Closed Bug 1573458 Opened 5 years ago Closed 5 years ago

Permafailing tier 2 runner.py | application crashed [@ class JS::Symbol * js::gc::GCRuntime::tryNewTenuredThing<JS::Symbol,js::CanGC>(struct JSContext *, js::gc::AllocKind, unsigned __int64)]

Categories

(Core :: JavaScript: GC, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla70
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- fixed
firefox68 --- wontfix
firefox69 --- fixed
firefox70 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: jonco)

References

(Regression)

Details

(Keywords: crash, intermittent-failure, regression)

Crash Data

Attachments

(1 file, 1 obsolete file)

Filed by: ncsoregi [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer.html#?job_id=261321292&repo=autoland
Full log: https://queue.taskcluster.net/v1/task/OkRuVInfRfeYNFySVhDsNg/runs/0/artifacts/public/logs/live_backing.log


[task 2019-08-13T12:16:08.360Z] 12:16:08 ERROR - PROCESS-CRASH | runner.py | application crashed [@ class JS::Symbol * js::gc::GCRuntime::tryNewTenuredThing<JS::Symbol,js::CanGC>(struct JSContext *, js::gc::AllocKind, unsigned __int64)]
[task 2019-08-13T12:16:08.361Z] 12:16:08 INFO - Crash dump filename: c:\users\task_1565695822\appdata\local\temp\tmpk3hspi.mozrunner\minidumps\ef384a46-ae89-4c46-b941-3bb49863277e.dmp
[task 2019-08-13T12:16:08.361Z] 12:16:08 INFO - Operating system: Windows NT
[task 2019-08-13T12:16:08.361Z] 12:16:08 INFO - 10.0.15063
[task 2019-08-13T12:16:08.362Z] 12:16:08 INFO - CPU: amd64
[task 2019-08-13T12:16:08.362Z] 12:16:08 INFO - family 6 model 94 stepping 3
[task 2019-08-13T12:16:08.363Z] 12:16:08 INFO - 8 CPUs
[task 2019-08-13T12:16:08.363Z] 12:16:08 INFO - GPU: UNKNOWN
[task 2019-08-13T12:16:08.363Z] 12:16:08 INFO - Crash reason: EXCEPTION_ACCESS_VIOLATION_READ
[task 2019-08-13T12:16:08.364Z] 12:16:08 INFO - Crash address: 0xb8
[task 2019-08-13T12:16:08.364Z] 12:16:08 INFO - Assertion: Unknown assertion type 0x00000000
[task 2019-08-13T12:16:08.364Z] 12:16:08 INFO - Process uptime: 33 seconds
[task 2019-08-13T12:16:08.364Z] 12:16:08 INFO - Thread 0 (crashed)
[task 2019-08-13T12:16:08.364Z] 12:16:08 INFO - 0 xul.dll!class JS::Symbol * js::gc::GCRuntime::tryNewTenuredThing<JS::Symbol,js::CanGC>(struct JSContext *, js::gc::AllocKind, unsigned _int64) [Allocator.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 270 + 0xb]
[task 2019-08-13T12:16:08.365Z] 12:16:08 INFO - rax = 0x0000000000000000 rdx = 0x0000000000000000
[task 2019-08-13T12:16:08.365Z] 12:16:08 INFO - rcx = 0x000002450872f000 rbx = 0x00000000ffffffff
[task 2019-08-13T12:16:08.365Z] 12:16:08 INFO - rsi = 0x000002450872f000 rdi = 0x0000000000000017
[task 2019-08-13T12:16:08.366Z] 12:16:08 INFO - rbp = 0x0000000000000017 rsp = 0x000000a97c7fd010
[task 2019-08-13T12:16:08.366Z] 12:16:08 INFO - r8 = 0x0000000000000010 r9 = 0x0000024508721000
[task 2019-08-13T12:16:08.366Z] 12:16:08 INFO - r10 = 0x00007ff872927948 r11 = 0x00007ff872927948
[task 2019-08-13T12:16:08.366Z] 12:16:08 INFO - r12 = 0x000002450872f000 r13 = 0x0000024508ac943a
[task 2019-08-13T12:16:08.366Z] 12:16:08 INFO - r14 = 0x0000000000000010 r15 = 0x00007ff870d67fe0
[task 2019-08-13T12:16:08.367Z] 12:16:08 INFO - rip = 0x00007ff870f3693d
[task 2019-08-13T12:16:08.367Z] 12:16:08 INFO - Found by: given as instruction pointer in context
[task 2019-08-13T12:16:08.367Z] 12:16:08 INFO - 1 xul.dll!JS::Symbol::newInternal(JSContext *,JS::SymbolCode,unsigned int,JS::Handle<JSAtom *>) [SymbolType.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 27 + 0x8]
[task 2019-08-13T12:16:08.367Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.368Z] 12:16:08 INFO - rsp = 0x000000a97c7fd060 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.368Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.368Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870dd8aaa
[task 2019-08-13T12:16:08.368Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.369Z] 12:16:08 INFO - 2 xul.dll!JS::Symbol::new
(JSContext *,JS::SymbolCode,JS::Handle<JSString *>) [SymbolType.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 44 + 0x15]
[task 2019-08-13T12:16:08.369Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.370Z] 12:16:08 INFO - rsp = 0x000000a97c7fd0b0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.370Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.370Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870dd8bef
[task 2019-08-13T12:16:08.370Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.371Z] 12:16:08 INFO - 3 xul.dll!static bool js::SymbolObject::construct(struct JSContext *, unsigned int, union JS::Value *) [Symbol.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 117 + 0xd]
[task 2019-08-13T12:16:08.371Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.372Z] 12:16:08 INFO - rsp = 0x000000a97c7fd110 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.372Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.372Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870d6809e
[task 2019-08-13T12:16:08.372Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.372Z] 12:16:08 INFO - 4 xul.dll!js::InternalCallOrConstruct(JSContext *,JS::CallArgs const &,js::MaybeConstruct) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 539 + 0x3]
[task 2019-08-13T12:16:08.372Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.373Z] 12:16:08 INFO - rsp = 0x000000a97c7fd190 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.373Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.373Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b7d14d
[task 2019-08-13T12:16:08.373Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.373Z] 12:16:08 INFO - 5 xul.dll!Interpret(JSContext *,js::RunState &) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 3084 + 0x15]
[task 2019-08-13T12:16:08.373Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.374Z] 12:16:08 INFO - rsp = 0x000000a97c7fd2d0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.374Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.374Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b713ca
[task 2019-08-13T12:16:08.374Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.374Z] 12:16:08 INFO - 6 xul.dll!js::RunScript(JSContext *,js::RunState &) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 424 + 0xb]
[task 2019-08-13T12:16:08.374Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.375Z] 12:16:08 INFO - rsp = 0x000000a97c7fd700 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.375Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.375Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b6bd22
[task 2019-08-13T12:16:08.375Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.376Z] 12:16:08 INFO - 7 xul.dll!js::InternalCallOrConstruct(JSContext *,JS::CallArgs const &,js::MaybeConstruct) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 567 + 0xd]
[task 2019-08-13T12:16:08.376Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.376Z] 12:16:08 INFO - rsp = 0x000000a97c7fd780 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.376Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.376Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b7d0ce
[task 2019-08-13T12:16:08.376Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.377Z] 12:16:08 INFO - 8 xul.dll!js::fun_call(JSContext *,unsigned int,JS::Value *) [JSFunction.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 1115 + 0x2d]
[task 2019-08-13T12:16:08.377Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.377Z] 12:16:08 INFO - rsp = 0x000000a97c7fd8c0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.377Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.377Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870ca26d4
[task 2019-08-13T12:16:08.377Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.378Z] 12:16:08 INFO - 9 xul.dll!js::InternalCallOrConstruct(JSContext *,JS::CallArgs const &,js::MaybeConstruct) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 539 + 0x3]
[task 2019-08-13T12:16:08.378Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.378Z] 12:16:08 INFO - rsp = 0x000000a97c7fd9d0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.378Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.378Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b7d14d
[task 2019-08-13T12:16:08.378Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.379Z] 12:16:08 INFO - 10 xul.dll!Interpret(JSContext *,js::RunState &) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 3084 + 0x15]
[task 2019-08-13T12:16:08.379Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.379Z] 12:16:08 INFO - rsp = 0x000000a97c7fdb10 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.379Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.379Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b713ca
[task 2019-08-13T12:16:08.379Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.380Z] 12:16:08 INFO - 11 xul.dll!js::RunScript(JSContext *,js::RunState &) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 424 + 0xb]
[task 2019-08-13T12:16:08.380Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.380Z] 12:16:08 INFO - rsp = 0x000000a97c7fdf40 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.380Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.380Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b6bd22
[task 2019-08-13T12:16:08.380Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.381Z] 12:16:08 INFO - 12 xul.dll!js::ExecuteKernel(JSContext *,JS::Handle<JSScript *>,JSObject &,JS::Value const &,js::AbstractFramePtr,JS::Value *) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 786 + 0x5]
[task 2019-08-13T12:16:08.381Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.381Z] 12:16:08 INFO - rsp = 0x000000a97c7fdfc0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.381Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.381Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b7e8ff
[task 2019-08-13T12:16:08.381Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.382Z] 12:16:08 INFO - 13 xul.dll!js::Execute(JSContext *,JS::Handle<JSScript *>,JSObject &,JS::Value *) [Interpreter.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 819 + 0x1e]
[task 2019-08-13T12:16:08.382Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.382Z] 12:16:08 INFO - rsp = 0x000000a97c7fe060 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.382Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.382Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870b7ea87
[task 2019-08-13T12:16:08.382Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.383Z] 12:16:08 INFO - 14 xul.dll!ExecuteScript(JSContext *,JS::Handle<JS::StackGCVector<JSObject *,js::TempAllocPolicy> >,JS::Handle<JSScript *>,JS::Value *) [CompilationAndEvaluation.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 468 + 0x11]
[task 2019-08-13T12:16:08.383Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.383Z] 12:16:08 INFO - rsp = 0x000000a97c7fe0e0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.383Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.383Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870c3ae5a
[task 2019-08-13T12:16:08.383Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.384Z] 12:16:08 INFO - 15 xul.dll!nsJSUtils::ExecutionContext::ExecScript() [nsJSUtils.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 416 + 0x9]
[task 2019-08-13T12:16:08.384Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.384Z] 12:16:08 INFO - rsp = 0x000000a97c7fe180 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.384Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.384Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d0d0a85
[task 2019-08-13T12:16:08.384Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.385Z] 12:16:08 INFO - 16 xul.dll!static nsresult mozilla::dom::ExecuteCompiledScript(struct JSContext *, class mozilla::dom::ScriptLoadRequest *, class nsJSUtils::ExecutionContext & const) [ScriptLoader.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 2593 + 0x8]
[task 2019-08-13T12:16:08.385Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.385Z] 12:16:08 INFO - rsp = 0x000000a97c7fe1b0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.385Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.385Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86f9878b7
[task 2019-08-13T12:16:08.385Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.386Z] 12:16:08 INFO - 17 xul.dll!nsresult mozilla::dom::ScriptLoader::EvaluateScript(class mozilla::dom::ScriptLoadRequest *) [ScriptLoader.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 2817 + 0xb]
[task 2019-08-13T12:16:08.386Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.386Z] 12:16:08 INFO - rsp = 0x000000a97c7fe220 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.386Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.386Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d0ce26b
[task 2019-08-13T12:16:08.387Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.387Z] 12:16:08 INFO - 18 xul.dll!nsresult mozilla::dom::ScriptLoader::ProcessRequest(class mozilla::dom::ScriptLoadRequest *) [ScriptLoader.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 2320 + 0xb]
[task 2019-08-13T12:16:08.387Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.387Z] 12:16:08 INFO - rsp = 0x000000a97c7fe620 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.387Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.387Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d0cd744
[task 2019-08-13T12:16:08.388Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.388Z] 12:16:08 INFO - 19 xul.dll!bool mozilla::dom::ScriptLoader::ProcessExternalScript(class nsIScriptElement *, mozilla::dom::ScriptKind, class nsTAutoStringN<char16_t,64>, class nsIContent *) [ScriptLoader.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 1748 + 0xb]
[task 2019-08-13T12:16:08.388Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.388Z] 12:16:08 INFO - rsp = 0x000000a97c7fe6d0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.388Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.388Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d147bf8
[task 2019-08-13T12:16:08.389Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.389Z] 12:16:08 INFO - 20 xul.dll!bool mozilla::dom::ScriptLoader::ProcessScriptElement(class nsIScriptElement *) [ScriptLoader.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 1587 + 0x18]
[task 2019-08-13T12:16:08.389Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.389Z] 12:16:08 INFO - rsp = 0x000000a97c7fe840 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.389Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.389Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d0cbdec
[task 2019-08-13T12:16:08.390Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.390Z] 12:16:08 INFO - 21 xul.dll!mozilla::dom::ScriptElement::MaybeProcessScript() [ScriptElement.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 118 + 0xb]
[task 2019-08-13T12:16:08.390Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.390Z] 12:16:08 INFO - rsp = 0x000000a97c7feb50 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.391Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.391Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d0cac12
[task 2019-08-13T12:16:08.391Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.391Z] 12:16:08 INFO - 22 xul.dll!void nsHtml5TreeOpExecutor::RunScript(class nsIContent *) [nsHtml5TreeOpExecutor.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 729 + 0xd]
[task 2019-08-13T12:16:08.391Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.392Z] 12:16:08 INFO - rsp = 0x000000a97c7febd0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.392Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.392Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d0cb7f1
