Closed
Bug 992618
Opened 10 years ago
Closed 6 years ago
[tarako] monkey test crash at libxul.so!js::GetReservedSlot(JSObject*, unsigned int) [jsfriendapi.h : 403 + 0x0]
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-b2g:-)
RESOLVED
WONTFIX
| blocking-b2g | - |
People
(Reporter: yaoyao.wu, Unassigned)
Details
(Keywords: crash)
Attachments
(2 files)
Operating system: Android
0.0.0 Linux 3.0.8+ #1 PREEMPT Fri Apr 4 19:36:28 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/235:userdebug/test-keys
CPU: arm
0 CPUs
Crash reason: SIGSEGV
Crash address: 0x0
Thread 0 (crashed)
0 libxul.so!js::GetReservedSlot(JSObject*, unsigned int) [jsfriendapi.h : 403 + 0x0]
r4 = 0x47ab3790 r5 = 0x00000000 r6 = 0x43828330 r7 = 0x00000000
r8 = 0x00000014 r9 = 0x424bbae4 r10 = 0x413a7ced fp = 0x00000000
sp = 0xbed3b600 lr = 0x410d9f19 pc = 0x410d9d28
Found by: given as instruction pointer in context
1 libxul.so!mozilla::DOMLocalMediaStream* mozilla::dom::UnwrapDOMObject<mozilla::DOMLocalMediaStream>(JSObject*) + 0x7
r4 = 0x47ab3790 r5 = 0x00000000 r6 = 0x43828330 r7 = 0x00000000
r8 = 0x00000014 r9 = 0x424bbae4 r10 = 0x413a7ced fp = 0x00000000
sp = 0xbed3b600 pc = 0x410d9f19
Found by: call frame info
2 libxul.so!mozilla::dom::MediaSourceBinding::_finalize [MediaSourceBinding.cpp : 439 + 0x5]
r4 = 0x47ab3790 r5 = 0x00000000 r6 = 0x43828330 r7 = 0x00000000
r8 = 0x00000014 r9 = 0x424bbae4 r10 = 0x413a7ced fp = 0x00000000
sp = 0xbed3b608 pc = 0x411cb005
Found by: call frame info
3 0x47ab378e
r4 = 0x47ab3790 r5 = 0x00000000 r6 = 0x43828330 r7 = 0x00000000
r8 = 0x00000014 r9 = 0x424bbae4 r10 = 0x413a7ced fp = 0x00000000
sp = 0xbed3b610 pc = 0x47ab3790
Found by: call frame info
4 libxul.so!GCGraphBuilder::NoteXPCOMChild(nsISupports*) [nsCycleCollector.cpp : 1967 + 0x5]
sp = 0xbed3b618 pc = 0x40e0b559
Found by: stack scanning
5 libxul.so!PLDHashOperator ImplCycleCollectionTraverse_EnumFunc<nsAString_internal const&, nsISupports*>(nsAString_internal const&, nsISupports*, void*) [nsCycleCollectionNoteChild.h : 65 + 0x9]
r4 = 0x43828330 r5 = 0x47ab3790 r6 = 0x00000010 r7 = 0x00000000
r8 = 0x00000014 sp = 0xbed3b650 pc = 0x413aa229
Found by: call frame info
6 libxul.so!nsBaseHashtable<nsStringHashKey, nsCOMPtr<nsISupports>, nsISupports*>::s_EnumReadStub(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*) [nsBaseHashtable.h : 381 + 0x9]
r4 = 0x413aa209 r5 = 0x475eb3fc r6 = 0x00000010 r7 = 0x00000000
r8 = 0x00000014 sp = 0xbed3b660 pc = 0x413a7cf9
Found by: call frame info
7 libxul.so!PL_DHashTableEnumerate [pldhash.cpp : 632 + 0x9]
r4 = 0x472718cc r5 = 0x475eb3fc r6 = 0x00000010 r7 = 0x00000000
r8 = 0x00000014 sp = 0xbed3b668 pc = 0x40dff53f
Found by: call frame info
8 libxul.so!mozilla::dom::Navigator::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&) [nsBaseHashtable.h : 175 + 0x3]
r4 = 0x00000000 r5 = 0x42493d2c r6 = 0x43828330 r7 = 0x47271860
r8 = 0xbed3b6a8 r9 = 0x424bbae4 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3b698 pc = 0x413aa4e7
