Open
Bug 1913653
Opened 1 year ago
Updated 1 year ago
Crash in [@ js::detail::ProxyDataLayout::values]
Categories
(Core :: JavaScript: GC, defect, P3)
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox131 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/e3016abb-6539-4e42-ab47-37f050240817
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll js::detail::ProxyDataLayout::values const js/public/Proxy.h:494
0 xul.dll js::ProxyObject::slotOfPrivate js/src/vm/ProxyObject.h:109
0 xul.dll js::ProxyObject::traceEdgeToTarget js/src/proxy/Proxy.cpp:866
0 xul.dll JS::Compartment::traceWrapperTargetsInCollectedZones js/src/vm/Compartment.cpp:522
1 xul.dll JS::Compartment::fixupCrossCompartmentObjectWrappersAfterMovingGC js/src/vm/Compartment.cpp:572
1 xul.dll JS::Zone::fixupAllCrossCompartmentWrappersAfterMovingGC js/src/gc/Zone.cpp:351
1 xul.dll js::gc::GCRuntime::updateRuntimePointersToRelocatedCells js/src/gc/Compacting.cpp:804
1 xul.dll js::gc::GCRuntime::compactPhase js/src/gc/Compacting.cpp:105
1 xul.dll js::gc::GCRuntime::incrementalSlice js/src/gc/GC.cpp:3973
1 xul.dll js::gc::GCRuntime::gcCycle js/src/gc/GC.cpp:4428
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2024-06-11
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 5 out of 6 crashes happened on null or near null memory address
|
Reporter | |
Comment 1•1 year ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::JavaScript: GC' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Component: General → JavaScript: GC
|
||
Updated•1 year ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•