Closed Bug 1942415 Opened 4 days ago Closed 13 hours ago

Crash in [@ mozilla::detail::InvalidArrayIndex_CRASH | mozilla::Array<T>::operator[]] via Statistics::sendSliceTelemetry

Categories

(Core :: JavaScript: GC, defect, P3)

Product:
Core
Component:
JavaScript: GC
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
136 Branch
Tracking Flags:
Tracking Status
firefox-esr128 --- unaffected
firefox134 --- unaffected
firefox135 --- unaffected
firefox136 + fixed

People

(Reporter: mccr8, Assigned: denispal)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1942415: Revert changes for GC_GLEAN_SLOW_PHASE and GC_GLEAN_SLOW_TASK probes. r=jonco!
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/5714aab9-5bbf-44ce-80cf-2fd880250117

Reason:

EXCEPTION_BREAKPOINT

Top 10 frames:

0  mozglue.dll  MOZ_Crash(char const*, int, char const*)  mfbt/Assertions.h:337
0  mozglue.dll  mozilla::detail::InvalidArrayIndex_CRASH(unsigned long long, unsigned long long)  mfbt/Assertions.cpp:50
1  xul.dll  mozilla::Array<mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator...  mfbt/Array.h:51
1  xul.dll  mozilla::EnumeratedArray<js::gcstats::Phase, mozilla::BaseTimeDuration<mozill...  mfbt/EnumeratedArray.h:69
1  xul.dll  CheckSelfTime(js::gcstats::Phase, js::gcstats::Phase, mozilla::EnumeratedArra...  js/src/gc/Statistics.cpp:924
1  xul.dll  LongestPhaseSelfTimeInMajorGC(mozilla::EnumeratedArray<js::gcstats::Phase, mo...  js/src/gc/Statistics.cpp:962
1  xul.dll  js::gcstats::Statistics::sendSliceTelemetry(js::gcstats::Statistics::SliceDat...  js/src/gc/Statistics.cpp:1356
1  xul.dll  js::gcstats::Statistics::endSlice()  js/src/gc/Statistics.cpp:1266
1  xul.dll  js::gcstats::AutoGCSlice::~AutoGCSlice()  js/src/gc/Statistics.h:526
1  xul.dll  js::gc::GCRuntime::gcCycle(bool, JS::SliceBudget const&, JS::GCReason)  js/src/gc/GC.cpp:4507

This first showed up in the 20250115215720 build. Reported via the crash spike detector. I'm guessing this is a regression from bug 1932686.

Here's the set of changesets for the 20250115215720 build, which does include bug 1932686.

Set release status flags based on info from the regressing bug 1932686

:denispal, since you are the author of the regressor, bug 1932686, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

status-firefox134: --- → unaffected
status-firefox135: --- → unaffected
status-firefox136: --- → affected
status-firefox-esr128: --- → unaffected
Flags: needinfo?(dpalmeiro)

It does seem likely that bug 1932686 is the regressor, but it is not immediately obvious to me how it could have caused this crash. I can revert part of the bug that implements the new GC_GLEAN_SLOW_PHASE and GC_GLEAN_SLOW_TASK probes which will undo most of the changes in Statistics.cpp to see if the crash goes away.

Flags: needinfo?(dpalmeiro)
Assignee: nobody → dpalmeiro
Status: NEW → ASSIGNED
Pushed by dpalmeiro@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/71d2bf08d2da Revert changes for GC_GLEAN_SLOW_PHASE and GC_GLEAN_SLOW_TASK probes. r=jonco
Blocks: sm-telemetry
Severity: -- → S3
Priority: -- → P3

https://hg.mozilla.org/mozilla-central/rev/71d2bf08d2da

Status: ASSIGNED → RESOLVED
Closed: 13 hours ago
status-firefox136: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: