Startup crash at nsContentUtils::IsCallerChrome

NEW
Unassigned

Status

()

Core
Security: CAPS
4 years ago
4 years ago

People

(Reporter: cjones, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [rr])

Attachments

(1 attachment)

This is in an --enable-profiling build of gecko-dev SHA1 41e8ad9c6f7192354d9ccfbf76579db2ab3ddc69.  Abbreviated backtrace

(gdb) bt
#0  AsmJSFaultHandler (signum=11, info=0xbfffa20c, context=0xbfffa28c)
    at /home/cjones/rr/mozilla-central/js/src/../../js/src/jit/AsmJSSignalHandlers.cpp:914
#1  <signal handler called>
#2  0x4376ea6d in nsContentUtils::IsCallerChrome ()
    at /home/cjones/rr/mozilla-central/content/base/src/nsContentUtils.cpp:1758
#3  0x436d62db in mozilla::dom::workers::WorkerPrivate::GetLoadInfo (
    aCx=0x4041d200, aWindow=0x0, aParent=0x0, aScriptURL=..., 
    aIsChromeWorker=true, aLoadInfo=0xbfffa860)
    at /home/cjones/rr/mozilla-central/dom/workers/WorkerPrivate.cpp:3789
#4  0x436d70d3 in mozilla::dom::workers::WorkerPrivate::Constructor (
    aGlobal=..., aScriptURL=..., aIsChromeWorker=true, 
    aWorkerType=mozilla::dom::workers::WorkerPrivateParent<mozilla::dom::workers::WorkerPrivate>::WorkerTypeDedicated, aSharedWorkerName=..., 
    aLoadInfo=0x0, aRv=...)
    at /home/cjones/rr/mozilla-central/dom/workers/WorkerPrivate.cpp:3678
#5  0x436d7294 in mozilla::dom::workers::ChromeWorkerPrivate::Constructor (
    aGlobal=..., aScriptURL=..., aRv=...)
    at /home/cjones/rr/mozilla-central/dom/workers/WorkerPrivate.cpp:3637
#6  0x43453680 in mozilla::dom::ChromeWorkerBinding::_constructor (
    cx=0x4041d200, argc=1, vp=0x4699c568)
    at /home/cjones/rr/ff-prof/dom/bindings/WorkerBinding.cpp:67
#7  0x445c48f3 in CallJSNative (args=<synthetic pointer>, native=
    0x43453583 <mozilla::dom::ChromeWorkerBinding::_constructor(JSContext*, unsigned int, JS::Value*)>, cx=0x4041d200)
    at /home/cjones/rr/mozilla-central/js/src/../../js/src/jscntxtinlines.h:220
#8  CallJSNativeConstructor (args=<synthetic pointer>, native=
    0x43453583 <mozilla::dom::ChromeWorkerBinding::_constructor(JSContext*, unsigned int, JS::Value*)>, cx=0x4041d200)
    at /home/cjones/rr/mozilla-central/js/src/../../js/src/jscntxtinlines.h:253
...

(there are 86 stack frames).  It appears that there's some kind of race condition with workers and securitymanager startup.

I have the crash saved in a deterministic trace, so can repro 100% reliably.
aWindow and aParent are both null..  I'm pretty interested in what's further up the stack.  What's creating this worker, exactly, that's not a window or another worker, and at what point in startup is this code being run?
Most likely a JSM/component.
Created attachment 8365624 [details]
Full backtrace
That looks like shutdown, not startup per se, right?  Presumably we've already shut down nsContentUtils, so the MOZ_ASSERT(ssm) in WorkerPrivate::GetLoadInfo failed too, but this is an opt build.

Kinda curious what this JS code is that runs at xpcom shutdown and tries to start workers...
> That looks like shutdown, not startup per se, right?  Presumably we've already shut down nsContentUtils, so the MOZ_ASSERT(ssm) in WorkerPrivate::GetLoadInfo failed too, but this is an opt build.

Ah, yes.  The duration that FF runs is short, a few seconds, so I just assumed a startup bug.

> Kinda curious what this JS code is that runs at xpcom shutdown and tries to start workers...

Is there a way to tell by poking at something in the backtrace?  Or something else that can be described in gdb-ese ;).
Try "call DumpJSStack()"?
Er, except in an opt build that might not work.  If this is an opt build, you want to poke at cx->fp() and its script/filename/lineno etc manually...
A system update ruined my saved trace, and now I can't reproduce this crash anymore. Grr!!  Will come back to this if it pops up again.
You need to log in before you can comment on or make changes to this bug.