992074 - [tarako] monkey test crash at libxul.so!mozalloc_abort(char const*) [mozalloc_abort.cpp : 30 + 0x4]

Status: RESOLVED WONTFIX

(Core :: General, defect)

Description

[yaoyao.wu]

Operating system: Android
                  0.0.0 Linux 3.0.8 #1 PREEMPT Wed Apr 2 18:26:35 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/225:userdebug/test-keys
CPU: arm
     0 CPUs

Crash reason:  SIGSEGV
Crash address: 0x0

Thread 0 (crashed)
 0  libxul.so!mozalloc_abort(char const*) [mozalloc_abort.cpp : 30 + 0x4]
     r4 = 0xbeb9bab0    r5 = 0xbeb9a470    r6 = 0x00000000    r7 = 0x00000000
     r8 = 0xbeb9bad4    r9 = 0xbeb9af38   r10 = 0x3188ebcc    fp = 0x0000002c
     sp = 0xbeb9a3f8    lr = 0x4183812b    pc = 0x4183812e
    Found by: given as instruction pointer in context
 1  libxul.so!abort [mozalloc_abort.cpp : 39 + 0x7]
     r4 = 0xbeb9bab0    r5 = 0xbeb9a470    r6 = 0x00000000    r7 = 0x00000000
     r8 = 0xbeb9bad4    r9 = 0xbeb9af38   r10 = 0x3188ebcc    fp = 0x0000002c
     sp = 0xbeb9a400    pc = 0x41838145
    Found by: call frame info
 2  libxul.so!void js::jit::MacroAssembler::guardTypeSet<js::jit::TypedOrValueRegister, js::types::HeapTypeSet>(js::jit::TypedOrValueRegister const&, js::types::HeapTypeSet const*, js::jit::Register, js::jit::Label*) [IonMacroAssembler.cpp : 91 + 0x4]
     sp = 0xbeb9a448    pc = 0x415fe1c2
    Found by: stack scanning
 3  libmozglue.so!free [jemalloc.c : 6545 + 0x3]
     r4 = 0xbeb9a73c    r5 = 0xbeb9a558    r6 = 0x4311cd20    r7 = 0x430623f8
     r8 = 0xbeb9bbb4    r9 = 0x00000020   r10 = 0xb562b0d8    fp = 0x001c0021
     sp = 0xbeb9a4e8    pc = 0x40064901
    Found by: call frame info
 4  libxul.so!js::LifoAlloc::freeAll() [Utility.h : 167 + 0x3]
     r4 = 0xbeb9a73c    r5 = 0xbeb9a558    r6 = 0x4311cd20    r7 = 0x430623f8
     r8 = 0xbeb9bbb4    r9 = 0x00000020   r10 = 0xb562b0d8    fp = 0x001c0021
     sp = 0xbeb9a4f0    pc = 0x415b5557
    Found by: call frame info
 5  libxul.so!js::jit::ICStubCompiler::getStubCode() [LifoAlloc.h : 248 + 0x3]
     r4 = 0xbeb9a550    r5 = 0xbeb9a558    r6 = 0x4311cd20    r7 = 0x430623f8
     r8 = 0xbeb9bbb4    r9 = 0x00000020   r10 = 0xb562b0d8    fp = 0x001c0021
     sp = 0xbeb9a4f8    pc = 0x417fad27
    Found by: call frame info
 6  libxul.so!js::jit::ICBinaryArith_Double::Compiler::getStub(js::jit::ICStubSpace*) [JitCompartment.h : 85 + 0x7]
     r4 = 0x433d67c8    r5 = 0x43620970    r6 = 0xbeb9bc1c    r7 = 0x43031880
     r8 = 0xbeb9bdc0    r9 = 0x00000003   r10 = 0x4318fc9c    fp = 0xbeb9bc98
     sp = 0xbeb9bc00    pc = 0x417fbf85
    Found by: call frame info
 7  0xffffff85
     r4 = 0x4302e0d0    r5 = 0xffffff87    r6 = 0x4307af20    r7 = 0x43031880
     r8 = 0xbeb9bdc0    r9 = 0x00000003   r10 = 0x4318fc9c    fp = 0xbeb9bc98
     sp = 0xbeb9bc10    pc = 0xffffff87
    Found by: call frame info

Comment 1

[yaoyao.wu]

a bit like bug 990853

Comment 2

[thomas tsai]

Hi Allan: Can you help to analyze first?

Comment 3

[Joe Cheng [:jcheng] (please needinfo)]

unless the reproducible rate is high in daily stability testing, lets not block on this. thanks

Comment 4

[Thinker Li [:sinker]]

This is very possibly running out the memory.  Could you give more details?  At least what the process is, and logcat.  These are very basic information.  Without these relative information, we are just wasting time in communication.

Comment 5

[Alan Huang]

(In reply to thomas tsai from comment #2)
> Hi Allan: Can you help to analyze first?

Hello Thomas,
I think this is 297051 on partner bugzilla, as we discussed. Since Thinker asked for log in comment 4 but we don't see them here, I will try to update the log I got from partner FTP here. It would be better if reporter can do this next time :)

Comment 6

[Sylvestre Ledru [:Sylvestre]]

Closing as we are not working on Firefox OS anymore.