Closed
Bug 1275500
Opened 9 years ago
Closed 9 years ago
Crash in js::jit::CodeGenerator::visitOutOfLineTypeOfV
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: kanru, Unassigned)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-2d8c3019-bcc6-49c3-a778-e30982160525.
=============================================================
This is #11 crash on Nightly 20160523030225, 7 crashes which are likely from single installation.
The first crash with this signature is on 44.0.2 build id 20160210153822
js::jit::CodeGenerator::visitOutOfLineTypeOfV(js::jit::OutOfLineTypeOfV*)
js::jit::CodeGeneratorShared::generateOutOfLineCode()
js::jit::CodeGeneratorX86Shared::generateOutOfLineCode()
js::jit::CodeGenerator::generate()
js::jit::GenerateCode(js::jit::MIRGenerator*, js::jit::LIRGraph*)
js::jit::CompileBackEnd(js::jit::MIRGenerator*)
js::HelperThread::handleIonWorkload()
js::HelperThread::threadLoop()
Search used
https://crash-stats.mozilla.com/signature/?date=%3E%3D2015-06-01&signature=js%3A%3Ajit%3A%3ACodeGenerator%3A%3AvisitOutOfLineTypeOfV&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&page=1
Comment 2•9 years ago
|
||
(In reply to Nicholas Nethercote [:njn] from comment #1)
> Jan, any ideas?
I looked at one of these reports. We're crashing here:
00007FF89EDE2A78 48 8D 05 11 F1 BB FF lea rax,[js::TypeOfObjectOperation (07FF89E9A1B90h)]
00007FF89EDE2A7F 48 8D 54 24 30 lea rdx,[input]
00007FF89EDE2A84 48 89 44 24 30 mov qword ptr [input],rax
00007FF89EDE2A89 E8 7A 34 B3 FF call js::jit::MacroAssembler::callWithABI<void * __ptr64> (07FF89E915F08h)
This is a normal (non-virtual) function call. Then we crash with EXCEPTION_ACCESS_VIOLATION_EXEC at address 0x7ff89e115f08. Note that this is the expected address (0x7FF89E915F08), the difference is 1 bit so this suggests a bit flip.
Furthermore, these crashes are from a single installation and have very low uptimes (like 4, 7, 58 seconds). I don't know if it's worth spending time on these single-user, low uptime crashes (unless they look interesting), as it suggests malware or bad hardware.
Flags: needinfo?(jdemooij)
Comment 3•9 years ago
|
||
(In reply to Jan de Mooij [:jandem] from comment #2)
> Then we crash with
> EXCEPTION_ACCESS_VIOLATION_EXEC at address 0x7ff89e115f08. Note that this is
> the expected address (0x7FF89E915F08), the difference is 1 bit so this
> suggests a bit flip.
Sorry, I can't type today. What I meant to say is: the address where we crash is the *expected* address, except one bit is different.
Comment 4•9 years ago
|
||
See comment 2. Single user, crashes look like memory corruption, I'll close this.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•