If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

crash in arena_dalloc | je_free | js::gc::Arena::finalize<JSObject>(js::FreeOp*, js::gc::AllocKind, unsigned int)

NEW
Unassigned

Status

()

Core
JavaScript: GC
--
critical
3 years ago
2 years ago

People

(Reporter: lizzard, Unassigned)

Tracking

({crash})

31 Branch
x86
Windows NT
crash
Points:
---

Firefox Tracking Flags

(firefox31 affected)

Details

(crash signature)

This bug was filed from the Socorro interface and is 
report bp-00132fd6-dcdc-48a5-887d-591f42140624.
=============================================================

This crash signature began appearing 2014-06-24 and the earliest build it appeared on was 20140527004002. Crashes increased dramatically for the 2014062317 build. There have been 373 crashes in the last 7 days and it's currently the #51 crasher for Firefox 31. I'm filing this bug because the crash signature showed up significantly in the explosiveness report for Firefox 31. 

Crashing thread:

0 	mozglue.dll 	arena_dalloc 	memory/mozjemalloc/jemalloc.c
1 	mozglue.dll 	je_free 	memory/mozjemalloc/jemalloc.c
2 	mozjs.dll 	js::gc::Arena::finalize<JSObject>(js::FreeOp *,js::gc::AllocKind,unsigned int) 	js/src/jsgc.cpp
3 	mozjs.dll 	FinalizeTypedArenas<JSObject> 	js/src/jsgc.cpp
4 	mozjs.dll 	FinalizeArenas 	js/src/jsgc.cpp
5 	nss3.dll 	_PR_MD_WAIT_CV 	nsprpub/pr/src/md/windows/w95cv.c
(Reporter)

Updated

3 years ago
status-firefox31: --- → affected

Updated

2 years ago
Crash Signature: [@ arena_dalloc | je_free | js::gc::Arena::finalize<JSObject>(js::FreeOp*, js::gc::AllocKind, unsigned int)] → [@ arena_dalloc | je_free | js::gc::Arena::finalize<JSObject>(js::FreeOp*, js::gc::AllocKind, unsigned int)] [@ arena_dalloc | je_free | js::gc::Arena::finalize<T>]
You need to log in before you can comment on or make changes to this bug.