Closed Bug 1429518 Opened 8 years ago Closed 7 years ago

Crashes finalising object during background sweeping

Categories

(Core :: JavaScript: GC, defect, P3)

Product:
Core
Component:
JavaScript: GC
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: jonco, Unassigned)

References

Details

Several crashes during background GC started on this push: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=5241bdbfa0a559c001a9de789c466c9506493490&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable The crashes look like this, with us jumping to some random address during JSObject finalisation and crashing: Thread 9 (crashed) 0 0x7ff9d98f7c10 rax = 0x00007ff9c1ade040 rdx = 0x0000000000000007 rcx = 0x00007ff9c1ade040 rbx = 0x0000000000000040 rsi = 0x0000000000000040 rdi = 0x00007ff9c1ade080 rbp = 0x0000000000000040 rsp = 0x00007ff9d98f7b58 r8 = 0x0000000000000008 r9 = 0x0000000000000000 r10 = 0x00007ff9f34ac190 r11 = 0x0000000000000010 r12 = 0x00007ff9d98f7bb0 r13 = 0x00007ff9c1ade040 r14 = 0x0000000000000000 r15 = 0x0000000000000040 rip = 0x00007ff9d98f7c10 Found by: given as instruction pointer in context 1 libxul.so!js::gc::Arena::finalize<JSObject> [jsgc.cpp:5241bdbfa0a5 : 553 + 0xb] rsp = 0x00007ff9d98f7b60 rip = 0x00007ff9e582bac4 Found by: stack scanning 2 libxul.so!FinalizeTypedArenas<JSObject> [jsgc.cpp:5241bdbfa0a5 : 610 + 0x5] rsp = 0x00007ff9d98f7c20 rip = 0x00007ff9e583a5b3 Found by: stack scanning 3 libxul.so!js::Mutex::unlock [ReentrancyGuard.h:5241bdbfa0a5 : 44 + 0x5] rsp = 0x00007ff9d98f7c50 rip = 0x00007ff9e58d9289 Found by: stack scanning 4 libxul.so!js::gc::ArenaLists::backgroundFinalize [jsgc.cpp:5241bdbfa0a5 : 644 + 0x36] It's possible the class' finaalisation hook is corrupt.
See Also: → 1429552
Did this go away on its own?
Flags: needinfo?(jcoppeard)
Seems so? Or they are just showing up with a different signature.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(jcoppeard)
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.