Open Bug 1661562 Opened 4 years ago Updated 3 years ago

Crash in [@ OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::jit::ExecutableAllocator::poisonCode]

Categories

(Core :: JavaScript Engine: JIT, defect, P3)

defect

Tracking

()

People

(Reporter: sefeng, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/69794eaf-447a-4e94-9afb-758320200825

Top 10 frames of crashing thread:

0 libxul.so js::AutoEnterOOMUnsafeRegion::crash js/src/vm/JSContext.cpp:1191
1 libxul.so js::jit::ExecutableAllocator::poisonCode js/src/jit/ExecutableAllocator.cpp:297
2 libxul.so JSFreeOp::~JSFreeOp js/src/vm/Runtime.cpp:573
3 libxul.so js::gc::GCRuntime::performSweepActions js/src/gc/GC.cpp:6269
4 libxul.so js::gc::GCRuntime::incrementalSlice js/src/gc/GC.cpp:6841
5 libxul.so js::gc::GCRuntime::gcCycle js/src/gc/GC.cpp:7248
6 libxul.so js::gc::GCRuntime::collect js/src/gc/GC.cpp:7483
7 libxul.so js::gc::GCRuntime::gcSlice js/src/gc/GC.cpp:7574
8 libxul.so nsJSContext::GarbageCollectNow dom/base/nsJSEnvironment.cpp:1166
9 libxul.so InterSliceGCRunnerFired dom/base/nsJSEnvironment.cpp:1736

These crashes are expected and based on the bug which introduced these code, we want to use them to diagnose some other crashes. Also for this particular crash, it doesn't look like it runs out of the memory.

Component: JavaScript Engine → JavaScript: GC

for this particular crash, it doesn't look like it runs out of the memory.

It looks like mprotect is failing, so it's probably some OS resource used for managing pages that is running out.

This isn't really GC related so I'm going to tentatively move this to the JIT component.

Component: JavaScript: GC → JavaScript Engine: JIT

It sounds like we should improve our JIT page story to avoid fragmentation of executable pages.
Unfortunately we cannot rely on the mprotect result from returning an error code, as the error occuring on Mac is within the mprotect function.

Severity: -- → S4
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.