Closed
Bug 1359657
Opened 8 years ago
Closed 7 years ago
Crash in js::GCMarker::eagerlyMarkChildren(js::Shape*)
Categories
(Core :: JavaScript: GC, defect, P1)
Core
JavaScript: GC
Tracking
()
RESOLVED
DUPLICATE
of bug 1441002
| Tracking | Status | |
|---|---|---|
| firefox55 | --- | affected |
People
(Reporter: ting, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, Whiteboard: [tbird crash])
Crash Data
This bug was filed from the Socorro interface and is
report bp-b35eac91-eb78-4561-a7c6-2ea1a0170425.
=============================================================
Top #24 of Nightly 20170423030206 on Windows, 6 reports from 5 installations. There are 48 reports from 41 installations after landing bug 1337578.
|
Reporter | |
Comment 1•8 years ago
|
||
(In reply to Ting-Yu Chou [:ting] from comment #0)
> This bug was filed from the Socorro interface and is
> report bp-b35eac91-eb78-4561-a7c6-2ea1a0170425.
> =============================================================
> Top #24 of Nightly 20170423030206 on Windows, 6 reports from 5
> installations.
It seems that they are different crashes with the same signature. 3 of them are with this stack:
js::GCMarker::eagerlyMarkChildren(js::Shape*)
js::GCMarker::traverseEdge<JSObject*, js::Shape>(JSObject*, js::Shape*)
js::GCMarker::processMarkStackTop(js::SliceBudget&)
js::GCMarker::drainMarkStack(js::SliceBudget&)
js::gc::GCRuntime::drainMarkStack(js::SliceBudget&, js::gcstats::Phase)
js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason, js::AutoLockForExclusiveAccess&)
js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason)
js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason)
Crash Signature: [@ js::GCMarker::eagerlyMarkChildren] → [@ js::GCMarker::eagerlyMarkChildren]
[@ js::GCMarker::eagerlyMarkChildren(js::Shape*)]
Summary: Crash in js::GCMarker::eagerlyMarkChildren → Crash in js::GCMarker::eagerlyMarkChildren(js::Shape*)
|
||
Updated•8 years ago
|
status-firefox55:
--- → affected
status-firefox57:
affected → ---
|
||
Comment 3•7 years ago
|
||
Andrew, could you please help with this issue? (just like in bug 1441002)
We have this crash for a while but the volume is still huge (more than 90 000 installs impacted at least) on release.
Flags: needinfo?(overholt)
|
||
Comment 4•7 years ago
|
||
Steve's going to think of some ideas for how we could get more information to get this (and bug 1441002) fixed.
Flags: needinfo?(overholt)
|
||
Updated•7 years ago
|
Priority: -- → P1
|
|
||
Comment 5•7 years ago
|
||
Ugh, more e5e5e5 addresses (page 109 of the reports).
Group: javascript-core-security
|
||
Comment 6•7 years ago
|
||
There are zero occurrences of this specific type (js::Shape*) in the last 6 months.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
||
Updated•1 year ago
|
Group: javascript-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•