Open Bug 1275190 Opened 4 years ago Updated 6 months ago

Crash in js::SavedFrame::HashPolicy::match

Categories

(Core :: JavaScript Engine, defect, critical)

Unspecified
Windows 10
defect
Not set
critical

Tracking

()

Tracking Status
firefox49 --- affected

People

(Reporter: njn, Unassigned)

Details

(Keywords: crash, leave-open)

Crash Data

Attachments

(2 files)

This bug was filed from the Socorro interface and is 
report bp-07cd7453-4e60-42af-80bc-553e32160524.
=============================================================

Null deref crash, has only occurred once. fitzgen, is it possible that |existing| is null here?
Flags: needinfo?(nfitzgerald)
(In reply to Nicholas Nethercote [:njn] from comment #0)
> This bug was filed from the Socorro interface and is 
> report bp-07cd7453-4e60-42af-80bc-553e32160524.
> =============================================================
> 
> Null deref crash, has only occurred once. fitzgen, is it possible that
> |existing| is null here?

It would be very very strange if it was null, but at the least we should add some more asserts.
Flags: needinfo?(nfitzgerald)
Hm... The only place we insert into this table has a null check of the value being inserted directly above it: https://dxr.mozilla.org/mozilla-central/rev/46fe2115d46a5bb40523b8466341d8f9a26e1bdf/js/src/vm/SavedStacks.cpp#1371
Attachment #8755961 - Flags: review?(jimb) → review+
Attachment #8755963 - Flags: review?(jimb) → review+
Only one of the two patches was checked in previously. The leave-open is because these patches don't fix any crash, are just diagnostic.
Keywords: checkin-needed
I don't see how a JS exception could be caused by adding a single new assert in C++ that does not change any logic. If this caused failures of any kind, it would be assertion failure crashes. I think that is just an extant latent intermittent.
Flags: needinfo?(nfitzgerald)
Keywords: checkin-needed
Attachment #8755961 - Flags: checkin+
The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?
Flags: needinfo?(sdetar)
Jason, ideas on what to do with this bug?  Should we close it?
Flags: needinfo?(sdetar) → needinfo?(jorendorff)
Nick, is this done?
Flags: needinfo?(jorendorff) → needinfo?(nfitzgerald)
We landed release assertions that should catch this bug if normal control flow is happening, but AFAIK, they never did catch it. Therefore I think control flow is getting corrupted or the stacks are bad. Given that the crash signature is still seeing activity, it looks like this is still happening.

I'm not sure what the next steps are now, though.
Flags: needinfo?(nfitzgerald)

The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?

Flags: needinfo?(sdetar)

We will leave this open for a bit more time, but consider closing in 6 months if it has not been closed by then.

Flags: needinfo?(sdetar)
You need to log in before you can comment on or make changes to this bug.