681521 - Firefox Crash [@ JS_GetContextPrivate ]

Status: RESOLVED WORKSFORME

(Core :: JavaScript Engine, defect)

Description

[Marcia Knous [:marcia]]

Seen while reviewing crash stats. Almost exclusively Mac crash - https://crash-stats.mozilla.com/report/list?signature=JS_GetContextPrivate seen across all versions. 

https://crash-stats.mozilla.com/report/index/3cb31d5a-e398-4aee-911f-2de992110823

Possibly related to http://www.trusteer.com/node/170/done?sid=74584

Frame 	Module 	Signature [Expand] 	Source
0 	XUL 	JS_GetContextPrivate 	js/src/jsapi.cpp:1047
1 	RapportTanzan6.dylib 	RapportTanzan6.dylib@0x6eff 	
2 	XUL 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:88
3 	RapportTanzan6.dylib 	RapportTanzan6.dylib@0x6fbb 	
4 	RapportTanzan6.dylib 	RapportTanzan6.dylib@0x6ffc 	
5 	RapportTanzan6.dylib 	RapportTanzan6.dylib@0x703e 	
6 	RapportTanzan6.dylib 	RapportTanzan6.dylib@0x6373 	
7 	XUL 	nsGlobalChromeWindow::QueryInterface 	dom/base/nsGlobalWindow.cpp:10084
8 	RapportTanzan6.dylib 	RapportTanzan6.dylib@0x1cc3f 	
9 	XUL 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:88
10 	RapportTanzan6.dylib 	RapportTanzan6.dylib@0x13b6d 	
11 	XUL 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:88
12 	XUL 	XPCWrappedNative::FindTearOff 	js/src/xpconnect/src/xpcwrappednative.cpp:1969
13 		@0x7fff5fbfa5af 	
14 	XUL 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:3144
15 	XUL 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1610
16 	XUL 	js::Interpret 	js/src/jscntxtinlines.h:277
17 	XUL 	js::RunScript 	js/src/jsinterp.cpp:613
18 	XUL 	js::Invoke 	js/src/jsinterp.cpp:694
19 	XUL 	js_fun_apply 	js/src/jsfun.cpp:2205
20 	XUL 	js::Interpret 	js/src/jscntxtinlines.h:277
21 	XUL 	js::RunScript 	js/src/jsinterp.cpp:613
22 	XUL 	js::Invoke 	js/src/jsinterp.cpp:694
23 	XUL 	array_extra 	js/src/jsinterpinlines.h:133
24 	XUL 	js::Interpret 	js/src/jscntxtinlines.h:277
25 	XUL 	js::RunScript 	js/src/jsinterp.cpp:613
26 	XUL 	js::Invoke 	js/src/jsinterp.cpp:694
27 	XUL 	js::ExternalInvoke 	js/src/jsinterp.cpp:816
28 	XUL 	JS_CallFunctionValue 	js/src/jsapi.cpp:5080
29 	XUL 	nsXPCWrappedJSClass::CallMethod 	js/src/xpconnect/src/xpcwrappedjsclass.cpp:1662
30 	XUL 	nsXPCWrappedJS::CallMethod 	js/src/xpconnect/src/xpcwrappedjs.cpp:586
31 	XUL 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/unix/xptcstubs_x86_64_darwin.cpp:153
32 	XUL 	XUL@0xe685fa 	
33 	XUL 	mozilla::storage::::CompletionNotifier::Run 	storage/src/mozStorageAsyncStatementExecution.cpp:179
34 	XUL 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:618
35 	XUL 	NS_ProcessPendingEvents_P 	obj-firefox/x86_64/xpcom/build/nsThreadUtils.cpp:195
36 	XUL 	nsBaseAppShell::NativeEventCallback 	widget/src/xpwidgets/nsBaseAppShell.cpp:130
37 	XUL 	nsAppShell::ProcessGeckoEvents 	widget/src/cocoa/nsAppShell.mm:422
38 	CoreFoundation 	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 	
39 	CoreFoundation 	__CFRunLoopDoSources0 	
40 	CoreFoundation 	__CFRunLoopRun 	
41 	CoreFoundation 	CFRunLoopRunSpecific 	
42 	HIToolbox 	RunCurrentEventLoopInMode 	
43 	HIToolbox 	ReceiveNextEventCommon 	
44 	HIToolbox 	BlockUntilNextEventMatchingListInMode 	
45 	AppKit 	_DPSNextEvent 	
46 	AppKit 	-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 	
47 	XUL 	nsAppShell::ProcessNextNativeEvent 	widget/src/cocoa/nsAppShell.mm:698
48 	XUL 	nsBaseAppShell::OnProcessNextEvent 	widget/src/xpwidgets/nsBaseAppShell.cpp:171
49 	XUL 	nsAppShell::OnProcessNextEvent 	widget/src/cocoa/nsAppShell.mm:856
50 	XUL 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:582
51 	XUL 	NS_ProcessPendingEvents_P 	obj-firefox/x86_64/xpcom/build/nsThreadUtils.cpp:195
52 	XUL 	nsBaseAppShell::NativeEventCallback 	widget/src/xpwidgets/nsBaseAppShell.cpp:130
53 	XUL 	nsAppShell::ProcessGeckoEvents 	widget/src/cocoa/nsAppShell.mm:422
54 	CoreFoundation 	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 	
55 	CoreFoundation 	__CFRunLoopDoSources0 	
56 	CoreFoundation 	__CFRunLoopRun 	
57 	CoreFoundation 	CFRunLoopRunSpecific 	
58 	HIToolbox 	RunCurrentEventLoopInMode 	
59 	HIToolbox 	ReceiveNextEventCommon 	
60 	HIToolbox 	BlockUntilNextEventMatchingListInMode 	
61 	AppKit 	_DPSNextEvent 	
62 	AppKit 	-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 	
63 	AppKit 	-[NSApplication run] 	
64 	XUL 	nsAppShell::Run 	widget/src/cocoa/nsAppShell.mm:769
65 	XUL 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:222
66 	XUL 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3686
67 	firefox-bin 	main 	browser/app/nsBrowserApp.cpp:158
68 	firefox-bin 	firefox-bin@0x953

Comment 1

[Marcia Knous [:marcia]]

I installed Trusteer Rapport and all of these show up when I am trying to uninstall it:

RapportDaishi.dylib	RapportTanzan36.dylib	akl_driver_2.kext
RapportGUI.app		RapportTanzan4.dylib	librooksbas.dylib
RapportKobo6.dylib	RapportTanzan5.dylib	librooksmce.dylib
RapportKobo7.dylib	RapportTanzan6.dylib	rapportd
RapportKukai.dylib	RapportUtil1.dylib	rooksd
RapportTanzan3.dylib	RapportWR.dylib
RapportTanzan35.dylib	akl_driver.kext

Some of this dylibs are showing up in the crash stacks.

Comment 2

[Scoobidiver (away)]

It's #2 top crasher in 13.0 on Mac OS X.

It's correlated to Trusteer Rapport:
JS_GetContextPrivate|EXC_BAD_ACCESS / KERN_INVALID_ADDRESS (23 crashes)
    100% (23/23) vs.  16% (120/767) RapportTanzan13.dylib
    100% (23/23) vs.  16% (121/767) RapportUtil1.dylib

Comment 3

[Alex Keybl [:akeybl]]

Let's get some QA around this and Trusteer on OS X. Thankfully, this isn't a startup crash, but since it is a #2 top crasher, we'll track. Appears to be a new regression in beta 7, since we haven't seen this bug spike up in 12 and it wasn't apparent in beta 6. Could be caused by bug 759788 or bug 757262 in b7.

