752901 - Crash while searching on google

Status: RESOLVED WORKSFORME

(Core :: JavaScript Engine, defect)

Description

[Kartikaya Gupta (email:kats@mozilla.staktrace.com)]

I loaded a recent m-c debug build of Fennec Native on my Galaxy Nexus and tried to reproduce bug 752699 and ended up getting a crash instead.

By the looks of it, this may be caused by the recent compartment changes in the JS engine.

STR:
1. Start Fennec Native
2. Go to google.com
3. Type in "firef" and wait a few seconds, so that the page changes to the google instant search results page (although there are no results shown yet)

Expected results:
no crash

Actual results:
crash with the following backtrace as reported by gdb:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 9142]
0x61d993a6 in reserve (request=<optimized out>, this=<optimized out>) at ./../../dist/include/js/Vector.h:687
687	    REENTRANCY_GUARD_ET_AL;
(gdb) bt
#0  0x61d993a6 in reserve (request=<optimized out>, this=<optimized out>) at ./../../dist/include/js/Vector.h:687
#1  reserve (newLength=<optimized out>, this=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsapi.h:1173
#2  Reify (vp=<optimized out>, origin=<optimized out>, cx=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jswrapper.cpp:711
#3  js::CrossCompartmentWrapper::iterate (this=0x5c39ea74, cx=0x63ce9ec0, wrapper=0x5c39e9e8, flags=22, vp=0x5e100618)
    at /Users/kats/zspace/mozilla-git/js/src/jswrapper.cpp:736
#4  0x61d2ef64 in js::Proxy::iterate (cx=0x63ce9ec0, proxy=0x639eb9a0, flags=1, vp=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsproxy.cpp:903
#5  0x61ce9108 in js::GetIterator (cx=0x63ce9ec0, obj=..., flags=<optimized out>, vp=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsiter.cpp:780
#6  0x61ce9896 in js::ValueToIterator (cx=0x63ce9ec0, flags=1, vp=0x5e100618) at /Users/kats/zspace/mozilla-git/js/src/jsiter.cpp:919
#7  0x61cd47b6 in js::Interpret (cx=0x63ce9ec0, entryFrame=<optimized out>, interpMode=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:2077
#8  0x61ce08ea in js::RunScript (cx=0x63ce9ec0, script=<optimized out>, fp=0x5e1005c0) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:480
#9  0x61ce10fe in js::InvokeKernel (cx=0x63ce9ec0, args=..., construct=js::NO_CONSTRUCT) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:540
#10 0x61ce192e in Invoke (construct=<optimized out>, args=<optimized out>, cx=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.h:172
#11 js::Invoke (cx=0x63ce9ec0, thisv=..., fval=..., argc=<optimized out>, argv=0x5e100530, rval=0x5c39f2c0) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:572
#12 0x61d2e7b2 in js::ProxyHandler::call (this=<optimized out>, cx=0x63ce9ec0, proxy=0x5e95e290, argc=4, vp=0x5e100520)
    at /Users/kats/zspace/mozilla-git/js/src/jsproxy.cpp:340
#13 0x61d9106e in js::Wrapper::call (this=0x625e8c8c, cx=0x63ce9ec0, wrapper=0x5e95e290, argc=4, vp=0x5e100520)
    at /Users/kats/zspace/mozilla-git/js/src/jswrapper.cpp:276
#14 0x61d97da8 in js::CrossCompartmentWrapper::call (this=0x625e8c8c, cx=0x63ce9ec0, wrapper_=<optimized out>, argc=4, vp=0x5e100520)
    at /Users/kats/zspace/mozilla-git/js/src/jswrapper.cpp:759
