crash in `anonymous namespace''::CTypesActivityCallback(JSContext*, js::CTypesActivityType) with wkhtmltopdf

VERIFIED FIXED in Firefox 20

Status

()

Core
DOM: Workers
--
critical
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: Scoobidiver (away), Assigned: Ben Turner (not reading bugmail, use the needinfo flag!))

Tracking

({crash, regression})

19 Branch
mozilla21
crash, regression
Points:
---

Firefox Tracking Flags

(firefox18 unaffected, firefox19 unaffected, firefox20 verified, firefox21 verified, b2g1819+ fixed, b2g18-v1.0.0 unaffected)

Details

(crash signature)

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

5 years ago
It first showed up in 20.0a1/20130106 and 19.0a2/20120105.

It implies wkhtmltox0.dll which belongs to http://code.google.com/p/wkhtmltopdf/

Signature 	`anonymous namespace''::CTypesActivityCallback(JSContext*, js::CTypesActivityType) More Reports Search
UUID	f0aa73b4-aeaf-4b2e-a2bc-903d52130107
Date Processed	2013-01-07 02:24:34
Uptime	521
Last Crash	9.1 minutes before submission
Install Age	1.2 hours since version was first installed.
Install Time	2013-01-07 01:10:09
Product	Firefox
Version	19.0a2
Build ID	20130106042019
Release Channel	aurora
OS	Windows NT
OS Version	5.1.2600 Service Pack 3
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 28 stepping 2
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x20
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x27ae, AdapterSubsysID: 361a103c, AdapterDriverVersion: 6.14.10.4926
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True
Adapter Vendor ID	0x8086
Adapter Device ID	0x27ae
Total Virtual Memory	2147352576
Available Virtual Memory	1787080704
System Memory Use Percentage	68
Available Page File	1832902656
Available Physical Memory	336084992

Frame 	Module 	Signature 	Source
0 	xul.dll 	`anonymous namespace'::CTypesActivityCallback 	dom/workers/RuntimeService.cpp:385
1 	mozjs.dll 	js::ctypes::FunctionType::Call 	js/src/ctypes/CTypes.cpp:5773
2 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:362
3 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2338
4 	mozjs.dll 	js::NewObjectWithClassProto 	js/src/jsobj.cpp:2218
5 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:414
6 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5771
7 	nspr4.dll 	PR_GetCurrentThread 	nsprpub/pr/src/threads/prcthr.c:143
8 		@0xc9fea3f 	
9 		@0xffffff86 	
10 	wkhtmltox0.dll 	wkhtmltox0.dll@0x16c2b4f 	
11 	mozjs.dll 	ffi_closure_SYSV_inner 	js/src/ctypes/libffi/src/x86/ffi.c:384
12 	wkhtmltox0.dll 	wkhtmltox0.dll@0x2873b 	

More reports at:
https://crash-stats.mozilla.com/report/list?signature=%60anonymous+namespace%27%27%3A%3ACTypesActivityCallback%28JSContext*%2C+js%3A%3ACTypesActivityType%29
I know what's going on here. Patch in a sec.
Assignee: nobody → bent.mozilla
Blocks: 813867
OS: Windows 7 → All
Hardware: x86 → All
(Reporter)

Updated

5 years ago
Keywords: regression
Version: Trunk → 19 Branch
Created attachment 698688 [details] [diff] [review]
Patch, v1

I forgot about ctypes callbacks (which call back into JS from C). The attached patch should do the trick.
Attachment #698688 - Flags: review?(khuey)
Attachment #698688 - Flags: review?(jorendorff)
Attachment #698688 - Flags: review?(khuey) → review+

Updated

5 years ago
Attachment #698688 - Flags: review?(jorendorff) → review+
Comment on attachment 698688 [details] [diff] [review]
Patch, v1

[Triage Comment]
Follow-up fix for code already landed on Aurora and already a+'ed for b2g18; a=me.
Attachment #698688 - Flags: approval-mozilla-b2g18+
Attachment #698688 - Flags: approval-mozilla-aurora+
https://hg.mozilla.org/mozilla-central/rev/c3008e662841
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
https://hg.mozilla.org/releases/mozilla-aurora/rev/a923d1c4ecab
status-firefox19: affected → fixed
status-firefox20: affected → fixed
https://hg.mozilla.org/mozilla-central/rev/e4550612487b
https://hg.mozilla.org/releases/mozilla-aurora/rev/19165f7c1d53

