWait=1, result=0x7fff46c4a56c)
at /mnt/data/Coding/mozilla-central/xpcom/threads/nsThread.cpp:510
#18 0x00007f8e3dc829f2 in NS_ProcessNextEvent_P (thread=0x7f8e35eeb1f0,
mayWait=1) at nsThreadUtils.cpp:227
#19 0x00007f8e2fe35954 in nsBaseAppShell::Run (this=0x7f8e35efd8d0)
at /mnt/data/Coding/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:170
#20 0x00007f8e2ed417dc in nsAppStartup::Run (this=0x7f8e318980b0)
at /mnt/data/Coding/mozilla-central/toolkit/components/startup/src/nsAppStartup.cpp:182
#21 0x00007f8e3e5e0b93 in XRE_main (argc=4, argv=0x7fff46c4ae68,
aAppData=0x7f8e35e1f080)
at /mnt/data/Coding/mozilla-central/toolkit/xre/nsAppRunner.cpp:3263
#22 0x0000000000401ff8 in main (argc=4, argv=0x7fff46c4ae68)
at /mnt/data/Coding/mozilla-central/browser/app/nsBrowserApp.cpp:156
Comment 2•16 years ago
|
||
dupe of bug 427718 ?
Reporter | ||
Comment 4•16 years ago
|
||
So you are saying this bug also occurs on older firefox versions (without tracemonkey) and on 32bit platforms?
I'm only seeing it on 3.1 with tracemonkey enabled (on 64bit)
I believe this bug is more specific as it involves a 32bit pointer into not-accessible memory.
Reporter | ||
Comment 5•15 years ago
|
||
With the new x64 backend, dromaeo does not run smoothly quite yet, but I can't reproduce this specific crash just by "idling on the page" like I did one year ago. Closing WORKSFORME. I'm filing new bugs on the issues I see using the new x64 backend.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•