Crash in [@ js::wasm::WasmFrameIter::popFrame]
Categories
(Core :: JavaScript: WebAssembly, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox75 | --- | unaffected |
firefox76 | --- | fixed |
firefox77 | --- | fixed |
People
(Reporter: RyanVM, Unassigned)
References
Details
(Keywords: crash, csectype-wildptr, regression)
Crash Data
This bug is for crash report bp-bc466b1f-8548-4a37-8650-a8e810200331.
Seems to have been hanging around for awhile now, though there appears to have also been a more recent spike within the last month or so.
Top 10 frames of crashing thread:
0 xul.dll js::wasm::WasmFrameIter::popFrame js/src/wasm/WasmFrameIter.cpp:113
1 xul.dll js::JitFrameIter::operator++ js/src/vm/FrameIter.cpp:232
2 xul.dll InvalidateActivation js/src/jit/Ion.cpp:2402
3 xul.dll js::jit::Invalidate js/src/jit/Ion.cpp:2627
4 xul.dll js::jit::Invalidate js/src/jit/Ion.cpp:2718
5 xul.dll js::jit::CodeGenerator::link js/src/jit/CodeGenerator.cpp:10699
6 xul.dll js::jit::LinkIonScript js/src/jit/Ion.cpp:390
7 xul.dll js::jit::LazyLinkTopActivation js/src/jit/Ion.cpp:409
8 @0x27440b19
9 @0x27d96b
Comment 1•4 years ago
|
||
This is possible better looked at by the Wasm team. Please move it back to JS if it is not.
Comment 2•4 years ago
|
||
Not much to go on, sadly, but we should look. Given the location of the crash it could indicate an improperly created frame (at the time when the traversal happen) or a buggy frame iterator.
Comment 3•4 years ago
|
||
the signature is regressing volume during firefox 76. it also seems to have increased at the same time as another wasm signature in bug 1624886, so they may be related.
Comment 4•4 years ago
|
||
the [@ js::JitFrameIter::operator++] signature started spiking up in the same time-frame and with the same reported urls (a handful of gaming sites), so i presume it's the same underlying issue.
Comment 5•4 years ago
|
||
I would also guess that this has the same underlying issue. I was getting this crash signature while debugging bug 1624886.
Updated•4 years ago
|
Reporter | ||
Updated•4 years ago
|
Updated•11 months ago
|
Description
•