new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1075546.js
@@ -0,0 +1,30 @@
+for (var i = 0; i < 200; ++i) {
+    Object.getOwnPropertyNames(undefined + "");
+}
+function p(s) {
+    for (var i = 0; i < s.length; i++) {
+        s.charCodeAt(i);
+    }
+}
+function m(f) {
+    var a = [];
+    for (var j = 0; j < 700; ++j) {
+        try {
+            f()
+        } catch (e) {
+            a.push(e.toString());
+        }
+    }
+    p(uneval(a));
+}
+f = Function("\
+    function f() {\
+        functionf\n{}\
+    }\
+    m(f);\
+");
+f();
+f();
+for (var x = 0; x < 99; x++) {
+    newGlobal()
+}

--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -1500,19 +1500,20 @@ js::NewObjectWithGivenProto(ExclusiveCon
                 } else {
                     Rooted<TaggedProto> proto(cxArg, protoArg);
                     RootedObject parent(cxArg, parentArg);
                     obj = cache.newObjectFromHit<CanGC>(cx, entry, GetInitialHeap(newKind, clasp));
                     MOZ_ASSERT(!obj);
                     parentArg = parent;
                     protoArg = proto;
                 }
+            } else {
+                gcNumber = rt->gc.gcNumber();
             }
         }
-        gcNumber = rt->gc.gcNumber();
     }
 
     Rooted<TaggedProto> proto(cxArg, protoArg);
     RootedObject parent(cxArg, parentArg);
 
     types::TypeObject *type = cxArg->getNewType(clasp, proto, nullptr);
     if (!type)
         return nullptr;