[issue1855] spin in nmalloc's mtmagazine_free

Venkatesh Srinivas (via DragonFly issue tracker) sinknull at leaf.dragonflybsd.org
Sun Sep 26 12:57:09 PDT 2010 

New submission from Venkatesh Srinivas <me at endeavour.zapto.org>:

Rumko (on irc) reported a bug in nmalloc, where Firefox will spin in 
mtmagazine_free. A trace:


Program received signal SIGINT, Interrupt.
0x2a53c847 in depot_unlock (ptr=0x2f396d60, flags=<value optimized out>, rbigp=
<value optimized out>)
    at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:446
446                     pthread_spin_unlock(&dp->lock);
(gdb) bt
#0  0x2a53c847 in depot_unlock (ptr=0x2f396d60, flags=<value optimized out>, 
rbigp=<value optimized out>)
    at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:446
#1  mtmagazine_free (ptr=0x2f396d60, flags=<value optimized out>, rbigp=<value 
optimized out>) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1420
#2  _slabfree (ptr=0x2f396d60, flags=<value optimized out>, rbigp=<value 
optimized out>) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1171
#3  0x2a53cc4f in free (ptr=0x2f396d60) at 
/usr/src/lib/libc/../libc/stdlib/nmalloc.c:763
#4  0x29a86881 in PR_Free (ptr=0x16) at prmem.c:490
#5  0x289cc22f in ~nsAttrAndChildArray (this=0x34930bfc, __in_chrg=<value 
optimized out>) at nsAttrAndChildArray.cpp:135
#6  0x28a6d6fd in ~nsGenericElement (this=0x34930be0, __in_chrg=<value optimized 
out>) at nsGenericElement.cpp:1792
#7  0x28b549e0 in ~nsStyledElement (this=0x34930be0, __in_chrg=<value optimized 
out>) at ./../../../base/src/nsStyledElement.h:57
#8  ~nsMappedAttributeElement (this=0x34930be0, __in_chrg=<value optimized out>) 
at ./../../../base/src/nsMappedAttributeElement.h:59
#9  ~nsGenericHTMLElement (this=0x34930be0, __in_chrg=<value optimized out>) at 
nsGenericHTMLElement.h:72
#10 ~nsHTMLAnchorElement (this=0x34930be0, __in_chrg=<value optimized out>) at 
nsHTMLAnchorElement.cpp:158
#11 0x28a95f32 in nsNodeUtils::LastRelease (aNode=0x34930be0) at 
nsNodeUtils.cpp:288
#12 0x28a75598 in nsGenericElement::Release (this=0x34930be0) at 
nsGenericElement.cpp:4153
#13 0x28b54176 in nsHTMLAnchorElement::Release (this=0x34930be0) at 
nsHTMLAnchorElement.cpp:162
#14 0x296424c7 in nsXPCOMCycleCollectionParticipant::Unroot (this=0x29a6587c, 
p=0x34930be0) at nsCycleCollectionParticipant.cpp:74
#15 0x296bce82 in nsCycleCollector::CollectWhite (this=0x2ac10a80) at 
nsCycleCollector.cpp:1774
#16 0x296bcef9 in nsCycleCollector::FinishCollection (this=0x2ac10a80) at 
nsCycleCollector.cpp:2620
#17 0x296bcf56 in nsCycleCollector_finishCollection () at 
nsCycleCollector.cpp:3147
#18 0x28442eb1 in XPCCycleCollectGCCallback (cx=0x2cf1ecc0, status=JSGC_END) at 
nsXPConnect.cpp:404
#19 0x28108038 in js_GC (cx=0x2cf1ecc0, gckind=GC_NORMAL) at jsgc.cpp:3822
#20 0x280b4d58 in JS_GC (cx=0x2cf1ecc0) at jsapi.cpp:2439
#21 0x284440e1 in nsXPConnect::Collect (this=0x2aba0e40) at nsXPConnect.cpp:478
#22 0x296be188 in nsCycleCollector::Collect (this=0x2ac10a80, aTryCollections=1) 
at nsCycleCollector.cpp:2434
#23 0x296be354 in nsCycleCollector_collect () at nsCycleCollector.cpp:3129
#24 0x28d0855f in nsJSContext::CC () at nsJSEnvironment.cpp:3621
#25 0x28d085be in nsJSContext::IntervalCC () at nsJSEnvironment.cpp:3709
#26 0x28d0a2f3 in nsJSContext::MaybeCC (aHigherProbability=1) at 
nsJSEnvironment.cpp:3687
#27 0x28d0a32f in nsJSContext::CCIfUserInactive () at nsJSEnvironment.cpp:3697
#28 0x28d0a501 in GCTimerFired (aTimer=0x31362880, aClosure=0x0) at 
nsJSEnvironment.cpp:3735
#29 0x296ade5d in nsTimerImpl::Fire (this=0x31362880) at nsTimerImpl.cpp:427
#30 0x296ae081 in nsTimerEvent::Run (this=0x367249c0) at nsTimerImpl.cpp:519
#31 0x296a690f in nsThread::ProcessNextEvent (this=0x2ab20f58, mayWait=1, 
result=0xbfbfed30) at nsThread.cpp:527
---Type <return> to continue, or q <return> to quit---
---Type <return> to continue, or q <return> to quit---#32 0x29641cf8 in 
NS_ProcessNextEvent_P (thread=0x0, mayWait=1) at nsThreadUtils.cpp:250
#33 0x294f1f5f in nsBaseAppShell::Run (this=0x2ab806b0) at 
nsBaseAppShell.cpp:177
#34 0x29261f5b in nsAppStartup::Run (this=0x2aafa020) at nsAppStartup.cpp:183
#35 0x2842c3a0 in XRE_main (argc=1, argv=0xbfbff6f0, aAppData=0x2aab09a0) at 
nsAppRunner.cpp:3483
#36 0x0804a6e8 in main (argc=1, argv=0xbfbff6f0) at nsXULRunnerApp.cpp:485

----------
messages: 9007
nosy: vsrinivas
status: unread
title: spin in nmalloc's mtmagazine_free

_____________________________________________________
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1855>
_____________________________________________________

More information about the Bugs mailing list