Open Bug 1877590 Opened 4 months ago Updated 3 months ago

Crash in [@ ProcessExecutableMemory::assertValidAddress]

Categories

(Core :: JavaScript Engine: JIT, defect, P5)

Product:
Core
Component:
JavaScript Engine: JIT
Platform:
Other
All
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox124 --- affected

People

(Reporter: release-mgmt-account-bot, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/d8ed9114-54b6-468e-9652-6060c0240126

MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(p >= base_ && uintptr_t(p) + bytes <= uintptr_t(base_) + MaxCodeBytesPerProcess)

Top 10 frames of crashing thread:

0  libxul.so  ProcessExecutableMemory::assertValidAddress const  js/src/jit/ProcessExecutableMemory.cpp:755
0  libxul.so  js::jit::ReprotectRegion  js/src/jit/ProcessExecutableMemory.cpp:945
0  libxul.so  js::jit::ExecutableAllocator::reprotectPool  js/src/jit/ExecutableAllocator.cpp:264
0  libxul.so  js::jit::ExecutableAllocator::poisonCode  js/src/jit/ExecutableAllocator.cpp:316
0  libxul.so  JS::GCContext::poisonJitCode  js/src/gc/GC.cpp:290
0  libxul.so  js::gc::AutoPoisonFreedJitCode::~AutoPoisonFreedJitCode  js/src/gc/GCInternals.h:241
0  libxul.so  js::gc::GCRuntime::performSweepActions  js/src/gc/Sweeping.cpp:2345
0  libxul.so  js::gc::GCRuntime::incrementalSlice  js/src/gc/GC.cpp:3737
1  libxul.so  js::gc::GCRuntime::gcCycle  js/src/gc/GC.cpp:4248
2  libxul.so  js::gc::GCRuntime::collect  js/src/gc/GC.cpp:4439

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

  • First crash report: 2023-12-08
  • Process type: Content
  • Is startup crash: No
  • Has user comments: No
  • Is null crash: Yes - 1 out of 4 crashes happened on null or near null memory address
Component: General → JavaScript Engine: JIT

Looking at reports within the last 6 months, I see crashes with Build ID 20230403141754, which suggests that if this is a regression, then this is older than this build ID.

Based on the volume, I am more inclined to ignore this bug, as a random source of error.

Jan, feel free to correct me if you think there is something to be investigated.

Blocks: sm-defects-hardware
Severity: -- → S4
Flags: needinfo?(jdemooij)
Priority: -- → P5

(In reply to Nicolas B. Pierron [:nbp] from comment #1)

Looking at reports within the last 6 months, I see crashes with Build ID 20230403141754, which suggests that if this is a regression, then this is older than this build ID.

Based on the volume, I am more inclined to ignore this bug, as a random source of error.

I agree. The volume is stable over the last 6 months. URLs are also pretty random and for the most part just the top N websites.

Flags: needinfo?(jdemooij)
You need to log in before you can comment on or make changes to this bug.