Closed Bug 1275190 Opened 9 years ago Closed 1 month ago

Crash in js::SavedFrame::HashPolicy::match

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox49 --- affected

People

(Reporter: n.nethercote, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Attachments

(2 files)

Assert against null entries in the SavedFrame hash set's hash policy
915 bytes, patch
jimb
: review+
RyanVM
: checkin+
Details | Diff | Splinter Review
Assert that the SavedFrame* pointers we get out of js::SavedStacks::frames are not null
958 bytes, patch
jimb
: review+
fitzgen
: checkin+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-07cd7453-4e60-42af-80bc-553e32160524. ============================================================= Null deref crash, has only occurred once. fitzgen, is it possible that |existing| is null here?
Flags: needinfo?(nfitzgerald)
(In reply to Nicholas Nethercote [:njn] from comment #0) > This bug was filed from the Socorro interface and is > report bp-07cd7453-4e60-42af-80bc-553e32160524. > ============================================================= > > Null deref crash, has only occurred once. fitzgen, is it possible that > |existing| is null here? It would be very very strange if it was null, but at the least we should add some more asserts.
Flags: needinfo?(nfitzgerald)
Hm... The only place we insert into this table has a null check of the value being inserted directly above it: https://dxr.mozilla.org/mozilla-central/rev/46fe2115d46a5bb40523b8466341d8f9a26e1bdf/js/src/vm/SavedStacks.cpp#1371
Attachment #8755961 - Flags: review?(jimb) → review+
Attachment #8755963 - Flags: review?(jimb) → review+
Only one of the two patches was checked in previously. The leave-open is because these patches don't fix any crash, are just diagnostic.
Keywords: checkin-needed
I don't see how a JS exception could be caused by adding a single new assert in C++ that does not change any logic. If this caused failures of any kind, it would be assertion failure crashes. I think that is just an extant latent intermittent.
Flags: needinfo?(nfitzgerald)
Keywords: checkin-needed
Attachment #8755961 - Flags: checkin+
The leave-open keyword is there and there is no activity for 6 months. :sdetar, maybe it's time to close this bug?
Flags: needinfo?(sdetar)
Jason, ideas on what to do with this bug? Should we close it?
Flags: needinfo?(sdetar) → needinfo?(jorendorff)
Nick, is this done?
Flags: needinfo?(jorendorff) → needinfo?(nfitzgerald)
We landed release assertions that should catch this bug if normal control flow is happening, but AFAIK, they never did catch it. Therefore I think control flow is getting corrupted or the stacks are bad. Given that the crash signature is still seeing activity, it looks like this is still happening. I'm not sure what the next steps are now, though.
Flags: needinfo?(nfitzgerald)

The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?

Flags: needinfo?(sdetar)

We will leave this open for a bit more time, but consider closing in 6 months if it has not been closed by then.

Flags: needinfo?(sdetar)

The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?

Flags: needinfo?(sdetar)
Flags: needinfo?(sdetar)

The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?

Flags: needinfo?(sdetar)
Flags: needinfo?(sdetar)

The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?

Flags: needinfo?(sdetar)

Still leaving this open for now

Flags: needinfo?(sdetar)

The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?

Flags: needinfo?(sdetar)
QA Whiteboard: qa-not-actionable
Flags: needinfo?(sdetar)

The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?
For more information, please visit auto_nag documentation.

Flags: needinfo?(sdetar)
Flags: needinfo?(sdetar)

The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?
For more information, please visit auto_nag documentation.

Flags: needinfo?(sdetar)
Flags: needinfo?(sdetar)
Severity: critical → S2

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: S2 → S3

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 1 month ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: