Crash in [@ OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::jit::ExecutableAllocator::poisonCode]
Categories
(Core :: JavaScript Engine: JIT, defect, P3)
Tracking
()
People
(Reporter: sefeng, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/69794eaf-447a-4e94-9afb-758320200825
Top 10 frames of crashing thread:
0 libxul.so js::AutoEnterOOMUnsafeRegion::crash js/src/vm/JSContext.cpp:1191
1 libxul.so js::jit::ExecutableAllocator::poisonCode js/src/jit/ExecutableAllocator.cpp:297
2 libxul.so JSFreeOp::~JSFreeOp js/src/vm/Runtime.cpp:573
3 libxul.so js::gc::GCRuntime::performSweepActions js/src/gc/GC.cpp:6269
4 libxul.so js::gc::GCRuntime::incrementalSlice js/src/gc/GC.cpp:6841
5 libxul.so js::gc::GCRuntime::gcCycle js/src/gc/GC.cpp:7248
6 libxul.so js::gc::GCRuntime::collect js/src/gc/GC.cpp:7483
7 libxul.so js::gc::GCRuntime::gcSlice js/src/gc/GC.cpp:7574
8 libxul.so nsJSContext::GarbageCollectNow dom/base/nsJSEnvironment.cpp:1166
9 libxul.so InterSliceGCRunnerFired dom/base/nsJSEnvironment.cpp:1736
These crashes are expected and based on the bug which introduced these code, we want to use them to diagnose some other crashes. Also for this particular crash, it doesn't look like it runs out of the memory.
Updated•4 years ago
|
Comment 1•4 years ago
|
||
for this particular crash, it doesn't look like it runs out of the memory.
It looks like mprotect is failing, so it's probably some OS resource used for managing pages that is running out.
This isn't really GC related so I'm going to tentatively move this to the JIT component.
Comment 2•4 years ago
|
||
It sounds like we should improve our JIT page story to avoid fragmentation of executable pages.
Unfortunately we cannot rely on the mprotect result from returning an error code, as the error occuring on Mac is within the mprotect function.
Updated•3 years ago
|
Description
•