Closed
Bug 928020
Opened 11 years ago
Closed 11 years ago
crash in mozalloc_abort(char const* const) | xul.dll@0xdd757f | xul.dll@0x8a76f4 | xul.dll@0x6af6ce | xul.dll@0x12c618 | xul.dll@0x10b4f0 | js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 767343
People
(Reporter: u279076, Unassigned)
References
Details
(Keywords: crash, topcrash, topcrash-win)
Crash Data
This bug was filed from the Socorro interface and is
report bp-b46dae37-ea81-4f2f-bae4-8fe232131016.
=============================================================
0 mozalloc.dll mozalloc_abort(char const * const) memory/mozalloc/mozalloc_abort.cpp
1 xul.dll xul.dll@0xdd757f
2 xul.dll xul.dll@0x8a76f4
3 xul.dll xul.dll@0x6af6ce
4 xul.dll xul.dll@0x12c618
5 xul.dll xul.dll@0x10b4f0
6 mozjs.dll js::Invoke(JSContext *,JS::Value const &,JS::Value const &,unsigned int,JS::Value *,JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp
7 mozjs.dll js::Shape::set(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,bool,JS::MutableHandle<JS::Value>) js/src/vm/Shape-inl.h
8 mozjs.dll js_NativeSet(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<js::Shape *>,bool,JS::MutableHandle<JS::Value>) js/src/jsobj.cpp
9 mozjs.dll js::baseops::SetPropertyHelper(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<int>,unsigned int,JS::MutableHandle<JS::Value>,int) js/src/jsobj.cpp
10 mozjs.dll SetPropertyOperation(JSContext *,JS::Handle<JSScript *>,unsigned char *,JS::Handle<JS::Value>,JS::Handle<JS::Value>) js/src/vm/Interpreter.cpp
11 mozjs.dll Interpret js/src/vm/Interpreter.cpp
12 xul.dll xul.dll@0x106ed5
Currently #17 in Beta and our third explosive Fx 25 crasher as per:
https://crash-analysis.mozilla.com/rkaiser/2013-10-16/2013-10-16.firefox.25.explosiveness.html
All reports indicate Firefox 25.0b7 so it's possibily being caused by something we uplifted there. Unfortunately I see no useful correlations or comments.
I suppose this might be similar or a dupe of bug 926207 with a slightly different signature. Can someone please advise?
Also found this for Aurora:
https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-10-17&signature=mozalloc_abort%28char+const*+const%29+|+xul.dll%400xe0410c+|+xul.dll%400x8c2155+|+xul.dll%400x6b9587+|+xul.dll%400x14ff3b+|+xul.dll%400x162a41+|+js%3A%3AInvoke%28JSContext*%2C+JS%3A%3AValue+const%26%2C+JS%3A%3AValue+const%26%2C+unsigned+int%2C+JS%3A%3AValue*%2C+JS%3A%3AMutableHandle%3CJS%3A%3AValue%3E%29&version=Firefox%3A26.0a2
Not sure if these are related.
Adding signatures for Firefox 24 (dupe bug 926207) and Firefox 26 (see comment 2).
Crash Signature: [@ mozalloc_abort(char const* const) | xul.dll@0xdd757f | xul.dll@0x8a76f4 | xul.dll@0x6af6ce | xul.dll@0x12c618 | xul.dll@0x10b4f0 | js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)] → [@ mozalloc_abort(char const* const) | xul.dll@0xdd757f | xul.dll@0x8a76f4 | xul.dll@0x6af6ce | xul.dll@0x12c618 | xul.dll@0x10b4f0 | js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)]
[@ m…
From KaiRo on IRC:
> I'm not sure why we get unsymbolized libxul frames there at all,
> but you can take it for granted that the signature for this will
> change with every build and have slightly different addresses in
> the libxul frames. The important piece here is there is actually
> an abort message:
>
> "xpcom_runtime_abort(###!!! ABORT: OOM: file
> e:\builds\moz2_slave\rel-m-beta-w32_bld-00000000000\build\xpcom\string\src\nsTSubstring.cpp, line 349)"
|
||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•