Closed Bug 1111415 Opened 10 years ago Closed 10 years ago

crash in mozilla::FramePointerStackWalk(void (*)(unsigned int, void*, void*, void*), unsigned int, unsigned int, void*, void**, void*)

Categories

(Core :: Gecko Profiler, defect)

Product:
Core
Component:
Gecko Profiler
Version:
36 Branch
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla42
Tracking Flags:
Tracking Status
firefox42 --- fixed

People

(Reporter: kats, Assigned: ehsan.akhgari)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Null check the base pointer in FramePointerStackWalk before dereferencing it
1.08 KB, patch
BenWa
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-f37f226b-ac7b-4580-b7fc-8bf0f2141215. ============================================================= Don't have STR for this but I ran into it after closing a tab and clicking to switch to another tab. Aurora on OS X
I got this today on Firefox Nightly 37.0a1, Mac OS 10.10 when in tab group view and moving around some groups. Haven't been able to reproduce it yet. https://crash-stats.mozilla.com/report/index/b036e5fe-7ba7-46c1-987c-09ab22141216
See Also: → 1113930
I have a reproducible FramePointerStackWalk crash with a patch queue applied to m-c, but I'm not sure whether it is caused by my patches yet or an underlying problem revealed by them. My crash address is different from the other two mentioned above, though: fffff88 (on Linux32). dmajor pointed out that is a special value used by JIT code, and indeed the stack walking crashes at a frame within JIT code. https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=b02537901def
I got this as well, running the profiler with the displaylist option turned on: https://crash-stats.mozilla.com/report/index/fc185639-c19d-435d-8d62-af3ee2150115
I just reinstalled the profiler add-on (having not had it present for a while), and quickly encountered a couple of instances of this: https://crash-stats.mozilla.com/report/index/bp-caf0fe85-be4f-445b-a39f-3273c2150121 https://crash-stats.mozilla.com/report/index/bp-b300b5ca-157e-4ef6-a603-9c0192150120 One of these occurred during opening a new tab (having clicked a link in another app), and another occurred while dragging a tab title to reorder tabs.
It seems like a lot of these crashes will be fixed if we just null checked bp before dereferencing it, since clearly it can be passed in as null.
Assignee: nobody → ehsan
Attachment #8632077 - Flags: review?(bgirard) → review+
https://hg.mozilla.org/mozilla-central/rev/005a006994e5
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox42: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
I got this crash again: https://crash-stats.mozilla.com/report/index/23ceda1a-1071-43a1-ad18-6ab132150722 This makes no sense given the null check that is in place now...
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Could bp be a nonzero garbage value? It might still be illegal to dereference it.
(In reply to Kartikaya Gupta (email:kats@mozilla.com) from comment #11) > Could bp be a nonzero garbage value? It might still be illegal to > dereference it. The crash address is 0x0.
Would that crash be related? https://crash-stats.mozilla.com/report/index/9f8e36a3-ea08-457c-94ed-653872150802 I usually keep the profiler running to capture random, long pauses and i'm seeing intermittent crashes on windows but only with the incremental collector or e10s enabled (not sure which, i usually toggle those together due to performance reasons).
(In reply to Ehsan Akhgari (not reviewing patches, not reading bugmail, needinfo? me!) from comment #10) > I got this crash again: > https://crash-stats.mozilla.com/report/index/23ceda1a-1071-43a1-ad18- > 6ab132150722 > > This makes no sense given the null check that is in place now... Ehsan, have you been able to reproduce this? I just checked Socorro and there are zero reports of this crash over the last week.
(In reply to The 8472 from comment #13) > Would that crash be related? > https://crash-stats.mozilla.com/report/index/9f8e36a3-ea08-457c-94ed- > 653872150802 > > I usually keep the profiler running to capture random, long pauses and i'm > seeing intermittent crashes on windows but only with the incremental > collector or e10s enabled (not sure which, i usually toggle those together > due to performance reasons). I don't know if that crash is related to this one. The signature and stacks look different so I'm inclined to think they aren't related. However it'd probably be best to let a developer familiar with that code make that call. On a side note, when you say "profiler" do you mean the built in profiler or are you using the Gecko Profiler add-on? If it's the add-on then we had another crash recently that is related to stack walking in Gecko Profiler (see bug 1180561). At any rate I think it'd be best for you to file a new bug report so your crash can be investigated on its own.
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #15) > On a side note, when you say "profiler" do you mean the built in profiler or > are you using the Gecko Profiler add-on? If it's the add-on then we had > another crash recently that is related to stack walking in Gecko Profiler > (see bug 1180561). The addon.
(In reply to The 8472 from comment #16) > (In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #15) > > On a side note, when you say "profiler" do you mean the built in profiler or > > are you using the Gecko Profiler add-on? If it's the add-on then we had > > another crash recently that is related to stack walking in Gecko Profiler > > (see bug 1180561). > > The addon. Thanks, please file a new bug report and cc me on it.
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #14) > (In reply to Ehsan Akhgari (not reviewing patches, not reading bugmail, > needinfo? me!) from comment #10) > > I got this crash again: > > https://crash-stats.mozilla.com/report/index/23ceda1a-1071-43a1-ad18- > > 6ab132150722 > > > > This makes no sense given the null check that is in place now... > > Ehsan, have you been able to reproduce this? I just checked Socorro and > there are zero reports of this crash over the last week. Not very recently. The last time I reproduced was in comment 10.
(In reply to Ehsan Akhgari (not reviewing patches, not reading bugmail, needinfo? me!) from comment #18) > Not very recently. The last time I reproduced was in comment 10. Thanks Ehsan, I'm only seeing 2 reports in the last 2 weeks and zero reports in the last week. Should we just re-close this bug? If it's not reproducible I'm not sure what else can be done.
Sure, I guess.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: