Crash in [@ js::jit::X86Encoding::BaseAssembler::assertValidJmpSrc]
Categories
(Core :: JavaScript Engine: JIT, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox121 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 3 open bugs)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/f1201fc3-c133-43ac-9664-3c4af0231014
MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(size_t(src.offset()) <= size())
Top 10 frames of crashing thread:
0 xul.dll AnnotateMozCrashReason mfbt/Assertions.h:46
0 xul.dll js::jit::X86Encoding::BaseAssembler::assertValidJmpSrc js/src/jit/x86-shared/BaseAssembler-x86-shared.h:4576
0 xul.dll js::jit::X86Encoding::BaseAssembler::setNextJump js/src/jit/x86-shared/BaseAssembler-x86-shared.h:4607
0 xul.dll js::jit::AssemblerX86Shared::retarget js/src/jit/x86-shared/Assembler-x86-shared.h:1078
0 xul.dll js::jit::BailoutLabel::operator const js/src/jit/x86-shared/CodeGenerator-x86-shared.cpp:574
0 xul.dll js::jit::CodeGeneratorX86Shared::bailout js/src/jit/x86-shared/CodeGenerator-x86-shared.cpp:589
0 xul.dll js::jit::CodeGeneratorX86Shared::bailoutFrom js/src/jit/x86-shared/CodeGenerator-x86-shared.cpp:607
1 xul.dll js::jit::CodeGenerator::visitGuardNullOrUndefined js/src/jit/CodeGenerator.cpp:4958
1 xul.dll js::jit::CodeGenerator::generateBody js/src/jit/CodeGenerator.cpp:7380
2 xul.dll js::jit::CodeGenerator::generate js/src/jit/CodeGenerator.cpp:14231
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2023-09-30
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: No
Reporter | ||
Comment 1•7 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::JavaScript Engine: JIT' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Comment 2•7 months ago
|
||
I took a look at the last week of crashes (28 total). At first I was interested to note that 8 of the crashes were inside generateRegExpSearcherStub
, which might point to a real issue, but it turns out that 7 of those crashes were from a single broken installation of Thunderbird.
Beyond that, I don't see any particularly interesting pattern here.
Updated•7 months ago
|
Description
•