Open Bug 2031038 Opened 1 month ago Updated 1 month ago

Crash in [@ SerializeJSONProperty(JSContext*, JS::Value const&, (anonymous namespace)::StringifyContext*)]

Categories

(Core :: JavaScript Engine, defect, P5)

Product:
Core
Component:
JavaScript Engine
Platform:
Unspecified
Windows 11
Type:
defect

Tracking

()

People

(Reporter: mccr8, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/ff21d306-9aa1-4d6b-b9db-815740260410

The crash address 0xfff9800000000000 seems suspiciously common. Maybe this code is missing a check for the null JS value? URLs are a lot of YouTube and Grok.

Reason:

EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames:

0  xul.dll  SerializeJSONProperty(JSContext*, JS::Value const&, (anonymous namespace)::St...  js/src/builtin/JSON.cpp:786
1  xul.dll  SerializeJSONObject(JSContext*, JS::Handle<JSObject*>, (anonymous namespace):...  js/src/builtin/JSON.cpp:549
1  xul.dll  SerializeJSONProperty(JSContext*, JS::Value const&, (anonymous namespace)::St...  js/src/builtin/JSON.cpp:786
2  xul.dll  SerializeJSONObject(JSContext*, JS::Handle<JSObject*>, (anonymous namespace):...  js/src/builtin/JSON.cpp:549
2  xul.dll  SerializeJSONProperty(JSContext*, JS::Value const&, (anonymous namespace)::St...  js/src/builtin/JSON.cpp:786
3  xul.dll  SerializeJSONObject(JSContext*, JS::Handle<JSObject*>, (anonymous namespace):...  js/src/builtin/JSON.cpp:549
3  xul.dll  SerializeJSONProperty(JSContext*, JS::Value const&, (anonymous namespace)::St...  js/src/builtin/JSON.cpp:786
4  xul.dll  js::Stringify(JSContext*, JS::MutableHandle<JS::Value>, JSObject*, JS::Value ...  js/src/builtin/JSON.cpp:1680
5  xul.dll  JS_StringifyWithLengthHint(JSContext*, JS::MutableHandle<JS::Value>, JS::Hand...  js/src/jsapi.cpp:3783
5  xul.dll  JS_Stringify(JSContext*, JS::MutableHandle<JS::Value>, JS::Handle<JSObject*>,...  js/src/jsapi.cpp:3764

(I filed bug 2031036 about the argument stripping not working for this signature.)

Aggregating on cpu info shows that all of the crashes in the last week (and 95% of the crashes in the last 3 months) were on our old friend family 6 model 183 stepping 1. It looks like we are once again being Raptor Laked.

Blocks: cpu-bugs, cpu-raptor-lake-bugs
Severity: -- → S4
Priority: -- → P5

Ah, thanks. It has been a few months since I've done crash triage so I forgot about checking for Raptor Lake.

You need to log in before you can comment on or make changes to this bug.