Closed Bug 1457475 Opened 7 years ago Closed 7 years ago

Crash in js::GlobalHelperThreadState::finishParseTask

Categories

(Core :: JavaScript Engine, defect, P1)

Unspecified
Windows 10
defect

Tracking

()

VERIFIED FIXED
mozilla61
Tracking Status
firefox-esr52 --- unaffected
firefox-esr60 --- unaffected
firefox59 --- unaffected
firefox60 --- unaffected
firefox61 + verified

People

(Reporter: marcia, Assigned: jandem)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is report bp-a38d9b33-58e6-47c9-83d1-6f6100180427. ============================================================= These Mac and Windows crashes started showing up using 20180426220144: https://bit.ly/2Hu9BgZ. Not sure if they are expected due to Bug 1452114? ni on :jandem Top 10 frames of crashing thread: 0 xul.dll js::GlobalHelperThreadState::finishParseTask js/src/vm/HelperThreads.cpp:1709 1 xul.dll mozilla::ScriptPreloader::MaybeFinishOffThreadDecode js/xpconnect/loader/ScriptPreloader.cpp:980 2 xul.dll mozilla::ScriptPreloader::WaitForCachedScript js/xpconnect/loader/ScriptPreloader.cpp:863 3 xul.dll mozilla::ScriptPreloader::GetCachedScript js/xpconnect/loader/ScriptPreloader.cpp:849 4 xul.dll mozJSComponentLoader::ObjectForLocation js/xpconnect/loader/mozJSComponentLoader.cpp:826 5 xul.dll mozJSComponentLoader::LoadModule js/xpconnect/loader/mozJSComponentLoader.cpp:442 6 xul.dll nsComponentManagerImpl::KnownModule::Load xpcom/components/nsComponentManager.cpp:717 7 xul.dll nsFactoryEntry::GetFactory xpcom/components/nsComponentManager.cpp:1748 8 xul.dll nsComponentManagerImpl::CreateInstanceByContractID xpcom/components/nsComponentManager.cpp:1046 9 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:1409 =============================================================
Flags: needinfo?(jdemooij)
Attached patch PatchSplinter Review
Some of these look like OOMs but not all of them. Something is failing but not reporting an exception. For now we can demote this MOZ_DIAGNOSTIC_ASSERT to MOZ_ASSERT, maybe fuzzing will find something.
Flags: needinfo?(jdemooij)
Attachment #8971763 - Flags: review?(jcoppeard)
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Comment on attachment 8971763 [details] [diff] [review] Patch Review of attachment 8971763 [details] [diff] [review]: ----------------------------------------------------------------- Good plan.
Attachment #8971763 - Flags: review?(jcoppeard) → review+
Pushed by jandemooij@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/45603dbcb3bb Demote MOZ_DIAGNOSTIC_ASSERT to MOZ_ASSERT. r=jonco
I'd like to know if the frontend or the worker thread machinery is to blame. Can we assert on the worker thread that this doesn't happen? (Maybe in HelperThread::handleParseWorkload.)
<jandem> jorendorff: we could add a similar assert to the main thread frontend code <jorendorff> yes, i was just thinking that <jorendorff> jandem: seems like a very good idea if we really want fuzzer help
Priority: -- → P1
Flags: needinfo?(jdemooij)
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
See Also: → 1458198
Flags: needinfo?(jdemooij)
Hm it looks like many of these are actually *decode* tasks instead of *parse* tasks, despite it being called finishParseTask, so we should probably add similar asserts to the XDR decoder.
OK the XDR decoder only reports an exception if TranscodeResult_Throw is used, but there are other failure TranscodeResults that don't report a pending exception so the helper threads code should check for that. I'll file another followup.
Flags: needinfo?(jdemooij)
Filed bug 1458209 for the XDR bug.
Flags: needinfo?(jdemooij)
No more crashes since the patch landed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: