Crash in js::GCMarker::eagerlyMarkChildren
Categories
(Core :: JavaScript: GC, defect, P3)
Tracking
()
People
(Reporter: calixte, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, stalled)
Crash Data
This bug was filed from the Socorro interface and is report bp-c75efda7-257f-4be0-b8f1-83ce60180225. ============================================================= Top 3 frames of crashing thread: 0 xul.dll js::GCMarker::eagerlyMarkChildren js/src/gc/Marking.cpp:1130 1 xul.dll DispatchToTracer<JSString*> js/src/gc/Marking.cpp:684 2 @0x239cb361880 ============================================================= There are 109 crashes in nightly 60 starting with buildid 20180224103027. The volume before this build was pretty low (only few crashes every day). The pushlog for this build is: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ad3c6f89d677&tochange=b3191953ccda It could be related to patch for bug 903519. :sfink, could you investigate please ?
Comment 1•6 years ago
|
||
Adding another signature that spiked in the same build, and seems tied to the bug noted in Comment 0.
Comment 3•6 years ago
|
||
Andrew, could you please help with thisissue? We have this crash for a while but the volume is still huge (more than 80 000 installs impacted at least)
Comment 4•6 years ago
|
||
(In reply to Marcia Knous [:marcia - needinfo? me] from comment #1) > Adding another signature that spiked in the same build, and seems tied to > the bug noted in Comment 0. I split the new signature into bug 1444495. Steve's looking at this.
Updated•6 years ago
|
Comment 5•6 years ago
|
||
Some crash addresses ending in e5e5e5 so I'll mark it security-sensitive.
Updated•6 years ago
|
Comment 6•6 years ago
|
||
I'm hoping to land bug 1485209 or something like it to smoke out these issues sooner.
Comment 7•6 years ago
|
||
bug 1485209 has landed, but I'm having some trouble getting a signal out of it since it's lumped in with all other jit crashes.
Comment 9•6 years ago
|
||
Steve, what's the next step to debug this? It seems like we need some kind of follow-up to make the assertion in bug 1485209 more useful here.
Comment 10•6 years ago
|
||
(In reply to Steve Fink [:sfink] [:s:] from comment #7) > bug 1485209 has landed, but I'm having some trouble getting a signal out of > it since it's lumped in with all other jit crashes. Maybe one option would be to replace the masm.breakpoint() call by an actual function call such as we do for AssumeUnreachable macro assembler function, and then have a proper MOZ_CRASH within the function. This should prevent the noise coming from other JIT crashes.
Comment 11•6 years ago
|
||
Steve, do you know when we expect to address this issue?
Comment 12•6 years ago
|
||
I think this was cleared by accident. Note that sfink is on PTO until after Thanksgiving (which is next Thursday).
Comment 13•5 years ago
|
||
I don't think this needs to be hidden. It is a generic GC signature.
Updated•5 years ago
|
Updated•5 years ago
|
Comment 14•5 years ago
|
||
Two weeks ago, after March 26, the Firefox crash rate went up ~30%. Currently ~20% higher compared to pre-March 26
Comment 15•5 years ago
|
||
There is a x10 increase in crashes in Nightly since 20190927215713, tracking for 71.
Comment 16•5 years ago
|
||
(In reply to Pascal Chevrel:pascalc from comment #15)
There is a x10 increase in crashes in Nightly since 20190927215713, tracking for 71.
Note: This nightly spike is likely related to Bug 1575370. Which has nothing to do with the volume of crashes seen in beta and release, and as such should not increase the priority of this bug, unless the regressions made for Bug 1575370 are fixed, and this does not restore the volume of crashes here.
Comment 17•5 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
Comment 18•5 years ago
|
||
Is there anything we can do to investigate further? It is still a really high crash volume on beta/release.
Updated•5 years ago
|
Comment 19•5 years ago
|
||
This is a generic heap corruption type signature. There's nothing actionable in the crash reports.
Comment 20•5 years ago
|
||
(In reply to Jon Coppeard (:jonco) from comment #19)
This is a generic heap corruption type signature. There's nothing actionable in the crash reports.
Not tracking for 71 since this is stalled.
Updated•4 years ago
|
Comment hidden (Intermittent Failures Robot) |
Updated•2 years ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Description
•