Closed
Bug 720991
Opened 12 years ago
Closed 8 years ago
Crash @ nsXBLService::GetBinding
Categories
(Core :: XBL, defect)
Core
XBL
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox16 | - | wontfix |
firefox17 | - | wontfix |
firefox18 | --- | wontfix |
firefox19 | --- | wontfix |
firefox20 | --- | wontfix |
firefox21 | --- | wontfix |
firefox22 | --- | wontfix |
firefox23 | --- | wontfix |
firefox24 | --- | wontfix |
firefox32 | --- | wontfix |
firefox33 | --- | wontfix |
firefox34 | --- | wontfix |
firefox35 | --- | wontfix |
firefox36 | --- | wontfix |
firefox37 | --- | wontfix |
firefox38 | - | wontfix |
firefox38.0.5 | - | wontfix |
firefox39 | + | wontfix |
firefox-esr17 | --- | wontfix |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(5 keywords, Whiteboard: [external regression on 2015-03-14?])
Crash Data
It's #92 top browser crasher in 10.0b5, but only #12 top crasher on Mac OS X. All reports contain the Firefox hotfix extension Signature nsXBLService::GetBinding More Reports Search UUID 7cd3be46-a29f-41b8-90af-bd18e2120124 Date Processed 2012-01-24 19:24:10 Uptime 824 Last Crash 1.7 hours before submission Install Age 13.7 minutes since version was first installed. Install Time 2012-01-24 19:10:18 Product Firefox Version 10.0 Build ID 20120118081945 Release Channel beta OS Mac OS X OS Version 10.5.8 9L31a Build Architecture x86 Build Architecture Info family 6 model 15 stepping 6 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0xffffffffc9a4d7af EMCheckCompatibility True Frame Module Signature Source 0 XUL nsXBLService::GetBinding content/xbl/src/nsXBLService.cpp:831 1 XUL nsXBLService::GetBinding content/xbl/src/nsXBLService.cpp:908 2 XUL nsXBLService::GetBinding content/xbl/src/nsXBLService.cpp:811 3 XUL nsXBLService::LoadBindings content/xbl/src/nsXBLService.cpp:561 4 XUL nsElementSH::PostCreate dom/base/nsDOMClassInfo.cpp:7603 5 XUL FinishCreate js/xpconnect/src/XPCWrappedNative.cpp:642 6 XUL XPCWrappedNative::GetNewOrUsed js/xpconnect/src/XPCWrappedNative.cpp:580 7 XUL XPCConvert::NativeInterface2JSObject js/xpconnect/src/XPCConvert.cpp:1179 8 XUL XPCConvert::NativeData2JS js/xpconnect/src/XPCConvert.cpp:489 9 XUL XPCWrappedNative::CallMethod js/xpconnect/src/xpcprivate.h:3256 10 XUL XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1554 11 XUL js::InvokeKernel js/src/jscntxtinlines.h:297 12 XUL js::Interpret js/src/jsinterp.cpp:3948 13 XUL js::RunScript js/src/jsinterp.cpp:584 14 XUL js::ExecuteKernel js/src/jsinterp.cpp:783 15 XUL js::Execute js/src/jsinterp.cpp:822 16 XUL EvaluateUCScriptForPrincipalsCommon js/src/jsapi.cpp:5093 17 XUL JS_EvaluateUCScriptForPrincipalsVersion js/src/jsapi.cpp:5105 18 XUL nsJSContext::EvaluateStringWithValue dom/base/nsJSEnvironment.cpp:1288 19 XUL nsXBLProtoImplField::InstallField content/xbl/src/nsXBLProtoImplField.cpp:151 20 XUL XBLResolve content/xbl/src/nsXBLBinding.cpp:199 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=nsXBLService%3A%3AGetBinding%28nsIContent*%2C+nsIURI*%2C+bool%2C+nsIPrincipal*%2C+bool*%2C+nsXBLBinding**%2C+nsTArray%3CnsIURI*%2C+nsTArrayDefaultAllocator%3E%26%29 https://crash-stats.mozilla.com/report/list?signature=nsXBLService%3A%3AGetBinding
Comment 1•12 years ago
|
||
got this crash while saving a jetpack-addon locally.
