Closed
Bug 1122947
Opened 10 years ago
Closed 10 years ago
crash in js::jit::JitProfilingFrameIterator::operator++()
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
VERIFIED
FIXED
mozilla38
People
(Reporter: mstange, Assigned: djvj)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
(deleted),
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-5d93eae5-464b-44a6-b419-209892150117. ============================================================= I've hit this crash twice today, once during scrolling on twitter and once during session restore. There are also two reports of this crash on Windows: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3Ajit%3A%3AJitProfilingFrameIterator%3A%3Aoperator%2B%2B%28%29#tab-reports
I hit this when trying to abort opening add-ons manager (i.e. closing the tab) because it was taking too long to open.
No just hit it again. This time when switching to a tab with a youtube video: bp-75d7233b-af06-4256-9877-315bd2150118 Crashing Thread Frame Module Signature Source 0 xul.dll js::jit::JitProfilingFrameIterator::operator++() js/src/jit/JitFrames.cpp 1 xul.dll JS::ProfilingFrameIterator::operator++() js/src/vm/Stack.cpp 2 xul.dll mergeStacksIntoProfile tools/profiler/TableTicker.cpp 3 xul.dll TableTicker::doNativeBacktrace(ThreadProfile&, TickSample*) tools/profiler/TableTicker.cpp 4 xul.dll TableTicker::InplaceTick(TickSample*) tools/profiler/TableTicker.cpp 5 xul.dll SamplerThread::SampleContext(Sampler*, ThreadProfile*, bool) tools/profiler/platform-win32.cc 6 xul.dll SamplerThread::Run() tools/profiler/platform-win32.cc 7 xul.dll `anonymous namespace'::ThreadFunc(void*) ipc/chromium/src/base/platform_thread_win.cc 8 msvcr120.dll _callthreadstartex f:\dd\vctools\crt\crtw32\startup\threadex.c:376 9 msvcr120.dll msvcr120.dll@0x2c000 10 kernel32.dll BaseThreadInitThunk 11 ntdll.dll __RtlUserThreadStart 12 ntdll.dll _RtlUserThreadStart
|
Reporter | |
Comment 3•10 years ago
|
||
I hit this a few more times. I've disabled the profiler addon for now.
|
||
Comment 4•10 years ago
|
||
I reproduce this reliably on startup with the latest Nightly with the profiler add-on.
|
|
||
Comment 5•10 years ago
|
||
[Tracking Requested - why for this release]: Regression from bug 1057082.
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → kvijayan
|
|
Assignee | |
Comment 6•10 years ago
|
||
ok: problem is that I assumed that we would never see Unwound_* frames in the middle of stackwalks. That assumption is wrong, for good reasons. New try run with talos tests with profiling turned on are green: https://treeherder.mozilla.org/#/jobs?repo=try&revision=c68a30fb2456 A previous run scheduled by Marcus on a branch close to tip (and not modifying much else, looked like this): https://treeherder.mozilla.org/#/jobs?repo=try&revision=a40998427912
Attachment #8551481 -
Flags: review?(jdemooij)
|
||
Comment 7•10 years ago
|
||
Comment on attachment 8551481 [details] [diff] [review] fix-profiling-frame-iterator.patch Review of attachment 8551481 [details] [diff] [review]: ----------------------------------------------------------------- Looks good, but there's also JitFrame_Unwound_Rectifier..
Attachment #8551481 -
Flags: review?(jdemooij) → review+
|
|
Assignee | |
Comment 8•10 years ago
|
||
Ah! Good find. Will add that as well.
|
|
Assignee | |
Comment 9•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/090caf88ccfb
|
||
Comment 10•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/090caf88ccfb
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
|
||
Updated•10 years ago
|
|
||
Updated•9 years ago
|
|
||
Comment 11•9 years ago
|
||
No crashes in Socorro over the past 4 weeks - https://crash-stats.mozilla.com/report/list?range_unit=days&range_value=28&signature=js%3A%3Ajit%3A%3AJitProfilingFrameIterator%3A%3Aoperator%2B%2B%28%29
Status: RESOLVED → VERIFIED
|
||
Comment 12•9 years ago
|
||
I just hit this today with Firefox Nightly 42.0a1: bp-c4f8046a-6df1-4457-a821-b827a2150804 I woke my system up from sleep mode with Firefox already running and several tabs loaded. I then opened a new tab to etherpad.mozilla.org and all my tabs crashed (e10s crash - did not take down the browser). Restoring all tabs got me back to working order. Looking at crash-stats there's only been one other report of this crash with Firefox 42.0a1: bp-eb2b4650-1e59-471e-97e6-a3f912150730 I don't know if its worth reopening this to investigate two crash reports but this may be something we want to keep an eye on if it's possible this re-regressed.
|
||
Comment 13•9 years ago
|
||
(Comment 12 probably merit its own separate bug, perhaps marked as a dependency of this one. I don't think it's strictly a regression of this bug, because this bug here was a highly-reproducible startup crash.)
You need to log in
before you can comment on or make changes to this bug.
Description
•