Open
Bug 1045992
Opened 10 years ago
Updated 1 year ago
crash in mozilla::CycleCollectedJSRuntime::DeferredFinalize(nsISupports*)
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
People
(Reporter: drno, Unassigned)
References
()
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-917d7a39-bbdb-4712-ae91-98f332140730.
=============================================================
|
||
Updated•10 years ago
|
Component: Untriaged → JavaScript: GC
Product: Firefox → Core
|
||
Updated•10 years ago
|
Component: JavaScript: GC → DOM
|
||
Comment 2•9 years ago
|
||
|
||
Updated•9 years ago
|
Crash Signature: [@ mozilla::CycleCollectedJSRuntime::DeferredFinalize(nsISupports*)] → [@ mozilla::CycleCollectedJSRuntime::DeferredFinalize(nsISupports*)]
[@ mozilla::CycleCollectedJSRuntime::DeferredFinalize]
|
||
Comment 3•9 years ago
|
||
And again: https://crash-stats.mozilla.com/report/index/6305f84f-8520-4f16-aa93-023892160229
Terrence/Jon: Do you happen to be able to know what is going on here? GC seems to be on the stack.
Flags: needinfo?(terrence)
This signature is essentially "generic memory corruption"
|
||
Comment 6•9 years ago
|
||
What Kyle said. This stack has at least 3 compartments and is finalizing something in XPConnect (which is only marginally compartment aware), so it's scary, but there's not much more I can tell you without being able to reproduce it at will, or getting lucky and catching it in rr.
Flags: needinfo?(terrence)
|
||
Comment 7•8 years ago
|
||
Crash volume for signature 'mozilla::CycleCollectedJSRuntime::DeferredFinalize':
- nightly (version 50): 0 crash from 2016-06-06.
- aurora (version 49): 1 crash from 2016-06-07.
- beta (version 48): 5 crashes from 2016-06-06.
- release (version 47): 11 crashes from 2016-05-31.
- esr (version 45): 458 crashes from 2016-04-07.
Crash volume on the last weeks:
Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7
- nightly 0 0 0 0 0 0 0
- aurora 0 0 0 1 0 0 0
- beta 1 0 2 0 2 0 0
- release 1 4 0 1 1 1 1
- esr 48 42 40 43 43 42 29
Affected platforms: Windows, Mac OS X
status-firefox47:
--- → affected
status-firefox48:
--- → affected
status-firefox49:
--- → affected
status-firefox-esr45:
--- → affected
|
|
||
Comment 14•7 years ago
|
||
The signature for this has changed again.
Crash Signature: [@ mozilla::CycleCollectedJSRuntime::DeferredFinalize(nsISupports*)]
[@ mozilla::CycleCollectedJSRuntime::DeferredFinalize] → [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ]
|
||
Updated•6 years ago
|
Priority: -- → P5
|
|
||
Updated•6 years ago
|
Crash Signature: [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ] → [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ] [@ mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ]
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
| Comment hidden (offtopic) |
| Comment hidden (offtopic) |
| Comment hidden (offtopic) |
| Comment hidden (offtopic) |
|
||
Updated•3 years ago
|
| Comment hidden (offtopic) |
|
|
||
Updated•2 years ago
|
Severity: critical → S2
|
|
||
Updated•2 years ago
|
Severity: S2 → S3
Version: 31 Branch → Trunk
|
|
||
Comment 22•1 year ago
|
||
Copying crash signatures from duplicate bugs.
Crash Signature: [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ]
[@ mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ] → [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ]
[@ mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ]
[@ nsCOMPtr<T>::~nsCOMPtr | mozilla::SegmentedVector<T>::SegmentImpl<T>::PopLast]
|
||
Updated•1 year ago
|
Crash Signature: [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ]
[@ mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ]
[@ nsCOMPtr<T>::~nsCOMPtr | mozilla::SegmentedVector<T>::SegmentImpl<T>::PopLast] → [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ]
[@ mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ]
[@ nsCOMPtr<T>::~nsCOMPtr | mozilla::SegmentedVector<T>::SegmentImpl<T>::PopLast]
|
|
||
Comment 23•1 year ago
|
||
The PopLastN signatures should turn into [@ mozilla::SegmentedVector<T>::PopLastN | mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ] once the signature updates get deployed.
Crash Signature: [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ]
[@ mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ]
[@ nsCOMPtr<T>::~nsCOMPtr | mozilla::SegmentedVector<T>::SegmentImpl<T>::PopLast] → [@ nsCOMPtr_base::~nsCOMPtr_base | mozilla::SegmentedVector<T>::PopLastN ]
[@ mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ]
[@ nsCOMPtr<T>::~nsCOMPtr | mozilla::SegmentedVector<T>::SegmentImpl<T>::PopLast]
[@ mozilla::SegmentedVector<T>::P…
|
||
Comment 24•1 year ago
|
||
I think the ReleaseObjects crashes are part of the same...
Crash Signature: mozilla::SegmentedVector<T>::PopLastN | mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ] → mozilla::SegmentedVector<T>::PopLastN | mozilla::dom::DeferredFinalizerImpl<T>::DeferredFinalize ]
[@ ReleaseObjects ]
You need to log in
before you can comment on or make changes to this bug.
Description
•