Closed Bug 992618 Opened 11 years ago Closed 8 years ago

[tarako] monkey test crash at libxul.so!js::GetReservedSlot(JSObject*, unsigned int) [jsfriendapi.h : 403 + 0x0]

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(blocking-b2g:-)

Status:
RESOLVED WONTFIX
Project Flags:
blocking-b2g -

People

(Reporter: yaoyao.wu, Unassigned)

Details

(Keywords: crash)

Attachments

(2 files)

slog_external_last_log.tar.bz2
368.14 KB, application/x-bzip
Details
the rest.tar.bz2
365.38 KB, application/x-bzip
Details
Operating system: Android 0.0.0 Linux 3.0.8+ #1 PREEMPT Fri Apr 4 19:36:28 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/235:userdebug/test-keys CPU: arm 0 CPUs Crash reason: SIGSEGV Crash address: 0x0 Thread 0 (crashed) 0 libxul.so!js::GetReservedSlot(JSObject*, unsigned int) [jsfriendapi.h : 403 + 0x0] r4 = 0x47ab3790 r5 = 0x00000000 r6 = 0x43828330 r7 = 0x00000000 r8 = 0x00000014 r9 = 0x424bbae4 r10 = 0x413a7ced fp = 0x00000000 sp = 0xbed3b600 lr = 0x410d9f19 pc = 0x410d9d28 Found by: given as instruction pointer in context 1 libxul.so!mozilla::DOMLocalMediaStream* mozilla::dom::UnwrapDOMObject<mozilla::DOMLocalMediaStream>(JSObject*) + 0x7 r4 = 0x47ab3790 r5 = 0x00000000 r6 = 0x43828330 r7 = 0x00000000 r8 = 0x00000014 r9 = 0x424bbae4 r10 = 0x413a7ced fp = 0x00000000 sp = 0xbed3b600 pc = 0x410d9f19 Found by: call frame info 2 libxul.so!mozilla::dom::MediaSourceBinding::_finalize [MediaSourceBinding.cpp : 439 + 0x5] r4 = 0x47ab3790 r5 = 0x00000000 r6 = 0x43828330 r7 = 0x00000000 r8 = 0x00000014 r9 = 0x424bbae4 r10 = 0x413a7ced fp = 0x00000000 sp = 0xbed3b608 pc = 0x411cb005 Found by: call frame info 3 0x47ab378e r4 = 0x47ab3790 r5 = 0x00000000 r6 = 0x43828330 r7 = 0x00000000 r8 = 0x00000014 r9 = 0x424bbae4 r10 = 0x413a7ced fp = 0x00000000 sp = 0xbed3b610 pc = 0x47ab3790 Found by: call frame info 4 libxul.so!GCGraphBuilder::NoteXPCOMChild(nsISupports*) [nsCycleCollector.cpp : 1967 + 0x5] sp = 0xbed3b618 pc = 0x40e0b559 Found by: stack scanning 5 libxul.so!PLDHashOperator ImplCycleCollectionTraverse_EnumFunc<nsAString_internal const&, nsISupports*>(nsAString_internal const&, nsISupports*, void*) [nsCycleCollectionNoteChild.h : 65 + 0x9] r4 = 0x43828330 r5 = 0x47ab3790 r6 = 0x00000010 r7 = 0x00000000 r8 = 0x00000014 sp = 0xbed3b650 pc = 0x413aa229 Found by: call frame info 6 libxul.so!nsBaseHashtable<nsStringHashKey, nsCOMPtr<nsISupports>, nsISupports*>::s_EnumReadStub(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*) [nsBaseHashtable.h : 381 + 0x9] r4 = 0x413aa209 r5 = 0x475eb3fc r6 = 0x00000010 r7 = 0x00000000 r8 = 0x00000014 sp = 0xbed3b660 pc = 0x413a7cf9 Found by: call frame info 7 libxul.so!PL_DHashTableEnumerate [pldhash.cpp : 632 + 0x9] r4 = 0x472718cc r5 = 0x475eb3fc r6 = 0x00000010 r7 = 0x00000000 r8 = 0x00000014 sp = 0xbed3b668 pc = 0x40dff53f Found by: call frame info 8 libxul.so!mozilla::dom::Navigator::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&) [nsBaseHashtable.h : 175 + 0x3] r4 = 0x00000000 r5 = 0x42493d2c r6 = 0x43828330 r7 = 0x47271860 r8 = 0xbed3b6a8 r9 = 0x424bbae4 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3b698 pc = 0x413aa4e7 Found by: call frame info 9 libxul.so!GCGraphBuilder::Traverse(PtrInfo*) [nsCycleCollector.cpp : 1886 + 0x7] r4 = 0x44102008 r5 = 0xbed3b718 r6 = 0x00000000 r7 = 0x44102008 r8 = 0x00000000 r9 = 0x00000001 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3b6d8 pc = 0x40e0ab95 Found by: call frame info 10 libxul.so!nsCycleCollector::MarkRoots(js::SliceBudget&) [nsCycleCollector.cpp : 2312 + 0x7] r4 = 0x403cc000 r5 = 0xbed3b718 r6 = 0x00000000 r7 = 0x44102008 r8 = 0x00000000 r9 = 0x00000001 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3b6e0 pc = 0x40e0abf5 Found by: call frame info 11 libxul.so!nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*) [nsCycleCollector.cpp : 2862 + 0x7] r4 = 0x403cc000 r5 = 0x00000000 r6 = 0xbed3b718 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000001 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3b6f8 pc = 0x40e0c3a3 Found by: call frame info 12 libxul.so!nsCycleCollector_scheduledCollect() [nsCycleCollector.cpp : 3408 + 0xb] r4 = 0x4031f1a8 r5 = 0xbed3b718 r6 = 0x0000017f r7 = 0x0000000e r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b718 pc = 0x40e0c427 Found by: call frame info 13 libxul.so!nsJSContext::ScheduledCycleCollectNow() [nsJSEnvironment.cpp : 2095 + 0x3] r4 = 0x424bb99c r5 = 0x00000001 r6 = 0x0000017f r7 = 0x0000000e r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b740 pc = 0x413a1efd Found by: call frame info 14 libxul.so!CCTimerFired [nsJSEnvironment.cpp : 2330 + 0x3] r4 = 0x424bb99c r5 = 0x00000001 r6 = 0x0000017f r7 = 0x0000000e r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b750 pc = 0x413a1fbb Found by: call frame info 15 libxul.so!nsTimerImpl::Fire() [nsTimerImpl.cpp : 551 + 0x5] r4 = 0x43504d30 r5 = 0x413a1f11 r6 = 0x00000002 r7 = 0x00000001 r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b768 pc = 0x40e2d757 Found by: call frame info 16 libxul.so!nsTimerEvent::Run() [nsTimerImpl.cpp : 635 + 0x5] r4 = 0x4031e8e0 r5 = 0x00000000 r6 = 0x00000001 r7 = 0x00000001 r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b790 pc = 0x40e2d807 Found by: call frame info 17 libxul.so!nsThread::ProcessNextEvent(bool, bool*) [nsThread.cpp : 612 + 0x5] r4 = 0x4031e8e0 r5 = 0x00000000 r6 = 0x00000001 r7 = 0x00000001 r8 = 0xbed3b7df r9 = 0x4031e90c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b798 pc = 0x40e2be75 Found by: call frame info 18 libxul.so!NS_ProcessNextEvent(nsIThread*, bool) [nsThreadUtils.cpp : 263 + 0xb] r4 = 0x00000001 r5 = 0x403a10c0 r6 = 0x40302d40 r7 = 0x00000000 r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b7d8 pc = 0x40dfec01 Found by: call frame info 19 libxul.so!