Comment 2•12 years ago
|
||
This signature jumped from a residual crash to a top-20 crash for 12.* between 2012-04-19 and 2012-04-21, the 20th has >30x the crash volume than the 19th, so either we regressed something in 12.0b6 or there was an add-on release on the 20th that triggered this.
Comment 3•12 years ago
|
||
This is #16 in 12.0b6 but also exists in 12.0b5, it's at #66 there for 14-day and #41 for 7-day, #10 for 3-day and #12 for yesterday, so this is probably not our regression but something that made this rise starting Friday.
Reporter | ||
Updated•12 years ago
|
Summary: Crash @ nsXBLService::GetBinding with Firefox Hotfix extension → Crash @ nsXBLService::GetBinding
Reporter | ||
Comment 4•12 years ago
|
||
It's #9 top crasher in the first days of 12.0 while it was above #300 in 11.0. In addition to the stack in comment 0, there's also the following stack: Frame Module Signature Source 0 xul.dll nsXBLService::GetBinding content/xbl/src/nsXBLService.cpp:870 1 xul.dll nsXBLService::GetBinding content/xbl/src/nsXBLService.cpp:904 2 xul.dll nsXBLService::GetBinding content/xbl/src/nsXBLService.cpp:904 3 xul.dll nsXBLService::GetBinding content/xbl/src/nsXBLService.cpp:904 4 xul.dll nsXBLService::LoadBindings content/xbl/src/nsXBLService.cpp:559 5 xul.dll nsCSSFrameConstructor::AddFrameConstructionItemsInternal layout/base/nsCSSFrameConstructor.cpp:5139 6 xul.dll nsCSSFrameConstructor::AddFrameConstructionItems layout/base/nsCSSFrameConstructor.cpp:5077 7 xul.dll nsCSSFrameConstructor::ContentRangeInserted layout/base/nsCSSFrameConstructor.cpp:7167 8 xul.dll nsCSSFrameConstructor::RecreateFramesForContent layout/base/nsCSSFrameConstructor.cpp:9195 9 xul.dll nsCSSFrameConstructor::ProcessRestyledFrames layout/base/nsCSSFrameConstructor.cpp:8029 10 xul.dll mozilla::css::RestyleTracker::DoProcessRestyles layout/base/RestyleTracker.cpp:242 11 xul.dll PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:4089 12 xul.dll CanCacheSubDocument content/base/src/nsDocument.cpp:6938 13 xul.dll ExternalResourceTraverser content/base/src/nsDocument.cpp:793 14 xul.dll nsViewManager::CallWillPaintOnObservers view/src/nsViewManager.cpp:1573 15 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:867 ...
Keywords: topcrash
Now that 714187 has been marked as a duplicate, shouldn't this bug be marked as [sg:critical], since some of these crashes are EXCEPTION_ACCESS_VIOLATION_EXEC and EXCEPTION_ILLEGAL_INSTRUCTION? https://crash-stats.mozilla.com/report/index/c79ec247-e51c-4f49-83d6-a53852120727 https://crash-stats.mozilla.com/report/index/57483d53-0bac-427c-8b95-608332120727
Reporter | ||
Comment 8•12 years ago
|
||
It's currently #1 top crasher in 16.0 on Mac. I see no correlations per extension.
Comment 9•12 years ago
|
||
Leaving this nominated - the crash volume is too low to know for sure whether this will be a top issue.
Reporter | ||
Comment 10•12 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #9) > Leaving this nominated - the crash volume is too low to know for sure > whether this will be a top issue. It's still #3 top browser crasher on Mac in 16.0.1. 17.0b1 is unaffected.
