Closed Bug 1017109 Opened 6 years ago Closed 6 years ago

Nightly e10s crashes when double-clicking text with Grammarly add-on installed ([@ js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) ])

Categories

(Firefox :: General, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED FIXED
Firefox 33
Tracking Status
e10s + ---

People

(Reporter: iamjayakumars, Assigned: billm)

References

Details

Crash Data

Attachments

(1 file)

Hi, Firefox Nightly crashed, when i try to select the text by double clicking on the text.

It mostly happens only in Bugzilla

http://pastebin.mozilla.org/5271797
http://pastebin.mozilla.org/5271797
Here is the text from iamjayakumars pastebins:

(lldb) thread backtrace
* thread #1: tid = 0x23dac, 0x00000001042e410a XUL`js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) + 58, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x00000001042e410a XUL`js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) + 58
    frame #1: 0x00000001042efbc4 XUL`___lldb_unnamed_function168971$$XUL + 324
    frame #2: 0x00000001042f2584 XUL`js::proxy_Construct(JSContext*, unsigned int, JS::Value*) + 116
    frame #3: 0x00000001043b5312 XUL`___lldb_unnamed_function170515$$XUL + 178
    frame #4: 0x00000001043b545c XUL`___lldb_unnamed_function170516$$XUL + 140
    frame #5: 0x000000010438cb2b XUL`___lldb_unnamed_function170194$$XUL + 155
    frame #6: 0x000000010438cfba XUL`___lldb_unnamed_function170195$$XUL + 314
    frame #7: 0x00000001042e4fe7 XUL`___lldb_unnamed_function168913$$XUL + 167
    frame #8: 0x0000000104313dd2 XUL`js::CrossCompartmentWrapper::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) + 290
    frame #9: 0x00000001042efbc4 XUL`___lldb_unnamed_function168971$$XUL + 324
    frame #10: 0x00000001042f2584 XUL`js::proxy_Construct(JSContext*, unsigned int, JS::Value*) + 116
    frame #11: 0x00000001043b5312 XUL`___lldb_unnamed_function170515$$XUL + 178
    frame #12: 0x00000001043b545c XUL`___lldb_unnamed_function170516$$XUL + 140
    frame #13: 0x000000010438cb2b XUL`___lldb_unnamed_function170194$$XUL + 155
    frame #14: 0x0000000104385ce1 XUL`___lldb_unnamed_function170191$$XUL + 35505
    frame #15: 0x000000010437d20f XUL`___lldb_unnamed_function170190$$XUL + 303
    frame #16: 0x000000010438c29d XUL`___lldb_unnamed_function170192$$XUL + 637
    frame #17: 0x0000000104368efe XUL`___lldb_unnamed_function170021$$XUL + 750
    frame #18: 0x00000001042e4eb2 XUL`___lldb_unnamed_function168912$$XUL + 178
    frame #19: 0x0000000104313ae5 XUL`js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) + 405
    frame #20: 0x00000001042ef994 XUL`___lldb_unnamed_function168970$$XUL + 324
    frame #21: 0x00000001042f2484 XUL`js::proxy_Call(JSContext*, unsigned int, JS::Value*) + 116
    frame #22: 0x00000001043b5312 XUL`___lldb_unnamed_function170515$$XUL + 178
    frame #23: 0x000000010438c28d XUL`___lldb_unnamed_function170192$$XUL + 621
    frame #24: 0x0000000104368efe XUL`___lldb_unnamed_function170021$$XUL + 750
    frame #25: 0x00000001041e2e13 XUL`___lldb_unnamed_function165947$$XUL + 99
    frame #26: 0x0000000101a714cc XUL`___lldb_unnamed_function29273$$XUL + 1996
    frame #27: 0x0000000101a77e3d XUL`___lldb_unnamed_function29448$$XUL + 13
    frame #28: 0x0000000101970532 XUL`___lldb_unnamed_function23942$$XUL + 12130
    frame #29: 0x00000001018b667c XUL`___lldb_unnamed_function19563$$XUL + 668
    frame #30: 0x00000001017f6bd1 XUL`___lldb_unnamed_function16312$$XUL + 161
    frame #31: 0x00000001017f61a3 XUL`___lldb_unnamed_function16309$$XUL + 307
    frame #32: 0x00000001017f1093 XUL`___lldb_unnamed_function16282$$XUL + 611
    frame #33: 0x00000001017d4199 XUL`___lldb_unnamed_function15791$$XUL + 185
    frame #34: 0x00000001017d44aa XUL`___lldb_unnamed_function15793$$XUL + 170
    frame #35: 0x00000001017fa085 XUL`___lldb_unnamed_function16370$$XUL + 53
    frame #36: 0x00000001014bccec XUL`___lldb_unnamed_function3279$$XUL + 1292
    frame #37: 0x0000000101428c5d XUL`___lldb_unnamed_function442$$XUL + 77
    frame #38: 0x00000001025c6ec7 XUL`___lldb_unnamed_function65980$$XUL + 119
    frame #39: 0x000000010258099f XUL`___lldb_unnamed_function64868$$XUL + 191
    frame #40: 0x00007fff890f7661 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
    frame #41: 0x00007fff890e8d12 CoreFoundation`__CFRunLoopDoSources0 + 242
    frame #42: 0x00007fff890e849f CoreFoundation`__CFRunLoopRun + 831
    frame #43: 0x00007fff890e7f25 CoreFoundation`CFRunLoopRunSpecific + 309
    frame #44: 0x00007fff8b018a0d HIToolbox`RunCurrentEventLoopInMode + 226
    frame #45: 0x00007fff8b0187b7 HIToolbox`ReceiveNextEventCommon + 479
    frame #46: 0x00007fff8b0185bc HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 65
    frame #47: 0x00007fff9253126e AppKit`_DPSNextEvent + 1434
    frame #48: 0x00007fff925308bb AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122
    frame #49: 0x0000000102580096 XUL`___lldb_unnamed_function64861$$XUL + 86
    frame #50: 0x00007fff925249bc AppKit`-[NSApplication run] + 553
    frame #51: 0x0000000102580e77 XUL`___lldb_unnamed_function64871$$XUL + 103
    frame #52: 0x0000000103892c82 XUL`___lldb_unnamed_function141654$$XUL + 130
    frame #53: 0x000000010383d4c8 XUL`___lldb_unnamed_function140623$$XUL + 5656
    frame #54: 0x000000010383db7a XUL`___lldb_unnamed_function140624$$XUL + 282
    frame #55: 0x000000010383df2e XUL`XRE_main + 238
    frame #56: 0x00000001000022ac firefox`___lldb_unnamed_function3$$firefox + 1964
    frame #57: 0x00000001000017a4 firefox`start + 52
(lldb)