[task 2019-08-13T12:16:08.392Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.392Z] 12:16:08 INFO - 23 xul.dll!void nsHtml5TreeOpExecutor::RunFlushLoop() [nsHtml5TreeOpExecutor.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 532 + 0x8]
[task 2019-08-13T12:16:08.392Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.393Z] 12:16:08 INFO - rsp = 0x000000a97c7fec20 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.393Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.393Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d00ef1e
[task 2019-08-13T12:16:08.393Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.393Z] 12:16:08 INFO - 24 xul.dll!nsresult nsHtml5ExecutorReflusher::Run() [nsHtml5TreeOpExecutor.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 70 + 0x5]
[task 2019-08-13T12:16:08.393Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.394Z] 12:16:08 INFO - rsp = 0x000000a97c7fece0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.394Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.394Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d0e447e
[task 2019-08-13T12:16:08.394Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.394Z] 12:16:08 INFO - 25 xul.dll!mozilla::SchedulerGroup::Runnable::Run() [SchedulerGroup.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 295 + 0x1c]
[task 2019-08-13T12:16:08.394Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.395Z] 12:16:08 INFO - rsp = 0x000000a97c7fed30 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.395Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.395Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86d36438a
[task 2019-08-13T12:16:08.395Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.395Z] 12:16:08 INFO - 26 xul.dll!nsThread::ProcessNextEvent(bool,bool *) [nsThread.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 1225 + 0x6]
[task 2019-08-13T12:16:08.395Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.396Z] 12:16:08 INFO - rsp = 0x000000a97c7fedd0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.396Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.396Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86c948368
[task 2019-08-13T12:16:08.396Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.396Z] 12:16:08 INFO - 27 xul.dll!NS_ProcessNextEvent(nsIThread *,bool) [nsThreadUtils.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 486 + 0x26]
[task 2019-08-13T12:16:08.396Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.397Z] 12:16:08 INFO - rsp = 0x000000a97c7ff340 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.397Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.397Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86c946ed5
[task 2019-08-13T12:16:08.397Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.397Z] 12:16:08 INFO - 28 xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) [MessagePump.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 88 + 0xa]
[task 2019-08-13T12:16:08.397Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.398Z] 12:16:08 INFO - rsp = 0x000000a97c7ff390 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.398Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.398Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86cb3f185
[task 2019-08-13T12:16:08.398Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.398Z] 12:16:08 INFO - 29 xul.dll!MessageLoop::RunHandler() [message_loop.cc:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 308 + 0xf]
[task 2019-08-13T12:16:08.399Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.399Z] 12:16:08 INFO - rsp = 0x000000a97c7ff410 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.399Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.400Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86c924b28
[task 2019-08-13T12:16:08.400Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.400Z] 12:16:08 INFO - 30 xul.dll!MessageLoop::Run() [message_loop.cc:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 290 + 0x5]
[task 2019-08-13T12:16:08.400Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.400Z] 12:16:08 INFO - rsp = 0x000000a97c7ff460 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.400Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.401Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86c946ac1
[task 2019-08-13T12:16:08.401Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.401Z] 12:16:08 INFO - 31 xul.dll!nsBaseAppShell::Run() [nsBaseAppShell.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 137 + 0x8]
[task 2019-08-13T12:16:08.401Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.401Z] 12:16:08 INFO - rsp = 0x000000a97c7ff4b0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.402Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.402Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86cb3f004
[task 2019-08-13T12:16:08.402Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.402Z] 12:16:08 INFO - 32 xul.dll!nsAppShell::Run() [nsAppShell.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 406 + 0x8]
[task 2019-08-13T12:16:08.402Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.402Z] 12:16:08 INFO - rsp = 0x000000a97c7ff4f0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.402Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.403Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86cb3cbc0