Comment 11•12 years ago
|
||
(In reply to Scoobidiver from comment #8) > It's currently #1 top crasher in 16.0 on Mac. > I see no correlations per extension. bz - do you have any ideas about what's going on here? People have crashed when: "A page was reloading after I hit Back, and in the meantime I had just told it to open Add-ons." "I was actually doing nothing at this point other - pages were loading and an update was being DLd." "I right-clicked a link on an eBay page. The page doesn't matter, because it crashes on many different pages. " Comment 10 means we may wontfix, but let's try to understand what's going on here first.
Comment 12•12 years ago
|
||
I have no idea why this is crashing. At first glance at the stack from comment 0 someone managed to pass in a bogus nsIURI somehow. I have no idea how.
Comment 13•12 years ago
|
||
(In reply to Scoobidiver from comment #8) > It's currently #1 top crasher in 16.0 on Mac. > I see no correlations per extension. Any DLL correlations? Given this is only occurring on the release channel, a 3rd party cause would be most likely.
Reporter | ||
Comment 14•12 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #13) > Any DLL correlations? Given this is only occurring on the release channel, a > 3rd party cause would be most likely. Not on Mac: nsXBLService::GetBinding|EXC_BAD_ACCESS / 0x0000000d (24 crashes) 183% (44/24) vs. 96% (773/803) cl_kernels 100% (24/24) vs. 59% (474/803) libtidy.A.dylib 100% (24/24) vs. 61% (488/803) ColorSyncDeprecated.dylib
Comment 15•12 years ago
|
||
(In reply to JK from comment #7) > shouldn't this bug be marked as [sg:critical], since some of these > crashes are EXCEPTION_ACCESS_VIOLATION_EXEC Possibly, it would be critical if this can be triggered by web content. If it's just Firefox getting itself into an inconsistent state then not necessarily. Still a potential security issue though since we might write more code that exposes these conditions to web content.
Comment 16•12 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #12) > I have no idea why this is crashing. At first glance at the stack from > comment 0 someone managed to pass in a bogus nsIURI somehow. I have no idea > how. Without reproducible steps, are there any speculative/exploratory fixes we can take, or leads for QA to follow up on? If not, I'm not sure we can do much other than hope for a telling crash comment.
Comment 17•12 years ago
|
||
I can't think of anything here offhand. :(
Updated•12 years ago
|
tracking-firefox17:
--- → +
Comment 18•12 years ago
|
||
259 about:newtab 99 http://www.facebook.com/ 84 about:blank 53 about:home 48 https://www.facebook.com/ 23 https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&cont 23 https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&cont 14 https://mail.google.com/mail/u/0/?shva=1#compose 9 https://mail.google.com/mail/?shva=1#compose 8 https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym 7 http://www.gmx.net/ 6 https://login.yahoo.com/config/login_verify2?&.src=ym 6 about:addons 6 https://twitter.com/ 5 https://www.facebook.com/login.php 5 http://www.ebay.de/ 5 http://www.baixaki.com.br/ 5 http://de-de.facebook.com/ 5 https://mail.google.com/mail/u/0/?tab=wm#compose 4 http://www.odnoklassniki.ru/ 4 http://www.seznam.cz/ 4 bar:tabs 4 http://www.ebay.com/ 4 http://www.ig.com.br/ 4 https://login.yahoo.com/config/login 4 http://www.google.com/ 4 about:privatebrowsing 3 https://mail.google.com/mail/u/0/?shva=1#inbox 3 http://www.yahoo.co.jp/ 3 http://mail.ru/ 3 http://www.itau.com.br/index.htm 3 http://www.youtube.com/ 3 https://www.google.com/ 3 http://facebook.com/ 3 http://www.yahoo.com/ 3 http://mail.aol.com/ 3 http://dragonbound.net/ 3 http://tr-tr.facebook.com/ 3 http://pt-br.facebook.com/ 3 http://thepiratebay.se/ From the second signature: 2 https://www.usaa.com/ 2 https://www.e-qip.opm.gov/eqip-applicant/applicant/EditFormData/editForm 2 http://www.yahoo.com/ 2 http://www.lovefilm.com/visitor/login_lf.html 2 about:blank 2 https://accounts.google.com/ 2 https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym 1 http://baike.baidu.com/view/4236.htm 1 https://www.directv.com/ 1 http://www.ixtractor.com/instructions.php 1 https://www.thomsoninnovation.com/login 1 http://www.cpb.org/jobline/results.php?q=new 1 https://www.bol.com/nl/account/login.html 1 http://www.vogue.co.jp/collection/brand/Vivienne-Westeood/13ss-mens 1 http://www.futureshop.ca/en-CA/home.aspx 1 http://www.barbarakrakowgallery.com/artists 1 http://www.sfgate.com/
Keywords: needURLs
Comment 19•12 years ago
|
||
This jumped significantly in yesterday's data in 16 (and also 15, BTW), it's topcrash #11 on that day for 16.0.1
Comment 20•12 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #19) > This jumped significantly in yesterday's data in 16 (and also 15, BTW), it's > topcrash #11 on that day for 16.0.1 Sadly, this is looking like a wontfix for FF16. Thankfully FF17 remains unaffected.
