Crash in [@ OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::TypeZone::addPendingRecompile]
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
People
(Reporter: marcia, Assigned: tcampbell)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
This bug is for crash report bp-e45b6bc4-b466-4fa0-8c96-ab3660190318.
Seen while looking at release and beta crash stats - this crash has been around and is sometimes in the top 25 crashes: https://bit.ly/2YeK6Fs. We shall see where it ends up after we release 66.
High correlation to Win 7 - 80.95% in signature vs 46.36% overall) platform_pretty_version = Windows 7
Some of the comments mention repeatedly crashing.
Top 10 frames of crashing thread:
0 xul.dll js::AutoEnterOOMUnsafeRegion::crash js/src/vm/JSContext.cpp:1487
1 xul.dll js::TypeZone::addPendingRecompile js/src/vm/TypeInference.cpp
2 xul.dll void `anonymous namespace'::TypeConstraintFreezeStack::newType js/src/vm/TypeInference.cpp:1466
3 xul.dll js::ConstraintTypeSet::addType js/src/vm/TypeInference.cpp:766
4 xul.dll js::TypeScript::SetThis js/src/vm/TypeInference-inl.h:776
5 xul.dll static bool js::jit::DoTypeMonitorFallback js/src/jit/BaselineIC.cpp:1425
6 xul.dll trunc
7 @0x159b5e26
8 @0x5bef7ce7
9 @0x159006aa
|
||
Updated•5 years ago
|
|
||
Comment 1•5 years ago
|
||
Steven, this is a moderately high volume crash, can you find someone to investigate?
|
||
Comment 2•5 years ago
|
||
Ted, could you help me find someone to look at this. Would this be appropriate for Iain to look at (possibly OOM related?)?
|
Assignee | |
Comment 3•5 years ago
|
||
Record the size of allocation in crashreporter to determine if these are
genuine small OOM or if something problematic has happened.
|
|
Assignee | |
Comment 4•5 years ago
|
||
These look like just small-OOM, but I'll land a diagnositic patch to confirm.
|
||
Updated•5 years ago
|
Pushed by tcampbell@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ccc1a9b4ea13 Crash diagnositic for js::TypeZone::addPendingRecompile. r=jwalden
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
|
|
||
Comment 7•5 years ago
|
||
Reopening since the patch is just adding diagnostics.
|
||
Updated•5 years ago
|
|
||
Comment 8•5 years ago
|
||
Ted, were you able to find out more about these crashes since the last landing?
|
|
Assignee | |
Comment 9•5 years ago
|
||
Comment on attachment 9054064 [details]
Bug 1536159 - Crash diagnositic for js::TypeZone::addPendingRecompile. r?jwalden
Beta/Release Uplift Approval Request
- Feature/Bug causing the regression: None
- User impact if declined: This is a diagnostic patch to determine if crashes we are seeing in release are real issues or just users running out of memory. Crash rate on nightly is very low so we can either let this ride the trains for another month or uplift now and be able to possibly be able to take action this cycle. Note that most likely result is that this will be a normal small-OOM that we do nothing about.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Low risk. Has been on nightly for a week and the patch simply captures an integer in the existing forced-crash operation.
- String changes made/needed:
|
|
||
Comment 10•5 years ago
|
||
Comment on attachment 9054064 [details]
Bug 1536159 - Crash diagnositic for js::TypeZone::addPendingRecompile. r?jwalden
Diagnostic patch on beta to investigate a crash, approved for 67 beta 10, thanks.
|
||
Comment 11•5 years ago
|
||
| bugherder uplift | ||
|
|
Assignee | |
Comment 12•5 years ago
|
||
The result of the diagnostic is that the OOM|unknown are are now classified as OOM|small and fall into the general OOM|small bucket. I'm not sure it makes sense to have any targeted fix here as this is risky code.
Closing as fixed due to the reclassifying as OOM|small.
|
|
||
Updated•5 years ago
|
Description
•