Closed
Bug 827274
Opened 12 years ago
Closed 12 years ago
crash in `anonymous namespace''::CTypesActivityCallback(JSContext*, js::CTypesActivityType) with wkhtmltopdf
Categories
(Core :: DOM: Workers, defect)
Tracking
()
VERIFIED
FIXED
mozilla21
Tracking | Status | |
---|---|---|
firefox18 | --- | unaffected |
firefox19 | --- | unaffected |
firefox20 | --- | verified |
firefox21 | --- | verified |
b2g18 | 19+ | fixed |
b2g18-v1.0.0 | --- | unaffected |
People
(Reporter: scoobidiver, Assigned: bent.mozilla)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files, 1 obsolete file)
7.85 KB,
patch
|
khuey
:
review+
akeybl
:
approval-mozilla-aurora+
akeybl
:
approval-mozilla-beta-
|
Details | Diff | Splinter Review |
5.56 KB,
patch
|
overholt
:
approval-mozilla-b2g18+
|
Details | Diff | Splinter Review |
It first showed up in 20.0a1/20130106 and 19.0a2/20120105.
It implies wkhtmltox0.dll which belongs to http://code.google.com/p/wkhtmltopdf/
Signature `anonymous namespace''::CTypesActivityCallback(JSContext*, js::CTypesActivityType) More Reports Search
UUID f0aa73b4-aeaf-4b2e-a2bc-903d52130107
Date Processed 2013-01-07 02:24:34
Uptime 521
Last Crash 9.1 minutes before submission
Install Age 1.2 hours since version was first installed.
Install Time 2013-01-07 01:10:09
Product Firefox
Version 19.0a2
Build ID 20130106042019
Release Channel aurora
OS Windows NT
OS Version 5.1.2600 Service Pack 3
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 28 stepping 2
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0x20
App Notes
AdapterVendorID: 0x8086, AdapterDeviceID: 0x27ae, AdapterSubsysID: 361a103c, AdapterDriverVersion: 6.14.10.4926
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers-
EMCheckCompatibility True
Adapter Vendor ID 0x8086
Adapter Device ID 0x27ae
Total Virtual Memory 2147352576
Available Virtual Memory 1787080704
System Memory Use Percentage 68
Available Page File 1832902656
Available Physical Memory 336084992
Frame Module Signature Source
0 xul.dll `anonymous namespace'::CTypesActivityCallback dom/workers/RuntimeService.cpp:385
1 mozjs.dll js::ctypes::FunctionType::Call js/src/ctypes/CTypes.cpp:5773
2 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:362
3 mozjs.dll js::Interpret js/src/jsinterp.cpp:2338
4 mozjs.dll js::NewObjectWithClassProto js/src/jsobj.cpp:2218
5 mozjs.dll js::Invoke js/src/jsinterp.cpp:414
6 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5771
7 nspr4.dll PR_GetCurrentThread nsprpub/pr/src/threads/prcthr.c:143
8 @0xc9fea3f
9 @0xffffff86
10 wkhtmltox0.dll wkhtmltox0.dll@0x16c2b4f
11 mozjs.dll ffi_closure_SYSV_inner js/src/ctypes/libffi/src/x86/ffi.c:384
12 wkhtmltox0.dll wkhtmltox0.dll@0x2873b
More reports at:
https://crash-stats.mozilla.com/report/list?signature=%60anonymous+namespace%27%27%3A%3ACTypesActivityCallback%28JSContext*%2C+js%3A%3ACTypesActivityType%29
Assignee | ||
Comment 1•12 years ago
|
||
I know what's going on here. Patch in a sec.
Reporter | ||
Updated•12 years ago
|
Keywords: regression
Version: Trunk → 19 Branch
Assignee | ||
Comment 2•12 years ago
|
||
I forgot about ctypes callbacks (which call back into JS from C). The attached patch should do the trick.
Attachment #698688 -
Flags: review?(khuey)
Attachment #698688 -
Flags: review?(jorendorff)
Attachment #698688 -
Flags: review?(khuey) → review+
Updated•12 years ago
|
Attachment #698688 -
Flags: review?(jorendorff) → review+
Comment 3•12 years ago
|
||
Comment on attachment 698688 [details] [diff] [review]
Patch, v1
[Triage Comment]
Follow-up fix for code already landed on Aurora and already a+'ed for b2g18; a=me.
