Closed
Bug 1330193
Opened 8 years ago
Closed 7 years ago
Crash in js::jit::JitProfilingFrameIterator::moveToNextFrame
Categories
(Core :: JavaScript Engine: JIT, defect, P1)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: Harald, Unassigned)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
947 bytes,
patch
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-48a66f40-f9d0-4464-b64e-9d4d82170111.
Also 48a66f40-f9d0-4464-b64e-9d4d82170111
=============================================================
Happened several times on LinkedIn with Profiler enabled. Naveed could reproduce on his Mac Book as well.
|
||
Comment 2•8 years ago
|
||
JitProfilingFrameIterator::moveToNextFrame() is missing cases for JitFrame_IonStub, JitFrame_Exit, and JitFrame_Bailout.
It is surprising that we've gone this whole time without this breaking, if the missing cases are actually required...
Harald (or Naveed), could you try compiling with this patch and see which case it crashes on?
Flags: needinfo?(hkirschner)
|
Reporter | |
Comment 3•8 years ago
|
||
I just tried reproducing it in Nightly without the patch and it doesn't happen anymore. Naveed, does it still reproduce for you?
Flags: needinfo?(hkirschner) → needinfo?(nihsanullah)
|
||
Comment 4•8 years ago
|
||
It happened to me on Nightly/win10/profiler:
https://crash-stats.mozilla.com/report/index/7a9e6c8f-e095-4f03-ae94-4d0d22170203
|
|
||
Comment 5•8 years ago
|
||
And again reloading the crashed tab: https://crash-stats.mozilla.com/report/index/63fe0a34-ff86-47c8-a10b-202da2170203
|
|
Reporter | |
Comment 6•8 years ago
|
||
Maybe related (signature is not), but I was profiling using devtools profiler in LinkedIn and got https://crash-stats.mozilla.com/report/index/f45f0458-80f4-4d95-acbb-2b0a72170203
I'm seeing this on Windows 10 when watching videos on twitch.tv. I've just had it while trying to reparent a window containing a video (https://crash-stats.mozilla.com/report/index/83313024-b4d1-40a6-b092-027d12170216). I've also seen it with a static window with a video playing that simply crashed.
I've had periods of high crashability (every few minutes, renders streams unwatchable), but typically this happens every few days.
|
||
Comment 8•8 years ago
|
||
I currently can't use LinkedIn on Aurora because it crashes every few seconds due to this bug.
Gerv
|
||
Comment 9•8 years ago
|
||
(In reply to Sean Stangl [:sstangl] from comment #2)
> Created attachment 8825649 [details] [diff] [review]
> Diagnostic patch
>
> JitProfilingFrameIterator::moveToNextFrame() is missing cases for
> JitFrame_IonStub, JitFrame_Exit, and JitFrame_Bailout.
>
> It is surprising that we've gone this whole time without this breaking, if
> the missing cases are actually required...
>
> Harald (or Naveed), could you try compiling with this patch and see which
> case it crashes on?
Can you create a try build with this patch. To make it easier to let others try if they hit it with this patch? We could potentially also land this?
(In reply to Gervase Markham [:gerv] from comment #8)
> I currently can't use LinkedIn on Aurora because it crashes every few
> seconds due to this bug.
>
> Gerv
This is without the profiler enabled? If this is without the profiler this might be another bug. Can you post a crash report?
Flags: needinfo?(sstangl)
|
|
||
Updated•8 years ago
|
Priority: -- → P1
|
||
Comment 10•8 years ago
|
||
(In reply to Sean Stangl [:sstangl] from comment #2)
> JitProfilingFrameIterator::moveToNextFrame() is missing cases for
> JitFrame_IonStub, JitFrame_Exit, and JitFrame_Bailout.
I removed JitFrame_IonStub a few days ago but I think it has been dead since bug 1323099. It looks like we still have Nightly crashes after that.
Can you try to reproduce this?
I think I may be the current top crasher on this. Still seeing it in release, however I can't repro in beta. Looking at the other crash reports, I don't see anyone crashing with a build ID later than 53. I can't reliably repro this, so it's hard to be sure.
|
|
||
Comment 12•7 years ago
|
||
Yes no crashes in 53+ with this signature, let's close this.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(sstangl)
Flags: needinfo?(nihsanullah)
Flags: needinfo?(kvijayan)
Resolution: --- → WORKSFORME
|
|
Reporter | |
Updated•7 years ago
|
Crash Signature: [@ js::jit::JitProfilingFrameIterator::moveToNextFrame] → [@ mozilla::dom::PerformanceNavigationTiming::Type ]
|
|
Reporter | |
Comment 13•7 years ago
|
||
(pardon me, edited wrong bug)
Crash Signature: [@ mozilla::dom::PerformanceNavigationTiming::Type ] → [@ js::jit::JitProfilingFrameIterator::moveToNextFrame]
You need to log in
before you can comment on or make changes to this bug.
Description
•