[task 2019-08-13T12:16:08.403Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.403Z] 12:16:08 INFO - 33 xul.dll!XRE_RunAppShell() [nsEmbedFunctions.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 934 + 0x9]
[task 2019-08-13T12:16:08.403Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.403Z] 12:16:08 INFO - rsp = 0x000000a97c7ff540 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.404Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.404Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870abf4c9
[task 2019-08-13T12:16:08.404Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.404Z] 12:16:08 INFO - 34 xul.dll!MessageLoop::RunHandler() [message_loop.cc:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 308 + 0xf]
[task 2019-08-13T12:16:08.404Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.404Z] 12:16:08 INFO - rsp = 0x000000a97c7ff590 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.405Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.405Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86c924b28
[task 2019-08-13T12:16:08.405Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.405Z] 12:16:08 INFO - 35 xul.dll!MessageLoop::Run() [message_loop.cc:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 290 + 0x5]
[task 2019-08-13T12:16:08.406Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.406Z] 12:16:08 INFO - rsp = 0x000000a97c7ff5e0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.406Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.406Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff86c946ac1
[task 2019-08-13T12:16:08.406Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.406Z] 12:16:08 INFO - 36 xul.dll!XRE_InitChildProcess(int,char * * const,XREChildData const *) [nsEmbedFunctions.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 769 + 0x5]
[task 2019-08-13T12:16:08.407Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.407Z] 12:16:08 INFO - rsp = 0x000000a97c7ff630 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.407Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.407Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff870abee68
[task 2019-08-13T12:16:08.407Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.407Z] 12:16:08 INFO - 37 firefox.exe!static int content_process_main(class mozilla::Bootstrap *, int, char * *) [plugin-container.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 56 + 0x13]
[task 2019-08-13T12:16:08.408Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.408Z] 12:16:08 INFO - rsp = 0x000000a97c7ff890 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.408Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.408Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff621ad1762
[task 2019-08-13T12:16:08.408Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.408Z] 12:16:08 INFO - 38 firefox.exe!static int NS_internal_main(int, char * *, char * *) [nsBrowserApp.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 267 + 0xa]
[task 2019-08-13T12:16:08.409Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.409Z] 12:16:08 INFO - rsp = 0x000000a97c7ff8f0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.409Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.409Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff621ad13c8
[task 2019-08-13T12:16:08.409Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.409Z] 12:16:08 INFO - 39 firefox.exe!wmain [nsWindowsWMain.cpp:9ef1dcfda500b98dbea2e921e0a103e795a59703 : 131 + 0x15]
[task 2019-08-13T12:16:08.410Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.410Z] 12:16:08 INFO - rsp = 0x000000a97c7ffa90 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.410Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.410Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff621ad122d
[task 2019-08-13T12:16:08.410Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.410Z] 12:16:08 INFO - 40 firefox.exe!static int __scrt_common_main_seh() [exe_common.inl : 288 + 0x22]
[task 2019-08-13T12:16:08.411Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.411Z] 12:16:08 INFO - rsp = 0x000000a97c7ffb50 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.411Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.411Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff621b1bff8
[task 2019-08-13T12:16:08.411Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.411Z] 12:16:08 INFO - 41 kernel32.dll!BaseThreadInitThunk + 0x14
[task 2019-08-13T12:16:08.411Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.412Z] 12:16:08 INFO - rsp = 0x000000a97c7ffb90 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.412Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.412Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff892b92774
[task 2019-08-13T12:16:08.412Z] 12:16:08 INFO - Found by: call frame info
[task 2019-08-13T12:16:08.412Z] 12:16:08 INFO - 42 ntdll.dll!SdbpCheckMatchingRegistryEntry + 0x29d
[task 2019-08-13T12:16:08.412Z] 12:16:08 INFO - rbx = 0x00000000ffffffff rbp = 0x0000000000000017
[task 2019-08-13T12:16:08.413Z] 12:16:08 INFO - rsp = 0x000000a97c7ffbc0 r12 = 0x000002450872f000
[task 2019-08-13T12:16:08.413Z] 12:16:08 INFO - r13 = 0x0000024508ac943a r14 = 0x0000000000000010
[task 2019-08-13T12:16:08.413Z] 12:16:08 INFO - r15 = 0x00007ff870d67fe0 rip = 0x00007ff894eb0d61
[task 2019-08-13T12:16:08.413Z] 12:16:08 INFO - Found by: call frame info

