null cx Crash [@ JS_BeginRequest ] with dom workers

RESOLVED FIXED in Firefox 10



6 years ago
6 years ago


(Reporter: bc, Assigned: Ben Turner (not reading bugmail, use the needinfo flag!))


(Blocks: 1 bug, {crash, regression, reproducible})

crash, regression, reproducible
Dependency tree / graph

Firefox Tracking Flags

(firefox8 affected, firefox9+ affected, firefox10+ verified)


(Whiteboard: [qa+][qa!:10], crash signature, URL)


(1 attachment)



6 years ago
2. Shutdown
3. Crash Aurora/8, Nightly/9 - Windows, Mac, Linux - Debug at least. Beta does not crash.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x000000fc
0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899
899	    cx->outstandingRequests++;
(gdb) bt
#0  0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899
#1  0x066e3050 in JSAutoRequest::JSAutoRequest (this=0xbfffcffc, cx=0x0, _notifier=@0xbfffd008) at jsapi.h:794
#2  0x05bb6dbe in mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow (this=0x27f1e5a0, aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:1064
#3  0x05bb6ea0 in mozilla::dom::workers::ResumeWorkersForWindow (aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:460
Almost certainly a regression from the workers rewrite.
Blocks: 649537
Keywords: regressionwindow-wanted
Blocks: 687221
Full stack:

mozjs.dll!JS_BeginRequest(JSContext * cx)
xul.dll!JSAutoRequest::JSAutoRequest(JSContext * cx)
xul.dll!mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow)
xul.dll!mozilla::dom::workers::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow)
xul.dll!nsGlobalWindow::ResumeTimeouts(int aThawChildren)
xul.dll!nsThread::ProcessNextEvent(int mayWait, int * result)
xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData)

This one is simple, just need to make sure ResumeWorkersForWindow can handle a null context. It's not really needed, but if we have one we need a request.

Comment 3

6 years ago
I hafve someone here who encountered this after upgrading to 8.0. Crash report:

Comment 4

6 years ago
In regards to comment #3, the user is reliably able to reproduce this on When he opens a link in a new window, he gets this crash. Latest report:

Comment 5

6 years ago
The same person reports this crash still being present in Aurora for him. Latest report:
Requesting tracking to get this one on the radar.
status-firefox10: --- → affected
tracking-firefox10: --- → ?
tracking-firefox9: --- → ?

Comment 6

6 years ago
#192 in 8.0.1, and #45 in 9.0b4. Tracking for FF9/10.
tracking-firefox10: ? → +
tracking-firefox9: ? → +


6 years ago
Whiteboard: [qa+]
Created attachment 579934 [details] [diff] [review]
Patch. v1

Assignee: nobody → bent.mozilla
Attachment #579934 - Flags: review?(jonas)
Attachment #579934 - Flags: review?(jonas) → review+

Comment 9

6 years ago
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
Ben, would it make sense to request that this be allowed to land on Aurora and possibly even Beta since it fixes a crash?
Comment on attachment 579934 [details] [diff] [review]
Patch. v1

This patch is very simple (low risk) and fixes a reproducible crash currently being tracked for FF 9 and FF 10 (high reward).
Attachment #579934 - Flags: approval-mozilla-beta?
Attachment #579934 - Flags: approval-mozilla-aurora?
Comment on attachment 579934 [details] [diff] [review]
Patch. v1

[Triage Comment]
Minusing for beta because of how late we are in the cycle, but let's land this on aurora.
Attachment #579934 - Flags: approval-mozilla-beta?
Attachment #579934 - Flags: approval-mozilla-beta-
Attachment #579934 - Flags: approval-mozilla-aurora?
Attachment #579934 - Flags: approval-mozilla-aurora+
status-firefox10: affected → fixed
I see no crashes on Firefox 10b1:
Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0) Gecko/20100101 Firefox/10.0
This is verified fixed on 10b1.
Whiteboard: [qa+] → [qa+][qa!:10]
(In reply to Paul Silaghi [QA] from comment #14)
> This is verified fixed on 10b1.

Don't forget to also set the status-firefox10 flag to verified.
status-firefox10: fixed → verified
Duplicate of this bug: 721191
You need to log in before you can comment on or make changes to this bug.