Found by: call frame info
9 libxul.so!GCGraphBuilder::Traverse(PtrInfo*) [nsCycleCollector.cpp : 1886 + 0x7]
r4 = 0x44102008 r5 = 0xbed3b718 r6 = 0x00000000 r7 = 0x44102008
r8 = 0x00000000 r9 = 0x00000001 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3b6d8 pc = 0x40e0ab95
Found by: call frame info
10 libxul.so!nsCycleCollector::MarkRoots(js::SliceBudget&) [nsCycleCollector.cpp : 2312 + 0x7]
r4 = 0x403cc000 r5 = 0xbed3b718 r6 = 0x00000000 r7 = 0x44102008
r8 = 0x00000000 r9 = 0x00000001 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3b6e0 pc = 0x40e0abf5
Found by: call frame info
11 libxul.so!nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*) [nsCycleCollector.cpp : 2862 + 0x7]
r4 = 0x403cc000 r5 = 0x00000000 r6 = 0xbed3b718 r7 = 0x00000000
r8 = 0x00000000 r9 = 0x00000001 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3b6f8 pc = 0x40e0c3a3
Found by: call frame info
12 libxul.so!nsCycleCollector_scheduledCollect() [nsCycleCollector.cpp : 3408 + 0xb]
r4 = 0x4031f1a8 r5 = 0xbed3b718 r6 = 0x0000017f r7 = 0x0000000e
r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b718 pc = 0x40e0c427
Found by: call frame info
13 libxul.so!nsJSContext::ScheduledCycleCollectNow() [nsJSEnvironment.cpp : 2095 + 0x3]
r4 = 0x424bb99c r5 = 0x00000001 r6 = 0x0000017f r7 = 0x0000000e
r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b740 pc = 0x413a1efd
Found by: call frame info
14 libxul.so!CCTimerFired [nsJSEnvironment.cpp : 2330 + 0x3]
r4 = 0x424bb99c r5 = 0x00000001 r6 = 0x0000017f r7 = 0x0000000e
r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b750 pc = 0x413a1fbb
Found by: call frame info
15 libxul.so!nsTimerImpl::Fire() [nsTimerImpl.cpp : 551 + 0x5]
r4 = 0x43504d30 r5 = 0x413a1f11 r6 = 0x00000002 r7 = 0x00000001
r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b768 pc = 0x40e2d757
Found by: call frame info
16 libxul.so!nsTimerEvent::Run() [nsTimerImpl.cpp : 635 + 0x5]
r4 = 0x4031e8e0 r5 = 0x00000000 r6 = 0x00000001 r7 = 0x00000001
r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b790 pc = 0x40e2d807
Found by: call frame info
17 libxul.so!nsThread::ProcessNextEvent(bool, bool*) [nsThread.cpp : 612 + 0x5]
r4 = 0x4031e8e0 r5 = 0x00000000 r6 = 0x00000001 r7 = 0x00000001
r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b798 pc = 0x40e2be75
Found by: call frame info
18 libxul.so!NS_ProcessNextEvent(nsIThread*, bool) [nsThreadUtils.cpp : 263 + 0xb]
r4 = 0x00000001 r5 = 0x403a10c0 r6 = 0x40302d40 r7 = 0x00000000
r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b7d8 pc = 0x40dfec01
Found by: call frame info
19 libxul.so!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 124 + 0x7]
r4 = 0x40302d30 r5 = 0x403a10c0 r6 = 0x40302d40 r7 = 0x00000000
r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b7e8 pc = 0x40f57725
Found by: call frame info
20 libxul.so!MessageLoop::RunInternal() [message_loop.cc : 222 + 0x5]
r4 = 0x403a10c0 r5 = 0x43bff4c0 r6 = 0x4031e8e0 r7 = 0x00000000