Comment 4

[u279076]

Been testing this for just over 30 minutes...Trusteer installed, Firefox 13.0-final. Seems to be mostly for protecting banking sites so I registered my bank as a protected site. I've been performing various actions in my account and tried playing around with different settings in the Rapport console. The only thing that I've noticed so far is stopping and starting Rapport from console appears to cause a 3-5 second hang. No crash so far.

Can we dig deeper into Socorro to see if we can get any leads? Simply having it installed and using obvious functionality is not enough to cause this crash.

Comment 5

[Scoobidiver (away)]

(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #4)
> Can we dig deeper into Socorro to see if we can get any leads? Simply having
> it installed and using obvious functionality is not enough to cause this
> crash.
It seems related to signing in or out of Yahoo mail or playing Farm Town on Facebook.

Comment 6

[Robert O'Callahan (:roc) (email my personal email if necessary)]

Is it possible to determine whether this crash happens when no NPAPI plugins are loaded?

Comment 7

[Alex Keybl [:akeybl]]

(In reply to Robert O'Callahan (:roc) (Mozilla Corporation) (away June 9-19) from comment #6)
> Is it possible to determine whether this crash happens when no NPAPI plugins
> are loaded?

I've asked KaiRo/Sheila if this is something that we can find out from crash reports.

Comment 8

[Benjamin Smedberg]

For somebody who has trusteer installed, can you paste/attach your about:plugins?

Comment 9

[u279076]

(In reply to Benjamin Smedberg  [:bsmedberg] from comment #8)
> For somebody who has trusteer installed, can you paste/attach your
> about:plugins?

Sorry, but my Mac died on me over the weekend so I won't be able to send you an about:plugins for this. I assume you are looking to see if Trusteer is installing an add-on/plug-in into Firefox which could be causing this. When I tested this before, there were no additional plug-ins or add-ons installed by Trusteer (just the usual Java, Flash, and Quicktime plugins were visible). Marcia, maybe you can help.

Comment 10

[Jorge Villalobos [:jorgev] (he/him)]

The Trusteer people say they have already corrected this issue, so we should track the crash stats and see if the rate is dropping.

Comment 11

[Marcia Knous [:marcia]]

72 Mac crashes in the last week in this signature in FF 13, so the volume is relatively low. Across all versions there is a little over 400 crashes.

Comment 12

[Scoobidiver (away)]

(In reply to Marcia Knous [:marcia] from comment #11)
> 72 Mac crashes in the last week in this signature in FF 13, so the volume is
> relatively low.
Still #11 top browser crasher in 13.0 on Mac.

Comment 13

[Scoobidiver (away)]

It's now #169 top browser crasher on Mac in 13.0.

Comment 14

[Mihai Morar, (:MihaiMorar)]

Having Truster Rapport and Latest Nightly 25 installed, I was not able to reproduce any crash. I have also registered on bank, requested on Truster.

In adition there are few crashes for the signature mentioned above and none of those crashes are on Mac.

(@ JS_GetContextPrivate(JSContext*))
https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&reason_type=contains&date=2013-07-31&range_value=28&range_unit=days&hang_type=any&process_type=any&signature=JS_GetContextPrivate%28JSContext%2A%29

(@ JS_GetContextPrivate)
https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&reason_type=contains&date=2013-07-31&range_value=28&range_unit=days&hang_type=any&process_type=any&signature=JS_GetContextPrivate

I think this can be closed, based on my investigations done on Mac OS 10.7.5 and Windows 7 x64 and on the stats mentioned above via Soccoro.

Comment 15

[Mihai Morar, (:MihaiMorar)]

(In reply to Benjamin Smedberg  [:bsmedberg] PTO until 4-Aug from comment #8)
> For somebody who has trusteer installed, can you paste/attach your
> about:plugins?

Truster Rapport is not interacting with about:plugins.

Comment 16

[Scoobidiver (away)]

(In reply to Mihai Morar, QA (:MihaiMorar) from comment #14)
> I think this can be closed, based on my investigations done on Mac OS 10.7.5
> and Windows 7 x64 and on the stats mentioned above via Soccoro.
I think so.