Closed
Bug 1274625
Opened 8 years ago
Closed 6 months ago
Crash in js::jit::JitCode::copyFrom
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
People
(Reporter: mccr8, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is report bp-7bcbe438-97eb-4dbf-955f-5edd82160519. ============================================================= #7 Windows Nightly crash for 05-18, with 12 crashes. All from a single install time. This signature does have crashes in other channels.
Comment 2•8 years ago
|
||
Looking at the source, … This is not a logical issue, the backward offset is valid as we reserved space ahead to be able to address below. The result pointer from the newCode function, is own by the JitCode as soon as it is created, and there is no other allocation which might cause it to be reclaimed. The ExecutablePool cannot be freed without an explicit call to the "release" function, which is made only if the JitCode allocation fails. I do not see how this issue can happen.
Flags: needinfo?(nicolas.b.pierron)
Comment 3•8 years ago
|
||
Crash volume for signature 'js::jit::JitCode::copyFrom': - nightly(version 50):0 crashes from 2016-06-06. - aurora (version 49):6 crashes from 2016-06-07. - beta (version 48):676 crashes from 2016-06-06. - release(version 47):1943 crashes from 2016-05-31. - esr (version 45):7 crashes from 2016-04-07. Crash volume on the last weeks: W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7 - nightly 0 0 0 0 0 0 0 - aurora 0 0 2 0 1 1 2 - beta 77 104 129 84 81 99 77 - release 252 283 287 207 262 266 280 - esr 1 0 1 0 1 1 1 Affected platform: Windows
status-firefox47:
--- → affected
status-firefox48:
--- → affected
status-firefox-esr45:
--- → affected
Comment 4•8 years ago
|
||
Crash volume for signature 'js::jit::JitCode::copyFrom': - nightly (version 51): 1 crash from 2016-08-01. - aurora (version 50): 3 crashes from 2016-08-01. - beta (version 49): 234 crashes from 2016-08-02. - release (version 48): 188 crashes from 2016-07-25. - esr (version 45): 7 crashes from 2016-05-02. Crash volume on the last weeks (Week N is from 08-22 to 08-28): W. N-1 W. N-2 W. N-3 - nightly 1 0 0 - aurora 0 1 1 - beta 99 71 17 - release 53 53 37 - esr 0 0 2 Affected platform: Windows Crash rank on the last 7 days: Browser Content Plugin - nightly #546 - aurora #1362 - beta #169 #1155 - release #311 - esr
status-firefox50:
--- → affected
status-firefox51:
--- → affected
Comment 5•8 years ago
|
||
Bugzilla Socorro Lens highlights[1] that this signature spiked between: - March 14 - 19 - ~April 7 - May 5 - now (and remains stable) Do we have any patches matching these spikes? Or would these crashes be related to some external website on which this issue can be reproduced? [1] https://ashughes1.github.io/bugzilla-socorro-lens/chart.htm?s=js::jit::JitCode::copyFrom
Comment 6•7 years ago
|
||
Crash volume for signature 'js::jit::JitCode::copyFrom': - nightly (version 54): 0 crashes from 2017-01-23. - aurora (version 53): 1 crash from 2017-01-23. - beta (version 52): 93 crashes from 2017-01-23. - release (version 51): 308 crashes from 2017-01-16. - esr (version 45): 22 crashes from 2016-08-10. Crash volume on the last weeks (Week N is from 02-06 to 02-12): W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7 - nightly 0 0 - aurora 0 0 - beta 39 37 - release 181 58 0 - esr 0 2 3 0 3 0 1 Affected platforms: Windows, Mac OS X, Linux Crash rank on the last 7 days: Browser Content Plugin - nightly - aurora #1302 - beta #264 #594 - release #265 #536 - esr #4163
status-firefox52:
--- → affected
status-firefox53:
--- → affected
Comment 7•7 years ago
|
||
Too late for firefox 52, mass-wontfix.
Updated•3 years ago
|
Blocks: sm-defects-crashes
Comment 8•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3
. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Severity: critical → S3
Comment 9•6 months ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 6 months ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•