Open Bug 689171 Opened 14 years ago Updated 3 years ago

crash in StorageMemoryReporter::GetAmount() when loading about:memory?verbose

Categories

(Toolkit :: about:memory, defect)

Product:
Toolkit
Component:
about:memory
Platform:
x86
Linux
Type:
defect

Tracking

()

People

(Reporter: jfkthame, Unassigned)

Details

I just encountered a crash under mozilla::storage::StorageMemoryReporter::GetAmount(), with the stack shown below. This was a local build, but none of my locally-applied patches are anywhere near mozilla::storage or sqlite. The crash occurred when I started the browser with about:memory as the initial page, and then immediately clicked the "verbose" link to get the about:memory?verbose view. However, I have not managed to reproduce it despite several attempts. I see there's another crash filed under StorageMemoryReporter::GetMemoryUsed() (bug 655579), but the assertion mentioned there did not fire in my case. (gdb) bt #0 0x00c0b416 in __kernel_vsyscall () #1 0x005731a6 in nanosleep () at ../sysdeps/unix/syscall-template.S:82 #2 0x00572fa0 in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138 #3 0x011c7e5b in ah_crap_handler (signum=11) at /home/jonathan/mozdev/mozilla-central/toolkit/xre/nsSigHandlers.cpp:121 #4 0x011cd7c9 in nsProfileLock::FatalSignalHandler (signo=11, info=0xbfcf222c, context=0xbfcf22ac) at /home/jonathan/mozdev/mozilla-central/obj-i686-pc-linux-gnu/toolkit/profile/nsProfileLock.cpp:226 #5 <signal handler called> #6 0x0022df94 in pthreadMutexEnter (p=0x5a5a5a5a) at /home/jonathan/mozdev/mozilla-central/db/sqlite3/src/sqlite3.c:17528 #7 0x0022d86b in sqlite3_mutex_enter (p=0x5a5a5a5a) at /home/jonathan/mozdev/mozilla-central/db/sqlite3/src/sqlite3.c:16792 #8 0x00229cec in sqlite3_db_status (db=0xa979ac08, op=1, pCurrent=0xbfcf2658, pHighwater=0xbfcf2654, resetFlag=0) at /home/jonathan/mozdev/mozilla-central/db/sqlite3/src/sqlite3.c:13000 #9 0x023bee4f in mozilla::storage::StorageMemoryReporter::GetAmount (this=0xa9631bb0, amount=0xbfcf2788) at /home/jonathan/mozdev/mozilla-central/storage/src/mozStorageConnection.cpp:407 #10 0x02891804 in NS_InvokeByIndex_P () from /home/jonathan/mozdev/mozilla-central/obj-i686-pc-linux-gnu/dist/bin/libxul.so #11 0x020eaea5 in CallMethodHelper::Invoke (this=0xbfcf2764) at /home/jonathan/mozdev/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:3116 #12 0x020e8bab in CallMethodHelper::Call (this=0xbfcf2764) at /home/jonathan/mozdev/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:2370 #13 0x020e8a49 in XPCWrappedNative::CallMethod (ccx=..., mode=XPCWrappedNative::CALL_GETTER) at /home/jonathan/mozdev/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:2334 #14 0x020f0f61 in XPCWrappedNative::GetAttribute (ccx=...) at /home/jonathan/mozdev/mozilla-central/js/src/xpconnect/src/xpcprivate.h:2641 #15 0x020f6069 in XPC_WN_GetterSetter (cx=0xaf42d2b0, argc=0, vp=0xb39fe220) at /home/jonathan/mozdev/mozilla-central/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1679 #16 0x02d50774 in js::CallJSNative (cx=0xaf42d2b0, native=0x20f5d5c <XPC_WN_GetterSetter(JSContext*, uintN, jsval*)>, args=...) at /home/jonathan/mozdev/mozilla-central/js/src/jscntxtinlines.h:296 #17 0x02d29ac4 in js::InvokeKernel (cx=0xaf42d2b0, argsRef=..., construct=js::NO_CONSTRUCT) at /home/jonathan/mozdev/mozilla-central/js/src/jsinterp.cpp:660 #18 0x02c851fd in js::Invoke (cx=0xaf42d2b0, args=..., construct=js::NO_CONSTRUCT) at /home/jonathan/mozdev/mozilla-central/js/src/jsinterp.h:167 #19 0x02d29d53 in js::Invoke (cx=0xaf42d2b0, thisv=..., fval=..., argc=0, argv=0x0, rval=0xbfcf2ca8) at /home/jonathan/mozdev/mozilla-central/js/src/jsinterp.cpp:710 #20 0x02d29f11 in js::InvokeGetterOrSetter (cx=0xaf42d2b0, obj=0xb17f79a8, fval=..., argc=0, argv=0x0, rval=0xbfcf2ca8) at /home/jonathan/mozdev/mozilla-central/js/src/jsinterp.cpp:747 #21 0x02d7ee86 in js::Shape::get(JSContext*, JSObject*, JSObject*, JSObject*, JS::Value*) const () from /home/jonathan/mozdev/mozilla-central/obj-i686-pc-linux-gnu/dist/bin/libxul.so #22 0x02d76364 in js_NativeGetInline (cx=0xaf42d2b0, receiver=0xb17f79a8, obj=0xb17f79a8, pobj=0xb17f79a8, shape=0xa9504d08, getHow=1, vp=0xbfcf2ca8) at /home/jonathan/mozdev/mozilla-central/js/src/jsobj.cpp:5740 #23 0x02d76c20 in js_GetPropertyHelperInline (cx=0xaf42d2b0, obj=0xb17f79a8, receiver=0xb17f79a8, id=..., getHow=1, vp=0xbfcf2ca8) at /home/jonathan/mozdev/mozilla-central/js/src/jsobj.cpp:5920 #24 0x02d76c73 in js_GetPropertyHelper (cx=0xaf42d2b0, obj=0xb17f79a8, id=..., getHow=1, vp=0xbfcf2ca8) at /home/jonathan/mozdev/mozilla-central/js/src/jsobj.cpp:5929 #25 0x0301d4e5 in InlineGetProp (f=...) at /home/jonathan/mozdev/mozilla-central/js/src/methodjit/StubCalls.cpp:1599 #26 0x0301d553 in js::mjit::stubs::GetProp (f=...) at /home/jonathan/mozdev/mozilla-central/js/src/methodjit/StubCalls.cpp:1617 #27 0x02f956b9 in DisabledGetPropIC (f=..., pic=0xa9318d2c) at /home/jonathan/mozdev/mozilla-central/js/src/methodjit/PolyIC.cpp:1919 #28 0x07f179f5 in ?? () #29 0x03712ff4 in ?? () from /home/jonathan/mozdev/mozilla-central/obj-i686-pc-linux-gnu/dist/bin/libxul.so Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Component: General → about:memory
Product: Core → Toolkit
QA Contact: general → about.memory
That is one dead-looking sqlite mutex that we're attempting to enter.
This reminds me of bug 662989, which was supposed to stop crashes like this. Sigh.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.