1936689 - Assertion failure: cx->isExceptionPending() || cx->isPropagatingForcedReturn() || cx->hadUncatchableException(), at vm/Interpreter.cpp:440

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

for (var i = 0; i < 999; i++) {
  evalInWorker(`
    for (var j = 0 ; j < 99 ; j++) {
      new WebAssembly.Instance(new WebAssembly.Module(wasmTextToBinary(\`
        (func $f
        (result f32)
        f32.const nan
        )
        (table
        (export "table")
        1 funcref
        )
        (elem
        (i32.const 0)
        $f
        )
      \`))).exports.table.get(0).call();
    }
  `);
}

<string>:3:32 InternalError: out of memory
Stack:
  @<string>:3:32
<string>:3:32 InternalError: out of memory
Stack:
  @<string>:3:32
[2560839] Assertion failure: cx->isExceptionPending() || cx->isPropagatingForcedReturn() || cx->hadUncatchableException(), at /home/i32g7900a/trees/mozilla-central/js/src/vm/Interpreter.cpp:440
#01: ???[/home/i32g7900a/shell-cache/js-dbg-64-linux-x86_64-c01572313773/js-dbg-64-linux-x86_64-c01572313773 +0x1d334ce]
#02: ???[/home/i32g7900a/shell-cache/js-dbg-64-linux-x86_64-c01572313773/js-dbg-64-linux-x86_64-c01572313773 +0x1d0b97a]
#03: ???[/home/i32g7900a/shell-cache/js-dbg-64-linux-x86_64-c01572313773/js-dbg-64-linux-x86_64-c01572313773 +0x1d0c899]
#04: ???[/home/i32g7900a/shell-cache/js-dbg-64-linux-x86_64-c01572313773/js-dbg-64-linux-x86_64-c01572313773 +0x2a7f416]
#05: ???[/home/i32g7900a/shell-cache/js-dbg-64-linux-x86_64-c01572313773/js-dbg-64-linux-x86_64-c01572313773 +0x2a7fd4f]
#06: ??? (???:???)

I'm going to guess that this is related to bug 1921780 again.

Run with --fuzzing-safe --ion-offthread-compile=off --no-baseline --no-ion, compile with AR=ar sh ../configure --enable-debug --enable-debug-symbols --with-ccache --enable-nspr-build --enable-ctypes --enable-gczeal --enable-rust-simd --disable-tests, tested on m-c rev c01572313773.

Setting s-s just in case. Jan, did bug 1921780 likely expose the issue?

I'm unable to reproduce this in gdb for whatever reason, but when run on Ubuntu Linux or macOS 15, it seems a little intermittent but fairly reproducible outside the debugger.

Comment 1

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

Attachment: debug stack output when run in macOS Sequoia 15

I did a little bisect and bug 1921963 may be related as well.

Comment 2

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

On Linux, it can take around 30 seconds to crash, while macOS seems to take only around 5 seconds.

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

Set release status flags based on info from the regressing bug 1921780

Comment 4

[Jan de Mooij [:jandem]]

A missing ReportOutOfMemory call. This is likely an old bug that we now catch with better assertions.

Comment 5

[Jan de Mooij [:jandem]]

Attachment: Bug 1936689 - Add missing ReportOutOfMemory calls to GetInterpEntryAndEnsureStubs. r?rhunt!

Comment 6

[Pulsebot]

Pushed by jdemooij@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ff230a5d4ac0
Add missing ReportOutOfMemory calls to GetInterpEntryAndEnsureStubs. r=rhunt

Comment 7

[agoloman]

https://hg.mozilla.org/mozilla-central/rev/ff230a5d4ac0