Closed Bug 1275500 Opened 9 years ago Closed 9 years ago

Crash in js::jit::CodeGenerator::visitOutOfLineTypeOfV

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Platform:
Unspecified
Windows 8
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: kanru, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-2d8c3019-bcc6-49c3-a778-e30982160525. ============================================================= This is #11 crash on Nightly 20160523030225, 7 crashes which are likely from single installation. The first crash with this signature is on 44.0.2 build id 20160210153822 js::jit::CodeGenerator::visitOutOfLineTypeOfV(js::jit::OutOfLineTypeOfV*) js::jit::CodeGeneratorShared::generateOutOfLineCode() js::jit::CodeGeneratorX86Shared::generateOutOfLineCode() js::jit::CodeGenerator::generate() js::jit::GenerateCode(js::jit::MIRGenerator*, js::jit::LIRGraph*) js::jit::CompileBackEnd(js::jit::MIRGenerator*) js::HelperThread::handleIonWorkload() js::HelperThread::threadLoop() Search used https://crash-stats.mozilla.com/signature/?date=%3E%3D2015-06-01&signature=js%3A%3Ajit%3A%3ACodeGenerator%3A%3AvisitOutOfLineTypeOfV&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&page=1
Jan, any ideas?
Flags: needinfo?(jdemooij)
(In reply to Nicholas Nethercote [:njn] from comment #1) > Jan, any ideas? I looked at one of these reports. We're crashing here: 00007FF89EDE2A78 48 8D 05 11 F1 BB FF lea rax,[js::TypeOfObjectOperation (07FF89E9A1B90h)] 00007FF89EDE2A7F 48 8D 54 24 30 lea rdx,[input] 00007FF89EDE2A84 48 89 44 24 30 mov qword ptr [input],rax 00007FF89EDE2A89 E8 7A 34 B3 FF call js::jit::MacroAssembler::callWithABI<void * __ptr64> (07FF89E915F08h) This is a normal (non-virtual) function call. Then we crash with EXCEPTION_ACCESS_VIOLATION_EXEC at address 0x7ff89e115f08. Note that this is the expected address (0x7FF89E915F08), the difference is 1 bit so this suggests a bit flip. Furthermore, these crashes are from a single installation and have very low uptimes (like 4, 7, 58 seconds). I don't know if it's worth spending time on these single-user, low uptime crashes (unless they look interesting), as it suggests malware or bad hardware.
Flags: needinfo?(jdemooij)
(In reply to Jan de Mooij [:jandem] from comment #2) > Then we crash with > EXCEPTION_ACCESS_VIOLATION_EXEC at address 0x7ff89e115f08. Note that this is > the expected address (0x7FF89E915F08), the difference is 1 bit so this > suggests a bit flip. Sorry, I can't type today. What I meant to say is: the address where we crash is the *expected* address, except one bit is different.
See comment 2. Single user, crashes look like memory corruption, I'll close this.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.