Closed Bug 459858 Opened 16 years ago Closed 15 years ago

TM: (x86_64) Crash in js_GetGCThingTraceKind when viewing dromaeo.com

Categories

(Core :: JavaScript Engine, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: Swatinem, Unassigned)

References

Details

(Keywords: 64bit, crash)

This time dromaeo.com loaded up correctly and Firefox didn't crash before rendering the page. However after a short delay (~1s) it crashes. 0x00007f8e3e20f2bf in js_GetGCThingTraceKind (thing=0x21a3fd90) at /mnt/data/Coding/mozilla-central/js/src/jsgc.cpp:1132 1132 if (!a->list) (gdb) p a $1 = (JSGCArenaInfo *) 0x21a3ffe0 (gdb) p *a Cannot access memory at address 0x21a3ffe0 (gdb) bt #0 0x00007f8e3e20f2bf in js_GetGCThingTraceKind (thing=0x21a3fd90) at /mnt/data/Coding/mozilla-central/js/src/jsgc.cpp:1132 #1 0x00007f8e30f8cb5b in nsXPConnect::Traverse (this=0x7f8e35df0100, p=0x21a3fd90, cb=@0x7fff46c42200) at /mnt/data/Coding/mozilla-central/js/src/xpconnect/src/nsXPConnect.cpp:720 #2 0x00007f8e3dd09be9 in GCGraphBuilder::Traverse (this=0x7fff46c42200, aPtrInfo=0x7f8e20484290) at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:1319 #3 0x00007f8e3dd09c84 in nsCycleCollector::MarkRoots (this=0x7f8e35d5a000, builder=@0x7fff46c42200) at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:1519 #4 0x00007f8e3dd09d89 in nsCycleCollector::BeginCollection ( this=0x7f8e35d5a000) at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:2374 #5 0x00007f8e3dd09dfa in nsCycleCollector_beginCollection () at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:2916 #6 0x00007f8e30f8dc54 in XPCCycleCollectGCCallback (cx=0x7f8e2e34dc00, status=JSGC_MARK_END) at /mnt/data/Coding/mozilla-central/js/src/xpconnect/src/nsXPConnect.cpp:400 #7 0x00007f8e3e2138c1 in js_GC (cx=0x7f8e2e34dc00, gckind=GC_NORMAL) at /mnt/data/Coding/mozilla-central/js/src/jsgc.cpp:3427 #8 0x00007f8e3e1c0e0c in JS_GC (cx=0x7f8e2e34dc00) at /mnt/data/Coding/mozilla-central/js/src/jsapi.cpp:2478 #9 0x00007f8e30f8cfc0 in nsXPConnect::Collect (this=0x7f8e35df0100) at /mnt/data/Coding/mozilla-central/js/src/xpconnect/src/nsXPConnect.cpp:489 #10 0x00007f8e3dd09f3a in nsCycleCollector::Collect (this=0x7f8e35d5a000, aTryCollections=1) at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:2256 #11 0x00007f8e3dd0a04b in nsCycleCollector_collect () at /mnt/data/Coding/mozilla-central/xpcom/base/nsCycleCollector.cpp:2904 #12 0x00007f8e2d0f560c in nsJSContext::CC () at /mnt/data/Coding/mozilla-central/dom/src/base/nsJSEnvironment.cpp:3425 #13 0x00007f8e2d0f5747 in nsJSContext::CCIfUserInactive () at /mnt/data/Coding/mozilla-central/dom/src/base/nsJSEnvironment.cpp:3496 #14 0x00007f8e2d0f5979 in nsJSContext::Notify (this=0x7f8e23675e20, timer=0x7f8e21a3a7a0) at /mnt/data/Coding/mozilla-central/dom/src/base/nsJSEnvironment.cpp:3518 #15 0x00007f8e3dcf8586 in nsTimerImpl::Fire (this=0x7f8e21a3a7a0) at /mnt/data/Coding/mozilla-central/xpcom/threads/nsTimerImpl.cpp:423 #16 0x00007f8e3dcf878a in nsTimerEvent::Run (this=0x7f8e28c41c40) at /mnt/data/Coding/mozilla-central/xpcom/threads/nsTimerImpl.cpp:512 #17 0x00007f8e3dcf2516 in nsThread::ProcessNextEvent (this=0x7f8e35eeb1f0, mayWait=1, result=0x7fff46c4a56c) at /mnt/data/Coding/mozilla-central/xpcom/threads/nsThread.cpp:510 #18 0x00007f8e3dc829f2 in NS_ProcessNextEvent_P (thread=0x7f8e35eeb1f0, mayWait=1) at nsThreadUtils.cpp:227 #19 0x00007f8e2fe35954 in nsBaseAppShell::Run (this=0x7f8e35efd8d0) at /mnt/data/Coding/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:170 #20 0x00007f8e2ed417dc in nsAppStartup::Run (this=0x7f8e318980b0) at /mnt/data/Coding/mozilla-central/toolkit/components/startup/src/nsAppStartup.cpp:182 #21 0x00007f8e3e5e0b93 in XRE_main (argc=4, argv=0x7fff46c4ae68, aAppData=0x7f8e35e1f080) at /mnt/data/Coding/mozilla-central/toolkit/xre/nsAppRunner.cpp:3263 #22 0x0000000000401ff8 in main (argc=4, argv=0x7fff46c4ae68) at /mnt/data/Coding/mozilla-central/browser/app/nsBrowserApp.cpp:156
So you are saying this bug also occurs on older firefox versions (without tracemonkey) and on 32bit platforms? I'm only seeing it on 3.1 with tracemonkey enabled (on 64bit) I believe this bug is more specific as it involves a 32bit pointer into not-accessible memory.
With the new x64 backend, dromaeo does not run smoothly quite yet, but I can't reproduce this specific crash just by "idling on the page" like I did one year ago. Closing WORKSFORME. I'm filing new bugs on the issues I see using the new x64 backend.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.