status-firefox16:
--- → wontfix
status-firefox17:
--- → unaffected
Reporter | ||
Comment 21•12 years ago
|
||
It's no longer a top crasher in 17.0 and 18.0b1 on Mac OS X.
status-firefox18:
--- → affected
Keywords: topcrash
Updated•12 years ago
|
Reporter | ||
Updated•11 years ago
|
Crash Signature: [@ nsXBLService::GetBinding(nsIContent*, nsIURI*, bool, nsIPrincipal*, bool*, nsXBLBinding**, nsTArray<nsIURI*, nsTArrayDefaultAllocator>&)]
[@ nsXBLService::GetBinding] → [@ nsXBLService::GetBinding(nsIContent*, nsIURI*, bool, nsIPrincipal*, bool*, nsXBLBinding**, nsTArray<nsIURI*, nsTArrayDefaultAllocator>&)]
[@ @0x0 | nsXBLService::GetBinding(nsIContent*, nsIURI*, bool, nsIPrincipal*, bool*, nsXBLBinding** nsTArray<nsIU…
status-firefox19:
--- → affected
status-firefox20:
--- → affected
status-firefox21:
--- → affected
Version: 16 Branch → Trunk
Comment 22•11 years ago
|
||
Firefox crashes for me with 2 of the signatures mentioned in this bug while deleting profiles in the Profile Manager. Win 7: https://crash-stats.mozilla.com/report/index/bp-5ca2bafd-ef22-45f2-91f8-49d352130114 Mac OS X 10.8.2: https://crash-stats.mozilla.com/report/index/bp-41883b15-f79f-415d-94ac-901862130114 Ubuntu 12.10: https://crash-stats.mozilla.com/report/index/bp-89db5683-90e9-4dd0-9d54-4bb802130114
Comment 23•11 years ago
|
||
https://crash-stats.mozilla.com/report/index/bp-86a3a311-64fb-49ab-a47a-44e8b2130116 Crash while deleting a number of profiles from the profile manager in quick succession.
Comment 24•11 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #16) > Without reproducible steps, are there any speculative/exploratory fixes we > can take, or leads for QA to follow up on? If not, I'm not sure we can do > much other than hope for a telling crash comment. Reproducible STR : 1. Open the profile manager. Create 4-5 new profiles. 2. Copy the complete contents of your main profile to each of the new profiles. 3. Open the profile manager. In quick succession, delete the newly created profiles. Expected : no crash Actual : Crash. Using latest Nightly. Has happened to me once in the past one month.
Reporter | ||
Updated•11 years ago
|
Keywords: reproducible
Reporter | ||
Comment 25•11 years ago
|
||
I can also reproduce by deleting several profiles consecutively.
