Bug 1524419 Comment 12 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

> This reliably reproduces for me but of course due to bug 1526276 we can't
> tell why so back to Core:General we go :)

Y'know... WinDbg is your friend :-)

This is a crash in JITted code. The memory at xip1 (aka x17) is inaccessible. I can't get a stack because we don't generate proper unwind info. I don't suppose anyone from JS could glance at this disassembly and magically know where it came from?

000001dc`c7ac1590 9100039f mov         sp,x28
000001dc`c7ac1594 cb30ef9c sub         x28,x28,xip0 sxtx #3
000001dc`c7ac1598 9278df9c and         x28,x28,#-0x100
000001dc`c7ac159c 9100039f mov         sp,x28
000001dc`c7ac15a0 aa1c03f1 mov         xip1,x28
000001dc`c7ac15a4 ea01003f tst         x1,x1
000001dc`c7ac15a8 540000a0 beq         000001dc`c7ac15bc
000001dc`c7ac15ac f8408458 ldr         x24,[x2],#8
000001dc`c7ac15b0 f8008638 str         x24,[xip1],#8  <<<<<<<<<<<<<< crash here
000001dc`c7ac15b4 f1000610 subs        xip0,xip0,#1
000001dc`c7ac15b8 54ffffa1 bne         000001dc`c7ac15ac
000001dc`c7ac15bc b94000f0 ldr         wip0,[x7]
000001dc`c7ac15c0 d100439f sub         sp,x28,#0x10
000001dc`c7ac15c4 a9bf4384 stp         x4,xip0,[x28,#-0x10]!
000001dc`c7ac15c8 cb1c0273 sub         x19,x19,x28
000001dc`c7ac15cc d378de73 lsl         x19,x19,#8
> This reliably reproduces for me but of course due to bug 1526276 we can't
> tell why so back to Core:General we go :)

Y'know... WinDbg is your friend :-)

This is a crash in JITted code. The memory at xip1 (aka x17) is inaccessible. I can't get a stack because we don't generate proper unwind info. I don't suppose anyone from JS could glance at this disassembly and magically know where it came from?

```
000001dc`c7ac1590 9100039f mov         sp,x28
000001dc`c7ac1594 cb30ef9c sub         x28,x28,xip0 sxtx #3
000001dc`c7ac1598 9278df9c and         x28,x28,#-0x100
000001dc`c7ac159c 9100039f mov         sp,x28
000001dc`c7ac15a0 aa1c03f1 mov         xip1,x28
000001dc`c7ac15a4 ea01003f tst         x1,x1
000001dc`c7ac15a8 540000a0 beq         000001dc`c7ac15bc
000001dc`c7ac15ac f8408458 ldr         x24,[x2],#8
000001dc`c7ac15b0 f8008638 str         x24,[xip1],#8  <<<<<<<<<<<<<< crash here
000001dc`c7ac15b4 f1000610 subs        xip0,xip0,#1
000001dc`c7ac15b8 54ffffa1 bne         000001dc`c7ac15ac
000001dc`c7ac15bc b94000f0 ldr         wip0,[x7]
000001dc`c7ac15c0 d100439f sub         sp,x28,#0x10
000001dc`c7ac15c4 a9bf4384 stp         x4,xip0,[x28,#-0x10]!
000001dc`c7ac15c8 cb1c0273 sub         x19,x19,x28
000001dc`c7ac15cc d378de73 lsl         x19,x19,#8
```

Back to Bug 1524419 Comment 12