Closed Bug 1774662 Opened 3 years ago Closed 3 years ago

[Apple M1] Crash in js::jit::MaybeEnterJit (DOM Worker Thread) (chess.com; zoom.us)

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1774449

People

(Reporter: tcampbell, Unassigned)

References

(Blocks 1 open bug)

Details

Ted Campbell [:tcampbell]

Reporter

Description

•

3 years ago

https://crash-stats.mozilla.org/report/index/e8f89cd8-cf8f-4943-83c5-fc63b0220616

I got reports of crashes in the Zoom web client on Apple M1 laptops. There are similar crashes on chess.com. These seem to correlate to MacOS ARM64 machines and in both cases are happening in DOM Worker threads.

Ted Campbell [:tcampbell]

Reporter

Updated

•

3 years ago

Group: javascript-core-security

Jan de Mooij [:jandem]

Comment 1

•

3 years ago

This is likely bug 1774449.

Depends on: 1774449

Nicolas B. Pierron [:nbp]

Updated

•

3 years ago

Severity: -- → S2

Component: JavaScript Engine → JavaScript Engine: JIT

Priority: -- → P2

Markus Stange [:mstange]

Comment 2

•

3 years ago

I think the evidence is pretty strong that this is just a duplicate.
In the raw dump of the crash report we can see that the sp value is 0x000000016d96cc88, which is misaligned.

Status: NEW → RESOLVED

Closed: 3 years ago

Resolution: --- → DUPLICATE

Andrew McCreight [:mccr8]

Updated

•

3 years ago

Group: javascript-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[Apple M1] Crash in js::jit::MaybeEnterJit (DOM Worker Thread) (chess.com; zoom.us)

Categories

(Core :: JavaScript Engine: JIT, defect, P2)

Tracking

()

People

(Reporter: tcampbell, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated

Comment 2

Updated