Closed
Bug 1576183
Opened 6 years ago
Closed 6 years ago
Assertion failure: mWorkerPromise, at /builds/worker/workspace/build/src/dom/promise/Promise.cpp:707
Categories
(Core :: DOM: Networking, defect, P2)
Core
DOM: Networking
Tracking
()
RESOLVED
FIXED
mozilla71
People
(Reporter: jkratzer, Assigned: kershaw)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [necko-triaged])
Attachments
(3 files)
|
319 bytes,
text/html
|
Details | |
|
292 bytes,
application/x-javascript
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
lizzard
:
approval-mozilla-beta+
|
Details | Review |
Testcase found while fuzzing mozilla-central rev 5df00af5913e. Testcase may take several minutes to trigger.
Assertion failure: mWorkerPromise, at /builds/worker/workspace/build/src/dom/promise/Promise.cpp:707
rax = 0x000055c8bd7071a0 rdx = 0x00007ff6cc06aee7
rcx = 0x0000000000000b40 rbx = 0x00007ff6a31f7d80
rsi = 0x00007ff6d78058b0 rdi = 0x00007ff6d7804680
rbp = 0x00007ff6a20fac10 rsp = 0x00007ff6a20fac00
r8 = 0x00007ff6d78058b0 r9 = 0x00007ff6a20ff700
r10 = 0x0000000000000002 r11 = 0x0000000000000000
r12 = 0x00007ff6a489c778 r13 = 0x00007ff6b4d72000
r14 = 0x00007ff6a20fad00 r15 = 0x00007ff6a20fac80
rip = 0x00007ff6c85c1e7e
OS|Linux|0.0.0 Linux 4.18.0-25-generic #26~18.04.1-Ubuntu SMP Thu Jun 27 07:28:31 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|64
64|0|libxul.so|mozilla::dom::PromiseWorkerProxy::WorkerPromise() const|hg:hg.mozilla.org/mozilla-central:dom/promise/Promise.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|707|0x32
64|1|libxul.so|mozilla::dom::WorkerFetchResponseEndRunnable::WorkerRun(JSContext*, mozilla::dom::WorkerPrivate*)|hg:hg.mozilla.org/mozilla-central:dom/fetch/Fetch.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|723|0x13
64|2|libxul.so|mozilla::dom::WorkerRunnable::Run()|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerRunnable.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|356|0x10
64|3|libxul.so|mozilla::dom::WorkerFetchResponseEndRunnable::Cancel()|hg:hg.mozilla.org/mozilla-central:dom/fetch/Fetch.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|733|0x5
64|4|libxul.so|mozilla::dom::WorkerRunnable::Run()|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerRunnable.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|239|0x6
64|5|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|1225|0x15
64|6|libxul.so|NS_ProcessPendingEvents(nsIThread*, unsigned int)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|434|0xe
64|7|libxul.so|mozilla::dom::WorkerPrivate::ClearMainEventQueue(mozilla::dom::WorkerPrivate::WorkerRanOrNot)|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|3396|0xb
64|8|libxul.so|mozilla::dom::WorkerPrivate::NotifyInternal(mozilla::dom::WorkerStatus)|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|4109|0xd
64|9|libxul.so|mozilla::dom::WorkerRunnable::Run()|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerRunnable.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|356|0x10
64|10|libxul.so|mozilla::dom::WorkerPrivate::ProcessAllControlRunnablesLocked()|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|3365|0x6
64|11|libxul.so|mozilla::dom::WorkerPrivate::ProcessAllControlRunnables()|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.h:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|933|0x8
64|12|libxul.so|mozilla::dom::WorkerPrivate::InterruptCallback(JSContext*)|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|3180|0x8
64|13|libxul.so|HandleInterrupt|hg:hg.mozilla.org/mozilla-central:js/src/vm/Runtime.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|433|0xb
64|14|||||0x22147b6da54d
64|15|libxul.so|_fini|||0x281e114
64|16|libxul.so|js::jit::EnterBaselineInterpreterAtBranch(JSContext*, js::InterpreterFrame*, unsigned char*)|hg:hg.mozilla.org/mozilla-central:js/src/jit/BaselineJIT.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|184|0x261
64|17|libxul.so|js::LifoAlloc::getOrCreateChunk(unsigned long)|hg:hg.mozilla.org/mozilla-central:js/src/ds/LifoAlloc.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|227|0x8
64|18|ld-2.27.so||||0x13800
64|19|libxul.so||||0x3feb2e0