This has started permafailing on tier 2 once Bug 1570905 has landed.
:jonco, is there any chance you could take a look at this when you have a bit of time?
Thank you.

Flags: needinfo?(jcoppeard)

The crash address of 0xb8/0x5c on 64/32 bit platforms indicates that this is crashing in FreeLists::allocate when called on a null FreeLists pointer with AllocKind SYMBOL:

https://searchfox.org/mozilla-central/source/js/src/gc/ArenaList-inl.h#224

I can't work out what's going on in this crash. It seems like freeLists_ is null sometimes when we allocate in the atoms zone. This patch just adds some assertions around JSContext intialization and setting freeLists_.

Keywords: leave-open

I can reproduce this now on my laptop with a local build! Including a capture in Time Travel Debugging.

  1. Allocate a Symbol
  2. This enters AtomZone at [1]
  3. Trigger GC deferred finalizers
  4. JSWindowActor::DestroyCallback uses AutoEnterScript (while cx->realm is currently nullptr)
  5. Leave the AutoEnterScript, restoring to realm = nullptr, clearing the freeList.
  6. Crash.

Here is the backtrace for step 5:

 # Child-SP          RetAddr           Call Site
00 0000004f`06dfc558 00007ffe`057cc05f xul!JSAutoNullableRealm::~JSAutoNullableRealm+0x9c [c:\Users\tcampbell\Projects\gecko.dev\js\src\jsapi.cpp @ 533] 
01 0000004f`06dfc560 00007ffe`05668c1c xul!mozilla::dom::AutoJSAPI::~AutoJSAPI+0x6f [c:\Users\tcampbell\Projects\gecko.dev\dom\script\ScriptSettings.cpp @ 280] 
02 0000004f`06dfc590 00007ffe`0567045d xul!mozilla::dom::JSWindowActor::DestroyCallback+0x19c [c:\Users\tcampbell\Projects\gecko.dev\dom\ipc\JSWindowActor.cpp @ 68] 
03 0000004f`06dfc6e0 00007ffe`0568371a xul!mozilla::dom::JSWindowActorChild::StartDestroy+0xd [c:\Users\tcampbell\Projects\gecko.dev\dom\ipc\JSWindowActorChild.cpp @ 135] 
04 0000004f`06dfc710 00007ffe`043bd8d3 xul!mozilla::dom::WindowGlobalChild::Destroy+0x14a [c:\Users\tcampbell\Projects\gecko.dev\dom\ipc\WindowGlobalChild.cpp @ 224] 
05 0000004f`06dfc7c0 00007ffe`043d9416 xul!nsGlobalWindowInner::FreeInnerObjects+0x873 [c:\Users\tcampbell\Projects\gecko.dev\dom\base\nsGlobalWindowInner.cpp @ 1247] 
06 0000004f`06dfc860 00007ffe`0673c6c8 xul!WindowStateHolder::Release+0x36 [c:\Users\tcampbell\Projects\gecko.dev\dom\base\nsGlobalWindowOuter.cpp @ 1636] 
07 0000004f`06dfc890 00007ffe`0673c3ac xul!nsSHEntryShared::DropPresentationState+0x1c8 [c:\Users\tcampbell\Projects\gecko.dev\docshell\shistory\nsSHEntryShared.cpp @ 119] 
