This bug was filed from the Socorro interface and is report bp-a38d9b33-58e6-47c9-83d1-6f6100180427. ============================================================= These Mac and Windows crashes started showing up using 20180426220144: https://bit.ly/2Hu9BgZ. Not sure if they are expected due to Bug 1452114? ni on :jandem Top 10 frames of crashing thread: 0 xul.dll js::GlobalHelperThreadState::finishParseTask js/src/vm/HelperThreads.cpp:1709 1 xul.dll mozilla::ScriptPreloader::MaybeFinishOffThreadDecode js/xpconnect/loader/ScriptPreloader.cpp:980 2 xul.dll mozilla::ScriptPreloader::WaitForCachedScript js/xpconnect/loader/ScriptPreloader.cpp:863 3 xul.dll mozilla::ScriptPreloader::GetCachedScript js/xpconnect/loader/ScriptPreloader.cpp:849 4 xul.dll mozJSComponentLoader::ObjectForLocation js/xpconnect/loader/mozJSComponentLoader.cpp:826 5 xul.dll mozJSComponentLoader::LoadModule js/xpconnect/loader/mozJSComponentLoader.cpp:442 6 xul.dll nsComponentManagerImpl::KnownModule::Load xpcom/components/nsComponentManager.cpp:717 7 xul.dll nsFactoryEntry::GetFactory xpcom/components/nsComponentManager.cpp:1748 8 xul.dll nsComponentManagerImpl::CreateInstanceByContractID xpcom/components/nsComponentManager.cpp:1046 9 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:1409 =============================================================

Some of these look like OOMs but not all of them. Something is failing but not reporting an exception. For now we can demote this MOZ_DIAGNOSTIC_ASSERT to MOZ_ASSERT, maybe fuzzing will find something.

Comment on attachment 8971763 [details] [diff] [review] Patch Review of attachment 8971763 [details] [diff] [review]: ----------------------------------------------------------------- Good plan.

Pushed by jandemooij@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/45603dbcb3bb Demote MOZ_DIAGNOSTIC_ASSERT to MOZ_ASSERT. r=jonco

I'd like to know if the frontend or the worker thread machinery is to blame. Can we assert on the worker thread that this doesn't happen? (Maybe in HelperThread::handleParseWorkload.)

<jandem> jorendorff: we could add a similar assert to the main thread frontend code <jorendorff> yes, i was just thinking that <jorendorff> jandem: seems like a very good idea if we really want fuzzer help

Hm it looks like many of these are actually *decode* tasks instead of *parse* tasks, despite it being called finishParseTask, so we should probably add similar asserts to the XDR decoder.

OK the XDR decoder only reports an exception if TranscodeResult_Throw is used, but there are other failure TranscodeResults that don't report a pending exception so the helper threads code should check for that. I'll file another followup.

Filed bug 1458209 for the XDR bug.

No more crashes since the patch landed.