64|20|libxul.so|mozilla::Vector<js::RecompileInfo, 1ul, js::SystemAllocPolicy>::~Vector()|hg:hg.mozilla.org/mozilla-central:mfbt/Vector.h:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|901|0xf
64|21|libxul.so|js::AutoEnterAnalysis::~AutoEnterAnalysis()|hg:hg.mozilla.org/mozilla-central:js/src/vm/TypeInference-inl.h:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|435|0x14
64|22|libxul.so|JSScript::createJitScript(JSContext*)|hg:hg.mozilla.org/mozilla-central:js/src/jit/JitScript.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|77|0x8
64|23|libxul.so|_fini|||0x2a1d3bc
64|24|ld-2.27.so||||0x1387c
64|25|ld-2.27.so||||0x19a28
64|26|libxul.so|js::CurrentThreadCanAccessRuntime(JSRuntime const*)|hg:hg.mozilla.org/mozilla-central:mfbt/ThreadLocal.h:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|158|0xf
64|27|libxul.so|js::CheckZone<(js::AllowedHelperThread)0>::check() const|hg:hg.mozilla.org/mozilla-central:js/src/threading/ProtectedData.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|84|0x13
64|28|libxul.so|Interpret|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|1991|0x14
64|29|libxul.so|_fini|||0x27e3f54
64|30|libxul.so|js::gc::Cell::asTenured()|hg:hg.mozilla.org/mozilla-central:js/src/gc/Cell.h:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|232|0x5
64|31|libxul.so|js::detail::SingleLinkedList<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::operator=(js::detail::SingleLinkedList<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >&&)|hg:hg.mozilla.org/mozilla-central:js/src/ds/LifoAlloc.h:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|90|0x8
64|32|libxul.so|_fini|||0x2a1d3bc
64|33|libxul.so|_fini|||0x2a1d3bc
64|34|libxul.so|_fini|||0x2a1d3bc
64|35|ld-2.27.so||||0x1387c
64|36|libxul.so|js::CurrentThreadCanAccessRuntime(JSRuntime const*)|hg:hg.mozilla.org/mozilla-central:mfbt/ThreadLocal.h:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|158|0xf
64|37|libxul.so|JS::Zone::getOrCreateUniqueId(js::gc::Cell*, unsigned long*)|hg:hg.mozilla.org/mozilla-central:js/src/gc/Zone-inl.h:5df00af5913e90ba7c60411e1e6cb78c2f7c46e0|54|0x8
Flags: in-testsuite?
|
Reporter | |
Comment 1•6 years ago
|
||
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → kershaw
Flags: needinfo?(kershaw)
Priority: -- → P2
Whiteboard: [necko-triaged]
|
|
Assignee | |
Comment 3•6 years ago
|
||
Pushed by kjang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6935a29addf5
Don't access worker promise if already shutdown r=baku
|
||
Comment 5•6 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox71:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
|
||
Comment 6•6 years ago
|
||
Do you think this is a good patch for uplift to 70? We are still in early beta.
Flags: needinfo?(kershaw)
|
|
||
Updated•6 years ago
|
status-firefox69:
--- → wontfix
|
||
Updated•6 years ago
|
status-firefox-esr60:
--- → wontfix
status-firefox-esr68:
--- → wontfix
Flags: in-testsuite? → in-testsuite-
|
|
Assignee | |
Comment 7•6 years ago
|
||
(In reply to Liz Henry (:lizzard) from comment #6)
Do you think this is a good patch for uplift to 70? We are still in early beta.
Maybe yes. This is a simple fix and might be able to avoid some crashes.
Flags: needinfo?(kershaw)
|
|
Assignee | |
Comment 8•6 years ago
|
||
Comment on attachment 9088758 [details]
Bug 1576183 - Don't access worker promise if already shutdown
Beta/Release Uplift Approval Request
- User impact if declined: Might have a crash.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: n/a
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This is a simple fix. The patch just adds shutdown flag to check whether the worker is already shutdown.
- String changes made/needed: n/a
Attachment #9088758 -
Flags: approval-mozilla-beta?
|
|
||
Comment 9•6 years ago
|
||
Comment on attachment 9088758 [details]
Bug 1576183 - Don't access worker promise if already shutdown
Maybe avoiding some crashes is my middle name now. Let's uplift for beta 5.
Attachment #9088758 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
||
Comment 10•6 years ago
|
||
| bugherder uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•