Closed
Bug 1746775
Opened 4 years ago
Closed 4 years ago
Crash in [@ js::SharedShape::getInitialShape]
Categories
(Core :: DOM: Networking, defect)
Tracking
()
RESOLVED
FIXED
97 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr91 | --- | unaffected |
| firefox95 | --- | unaffected |
| firefox96 | --- | unaffected |
| firefox97 | --- | fixed |
People
(Reporter: aryx, Unassigned)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
7 crashes from 4+ installations in the last few days (2 crashes before), all on Windows 10. The stacks are partially corrupted but a few mention PAC (ProxyAutoConfig). The start of the recent crashes aligns with the landing of bug 1746300. Kershaw, please investigate.
Maybe Fission related. (DOMFissionEnabled=1)
Crash report: https://crash-stats.mozilla.org/report/index/d344db5f-c378-4cd8-a112-937240211218
Reason: EXCEPTION_STACK_OVERFLOW
Top 10 frames of crashing thread:
0 xul.dll static js::SharedShape::getInitialShape js/src/vm/Shape.cpp:1123
1 None @0x0000000000001842
2 None @0x00000215a81c15a8
3 xul.dll js::jit::MaybeEnterJit js/src/jit/Jit.cpp:210
4 xul.dll js::Call js/src/vm/Interpreter.cpp:552
5 xul.dll JS_CallFunctionName js/src/vm/CallAndConstruct.cpp:101
6 xul.dll mozilla::net::ProxyAutoConfig::GetProxyForURI netwerk/base/ProxyAutoConfig.cpp:932
7 xul.dll std::_Func_impl_no_alloc<`lambda at /builds/worker/checkouts/gecko/netwerk/ipc/ProxyAutoConfigChild.cpp:179:9', void>::_Do_call
8 xul.dll mozilla::detail::RunnableFunction<`lambda at /builds/worker/checkouts/gecko/netwerk/base/ProxyAutoConfig.cpp:864:30'>::Run xpcom/threads/nsThreadUtils.h:531
9 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1177
Flags: needinfo?(kershaw)
|
Reporter | |
Comment 1•4 years ago
|
||
Please also check the [@ je_malloc | PrintfAppend<T>::append ] crashes, e.g. bp-e89ec82d-2fe1-410c-893f-f3ce00211220
|
|
Reporter | |
Updated•4 years ago
|
Crash Signature: [@ js::SharedShape::getInitialShape] → [@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape]
|
|
Reporter | |
Comment 2•4 years ago
|
||
[@ mozilla::net::ProxyAutoConfig::MaybeInvokeDNSResolveCallbacks]: bp-fd46a2d6-899d-4dd4-b7c4-2e5dc0211219
Crash Signature: [@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape] → [@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape]
[@ mozilla::net::ProxyAutoConfig::MaybeInvokeDNSResolveCallbacks]
|
||
Updated•4 years ago
|
Crash Signature: [@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape]
[@ mozilla::net::ProxyAutoConfig::MaybeInvokeDNSResolveCallbacks] → [@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape]
[@ mozilla::net::ProxyAutoConfig::MaybeInvokeDNSResolveCallbacks]
[@ PrintfAppend<T>::append]
|
||
Comment 3•4 years ago
|
||
This should be fixed by backing out bug 1745385.
Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(kershaw)
Resolution: --- → FIXED
|
|
Reporter | |
Updated•4 years ago
|
status-firefox95:
--- → unaffected
status-firefox96:
--- → unaffected
status-firefox-esr91:
--- → unaffected
Keywords: regression
Regressed by: 1745385
Target Milestone: --- → 97 Branch
|
||
Updated•4 years ago
|
Has Regression Range: --- → yes
|
||
Comment 4•4 years ago
|
||
I just bumped into another signature that was probably this bug.
Crash Signature: [@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape]
[@ mozilla::net::ProxyAutoConfig::MaybeInvokeDNSResolveCallbacks]
[@ PrintfAppend<T>::append] → [@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape]
[@ mozilla::net::ProxyAutoConfig::MaybeInvokeDNSResolveCallbacks]
[@ PrintfAppend<T>::append]
[@ js::NewDenseFullyAllocatedArrayWithTemplate]
|
|
Reporter | |
Updated•4 years ago
|
Crash Signature: [@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape]
[@ mozilla::net::ProxyAutoConfig::MaybeInvokeDNSResolveCallbacks]
[@ PrintfAppend<T>::append]
[@ js::NewDenseFullyAllocatedArrayWithTemplate] → [@ Allocator<T>::malloc | moz_xmalloc | mozilla::net::ChildDNSService::AsyncResolveInternal]
[@ je_malloc | PrintfAppend<T>::append]
[@ js::SharedShape::getInitialShape]
[@ mozilla::net::ProxyAutoConfig::MaybeInvokeDNSResolveCallbacks]
[@ PrintfAppend…
|
|
Reporter | |
Updated•4 years ago
|
Status: RESOLVED → REOPENED
Crash Signature: PrintfAppend<T>::append]
[@ js::NewDenseFullyAllocatedArrayWithTemplate] → PrintfAppend<T>::append]
[@ js::NewDenseFullyAllocatedArrayWithTemplate]
[@ nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<T>&, (anonymous namespace)::EntryWrapper&, nsID const&, void**)]
Resolution: FIXED → ---
Target Milestone: 97 Branch → ---
|
|
Reporter | |
Updated•4 years ago
|
Status: REOPENED → RESOLVED
Closed: 4 years ago → 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•