Closed
Bug 1517397
Opened 7 years ago
Closed 6 years ago
Intermittent GECKO(1380) | Assertion failure: !detail::CellIsMarkedGray(tc), at /builds/worker/workspace/build/src/js/src/gc/GC.cpp:8987
Categories
(Core :: JavaScript: GC, defect, P5)
Core
JavaScript: GC
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: intermittent-bug-filer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: intermittent-failure, sec-high)
Filed by: rgurzau [at] mozilla.com
https://treeherder.mozilla.org/logviewer.html#?job_id=219710032&repo=autoland
https://queue.taskcluster.net/v1/task/bZun5FWKQoG3dTobeTdTmA/runs/0/artifacts/public/logs/live_backing.log
[task 2019-01-03T02:51:44.651Z] 02:51:44 INFO - GECKO(1380) | ++DOCSHELL 0x7f24db630000 == 10 [pid = 1485] [id = {7f3492db-66bc-482f-814b-17961b2621c4}]
[task 2019-01-03T02:51:44.652Z] 02:51:44 INFO - GECKO(1380) | ++DOMWINDOW == 25 (0x7f24dcbef800) [pid = 1485] [serial = 631] [outer = (nil)]
[task 2019-01-03T02:51:44.708Z] 02:51:44 INFO - GECKO(1380) | ++DOMWINDOW == 26 (0x7f24dcbea000) [pid = 1485] [serial = 632] [outer = 0x7f24dcbef800]
[task 2019-01-03T02:51:44.756Z] 02:51:44 INFO - GECKO(1380) | Assertion failure: !detail::CellIsMarkedGray(tc), at /builds/worker/workspace/build/src/js/src/gc/GC.cpp:8987
[task 2019-01-03T02:51:44.853Z] 02:51:44 INFO - GECKO(1380) | [Parent 1380, Gecko_IOThread] WARNING: pipe error (86): Connection reset by peer: file /builds/worker/workspace/build/src/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 349
[task 2019-01-03T02:51:44.854Z] 02:51:44 INFO - GECKO(1380) | ###!!! [Parent][MessageChannel] Error: (msgtype=0x1E0087,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv
[task 2019-01-03T02:51:44.863Z] 02:51:44 INFO - GECKO(1380) | ###!!! [Parent][MessageChannel] Error: (msgtype=0x1E0087,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv
|
||
Comment 1•7 years ago
|
||
Could this also be related to incremental gray marking? Bug 1463462
|
||
Comment 2•7 years ago
|
||
Yes or to the changes to delayed gray marking in bug 1516409.
Annoyingly symbolisation of stack traces is still broken on linux64 so this particular failure doesn't tell us much. I'm watching this to see there are more failures.
Flags: needinfo?(jcoppeard)
|
||
Comment 3•7 years ago
|
||
First occurrence on 2018-12-19: https://treeherder.mozilla.org/#/jobs?repo=try&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel%2Crunnable&revision=f4510107ce3633d22237da1170f6819a266f2eac&selectedJob=217804137
That points to bug 1463462 because bug 1516409 is newer.
|
||
Updated•7 years ago
|
Group: core-security → javascript-core-security
|
||
Comment 4•7 years ago
|
||
Jon: what security rating should we give it? moderate because the assertion crash protects us from the consequences of the bad marking, or sec-high because it might not always catch the underlying corruption and we'll have vulnerabilities elsewhere?
Flags: needinfo?(jcoppeard)
|
|
||
Comment 5•7 years ago
|
||
Marking sec-high because the this assertion means there is the possibility of UAF.
Flags: needinfo?(jcoppeard)
Keywords: sec-high
|
|
||
Updated•7 years ago
|
Flags: needinfo?(jcoppeard)
|
||
Comment 6•6 years ago
|
||
This hasn't happened in a long time. Per jonco, "we've made a bunch of fixes related to gray marking", so most likely it was just fixed.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
|
|
||
Updated•6 years ago
|
Flags: needinfo?(jcoppeard)
|
|
||
Updated•6 years ago
|
Group: javascript-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•