Closed
Bug 783896
Opened 13 years ago
Closed 9 years ago
crash in js::gc::IsMarked
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: wsmwk, Unassigned)
References
Details
(Keywords: crash, regression, Whiteboard: [tbird crash][js:inv])
Crash Data
#9 crash in TB15 beta. potentially topcrash, so need to check ranking after TB15 releases
Doesn't rank in top 300 for firefox 15
This bug was filed from the Socorro interface and is
report bp-773d64d6-4cc9-4768-8329-337642120819 .
=============================================================
0 mozjs.dll js::gc::IsMarked<js::gc::Cell> js/src/gc/Marking.cpp:184
1 mozjs.dll JSCompartment::sweepInitialShapeTable js/src/jsscope.cpp:1379
2 mozjs.dll JSCompartment::sweep js/src/jscompartment.cpp:468
3 mozjs.dll SweepPhase js/src/jsgc.cpp:3273
4 mozjs.dll GCCycle js/src/jsgc.cpp:3719
5 mozjs.dll Collect js/src/jsgc.cpp:3822
6 mozjs.dll js::GC js/src/jsgc.cpp:3846
7 mozjs.dll js::GCForReason js/src/jsfriendapi.cpp:137
8 xul.dll nsXPCComponents_Utils::ForceGC js/xpconnect/src/XPCComponents.cpp:3922
184 if (!(*thingp)->compartment()->isCollecting())
firefox stacks are different, and even they are not all the same. example crashes:
bp-75d29183-8454-4f53-aa11-f5e7d2120819
bp-293f9378-fba0-4f35-a5a8-3141f2120807
|
Reporter | |
Updated•13 years ago
|
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Thunderbird → Core
|
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [tbird crash]
|
||
Updated•13 years ago
|
Assignee: general → terrence
Whiteboard: [tbird crash] → [tbird crash][js:inv]
|
||
Comment 1•13 years ago
|
||
There's a spike in crashes from IonMonkey.
Crash Signature: [@ js::gc::IsMarked<js::gc::Cell>] → [@ js::gc::IsMarked<js::gc::Cell>]
[@ js::gc::IsMarked<js::DebugScopeObject>]
[@ js::gc::IsMarked<JSScript>]
[@ js::gc::IsMarked<js::GlobalObject>]
|
|
||
Comment 2•13 years ago
|
||
It's #23 top browser crasher in 16.0.1 and #35 in 17.0b1.
It's correlated to AdBlock Plus:
*16.0.1:
js::gc::IsMarked<js::gc::Cell>|EXCEPTION_ACCESS_VIOLATION_READ (416 crashes)
96% (400/416) vs. 11% (7032/65825) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
*17.0b1:
js::gc::IsMarked<js::gc::Cell>|EXCEPTION_ACCESS_VIOLATION_READ (86 crashes)
90% (77/86) vs. 10% (1860/18965) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
OS: Windows NT → Windows 7
|
||
Comment 4•10 years ago
|
||
Without STR there's nothing we can do about this.
Assignee: terrence → nobody
|
||
Updated•10 years ago
|
Crash Signature: [@ js::gc::IsMarked<js::gc::Cell>]
[@ js::gc::IsMarked<js::DebugScopeObject>]
[@ js::gc::IsMarked<JSScript>]
[@ js::gc::IsMarked<js::GlobalObject>] → [@ js::gc::IsMarked<js::gc::Cell>]
[@ js::gc::IsMarked<js::DebugScopeObject>]
[@ js::gc::IsMarked<JSScript>]
[@ js::gc::IsMarked<js::GlobalObject>]
[@ js::gc::IsMarked<T>]
|
|
Reporter | |
Comment 5•9 years ago
|
||
For Thunderbird there's nothing newer than version 17 - https://crash-stats.mozilla.com/signature/?signature=js%3A%3Agc%3A%3AIsMarked%3CT%3E&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_sort=-date&page=1#reports
So this is either WFM or signature has morphed. And FWIW, it's still unclear that this was a bug with "core"
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•