Open Bug 1890891 Opened 1 month ago Updated 20 days ago

Crash in [@ js::jit::JitCode::FromExecutable]

Categories

(Core :: JavaScript: GC, defect, P3)

Product:
Core
Component:
JavaScript: GC
Platform:
Other
All
Type:
defect

Tracking

()

People

(Reporter: release-mgmt-account-bot, Unassigned)

References

(Blocks 3 open bugs)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/01218fd0-aad7-4843-97c3-932230240324

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  js::jit::JitCode::FromExecutable  js/src/jit/JitCode.h:125
0  xul.dll  js::jit::ICStub::jitCode  js/src/jit/BaselineIC.h:197
0  xul.dll  js::jit::ICCacheIRStub::trace  js/src/jit/BaselineIC.cpp:454
0  xul.dll  js::jit::ICEntry::trace  js/src/jit/BaselineIC.cpp:173
0  xul.dll  js::jit::ICScript::trace  js/src/jit/JitScript.cpp:222
0  xul.dll  js::jit::JitScript::trace  js/src/jit/JitScript.cpp:183
1  xul.dll  js::ScriptWarmUpData::trace  js/src/vm/JSScript.cpp:2929
1  xul.dll  js::BaseScript::traceChildren  js/src/gc/TraceMethods-inl.h:37
1  xul.dll  js::GCMarker::processMarkStackTop  js/src/gc/Marking.cpp:1585
1  xul.dll  js::GCMarker::markCurrentColorInParallel  js/src/gc/Marking.cpp:1402

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

  • First crash report: 2024-02-05
  • Process type: Content
  • Is startup crash: No
  • Has user comments: No
  • Is null crash: Yes - 1 out of 9 crashes happened on null or near null memory address

Yet another GC tracing crash.

Component: General → JavaScript: GC

needinfo Jan in case there's a JIT angle here.

Flags: needinfo?(jdemooij)

(In reply to Jon Coppeard (:jonco) from comment #2)

needinfo Jan in case there's a JIT angle here.

Nothing stands out. The URLs are the usual top N websites. Almost all of these are tracing Baseline IC code. Some of the reports look like they could be bit flips in pointer values.

The crash volume is pretty stable over the last 6 months:

https://crash-stats.mozilla.org/signature/?product=Firefox&signature=js%3A%3Ajit%3A%3AJitCode%3A%3AFromExecutable&date=%3E%3D2023-10-29T13%3A36%3A00.000Z&date=%3C2024-04-29T13%3A36%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_columns=startup_crash&_sort=version&_sort=-date&page=1#graphs

status-firefox126: affected → ---
Flags: needinfo?(jdemooij)
Blocks: GCCrashes
Severity: -- → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.