Closed Bug 627150 Opened 9 years ago Closed 9 years ago

Crash [@ JSC::MacroAssemblerCodePtr::executableAddress ]

Categories

(Core :: JavaScript Engine, defect)

x86
All
defect
Not set

Tracking

()

RESOLVED FIXED
Tracking Status
blocking2.0 --- betaN+

People

(Reporter: bc, Assigned: dvander)

References

(Blocks 1 open bug)

Details

(Keywords: crash, reproducible, Whiteboard: [hardblocker][fixed-in-tracemonkey])

Crash Data

Attachments

(1 file)

1. load url.
2. crash some times on linux/windows at least. You may need to reload a few or more times.

this MacroAssemblerCodePtr is null.

Operating system: Linux
                  0.0.0 Linux 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:53:09 EST 2011 i686
CPU: x86
     GenuineIntel family 6 model 44 stepping 2
     1 CPU

Crash reason:  SIGSEGV
Crash address: 0x0

Thread 0 (crashed)
 0  libxul.so!JSC::MacroAssemblerCodePtr::executableAddress [MacroAssemblerCodeRef.h : 149 + 0x3]
    eip = 0x025c5822   esp = 0xbfd935a8   ebp = 0xbfd935a8   ebx = 0x037e22a4
    esi = 0x00000010   edi = 0x00000010   eax = 0x00000000   ecx = 0x00000005
    edx = 0x00000000   efl = 0x00010282
    Found by: given as instruction pointer in context
 1  libxul.so!JSC::RepatchBuffer::RepatchBuffer [RepatchBuffer.h : 54 + 0xa]
    eip = 0x028093d7   esp = 0xbfd935b0   ebp = 0xbfd935b8   ebx = 0x037e22a4
    esi = 0x00000010   edi = 0x00000010
    Found by: call frame info
 2  libxul.so!js::mjit::ic::Repatcher::Repatcher [ICRepatcher.h : 64 + 0x11]
    eip = 0x028096fe   esp = 0xbfd935c0   ebp = 0xbfd935d8   ebx = 0x037e22a4
    esi = 0x00000010   edi = 0x00000010
    Found by: call frame info
 3  libxul.so!DisableTraceHint [InvokeHelpers.cpp : 925 + 0x19]
    eip = 0x028258da   esp = 0xbfd935e0   ebp = 0xbfd93608   ebx = 0x037e22a4
    esi = 0x00000010   edi = 0x00000010
    Found by: call frame info
 4  libxul.so!RunTracer [InvokeHelpers.cpp : 1024 + 0x11]
    eip = 0x02825c22   esp = 0xbfd93610   ebp = 0xbfd93668   ebx = 0x037e22a4
    esi = 0x00000010   edi = 0x00000010
    Found by: call frame info
 5  libxul.so!js::mjit::stubs::InvokeTracer [InvokeHelpers.cpp : 1109 + 0x11]
    eip = 0x02825ed0   esp = 0xbfd93670   ebp = 0xbfd93698   ebx = 0xb482a278
    esi = 0x00000010   edi = 0x00000010
    Found by: call frame info
 6  0x4172bad
    eip = 0x04172bae   esp = 0xbfd936a0   ebp = 0xbfd936d8   ebx = 0xb482a278
    esi = 0x00000010   edi = 0x00000010
    Found by: call frame info
 7  libxul.so!js::mjit::EnterMethodJIT [MethodJIT.cpp : 748 + 0x1f]
    eip = 0x027bfaab   esp = 0xbfd936e0   ebp = 0xbfd93738
    Found by: previous frame's frame pointer
 8  libxul.so!CheckStackAndEnterMethodJIT [MethodJIT.cpp : 774 + 0x1f]
    eip = 0x027bfbc5   esp = 0xbfd93740   ebp = 0xbfd93768   ebx = 0x037e22a4
    Found by: call frame info
 9  libxul.so!js::mjit::JaegerShot [MethodJIT.cpp : 791 + 0x23]
    eip = 0x027bfc96   esp = 0xbfd93770   ebp = 0xbfd93798   ebx = 0x037e22a4
    Found by: call frame info
10  libxul.so!js::Interpret [jsinterp.cpp : 4765 + 0xa]
    eip = 0x0288994a   esp = 0xbfd937a0   ebp = 0xbfd945a8   ebx = 0x037e22a4
    esi = 0x036d8f00
I can reproduce with a locally saved version but it crashes and restarts with the same process id and lithium won't catch it. So, no reduced test until I can figure that out.
Awesome. I can reproduce a crash here. Investigating.
blocking2.0: --- → betaN+
Whiteboard: hardblocker
Attached patch fixSplinter Review
Assignee: general → danderson
Status: NEW → ASSIGNED
Attachment #505227 - Flags: review?
Attachment #505227 - Flags: review? → review?(wmccloskey)
Attachment #505227 - Flags: review?(wmccloskey) → review+
http://hg.mozilla.org/tracemonkey/rev/5cc0da184040
Whiteboard: hardblocker → [hardblocker][fixed-in-tracemonkey]
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Crash Signature: [@ JSC::MacroAssemblerCodePtr::executableAddress ]
You need to log in before you can comment on or make changes to this bug.