Closed Bug 1446907 Opened 3 years ago Closed 3 years ago
Crash in static void js::jit::Patch
This bug was filed from the Socorro interface and is report bp-2cb24fcb-00a0-47db-be30-50a770180316. ============================================================= Top 6 frames of crashing thread: 0 xul.dll static void js::jit::PatchJump js/src/jit/x64/Assembler-x64.h:1126 1 xul.dll js::jit::JitZoneGroup::patchIonBackedges js/src/jit/Ion.cpp:425 2 xul.dll js::jit::InterruptCheck js/src/jit/VMFunctions.cpp:564 3 @0x207dcbf4acf 4 xul.dll js::NativeObject::growSlotsDontReportOOM js/src/vm/NativeObject.cpp:432 5 xul.dll xul.dll@0x415cac7 ============================================================= There are 59 crashes (from 14 installations) in nightly 61 starting with buildid 20180316100132. In analyzing the backtrace, the regression may have been introduced by patch  to fix bug 1435360.  https://hg.mozilla.org/mozilla-central/rev?node=d8b27e30ef91
I think the patch in question must've changed the signature for classification purposes. I see both "js::jit::PatchJump" and "static void js::jit::PatchJump" and the former has been a constant source of crashes for the last few months (and beyond): https://crash-stats.mozilla.com/signature/?signature=js%3A%3Ajit%3A%3APatchJump&date=%3E%3D2018-02-19T10%3A15%3A43.000Z&date=%3C2018-03-19T11%3A15%3A43.000Z#graphs
Steve: Can you get this triaged?
The current plan is to remove all this code in bug 1448887; it will fix these crashes. I can get to that tomorrow or next week.
Depends on: 1448887
(In reply to Luke Wagner [:luke] from comment #1) > I think the patch in question must've changed the signature for > classification purposes. I see both "js::jit::PatchJump" and "static void > js::jit::PatchJump" and the former has been a constant source of crashes for > the last few months (and beyond): This is certainly a factor, as the MSVC version changed injected all of these "static" things into signatures (I filed bug 1448957 for that). However, "js::jit::PatchJump" has only 51 crashes in the last week, across all branches, but "static void js::jit::PatchJump" has 219 crashes in the last week, just on Nightly, so it seems like the volume has greatly increased.
More specifically, this is the #2 top crash for the March 28th Windows Nightly builds.
There aren't a ton of URLs in these crashes, but I see about a half dozen different Twitch streams plus maybe another 10 Google Maps URLs.
This currently being worked on by :jandem. There is a patch created for 1448887 (dependency) that is currently being reviewed and when landed it is believed it will fix this bug also. (See comment 3 above).
Jan, can you take this?
Priority: -- → P2
Fixed by bug 1448887.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.