r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b810 pc = 0x40f4d679
Found by: call frame info
21 libxul.so!MessageLoop::Run() [message_loop.cc : 215 + 0x5]
r4 = 0x403a10c0 r5 = 0x43bff4c0 r6 = 0x4031e8e0 r7 = 0x00000000
r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b818 pc = 0x40f4d6f7
Found by: call frame info
22 libxul.so!nsBaseAppShell::Run() [nsBaseAppShell.cpp : 161 + 0x7]
r4 = 0x00000000 r5 = 0x43bff4c0 r6 = 0x4031e8e0 r7 = 0x00000000
r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b830 pc = 0x413114a5
Found by: call frame info
23 libxul.so!nsAppStartup::Run() [nsAppStartup.cpp : 276 + 0x5]
r4 = 0x43b5c160 r5 = 0x40e15af5 r6 = 0xbed3bb05 r7 = 0x00000000
r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b840 pc = 0x41945611
Found by: call frame info
24 libxul.so!XREMain::XRE_mainRun() [nsAppRunner.cpp : 4059 + 0x5]
r4 = 0xbed3ba14 r5 = 0x40e15af5 r6 = 0xbed3bb05 r7 = 0x00000000
r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000
sp = 0xbed3b848 pc = 0x4191d289
Found by: call frame info
25 libxul.so!XREMain::XRE_main(int, char**, nsXREAppData const*) [nsAppRunner.cpp : 4127 + 0x5]
r4 = 0xbed3ba14 r5 = 0xbed3b9ee r6 = 0x00000000 r7 = 0x00021170
r8 = 0x40338000 r9 = 0x4033c000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3b9e8 pc = 0x4191fc5b
Found by: call frame info
26 libxul.so!XRE_main [nsAppRunner.cpp : 4337 + 0x3]
r4 = 0x00021170 r5 = 0xbed3dbf4 r6 = 0x00000001 r7 = 0x00000000
r8 = 0xbed3ba14 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3ba10 pc = 0x4191fdc5
Found by: call frame info
27 b2g!main [nsBrowserApp.cpp : 163 + 0xf]
r4 = 0x4191fd79 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xbed3dbf4
r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3bb20 pc = 0x000098df
Found by: call frame info
28 libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7]
r4 = 0x00009654 r5 = 0xbed3dbf4 r6 = 0x00000001 r7 = 0xbed3dbfc
r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3dbd8 pc = 0x40142a57
Found by: call frame info
29 0xb0001dc5
r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbed3dbf0 pc = 0xb0001dc7
Found by: call frame info
30 b2g!MOZ_PNG_get_cHRM [pngget.c : 517 + 0x9]
sp = 0xbed3dc4c pc = 0x0000b8d7
Found by: stack scanning
31 b2g + 0x32
r4 = 0x00000006 r5 = 0x00001000 r6 = 0x00000011 r7 = 0x00000064
r8 = 0x00000003 sp = 0xbed3dc64 pc = 0x00008034
Found by: call frame info
|
||
Comment 3•10 years ago
|
||
lets not block on this before we have clear path of actions
blocking-b2g: 1.3T? → -
|
||
Comment 4•10 years ago
|
||
Hi Alan, please help on this bug. thanks!
Flags: needinfo?(styang) → needinfo?(ahuang)
|
||
Comment 5•10 years ago
|
||
Ah, I'm not that familiar with JS part. Would you mind find someone who works on JS to look into this?
Flags: needinfo?(ahuang)
|
||
Updated•10 years ago
|
Flags: needinfo?(ttsai)
|
||
Comment 6•6 years ago
|
||
Firefox OS is not being worked on
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•