Attachment #698688 -
Flags: approval-mozilla-b2g18+
Attachment #698688 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 4•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 5•12 years ago
|
||
Assignee | ||
Comment 6•12 years ago
|
||
Reporter | ||
Updated•12 years ago
|
Target Milestone: --- → mozilla20
Comment 7•12 years ago
|
||
Backed out for mochitest-chrome crashes:
https://tbpl.mozilla.org/?rev=e4550612487b
https://hg.mozilla.org/mozilla-central/rev/b7e462e6aa9e
Updated•12 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 8•12 years ago
|
||
Backed out from aurora:
https://hg.mozilla.org/releases/mozilla-aurora/rev/fc44cc7dd21e
Updated•12 years ago
|
Updated•12 years ago
|
Status: REOPENED → ASSIGNED
Assignee | ||
Comment 9•12 years ago
|
||
The only changes here are https://hg.mozilla.org/try/rev/3e68edd2fbac
Attachment #698688 -
Attachment is obsolete: true
Attachment #699132 -
Flags: review?(khuey)
Attachment #699132 -
Flags: review?(khuey) → review+
Assignee | ||
Comment 10•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 11•12 years ago
|
||
Comment on attachment 699132 [details] [diff] [review]
Patch, v1.1
[Approval Request Comment]
Bug caused by (feature/regressing bug #): 813867
User impact if declined: Some extensions cause crashes when using ctypes in workers. We could back 813867 out of beta I guess.
Testing completed (on m-c, etc.): m-c, m-i
Risk to taking this patch (and alternatives if risky): As with bug 813867 it's possible we could see deadlocks, though we haven't seen any so far.
String or UUID changes made by this patch: None
Attachment #699132 -
Flags: approval-mozilla-beta?
Attachment #699132 -
Flags: approval-mozilla-aurora?
Reporter | ||
Updated•12 years ago
|
Target Milestone: mozilla20 → mozilla21
Updated•12 years ago
|
Attachment #698688 -
Flags: approval-mozilla-aurora+
Updated•12 years ago
|
status-firefox18:
--- → unaffected
status-firefox21:
--- → fixed
Comment 12•12 years ago
|
||
Comment on attachment 699132 [details] [diff] [review]
Patch, v1.1
For beta, I think a backout makes more sense (unless we're relying on this desktop data, in which case please re-nominate for uplift).
Attachment #699132 -
Flags: approval-mozilla-beta?
Attachment #699132 -
Flags: approval-mozilla-beta-
Attachment #699132 -
Flags: approval-mozilla-aurora?
Attachment #699132 -
Flags: approval-mozilla-aurora+
Comment 13•12 years ago
|
||
Assignee | ||
Comment 14•12 years ago
|
||
[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 813867
User impact if declined: See bug 813867 comment 53.
Testing completed: m-c now for a while, also m-a.
Risk to taking this patch (and alternatives if risky): Now that this has baked on two other branches for a while we know it's pretty safe.
String or UUID changes made by this patch: None
Attachment #703565 -
Flags: approval-mozilla-b2g18?
Assignee | ||
Updated•12 years ago
|
tracking-b2g18:
--- → ?
Updated•12 years ago
|
Attachment #698688 -
Flags: approval-mozilla-b2g18+
Comment 15•12 years ago
|
||
Given that this is non-blocking we'll hold off on approving for branch landing until after v1.0.0 -- see https://wiki.mozilla.org/Release_Management/B2G_Landing which explains further but the options are either to land to the date branch now so that it gets merged into 1.0.1 after 1/25 or to wait and get b2g18 approval after 1/25 for direct landing to that branch.
status-b2g18:
--- → affected
Updated•12 years ago
|
Attachment #703565 -
Flags: approval-mozilla-b2g18? → approval-mozilla-b2g18+
Assignee | ||
Comment 16•12 years ago
|
||
status-b2g18-v1.0.0:
--- → unaffected
Assignee | ||
Updated•12 years ago
|
Assignee | ||
Comment 17•12 years ago
|
||
I backed this out of b2g18 because it caused a perma-orange on linux pgo (only)... https://hg.mozilla.org/releases/mozilla-b2g18/rev/2035414073b7
Reporter | ||
Updated•12 years ago
|
Assignee | ||
Comment 18•12 years ago
|
||
Comment 19•12 years ago
|
||
Checking the crashstats I see no crashes on FF > 19b2 in the last 4 weeks. Verified fixed.
You need to log in
before you can comment on or make changes to this bug.
Description
•