Closed Bug 1259214 Opened 8 years ago Closed 7 years ago

crash in js::GCMarker::lazilyMarkChildren

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Version:
40 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 719114
Tracking Flags:
Tracking Status
firefox45 --- wontfix
firefox46 + wontfix
firefox47 --- wontfix
firefox48 --- fix-optional
firefox49 --- affected
firefox-esr38 --- unaffected
firefox-esr45 --- wontfix
firefox50 --- affected
firefox51 --- affected
firefox52 --- affected
firefox53 --- affected

People

(Reporter: alex_mayorga, Unassigned)

References

Details

(Keywords: crash, topcrash) 

This bug was filed from the Socorro interface and is 
report bp-7663278d-2680-47fd-9a84-d380d2160320.
=============================================================

¡Hola!

Found this crash while working a SUMO question at https://support.mozilla.org/en-US/questions/1114853

3452 crashes (254 startup) on the past week per https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3AGCMarker%3A%3AlazilyMarkChildren

¡Gracias!
Alex

Crashing Thread (0)
Frame	Module	Signature	Source
0	xul.dll	js::GCMarker::lazilyMarkChildren(js::ObjectGroup*)	js/src/gc/Marking.cpp
1	xul.dll	js::GCMarker::processMarkStackTop(js::SliceBudget&)	js/src/gc/Marking.cpp
2	xul.dll	js::GCMarker::drainMarkStack(js::SliceBudget&)	js/src/gc/Marking.cpp
3	xul.dll	js::gc::GCRuntime::drainMarkStack(js::SliceBudget&, js::gcstats::Phase)	js/src/jsgc.cpp
4	xul.dll	js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason)	js/src/jsgc.cpp
5	xul.dll	js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason)	js/src/jsgc.cpp
6	xul.dll	js::gc::GCRuntime::startGC(JSGCInvocationKind, JS::gcreason::Reason, __int64)	js/src/jsgc.cpp
7	xul.dll	JS::StartIncrementalGC(JSRuntime*, JSGCInvocationKind, JS::gcreason::Reason, __int64)	js/src/jsgc.cpp
8	xul.dll	nsJSContext::GarbageCollectNow(JS::gcreason::Reason, nsJSContext::IsIncremental, nsJSContext::IsShrinking, __int64)	dom/base/nsJSEnvironment.cpp
9	xul.dll	FullGCTimerFired(nsITimer*, void*)	dom/base/nsJSEnvironment.cpp
10	xul.dll	nsTimerImpl::Fire()	xpcom/threads/nsTimerImpl.cpp
11	xul.dll	nsTimerEvent::Run()	xpcom/threads/TimerThread.cpp
12	xul.dll	nsThread::ProcessNextEvent(bool, bool*)	xpcom/threads/nsThread.cpp
13	xul.dll	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)	ipc/glue/MessagePump.cpp
14	xul.dll	MessageLoop::RunHandler()	ipc/chromium/src/base/message_loop.cc
15	xul.dll	nsThreadManager::QueryInterface(nsID const&, void**)	xpcom/threads/nsThreadManager.cpp
16	xul.dll	nsBaseAppShell::Run()	widget/nsBaseAppShell.cpp
17	xul.dll	nsAppStartup::Run()	toolkit/components/startup/nsAppStartup.cpp
18	xul.dll	XREMain::XRE_mainRun()	toolkit/xre/nsAppRunner.cpp
19	xul.dll	XREMain::XRE_main(int, char** const, nsXREAppData const*)	toolkit/xre/nsAppRunner.cpp
20	xul.dll	XRE_main	toolkit/xre/nsAppRunner.cpp
21	msvcp110.dll	IsProcessorFeaturePresent
Blocks: e10s-crashes
Terrence, this #11 on overall for e10s and #6 for the content crashes. Can we do something with it?
Flags: needinfo?(terrence)
(In reply to Brad Lassey [:blassey] (use needinfo?) from comment #1)
> Terrence, this #11 on overall for e10s and #6 for the content crashes. Can
> we do something with it?

There doesn't immediately appear to be anything actionable here: crash addresses are all over the place and widely variable paths into the GC. We've had similar crashes in the ObjectGroup property list under various stacks basically forever; it seems likely that this is the latest incarnation of a pre-existing condition.
Flags: needinfo?(terrence)
Brad, any suggestions here? not sure what to do with this one.
Flags: needinfo?(blassey.bugs)
I talked to Naveed about this. He's going to think about the GC issues holistically.
Flags: needinfo?(blassey.bugs)
This is the #6 crash in 46 in the release candidate, which doesn't have e10s enabled. Tracking for 46 to keep an eye on crash volume as we release 46.0.
tracking-firefox46: --- → +
Keywords: topcrash
See Also: → 1265566
This isn't a shutdown crash.
No longer blocks: shutdownkill
Whiteboard: ShutDownKill
In release, the crash is spiking since 2016-05-05 (increased by ~60% until 2016-05-08) and is #16 in top-crashes for 46.0.1 and #9 for 47.0b3.
Assuming still no traction here?
status-firefox48: affectedfix-optional
status-firefox51: --- → affected
Flags: needinfo?(nihsanullah)
(In reply to David Bolter [:davidb] from comment #9)
> Assuming still no traction here?

Correct. The stacks here are not related to where the corruption is happening. We're working to improve the situation through a broad umbrella of techniques under bug 1008341.
Flags: needinfo?(nihsanullah)
Crash volume for signature 'js::GCMarker::lazilyMarkChildren':
 - nightly (version 52): 41 crashes from 2016-09-19.
 - aurora  (version 51): 55 crashes from 2016-09-19.
 - beta    (version 50): 582 crashes from 2016-09-20.
 - release (version 49): 2849 crashes from 2016-09-05.
 - esr     (version 45): 1377 crashes from 2016-06-01.

Crash volume on the last weeks (Week N is from 10-03 to 10-09):
            W. N-1  W. N-2
 - nightly      24      17
 - aurora       47       8
 - beta        575       7
 - release    2222     620
 - esr          88     104

Affected platforms: Windows, Mac OS X, Linux

Crash rank on the last 7 days:
           Browser   Content     Plugin
 - nightly #217      #57
 - aurora  #47       #48
 - beta    #28       #21
 - release #20       #15
 - esr     #129
status-firefox52: --- → affected
Crash volume for signature 'js::GCMarker::lazilyMarkChildren':
 - nightly (version 53): 62 crashes from 2016-11-14.
 - aurora  (version 52): 174 crashes from 2016-11-14.
 - beta    (version 51): 3870 crashes from 2016-11-14.
 - release (version 50): 6751 crashes from 2016-11-01.
 - esr     (version 45): 2908 crashes from 2016-07-06.

Crash volume on the last weeks (Week N is from 01-02 to 01-08):
            W. N-1  W. N-2  W. N-3  W. N-4  W. N-5  W. N-6  W. N-7
 - nightly       7       7      18       9       8       8       3
 - aurora       23      29      32      33      33      16       0
 - beta         57      62     519    1248    1195     751      27
 - release    2147    2191    1138     199     170     169      60
 - esr         189     202     179     130     122     134     121

Affected platforms: Windows, Mac OS X, Linux

Crash rank on the last 7 days:
           Browser   Content   Plugin
 - nightly #413      #89
 - aurora  #119      #54
 - beta    #20       #16
 - release #80       #46
 - esr     #110
status-firefox53: --- → affected
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@ js::GCMarker::lazilyMarkChildren]
See Also: 1265566
You need to log in before you can comment on or make changes to this bug.