#15 0x61d3166a in call (vp=<optimized out>, argc=<optimized out>, proxy=<optimized out>, cx=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsproxy.cpp:911
#16 proxy_Call (cx=0x63ce9ec0, argc=4, vp=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsproxy.cpp:1438
#17 0x61ccbc80 in js::CallJSNative (cx=0x63ce9ec0, native=0x61d315c5 <proxy_Call(JSContext*, unsigned int, JS::Value*)>, args=...)
    at /Users/kats/zspace/mozilla-git/js/src/jscntxtinlines.h:426
#18 0x61ce11dc in js::InvokeKernel (cx=0x63ce9ec0, args=..., construct=js::NO_CONSTRUCT) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:517
#19 0x61ccfa5c in js::Interpret (cx=0x63ce9ec0, entryFrame=<optimized out>, interpMode=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:2772
#20 0x61ce08ea in js::RunScript (cx=0x63ce9ec0, script=<optimized out>, fp=0x5e1004e0) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:480
#21 0x61ce1c5c in ExecuteKernel (result=<optimized out>, thisv=<optimized out>, scopeChain=<optimized out>, script=<optimized out>, cx=<optimized out>, 
    type=<optimized out>, evalInFrame=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:679
#22 js::Execute (cx=0x63ce9ec0, script=0x5e95a580, scopeChainArg=<optimized out>, rval=0x0) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:721
#23 0x61c2a582 in EvaluateUCScriptForPrincipalsCommon (cx=0x63ce9ec0, obj_=<optimized out>, principals=0x6352ef04, originPrincipals=0x0, chars=0x64d01008, length=32281, 
    filename=0x5c39fcc0 "about:blank", lineno=0, rval=0x0, compileVersion=JSVERSION_DEFAULT) at /Users/kats/zspace/mozilla-git/js/src/jsapi.cpp:5323
#24 0x61c2fd68 in JS_EvaluateUCScriptForPrincipalsVersionOrigin (cx=0x63ce9ec0, obj=0x5e956040, principals=0x6352ef04, originPrincipals=0x0, chars=0x64d01008, 
    length=32281, filename=0x5c39fcc0 "about:blank", lineno=0, rval=0x0, version=JSVERSION_DEFAULT) at /Users/kats/zspace/mozilla-git/js/src/jsapi.cpp:5360
#25 0x61301cea in nsJSContext::EvaluateString (this=0x641dc540, aScript=<optimized out>, aScopeObject=0x5e956040, aPrincipal=<optimized out>, aOriginPrincipal=0x0, 
    aURL=0x5c39fcc0 "about:blank", aLineNo=0, aVersion=JSVERSION_DEFAULT, aRetValue=0x0, aIsUndefined=0x5c39fd1f)
    at /Users/kats/zspace/mozilla-git/dom/base/nsJSEnvironment.cpp:1461
#26 0x6117eff0 in nsScriptLoader::EvaluateScript (this=<optimized out>, aRequest=0x641e9580, aScript=<optimized out>)
    at /Users/kats/zspace/mozilla-git/content/base/src/nsScriptLoader.cpp:920
#27 0x6117f302 in nsScriptLoader::ProcessRequest (this=0x641b2fc0, aRequest=0x641e9580) at /Users/kats/zspace/mozilla-git/content/base/src/nsScriptLoader.cpp:813
#28 0x6117f440 in nsScriptRequestProcessor::Run (this=0x63c5e320) at /Users/kats/zspace/mozilla-git/content/base/src/nsScriptLoader.cpp:383
#29 0x61118016 in nsContentUtils::RemoveScriptBlocker () at /Users/kats/zspace/mozilla-git/content/base/src/nsContentUtils.cpp:4804
#30 0x61145a60 in nsDocument::EndUpdate (this=0x641f1800, aUpdateType=1) at /Users/kats/zspace/mozilla-git/content/base/src/nsDocument.cpp:4045
#31 0x612733b2 in nsHTMLDocument::EndUpdate (this=0x60, aUpdateType=1547298144) at /Users/kats/zspace/mozilla-git/content/html/document/src/nsHTMLDocument.cpp:2275
#32 0x61052124 in mozAutoDocUpdate::~mozAutoDocUpdate (this=0x5c3a00b0, __in_chrg=<optimized out>)
    at /Users/kats/zspace/mozilla-git/layout/style/../../content/base/src/mozAutoDocUpdate.h:67
#33 0x61165652 in nsINode::ReplaceOrInsertBefore (this=0x641ff830, aReplace=<optimized out>, aNewChild=0x652ec710, aRefChild=<optimized out>)
    at /Users/kats/zspace/mozilla-git/content/base/src/nsGenericElement.cpp:4404
#34 0x61211dd6 in nsINode::ReplaceOrInsertBefore (this=0x60, aReplace=96, aNewChild=0x7b, aRefChild=0x0, aReturn=0x5c3a01fc) at ../../../../dist/include/nsINode.h:1470
#35 0x615df330 in InsertBefore (aReturn=<optimized out>, aRefChild=<optimized out>, this=<optimized out>, aNewChild=<optimized out>)
    at ../../../dist/include/nsINode.h:508
#36 AppendChild (aReturn=<optimized out>, aNewChild=<optimized out>, this=<optimized out>) at ../../../dist/include/nsINode.h:518
#37 nsIDOMNode_AppendChild (cx=0x5dd26250, argc=1, vp=0x5e100498) at /Users/kats/zspace/mozilla-git/obj-android-debug/js/xpconnect/src/dom_quickstubs.cpp:5502
#38 0x61ccbc80 in js::CallJSNative (cx=0x5dd26250, native=0x615df275 <nsIDOMNode_AppendChild(JSContext*, unsigned int, jsval*)>, args=...)
    at /Users/kats/zspace/mozilla-git/js/src/jscntxtinlines.h:426
#39 0x61ce103a in js::InvokeKernel (cx=0x5dd26250, args=..., construct=js::NO_CONSTRUCT) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:524
#40 0x61ce192e in Invoke (construct=<optimized out>, args=<optimized out>, cx=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.h:172
#41 js::Invoke (cx=0x5dd26250, thisv=..., fval=..., argc=<optimized out>, argv=0x5e100450, rval=0x5c3a0368) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:572
#42 0x61d2e7b2 in js::ProxyHandler::call (this=<optimized out>, cx=0x5dd26250, proxy=0x65b0c880, argc=1, vp=0x5e100440)
---Type <return> to continue, or q <return> to quit--- 
    at /Users/kats/zspace/mozilla-git/js/src/jsproxy.cpp:340
#43 0x61d9106e in js::Wrapper::call (this=0x625e8c8c, cx=0x5dd26250, wrapper=0x65b0c880, argc=1, vp=0x5e100440)
    at /Users/kats/zspace/mozilla-git/js/src/jswrapper.cpp:276
#44 0x61d97da8 in js::CrossCompartmentWrapper::call (this=0x625e8c8c, cx=0x5dd26250, wrapper_=<optimized out>, argc=1, vp=0x5e100440)
    at /Users/kats/zspace/mozilla-git/js/src/jswrapper.cpp:759
#45 0x61d3166a in call (vp=<optimized out>, argc=<optimized out>, proxy=<optimized out>, cx=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsproxy.cpp:911
#46 proxy_Call (cx=0x5dd26250, argc=1, vp=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsproxy.cpp:1438
#47 0x61ccbc80 in js::CallJSNative (cx=0x5dd26250, native=0x61d315c5 <proxy_Call(JSContext*, unsigned int, JS::Value*)>, args=...)
    at /Users/kats/zspace/mozilla-git/js/src/jscntxtinlines.h:426
#48 0x61ce11dc in js::InvokeKernel (cx=0x5dd26250, args=..., construct=js::NO_CONSTRUCT) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:517
#49 0x61ccfa5c in js::Interpret (cx=0x5dd26250, entryFrame=<optimized out>, interpMode=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:2772
#50 0x61ce08ea in js::RunScript (cx=0x5dd26250, script=<optimized out>, fp=0x5e100038) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:480
#51 0x61ce10fe in js::InvokeKernel (cx=0x5dd26250, args=..., construct=js::NO_CONSTRUCT) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:540
#52 0x61ce192e in Invoke (construct=<optimized out>, args=<optimized out>, cx=<optimized out>) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.h:172
#53 js::Invoke (cx=0x5dd26250, thisv=..., fval=..., argc=<optimized out>, argv=0x5c3a0fd0, rval=0x5c3a1130) at /Users/kats/zspace/mozilla-git/js/src/jsinterp.cpp:572
#54 0x61c30d46 in JS_CallFunctionValue (cx=0x5dd26250, obj=0x639db920, fval=..., argc=1, argv=0x5c3a0fd0, rval=0x5c3a1130)
    at /Users/kats/zspace/mozilla-git/js/src/jsapi.cpp:5448
#55 0x615c21ea in nsXPCWrappedJSClass::CallMethod (this=0x5f3faee0, wrapper=<optimized out>, methodIndex=<optimized out>, info=0x5de526d0, nativeParams=0x5c3a1218)
    at /Users/kats/zspace/mozilla-git/js/xpconnect/src/XPCWrappedJSClass.cpp:1509
#56 0x615bd0ae in nsXPCWrappedJS::CallMethod (this=0x63531440, methodIndex=3, info=0x5de526d0, params=<optimized out>)
    at /Users/kats/zspace/mozilla-git/js/xpconnect/src/XPCWrappedJS.cpp:616
#57 0x619ac0f6 in PrepareAndDispatch (self=<optimized out>, methodIndex=<optimized out>, args=0x5c3a12d4)
    at /Users/kats/zspace/mozilla-git/xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:138
#58 0x619ab72c in SharedStub () from /Users/kats/zspace/mozilla-git/obj-android-debug/dist/bin/libxul.so
#59 0x6120aebc in nsDOMEventListenerWrapper::HandleEvent (this=0x6436d910, aEvent=0x6304a600)
    at /Users/kats/zspace/mozilla-git/content/events/src/nsDOMEventTargetHelper.cpp:68
#60 0x611e6f14 in nsEventListenerManager::HandleEventSubType (this=<optimized out>, aListenerStruct=<optimized out>, aListener=0x6436d910, aDOMEvent=0x6304a600, 
    aCurrentTarget=0x64d7c310, aPhaseFlags=6, aPusher=0x5c3a1474) at /Users/kats/zspace/mozilla-git/content/events/src/nsEventListenerManager.cpp:835
#61 0x611e709e in nsEventListenerManager::HandleEventInternal (this=0x62fddce0, aPresContext=<optimized out>, aEvent=0x63536940, aDOMEvent=0x5c3a1464, 
    aCurrentTarget=0x64d7c310, aFlags=6, aEventStatus=0x5c3a1468, aPusher=0x5c3a1474) at /Users/kats/zspace/mozilla-git/content/events/src/nsEventListenerManager.cpp:892
#62 0x611fef40 in HandleEvent (aPusher=<optimized out>, aEventStatus=<optimized out>, aFlags=<optimized out>, aCurrentTarget=<optimized out>, aDOMEvent=<optimized out>, 
    aEvent=<optimized out>, aPresContext=<optimized out>, this=<optimized out>) at /Users/kats/zspace/mozilla-git/content/events/src/nsEventListenerManager.h:169
#63 nsEventTargetChainItem::HandleEvent (this=<optimized out>, aVisitor=..., aFlags=6, aMayHaveNewListenerManagers=<optimized out>, aPusher=0x5c3a1474)
    at /Users/kats/zspace/mozilla-git/content/events/src/nsEventDispatcher.cpp:217
#64 0x611ff0ac in nsEventTargetChainItem::HandleEventTargetChain (this=<optimized out>, aVisitor=..., aFlags=6, aCallback=0x0, aMayHaveNewListenerManagers=false, 
    aPusher=0x5c3a1474) at /Users/kats/zspace/mozilla-git/content/events/src/nsEventDispatcher.cpp:349
