Ubuntu
firefox-3.0 package

firefox crash @js_Interpret @js_Invoke @nsXPCWrappedJSClass::CallMethod

Bug #344601 reported by Zooko Wilcox-O'Hearn
18
Affects Status Importance Assigned to Milestone
Mozilla Firefox
Fix Released
Critical
firefox-3.0 (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: firefox-3.0

Summary: firefox crash @js_Interpret @js_Invoke @nsXPCWrappedJSClass::CallMethod

Backtrace: http://launchpadlibrarian.net/24206868/Stacktrace.txt

StacktraceTop:

js_Interpret (cx=0x888120) at jsinterp.c:4186
js_Invoke (cx=0x888120, argc=4, vp=0x9012b8,
nsXPCWrappedJSClass::CallMethod (this=0x23e2a90,
PrepareAndDispatch (self=0x1992040,
SharedStub ()

Original description:

I just launched it and it tried to load many (dozens) of remembered tabs, so the js in question could be any of them. I would be willing to help you track it down.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/lib/firefox-3.0.7/firefox
Package: firefox-3.0 3.0.7+nobinonly-0ubuntu1
ProcCmdline: /usr/lib/firefox-3.0.7/firefox
ProcEnviron:
 LC_CTYPE=en_DK.UTF-8
 PATH=(custom, user)
 LANG=en_DK.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: firefox-3.0
StacktraceTop:
 ?? () from /usr/lib/xulrunner-1.9.0.7/libmozjs.so
 js_Invoke ()
 ?? () from /usr/lib/xulrunner-1.9.0.7/libxul.so
 ?? () from /usr/lib/xulrunner-1.9.0.7/libxul.so
 ?? () from /usr/lib/xulrunner-1.9.0.7/libxul.so
Title: firefox crashed with SIGSEGV in js_Invoke()
Uname: Linux 2.6.28-9-generic x86_64
UserGroups: admin audio pulse pulse-access pulse-rt

See original description
Revision history for this message
In , David-humphrey (david-humphrey) wrote :

My zip is too big, with extjs included, so here is a link:

http://cs.senecac.on.ca/~david.humphrey/tmp/firebugcrash.zip

Revision history for this message
In , David-humphrey (david-humphrey) wrote :

Here are some crashes I've had with this:

http://crash-stats.mozilla.com/report/index/0756292e-fa13-11dc-9aec-001a4bd43e5c?date=2008-03-25-02
http://crash-stats.mozilla.com/report/index/d0d4ab6e-fa12-11dc-b564-001a4bd43ef6?date=2008-03-25-02
http://crash-stats.mozilla.com/report/index/95b3f699-fa0d-11dc-8c52-001a4bd43ed6?date=2008-03-25-01
http://crash-stats.mozilla.com/report/index/ee1e4c0a-fa03-11dc-b15d-001a4bd43ef6?date=2008-03-25-00

Revision history for this message
In , Johnjbarton (johnjbarton) wrote :

See also 425452, top frames are the same.

Revision history for this message
In , Crowder (crowder) wrote :

I can't get this to crash with firebug1.2, and I can't get firebug1.1 (from a very recent svn) to work (ie, show UI at all) in my trunk nightly. John J. Barton: Is there a fix/patch for firebug1.1 that I need?

Revision history for this message
In , Johnjbarton (johnjbarton) wrote :

You could use the release at http://getfirebug.com.

If you use branches/firebug1.1 you'll need to run ant build.xml to get install.rdf . http://code.google.com/p/fbug/source/browse/branches/readme.txt

Revision history for this message
In , Crowder (crowder) wrote :

I did run ant. Nevertheless, I get a number of "failed to load XPCOM components" (for things in my .svn directory, weirdly) and then an "Error: no element found" from chrome://firebug/content/browserOverlay.xul line 1, followed by a "failed to load overlay" warning.

I'll try the release.

Revision history for this message
In , Johnjbarton (johnjbarton) wrote :

(In reply to comment #6)
> I did run ant. Nevertheless, I get a number of "failed to load XPCOM
> components" (for things in my .svn directory, weirdly)

This is a FF3 "feature", happens when you rebuild your profile. Just run FF again if you don't like the messages, I can't do anything about them.

> and then an "Error: no
> element found" from chrome://firebug/content/browserOverlay.xul line 1,

Also a FF message, very unlikely the error is on line 1. Or even in that xul file :-( I've not seen this.

> followed by a "failed to load overlay" warning.

Wow, that's cool! I've never actually seen a message when overlays fail.

You might just try it with FF2, I don't know that 1.1 has been run off of svn against FF3.

>
> I'll try the release

Revision history for this message
In , David-humphrey (david-humphrey) wrote :

fwiw I'm using FB 1.1.0b11 - http://getfirebug.com/releases/firebug/1.1/firebug-1.1.0b11.xpi

Revision history for this message
In , Johnjbarton (johnjbarton) wrote :

I've requested blocking FF3 for this crash. I have a similar one if this one can't be reproduced.

Revision history for this message
In , Crowder (crowder) wrote :

John: Please describe your "similar one" fully?

Revision history for this message
In , Johnjbarton (johnjbarton) wrote :

Please see bug 425452

Revision history for this message
In , Shaver (shaver) wrote :

Do we know when this regressed?

Revision history for this message
In , Hskupin (hskupin) wrote :

*** Bug 425648 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Hskupin (hskupin) wrote :

Igor, possibly a regression from your patch on bug 421266?

Revision history for this message
In , Johnjbarton (johnjbarton) wrote :

(In reply to comment #12)
> Do we know when this regressed?
>
 I have crashes from 3/14 (FF3b4) that could be similar if we assume the stack is bogus per 425452:
http://crash-stats.mozilla.com/report/index/9a2b04c5-f250-11dc-ba3e-001a4bd46e84
Frame Signature Source
0 @0x20202a
1 js_Invoke
2 @0x46a06011
3/18 (FF3b5pre) is closer
http://crash-stats.mozilla.com/report/index/ae1c3c9c-f501-11dc-a170-001a4bd46e84

I used FF3b4 quite a bit so I'd put my bet on early in b5pre.

Revision history for this message
In , Igor Bukanov (igor-mir2) wrote :

(In reply to comment #14)
> Igor, possibly a regression from your patch on bug 421266?
>

Is it based on the stack trace alone? AFAICS the trace just tells that the crash happens somewhere in js_Interpret.

Revision history for this message
In , Hskupin (hskupin) wrote :

Got the same crash under OS X 10.5 after installing Firebug 1.1b12, visited the following crashreporter site and clicked on Frames. Seems to be a simpler testcase as the one from comment 1.

bp-43687935-fdb7-11dc-8adb-001a4bd43ef6

Revision history for this message
In , Hskupin (hskupin) wrote :

(In reply to comment #16)
> Is it based on the stack trace alone? AFAICS the trace just tells that the
> crash happens somewhere in js_Interpret.

Yes, and I'm sorry. The assumption was wrong. I did a regression test and found a regression window between 20080322-04 and 20080323-04.

http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2008-03-22+03%3A00%3A00&maxdate=2008-03-23+05%3A00%3A00&cvsroot=%2Fcvsroot

Igor, bug 424376 would fit into this timeframe. Could this be the cause?

It's reproducible for me when logging into Gmail. I have to wait some seconds, then Firefox crashes.

Revision history for this message
In , Pkc (pkc) wrote :

I cant see how this is intended behaviour?
Forbidding a download based on a filename policy that can not be disabled/seen anywhere?

Revision history for this message
In , Shaver (shaver) wrote :

(In reply to comment #19)
> I cant see how this is intended behaviour?
> Forbidding a download based on a filename policy that can not be disabled/seen
> anywhere?

Are you commenting in the right bug?

Revision history for this message
In , Pkc (pkc) wrote :

Sorry about that one, wrong manipulation.

Revision history for this message
In , Hskupin (hskupin) wrote :

(In reply to comment #15)
> I have crashes from 3/14 (FF3b4) that could be similar if we assume the stack
> is bogus per 425452:

Mmh, I think that I was wrong with my latest tests. If you really have crashes from 03/14 I probably see a different bug which has mainly the same stacktrace and is caused by some other inconsistencies. I'll try to find some time tomorrow to take a look at the mentioned testcase from comment 1. I hope to find the real regression window now.

Revision history for this message
In , Pkc (pkc) wrote :

On a side note, disabling firebug seems to have fixed the crashes here(not a single one in two days, vs 2-3 before)

Revision history for this message
In , Johnjbarton (johnjbarton) wrote :

(In reply to comment #17)
> Got the same crash under OS X 10.5 after installing Firebug 1.1b12, visited the
> following crashreporter site and clicked on Frames. Seems to be a simpler
> testcase as the one from comment 1.
>
> bp-43687935-fdb7-11dc-8adb-001a4bd43ef6
>

This one has Firebug on the stack. Can you try with FF3pre?

Revision history for this message
In , Chris-tyler (chris-tyler) wrote :

We've done some regression testing and it looks like the problem first appeared on 03-23 (03-21, 03-22 are ok, 03-23 onward crash -- 03-29 didn't seem to crash either (?)).

Revision history for this message
In , Crowder (crowder) wrote :

That would incriminate bug 424376, which has been backed out. Recent builds should no longer exhibit this issue. Is that the case?

Revision history for this message
In , Johnjbarton (johnjbarton) wrote :

2008032805 crashed for me
2008033105 did not.
This is for my version of this crash.

Revision history for this message
In , Crowder (crowder) wrote :

Marking fixed by the backout of bug 424376.

Revision history for this message
In , Matti-mversen (matti-mversen) wrote :

*** Bug 426758 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Bclary (bclary) wrote :

a non-firebug test case would be greatly appreciated by all.

Revision history for this message
In , Crowder (crowder) wrote :

*** Bug 426892 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Paweł Smoliński (linuxuser-czlowieksukcesu) wrote :

*** Bug 431206 has been marked as a duplicate of this bug. ***

Revision history for this message
Zooko Wilcox-O'Hearn (zooko) wrote : firefox crashed with SIGSEGV in js_Invoke()

Binary package hint: firefox-3.0

I just launched it and it tried to load many (dozens) of remembered tabs, so the js in question could be any of them. I would be willing to help you track it down.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/lib/firefox-3.0.7/firefox
Package: firefox-3.0 3.0.7+nobinonly-0ubuntu1
ProcCmdline: /usr/lib/firefox-3.0.7/firefox
ProcEnviron:
 LC_CTYPE=en_DK.UTF-8
 PATH=(custom, user)
 LANG=en_DK.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: firefox-3.0
StacktraceTop:
 ?? () from /usr/lib/xulrunner-1.9.0.7/libmozjs.so
 js_Invoke ()
 ?? () from /usr/lib/xulrunner-1.9.0.7/libxul.so
 ?? () from /usr/lib/xulrunner-1.9.0.7/libxul.so
 ?? () from /usr/lib/xulrunner-1.9.0.7/libxul.so
Title: firefox crashed with SIGSEGV in js_Invoke()
Uname: Linux 2.6.28-9-generic x86_64
UserGroups: admin audio pulse pulse-access pulse-rt

Revision history for this message
Zooko Wilcox-O'Hearn (zooko) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:js_Interpret (cx=0x888120) at jsinterp.c:4186
js_Invoke (cx=0x888120, argc=4, vp=0x9012b8,
nsXPCWrappedJSClass::CallMethod (this=0x23e2a90,
PrepareAndDispatch (self=0x1992040,
SharedStub ()

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Revision history for this message
Apport retracing service (apport) wrote : Stack trace with source code
Changed in firefox-3.0:
importance: Undecided → Medium
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Unknown → New
Hilario J. Montoliu (hjmf) (hmontoliu)
description: updated
summary: - firefox crashed with SIGSEGV in js_Invoke()
+ firefox crash @js_Interpret @js_Invoke @nsXPCWrappedJSClass::CallMethod
Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Can you provide steps to reproduce this issue?

Thank you in advance.

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Same backtrace than https://bugzilla.mozilla.org/show_bug.cgi?id=425648 which is already a dup of https://bugzilla.mozilla.org/show_bug.cgi?id=425499

Changed in firefox:
status: New → Unknown
Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Fix commited upstream

Changed in firefox-3.0 (Ubuntu):
status: New → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Unknown → Fix Released
Revision history for this message
In , Wildmyron (wildmyron) wrote :

*** Bug 487417 has been marked as a duplicate of this bug. ***

Revision history for this message
Micah Gersten (micahg) wrote :

Thank you for reporting this to Ubuntu. I am marking this invalid as it is for software that we do not support yet. If you'd like to be notified when we package the 64 bit version of Flash, you can subscribe to bug 326555.
Please report any other issues you may find.

Changed in firefox-3.0 (Ubuntu):
status: Fix Committed → Invalid
Revision history for this message
Micah Gersten (micahg) wrote :

Sorry for the last comment. This was indeed fixed.

Changed in firefox-3.0 (Ubuntu):
status: Invalid → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.