Ubuntu
firefox package

MASTER firefox crash in java [@JavaPluginFactory5::CreateSecureEnv] [@ProxyJNIEnv]

Bug #86002 reported by sky_walkie
50
Affects Status Importance Assigned to Milestone
Mozilla Firefox
Expired
Critical
firefox (Ubuntu)
Won't Fix
High
Mozilla Bugs

Bug Description

Binary package hint: firefox

Installing some themes for Firefox. It died during restart.

ProblemType: Crash
Date: Sun Feb 18 12:08:31 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/lib/firefox/firefox-bin
Package: firefox 2.0.0.1+1-0ubuntu1
ProcCmdline: /usr/lib/firefox/firefox-bin
ProcCwd: /home/user
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
Signal: 11
SourcePackage: firefox
StacktraceTop:
 __kernel_vsyscall ()
 raise () from /lib/tls/i686/cmov/libpthread.so.0
 ?? ()
 ?? ()
 ?? ()
Uname: Linux user-desktop 2.6.20-8-generic #2 SMP Tue Feb 13 05:18:42 UTC 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin netdev plugdev powerdev scanner video

Extract from retraced stacktrace:
...
#3 <signal handler called>
#4 CNSAdapter_NSPR::JDFileDesc_To_FD ()
#5 JavaPluginFactory5::CreateSecureEnv ()
#6 CNSAdapter_JavaPluginFactory::CreateSecureEnv ()
#7 ProxyJNIEnv (this=0x8a455e0, jvmPlugin=0x8a45628,
#8 CreateProxyJNI (jvmPlugin=0x8a45628, inSecureEnv=0x0)
#9 JVM_GetJNIEnv () at jvmmgr.cpp:289
#10 nsJVMManager::GetProxyJNI (this=0x82a24b8,
#11 nsPluginHostImpl::TrySetUpPluginInstance (this=0x8b70288,
...

See original description
Tags: mt-upstream
Revision history for this message
In , Alfred Peng (alfred-peng) wrote :

Any version information for Java and Firefox?

Could you provide the output of
1. cat /etc/release
2. cat /etc/product-info
3. pkginfo -l SUNWfirefox
on the opensolaris?

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

i'm away for the weekend, but it's the latest official solaris express community edition snv_41 so if you're in a hurry you can look it up.

Revision history for this message
In , Conny-cheng (conny-cheng) wrote :

Could you pls provide us the output information of about:plugins from Firefox? And one or two links which crash firefox.

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

the java page I've been using is internal. I'll try to find a basic java page that crashes, from the stack it seem fairly clear that *any* java page will crash. again, I'm traveling (on a high speed train atm) and can't possibly provide any data until I return Monday.

if you could save me the trouble of searching for a *basic* java plugin page, that'd be appreciated, I'll gladly follow as many links as you provide.

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :
Download full text (3.9 KiB)

swift% cat /etc/release
                            Solaris Nevada snv_41 X86
           Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
                        Use is subject to license terms.
                             Assembled 01 June 2006
swift% cat /etc/product-info
product=Sun Java Desktop System
productAbbrv=Java_DS
release=4
build=41
buildType=devel
assembled=16 May 2006
swift% pkginfo -l SUNWfirefox
   PKGINST: SUNWfirefox
      NAME: Mozilla Firefox Web browser
  CATEGORY: FIREFOX,application,JDS4
      ARCH: i386
   VERSION: 1.5.0.3,REV=110.0.4.2006.05.15.11.32
   BASEDIR: /usr
    VENDOR: Sun Microsystems, Inc.
      DESC: Mozilla Firefox Web browser
    PSTAMP: goto1020060515040936
  INSTDATE: Jul 17 2006 01:49
   HOTLINE: Please contact your local service provider
    STATUS: completely installed
     FILES: 402 installed pathnames
                   7 shared pathnames
                  32 directories
                 369 executables
               81784 blocks used (approx)

Installed plug-ins
Find more information about browser plug-ins at mozilla.org.
Help for installing plug-ins is available from plugindoc.mozdev.org.
Helix DNA Plugin: RealPlayer G2 Plug-In Compatible

    File name: /usr/lib/RealPlay/firefox/nphelix.so
    Helix DNA Plugin: RealPlayer G2 Plug-In Compatible version 0.4.0.1192 built on Apr 18 2006

MIME Type Description Suffixes Enabled
audio/x-pn-realaudio-plugin RealPlayer Plugin Metafile rpm Yes
Shockwave Flash

    File name: /usr/lib/firefox/plugins/libflashplayer.so
    Shockwave Flash 7.0 r63

MIME Type Description Suffixes Enabled
application/x-shockwave-flash Shockwave Flash swf Yes
application/futuresplash FutureSplash Player spl Yes
Default Plugin

    File name: /usr/lib/firefox/plugins/libnullplugin.so
    The default plugin handles plugin data for mimetypes and extensions that are not specified and facilitates downloading of new plugins.

MIME Type Description Suffixes Enabled
* All types .* No
Demo Print Plugin for unix/linux

    File name: /usr/lib/firefox/plugins/libunixprintplugin.so
    The demo print plugin for unix.

MIME Type Description Suffixes Enabled
application/x-print-unix-nsplugin Demo Print Plugin for Unix/Linux .pnt Yes
Java(TM) Plug-in 1.5.0_06-b05

    File name: /usr/jdk/instances/jdk1.5.0/jre/plugin/i386/ns7/libjavaplugin_oji.so
    Java(TM) Plug-in 1.5.0_06

MIME Type Description Suffixes Enabled
application/x-java-vm Java Yes
application/x-java-applet Java Yes
application/x-java-applet;version=1.1 Java Yes
application/x-java-applet;version=1.1.1 Java Yes
application/x-java-applet;version=1.1.2 Java Yes
application/x-java-applet;version=1.1.3 Java Yes
application/x-java-applet;version=1.2 Java Yes
application/x-java-applet;version=1.2.1 Java Yes
application/x-java-applet;version=1.2.2 Java Yes
application/x-java-applet;version=1.3 Java Yes
application/x-java-applet;version=1.3.1 Java Yes
application/x-java-applet;version=1.4 Java Yes
application/x-java-applet;version=1.4.1 Java Yes
application/x-java-applet;version=1.4.2 Java Yes
application/x-java-applet;version=1.5 J...

Read more...

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

In order to improve my stability, I disabled java after filing this bug.

Today in this session:
0. I enabled java and loaded:
1. data:text/html,<applet>
2. http://www.javatester.org/version.html
3. The internal site that I thought was causing my crash

unfortunately none of these crashed, which really sucks. I don't really like the idea of running where things will randomly crash, and I don't have good steps to reproduce :(.

And if I have a core dump, i'm not sure where it went.

Revision history for this message
In , Alfred Peng (alfred-peng) wrote :

It seems that we're using the same version of Solaris. The Java-plugin for Firefox here works well and no crash.

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

it looks like JavaPluginFactory5::StartupJVM is calling JavaVM5::StartJavaVM w/ a null pointer, assuming that in turn calls CNSAdapter_NSPR::JD_Close with the same null pointer, then one of the former is probably buggy.

I don't believe I have sources to JavaPLuginFactory5/JavaVM5, can you investigate that? (if sources are available, provide a url and I'll read).

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :
Download full text (10.8 KiB)

Peng: this bit me again. it's very annoying. Note that I tend to have javascript disabled (I use NoScript).

My user-agent does not contain 'Mozilla/5', i wonder if that's relevant (it doesn't contain ie either, it does contain Mozilla/4.78)

swift% dbx /usr/lib/firefox/firefox-bin firefox-bin.152.global.100.1164134026.swift
t@null (l@1) terminated by signal SEGV (Segmentation Fault)
0xfedb5d55: __lwp_kill+0x0015: jae __lwp_kill+0x23 [ 0xfedb5d63, .+0xe ]
(dbx) where
=>[1] __lwp_kill(0x1, 0xb), at 0xfedb5d55
  [2] raise(0xb), at 0xfed6f1c2
  [3] nsProfileLock::FatalSignalHandler(0xb, 0x0, 0x8043400), at 0x806afae
  [4] __sighndlr(0xb, 0x0, 0x8043400, 0x806aec8), at 0xfedb484f
  [5] call_user_handler(0xb, 0x0, 0x8043400), at 0xfedaa07b
  [6] sigacthandler(0xb, 0x0, 0x8043400, 0xf, 0x0, 0x0), at 0xfedaa222
  ---- called from signal handler with signal 11 (SIGSEGV) ------
  [7] PR_Close(0x0), at 0xfeb9a2d3
  [8] CNSAdapter_NSPR::JD_Close(0x11993ac0, 0x0), at 0xf7be1c69
  [9] JavaVM5::StartJavaVM(0xb186128, 0x0), at 0xf7b93af3
  [10] JavaPluginFactory5::StartupJVM(0x11ab1fb8, 0x8043ac8), at 0xf7b8ed10
  [11] JavaPluginFactory5::GetJavaVM(0x11ab1fb8), at 0xf7b8e79e
  [12] JavaPluginFactory5::CreateSecureEnv(0x11ab1fb8, 0xb8cc058, 0x8043b0c), at 0xf7b8f10b
  [13] CNSAdapter_JavaPluginFactory::CreateSecureEnv(0x111b5398, 0xb8cc058, 0xb8cc078), at 0xf7bde467
  [14] ProxyJNIEnv::ProxyJNIEnv(0xb8cc058, 0x111b5398, 0x0), at 0xfa0482ae
  [15] CreateProxyJNI(0x111b5398, 0x0), at 0xfa048314
  [16] JVM_GetJNIEnv(0xf8d91548, 0x8043dec, 0x8043dec, 0xf8d6a04f, 0x8396af0, 0x8043dd0), at 0xfa04463b
  [17] nsJVMManager::GetProxyJNI(0x8396af0, 0x8043dd0), at 0xfa044ec4
  [18] nsPluginHostImpl::TrySetUpPluginInstance(0x97a3fd0, 0xfb041197, 0xb2c2e20, 0xc38d9b8), at 0xf8d6a04f
  [19] nsPluginHostImpl::SetUpPluginInstance(0x97a3fd0, 0xfb041197, 0xb2c2e20, 0xc38d9b8), at 0xf8d69c12
  [20] nsPluginHostImpl::InstantiateEmbeddedPlugin(0x97a3fd0, 0xfb041197, 0xb2c2e20, 0xc38d9b8), at 0xf8d6895d
  [21] nsObjectFrame::InstantiatePlugin(0x993aa14, 0x12438698, 0x8044a1c, 0x8044a68, 0x97a3fd4, 0xfb041197, 0xb2c2e20), at 0xfab7218c
  [22] nsObjectFrame::Reflow(0x993aa14, 0x12438698, 0x8044a1c, 0x8044a68, 0x8044bbc), at 0xfab704c9
  [23] nsAbsoluteContainingBlock::ReflowAbsoluteFrame(0x993a190, 0x993a148, 0x12438698, 0x8044f28, 0xffffffff, 0xffffffff, 0x993aa14, 0x0, 0x8044bbc), at 0xfab1d0ea
  [24] nsAbsoluteContainingBlock::IncrementalReflow(0x993a190, 0x993a148, 0x12438698, 0x8044f28, 0xffffffff, 0xffffffff), at 0xfab1ccf5
  [25] nsBlockFrame::Reflow(0x993a148, 0x12438698, 0x8044edc, 0x8044f28, 0x8045180), at 0xfab1f08c
  [26] nsContainerFrame::ReflowChild(0xd335f4c, 0x993a148, 0x12438698, 0x8044edc, 0x8044f28, 0x0, 0x0, 0x0, 0x8045180), at 0xfab35d29
  [27] CanvasFrame::Reflow(0xd335f4c, 0x12438698, 0x80451c8, 0x80450a8, 0x8045180), at 0xfab54071
  [28] nsContainerFrame::ReflowChild(0xd336094, 0xd335f4c, 0x12438698, 0x80451c8, 0x80450a8, 0x0, 0x0, 0x3, 0x8045180), at 0xfab35d29
  [29] nsHTMLScrollFrame::ReflowScrolledFrame(0xd336094, 0x80452b4, 0x0, 0x0, 0x80451c8, 0x1), at 0xfab4a105
  [30] nsHTMLScrollFrame::ReflowContents(0xd336094, 0x80452b4, 0x80454e4), at ...

Revision history for this message
In , Alfred Peng (alfred-peng) wrote :

timeless, I'm still in the travel. The network is really bad. After getting back to the office, I'll have a look. Thanks for reporting this anyway.

Revision history for this message
sky_walkie (hrdlo) wrote : [apport] firefox-bin crashed with SIGSEGV in __kernel_vsyscall()

Binary package hint: firefox

Installing some themes for Firefox. It died during restart.

ProblemType: Crash
Date: Sun Feb 18 12:08:31 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/lib/firefox/firefox-bin
Package: firefox 2.0.0.1+1-0ubuntu1
ProcCmdline: /usr/lib/firefox/firefox-bin
ProcCwd: /home/user
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
Signal: 11
SourcePackage: firefox
StacktraceTop:
 __kernel_vsyscall ()
 raise () from /lib/tls/i686/cmov/libpthread.so.0
 ?? ()
 ?? ()
 ?? ()
Uname: Linux user-desktop 2.6.20-8-generic #2 SMP Tue Feb 13 05:18:42 UTC 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin netdev plugdev powerdev scanner video

Revision history for this message
sky_walkie (hrdlo) wrote :
Revision history for this message
John Vivirito (gnomefreak) wrote :

Does it crash when using default ubuntu theme? Where are you getting these themes from?

Changed in firefox:
assignee: nobody → mozillateam
status: Unconfirmed → Needs Info
Revision history for this message
sky_walkie (hrdlo) wrote :

Hello,

it happened exactly after installation of "blue ice theme" from "https://addons.mozilla.org/firefox/themes/". I choose to install this theme and restart Firefox to apply the change. The result was this srash.

Sky_walkie

Revision history for this message
John Vivirito (gnomefreak) wrote :

if you use a different theme does it still crash?

Revision history for this message
sky_walkie (hrdlo) wrote :

Hello ,

no, today I tried 10 different themes to install and as well I tried switch each theme & restart firefox. No more SIGSEGV errors. Guess this was something small.

Sky_walkie

Revision history for this message
John Vivirito (gnomefreak) wrote :

Taking for retrace.

Changed in firefox:
assignee: mozillateam → gnomefreak
importance: Undecided → High
Revision history for this message
John Vivirito (gnomefreak) wrote :

retrace done.

Changed in firefox:
assignee: gnomefreak → mozillateam
David Farning (dfarning)
Changed in firefox:
assignee: mozillateam → mozilla-bugs
Revision history for this message
John Vivirito (gnomefreak) wrote :

This looks like a java issue. Alexander can you please confirm.

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Maybe related to upstream's https://bugzilla.mozilla.org/show_bug.cgi?id=345309

Revision history for this message
Alexander Sack (asac) wrote :

Masters go to confirmed.

Changed in firefox:
status: Needs Info → Confirmed
Hilario J. Montoliu (hjmf) (hmontoliu)
description: updated
Revision history for this message
John Vivirito (gnomefreak) wrote :

Thank you Hilario that looks the same to me so i marked it as such.

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Unknown → Confirmed
Revision history for this message
In , Karlt (karlt) wrote :

A similar trace was reported on Linux in bug 386844 comment 29:

https://bugzilla.mozilla.org/attachment.cgi?id=275366

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

<email address hidden>: what does javascript:navigator.userAgent return?

Note that we have a hierarchy of sorts for platforms. If bugs happen on a unix and Linux, select linux because people are likely to be silly and only search Linux.

I didn't file w/ Linux because i don't really use Linux and didn't trigger it there etc.

<email address hidden>: could you please find someone w/ source access to the plugin who could respond to my comment 8?

Revision history for this message
In , Alfred Peng (alfred-peng) wrote :

Danielle, could you please help take a look at this bug?

Revision history for this message
In , Wsheets (wsheets) wrote :

(In reply to comment #12)
> <email address hidden>: what does javascript:navigator.userAgent return?

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a8pre) Gecko/2007080618 SeaMonkey/2.0a1pre

This doesn't affect firefox, only seamonkey-trunk, and is not the same
as bug 386844.

Revision history for this message
Alexander Sack (asac) wrote :

haven't seen any similar bug report against ffox3. unlikely that this ever gets fixed for ffox 2. changing bug status to reflect this.

Changed in firefox:
status: Confirmed → Won't Fix
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
importance: Unknown → Critical
Revision history for this message
In , Kairo-kairo (kairo-kairo) wrote :

OJI has been discontinued and Java now runs out-of-process, so this stuff has probably changed a lot. This bug has no info about current software versions, please file a new bug for new issues or reopen this one with current info, including a crash signature if it still happens and move it to a component outside of graveyard.

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.