Closed Bug 1089652 Opened 10 years ago Closed 4 years ago

crash in js::jit::OutOfLineCode::bind(js::jit::MacroAssembler*)

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
33 Branch
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox48 --- affected

People

(Reporter: csuciu, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-24a80c6e-e456-44ce-b86d-27af52141027. ============================================================= Steps: 1. Go to https://www.google.com/maps/ 2. Explore the map (zoom, pan) Result: After a while (~5 minutes), Firefox will crash. Frame Module Signature Source 0 XUL js::jit::OutOfLineCode::bind(js::jit::MacroAssembler*) js/src/assembler/assembler/X86Assembler.h 1 XUL js::jit::CodeGeneratorShared::generateOutOfLineCode() js/src/jit/shared/CodeGenerator-shared.cpp 2 XUL js::jit::CodeGeneratorX86Shared::generateOutOfLineCode() js/src/jit/shared/CodeGenerator-x86-shared.cpp 3 XUL js::jit::CodeGenerator::generate() js/src/jit/CodeGenerator.cpp 4 XUL js::jit::GenerateCode(js::jit::MIRGenerator*, js::jit::LIRGraph*) js/src/jit/Ion.cpp 5 XUL js::HelperThread::handleIonWorkload() js/src/vm/HelperThreads.cpp 6 XUL js::HelperThread::threadLoop() js/src/vm/HelperThreads.cpp 7 libnss3.dylib _pt_root nsprpub/pr/src/pthreads/ptthread.c Ø 8 libsystem_pthread.dylib libsystem_pthread.dylib@0x1898 Ø 9 libsystem_pthread.dylib libsystem_pthread.dylib@0x1729 Ø 10 libsystem_pthread.dylib libsystem_pthread.dylib@0x5fc8 11 libnss3.dylib libnss3.dylib@0x1185bf
I tried for a while to reproduce this issue by going on google maps from my Linux laptop, but I failed to reproduce it, I tried to change my user agent such as it appears to be running on Mac OSX but I still cannot reproduce this issue.
Crash Signature: [@ js::jit::OutOfLineCode::bind(js::jit::MacroAssembler*)] → [@ js::jit::OutOfLineCode::bind(js::jit::MacroAssembler*)] [@ js::jit::OutOfLineCode::bind]
Crash volume for signature 'js::jit::OutOfLineCode::bind': - nightly (version 50): 0 crashes from 2016-06-06. - aurora (version 49): 0 crashes from 2016-06-07. - beta (version 48): 4 crashes from 2016-06-06. - release (version 47): 574 crashes from 2016-05-31. - esr (version 45): 0 crashes from 2016-04-07. Crash volume on the last weeks: W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7 - nightly 0 0 0 0 0 0 0 - aurora 0 0 0 0 0 0 0 - beta 0 1 0 0 2 1 0 - release 65 93 79 79 79 63 82 - esr 0 0 0 0 0 0 0 Affected platform: Windows
status-firefox48: --- → affected

Following the reporter's steps I am able to confirm that the issue doesn't happen anymore on MacOS 10.15 on any of the current versions of Firefox Nightly 87.0a1 (2021-02-04), beta 86.0b6 and release 85.0.

Closing this issue as Resolved > Worksforme.
Feel free to re-open or file a new bug if this issue reoccurs again.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.