Closed
Bug 915814
Opened 11 years ago
Closed 8 years ago
crash in js::jit::LinearScanAllocator::assign(js::jit::LAllocation)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: ted, Unassigned)
References
()
Details
(Keywords: crash)
Crash Data
I crashed twice just now using yesterday's nightly.
This bug was filed from the Socorro interface and is
report bp-aa58f878-f1a6-4f6d-877d-2edff2130912.
=============================================================
Frame Module Signature Source
0 mozjs.dll js::jit::LinearScanAllocator::assign(js::jit::LAllocation) js/src/jit/LinearScan.cpp
1 mozjs.dll js::jit::LinearScanAllocator::spill() js/src/jit/LinearScan.cpp
2 mozjs.dll js::jit::LinearScanAllocator::allocateRegisters() js/src/jit/LinearScan.cpp
3 mozjs.dll js::jit::LinearScanAllocator::go() js/src/jit/LinearScan.cpp
4 mozjs.dll js::jit::GenerateLIR(js::jit::MIRGenerator *) js/src/jit/Ion.cpp
5 mozjs.dll js::jit::CompileBackEnd(js::jit::MIRGenerator *,js::jit::MacroAssembler *) js/src/jit/Ion.cpp
6 mozjs.dll js::jit::IonCompile js/src/jit/Ion.cpp
7 mozjs.dll js::jit::CompileFunctionForBaseline(JSContext *,JS::Handle<JSScript *>,js::jit::BaselineFrame *,bool) js/src/jit/Ion.cpp
8 mozjs.dll js::jit::EnsureCanEnterIon js/src/jit/BaselineIC.cpp
9 mozjs.dll js::jit::DoUseCountFallback js/src/jit/BaselineIC.cpp
10 @0x35
Other crash report:
https://crash-stats.mozilla.com/report/index/1f37284a-580d-4a5a-a34e-f80812130912
The URL in question was loaded both times, so it's fairly suspect.
Reporter | ||
Comment 1•11 years ago
|
||
I hit this repeatably on the DirecTV account website:
https://crash-stats.mozilla.com/report/index/405f796b-8342-47f6-9ad2-fac0f2130913
Comment 2•11 years ago
|
||
According to about:crashes, I've hit this about 5 - 10 times today. Each time, it seems to occur when I change focus back from some other application back to UX Nightly. As soon as I refocus the UX Nightly window, I crash.
Just a casual observation.
Updated•11 years ago
|
Flags: needinfo?(jdemooij)
Comment 3•11 years ago
|
||
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3Ajit%3A%3ALinearScanAllocator%3A%3Aassign%28js%3A%3Ajit%3A%3ALAllocation%29 lists more such reports. Seems to not be too high in frequency, though.
Reporter | ||
Comment 4•11 years ago
|
||
I just hit this again, on Facebook this time. I suspect this is only low-volume because it's Nightly-only and only triggers on certain scripts. If this makes it to beta I'd expect it to blow up in volume.
https://crash-stats.mozilla.com/report/index/b22e50eb-c2c1-4be0-91f4-f94fb2130917
Comment 5•11 years ago
|
||
This is likely bug 917401. Ted and Mike, do you have the profiler enabled?
Comment 6•11 years ago
|
||
(In reply to Jan de Mooij [:jandem] from comment #5)
> This is likely bug 917401. Ted and Mike, do you have the profiler enabled?
Oh I see you also filed that bug. In the past we've seen crashes in LinearScanAllocator::assign when register pressure is too high and there's no register available. Let's see what bug 917401 does to these crashes.
Reporter | ||
Comment 7•11 years ago
|
||
Yes, I do have the profiler enabled, and I've hit both of these crashes a fair bit recently. Hopefully that bug fixes it!
Comment 8•11 years ago
|
||
Yes, I too have the profiler enabled. Thanks for the heads up about bug 917401!
Comment 9•11 years ago
|
||
I'm getting this crash consistently using Aurora - 26.0a2 (2013-09-25) - while trying to shop for Kindles on Amazon.
https://crash-stats.mozilla.com/report/index/f56e64f4-6289-45a7-b138-a86142130926
https://crash-stats.mozilla.com/report/index/6ae9717a-08e9-4137-8568-a6c762130926
https://crash-stats.mozilla.com/report/index/9708df19-de88-4d12-a7ea-892e92130926
https://crash-stats.mozilla.com/report/index/e0d7f9de-437a-4030-befa-4dec52130926
https://crash-stats.mozilla.com/report/index/33f613a0-4273-4bee-9f9d-765f92130926
https://crash-stats.mozilla.com/report/index/ffe5d6b5-b77a-4230-b972-a14512130926
Comment 10•11 years ago
|
||
I disabled the profiler and thought that the problem was alleviated but I just hit the same crash. This is pretty serious!
OS: Windows NT → Windows 8
Comment 11•11 years ago
|
||
Clearing needinfo. If anybody is still seeing this and can reproduce it reliably, please let me know.
Flags: needinfo?(jdemooij)
Comment 12•10 years ago
|
||
(In reply to Jan de Mooij [:jandem] from comment #11)
> Clearing needinfo. If anybody is still seeing this and can reproduce it
> reliably, please let me know.
Can you check out this bug and see if it a dupe?
https://bugzilla.mozilla.org/show_bug.cgi?id=1011793#c3
Flags: needinfo?(jdemooij)
Comment 13•10 years ago
|
||
(In reply to Chris More [:cmore] from comment #12)
> Can you check out this bug and see if it a dupe?
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1011793#c3
Looking at that bug now..
Flags: needinfo?(jdemooij)
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Reporter | ||
Comment 14•10 years ago
|
||
Interestingly I just hit this again as a content process crash in my e10s-enabled Nightly:
https://crash-stats.mozilla.com/report/index/9f634777-e0a0-451a-bbb7-effd32141125
(Yes, I still have the profiler installed.)
Reporter | ||
Comment 15•10 years ago
|
||
Boy, something made this super crashy:
https://crash-stats.mozilla.com/report/index/990802b9-c4a5-4f3b-b0d9-e88322141125
https://crash-stats.mozilla.com/report/index/b3648adb-2904-4948-acf4-4c30b2141125
https://crash-stats.mozilla.com/report/index/f0ebf578-c175-44a0-977d-a81eb2141125
https://crash-stats.mozilla.com/report/index/7e4852a3-07f9-4bc3-96c3-039622141125
My Nightly was basically crashing on startup. I restarted in safe mode and it stays up. I'm going to disable the profiler and see if it stays up.
Comment 16•10 years ago
|
||
I just got this with and old version of profiler installed on current Thunderbird nightly
https://crash-stats.mozilla.com/report/index/2c675e95-d71e-4886-bd3b-8f22b2141130
Updated•9 years ago
|
Crash Signature: [@ js::jit::LinearScanAllocator::assign(js::jit::LAllocation)] → [@ js::jit::LinearScanAllocator::assign(js::jit::LAllocation)]
[@ js::jit::LinearScanAllocator::assign]
Comment 17•8 years ago
|
||
LSRA is gone, no new activity for two years, closing.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•