Crash in [@ js::InternalBarrierMethods<T>::preBarrier]
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox67 | --- | wontfix |
firefox68 | --- | wontfix |
firefox69 | --- | fix-optional |
People
(Reporter: marcia, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, Whiteboard: [#jsapi:crashes-retriage])
Crash Data
This bug is for crash report bp-01be5d2c-41b6-4813-b110-f30990190627.
Seen while looking at 68 beta crash stats. This crash is showing as a rising startup crash in the most current beta (b13) and the crash count seems almost as high as the crashes on Fennec release: https://bit.ly/2X96Ogx
The crashes on 68 have MOZ_CRASH(no missing return)
(50.00% in signature vs 02.66% overall) adapter_device_id = Mali-G71 [100.0% vs 08.85% if adapter_vendor_id = ARM]
Top 8 frames of crashing thread:
0 libxul.so js::InternalBarrierMethods<JS::Value>::preBarrier js/src/gc/Barrier.cpp:91
1 libxul.so SetExistingProperty js/src/vm/NativeObject.cpp:2863
2 libxul.so bool js::NativeSetProperty< js/src/vm/NativeObject.cpp:2908
3 libxul.so Interpret js/src/vm/Interpreter.cpp:2847
4 libxul.so js::RunScript js/src/vm/Interpreter.cpp:423
5 libxul.so js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:563
6 libxul.so js::fun_apply js/src/vm/JSFunction.cpp:1184
7 @0x75f7146bd0
Updated•5 years ago
|
Comment 1•5 years ago
|
||
This is some kind of heap corruption and not specifically GC related. It may be related to the Mali-G71 adapter (I don't know how prevalent these are).
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 2•5 years ago
|
||
One thing to note, among the crash address, we can notice:
- 23 (1.62%) crashes with the FREED_ARENA pattern.
- 2 (0.14%) crashes with the FRESH_TENURED pattern.
Not sure if this can help identify this issue better.
Updated•3 years ago
|
Updated•2 years ago
|
Comment 3•1 year ago
|
||
Since the crash volume is low (less than 15 per week), the severity is downgraded to S3
. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Description
•