Fixed some gcc bustage.
(Reporter)

Updated

5 years ago
Target Milestone: --- → mozilla20

Comment 7

5 years ago
Backed out for mochitest-chrome crashes:
https://tbpl.mozilla.org/?rev=e4550612487b

https://hg.mozilla.org/mozilla-central/rev/b7e462e6aa9e

Updated

5 years ago
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 8

5 years ago
Backed out from aurora:
https://hg.mozilla.org/releases/mozilla-aurora/rev/fc44cc7dd21e

Updated

5 years ago
status-firefox19: fixed → affected
status-firefox20: fixed → affected
Status: REOPENED → ASSIGNED
Created attachment 699132 [details] [diff] [review]
Patch, v1.1

The only changes here are https://hg.mozilla.org/try/rev/3e68edd2fbac
Attachment #698688 - Attachment is obsolete: true
Attachment #699132 - Flags: review?(khuey)
Attachment #699132 - Flags: review?(khuey) → review+
https://hg.mozilla.org/mozilla-central/rev/928550157e6e
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → FIXED
Comment on attachment 699132 [details] [diff] [review]
Patch, v1.1

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 813867
User impact if declined: Some extensions cause crashes when using ctypes in workers. We could back 813867 out of beta I guess.
Testing completed (on m-c, etc.): m-c, m-i
Risk to taking this patch (and alternatives if risky): As with bug 813867 it's possible we could see deadlocks, though we haven't seen any so far.
String or UUID changes made by this patch: None
Attachment #699132 - Flags: approval-mozilla-beta?
Attachment #699132 - Flags: approval-mozilla-aurora?
(Reporter)

Updated

5 years ago
Target Milestone: mozilla20 → mozilla21
Attachment #698688 - Flags: approval-mozilla-aurora+
status-firefox18: --- → unaffected
status-firefox21: --- → fixed
Comment on attachment 699132 [details] [diff] [review]
Patch, v1.1

For beta, I think a backout makes more sense (unless we're relying on this desktop data, in which case please re-nominate for uplift).
Attachment #699132 - Flags: approval-mozilla-beta?
Attachment #699132 - Flags: approval-mozilla-beta-
Attachment #699132 - Flags: approval-mozilla-aurora?
Attachment #699132 - Flags: approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/9b197e966b73
status-firefox20: affected → fixed
Created attachment 703565 [details] [diff] [review]
Patch for b2g18

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 813867
User impact if declined: See bug 813867 comment 53.
Testing completed: m-c now for a while, also m-a.
Risk to taking this patch (and alternatives if risky): Now that this has baked on two other branches for a while we know it's pretty safe.
String or UUID changes made by this patch: None
Attachment #703565 - Flags: approval-mozilla-b2g18?
tracking-b2g18: --- → ?
Attachment #698688 - Flags: approval-mozilla-b2g18+
Given that this is non-blocking we'll hold off on approving for branch landing until after v1.0.0 -- see https://wiki.mozilla.org/Release_Management/B2G_Landing which explains further but the options are either to land to the date branch now so that it gets merged into 1.0.1 after 1/25 or to wait and get b2g18 approval after 1/25 for direct landing to that branch.
status-b2g18: --- → affected
tracking-b2g18: ? → 19+
Attachment #703565 - Flags: approval-mozilla-b2g18? → approval-mozilla-b2g18+
https://hg.mozilla.org/releases/mozilla-b2g18/rev/d0c9d7c63b36
status-b2g18: affected → fixed
status-b2g18-v1.0.0: --- → unaffected
status-firefox19: affected → unaffected
I backed this out of b2g18 because it caused a perma-orange on linux pgo (only)... https://hg.mozilla.org/releases/mozilla-b2g18/rev/2035414073b7
status-b2g18: fixed → unaffected
(Reporter)

Updated

5 years ago
status-b2g18: unaffected → affected
https://hg.mozilla.org/releases/mozilla-b2g18/rev/3e58b999a337
status-b2g18: affected → fixed
Checking the crashstats I see no crashes on FF > 19b2 in the last 4 weeks. Verified fixed.
Status: RESOLVED → VERIFIED
status-firefox20: fixed → verified
status-firefox21: fixed → verified
You need to log in before you can comment on or make changes to this bug.