#65 0x611ffaac in nsEventDispatcher::Dispatch (aTarget=<optimized out>, aPresContext=0x0, aEvent=0x63536940, aDOMEvent=<optimized out>, aEventStatus=0x0, aCallback=0x0, 
    aTargets=0x0) at /Users/kats/zspace/mozilla-git/content/events/src/nsEventDispatcher.cpp:684
#66 0x611ffdaa in nsEventDispatcher::DispatchDOMEvent (aTarget=0x64d7c310, aEvent=<optimized out>, aDOMEvent=0x6304a600, aPresContext=0x0, aEventStatus=0x0)
    at /Users/kats/zspace/mozilla-git/content/events/src/nsEventDispatcher.cpp:747
#67 0x6115ff52 in nsINode::DispatchDOMEvent (this=0x60, aEvent=0x6304a600, aDOMEvent=0x1, aPresContext=0x619ab731, aEventStatus=0x0)
    at /Users/kats/zspace/mozilla-git/content/base/src/nsGenericElement.cpp:1183
#68 0x611931da in nsXHREventTarget::DispatchDOMEvent (this=0x60, aEvent=0x6304a600, aDOMEvent=0x1, aPresContext=0x619ab731, aEventStatus=0x0)
    at /Users/kats/zspace/mozilla-git/content/base/src/nsXMLHttpRequest.h:106
#69 0x6119676a in nsXMLHttpRequest::ChangeState (this=0x64d7c310, aState=<optimized out>, aBroadcast=<optimized out>)
    at /Users/kats/zspace/mozilla-git/content/base/src/nsXMLHttpRequest.cpp:3553
#70 0x6119a5f4 in nsXMLHttpRequest::OnDataAvailable (this=0x64d7c310, request=0x641f5434, ctxt=<optimized out>, inStr=<optimized out>, sourceOffset=362, count=63114)
    at /Users/kats/zspace/mozilla-git/content/base/src/nsXMLHttpRequest.cpp:2111
#71 0x6111c7a2 in nsCORSListenerProxy::OnDataAvailable (this=<optimized out>, aRequest=0x641f5434, aContext=0x0, aInputStream=0x64dcd100, aOffset=362, aCount=63114)
    at /Users/kats/zspace/mozilla-git/content/base/src/nsCrossSiteListenerProxy.cpp:662
#72 0x60e3c41a in nsHTTPCompressConv::do_OnDataAvailable (this=0x64458f00, request=0x641f5434, context=0x0, offset=<optimized out>, 
    buffer=0x63ccf000 "{e:\"kCypT7veDYGZ6AH5rPCvBA\",c:1,u:\"http://www.google.ca/search?hl\\x3den\\x26gs_nf\\x3d1\\x26cp\\x3d4\\x26gs_id\\x3d2q\\x26xhr\\x3dt\\x26q\\x3dfirefox\\x26pf\\x3dp\\x26output\\x3dsearch\\x26sclient\\x3dpsy-ab\\x26oq\\x3"..., count=63114)
    at /Users/kats/zspace/mozilla-git/netwerk/streamconv/converters/nsHTTPCompressConv.cpp:378
#73 0x60e3c74c in nsHTTPCompressConv::OnDataAvailable (this=0x64458f00, request=0x641f5434, aContext=0x0, iStr=<optimized out>, aSourceOffset=362, aCount=21038)
    at /Users/kats/zspace/mozilla-git/netwerk/streamconv/converters/nsHTTPCompressConv.cpp:322
#74 0x60e27434 in nsStreamListenerTee::OnDataAvailable (this=<optimized out>, request=0x641f5434, context=0x0, input=<optimized out>, offset=362, count=21038)
    at /Users/kats/zspace/mozilla-git/netwerk/base/src/nsStreamListenerTee.cpp:122
---Type <return> to continue, or q <return> to quit---
#75 0x60e90724 in nsHttpChannel::OnDataAvailable (this=0x641f5400, request=<optimized out>, ctxt=<optimized out>, input=0x64454d50, offset=362, count=21038)
    at /Users/kats/zspace/mozilla-git/netwerk/protocol/http/nsHttpChannel.cpp:4626
#76 0x60e0ca40 in nsInputStreamPump::OnStateTransfer (this=0x63cefb20) at /Users/kats/zspace/mozilla-git/netwerk/base/src/nsInputStreamPump.cpp:518
#77 0x60e0d44e in nsInputStreamPump::OnInputStreamReady (this=0x63cefb20, stream=<optimized out>)
