Closed Bug 876272 Opened 12 years ago Closed 8 years ago

crash in JSAtom* js::AtomizeChars

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
21 Branch
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1373934
Tracking Flags:
Tracking Status
firefox21 --- affected
firefox22 --- affected
firefox23 --- affected

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, Whiteboard: [native-crash][startupcrash])

Crash Data

It's #40 crasher in 21.0, #193 in 22.0b2, and #107 in 23.0a2. Signature JSAtom* js::AtomizeChars<(js::AllowGC)1>(JSContext*, unsigned short const*, unsigned int, js::InternBehavior) More Reports Search UUID 6e8541dc-7759-4925-acff-7cec62130526 Date Processed 2013-05-26 11:43:05 Uptime 10 Last Crash 1.8 weeks before submission Install Age 1.8 hours since version was first installed. Install Time 2013-05-26 09:51:55 Product FennecAndroid Version 22.0 Build ID 20130521221559 Release Channel beta OS Android OS Version 0.0.0 Linux 2.6.39.4 #2 SMP PREEMPT Wed Feb 20 20:41:34 JST 2013 armv7l DOCOMO/F10D/F10D:4.0.3/V21R48A/F10D.20130220.203539:user/release-keys Build Architecture arm Build Architecture Info ARMv0 Crash Reason SIGBUS Crash Address 0x5e3bcec1 App Notes AdapterDescription: 'NVIDIA Corporation -- NVIDIA Tegra 3 -- OpenGL ES 2.0 14.01002 -- Model: F-10D, Product: F10D, Manufacturer: FUJITSU, Hardware: f12arc' EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ FUJITSU F-10D DOCOMO/F10D/F10D:4.0.3/V21R48A/F10D.20130220.203539:user/release-keys Processor Notes sp-processor06_phx1_mozilla_com_16597:2012; exploitability tool: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID NVIDIA Corporation Adapter Device ID NVIDIA Tegra 3 Device FUJITSU F-10D Android API Version 15 (REL) Android CPU ABI armeabi-v7a Frame Module Signature Source 0 libxul.so JSAtom* js::AtomizeChars< js/src/jsatom.h:70 1 libmozglue.so arena_malloc memory/mozjemalloc/jemalloc.c:4167 2 libxul.so bool js::XDRAtom< js/src/jsatom.cpp:490 3 libxul.so bool js::XDRScript< js/src/jsscript.cpp:636 4 libmozglue.so arena_malloc memory/mozjemalloc/jemalloc.c:4167 More reports at: https://crash-stats.mozilla.com/report/list?signature=JSAtom*+js%3A%3AAtomizeChars%3C%28js%3A%3AAllowGC%291%3E%28JSContext*%2C+unsigned+short+const*%2C+unsigned+int%2C+js%3A%3AInternBehavior%29
It's #46 crasher in 22.0 and #142 in 23.0b8.
I'm seeing something very similar at https://tbpl.mozilla.org/php/getParsedLog.php?id=43762075&tree=Mozilla-Inbound&full=1#error1 generated by a nearly do-nothing patch at https://tbpl.mozilla.org/?tree=Mozilla-Inbound&rev=9198564a941c https://crash-stats.mozilla.com/query/?query_type=simple&query=AtomizeChars shows a smattering of crashes across platforms. The following builds did not show the problem. But the problem *did* occur on both OSX opt builds for that push. As with this bug, it's an AtomizeChars crash inside of XDRScript<1>().
Assignee: general → nobody
Crash Signature: [@ JSAtom* js::AtomizeChars<(js::AllowGC)1>(JSContext*, unsigned short const*, unsigned int, js::InternBehavior)] [@ js::AtomizeChars ] → [@ JSAtom* js::AtomizeChars<(js::AllowGC)1>(JSContext*, unsigned short const*, unsigned int, js::InternBehavior)] [@ js::AtomizeChars ] [@ JSAtom* js::AtomizeChars<T>]
Closing the crashes that remain are being tracked in Bug 1373934. Whatever useful logs/crashes this bug had are now lost to the mist.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.