Open
Bug 1066261
Opened 10 years ago
Updated 2 years ago
latest Firefox-31ESR: AddressSanitizer: SEGV /usr/src/mozilla-esr31/js/src/assembler/assembler/X86Assembler.h:3445 JSC::X86Assembler::setInt32(void*, int)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
NEW
People
(Reporter: ziebell_marco, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0
Build ID: 20140910170416
Steps to reproduce:
I've compiled the latest mozilla-esr31 sources from the hg repo with following ".mozconfig":
no_tooltool=1
export MOZ_TELEMETRY_REPORTING=1
export MOZBUILD_STATE_PATH=/usr/src/firefox-build
export MOZ_DEBUG_SYMBOLS=1
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -fPIC "
export CXXFLAGS="-fsanitize=address -fno-omit-frame-pointer -fPIC"
export LDFLAGS="-fsanitize=address -fno-omit-frame-pointer -fPIC"
export MOZILLA_OFFICIAL=1
export MOZ_PACKAGE_JSSHELL=1
ac_add_options --enable-optimize
ac_add_options --enable-debug
ac_add_options --enable-debug-symbols=" -g3 -ggdb3 -gdwarf-4"
ac_add_options --enable-alsa
ac_add_options --enable-content-sandbox
ac_add_options --enable-official-branding
ac_add_options --enable-gold
ac_add_options --enable-address-sanitizer
ac_add_options --enable-jsd
ac_add_options --enable-malloc-trace
ac_add_options --disable-accessibility
ac_add_options --disable-pulseaudio
ac_add_options --disable-updater
ac_add_options --disable-strip
ac_add_options --disable-install-strip
ac_add_options --disable-gconf
ac_add_options --disable-websms-backend
ac_add_options --disable-jemalloc
ac_add_options --disable-elf-hack
ac_add_options --with-ccache=/usr/bin/ccache
mk_add_options MOZ_MAKE_FLAGS="-j2"
I received an ASAN:SIGSEV while browsing
==23682== ERROR: AddressSanitizer: SEGV on unknown address 0x7f8fab1d2a34 (pc 0x7f8fb94c427c sp 0x7fff1f475d60 bp 0x7fff1f475da0 T0)
AddressSanitizer can not provide additional info.
#0 0x7f8fb94c427b in JSC::X86Assembler::setInt32(void*, int) /usr/src/mozilla-esr31/js/src/assembler/assembler/X86Assembler.h:3445
#1 0x7f8fb94c427b in JSC::X86Assembler::setRel32(void*, void*) /usr/src/mozilla-esr31/js/src/assembler/assembler/X86Assembler.h:3392
#2 0x7f8fb94c427b in PatchJump /usr/src/mozilla-esr31/js/src/jit/x64/Assembler-x64.h:716
#3 0x7f8fb94c427b in js::jit::JitRuntime::patchIonBackedges(JSRuntime*, js::jit::JitRuntime::BackedgeTarget) /usr/src/mozilla-esr31/js/src/jit/Ion.cpp:412
#4 0x7f8fb9897756 in InterruptCheck /usr/src/mozilla-esr31/js/src/jit/VMFunctions.cpp:523
#5 0x7f8fb9897756 in js::jit::CheckOverRecursedWithExtra(JSContext*, js::jit::BaselineFrame*, unsigned int, unsigned int) /usr/src/mozilla-esr31/js/src/jit/VMFunctions.cpp:177
#6 0x7f8fafba370c (+0xc70c)
SUMMARY: AddressSanitizer: SEGV /usr/src/mozilla-esr31/js/src/assembler/assembler/X86Assembler.h:3445 JSC::X86Assembler::setInt32(void*, int)
|
||
Updated•10 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 1•10 years ago
|
||
This happens when patching backedges, so might it be that ASAN doesn't know how to handle legit segfaults and simply perceives them as regular segfaults? According to bug 857189, there's now an ASAN option that says "hey, this app uses its own segfault handlers", so you might need to use a recent version of ASAN. Could you post your ASAN version number here, please?
Flags: needinfo?(ziebell_marco)
|
Reporter | |
Comment 2•10 years ago
|
||
I'm using Gentoo (amd64) with: - gcc-4.8.3 - binutils 2.32.2 and as an symbolizer - llvm 3.3 If this doesn't answer your question please tell me where to find the exact ASAN version number.
Flags: needinfo?(ziebell_marco)
|
||
Comment 3•10 years ago
|
||
We do not officially support GCC+Asan. I also cannot tell you when they backported the patch from LLVM ASan into their own codebase and if they support the default options like Clang ASan does. If you want to test Firefox with ASan, then I recommend following this guide: https://developer.mozilla.org/en/Building_Firefox_with_Address_Sanitizer This involves building your own LLVM/Clang, which is not hard though.
|
|
Reporter | |
Comment 4•10 years ago
|
||
I don't want to try firefox with ASan in particual, I want to try firefox 31.1 ESR AT ALL. If I start firefox 31.1 ESR with the firefox 24.8 profile it crashes at startup. If I run it with a new profile it crashes on several websites and using it seems abnormaly slow. ASan was a try to find the problem and be able to open an detailed bug report and NOT get another unseen bug report here! I'm compiling firefox with LLVM/Clang and ASan at the moment ... maybe this helps. Thanks for the clarification anyway. I'll be back soon!
|
|
||
Comment 5•10 years ago
|
||
(In reply to ziebell_marco@lavabit.com from comment #4) > I don't want to try firefox with ASan in particual, I want to try firefox > 31.1 ESR AT ALL. > If I start firefox 31.1 ESR with the firefox 24.8 profile it crashes at > startup. > If I run it with a new profile it crashes on several websites and using it > seems abnormaly slow. Is that with a version that you compiled yourself, or is this an official build from us? If it's with an official build, you should file a bug about that. > > ASan was a try to find the problem and be able to open an detailed bug > report and NOT get another unseen bug report here! The bug we're seeing here is not actually a bug. It's a problem specific to our JS engine in combination with ASan. > > I'm compiling firefox with LLVM/Clang and ASan at the moment ... maybe this > helps. Yes, that helps. If you are using LLVM 3.3, that might be too old. You can just follow the steps in the wiki article that I linked in comment 3. Check out LLVM/Clang/Compiler-rt, compile these, then compile Firefox with that compiler (you don't even need to install the compiler).
|
|
Reporter | |
Comment 6•10 years ago
|
||
No the crashes happens with the self compiled version. This bug might be not an actual bug, ok! But I tried more then one configuration of firefox 31.1 ESR and all crashed with different websites ... or at startup. I'm using an source distributed linux (gentoo) so an official build is not really an solution. I keep digging.
|
|
||
Comment 7•10 years ago
|
||
(In reply to ziebell_marco@lavabit.com from comment #6) > > I'm using an source distributed linux (gentoo) so an official build is not > really an solution. That doesn't mean the official builds won't work. They might actually work (I remember running a prebuilt Firefox on Gentoo before).
|
|
||
Comment 8•10 years ago
|
||
Hi, did it help to use LLVM / clang to compile? For the crashes you're seeing with official ESR31.1 builds, can you please go to about:crashes and provide us here some links to crash reports?
Flags: needinfo?(ziebell_marco)
|
|
Reporter | |
Comment 9•10 years ago
|
||
Kind of. I started with the ASan default configuration posted in this thread and trying "new" configuration if the old ones seems to be working. Compiling firefox is time consuming but ... as far as I can tell it seems to work "better" with llvm+asan compared to gcc+asan, imho. If have no evidence for it. Closing the bug would be the best.
Flags: needinfo?(ziebell_marco)
|
||
Updated•3 years ago
|
Blocks: sm-defects-crashes
|
||
Updated•2 years ago
|
Blocks: asan-maintenance
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•