Closed Bug 687929 Opened 13 years ago Closed 13 years ago

null cx Crash [@ JS_BeginRequest ] with dom workers

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla11
Tracking Flags:
Tracking Status
firefox8 --- affected
firefox9 + affected
firefox10 + verified

People

(Reporter: bc, Assigned: bent.mozilla)

References

(
URL
)

Details

(Keywords: crash, regression, reproducible, Whiteboard: [qa+][qa!:10])

Crash Data

Attachments

(1 file)

Patch. v1
1.17 KB, patch
sicking
: review+
akeybl
: approval-mozilla-aurora+
akeybl
: approval-mozilla-beta-
Details | Diff | Splinter Review 
1. https://crypto.cat/?c=test
2. Shutdown
3. Crash Aurora/8, Nightly/9 - Windows, Mac, Linux - Debug at least. Beta does not crash.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x000000fc
0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899
899	    cx->outstandingRequests++;
(gdb) bt
#0  0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899
#1  0x066e3050 in JSAutoRequest::JSAutoRequest (this=0xbfffcffc, cx=0x0, _notifier=@0xbfffd008) at jsapi.h:794
#2  0x05bb6dbe in mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow (this=0x27f1e5a0, aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:1064
#3  0x05bb6ea0 in mozilla::dom::workers::ResumeWorkersForWindow (aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:460
Almost certainly a regression from the workers rewrite.
Blocks: new-web-workers
Keywords: regressionwindow-wanted
Full stack:

mozjs.dll!JS_BeginRequest(JSContext * cx)
xul.dll!JSAutoRequest::JSAutoRequest(JSContext * cx)
xul.dll!mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow)
xul.dll!mozilla::dom::workers::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow)
xul.dll!nsGlobalWindow::ResumeTimeouts(int aThawChildren)
xul.dll!nsResumeTimeoutsEvent::Run()
xul.dll!nsThread::ProcessNextEvent(int mayWait, int * result)
...
xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData)

This one is simple, just need to make sure ResumeWorkersForWindow can handle a null context. It's not really needed, but if we have one we need a request.
I hafve someone here who encountered this after upgrading to 8.0. Crash report: https://crash-stats.mozilla.com/report/index/bp-0eef12a6-2e84-49c5-949f-8a1102111119
In regards to comment #3, the user is reliably able to reproduce this on http://www.cuetools.net/wiki/Main_Page. When he opens a link in a new window, he gets this crash. Latest report:
https://crash-stats.mozilla.com/report/index/bp-f23cf359-d6cf-4dc3-af1a-5d2ab2111122
The same person reports this crash still being present in Aurora for him. Latest report: https://crash-stats.mozilla.com/report/index/bp-ab204c45-08b7-4cb4-a2e0-864822111205.
Requesting tracking to get this one on the radar.
status-firefox10: --- → affected
tracking-firefox10: --- → ?
tracking-firefox9: --- → ?
#192 in 8.0.1, and #45 in 9.0b4. Tracking for FF9/10.
tracking-firefox10: ?+
tracking-firefox9: ?+
Whiteboard: [qa+]
Attached patch Patch. v1Splinter Review 
Simple.
Assignee: nobody → bent.mozilla
Status: NEW → ASSIGNED
Attachment #579934 - Flags: review?(jonas)
https://hg.mozilla.org/mozilla-central/rev/21aac86d6658
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
Ben, would it make sense to request that this be allowed to land on Aurora and possibly even Beta since it fixes a crash?
Comment on attachment 579934 [details] [diff] [review]
Patch. v1

This patch is very simple (low risk) and fixes a reproducible crash currently being tracked for FF 9 and FF 10 (high reward).
Attachment #579934 - Flags: approval-mozilla-beta?
Attachment #579934 - Flags: approval-mozilla-aurora?
Comment on attachment 579934 [details] [diff] [review]
Patch. v1

[Triage Comment]
Minusing for beta because of how late we are in the cycle, but let's land this on aurora.
Attachment #579934 - Flags: approval-mozilla-beta?
Attachment #579934 - Flags: approval-mozilla-beta-
Attachment #579934 - Flags: approval-mozilla-aurora?
Attachment #579934 - Flags: approval-mozilla-aurora+
I see no crashes on Firefox 10b1:
Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0) Gecko/20100101 Firefox/10.0
ftp://ftp.mozilla.org/pub/firefox/nightly/2011/12/2011-12-28-mozilla-beta-debug/firefox-10.0.en-US.debug-mac.dmg
ftp://ftp.mozilla.org/pub/firefox/nightly/2011/12/2011-12-28-mozilla-beta-debug/firefox-10.0.en-US.debug-linux-i686.tar.bz2
This is verified fixed on 10b1.
Whiteboard: [qa+] → [qa+][qa!:10]
(In reply to Paul Silaghi [QA] from comment #14)
> This is verified fixed on 10b1.

Don't forget to also set the status-firefox10 flag to verified.
status-firefox10: fixedverified
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: