Closed Bug 974645 Opened 6 years ago Closed 6 years ago

Assertion at AssertNoGcThing() at CycleCollectedJSRuntime.cpp:837 with mozilla::dom::workers::XMLHttpRequest::cycleCollection::Trace on stack

Categories

(Core :: DOM: Workers, defect)

ARM
Gonk (Firefox OS)
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla30

People

(Reporter: botond, Assigned: bent.mozilla)

Details

Attachments

(1 file)

STR:
  1. Run a debug build of B2G trunk on Nexus 4.
  2. Open the email app.
  3. Set up an email account (I used Hotmail).

As soon as the emails start loading, I get the following crash:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1665.1707]
0xb4c488e0 in AssertNoGcThing (aGCThing=<optimized out>, aName=<optimized out>, aClosure=<optimized out>) at ../../../xpcom/base/CycleCollectedJSRuntime.cpp:837
837       MOZ_ASSERT(!aGCThing);
(gdb) i s
#0  0xb4c488e0 in AssertNoGcThing (aGCThing=<optimized out>, aName=<optimized out>, aClosure=<optimized out>) at ../../../xpcom/base/CycleCollectedJSRuntime.cpp:837
#1  AssertNoGcThing (aGCThing=<optimized out>, aName=<optimized out>, aClosure=<optimized out>) at ../../../xpcom/base/CycleCollectedJSRuntime.cpp:835
#2  0xb4c3a1f8 in TraceCallbackFunc::Trace (this=<optimized out>, p=<optimized out>, name=<optimized out>, closure=<optimized out>)
    at ../../../xpcom/glue/nsCycleCollectionParticipant.cpp:72
#3  0xb556510a in mozilla::dom::workers::XMLHttpRequest::cycleCollection::Trace (this=0xb6cc3168, p=<optimized out>, aCallbacks=..., aClosure=0x0)
    at ../../../dom/workers/XMLHttpRequest.cpp:1561
#4  0xb4c4988a in mozilla::CycleCollectedJSRuntime::AssertNoObjectsToTrace (this=<optimized out>, aPossibleJSHolder=0xb1bbba60) at ../../../xpcom/base/CycleCollectedJSRuntime.cpp:845
#5  0xb4c4efa4 in nsCycleCollector::CollectWhite (this=0xb2e0a000) at ../../../xpcom/base/nsCycleCollector.cpp:2909
#6  0xb4c501dc in nsCycleCollector::Collect (this=0xb2e0a000, aCCType=ManualCC, aBudget=..., aManualListener=0x0) at ../../../xpcom/base/nsCycleCollector.cpp:3205
#7  0xb4c503a4 in nsCycleCollector_collect (aManualListener=0x0) at ../../../xpcom/base/nsCycleCollector.cpp:3742
#8  0xb4c4a2aa in mozilla::CycleCollectedJSRuntime::OnGC (this=0xb10ffc78, aStatus=JSGC_END) at ../../../xpcom/base/CycleCollectedJSRuntime.cpp:1150
#9  0xb5fdc376 in Collect (rt=0xb30f6000, incremental=<optimized out>, budget=0, gckind=js::GC_SHRINK, reason=JS::gcreason::DOM_WORKER) at ../../../js/src/jsgc.cpp:4935
#10 0xb5fdc556 in js::GC (rt=<optimized out>, gckind=<optimized out>, reason=<optimized out>) at ../../../js/src/jsgc.cpp:4961
#11 0xb555a68e in mozilla::dom::workers::WorkerPrivate::GarbageCollectInternal (this=0xb20af000, aCx=0xb1c1b840, aShrinking=<optimized out>, aCollectChildren=<optimized out>)
    at ../../../dom/workers/WorkerPrivate.cpp:5580
#12 0xb555a6dc in (anonymous namespace)::GarbageCollectRunnable::WorkerRun (this=<optimized out>, aCx=<optimized out>, aWorkerPrivate=<optimized out>)
    at ../../../dom/workers/WorkerPrivate.cpp:1651
#13 0xb5562fc0 in mozilla::dom::workers::WorkerRunnable::Run (this=0xb1cb7a60) at ../../../dom/workers/WorkerRunnable.cpp:312
#14 0xb555e752 in mozilla::dom::workers::WorkerPrivate::ProcessAllControlRunnablesLocked (this=0xb20af000) at ../../../dom/workers/WorkerPrivate.cpp:4477
#15 0xb5561d3a in mozilla::dom::workers::WorkerPrivate::DoRunLoop (this=0xb20af000, aCx=0xb1c1b840) at ../../../dom/workers/WorkerPrivate.cpp:3974
#16 0xb554e94c in (anonymous namespace)::WorkerThreadPrimaryRunnable::Run (this=0xb2e85480) at ../../../dom/workers/RuntimeService.cpp:2559
#17 0xb4c828da in ProcessNextEvent (result=0xb10ffe1f, mayWait=false, this=0xb2252470) at ../../../xpcom/threads/nsThread.cpp:643
#18 nsThread::ProcessNextEvent (this=0xb2252470, mayWait=<optimized out>, result=0xb10ffe1f) at ../../../xpcom/threads/nsThread.cpp:567
#19 0xb4c3d05c in NS_ProcessNextEvent (thread=0xb2252470, mayWait=<optimized out>) at ../../../xpcom/glue/nsThreadUtils.cpp:263
#20 0xb4e1cd3e in mozilla::ipc::MessagePumpForNonMainThreads::Run (this=0xb32ec190, aDelegate=0xb26f7b00) at ../../../ipc/glue/MessagePump.cpp:303
#21 0xb4e0e8ea in MessageLoop::RunInternal (this=0xb26f7b00) at ../../../ipc/chromium/src/base/message_loop.cc:226
#22 0xb4e0e902 in RunHandler (this=0xb26f7b00) at ../../../ipc/chromium/src/base/message_loop.cc:219
#23 MessageLoop::Run (this=0xb26f7b00) at ../../../ipc/chromium/src/base/message_loop.cc:193
#24 0xb4c822c0 in nsThread::ThreadFunc (arg=0xb2252470) at ../../../xpcom/threads/nsThread.cpp:258
#25 0xb487fa2c in _pt_root (arg=0xb20d6980) at ../../../../../nsprpub/pr/src/pthreads/ptthread.c:212
#26 0xb6e74a5c in __thread_entry (func=0xb487f985 <_pt_root>, arg=0xb20d6980, tls=0xb10fff00) at bionic/libc/bionic/pthread_create.cpp:92
#27 0xb6e74bd8 in pthread_create (thread_out=0xbef0b1fc, attr=<optimized out>, start_routine=0x78, arg=0xb20d6980) at bionic/libc/bionic/pthread_create.cpp:201
#28 0x00000000 in ?? ()
This looks like a problem in workers XHR based on the stack.
Component: Gaia::E-Mail → DOM: Workers
Product: Firefox OS → Core
Summary: Segfault in AssertNoGcThing() at CycleCollectedJSRuntime.cpp:837 → Segfault in AssertNoGcThing() at CycleCollectedJSRuntime.cpp:837 with mozilla::dom::workers::XMLHttpRequest::cycleCollection::Trace on stack
Mmm, this is a silly assertion.  We're tracing but not unlinking mStateData.mResponse.
Attached patch PatchSplinter Review
Assignee: nobody → bent.mozilla
Status: NEW → ASSIGNED
Attachment #8379257 - Flags: review?(khuey)
Summary: Segfault in AssertNoGcThing() at CycleCollectedJSRuntime.cpp:837 with mozilla::dom::workers::XMLHttpRequest::cycleCollection::Trace on stack → Assertion at AssertNoGcThing() at CycleCollectedJSRuntime.cpp:837 with mozilla::dom::workers::XMLHttpRequest::cycleCollection::Trace on stack
https://hg.mozilla.org/mozilla-central/rev/5833eb900958
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.