Crash in [@ TraverseInnerLazyScriptsForLazyScript]
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr78 | --- | unaffected |
firefox87 | --- | wontfix |
firefox88 | --- | fixed |
firefox89 | --- | fixed |
firefox90 | --- | fixed |
People
(Reporter: sefeng, Assigned: arai)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
48 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-release+
|
Details | Review |
Crash report: https://crash-stats.mozilla.org/report/index/9f5949de-4b59-426a-a071-2e20d0210414
Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Top 10 frames of crashing thread:
0 XUL TraverseInnerLazyScriptsForLazyScript js/src/gc/PublicIterators.cpp:101
1 XUL TraverseInnerLazyScriptsForLazyScript js/src/gc/PublicIterators.cpp:111
2 XUL js::IterateScripts js/src/gc/PublicIterators.cpp:159
3 XUL js::Debugger::ScriptQuery::findScripts js/src/debugger/Debugger.cpp:5134
4 XUL js::Debugger::CallData::findScripts js/src/debugger/Debugger.cpp:5524
5 XUL bool js::Debugger::CallData::ToNative<&js::Debugger::CallData::findScripts js/src/debugger/Debugger.cpp:4109
6 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:520
7 XUL Interpret js/src/vm/Interpreter.cpp:3244
8 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:552
9 XUL js::jit::DoCallFallback js/src/jit/BaselineIC.cpp:1843
Comment 1•3 years ago
|
||
Ted would it make sense for you to look at this bug?
Comment 2•3 years ago
|
||
This seems to be an issue with the debugger iterating over scripts; marking P3/S3 because it should only occur when the devtools are active.
Comment 3•3 years ago
|
||
This is showing a pretty noticeable volume in the early Fx88 release crashes, fwiw.
Comment 4•3 years ago
|
||
Looks like our patch for Bug 1697952 just kicked the crash down the line. This does reinforce our theory that the debugger is to blame. We can revisit our investigation.
Assignee | ||
Comment 5•3 years ago
|
||
Updated•3 years ago
|
Pushed by arai_a@mac.com: https://hg.mozilla.org/integration/autoland/rev/b39fdd9aabab Check null script when iterating and traversing lazy script in debugger. r=tcampbell
Comment 7•3 years ago
|
||
bugherder |
Assignee | ||
Comment 8•3 years ago
|
||
Comment on attachment 9217224 [details]
Bug 1705762 - Check null script when iterating and traversing lazy script in debugger. r?tcampbell!
Beta/Release Uplift Approval Request
- User impact if declined: Yet another attempt to mitigate a null-deref crash, for the same issue as bug 1697952.
Previous 2 patches fixes immediate crash at the end of script instantiation,
and this patch fixes crash when using debugger after that point.
This doesn't have testcase, or manual test steps.
We'll monitor the crash stats for the effect.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This skips yet another possibly unexpected null-deref.
This is still unexpected dereference, and can be skipped. - String changes made/needed: None
Comment 9•3 years ago
|
||
Comment on attachment 9217224 [details]
Bug 1705762 - Check null script when iterating and traversing lazy script in debugger. r?tcampbell!
Crash fix, low risk and we are early in the beta cycle, uplift approved for 89 Beta 3, thanks.
Comment 10•3 years ago
|
||
bugherder uplift |
Comment 11•3 years ago
|
||
The spot-fix seems to have removed crashes from beta.
Comment 12•3 years ago
|
||
Please nominate this for release approval. Looks like it'd be a good ride-along given the crash volume and simplicity of the fix.
Assignee | ||
Comment 13•3 years ago
|
||
Comment on attachment 9217224 [details]
Bug 1705762 - Check null script when iterating and traversing lazy script in debugger. r?tcampbell!
Beta/Release Uplift Approval Request
- User impact if declined: Yet another attempt to mitigate a null-deref crash, for the same issue as bug 1697952.
The mitigation is confirmed to work on beta channel.
This doesn't have testcase, or manual test steps.
We'll continue monitoring the crash stats. - Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This skips yet another possibly unexpected null-deref.
This is still unexpected dereference, and can be skipped. - String changes made/needed: None
Comment 14•3 years ago
|
||
Comment on attachment 9217224 [details]
Bug 1705762 - Check null script when iterating and traversing lazy script in debugger. r?tcampbell!
Approved for 88.0.1.
Comment 15•3 years ago
|
||
bugherder uplift |
Description
•