Last Comment Bug 687929 - null cx Crash [@ JS_BeginRequest ] with dom workers
: null cx Crash [@ JS_BeginRequest ] with dom workers
Status: RESOLVED FIXED
[qa+][qa!:10]
: crash, regression, reproducible
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: x86 All
: -- critical (vote)
: mozilla11
Assigned To: Ben Turner (not reading bugmail, use the needinfo flag!)
:
Mentors:
https://crypto.cat/?c=test
: 721191 (view as bug list)
Depends on:
Blocks: 532972 new-web-workers 687221
  Show dependency treegraph
 
Reported: 2011-09-20 11:19 PDT by Bob Clary [:bc:]
Modified: 2012-01-26 01:54 PST (History)
11 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
affected
+
affected
+
verified


Attachments
Patch. v1 (1.17 KB, patch)
2011-12-07 18:50 PST, Ben Turner (not reading bugmail, use the needinfo flag!)
jonas: review+
akeybl: approval‑mozilla‑aurora+
akeybl: approval‑mozilla‑beta-
Details | Diff | Review

Description Bob Clary [:bc:] 2011-09-20 11:19:46 PDT
1. https://crypto.cat/?c=test
2. Shutdown
3. Crash Aurora/8, Nightly/9 - Windows, Mac, Linux - Debug at least. Beta does not crash.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x000000fc
0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899
899	    cx->outstandingRequests++;
(gdb) bt
#0  0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899
#1  0x066e3050 in JSAutoRequest::JSAutoRequest (this=0xbfffcffc, cx=0x0, _notifier=@0xbfffd008) at jsapi.h:794
#2  0x05bb6dbe in mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow (this=0x27f1e5a0, aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:1064
#3  0x05bb6ea0 in mozilla::dom::workers::ResumeWorkersForWindow (aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:460
Comment 1 Kyle Huey [:khuey] (khuey@mozilla.com) (Away until 6/13) 2011-09-20 11:25:17 PDT
Almost certainly a regression from the workers rewrite.
Comment 2 Ben Turner (not reading bugmail, use the needinfo flag!) 2011-09-20 14:06:24 PDT
Full stack:

mozjs.dll!JS_BeginRequest(JSContext * cx)
xul.dll!JSAutoRequest::JSAutoRequest(JSContext * cx)
xul.dll!mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow)
xul.dll!mozilla::dom::workers::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow)
xul.dll!nsGlobalWindow::ResumeTimeouts(int aThawChildren)
xul.dll!nsResumeTimeoutsEvent::Run()
xul.dll!nsThread::ProcessNextEvent(int mayWait, int * result)
...
xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData)

This one is simple, just need to make sure ResumeWorkersForWindow can handle a null context. It's not really needed, but if we have one we need a request.
Comment 3 Marco Zehe (:MarcoZ) 2011-11-21 23:55:54 PST
I hafve someone here who encountered this after upgrading to 8.0. Crash report: https://crash-stats.mozilla.com/report/index/bp-0eef12a6-2e84-49c5-949f-8a1102111119
Comment 4 Marco Zehe (:MarcoZ) 2011-11-22 23:07:25 PST
In regards to comment #3, the user is reliably able to reproduce this on http://www.cuetools.net/wiki/Main_Page. When he opens a link in a new window, he gets this crash. Latest report:
https://crash-stats.mozilla.com/report/index/bp-f23cf359-d6cf-4dc3-af1a-5d2ab2111122
Comment 5 Marco Zehe (:MarcoZ) 2011-12-05 23:45:06 PST
The same person reports this crash still being present in Aurora for him. Latest report: https://crash-stats.mozilla.com/report/index/bp-ab204c45-08b7-4cb4-a2e0-864822111205.
Requesting tracking to get this one on the radar.
Comment 6 Alex Keybl [:akeybl] 2011-12-06 12:00:34 PST
#192 in 8.0.1, and #45 in 9.0b4. Tracking for FF9/10.
Comment 7 Ben Turner (not reading bugmail, use the needinfo flag!) 2011-12-07 18:50:15 PST
Created attachment 579934 [details] [diff] [review]
Patch. v1

Simple.
Comment 8 Ben Turner (not reading bugmail, use the needinfo flag!) 2011-12-08 02:54:14 PST
https://hg.mozilla.org/integration/mozilla-inbound/rev/21aac86d6658
Comment 9 Ed Morley [:emorley] 2011-12-08 08:27:02 PST
https://hg.mozilla.org/mozilla-central/rev/21aac86d6658
Comment 10 Marco Zehe (:MarcoZ) 2011-12-08 08:29:40 PST
Ben, would it make sense to request that this be allowed to land on Aurora and possibly even Beta since it fixes a crash?
Comment 11 Ben Turner (not reading bugmail, use the needinfo flag!) 2011-12-08 14:21:21 PST
Comment on attachment 579934 [details] [diff] [review]
Patch. v1

This patch is very simple (low risk) and fixes a reproducible crash currently being tracked for FF 9 and FF 10 (high reward).
Comment 12 Alex Keybl [:akeybl] 2011-12-08 14:37:45 PST
Comment on attachment 579934 [details] [diff] [review]
Patch. v1

[Triage Comment]
Minusing for beta because of how late we are in the cycle, but let's land this on aurora.
Comment 13 Ben Turner (not reading bugmail, use the needinfo flag!) 2011-12-09 11:23:38 PST
https://hg.mozilla.org/releases/mozilla-aurora/rev/20ba8e63ed68
Comment 14 Paul Silaghi, QA [:pauly] 2011-12-29 00:15:38 PST
I see no crashes on Firefox 10b1:
Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0) Gecko/20100101 Firefox/10.0
ftp://ftp.mozilla.org/pub/firefox/nightly/2011/12/2011-12-28-mozilla-beta-debug/firefox-10.0.en-US.debug-mac.dmg
ftp://ftp.mozilla.org/pub/firefox/nightly/2011/12/2011-12-28-mozilla-beta-debug/firefox-10.0.en-US.debug-linux-i686.tar.bz2
This is verified fixed on 10b1.
Comment 15 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-12-29 09:51:03 PST
(In reply to Paul Silaghi [QA] from comment #14)
> This is verified fixed on 10b1.

Don't forget to also set the status-firefox10 flag to verified.
Comment 16 Ben Turner (not reading bugmail, use the needinfo flag!) 2012-01-26 01:54:49 PST
*** Bug 721191 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.