Last Comment Bug 687929 - null cx Crash [@ JS_BeginRequest ] with dom workers
: null cx Crash [@ JS_BeginRequest ] with dom workers
Status: RESOLVED FIXED
[qa+][qa!:10]
: crash, regression, reproducible
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: x86 All
-- critical (vote)
: mozilla11
Assigned To: Ben Turner (not reading bugmail, use the needinfo flag!)
:
: Andrew Overholt [:overholt]
Mentors:
https://crypto.cat/?c=test
: 721191 (view as bug list)
Depends on:
Blocks: 532972 new-web-workers 687221
  Show dependency treegraph
 
Reported: 2011-09-20 11:19 PDT by Bob Clary [:bc:]
Modified: 2012-01-26 01:54 PST (History)
11 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
affected
+
affected
+
verified


Attachments
Patch. v1 (1.17 KB, patch)
2011-12-07 18:50 PST, Ben Turner (not reading bugmail, use the needinfo flag!)
jonas: review+
akeybl: approval‑mozilla‑aurora+
akeybl: approval‑mozilla‑beta-
Details | Diff | Splinter Review

Description User image Bob Clary [:bc:] 2011-09-20 11:19:46 PDT
1. https://crypto.cat/?c=test
2. Shutdown
3. Crash Aurora/8, Nightly/9 - Windows, Mac, Linux - Debug at least. Beta does not crash.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x000000fc
0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899
899	    cx->outstandingRequests++;
(gdb) bt
#0  0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899
#1  0x066e3050 in JSAutoRequest::JSAutoRequest (this=0xbfffcffc, cx=0x0, _notifier=@0xbfffd008) at jsapi.h:794
#2  0x05bb6dbe in mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow (this=0x27f1e5a0, aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:1064
#3  0x05bb6ea0 in mozilla::dom::workers::ResumeWorkersForWindow (aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:460
Comment 1 User image Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2011-09-20 11:25:17 PDT
Almost certainly a regression from the workers rewrite.
Comment 2 User image Ben Turner (not reading bugmail, use the needinfo flag!) 2011-09-20 14:06:24 PDT
Full stack:

mozjs.dll!JS_BeginRequest(JSContext * cx)
xul.dll!JSAutoRequest::JSAutoRequest(JSContext * cx)
xul.dll!mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow)
xul.dll!mozilla::dom::workers::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow)
xul.dll!nsGlobalWindow::ResumeTimeouts(int aThawChildren)
xul.dll!nsResumeTimeoutsEvent::Run()
xul.dll!nsThread::ProcessNextEvent(int mayWait, int * result)
...
xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData)

This one is simple, just need to make sure ResumeWorkersForWindow can handle a null context. It's not really needed, but if we have one we need a request.
Comment 3 User image Marco Zehe (:MarcoZ) 2011-11-21 23:55:54 PST
I hafve someone here who encountered this after upgrading to 8.0. Crash report: https://crash-stats.mozilla.com/report/index/bp-0eef12a6-2e84-49c5-949f-8a1102111119
Comment 4 User image Marco Zehe (:MarcoZ) 2011-11-22 23:07:25 PST
In regards to comment #3, the user is reliably able to reproduce this on http://www.cuetools.net/wiki/Main_Page. When he opens a link in a new window, he gets this crash. Latest report:
https://crash-stats.mozilla.com/report/index/bp-f23cf359-d6cf-4dc3-af1a-5d2ab2111122
Comment 5 User image Marco Zehe (:MarcoZ) 2011-12-05 23:45:06 PST
The same person reports this crash still being present in Aurora for him. Latest report: https://crash-stats.mozilla.com/report/index/bp-ab204c45-08b7-4cb4-a2e0-864822111205.
Requesting tracking to get this one on the radar.
Comment 6 User image Alex Keybl [:akeybl] 2011-12-06 12:00:34 PST
#192 in 8.0.1, and #45 in 9.0b4. Tracking for FF9/10.
Comment 7 User image Ben Turner (not reading bugmail, use the needinfo flag!) 2011-12-07 18:50:15 PST
Created attachment 579934 [details] [diff] [review]
Patch. v1

Simple.
Comment 8 User image Ben Turner (not reading bugmail, use the needinfo flag!) 2011-12-08 02:54:14 PST
https://hg.mozilla.org/integration/mozilla-inbound/rev/21aac86d6658
Comment 9 User image Ed Morley [:emorley] 2011-12-08 08:27:02 PST
https://hg.mozilla.org/mozilla-central/rev/21aac86d6658
Comment 10 User image Marco Zehe (:MarcoZ) 2011-12-08 08:29:40 PST
Ben, would it make sense to request that this be allowed to land on Aurora and possibly even Beta since it fixes a crash?
Comment 11 User image Ben Turner (not reading bugmail, use the needinfo flag!) 2011-12-08 14:21:21 PST
Comment on attachment 579934 [details] [diff] [review]
Patch. v1

This patch is very simple (low risk) and fixes a reproducible crash currently being tracked for FF 9 and FF 10 (high reward).
Comment 12 User image Alex Keybl [:akeybl] 2011-12-08 14:37:45 PST
Comment on attachment 579934 [details] [diff] [review]
Patch. v1

[Triage Comment]
Minusing for beta because of how late we are in the cycle, but let's land this on aurora.
Comment 13 User image Ben Turner (not reading bugmail, use the needinfo flag!) 2011-12-09 11:23:38 PST
https://hg.mozilla.org/releases/mozilla-aurora/rev/20ba8e63ed68
Comment 14 User image Paul Silaghi, QA [:pauly] 2011-12-29 00:15:38 PST
I see no crashes on Firefox 10b1:
Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0) Gecko/20100101 Firefox/10.0
ftp://ftp.mozilla.org/pub/firefox/nightly/2011/12/2011-12-28-mozilla-beta-debug/firefox-10.0.en-US.debug-mac.dmg
ftp://ftp.mozilla.org/pub/firefox/nightly/2011/12/2011-12-28-mozilla-beta-debug/firefox-10.0.en-US.debug-linux-i686.tar.bz2
This is verified fixed on 10b1.
Comment 15 User image Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-12-29 09:51:03 PST
(In reply to Paul Silaghi [QA] from comment #14)
> This is verified fixed on 10b1.

Don't forget to also set the status-firefox10 flag to verified.
Comment 16 User image Ben Turner (not reading bugmail, use the needinfo flag!) 2012-01-26 01:54:49 PST
*** Bug 721191 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.