This is less useful than it could have been because it has no symbols, but it does show us where approximately the crash occurred (js::BaseProxyHandler::construct) and what kind of crash it is (EXC_BAD_ACCESS).
Is this reproducible in nightly? Can we get some crash stacks?
So it looks like there's JS in the stack. iamjayakumars, if you can get this caught on the debugger again, can you call the function DumpJSStack() and paste its output?
Hi Jay,

Do you have any extensions installed? We haven't seen any other reports of this, so there might be something specific to your setting that's causing the crash. Also, any crash reports might give us a better stack (the one in the pastebin is missing a bunch of symbols, unfortunately).
Blocks: e10s-m1
Flags: needinfo?(iamjayakumars)
Keywords: steps-wanted
Hi Blake, I use nearly 20 Addons. But I used the same profile in normal nightly, it works fine. 
Do you want me to list the Addons?
Flags: needinfo?(iamjayakumars)
Hey iamjayakumars - if you wouldn't mind listing the add-ons, that'd be great.

Also, can you reproduce the crash with add-ons disabled? If not, can you isolate which add-on is causing the crash?

Also, I can't seem to recall if you were ever seeing the crash reporter when you crashed. If you were, are you able to get us one of the crash reports from about:crashes?
Flags: needinfo?(iamjayakumars)
Hi Mike, Here i listed the Addons, now i'm using nightly. i stopped using e10s because of some more issue.