    at /Users/kats/zspace/mozilla-git/netwerk/base/src/nsInputStreamPump.cpp:402
#78 0x61987878 in nsInputStreamReadyEvent::Run (this=0x64185f80) at /Users/kats/zspace/mozilla-git/xpcom/io/nsStreamUtils.cpp:114
#79 0x61996fa0 in nsThread::ProcessNextEvent (this=0x5c5b10f0, mayWait=<optimized out>, result=0x5c3a17cf)
    at /Users/kats/zspace/mozilla-git/xpcom/threads/nsThread.cpp:656
#80 0x619610e0 in NS_ProcessNextEvent_P (thread=0x60, mayWait=false) at /Users/kats/zspace/mozilla-git/obj-android-debug/xpcom/build/nsThreadUtils.cpp:245
#81 0x618ab260 in mozilla::ipc::MessagePump::Run (this=0x5c5b3250, aDelegate=0x5c5d80e0) at /Users/kats/zspace/mozilla-git/ipc/glue/MessagePump.cpp:114
#82 0x619c8802 in MessageLoop::RunInternal (this=0x5c5d80e0) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:208
#83 0x619c8862 in RunHandler (this=<optimized out>) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:201
#84 MessageLoop::Run (this=0x5c5d80e0) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:175
#85 0x617fe636 in nsBaseAppShell::Run (this=0x5dd303e0) at /Users/kats/zspace/mozilla-git/widget/xpwidgets/nsBaseAppShell.cpp:189
#86 0x616b9788 in nsAppStartup::Run (this=0x5e66c0a0) at /Users/kats/zspace/mozilla-git/toolkit/components/startup/nsAppStartup.cpp:295
#87 0x60df4c14 in XREMain::XRE_mainRun (this=0x5c3a1a74) at /Users/kats/zspace/mozilla-git/toolkit/xre/nsAppRunner.cpp:3780
#88 0x60df72c0 in XREMain::XRE_main (this=0x5c3a1a74, argc=<optimized out>, argv=<optimized out>, aAppData=0x5b4c8b14)
    at /Users/kats/zspace/mozilla-git/toolkit/xre/nsAppRunner.cpp:3857
#89 0x60df743a in XRE_main (argc=8, argv=0x5c5bf048, aAppData=0x5b4c8b14) at /Users/kats/zspace/mozilla-git/toolkit/xre/nsAppRunner.cpp:3933
#90 0x60dfc0b2 in GeckoStart (data=0x18ddd78, appData=0x5b4c8b14) at /Users/kats/zspace/mozilla-git/toolkit/xre/nsAndroidStartup.cpp:109
#91 0x5b4b0bca in Java_org_mozilla_gecko_GeckoAppShell_nativeRun (jenv=0x1769580, jc=<optimized out>, jargs=0x26200005)
    at /Users/kats/zspace/mozilla-git/mozglue/android/APKOpen.cpp:998
#92 0x40843c34 in dvmPlatformInvoke () from /Users/kats/android/jdb/moz-gdb/lib/01466E640801401C/system/lib/libdvm.so
#93 0x4087deee in dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*) ()
   from /Users/kats/android/jdb/moz-gdb/lib/01466E640801401C/system/lib/libdvm.so
#94 0x017897d0 in ?? ()
#95 0x017897d0 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Comment 1

[Scoobidiver (away)]

(In reply to Kartikaya Gupta (:kats) from comment #0)
> By the looks of it, this may be caused by the recent compartment changes in
> the JS engine.
I am not sure about that because 11.0 and 12.0 are affected. See https://crash-stats.mozilla.com/report/list?signature=js%3A%3ACrossCompartmentWrapper%3A%3Aiterate

Comment 2

[David Mandelin [:dmandelin]]

Kartikaya, can you still reproduce this? I just tried on an Atrix and got no crash.

Comment 3

[Kartikaya Gupta (email:kats@mozilla.staktrace.com)]

On a more recent build, I can't reproduce it (at least using the STR I posted above). I probably still have the old crashy build on my machine somewhere if you want me to try that again.