Closed
Bug 491604
Opened 15 years ago
Closed 15 years ago
top crash [@ js_NewGCThing]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 492693
People
(Reporter: samuel.sidler+old, Unassigned)
References
()
Details
(Keywords: crash, topcrash)
Crash Data
(I didn't see this filed, feel free to dupe if it is.) In Firefox 3.5b4, there's a new topcrash [@ js_NewGCThing] that's currently #6 (about 1/5 the crashes as the #1 topcrash). This crash still occurs in trunk builds and 1.9.1 builds. There's actually two crashes with this signature on Mac, but the remainder are on Windows and I'm going to guess there's a couple smaller crashes mixed into this bucket. This bug is specifically about the following stack (taken from bp-9b7637db-a1e8-4fef-9020-0f61e2090501): Crashing Thread Frame Module Signature Source 0 js3250.dll js_NewGCThing js/src/jsgc.cpp:2071 1 js3250.dll js_NewObjectWithGivenProto js/src/jsobj.cpp:3131 2 js3250.dll js_InitClass js/src/jsobj.cpp:2805 3 js3250.dll js_InitFunctionClass js/src/jsfun.cpp:2081 4 js3250.dll js_InitFunctionAndObjectClasses js/src/jsapi.cpp:1266 5 js3250.dll js_GetClassObject js/src/jsobj.cpp:3302 6 js3250.dll js_FindClassObject js/src/jsobj.cpp:3366 7 js3250.dll js_GetClassPrototype js/src/jsobj.cpp:5389 8 js3250.dll js_InitClass js/src/jsobj.cpp:2769 9 js3250.dll JS_InitClass js/src/jsapi.cpp:2721 10 xul.dll nsXBLBinding::DoInitJSClass(JSContext*,JSObject*,JSObject*,nsCString const&,nsXBLPrototypeBinding*,void**) content/xbl/src/nsXBLBinding.cpp:1318 11 xul.dll nsXBLProtoImpl::CompilePrototypeMembers(nsXBLPrototypeBinding*) content/xbl/src/nsXBLProtoImpl.cpp:179 12 xul.dll nsXBLProtoImpl::InitTargetObjects(nsXBLPrototypeBinding*,nsIScriptContext*,nsIContent*,nsIXPConnectJSObjectHolder**,void**) content/xbl/src/nsXBLProtoImpl.cpp:112 13 xul.dll nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding*,nsIContent*) content/xbl/src/nsXBLProtoImpl.cpp:80 14 xul.dll nsXBLBinding::InstallImplementation() content/xbl/src/nsXBLBinding.cpp:941 15 xul.dll nsXBLBinding::InstallImplementation() content/xbl/src/nsXBLBinding.cpp:935 16 xul.dll nsXBLService::LoadBindings(nsIContent*,nsIURI*,nsIPrincipal*,int,nsXBLBinding**,int*) content/xbl/src/nsXBLService.cpp:669 17 xul.dll nsElementSH::PostCreate(nsIXPConnectWrappedNative*,JSContext*,JSObject*) dom/src/base/nsDOMClassInfo.cpp:7556 18 xul.dll XPCWrappedNative::GetNewOrUsed(XPCCallContext&,nsISupports*,XPCWrappedNativeScope*,XPCNativeInterface*,int,XPCWrappedNative**) js/src/xpconnect/src/xpcwrappednative.cpp:548 Also potentially related is the following crash stack, taken from bp-e80ead6a-caf4-4a43-872f-f3ac12090501: Frame Module Signature [Expand] Source 0 js3250.dll js_NewGCThing js/src/jsgc.cpp:2071 1 js3250.dll js_NewObjectWithGivenProto js/src/jsobj.cpp:3131 I'm not sure if this should block, but requesting it anyway.
Flags: blocking1.9.2?
Flags: blocking1.9.1?
Comment 1•15 years ago
|
||
no clear pattern or site that seems to trigger the crash. #crashes url Firefox 3.5b4 741 [no url] js_NewGCThing Firefox 3.5b4 48 \N-url-edited-by-user? js_NewGCThing Firefox 3.5b4 15 about:sessionrestore js_NewGCThing Firefox 3.5b4 6 about:blank js_NewGCThing Firefox 3.5b4 1 http://www.mozilla.com/en-US/firefox/3.5b4/whatsnew/ js_NewGCThing and about 88 other sites including http://www.facebook.com/profile.php? (s) many http://www.java.com/en/download/ google search result pages https://addons.mozilla.org/en-US/firefox/browse/type:7 https://addons.mozilla.org/fi/firefox/browse/type:7
Comment 2•15 years ago
|
||
Do we see this on trunk?
Updated•15 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
Comment 3•15 years ago
|
||
I am not getting line number links for the crash reports. Its hard to tell where exactly we crash.
Reporter | ||
Comment 4•15 years ago
|
||
(In reply to comment #2) > Do we see this on trunk? It's #99 on trunk and has moved down to #28 in beta 4. I don't see it at all in 3.5b5pre builds though...
Comment 5•15 years ago
|
||
appears consistently in 3.5b5pre, but last one is 2009051300 build http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.6a1pre&query_search=signature&query_type=contains&query=js_NewGCThing&date=&range_value=31&range_unit=days&do_query=1&signature=js_NewGCThing
Comment 6•15 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/ed70badf19d7 Andreas Gal <gal@mozilla.com> - Tue, 12 May 2009 20:55:50 -0700 - rev 28176 Clear temporary rooting area after native calls on trace (492693, r=jwalden). I fixed the GC bug on 5/12. I think we can dup this against 492693. Please split and re-open if this is observed again.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Updated•15 years ago
|
Flags: blocking1.9.2?
Updated•13 years ago
|
Crash Signature: [@ js_NewGCThing]
You need to log in
before you can comment on or make changes to this bug.
Description
•