Open
Bug 1867696
Opened 6 months ago
Updated 6 months ago
Crash in [@ js::InlineList<T>::remove]
Categories
(Core :: JavaScript Engine: JIT, defect, P5)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox122 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/72d3b658-c9d8-40a3-abc0-27fed0231124
Reason: EXCEPTION_ACCESS_VIOLATION_WRITE
Top 10 frames of crashing thread:
0 xul.dll js::InlineList<js::jit::MUse>::remove js/src/jit/InlineList.h:320
0 xul.dll js::jit::MDefinition::removeUse js/src/jit/MIR.h:757
0 xul.dll js::jit::MUse::releaseProducer js/src/jit/MIR.h:11620
0 xul.dll js::jit::MResumePoint::releaseUses js/src/jit/MIR.h:8824
0 xul.dll js::jit::MBasicBlock::discardResumePoint js/src/jit/MIRGraph.cpp:781
0 xul.dll js::jit::MBasicBlock::prepareForDiscard js/src/jit/MIRGraph.cpp:807
0 xul.dll js::jit::MBasicBlock::discard js/src/jit/MIRGraph.cpp:829
1 xul.dll js::jit::RangeAnalysis::adjustTruncatedInputs js/src/jit/RangeAnalysis.cpp:3116
1 xul.dll js::jit::RangeAnalysis::truncate js/src/jit/RangeAnalysis.cpp:3269
1 xul.dll js::jit::OptimizeMIR js/src/jit/Ion.cpp:1269
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2023-10-21
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 5 out of 6 crashes happened on null or near null memory address
Updated•6 months ago
|
Component: General → JavaScript Engine: JIT
Comment 1•6 months ago
|
||
All crashes with these signature sounds like a lot like pointer corruption in a linked list.
Also given the low volume, I will just consider these are mostly bad hardware issues until we get someone to reproduce this issue.
Comment 2•6 months ago
|
||
I can confirm your suspicion, almost 40% of the crashes on file have been flagged as having been potentially caused by a bit-flip.
You need to log in
before you can comment on or make changes to this bug.
Description
•