Closed
Bug 1264188
Opened 9 years ago
Closed 4 years ago
crash in js::jit::BaselineCompiler::addPCMappingEntry
Categories
(Core :: JavaScript Engine: JIT, defect, P3)
Tracking
()
RESOLVED
INVALID
People
(Reporter: n.nethercote, Unassigned)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-b6118787-b636-4cd0-85a2-47d702160406.
=============================================================
This first appeared in March 2014, but no bug has been filed until now. It's happened 471 times in the past 7 days on Beta 46, making it the #40 topcrasher.
|
||
Comment 2•9 years ago
|
||
It's weird, the past weeks there were 459 crashes with 46.0b8, but only 4 with 46.0b9 and 2 with 45.0.1
Maybe the signature changes or it's compiler related somehow. I'll take a look.
|
|
||
Comment 3•9 years ago
|
||
I looked at some of these crash dumps in Visual Studio, and EIP is in the middle of an instruction.. So we end up executing some bogus or invalid instruction and crash.
The CPU data is interesting:
73.16% - AuthenticAMD family 20 model 1 stepping 0 | 2
16.82% - AuthenticAMD family 20 model 1 stepping 0 | 1
So this AMD E-350 CPU accounts for 90% of all crashes... It's probably not from a single user - I see different Windows versions.
Flags: needinfo?(jdemooij)
|
|
||
Comment 4•9 years ago
|
||
See also bug 772330 for problems with this CPU. I can check if erratum 688 applies here as well.
|
|
||
Comment 5•9 years ago
|
||
(In reply to Jan de Mooij [:jandem] from comment #4)
> See also bug 772330 for problems with this CPU. I can check if erratum 688
> applies here as well.
I don't see any indirect calls or jumps in this function. There are a number of direct branches though...
Since 90% of the crashes are with this particular CPU and 46.0b8, I don't expect us to be able to reproduce it elsewhere.
|
||
Comment 6•8 years ago
|
||
Crash volume for signature 'js::jit::BaselineCompiler::addPCMappingEntry':
- nightly (version 50): 0 crash from 2016-06-06.
- aurora (version 49): 0 crash from 2016-06-07.
- beta (version 48): 21 crashes from 2016-06-06.
- release (version 47): 27 crashes from 2016-05-31.
- esr (version 45): 0 crash from 2016-04-07.
Crash volume on the last weeks:
Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7
- nightly 0 0 0 0 0 0 0
- aurora 0 0 0 0 0 0 0
- beta 0 2 1 1 7 6 3
- release 5 1 6 5 5 2 2
- esr 0 0 0 0 0 0 0
Affected platforms: Windows, Linux
status-firefox47:
--- → affected
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Comment 7•6 years ago
|
||
FWIW, one of my try pushes was hit by this crash during running dom/canvas/test/webgl-conf/generated/test_2_conformance__offscreencanvas__context-creation-worker.html.
https://treeherder.mozilla.org/logviewer.html#?job_id=184839515&repo=try&lineNumber=10330
|
|
||
Comment 8•4 years ago
|
||
Code no longer exists.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•