Reporter | ||
Comment 26•11 years ago
|
||
It's #4 top browser crasher in 17.0.2esr.
status-firefox-esr17:
--- → affected
Comment 27•11 years ago
|
||
Not sure if this is related, but I can sometimes crash Firefox 19 with a SIGSEV when I update an add-on's panel content: Frame Module Signature Source 0 libxul.so nsXBLService::GetBinding nsXBLService.cpp:763 1 libxul.so nsXBLService::GetBinding nsXBLService.cpp:850 2 libxul.so nsXBLService::GetBinding nsXBLService.cpp:743 3 libxul.so nsXBLService::LoadBindings nsXBLService.cpp:504 4 libxul.so nsCSSFrameConstructor::AddFrameConstructionItemsInternal nsCSSFrameConstructor.cpp:5133 5 libxul.so nsCSSFrameConstructor::AddFrameConstructionItems nsCSSFrameConstructor.cpp:5076 6 libxul.so nsCSSFrameConstructor::ContentAppended nsCSSFrameConstructor.cpp:6649 7 libxul.so PresShell::ContentAppended nsPresShell.cpp:4071 8 libxul.so nsNodeUtils::ContentAppended nsNodeUtils.cpp:124 9 libxul.so nsINode::doInsertChildAt nsINode.cpp:1327 10 libxul.so nsINode::ReplaceOrInsertBefore nsINode.cpp:1913 11 libxul.so nsIDOMNode_AppendChild nsINode.h:1451 12 libxul.so js::InvokeKernel jscntxtinlines.h:364 13 libxul.so js::Invoke jsinterp.h:109 14 libxul.so js::BaseProxyHandler::call jsproxy.cpp:266 15 libxul.so js::Wrapper::call jswrapper.cpp:302 16 libxul.so js::CrossCompartmentWrapper::call jswrapper.cpp:635 17 libxul.so proxy_Call jsproxy.cpp:2466 18 libxul.so js::InvokeKernel jscntxtinlines.h:364 19 libxul.so js::Interpret jsinterp.cpp:2336 20 libxul.so js::RunScript jsinterp.cpp:324 [...]
Reporter | ||
Comment 28•11 years ago
|
||
Ove, if you have reliable STR, file a bug as your stack trace is slightly different.
Reporter | ||
Updated•11 years ago
|
Comment 30•11 years ago
|
||
In case this is useful, I crashed on Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0 ID:20131003030203 CSet: 0e26e6f12ad9 like bp-4cd74c5f-e70e-4b16-b7a5-c49fc2131007
Comment 31•10 years ago
|
||
Crashed again on Nightly. Report ID Date Submitted bp-27ad844b-3062-4a4a-ba06-1718e2140318 3/18/2014 9:48 AM Is this bug or something else?
Comment 32•10 years ago
|
||
Just got this on Firefox 32 on Linux (locally built from m-c), after opening a new tab and attempting to type into the location bar: 0 libxul.so!nsXBLService::GetBinding [nsXBLService.cpp:90267d87c375 : 663 + 0x0] 1 libxul.so!nsXBLService::GetBinding [nsXBLService.cpp:90267d87c375 : 750 + 0x12] 2 libxul.so!nsXBLService::GetBinding [nsXBLService.cpp:90267d87c375 : 643 + 0x9] 3 libxul.so!nsXBLService::LoadBindings [nsXBLService.cpp:90267d87c375 : 444 + 0x1e] 4 libxul.so!nsCSSFrameConstructor::AddFrameConstructionItemsInternal [nsCSSFrameConstructor.cpp:90267d87c375 : 5211 + 0x21] 5 libxul.so!nsCSSFrameConstructor::AddFrameConstructionItems [nsCSSFrameConstructor.cpp:90267d87c375 : 5154 + 0x42] 6 libxul.so!nsCSSFrameConstructor::ContentAppended [nsCSSFrameConstructor.cpp:90267d87c375 : 6746 + 0x1a] 7 libxul.so!PresShell::ContentAppended [nsPresShell.cpp:90267d87c375 : 4273 + 0x14] 8 libxul.so!nsNodeUtils::ContentAppended [nsNodeUtils.cpp:90267d87c375 : 134 + 0x1f] 9 libxul.so!nsINode::doInsertChildAt [nsINode.cpp:90267d87c375 : 1506 + 0x8] 10 libxul.so!nsINode::ReplaceOrInsertBefore [nsINode.cpp:90267d87c375 : 2174 + 0x14] 11 libxul.so!mozilla::dom::NodeBinding::appendChild [nsINode.h:90267d87c375 : 1583 + 0x8] That looks similar to the stack from comment #27. Interestingly, the kernel reported what looks like an uncaught child process crash around the same time: Chrome_ChildThr[20788]: segfault at 0 ip 00007fccc12533bc sp 00007fccaddc9430 error 6 in libmozalloc.so[7fccc1252000+2000] But the minidump I found wasn't for plugin-container, so that would be the parent process. I'm not using e10s directly, and I have the newtab tiles disabled, but if I enable them then a child process is started in order to render the thumbnails. Sadly, no STR.
