> This reliably reproduces for me but of course due to bug 1526276 we can't
> tell why so back to Core:General we go :)
Y'know... WinDbg is your friend :-)
This is a crash in JITted code. The memory at xip1 (aka x17) is inaccessible. I can't get a stack because we don't generate proper unwind info. I don't suppose anyone from JS could glance at this disassembly and magically know where it came from?
000001dc`c7ac1590 9100039f mov sp,x28
000001dc`c7ac1594 cb30ef9c sub x28,x28,xip0 sxtx #3
000001dc`c7ac1598 9278df9c and x28,x28,#-0x100
000001dc`c7ac159c 9100039f mov sp,x28
000001dc`c7ac15a0 aa1c03f1 mov xip1,x28
000001dc`c7ac15a4 ea01003f tst x1,x1
000001dc`c7ac15a8 540000a0 beq 000001dc`c7ac15bc
000001dc`c7ac15ac f8408458 ldr x24,[x2],#8
000001dc`c7ac15b0 f8008638 str x24,[xip1],#8 <<<<<<<<<<<<<< crash here
000001dc`c7ac15b4 f1000610 subs xip0,xip0,#1
000001dc`c7ac15b8 54ffffa1 bne 000001dc`c7ac15ac
000001dc`c7ac15bc b94000f0 ldr wip0,[x7]
000001dc`c7ac15c0 d100439f sub sp,x28,#0x10
000001dc`c7ac15c4 a9bf4384 stp x4,xip0,[x28,#-0x10]!
000001dc`c7ac15c8 cb1c0273 sub x19,x19,x28
000001dc`c7ac15cc d378de73 lsl x19,x19,#8
Bug 1524419 Comment 12 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
> This reliably reproduces for me but of course due to bug 1526276 we can't
> tell why so back to Core:General we go :)
Y'know... WinDbg is your friend :-)
This is a crash in JITted code. The memory at xip1 (aka x17) is inaccessible. I can't get a stack because we don't generate proper unwind info. I don't suppose anyone from JS could glance at this disassembly and magically know where it came from?
```
000001dc`c7ac1590 9100039f mov sp,x28
000001dc`c7ac1594 cb30ef9c sub x28,x28,xip0 sxtx #3
000001dc`c7ac1598 9278df9c and x28,x28,#-0x100
000001dc`c7ac159c 9100039f mov sp,x28
000001dc`c7ac15a0 aa1c03f1 mov xip1,x28
000001dc`c7ac15a4 ea01003f tst x1,x1
000001dc`c7ac15a8 540000a0 beq 000001dc`c7ac15bc
000001dc`c7ac15ac f8408458 ldr x24,[x2],#8
000001dc`c7ac15b0 f8008638 str x24,[xip1],#8 <<<<<<<<<<<<<< crash here
000001dc`c7ac15b4 f1000610 subs xip0,xip0,#1
000001dc`c7ac15b8 54ffffa1 bne 000001dc`c7ac15ac
000001dc`c7ac15bc b94000f0 ldr wip0,[x7]
000001dc`c7ac15c0 d100439f sub sp,x28,#0x10
000001dc`c7ac15c4 a9bf4384 stp x4,xip0,[x28,#-0x10]!
000001dc`c7ac15c8 cb1c0273 sub x19,x19,x28
000001dc`c7ac15cc d378de73 lsl x19,x19,#8
```