Closed Bug 1261300 Opened 9 years ago Closed 4 years ago

crash in js::jit::Linker::newCode<T> spiking in Firefox 46

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Version:
46 Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox46 + wontfix
firefox47 + wontfix
firefox48 - unaffected
firefox49 --- affected
firefox50 --- affected

People

(Reporter: philipp, Unassigned)

Details

(Keywords: crash)

Crash Data

[Tracking Requested - why for this release]: This bug was filed from the Socorro interface and is report bp-9670362d-cf9f-411c-a271-a2af62160330. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll js::jit::Linker::newCode<1>(JSContext*, js::jit::CodeKind, bool) js/src/jit/Linker.h 1 xul.dll js::jit::CodeGenerator::link(JSContext*, js::CompilerConstraintList*) js/src/jit/CodeGenerator.cpp 2 xul.dll LinkCodeGen js/src/jit/Ion.cpp 3 xul.dll LinkBackgroundCodeGen js/src/jit/Ion.cpp 4 xul.dll js::DefaultGCPolicy<js::Debugger::AllocationsLogEntry>::trace(JSTracer*, js::Debugger::AllocationsLogEntry*, char const*) js/src/vm/Debugger.h this crash signature has been around for a while at a low volume but is noticeably spiking since firefox 46 hit beta builds, so apparently something in 46 triggered it to become worse. in 46.0b5 it is now a mid level-crash (#46, 0.24% of all crashes). illustrating the recent spike: https://crash-stats.mozilla.com/signature/?date=%3E2016-01-01&product=Firefox&signature=js%3A%3Ajit%3A%3ALinker%3A%3AnewCode%3CT%3E#graphs module correlations would indicate that a good part of the crashes are happening on systems where adware is present (but i'm not sure if those correlations are reliable at this low level of volume in beta or might be skewed by particular users crashing repeatedly), however there are also crash reports like the one in this bug where no obvious malicious modules are listed... an excerpt of correlating modules in 46.0b5 on 2016-03-30: js::jit::Linker::newCode<T>|EXCEPTION_ACCESS_VIOLATION_WRITE (56 crashes) 25% (14/56) vs. 0% (17/24336) smdmf.dll 25% (14/56) vs. 0% (18/24336) smdmfldr.dll 25% (14/56) vs. 0% (21/24336) sysapcrt.dll 20% (11/56) vs. 0% (14/24336) safetyldr.dll 20% (11/56) vs. 0% (14/24336) safetynut.dll 20% (11/56) vs. 0% (52/24336) safetycrt.dll 14% (8/56) vs. 0% (23/24336) 4zhkstub.dll 14% (8/56) vs. 0% (27/24336) 4zbrstub.dll 13% (7/56) vs. 0% (16/24336) ImHttpComm.dll 13% (7/56) vs. 0% (16/24336) nsib.dll 13% (7/56) vs. 0% (49/24336) fdmumsp.dll 13% (7/56) vs. 0% (50/24336) flvsniff.dll 11% (6/56) vs. 0% (7/24336) imon.dll
would you be able to take a look here, maybe it is related to the changes in bug 1233818?
Flags: needinfo?(jdemooij)
Too late for 46 but we could still take a fix in 47/48.
status-firefox46: affectedwontfix
tracking-firefox46: ?+
tracking-firefox47: --- → +
tracking-firefox48: --- → +
(In reply to philipp from comment #1) > would you be able to take a look here, maybe it is related to the changes in > bug 1233818? It's probably related to bug 1215479. Weird: 59.1% of crashes are on Windows XP and 38.9% on Windows 7. Together that's 98%. Only 5 crashes on Windows 8, 8.1 and 10 *combined*. I wonder if VirtualProtect is buggy on Windows XP. I'll look at some crash dumps.
Not many crashes in 46 now but there are still some in 47 beta. Not in the top 50 crash signatures by volume. Jan, do you still want to investigate?
We do not have a fix in progress, the crash volume on this is one is ~200 for a week which is on the lower end of the spectrum. Too late to fix in Fx47.
status-firefox47: affectedwontfix
This is no longer high volume. There are a few crashes on 47 in the last week but none on 48+. We can see if they still show up on release before resolving the issue, but I don't think this needs to be tracked.
status-firefox48: affectedunaffected
tracking-firefox48: +-
Crash volume for signature 'js::jit::Linker::newCode<T>': - nightly(version 50):9 crashes from 2016-06-06. - aurora (version 49):3 crashes from 2016-06-07. - beta (version 48):36 crashes from 2016-06-06. - release(version 47):44 crashes from 2016-05-31. - esr (version 45):0 crashes from 2016-04-07. Crash volume on the last weeks: W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7 - nightly 0 1 7 0 0 1 0 - aurora 0 0 0 1 1 0 1 - beta 1 0 0 5 8 19 2 - release 9 3 9 6 2 8 6 - esr 0 0 0 0 0 0 0 Affected platforms: Windows, Linux
status-firefox49: --- → affected
status-firefox50: --- → affected
Clearing NI per comment 6.
Flags: needinfo?(jdemooij)

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.