Crash in [@ RefPtr<T>::get | RefPtr<T>::operator nsIGlobalObject* | mozilla::dom::Promise::MaybeSomething<T>]
Categories
(Core :: DOM: Workers, defect)
Tracking
()
People
(Reporter: sefeng, Unassigned)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/42478a86-15e7-4086-96be-c214a0221118
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll RefPtr<nsIGlobalObject>::get const mfbt/RefPtr.h:286
0 xul.dll RefPtr<nsIGlobalObject>::operator nsIGlobalObject* const mfbt/RefPtr.h:299
0 xul.dll mozilla::dom::Promise::MaybeSomething<nsresult&> dom/promise/Promise.h:407
1 xul.dll mozilla::dom::Promise::MaybeReject dom/promise/Promise.h:101
1 xul.dll mozilla::dom::workerinternals::loader::WorkerScriptLoader::CancelMainThread dom/workers/ScriptLoader.cpp:729
2 xul.dll mozilla::detail::RunnableMethodArguments<std::function<void xpcom/threads/nsThreadUtils.h:1162
2 xul.dll mozilla::detail::RunnableMethodArguments<std::function<void xpcom/threads/nsThreadUtils.h:1168
2 xul.dll mozilla::detail::RunnableMethodImpl<mozilla::MemoryTelemetry*, nsresult xpcom/threads/nsThreadUtils.h:1215
3 xul.dll mozilla::RunnableTask::Run xpcom/threads/TaskController.cpp:538
3 xul.dll mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:851
Looks like we are reading some invalid memory, looks legit to me.
Comment 2•1 year ago
•
|
||
This is recent, but using the old code. This is already fixed on nightly.
Comment 3•1 year ago
|
||
Hmm, there seemed to be some on nightly, but https://crash-stats.mozilla.org/report/index/73df9b86-a9a6-4177-80f8-4c69c0221120 actually seems to be something different?
:aryx, can we prefix the mozilla::dom::Promise::*
frames in order to distinguish these better?
Comment 4•1 year ago
|
||
(In reply to Jens Stutte [:jstutte] from comment #3)
:aryx, can we prefix the
mozilla::dom::Promise::*
frames in order to distinguish these better?
Patch up in bug 1802315.
Reporter | ||
Updated•1 year ago
|
Updated•1 year ago
|
Comment 5•1 year ago
|
||
The crash signature for comment 0 changed, here's the new ones. The length of these signatures is becoming unwieldy, I'll start trimming them by having Socorro ignore common frames (such as RefPtr) going forward.
Comment 6•1 year ago
|
||
(In reply to Yulia Startsev [:yulia] from comment #2)
This is recent, but using the old code. This is already fixed on nightly.
The incoming crashes for now seem to second this. I'd expect to see it go away also for beta 109, so let's just wait for confirmation.
Updated•1 year ago
|
Description
•