Open Bug 1508121 Opened Last year Updated Last year

Crash in js::jit::LIRGenerator::visitInstructionDispatch

Categories

(Core :: JavaScript Engine: JIT, defect, P2, critical)

Unspecified
Windows 10
defect

Tracking

()

Tracking Status
firefox65 --- fix-optional

People

(Reporter: jseward, Unassigned)

Details

(Keywords: crash, Whiteboard: [#jsapi:crashes-retriage])

Crash Data

This bug was filed from the Socorro interface and is
report bp-2f56eb07-0c1b-4105-a0d3-296ed0181116.
=============================================================

This showed up in two different installations in the Windows
nightly of 20181115223444.

Top 10 frames of crashing thread:

0 xul.dll js::jit::LIRGenerator::visitInstructionDispatch js/src/jit/Lowering.cpp:5207
1 xul.dll js::jit::LIRGenerator::visitBlock js/src/jit/Lowering.cpp:5324
2 xul.dll js::jit::LIRGenerator::generate js/src/jit/Lowering.cpp:5398
3 xul.dll js::jit::GenerateLIR js/src/jit/Ion.cpp:1787
4 xul.dll js::jit::CompileBackEnd js/src/jit/Ion.cpp:1892
5 xul.dll js::HelperThread::handleIonWorkload js/src/vm/HelperThreads.cpp:2149
6 xul.dll js::HelperThread::threadLoop js/src/vm/HelperThreads.cpp:2597
7 xul.dll static unsigned int js::detail::ThreadTrampoline<void  js/src/threading/Thread.h:236
8 ucrtbase.dll ucrtbase.dll@0x216c1 
9 kernelbase.dll kernelbase.dll@0x64db8 

=============================================================
Flags: needinfo?(jdemooij)
Nothing jumps out at me, looks like random memory corruption. It isn't a topcrash so I'll add it to our crash triage list.
Flags: needinfo?(jdemooij)
Whiteboard: [#jsapi:crashes-retriage]
Priority: -- → P2
This might be a duplicate of Bug 1507084.
(In reply to Nicolas B. Pierron [:nbp] from comment #2)
> This might be a duplicate of Bug 1507084.

As opposed to these other bugs, there is a suspicious list of addresses which have the following bit patterns:

 	0x10xxxxxx

It might be worth looking into anything which is manipulating flags, and if these could be miss-interpreted.
You need to log in before you can comment on or make changes to this bug.