Closed
Bug 1290469
Opened 9 years ago
Closed 9 years ago
Crash in OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::detail::HashTable<T>::prepareHash | js::SavedStacks::getOrCreateSavedFrame
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla51
People
(Reporter: marcia, Assigned: jonco)
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(1 file)
3.10 KB,
patch
|
terrence
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
Sylvestre
:
approval-mozilla-release+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-0bb416de-6370-4968-a9a7-a5adf2160729.
=============================================================
Crash showing up in RC2 Beta: http://bit.ly/2am0xZO
It was present in very small numbers in one previous beta, and seems to have risen in early crash data for RC2. Largest percentage of crashes are on Windows 7.
Reporter | ||
Comment 1•9 years ago
|
||
Fairly high correlation to Kaspersky Light Plugin:
OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::detail::HashTable<T>::prepareHash | js::SavedStacks::getOrCreateSavedFrame|EXCEPTION_BREAKPOINT (17 crashes)
59% (10/17) vs. 2% (229/12243) light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com (4.6.3-7)
18% (3/17) vs. 2% (286/12243) light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com
0% (0/17) vs. 0% (1/12243) 4.6.0.375
18% (3/17) vs. 2% (268/12243) 4.6.2-40
0% (0/17) vs. 0% (5/12243) 4.6.2.21
0% (0/17) vs. 0% (1/12243) 4.6.2.23.1
0% (0/17) vs. 0% (11/12243) 4.6.2.31
Assignee | ||
Comment 2•9 years ago
|
||
We can make this fallible in the same way as was done for all the bare instances of MovableCellHasher.
Assignee: nobody → jcoppeard
Attachment #8776033 -
Flags: review?(terrence)
Comment 3•9 years ago
|
||
Comment on attachment 8776033 [details] [diff] [review]
bug1290469-fallible-saved-frame-hasher
Review of attachment 8776033 [details] [diff] [review]:
-----------------------------------------------------------------
Nice!
Attachment #8776033 -
Flags: review?(terrence) → review+
Comment 4•9 years ago
|
||
Crash volume for signature 'OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::detail::HashTable<T>::prepareHash | js::SavedStacks::getOrCreateSavedFrame':
- nightly(version 50):0 crashes from 2016-06-06.
- aurora (version 49):0 crashes from 2016-06-07.
- beta (version 48):399 crashes from 2016-06-06.
- release(version 47):594 crashes from 2016-05-31.
- esr (version 45):0 crashes from 2016-04-07.
Crash volume on the last weeks:
W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7
- nightly 0 0 0 0 0 0 0
- aurora 0 0 0 0 0 0 0
- beta 303 37 37 0 0 0 0
- release 88 77 83 65 81 93 77
- esr 0 0 0 0 0 0 0
Affected platform: Windows
status-firefox47:
--- → affected
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/63293464e2a2
Use fallible hashing for SavedFrame r=terrence
Comment 6•9 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox51:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Comment 7•8 years ago
|
||
#20 top crasher on Firefox 48. Also affects many users with AdBlock Plus (~50% of crashes with this signature have AdBlock Plus installed vs ~20% overall).
Should we consider uplifting?
Flags: needinfo?(terrence)
Comment 8•8 years ago
|
||
Also affects 49 and 50, but changed signature.
Crash Signature: [@ OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::detail::HashTable<T>::prepareHash | js::SavedStacks::getOrCreateSavedFrame] → [@ OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::detail::HashTable<T>::prepareHash | js::SavedStacks::getOrCreateSavedFrame]
[@ OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::SavedStacks::getOrCreateSavedFrame]
status-firefox49:
--- → affected
status-firefox50:
--- → affected
Comment 9•8 years ago
|
||
We already lifted the infrastructure, so I think it should be doable. Jon, what do you think?
Flags: needinfo?(terrence) → needinfo?(jcoppeard)
Comment 10•8 years ago
|
||
We could take it as a ride along in 48 it is super safe
tracking-firefox48:
--- → +
Assignee | ||
Comment 11•8 years ago
|
||
Comment on attachment 8776033 [details] [diff] [review]
bug1290469-fallible-saved-frame-hasher
Approval Request Comment
[Feature/regressing bug #]: Bug 1224044.
[User impact if declined]: Possible crash on OOM.
[Describe test coverage new/current, TreeHerder]: On m-c since 1st August.
[Risks and why]: Low.
[String/UUID change made/needed]: None.
Flags: needinfo?(jcoppeard)
Attachment #8776033 -
Flags: approval-mozilla-beta?
Attachment #8776033 -
Flags: approval-mozilla-aurora?
Comment 12•8 years ago
|
||
Comment on attachment 8776033 [details] [diff] [review]
bug1290469-fallible-saved-frame-hasher
Fix a top crash, let's take it on aurora & beta.
Attachment #8776033 -
Flags: approval-mozilla-beta?
Attachment #8776033 -
Flags: approval-mozilla-beta+
Attachment #8776033 -
Flags: approval-mozilla-aurora?
Attachment #8776033 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 13•8 years ago
|
||
Assignee | ||
Comment 14•8 years ago
|
||
Comment on attachment 8776033 [details] [diff] [review]
bug1290469-fallible-saved-frame-hasher
Approval Request Comment
[Feature/regressing bug #]: Bug 1224044.
[User impact if declined]: Possible crash on OOM
[Describe test coverage new/current, TreeHerder]: On m-c since 1st August.
[Risks and why]: Low.
[String/UUID change made/needed]: None.
Attachment #8776033 -
Flags: approval-mozilla-release?
Updated•8 years ago
|
Comment 15•8 years ago
|
||
Comment on attachment 8776033 [details] [diff] [review]
bug1290469-fallible-saved-frame-hasher
Taking it as it is a top crash, hopefully won't cause a regression.
Attachment #8776033 -
Flags: approval-mozilla-release? → approval-mozilla-release+
Comment 16•8 years ago
|
||
bugherder uplift |
Comment 17•8 years ago
|
||
Added in the 48.0.1 release notes: "Fix a top crash in the JavaScript engine".
relnote-firefox:
--- → 48+
You need to log in
before you can comment on or make changes to this bug.
Description
•