Closed
Bug 1720451
Opened 3 years ago
Closed 3 years ago
Crash following check failure in js::ContextChecks::check(JS::Compartment*, int)
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
DUPLICATE
of bug 1718842
| Tracking | Status | |
|---|---|---|
| firefox92 | --- | affected |
People
(Reporter: jseward, Unassigned)
Details
Attachments
(1 file)
|
(deleted),
text/plain
|
Details |
This is with current m-c, browser build, 585434:52861272bd99.
Both x86_64-linux and aarch64-linux, Fedora 33, built with mozconfig below.
Start the browser, load
https://www.economist.com/leaders/2021/07/03/the-real-risk-to-americas-democracy
and scroll down slightly. It crashes instantly and repeatably.
Mozconfig:
. $topsrcdir/browser/config/mozconfig
export CC="clang -Og -gline-tables-only"
export CXX="clang++ -Og -gline-tables-only"
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/clang-Og-nondebug-systemalloc
ac_add_options --enable-tests
ac_add_options --enable-optimize="-Og -gline-tables-only"
ac_add_options --enable-debug-symbols
ac_add_options --disable-debug
ac_add_options --enable-valgrind
ac_add_options --disable-jemalloc
ac_add_options --enable-profiling
ac_add_options --disable-crashreporter
mk_add_options MOZ_MAKE_FLAGS="-j8"
mk_add_options AUTOCLOBBER=1
|
Reporter | |
Comment 1•3 years ago
|
||
Note, this is not a memory error; it's just the result of calling MOZ_Crash.
|
|
Reporter | |
Updated•3 years ago
|
Flags: needinfo?(jdemooij)
|
||
Comment 2•3 years ago
|
||
Same issue as bug 1718842.
Stack trace:
#0 0x00007ffff6db338d in nanosleep () at ../sysdeps/unix/syscall-template.S:84
#1 0x00007ffff6db32da in __sleep (seconds=0) at ../sysdeps/posix/sleep.c:55
#2 0x00007fffe5d62500 in common_crap_handler(int, void const*) () from /tmp/firefox/libxul.so
#3 0x00007fffe5d62687 in child_ah_crap_handler(int) () from /tmp/firefox/libxul.so
#4 0x00007fffe672f103 in js::UnixExceptionHandler(int, siginfo_t*, void*) () from /tmp/firefox/libxul.so
#5 0x00007fffe74d99d2 in WasmTrapHandler(int, siginfo_t*, void*) () from /tmp/firefox/libxul.so
#6 <signal handler called>
#7 0x00007fffe5f2714d in js::NativeObject::checkStoredValue(JS::Value const&) () from /tmp/firefox/libxul.so
#8 0x00007fffe5f41b0e in js::NativeObject::setSlot(unsigned int, JS::Value const&) () from /tmp/firefox/libxul.so
#9 0x00007fffe6283dc0 in js::CreateRegExpMatchResult(JSContext*, JS::Handle<js::RegExpShared*>, JS::Handle<JSString*>, js::MatchPairs const&, JS::MutableHandle<JS::Value>) () from /tmp/firefox/libxul.so
#10 0x00007fffe6289f8f in RegExpMatcherImpl(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSString*>, int, JS::MutableHandle<JS::Value>) () from /tmp/firefox/libxul.so
#11 0x00007fffe6289ce4 in js::RegExpMatcher(JSContext*, unsigned int, JS::Value*) () from /tmp/firefox/libxul.so
#12 0x00007fffe5f1090e in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) () from /tmp/firefox/libxul.so
#13 0x00007fffe5f10272 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () from /tmp/firefox/libxul.so
#14 0x00007fffe5f11561 in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) () from /tmp/firefox/libxul.so
#15 0x00007fffe5f1134f in js::CallFromStack(JSContext*, JS::CallArgs const&) () from /tmp/firefox/libxul.so
#16 0x00007fffe5f04657 in Interpret(JSContext*, js::RunState&) () from /tmp/firefox/libxul.so
[...]
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
|
||
Updated•3 years ago
|
Flags: needinfo?(jdemooij)
You need to log in
before you can comment on or make changes to this bug.
Description
•