Closed Bug 783896 Opened 13 years ago Closed 9 years ago

crash in js::gc::IsMarked

Categories

(Core :: JavaScript Engine, defect)

x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: wsmwk, Unassigned)

References

Details

(Keywords: crash, regression, Whiteboard: [tbird crash][js:inv])

Crash Data

#9 crash in TB15 beta. potentially topcrash, so need to check ranking after TB15 releases Doesn't rank in top 300 for firefox 15 This bug was filed from the Socorro interface and is report bp-773d64d6-4cc9-4768-8329-337642120819 . ============================================================= 0 mozjs.dll js::gc::IsMarked<js::gc::Cell> js/src/gc/Marking.cpp:184 1 mozjs.dll JSCompartment::sweepInitialShapeTable js/src/jsscope.cpp:1379 2 mozjs.dll JSCompartment::sweep js/src/jscompartment.cpp:468 3 mozjs.dll SweepPhase js/src/jsgc.cpp:3273 4 mozjs.dll GCCycle js/src/jsgc.cpp:3719 5 mozjs.dll Collect js/src/jsgc.cpp:3822 6 mozjs.dll js::GC js/src/jsgc.cpp:3846 7 mozjs.dll js::GCForReason js/src/jsfriendapi.cpp:137 8 xul.dll nsXPCComponents_Utils::ForceGC js/xpconnect/src/XPCComponents.cpp:3922 184 if (!(*thingp)->compartment()->isCollecting()) firefox stacks are different, and even they are not all the same. example crashes: bp-75d29183-8454-4f53-aa11-f5e7d2120819 bp-293f9378-fba0-4f35-a5a8-3141f2120807
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Thunderbird → Core
Whiteboard: [tbird crash]
Assignee: general → terrence
Whiteboard: [tbird crash] → [tbird crash][js:inv]
There's a spike in crashes from IonMonkey.
Crash Signature: [@ js::gc::IsMarked<js::gc::Cell>] → [@ js::gc::IsMarked<js::gc::Cell>] [@ js::gc::IsMarked<js::DebugScopeObject>] [@ js::gc::IsMarked<JSScript>] [@ js::gc::IsMarked<js::GlobalObject>]
It's #23 top browser crasher in 16.0.1 and #35 in 17.0b1. It's correlated to AdBlock Plus: *16.0.1: js::gc::IsMarked<js::gc::Cell>|EXCEPTION_ACCESS_VIOLATION_READ (416 crashes) 96% (400/416) vs. 11% (7032/65825) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865) *17.0b1: js::gc::IsMarked<js::gc::Cell>|EXCEPTION_ACCESS_VIOLATION_READ (86 crashes) 90% (77/86) vs. 10% (1860/18965) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
OS: Windows NT → Windows 7
Blocks: abp
Without STR there's nothing we can do about this.
Assignee: terrence → nobody
Crash Signature: [@ js::gc::IsMarked<js::gc::Cell>] [@ js::gc::IsMarked<js::DebugScopeObject>] [@ js::gc::IsMarked<JSScript>] [@ js::gc::IsMarked<js::GlobalObject>] → [@ js::gc::IsMarked<js::gc::Cell>] [@ js::gc::IsMarked<js::DebugScopeObject>] [@ js::gc::IsMarked<JSScript>] [@ js::gc::IsMarked<js::GlobalObject>] [@ js::gc::IsMarked<T>]
For Thunderbird there's nothing newer than version 17 - https://crash-stats.mozilla.com/signature/?signature=js%3A%3Agc%3A%3AIsMarked%3CT%3E&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_sort=-date&page=1#reports So this is either WFM or signature has morphed. And FWIW, it's still unclear that this was a bug with "core"
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.