08 0000004f`06dfc8f0 00007ffe`0673c27c xul!nsSHEntryShared::RemoveFromBFCacheSync+0x3c [c:\Users\tcampbell\Projects\gecko.dev\docshell\shistory\nsSHEntryShared.cpp @ 170] 
09 0000004f`06dfc950 00007ffe`0673c483 xul!nsSHEntryShared::~nsSHEntryShared+0xcc [c:\Users\tcampbell\Projects\gecko.dev\docshell\shistory\nsSHEntryShared.cpp @ 61] 
0a 0000004f`06dfc9b0 00007ffe`034c59d0 xul!nsSHEntryShared::Release+0x23 [c:\Users\tcampbell\Projects\gecko.dev\docshell\shistory\nsSHEntryShared.cpp @ 63] 
0b 0000004f`06dfc9e0 00007ffe`034ba5c8 xul!mozilla::SegmentedVector<nsCOMPtr<nsISupports>,4096,mozilla::MallocAllocPolicy>::PopLastN+0x80 [c:\Users\tcampbell\Projects\gecko.dev\obj-x86_64-pc-mingw32\dist\include\mozilla\SegmentedVector.h @ 235] 
0c 0000004f`06dfca40 00007ffe`034ba92c xul!mozilla::dom::DeferredFinalizerImpl<nsISupports>::DeferredFinalize+0x48 [c:\Users\tcampbell\Projects\gecko.dev\obj-x86_64-pc-mingw32\dist\include\mozilla\dom\BindingUtils.h @ 2721] 
0d 0000004f`06dfca80 00007ffe`034b987f xul!mozilla::IncrementalFinalizeRunnable::ReleaseNow+0x14c [c:\Users\tcampbell\Projects\gecko.dev\xpcom\base\CycleCollectedJSRuntime.cpp @ 1302] 
0e 0000004f`06dfcb40 00007ffe`06e8af62 xul!mozilla::CycleCollectedJSRuntime::OnGC+0x10f [c:\Users\tcampbell\Projects\gecko.dev\xpcom\base\CycleCollectedJSRuntime.cpp @ 1451] 
0f 0000004f`06dfcba0 00007ffe`06e8b544 xul!js::gc::GCRuntime::maybeCallGCCallback+0x132 [c:\Users\tcampbell\Projects\gecko.dev\js\src\gc\GC.cpp @ 7480] 
10 0000004f`06dfcbf0 00007ffe`06e8c2ff xul!js::gc::GCRuntime::gcCycle+0x4e4 [c:\Users\tcampbell\Projects\gecko.dev\js\src\gc\GC.cpp @ 7567] 
11 0000004f`06dfcd00 00007ffe`06e97762 xul!js::gc::GCRuntime::collect+0x2df [c:\Users\tcampbell\Projects\gecko.dev\js\src\gc\GC.cpp @ 7736] 
12 0000004f`06dfcdd0 00007ffe`06e992a8 xul!js::gc::GCRuntime::checkAllocatorState<js::CanGC>+0xb2 [c:\Users\tcampbell\Projects\gecko.dev\js\src\gc\Allocator.cpp @ 341] 
13 0000004f`06dfce60 00007ffe`06d5d248 xul!js::Allocate<JS::Symbol,js::CanGC>+0x28 [c:\Users\tcampbell\Projects\gecko.dev\js\src\gc\Allocator.cpp @ 250] 
14 0000004f`06dfce90 00007ffe`06d5d36f xul!JS::Symbol::newInternal+0x98 [c:\Users\tcampbell\Projects\gecko.dev\js\src\vm\SymbolType.cpp @ 28] 
15 0000004f`06dfcee0 00007ffe`06cf794c xul!JS::Symbol::new_+0x7f [c:\Users\tcampbell\Projects\gecko.dev\js\src\vm\SymbolType.cpp @ 45] 

At the very least, the JSAutoNullableRealm doesn't know how to re-enter the AtomsZone. It is surprising that we are running all this code inside an AutoEnterAtomsZone.

I expect you can repro this now, but I do have the trace file saved if you need more details.

