1824147 - Crash in [@ js::MemberInitializers::deserialize]

Status: RESOLVED WORKSFORME

(Core :: JavaScript Engine, defect, P5)

Description

[Ryan VanderMeulen [:RyanVM]]

Windows-only crash that appears to have started in 106.

Crash report: https://crash-stats.mozilla.org/report/index/ea9b0dee-21cb-4a8e-abb4-ba67e0230323

MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(idx < storage_.size())

Top 10 frames of crashing thread:

0  xul.dll  js::MemberInitializers::deserialize  js/src/vm/SharedStencil.h:822
0  xul.dll  js::frontend::ScriptStencilExtra::memberInitializers const  js/src/frontend/Stencil.h:1051
0  xul.dll  JSScript::fullyInitFromStencil  js/src/vm/JSScript.cpp:2426
0  xul.dll  JSScript::fromStencil  js/src/vm/JSScript.cpp:2510
1  xul.dll  InstantiateScriptStencils  js/src/frontend/Stencil.cpp:2084
1  xul.dll  js::frontend::CompilationStencil::instantiateStencilAfterPreparation  js/src/frontend/Stencil.cpp:2480
1  xul.dll  js::frontend::CompilationStencil::instantiateStencils  js/src/frontend/Stencil.cpp:2413
2  xul.dll  js::frontend::InstantiateStencils  js/src/frontend/BytecodeCompiler.cpp:448
3  xul.dll  JS::InstantiateGlobalStencil  js/src/frontend/Stencil.cpp:5277
4  xul.dll  mozilla::dom::JSExecutionContext::InstantiateStencil  dom/base/JSExecutionContext.cpp:191

Comment 1

[Matthew Gaudet (he/him) [:mgaudet]]

Ok; the crash report is sort of curious -- it's like we're getting an imprecise exception information out of a pipelined processor. The crash report processor is flagging MemberInitializers::deserialize as the crash point, but the assert seems to be suggesting that we're actually failing here when indexing into scriptSourceExtra.

Perhaps we're getting a corrupt index?

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

Closing because no crashes reported for 12 weeks.