Adblock Plus
Adblock Plus Pop-up Addon
Add-on Compatibility Reporter
Bookmark Duplicate Cleaner
Dictionary Extension
DownThemAll!
Flashblock
Grammarly
Location Bar Enhancer
Long URL Please
Nightly Tester Tools
Session Manager
1-Click YouTube Video Downloader
Flags: needinfo?(iamjayakumars)
(In reply to iamjayakumars from comment #7)
> Hi Mike, Here i listed the Addons, now i'm using nightly. i stopped using
> e10s because of some more issue.
> 
> Adblock Plus
> Adblock Plus Pop-up Addon
> Add-on Compatibility Reporter
> Bookmark Duplicate Cleaner
> Dictionary Extension
> DownThemAll!
> Flashblock
> Grammarly
> Location Bar Enhancer
> Long URL Please
> Nightly Tester Tools
> Session Manager
> 1-Click YouTube Video Downloader

Thank you! That's very helpful. Would you mind try e10s again with those add-ons disabled to see if we still crash like you described in comment 0?
Flags: needinfo?(iamjayakumars)
Flags: needinfo?(iamjayakumars)
Sure, i do.
I report to you back asap
Old Profile with Addons
-Crashes
-in safemode browsing, webpages are blank

New Profile
-No crash
-Safemode browsing works fine
it happens only in e10s, in Normal nightly everything works fine. even safemode browsing too
(In reply to iamjayakumars from comment #11)
> it happens only in e10s, in Normal nightly everything works fine. even
> safemode browsing too

Ok, this is good to know.

The next step is trying to determine if it's one individual add-on that's causing the issue. Would you mind disabling one of your add-ons, restarting Firefox, seeing if the crash remains, and repeat until all add-ons are disabled?

If an add-on is causing this issue, at some point, you'll disable an add-on and the crash will go away. I want to know what that add-on is. If, however, the crash doesn't go away even with all add-ons disabled, that's still valuable information.

Can you do that for me?
Flags: needinfo?(iamjayakumars)
Hi Mike, 

The issue because of "Grammarly" Addon
https://addons.mozilla.org/en-US/firefox/addon/grammarly/

This Addon usage is to show the meaning of the word, when we double click to select the word, it displays the meaning for that.


It happening in all the websites.
Flags: needinfo?(iamjayakumars)
Excellent, thank you iamjayakumars!
Blocks: e10s-addons
Summary: Nightly e10s crashed when selecting the text using cursor → Nightly e10s crashes when double-clicking text with Grammarly add-on installed
Easily reproduced.

STR:

1) In a fresh profile, install Grammarly add-on: https://addons.mozilla.org/en-US/firefox/addon/grammarly/
2) Restart the browser
3) Open an e10s window
4) Browse to some site, and ensure that the tab title is underlined, indicating an out-of-process-tab
5) Double-click on any text on that site.
6) Crash!

Crash report: https://crash-stats.mozilla.com/report/index/fb63364a-df2f-4913-9620-5b01c2140617
Crash Signature: [@ js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) ]
Summary: Nightly e10s crashes when double-clicking text with Grammarly add-on installed → Nightly e10s crashes when double-clicking text with Grammarly add-on installed ([@ js::BaseProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) ])
Hey Brad, since this appears to be triggered by an add-on, am I OK to remove this from the M1 list?
Flags: needinfo?(blassey.bugs)
Keywords: steps-wanted
nom'ing it for dicussion on Thursday is the right thing to do.
Flags: needinfo?(blassey.bugs)
Assignee: nobody → wmccloskey
Attached patch construct-fixSplinter Review
We were missing the construct hook on the CPOW proxy handler. Whoops.
Attachment #8444773 - Flags: review?(mrbkap)
Comment on attachment 8444773 [details] [diff] [review]
construct-fix

Review of attachment 8444773 [details] [diff] [review]:
-----------------------------------------------------------------

I'd love to see a test for this.
Attachment #8444773 - Flags: review?(mrbkap) → review+
https://hg.mozilla.org/mozilla-central/rev/032a08766a8c
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 33
You need to log in before you can comment on or make changes to this bug.