Closed Bug 1887084 Opened 10 months ago Closed 3 months ago

Spidermonkey crashes on JS::InitSetlfHostedCode() in Visual Studio / Windows 11

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: liamg_uw, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0

Steps to reproduce:

I am running Spidermonkey 102a1 in an embedded C++ project. I use Visual Studio 2022 version 17.9.2, on Windows 11 23H2. For the past two or three weeks, Spidermonkey has been crashing on startup. It crashes inside the JS::InitSetlfHostedCode() function, but this only happens sporadically. It seems to happen once every 2 or 3 times that I run it, indicating a race condition. This happens even in a fresh project, and the problem only started occurring 2 weeks ago, indicating that it is a problem with Windows or Visual Studio.

It crashes at ProcessExecutableMemory.cpp on line 794:

#  ifdef XP_WIN
  DWORD oldProtect;
  DWORD flags = ProtectionSettingToFlags(protection);
  if (!VirtualProtect(pageStart, size, flags, &oldProtect)) {  // <<<< here
    return false;
  }

Actual results:

Here is the full stack trace:

hmpalert.dll!00007ffaf01cf2b2()
hmpalert.dll!00007ffaf019da96()
hmpalert.dll!00007ffaf0133973()
hmpalert.dll!00007ffaf0132c73()
hmpalert.dll!00007ffaf0120b5b()
hmpalert.dll!00007ffaf014d1d5()
hmpalert.dll!00007ffaf0147516()
KernelBase.dll!00007ffaf075cc46()
mozjs-102a1.dll!js::jit::ReprotectRegion(void * start, unsigned __int64 size, js::jit::ProtectionSetting protection, js::jit::MustFlushICache flushICache) Line 794
at C:\mozilla-source\mozilla-unified\js\src\jit\ProcessExecutableMemory.cpp(794)
[Inline Frame] mozjs-102a1.dll!js::jit::ExecutableAllocator::makeExecutableAndFlushICache(js::jit::FlushICacheSpec flushSpec, void * start, unsigned __int64 size) Line 186
at C:\mozilla-source\mozilla-unified\js\src\jit\ExecutableAllocator.h(186)
mozjs-102a1.dll!js::jit::AutoWritableJitCodeFallible::~AutoWritableJitCodeFallible() Line 62
at C:\mozilla-source\mozilla-unified\js\src\jit\AutoWritableJitCode.h(62)
[Inline Frame] mozjs-102a1.dll!mozilla::detail::MaybeStorage<js::jit::AutoWritableJitCodeFallible,0>::~MaybeStorage() Line 269
at C:\mozilla-source\mozilla-unified\js\src_build\dist\include\mozilla\Maybe.h(269)
[Inline Frame] mozjs-102a1.dll!js::jit::Linker::~Linker() Line 29
at C:\mozilla-source\mozilla-unified\js\src\jit\Linker.h(29)
mozjs-102a1.dll!js::jit::JitRuntime::generateTrampolines(JSContext * cx) Line 237
at C:\mozilla-source\mozilla-unified\js\src\jit\Ion.cpp(237)
mozjs-102a1.dll!js::jit::JitRuntime::initialize(JSContext * cx) Line 112
at C:\mozilla-source\mozilla-unified\js\src\jit\Ion.cpp(112)
mozjs-102a1.dll!JSRuntime::createJitRuntime(JSContext * cx) Line 137
at C:\mozilla-source\mozilla-unified\js\src\vm\Realm.cpp(137)
mozjs-102a1.dll!JS::InitSelfHostedCode(JSContext * cx, mozilla::Span<const unsigned char,18446744073709551615> cache, bool(*)(JSContext *, mozilla::Span<const unsigned char,18446744073709551615>) writer) Line 245
at C:\mozilla-source\mozilla-unified\js\src\vm\Initialization.cpp(245)
Context Sequencing Environment.exe!ActionQueue::run() Line 274
at C:\Users\lgoodacre\source\repos\LGoodacre\context-sequencing-environment\Source\events\ActionQueue.cpp(274)
Context Sequencing Environment.exe!juce::Thread::threadEntryPoint() Line 98
at C:\Users\lgoodacre\source\repos\LGoodacre\context-sequencing-environment\JUCE\modules\juce_core\threads\juce_Thread.cpp(98)
Context Sequencing Environment.exe!juce::juce_threadEntryPoint(void * userData) Line 121
at C:\Users\lgoodacre\source\repos\LGoodacre\context-sequencing-environment\JUCE\modules\juce_core\threads\juce_Thread.cpp(121)
Context Sequencing Environment.exe!juce::threadEntryProc(void * userData) Line 63
at C:\Users\lgoodacre\source\repos\LGoodacre\context-sequencing-environment\JUCE\modules\juce_core\native\juce_win32_Threads.cpp(63)
[External Code]

Does this Work if you disable Sophos?

Flags: needinfo?(liamg_uw)
Blocks: sm-runtime
Severity: -- → S3
Priority: -- → P3
See Also: → 1752733

A needinfo is requested from the reporter, however, the reporter is inactive on Bugzilla. Given that the bug is still UNCONFIRMED, closing the bug as incomplete.

For more information, please visit BugBot documentation.

Status: UNCONFIRMED → RESOLVED
Closed: 3 months ago
Flags: needinfo?(liamg_uw)
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.