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 124 + 0x7] r4 = 0x40302d30 r5 = 0x403a10c0 r6 = 0x40302d40 r7 = 0x00000000 r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b7e8 pc = 0x40f57725 Found by: call frame info 20 libxul.so!MessageLoop::RunInternal() [message_loop.cc : 222 + 0x5] r4 = 0x403a10c0 r5 = 0x43bff4c0 r6 = 0x4031e8e0 r7 = 0x00000000 r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b810 pc = 0x40f4d679 Found by: call frame info 21 libxul.so!MessageLoop::Run() [message_loop.cc : 215 + 0x5] r4 = 0x403a10c0 r5 = 0x43bff4c0 r6 = 0x4031e8e0 r7 = 0x00000000 r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b818 pc = 0x40f4d6f7 Found by: call frame info 22 libxul.so!nsBaseAppShell::Run() [nsBaseAppShell.cpp : 161 + 0x7] r4 = 0x00000000 r5 = 0x43bff4c0 r6 = 0x4031e8e0 r7 = 0x00000000 r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b830 pc = 0x413114a5 Found by: call frame info 23 libxul.so!nsAppStartup::Run() [nsAppStartup.cpp : 276 + 0x5] r4 = 0x43b5c160 r5 = 0x40e15af5 r6 = 0xbed3bb05 r7 = 0x00000000 r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b840 pc = 0x41945611 Found by: call frame info 24 libxul.so!XREMain::XRE_mainRun() [nsAppRunner.cpp : 4059 + 0x5] r4 = 0xbed3ba14 r5 = 0x40e15af5 r6 = 0xbed3bb05 r7 = 0x00000000 r8 = 0x00000000 r9 = 0xbed3b96c r10 = 0xbed3b978 fp = 0x00000000 sp = 0xbed3b848 pc = 0x4191d289 Found by: call frame info 25 libxul.so!XREMain::XRE_main(int, char**, nsXREAppData const*) [nsAppRunner.cpp : 4127 + 0x5] r4 = 0xbed3ba14 r5 = 0xbed3b9ee r6 = 0x00000000 r7 = 0x00021170 r8 = 0x40338000 r9 = 0x4033c000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3b9e8 pc = 0x4191fc5b Found by: call frame info 26 libxul.so!XRE_main [nsAppRunner.cpp : 4337 + 0x3] r4 = 0x00021170 r5 = 0xbed3dbf4 r6 = 0x00000001 r7 = 0x00000000 r8 = 0xbed3ba14 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3ba10 pc = 0x4191fdc5 Found by: call frame info 27 b2g!main [nsBrowserApp.cpp : 163 + 0xf] r4 = 0x4191fd79 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xbed3dbf4 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3bb20 pc = 0x000098df Found by: call frame info 28 libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7] r4 = 0x00009654 r5 = 0xbed3dbf4 r6 = 0x00000001 r7 = 0xbed3dbfc r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3dbd8 pc = 0x40142a57 Found by: call frame info 29 0xb0001dc5 r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbed3dbf0 pc = 0xb0001dc7 Found by: call frame info 30 b2g!MOZ_PNG_get_cHRM [pngget.c : 517 + 0x9] sp = 0xbed3dc4c pc = 0x0000b8d7 Found by: stack scanning 31 b2g + 0x32 r4 = 0x00000006 r5 = 0x00001000 r6 = 0x00000011 r7 = 0x00000064 r8 = 0x00000003 sp = 0xbed3dc64 pc = 0x00008034 Found by: call frame info
Flags: needinfo?(ttsai)
Flags: needinfo?(styang)
Attached file the rest.tar.bz2
lets not block on this before we have clear path of actions
blocking-b2g: 1.3T? → -
Hi Alan, please help on this bug. thanks!
Flags: needinfo?(styang) → needinfo?(ahuang)
Ah, I'm not that familiar with JS part. Would you mind find someone who works on JS to look into this?
Flags: needinfo?(ahuang)
Flags: needinfo?(ttsai)
Firefox OS is not being worked on
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: