Closed Bug 1017109 Opened 11 years ago Closed 11 years ago

Nightly e10s crashes when double-clicking text with Grammarly add-on installed ([@ js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) ])

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 33
Tracking Flags:
Tracking Status
e10s + ---

People

(Reporter: iamjayakumars, Assigned: billm)

References

Details

Crash Data

Attachments

(1 file)

construct-fix
17.57 KB, patch
mrbkap
: review+
Details | Diff | Splinter Review
Hi, Firefox Nightly crashed, when i try to select the text by double clicking on the text. It mostly happens only in Bugzilla http://pastebin.mozilla.org/5271797 http://pastebin.mozilla.org/5271797
Here is the text from iamjayakumars pastebins: (lldb) thread backtrace * thread #1: tid = 0x23dac, 0x00000001042e410a XUL`js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) + 58, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001042e410a XUL`js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) + 58 frame #1: 0x00000001042efbc4 XUL`___lldb_unnamed_function168971$$XUL + 324 frame #2: 0x00000001042f2584 XUL`js::proxy_Construct(JSContext*, unsigned int, JS::Value*) + 116 frame #3: 0x00000001043b5312 XUL`___lldb_unnamed_function170515$$XUL + 178 frame #4: 0x00000001043b545c XUL`___lldb_unnamed_function170516$$XUL + 140 frame #5: 0x000000010438cb2b XUL`___lldb_unnamed_function170194$$XUL + 155 frame #6: 0x000000010438cfba XUL`___lldb_unnamed_function170195$$XUL + 314 frame #7: 0x00000001042e4fe7 XUL`___lldb_unnamed_function168913$$XUL + 167 frame #8: 0x0000000104313dd2 XUL`js::CrossCompartmentWrapper::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) + 290 frame #9: 0x00000001042efbc4 XUL`___lldb_unnamed_function168971$$XUL + 324 frame #10: 0x00000001042f2584 XUL`js::proxy_Construct(JSContext*, unsigned int, JS::Value*) + 116 frame #11: 0x00000001043b5312 XUL`___lldb_unnamed_function170515$$XUL + 178 frame #12: 0x00000001043b545c XUL`___lldb_unnamed_function170516$$XUL + 140 frame #13: 0x000000010438cb2b XUL`___lldb_unnamed_function170194$$XUL + 155 frame #14: 0x0000000104385ce1 XUL`___lldb_unnamed_function170191$$XUL + 35505 frame #15: 0x000000010437d20f XUL`___lldb_unnamed_function170190$$XUL + 303 frame #16: 0x000000010438c29d XUL`___lldb_unnamed_function170192$$XUL + 637 frame #17: 0x0000000104368efe XUL`___lldb_unnamed_function170021$$XUL + 750 frame #18: 0x00000001042e4eb2 XUL`___lldb_unnamed_function168912$$XUL + 178 frame #19: 0x0000000104313ae5 XUL`js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) + 405 frame #20: 0x00000001042ef994 XUL`___lldb_unnamed_function168970$$XUL + 324 frame #21: 0x00000001042f2484 XUL`js::proxy_Call(JSContext*, unsigned int, JS::Value*) + 116 frame #22: 0x00000001043b5312 XUL`___lldb_unnamed_function170515$$XUL + 178 frame #23: 0x000000010438c28d XUL`___lldb_unnamed_function170192$$XUL + 621 frame #24: 0x0000000104368efe XUL`___lldb_unnamed_function170021$$XUL + 750 frame #25: 0x00000001041e2e13 XUL`___lldb_unnamed_function165947$$XUL + 99 frame #26: 0x0000000101a714cc XUL`___lldb_unnamed_function29273$$XUL + 1996 frame #27: 0x0000000101a77e3d XUL`___lldb_unnamed_function29448$$XUL + 13 frame #28: 0x0000000101970532 XUL`___lldb_unnamed_function23942$$XUL + 12130 frame #29: 0x00000001018b667c XUL`___lldb_unnamed_function19563$$XUL + 668 frame #30: 0x00000001017f6bd1 XUL`___lldb_unnamed_function16312$$XUL + 161 frame #31: 0x00000001017f61a3 XUL`___lldb_unnamed_function16309$$XUL + 307 frame #32: 0x00000001017f1093 XUL`___lldb_unnamed_function16282$$XUL + 611 frame #33: 0x00000001017d4199 XUL`___lldb_unnamed_function15791$$XUL + 185 frame #34: 0x00000001017d44aa XUL`___lldb_unnamed_function15793$$XUL + 170 frame #35: 0x00000001017fa085 XUL`___lldb_unnamed_function16370$$XUL + 53 frame #36: 0x00000001014bccec XUL`___lldb_unnamed_function3279$$XUL + 1292 frame #37: 0x0000000101428c5d XUL`___lldb_unnamed_function442$$XUL + 77 frame #38: 0x00000001025c6ec7 XUL`___lldb_unnamed_function65980$$XUL + 119 frame #39: 0x000000010258099f XUL`___lldb_unnamed_function64868$$XUL + 191 frame #40: 0x00007fff890f7661 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #41: 0x00007fff890e8d12 CoreFoundation`__CFRunLoopDoSources0 + 242 frame #42: 0x00007fff890e849f CoreFoundation`__CFRunLoopRun + 831 frame #43: 0x00007fff890e7f25 CoreFoundation`CFRunLoopRunSpecific + 309 frame #44: 0x00007fff8b018a0d HIToolbox`RunCurrentEventLoopInMode + 226 frame #45: 0x00007fff8b0187b7 HIToolbox`ReceiveNextEventCommon + 479 frame #46: 0x00007fff8b0185bc HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 65 frame #47: 0x00007fff9253126e AppKit`_DPSNextEvent + 1434 frame #48: 0x00007fff925308bb AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122 frame #49: 0x0000000102580096 XUL`___lldb_unnamed_function64861$$XUL + 86 frame #50: 0x00007fff925249bc AppKit`-[NSApplication run] + 553 frame #51: 0x0000000102580e77 XUL`___lldb_unnamed_function64871$$XUL + 103 frame #52: 0x0000000103892c82 XUL`___lldb_unnamed_function141654$$XUL + 130 frame #53: 0x000000010383d4c8 XUL`___lldb_unnamed_function140623$$XUL + 5656 frame #54: 0x000000010383db7a XUL`___lldb_unnamed_function140624$$XUL + 282 frame #55: 0x000000010383df2e XUL`XRE_main + 238 frame #56: 0x00000001000022ac firefox`___lldb_unnamed_function3$$firefox + 1964 frame #57: 0x00000001000017a4 firefox`start + 52 (lldb) This is less useful than it could have been because it has no symbols, but it does show us where approximately the crash occurred (js::BaseProxyHandler::construct) and what kind of crash it is (EXC_BAD_ACCESS).
Is this reproducible in nightly? Can we get some crash stacks?
So it looks like there's JS in the stack. iamjayakumars, if you can get this caught on the debugger again, can you call the function DumpJSStack() and paste its output?
Hi Jay, Do you have any extensions installed? We haven't seen any other reports of this, so there might be something specific to your setting that's causing the crash. Also, any crash reports might give us a better stack (the one in the pastebin is missing a bunch of symbols, unfortunately).
Blocks: e10s-m1
tracking-e10s: ?+
Flags: needinfo?(iamjayakumars)
Keywords: steps-wanted
Hi Blake, I use nearly 20 Addons. But I used the same profile in normal nightly, it works fine. Do you want me to list the Addons?
Flags: needinfo?(iamjayakumars)
Hey iamjayakumars - if you wouldn't mind listing the add-ons, that'd be great. Also, can you reproduce the crash with add-ons disabled? If not, can you isolate which add-on is causing the crash? Also, I can't seem to recall if you were ever seeing the crash reporter when you crashed. If you were, are you able to get us one of the crash reports from about:crashes?
Flags: needinfo?(iamjayakumars)
Hi Mike, Here i listed the Addons, now i'm using nightly. i stopped using e10s because of some more issue. Adblock Plus Adblock Plus Pop-up Addon Add-on Compatibility Reporter Bookmark Duplicate Cleaner Dictionary Extension DownThemAll! Flashblock Grammarly Location Bar Enhancer Long URL Please Nightly Tester Tools Session Manager 1-Click YouTube Video Downloader
Flags: needinfo?(iamjayakumars)
