The following testcase crashes on mozilla-central revision 7d542c1d11cd (build with --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --disable-tests --disable-profiling --enable-debug --without-intl-api --enable-optimize --target=i686-pc-linux-gnu, run with --fuzzing-safe): stackTest(function() { oomAtAllocation(1); }); Backtrace: received signal SIGSEGV, Segmentation fault. 0x08522fee in RunIterativeFailureTest (simulator=<synthetic pointer>, params=..., cx=<optimized out>) at js/src/builtin/TestingFunctions.cpp:1759 #0 0x08522fee in RunIterativeFailureTest (simulator=<synthetic pointer>, params=..., cx=<optimized out>) at js/src/builtin/TestingFunctions.cpp:1759 #1 StackTest (cx=<optimized out>, argc=<optimized out>, vp=<optimized out>) at js/src/builtin/TestingFunctions.cpp:1928 #2 0x082286ba in CallJSNative (cx=0xf6e1b800, native=0x85228e0 <StackTest(JSContext*, unsigned int, JS::Value*)>, args=...) at js/src/vm/Interpreter.cpp:449 [...] #17 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at js/src/shell/js.cpp:9973 eax 0x0 0 ebx 0x4 4 ecx 0xf7d92864 -136763292 edx 0x0 0 esi 0xf6e1b800 -152979456 edi 0x8e89ff4 149463028 ebp 0xffffcd28 4294954280 esp 0xffffcc80 4294954112 eip 0x8522fee <StackTest(JSContext*, unsigned int, JS::Value*)+1806> => 0x8522fee <StackTest(JSContext*, unsigned int, JS::Value*)+1806>: movl $0x0,0x0 0x8522ff8 <StackTest(JSContext*, unsigned int, JS::Value*)+1816>: ud2

Along with interruptTest triggering the same error, this happens highly frequently right now. Marking as fuzzblocker.

JSBugMon: Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/29f80c699b14 user: Jon Coppeard date: Mon Sep 03 11:14:32 2018 +0100 summary: Bug 1487662 - Refactor OOMTest and related functions r=nbp This iteration took 294.890 seconds to run.

Jon, is bug 1487662 a likely regressor?

My previous change left the assertion about JSRuntime::hadOutOfMemory in the main test function. This patch makes it OOMTest() specific as it should be.

Pushed by ccoroiu@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/21f542e1e51a Fix OOM test assumptions about whether OOM was previously reported on the context r=nbp

Christian, the whiteboard indicates that that bug is a [fuzzblocker] should we consider backporting this patch to 63? Thanks

From my side, we don't need the backport because I'm not testing beta shells at the moment, forwarding to :gkw for his confirmation.

It's test-only and grafts cleanly, let's just take it.