Closed
Bug 1454959
Opened 7 years ago
Closed 7 years ago
Crash in static js::jit::JitExecStatus EnterBaseline
Categories
(Core :: JavaScript Engine: JIT, defect, P3)
Tracking
()
RESOLVED
DUPLICATE
of bug 858032
| Tracking | Status | |
|---|---|---|
| firefox61 | --- | wontfix |
People
(Reporter: marcia, Unassigned)
References
Details
(4 keywords, Whiteboard: DUPEME [#jsapi:crashes-retriage])
Crash Data
This bug was filed from the Socorro interface and is
report bp-a69706e9-66b4-44ff-8868-110960180313.
=============================================================
Seen while looking at nightly crash data. Crashes seem to date back to 20180313100127 but I couldn't find an active bug covering this crash: https://bit.ly/2EX5KmA
During the regression range Bug 1445181 landed, not sure if that was a factor. ni on :jandem
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=fdd1a0082c71673239fc2f3a6a93de889c07a1be&tochange=c56ef1c14a555023949ad727c86e3c2df995edd2
Top 10 frames of crashing thread:
0 @0x212b766e333
1 @0x212b766e2d0
2 @0x221b67b4097
3 @0x212b766e2d0
4 @0x221b679e767
5 @0x212b766e2d0
6 @0x221b67a447f
7 @0x212b766e2d0
8 @0x221b67a447f
9 @0x212b75b156e
=============================================================
Flags: needinfo?(jdemooij)
|
Reporter | |
Comment 1•7 years ago
|
||
30 crashes/13 installs so far.
|
||
Comment 2•7 years ago
|
||
(In reply to Marcia Knous [:marcia - needinfo? me] from comment #0)
> During the regression range Bug 1445181 landed, not sure if that was a
> factor. ni on :jandem
It's really unlikely to be caused by the cleanup there. Putting this on our triage list.
Flags: needinfo?(jdemooij)
Whiteboard: DUPEME → DUPEME [#jsapi:crashes-retriage]
|
|
Reporter | |
Comment 3•7 years ago
|
||
This crash comes and goes, some days such as 4-30 we have about 8 crashes/2 installs, but other days no crashes show up.
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Comment 5•7 years ago
|
||
Wildptrs, including EXEC of wildptrs (and reads and writes). Ptrs look trashed.
|
||
Updated•7 years ago
|
Group: core-security → javascript-core-security
|
|
||
Comment 6•7 years ago
|
||
This is a signature change with MSVC compiler. The state of JIT crashes over the last three months has been incredibly stable and I don't see any new regressions.
With that said, I'm currently doing another in-depth investigation into these crashes to try and and clarify the current state of crashes and hopefully make things actionable. These signatures are generic JIT crashes and have been caused from many different things over the years.
Crash Signature: [@ static js::jit::JitExecStatus EnterBaseline] → [@ static EnterBaseline]
[@ static js::jit::JitExecStatus EnterBaseline]
Flags: needinfo?(tcampbell)
|
|
||
Updated•7 years ago
|
Crash Signature: [@ static EnterBaseline]
[@ static js::jit::JitExecStatus EnterBaseline] → [@ EnterBaseline]
[@ static js::jit::JitExecStatus EnterBaseline]
|
||
Updated•7 years ago
|
Flags: needinfo?(sdetar)
|
|
||
Comment 7•7 years ago
|
||
Duping on to metabug. The initial spike was just signature changes. Reasons for this collection of crashes are tracked there.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
||
Updated•7 years ago
|
|
|
||
Updated•2 years ago
|
Group: javascript-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•