Closed Bug 1806772 Opened 3 years ago Closed 3 years ago

Intermittent SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/js/src/vm/PIC.cpp:311:16 in freeAllStubs

Categories

(Core :: JavaScript: GC, defect, P2)

Product:
Core
Component:
JavaScript: GC
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
110 Branch
Tracking Flags:
Tracking Status
firefox110 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: jonco)

References

Details

(Keywords: csectype-race, intermittent-failure)

Attachments

(2 files)

Full tsan output
51.17 KB, text/plain
Details
Bug 1806772 - Purge ForOfPIC stubs at the start of GC r?jandem
48 bytes, text/x-phabricator-request
Details | Review

Filed by: mlaza [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=400331313&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/YWGK-6ejRIe-HKfA3kzGjg/runs/0/artifacts/public/logs/live_backing.log

[task 2022-12-21T04:39:43.563Z] 04:39:43     INFO - TEST-START | /IndexedDB/file_support.sub.html
[task 2022-12-21T04:39:43.580Z] 04:39:43     INFO - Closing window 7a11b44d-42b8-4c6d-8287-4c69fe7ae043
[task 2022-12-21T04:39:45.652Z] 04:39:45     INFO - PID 1299 | ==================
[task 2022-12-21T04:39:45.654Z] 04:39:45     INFO - PID 1299 | WARNING: ThreadSanitizer: data race (pid=1480)
[task 2022-12-21T04:39:45.655Z] 04:39:45     INFO - PID 1299 |   Read of size 8 at 0x7b180005c280 by main thread:
[task 2022-12-21T04:39:45.656Z] 04:39:45     INFO - PID 1299 |     #0 freeAllStubs /builds/worker/checkouts/gecko/js/src/vm/PIC.cpp:311:16 (libxul.so+0xbf2f378) (BuildId: 582119793f6798fca7d1a113c3b968fc92249d50)
[task 2022-12-21T04:39:45.667Z] 04:39:45     INFO - PID 1299 |     #1 js::ForOfPIC::Chain::trace(JSTracer*) /builds/worker/checkouts/gecko/js/src/vm/PIC.cpp:294:5 (libxul.so+0xbf2f378)
[task 2022-12-21T04:39:45.667Z] 04:39:45     INFO - PID 1299 |     #2 ForOfPIC_traceObject(JSTracer*, JSObject*) /builds/worker/checkouts/gecko/js/src/vm/PIC.cpp:323:12 (libxul.so+0xbf349af) (BuildId: 582119793f6798fca7d1a113c3b968fc92249d50)
[task 2022-12-21T04:39:45.667Z] 04:39:45     INFO - PID 1299 |     #3 doTrace /builds/worker/workspace/obj-build/dist/include/js/Class.h:653:5 (libxul.so+0xc4de852) (BuildId: 582119793f6798fca7d1a113c3b968fc92249d50)
[task 2022-12-21T04:39:45.668Z] 04:39:45     INFO - PID 1299 |     #4 CallTraceHook /builds/worker/checkouts/gecko/js/src/gc/Marking.cpp:1268:12 (libxul.so+0xc4de852)
...
[task 2022-12-21T04:39:45.839Z] 04:39:45     INFO - PID 1299 |     #73 content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28 (firefox-bin+0x1348b3) (BuildId: a81e6dfe4867fc045bbd3834742b32c3e2a2e605)
[task 2022-12-21T04:39:45.840Z] 04:39:45     INFO - PID 1299 |     #74 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:359:18 (firefox-bin+0x1348b3)
[task 2022-12-21T04:39:45.841Z] 04:39:45     INFO - PID 1299 | SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/js/src/vm/PIC.cpp:311:16 in freeAllStubs
[task 2022-12-21T04:39:45.841Z] 04:39:45     INFO - PID 1299 | ==================
[task 2022-12-21T04:39:45.906Z] 04:39:45     INFO - PID 1299 | A content process crashed and MOZ_CRASHREPORTER_SHUTDOWN is set, shutting down
[task 2022-12-21T04:39:46.380Z] 04:39:46     INFO - PID 1299 | 1671597586378	Marionette	INFO	Stopped listening on port 53617
[task 2022-12-21T04:39:46.646Z] 04:39:46     INFO - PID 1299 | [Parent 1299, IPC I/O Parent] WARNING: process 1480 exited on signal 6: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:256
[task 2022-12-21T04:39:46.688Z] 04:39:46     INFO - NoSuchWindowException on command, setting status to CRASH
[task 2022-12-21T04:39:46.690Z] 04:39:46     INFO - TEST-UNEXPECTED-CRASH | /IndexedDB/file_support.sub.html | expected OK
[task 2022-12-21T04:39:46.690Z] 04:39:46     INFO - TEST-INFO took 3127ms
Group: core-security → javascript-core-security

Is Parallel marking enabled in nightly, or is it just enabled for these tests? Not sure whether to worry about the sec rating here or not.

Component: JavaScript Engine → JavaScript: GC
Flags: needinfo?(jcoppeard)
Keywords: csectype-race, sec-high
See Also: → 1795640

(In reply to Daniel Veditz [:dveditz] Out until Jan 9 from comment #1)
Parallel marking is only enabled for these tests, so this is not security sensitive.

Assignee: nobody → jcoppeard
Group: javascript-core-security
Flags: needinfo?(jcoppeard)
Keywords: sec-high
Severity: -- → S3
Priority: -- → P2
Attachment #9310566 - Attachment description: Bug 1806772 - Make PICChain::stubs_ atomic to work around updates during parallel marking r?jandem → Bug 1806772 - Purge ForOfPIC stubs at the start of GC r?jandem
Pushed by jcoppeard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b2570a146f55 Purge ForOfPIC stubs at the start of GC r=jandem

https://hg.mozilla.org/mozilla-central/rev/b2570a146f55

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox110: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 110 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: