Closed Bug 715831 Opened 8 years ago Closed 7 years ago

Fennec crash @ js::RegExpPrivate::executeInternal mainly on Samsung devices

Categories

(Core :: JavaScript Engine, defect, critical)

10 Branch
ARM
Android
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, Whiteboard: [mobile-crash])

Crash Data

It's #3 top crasher in Fennec 10.0b2.

There are two crash types:
* Browser:
Frame 	Module 	Signature [Expand] 	Source
0 		@0x4c4ac044 	
1 	libxul.so 	js::RegExpPrivate::executeInternal 	js/src/vm/RegExpObject-inl.h:432
2 	libxul.so 	DoMatch 	js/src/vm/RegExpObject.h:265
3 	libxul.so 	js::str_replace 	js/src/jsstr.cpp:2046
4 	libxul.so 	js::InvokeKernel 	js/src/jscntxtinlines.h:297
5 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:3948
6 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:584
7 	libxul.so 	js::InvokeGetterOrSetter 	js/src/jsinterp.cpp:647
8 	libxul.so 	js_GetPropertyHelper 	js/src/jsscopeinlines.h:279
9 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:3478
10 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:584
11 	libxul.so 	js::Invoke 	js/src/jsinterp.cpp:647
12 	libxul.so 	JS_CallFunctionValue 	js/src/jsapi.cpp:5199
13 	libxul.so 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1530
14 	libxul.so 	nsXPCWrappedJS::CallMethod 	js/xpconnect/src/XPCWrappedJS.cpp:611
15 	libxul.so 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:131

* Content:
Frame 	Module 	Signature [Expand] 	Source
0 		@0x411e4a6c 	
1 	libxul.so 	js::RegExpPrivate::executeInternal 	js/src/vm/RegExpObject-inl.h:432
2 	libxul.so 	DoMatch 	js/src/vm/RegExpObject.h:265
3 	libxul.so 	js::str_replace 	js/src/jsstr.cpp:2046
4 	libxul.so 	libxul.so@0xc01595 	
5 	libxul.so 	js::str_search 	js/src/jsapi.h:259
6 		@0x4130bd5e 	
7 	libxul.so 	XPC_WN_OuterObject 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:807
8 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:581
9 	libxul.so 	js::Invoke 	js/src/jsinterp.cpp:647
10 	libxul.so 	JS_CallFunctionValue 	js/src/jsapi.cpp:5199
11 	libxul.so 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:1937
12 	libxul.so 	nsGlobalWindow::RunTimeout 	dom/base/nsGlobalWindow.cpp:9307
13 	libxul.so 	nsGlobalWindow::TimerCallback 	dom/base/nsGlobalWindow.cpp:9747
14 	libxul.so 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:425
15 	libxul.so 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:521
16 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:631
17 	libxul.so 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:245
18 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:134
19 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:229
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=js%3A%3ARegExpPrivate%3A%3AexecuteInternal
It's #4 top crasher in Fennec 10.0.
Almost all crashes occur on Samsung devices.
Some happen on Asus Transformer Prime TF201 and others on HTC devices.
Summary: Fennec crash @ js::RegExpPrivate::executeInternal → Fennec crash @ js::RegExpPrivate::executeInternal mainly on Samsung devices
I added the imalloc signature because the stack is similar and it occurs on Samsung devices:
Frame 	Module 	Signature [Expand] 	Source
0 		@0x411ac250 	
1 	libmozutils.so 	imalloc 	memory/jemalloc/jemalloc.c:4112
2 	libmozutils.so 	__wrap_malloc 	memory/jemalloc/jemalloc.c:6223
3 	libmozalloc.so 	moz_malloc 	memory/mozalloc/mozalloc.cpp:113
4 	libxul.so 	nsStringBuffer::Alloc 	xpcom/string/src/nsSubstring.cpp:209
5 	libxul.so 	nsAString_internal::MutatePrep 	xpcom/string/src/nsTSubstring.cpp:162
6 	libxul.so 	js::RegExpPrivate::executeInternal 	js/src/vm/RegExpObject-inl.h:432
7 	libxul.so 	DoMatch 	js/src/vm/RegExpObject.h:265
8 	libxul.so 	js::str_match 	js/src/jsstr.cpp:1562
9 	libxul.so 	js::InvokeKernel 	js/src/jscntxtinlines.h:297
10 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:3948
11 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:584
12 	libxul.so 	js::Execute 	js/src/jsinterp.cpp:783
13 	libxul.so 	JS_EvaluateUCScriptForPrincipalsVersion 	js/src/jsapi.cpp:5093
14 	libxul.so 	nsJSContext::EvaluateString 	dom/base/nsJSEnvironment.cpp:1490
15 	libxul.so 	nsScriptLoader::EvaluateScript 	content/base/src/nsScriptLoader.cpp:905
16 	libxul.so 	nsScriptLoader::ProcessRequest 	content/base/src/nsScriptLoader.cpp:799
17 	libxul.so 	nsScriptLoader::ProcessScriptElement 	content/base/src/nsScriptLoader.cpp:745
18 	libxul.so 	nsScriptElement::MaybeProcessScript 	content/base/src/nsScriptElement.cpp:182
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=imalloc
Crash Signature: [@ js::RegExpPrivate::executeInternal] → [@ js::RegExpPrivate::executeInternal] [@ imalloc]
I wonder why comment #2 is believed to be the same issue - even though executeInternal is somewhere in there, the stack looks a lot different, and it goes through str_match and not str_replace...
Crash Signature: [@ js::RegExpPrivate::executeInternal] [@ imalloc] → [@ js::RegExpPrivate::executeInternal] [@ malloc_mutex_unlock | js::RegExpPrivate::executeInternal] [@ imalloc]
XUL Fennec is no longer maitained.
Keywords: topcrash
There have been no crashes for the last four weeks after 10.0.5esr.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.