(In reply to iamjayakumars from comment #7) > Hi Mike, Here i listed the Addons, now i'm using nightly. i stopped using > e10s because of some more issue. > > Adblock Plus > Adblock Plus Pop-up Addon > Add-on Compatibility Reporter > Bookmark Duplicate Cleaner > Dictionary Extension > DownThemAll! > Flashblock > Grammarly > Location Bar Enhancer > Long URL Please > Nightly Tester Tools > Session Manager > 1-Click YouTube Video Downloader Thank you! That's very helpful. Would you mind try e10s again with those add-ons disabled to see if we still crash like you described in comment 0?
Flags: needinfo?(iamjayakumars)
Flags: needinfo?(iamjayakumars)
Sure, i do. I report to you back asap
Old Profile with Addons -Crashes -in safemode browsing, webpages are blank New Profile -No crash -Safemode browsing works fine
it happens only in e10s, in Normal nightly everything works fine. even safemode browsing too
(In reply to iamjayakumars from comment #11) > it happens only in e10s, in Normal nightly everything works fine. even > safemode browsing too Ok, this is good to know. The next step is trying to determine if it's one individual add-on that's causing the issue. Would you mind disabling one of your add-ons, restarting Firefox, seeing if the crash remains, and repeat until all add-ons are disabled? If an add-on is causing this issue, at some point, you'll disable an add-on and the crash will go away. I want to know what that add-on is. If, however, the crash doesn't go away even with all add-ons disabled, that's still valuable information. Can you do that for me?
Flags: needinfo?(iamjayakumars)
Hi Mike, The issue because of "Grammarly" Addon https://addons.mozilla.org/en-US/firefox/addon/grammarly/ This Addon usage is to show the meaning of the word, when we double click to select the word, it displays the meaning for that. It happening in all the websites.
Flags: needinfo?(iamjayakumars)
Excellent, thank you iamjayakumars!
Blocks: e10s-addons
Summary: Nightly e10s crashed when selecting the text using cursor → Nightly e10s crashes when double-clicking text with Grammarly add-on installed
Easily reproduced. STR: 1) In a fresh profile, install Grammarly add-on: https://addons.mozilla.org/en-US/firefox/addon/grammarly/ 2) Restart the browser 3) Open an e10s window 4) Browse to some site, and ensure that the tab title is underlined, indicating an out-of-process-tab 5) Double-click on any text on that site. 6) Crash! Crash report: https://crash-stats.mozilla.com/report/index/fb63364a-df2f-4913-9620-5b01c2140617
Crash Signature: [@ js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) ]
Summary: Nightly e10s crashes when double-clicking text with Grammarly add-on installed → Nightly e10s crashes when double-clicking text with Grammarly add-on installed ([@ js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) ])
Hey Brad, since this appears to be triggered by an add-on, am I OK to remove this from the M1 list?
Flags: needinfo?(blassey.bugs)
Keywords: steps-wanted
nom'ing it for dicussion on Thursday is the right thing to do.
tracking-e10s: +?
Flags: needinfo?(blassey.bugs)
Assignee: nobody → wmccloskey
tracking-e10s: ?+
Attached patch construct-fixSplinter Review
We were missing the construct hook on the CPOW proxy handler. Whoops.
Attachment #8444773 - Flags: review?(mrbkap)
Comment on attachment 8444773 [details] [diff] [review] construct-fix Review of attachment 8444773 [details] [diff] [review]: ----------------------------------------------------------------- I'd love to see a test for this.
Attachment #8444773 - Flags: review?(mrbkap) → review+
https://hg.mozilla.org/mozilla-central/rev/032a08766a8c
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 33
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: