Open
Bug 1869676
Opened 9 months ago
Updated 6 months ago
Crash in [@ JS::Realm::unsafeUnbarrieredMaybeGlobal]
Categories
(Core :: JavaScript: GC, defect, P5)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox122 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 3 open bugs)
Details
(Keywords: crash, stalled)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/5607d92b-c519-472c-bb52-a38880231212
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll JS::Realm::unsafeUnbarrieredMaybeGlobal const js/src/vm/Realm.h:495
0 xul.dll js::BaseShape::traceChildren js/src/gc/TraceMethods-inl.h:304
0 xul.dll js::gc::TraceCycleCollectorChildren js/src/gc/Tracer.cpp:99
0 xul.dll JS_TraceShapeCycleCollectorChildren js/src/jsfriendapi.cpp:188
0 xul.dll TraversalTracer::onChild xpcom/base/CycleCollectedJSRuntime.cpp:439
1 xul.dll JS::CallbackTracer::onEdge js/public/TracingAPI.h:245
1 xul.dll js::GenericTracerImpl<JS::CallbackTracer>::onObjectEdge js/public/TracingAPI.h:219
1 xul.dll js::gc::TraceEdgeInternal js/src/gc/Tracer.h:109
1 xul.dll TraceTaggedPtrEdge<JS::Value>::<lambda_1>::operator const js/src/gc/Marking.cpp:666
1 xul.dll js::MapGCThingTyped js/public/Value.h:1458
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2023-12-06
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: No
- Is use after free crash: Yes - 1 out of 2 crashes happened on or near an allocator poison value
Updated•9 months ago
|
Group: core-security
Component: General → JavaScript: GC
Comment 1•9 months ago
|
||
A fair amount of potential bit-flips and plenty old machines in the reports, this is likely caused by flaky hardware.
Updated•9 months ago
|
Updated•7 months ago
|
Comment hidden (Intermittent Failures Robot) |
You need to log in
before you can comment on or make changes to this bug.
Description
•