Closed
Bug 1308125
Opened 8 years ago
Closed 7 years ago
Crash in js::gc::MakePagesReadOnly
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: Tabs16, Assigned: ehoogeveen)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(1 file, 1 obsolete file)
6.02 KB,
patch
|
ehoogeveen
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-b79b9b98-9f10-4ca2-9cb1-1677c2161005. ============================================================= It started with Build ID 20161004030204 on 2016-10-05 13:03:14 and it is still continuing, latest crash on Build ID 20161005030211 . The crash is on Firefox 52.0a1 version,Firefox 50 version and Firefox 49 version,Windows NT Maximum crashes encountered on October 3,2016. Uptime range: <1 min The link to recent crashes http://bit.ly/2duBANu
Reporter | ||
Comment 1•8 years ago
|
||
Correction: Maximum crashes occured on 5th October at 00:00.
Reporter | ||
Comment 2•8 years ago
|
||
Hi Emanuel, Since you were the last one to touch code in this area, perhaps you can shed some light on the crash?
Flags: needinfo?(emanuel.hoogeveen)
Assignee | ||
Comment 3•8 years ago
|
||
Thanks for the heads up! Hmm, I'm not sure what could be going on here - nothing should have changed on the build from the 4th in particular, but more importantly I'm not sure why VirtualProtect would fail. The new buffer shouldn't be null - even on OOM we just return the old buffer, which we should still be able to protect. I wonder if this somehow explains our missing crashes, even if it's only on Windows. I can try adding some more assertions here and add the last error code to the MOZ_CRASH reason.
Assignee: nobody → emanuel.hoogeveen
Component: Untriaged → JavaScript Engine
Flags: needinfo?(emanuel.hoogeveen)
OS: Windows 10 → Windows
Product: Firefox → Core
Version: unspecified → Trunk
Assignee | ||
Comment 4•8 years ago
|
||
Ugh, I don't think this explains the missing crashes, but I think I just figured it out. Turns out I misread how MOZ_CRASH_ANNOTATE() is used: the macros using it add a MOZ_CRASH() or a MOZ_RELEASE_ASSERT() around the string literal passed in. This patch fixes that, so hopefully socorro will be able to parse them now. For this bug, I added two release assertions and added the error code to the crash reason. You can't pass a dynamic string to MOZ_CRASH(), so that was a bit finicky (which is how I figured out my mistake), but this should work. I added the same code to ProtectPages() and UnprotectPages() for good measure.
Attachment #8798402 -
Flags: review?(jdemooij)
Comment 5•8 years ago
|
||
Comment on attachment 8798402 [details] [diff] [review] Diagnose MakePagesReadOnly crashes and fix crash reporter annotations. Review of attachment 8798402 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/gc/Memory.cpp @@ +853,4 @@ > #if defined(XP_WIN) > DWORD oldProtect; > + if (!VirtualProtect(p, size, PAGE_NOACCESS, &oldProtect)) { > + snprintf(sCrashReason, 256, Nit: s/256/sizeof(sCrashReason)/, and below ?
Attachment #8798402 -
Flags: review?(jdemooij) → review+
Assignee | ||
Comment 6•8 years ago
|
||
Thanks! Carrying forward r+. From discussion on IRC, this probably won't change anything for Socorro after all, but it's probably worth being explicit anyway (in addition to the diagnostics for this bug). (In reply to Jan de Mooij [:jandem] from comment #5) > > + snprintf(sCrashReason, 256, > > Nit: s/256/sizeof(sCrashReason)/, and below ? Good point, done. I also changed from %x to %u, since it was either that or add 0x in front, and the error codes are listed as decimal numbers anyway [1]. [1] https://msdn.microsoft.com/en-us/library/windows/desktop/ms681381.aspx
Attachment #8798402 -
Attachment is obsolete: true
Attachment #8798792 -
Flags: review+
Assignee | ||
Comment 7•8 years ago
|
||
Try run looks good: https://treeherder.mozilla.org/#/jobs?repo=try&revision=39fbd07324ff3fa313b01288d90b97a1ec125e21 Pretty much build-only, but if we were seeing crashes from this in automation they would have showed up already.
Keywords: checkin-needed,
leave-open
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/3d0a761ff566 Diagnose MakePagesReadOnly crashes and fix crash reporter annotations. r=jandem
Keywords: checkin-needed
Comment 9•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/3d0a761ff566
Assignee | ||
Comment 10•8 years ago
|
||
I set this as blocking the wrong bug, and the instrumentation I added won't be useful until bug 1309573 is fixed (we also haven't seen any more of these crashes though).
Assignee | ||
Comment 11•7 years ago
|
||
We've gotten a few crashes in UnprotectPages that say the address is invalid, which may be due to bitflips. No more crashes in MakePagesReadOnly though, and we don't use it anymore right now anyway.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Comment 12•6 years ago
|
||
Removing leave-open keyword from resolved bugs, per :sylvestre.
Keywords: leave-open
You need to log in
before you can comment on or make changes to this bug.
Description
•