Open
Bug 1896537
Opened 4 months ago
Updated 3 months ago
Crash in [@ js::InlineForwardList<T>::empty]
Categories
(Core :: JavaScript Engine: JIT, defect, P5)
Tracking
()
NEW
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash, regression)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/fe2cfdb8-4542-4703-8c4f-5f74c0240420
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll js::InlineForwardList<js::jit::UsePosition>::empty const js/src/jit/InlineList.h:132
0 xul.dll InsertSortedList js/src/jit/BacktrackingAllocator.cpp:721
0 xul.dll js::jit::LiveRange::addUse js/src/jit/BacktrackingAllocator.cpp:797
0 xul.dll js::jit::VirtualRegister::addInitialUse js/src/jit/BacktrackingAllocator.cpp:1032
0 xul.dll js::jit::BacktrackingAllocator::buildLivenessInfo js/src/jit/BacktrackingAllocator.cpp:1726
1 xul.dll js::jit::BacktrackingAllocator::go js/src/jit/BacktrackingAllocator.cpp:4533
2 xul.dll js::jit::GenerateLIR js/src/jit/Ion.cpp:1577
3 xul.dll js::jit::CompileBackEnd js/src/jit/Ion.cpp:1635
4 xul.dll js::jit::IonCompileTask::runTask js/src/jit/IonCompileTask.cpp:52
4 xul.dll js::jit::IonCompileTask::runHelperThreadTask js/src/jit/IonCompileTask.cpp:30
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2024-04-20
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - all crashes happened on null or near null memory address
By analyzing the backtrace, the regression may have been introduced by a patch [1] to fix Bug 1888429.
[1] https://hg.mozilla.org/mozilla-central/rev?node=c82b988fab50
:jonco, since you are the author of the potential regressor, could you please take a look?
Flags: needinfo?(jcoppeard)
Comment 1•4 months ago
|
||
Bug 1888429 was backed out pretty quickly and is not present in the crashing build.
Component: JavaScript Engine → JavaScript Engine: JIT
Flags: needinfo?(jcoppeard)
No longer regressed by: 1888429
Comment 2•4 months ago
|
||
Looking at this crash, I can't figure out how it would happen without bad hardware.
Updated•4 months ago
|
Updated•3 months ago
|
status-firefox128:
fix-optional → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•