Closed
Bug 633845
Opened 13 years ago
Closed 8 years ago
Crash @ js::MaybeGC
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
blocking2.0 | --- | .x+ |
People
(Reporter: mozilla, Assigned: gal)
References
Details
(Keywords: crash, Whiteboard: [tbird crash])
Crash Data
Attachments
(1 file, 2 obsolete files)
4.59 KB,
patch
|
jst
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b12pre) Gecko/20110213 Firefox/4.0b12pre Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b12pre) Gecko/20110212 Firefox/4.0b12pre All I can do is point you to https://crash-stats.mozilla.com/report/index/bp-a9d30d8f-38c4-4145-8a5d-972ed2110213 . Minefield was running when I went to sleep; when I woke up, there was a crash reporter dialog, and that crash report is the result. Something must have happened during the night, but what? Note that I was running the Feb. 12 nightly build, so the fix in 630243 should have been merged in? Reproducible: Didn't try
Updated•13 years ago
|
Assignee: nobody → general
Component: General → JavaScript Engine
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Version: unspecified → Trunk
Reporter | ||
Comment 1•13 years ago
|
||
Hmmm, it did it again. https://crash-stats.mozilla.com/report/index/15262d4b-6128-4f0d-922c-d30872110217 is the crash report.
Comment 2•13 years ago
|
||
I got a crash with this signature as well: https://crash-stats.mozilla.com/report/index/bp-119713f3-5b45-4007-acaf-46f782110303 It's intermittent and I couldn't find out about a specific cause. Gal: Any thoughts about this?
Assignee | ||
Comment 3•13 years ago
|
||
Looking.
Assignee | ||
Comment 4•13 years ago
|
||
Exciting. We are not in a compartment.
Assignee | ||
Updated•13 years ago
|
Assignee: general → gal
Assignee | ||
Updated•13 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 5•13 years ago
|
||
Not exploitable, very safe NULL crash.
Assignee | ||
Comment 6•13 years ago
|
||
Assignee | ||
Comment 7•13 years ago
|
||
Attachment #516733 -
Attachment is obsolete: true
Assignee | ||
Comment 8•13 years ago
|
||
The attached patch is the way to go once we merge requests and enter/leave compartment. Until then I guess I should do a spot fix.
Assignee | ||
Comment 10•13 years ago
|
||
Attachment #516734 -
Attachment is obsolete: true
Assignee | ||
Comment 11•13 years ago
|
||
Comment on attachment 516740 [details] [diff] [review] patch jst, this moves the MaybeGC where we are guaranteed to have a compartment. Also, I added what I believe is a missing compartment enter/leave.
Attachment #516740 -
Flags: review?(jst)
Updated•13 years ago
|
blocking2.0: ? → .x+
Updated•13 years ago
|
Attachment #516740 -
Flags: review?(jst) → review+
Comment 12•13 years ago
|
||
This would seem to be a regression, or something changed on trunk to expose the flaw. A close examination of crash-stats reveals the first build to crash is the day before 4.0b9 with bp-47047bd3-5b9e-4e2d-ae9f-85ba32110110 4.0b9pre buildid 20110109030350 The crash rate of subsequent "pre" builds suggests the change should be within a week or two before 2011-01-09. My crash was also when I was away from FF bp-8d7e1755-951a-45e8-8433-227a92110316 I have many unattended crashes, most of which crash-stats can't render the stacks so I'm not sure if they are related. Some examples: bp-8ecd0f31-03df-4759-9d55-d8d982110317 (today) bp-edcf9037-4a3d-43a3-a25c-dd0f42110224 bp-205ff1f2-e75a-4e1f-a871-63f842110222 Mac and linux crash sig is js::MaybeGC
OS: Windows NT → All
Summary: JavaScript crash, [@ js::MaybeGC(JSContext*)] → JavaScript crash, [@ js::MaybeGC(JSContext*)], [@ js::MaybeGC]
Updated•13 years ago
|
Crash Signature: [@ js::MaybeGC(JSContext*)]
[@ js::MaybeGC]
Comment 13•13 years ago
|
||
Andreas/anyone: did this ever land? Just asking because of Bug 681205 with the same Stack.
Crash Signature: [@ js::MaybeGC(JSContext*)]
[@ js::MaybeGC] → [@ js::MaybeGC(JSContext*)]
[@ js::MaybeGC]
Comment 14•13 years ago
|
||
This has been rising on 8 in the last days, and has hit topcrash rank #25 there yesterday.
Comment 15•13 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #12) > ... > My crash was also when I was away from FF > bp-8d7e1755-951a-45e8-8433-227a92110316 I have many unattended crashes, > most of which crash-stats can't render the stacks so I'm not sure if they > are related. Some examples: > bp-8ecd0f31-03df-4759-9d55-d8d982110317 (today) > bp-edcf9037-4a3d-43a3-a25c-dd0f42110224 > bp-205ff1f2-e75a-4e1f-a871-63f842110222 > ... That's Bug 696637. I had a "[@ js::MaybeGC(JSContext*) ]" bp-abd2b34c-9efc-435b-b507-7e2e92111029 with Aurora.
Comment 16•13 years ago
|
||
It's now #19 top crasher in 8.0b5 and #69 in 7.0.1. Maybe, there's an additional regression in 8.0.
Comment 17•13 years ago
|
||
I just had this crash in Firefox 10b. https://crash-stats.mozilla.com/report/index/bp-becea400-48d4-46cf-bd61-0fd0a2120124 0 mozjs.dll js::MaybeGC js/src/jsgc.cpp:2138 1 mozjs.dll JS_MaybeGC js/src/jsapi.cpp:2760 2 xul.dll xul.dll@0x18e8b4 3 xul.dll xul.dll@0x1661a2 4 xul.dll xul.dll@0x1436e9 5 xul.dll xul.dll@0x193efd 6 xul.dll xul.dll@0xc91503 I suspect it was an oom crash. Was the patch in this bug checked in?
Comment 18•13 years ago
|
||
It's only #120 top browser crasher in 9.0.1, #132 in 10.0b5, #221 in 11.0a2 and #213 in 12.0a1.
Keywords: topcrash
Summary: JavaScript crash, [@ js::MaybeGC(JSContext*)], [@ js::MaybeGC] → Crash @ js::MaybeGC
Comment 20•12 years ago
|
||
FWIW 10 release crashed like bp-938136e7-66b7-42d4-9419-740d92120208 on bug 725865. Unfortunately, there are no steps to reproduce. The PC was screen locked and unattended and the crash was there when the screen was unlocked.
Comment 22•8 years ago
|
||
(In reply to Martijn Wargers [:mwargers] (QA) from comment #17) > ... > Was the patch in this bug checked in? Checking hg, never landed afaict. And much has been refactored since 2011. But Thunderbird has no crashes after version 17. And firefox not after 22 or 23. So the signature is gone - whether the crash morphed or not is a question had to answer without digging.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•