[1] https://searchfox.org/mozilla-central/rev/3a61fb322f74a0396878468e50e4f4e97e369825/js/src/vm/SymbolType.cpp#25

(In reply to Ted Campbell [:tcampbell] from comment #6)
Great, thanks for tracking this down!

See Also: → 1574294
Assignee: nobody → jcoppeard
Flags: needinfo?(jcoppeard)
Priority: -- → P1
Regressions: 1540719
Regressed by: 1540719
No longer regressions: 1540719
Crash Signature: [@ class JS::Symbol * js::gc::GCRuntime::tryNewTenuredThing<JS::Symbol,js::CanGC>(struct JSContext *, js::gc::AllocKind, unsigned __int64)] → [@ class JS::Symbol * js::gc::GCRuntime::tryNewTenuredThing<JS::Symbol,js::CanGC>(struct JSContext *, js::gc::AllocKind, unsigned __int64)] [@ class JS::BigInt * js::gc::GCRuntime::tryNewTenuredThing<JS::BigInt,js::CanGC>(struct JSContext *, js::gc::Alloc…
Attachment #9085712 - Attachment is obsolete: true

Entering the atoms zone with AutoAllocInAtomsZone is a bit of a special case and we don't support entering another realm in this state. Unfortunately this can happen during GC in a couple of place. The patch temporarily leaves the atoms zone during GC so that callbacks can enter whatever zones they like.

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ffeb52190484
Leave the atoms zone when performing a GC r=tcampbell
Status: NEW → RESOLVED
Crash Signature: [@ class JS::Symbol * js::gc::GCRuntime::tryNewTenuredThing<JS::Symbol,js::CanGC>(struct JSContext *, js::gc::AllocKind, unsigned __int64)] [@ class JS::BigInt * js::gc::GCRuntime::tryNewTenuredThing<JS::BigInt,js::CanGC>(struct JSContext * → [@ class JS::Symbol * js::gc::GCRuntime::tryNewTenuredThing<JS::Symbol,js::CanGC>(struct JSContext *, js::gc::AllocKind, unsigned __int64)] [@ class JS::BigInt * js::gc::GCRuntime::tryNewTenuredThing<JS::BigInt,js::CanGC>(struct JSContext *
Closed: 5 years ago
Keywords: leave-open
Resolution: --- → FIXED
Crash Signature: , js::gc::AllocKind, unsigned __int64)] → , js::gc::AllocKind, unsigned __int64)] [@ js::gc::GCRuntime::tryNewTenuredThing<T>]
Crash Signature: , js::gc::AllocKind, unsigned __int64)] [@ js::gc::GCRuntime::tryNewTenuredThing<T>] → , js::gc::AllocKind, unsigned __int64)] [@ js::gc::GCRuntime::tryNewTenuredThing<T>]
Flags: in-testsuite+
Target Milestone: --- → mozilla70

Please nominate this for Beta & ESR68 approval when you get a chance.

Flags: needinfo?(jcoppeard)

Comment on attachment 9086058 [details]
Bug 1573458 - Leave the atoms zone when performing a GC r?tcampbell

Beta/Release Uplift Approval Request

  • User impact if declined: Possible crashes.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This is a simple fix that's the same as we already did in another situation. The patch includes a specific test case too.
  • String changes made/needed:

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Fixes a crash that happens in the wild.
  • User impact if declined: Possible crashes.
  • Fix Landed on Version: 70
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This is a simple fix that's the same as we already did in another situation. The patch includes a specific test case too.
  • String or UUID changes made by this patch:
Flags: needinfo?(jcoppeard)
Attachment #9086058 - Flags: approval-mozilla-esr68?
Attachment #9086058 - Flags: approval-mozilla-beta?

Comment on attachment 9086058 [details]
Bug 1573458 - Leave the atoms zone when performing a GC r?tcampbell

JS stability fix, approved for 69.0b16 and 68.1esr.

Attachment #9086058 - Flags: approval-mozilla-esr68?
Attachment #9086058 - Flags: approval-mozilla-esr68+
Attachment #9086058 - Flags: approval-mozilla-beta?
Attachment #9086058 - Flags: approval-mozilla-beta+
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.