Closed Bug 1346417 Opened 8 years ago Closed 8 years ago

Crash in js::gc::detail::CellIsMarkedGrayIfKnown

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1216776
Tracking Flags:
Tracking Status
firefox-esr45 --- unaffected
firefox52 --- affected
firefox-esr52 --- affected
firefox53 --- wontfix
firefox54 --- wontfix
firefox55 --- ?

People

(Reporter: philipp, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

This bug was filed from the Socorro interface and is report bp-f9210fda-4e7b-4aef-aba5-236b62170310. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll js::gc::detail::CellIsMarkedGrayIfKnown(js::gc::Cell const*) js/src/jsgc.cpp:7711 1 xul.dll mozilla::JSGCThingParticipant::Traverse(void*, nsCycleCollectionTraversalCallback&) xpcom/base/CycleCollectedJSContext.cpp:307 2 xul.dll CCGraphBuilder::BuildGraph(js::SliceBudget&) xpcom/base/nsCycleCollector.cpp:2282 3 xul.dll nsCycleCollector::MarkRoots(js::SliceBudget&) xpcom/base/nsCycleCollector.cpp:2879 4 xul.dll nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) xpcom/base/nsCycleCollector.cpp:3655 5 xul.dll nsCycleCollector_collectSlice(js::SliceBudget&, bool) xpcom/base/nsCycleCollector.cpp:4160 6 xul.dll nsJSContext::RunCycleCollectorSlice() dom/base/nsJSEnvironment.cpp:1476 7 xul.dll ICCTimerFired dom/base/nsJSEnvironment.cpp:1534 8 xul.dll nsJSContext::NotifyDidPaint() dom/base/nsJSEnvironment.cpp:2587 9 xul.dll nsRefreshDriver::Tick(__int64, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:2050 10 xul.dll mozilla::RefreshDriverTimer::TickDriver(nsRefreshDriver*, __int64, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:326 11 xul.dll mozilla::RefreshDriverTimer::TickRefreshDrivers(__int64, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) layout/base/nsRefreshDriver.cpp:295 12 xul.dll mozilla::RefreshDriverTimer::Tick(__int64, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:317 13 xul.dll mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:663 14 xul.dll mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:583 15 xul.dll mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:501 16 xul.dll mozilla::layout::VsyncChild::RecvNotify(mozilla::TimeStamp const&) layout/ipc/VsyncChild.cpp:64 17 xul.dll mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) obj-firefox/ipc/ipdl/PVsyncChild.cpp:169 18 xul.dll mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) obj-firefox/ipc/ipdl/PBackgroundChild.cpp:1449 19 xul.dll mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) ipc/glue/MessageChannel.cpp:1743 20 xul.dll mozilla::ipc::MessageChannel::DispatchMessageW(IPC::Message&&) ipc/glue/MessageChannel.cpp:1681 21 xul.dll mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) ipc/glue/MessageChannel.cpp:1572 22 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run() ipc/glue/MessageChannel.cpp:1597 23 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1216 24 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:96 25 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:301 26 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:225 27 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:205 28 xul.dll nsBaseAppShell::Run() widget/nsBaseAppShell.cpp:156 29 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp:262 30 xul.dll XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:866 31 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:269 32 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:225 33 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:205 34 xul.dll XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:698 35 firefox.exe content_process_main(int, char** const) ipc/contentproc/plugin-container.cpp:197 36 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:115 37 firefox.exe __scrt_common_main_seh f:/dd/vctools/crt/vcstartup/src/startup/exe_common.inl:253 38 kernel32.dll BaseThreadInitThunk 39 ntdll.dll __RtlUserThreadStart 40 ntdll.dll _RtlUserThreadStart this cross-platform crash signature is showing up in firefox 52 for the first time and continuing in subsequent builds. it's happening in a codepath touched in bug 1335117...
Steve, maybe you can get the ball rolling on investigating this while Jon is on PTO?
Flags: needinfo?(sphink)
This looks like we may be getting bad pointers passed in from the CC. Andrew, any ideas on how to track this down?
Flags: needinfo?(sphink) → needinfo?(continuation)
(In reply to Jon Coppeard (:jonco) from comment #2) > Andrew, any ideas on how to track this down? This is just the CC version of "the GC touched corrupted memory", except we ran the CC instead of the GC. Bug 1335117 just changed the signature by making CellIsMarkedGrayIfKnown not inlined any more.
Flags: needinfo?(continuation)
See Also: → 1348625
See Also: 1348625
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Still a high volume crash but from the discussion in the duplicate bug, it does not sound actionable.
status-firefox53: affectedwontfix
status-firefox54: affectedwontfix
You need to log in before you can comment on or make changes to this bug.