Comment 33•10 years ago
|
||
https://crash-stats.mozilla.com/report/index/8449e0fb-0a1e-45c8-8208-b275b2140828
status-firefox32:
--- → affected
status-firefox33:
--- → affected
Comment 34•10 years ago
|
||
This is now the #2 topcrash on Firefox 34.0 with 966/15392 crashes in the last 7 days. crashing thread: 0 xul.dll nsXBLService::GetBinding(nsIContent*, nsIURI*, bool, nsIPrincipal*, bool*, nsXBLBinding**, nsTArray<nsIURI*>&) dom/xbl/nsXBLService.cpp 1 xul.dll nsXBLService::GetBinding(nsIContent*, nsIURI*, bool, nsIPrincipal*, bool*, nsXBLBinding**, nsTArray<nsIURI*>&) dom/xbl/nsXBLService.cpp 2 xul.dll nsXBLService::LoadBindings(nsIContent*, nsIURI*, nsIPrincipal*, nsXBLBinding**, bool*) dom/xbl/nsXBLService.cpp 3 @0x2299daff
Updated•10 years ago
|
Comment 35•10 years ago
|
||
Most of the stacks are really odd. .
Comment 36•10 years ago
|
||
Comment 32 mentions plugin containers and the other new topcrash on the 34 release this week is bug 1107963 which looks plugin related. It might be worth a look to see if there's any chance they're related.
Comment 37•9 years ago
|
||
FWIW it happened to me when I right-clicked on 'Lock issue' at https://github.com/firebug/firebug.next/issues/283. Here's the crash report: https://crash-stats.mozilla.com/report/index/429f088d-400b-425e-92f3-263782150128 I have multiple extensions installed, which extend the page's context menu. These extensions are Firebug 2.0.7, Adblock Plus 2.6.7, Dict.cc Translation 3.5 and Web Developer 1.2.5 and I just updated Adblock Plus before the crash happened. Sebastian
Comment 38•9 years ago
|
||
Get this on Nightly when downloading an addon with DownThemAll and installing it in Firefox in the same time from AMO. https://crash-stats.mozilla.com/report/index/00368a8e-f666-4517-8660-649532150213
Comment 39•9 years ago
|
||
My crash report https://crash-stats.mozilla.com/report/index/a721c398-b299-49e9-901e-30d772150304 Random crash on https://bugzilla.mozilla.org/enter_bug.cgi
Comment 40•9 years ago
|
||
My installed addons: Adblock Edge 2.1.8 true {fe272bd1-5f76-4ea4-8501-a05d35d823fc} Adblock Plus Pop-up Addon 0.9.2 true adblockpopups@jessehakanen.net Add-on Compatibility Reporter 2.0.5 true compatibility@addons.mozilla.org Add-on Toolbarbutton 1.0.3 true addontbb@byo.co.il Addons Manager Hilite 2.1.2 true addonsmgrhilte@cfl AddThis 3.6.5 true {3e0e7d2a-070f-4a47-b019-91fe5385ba79} Anti-Aliasing Tuner 14.12.03.01 true aatuner@hotmint.com auto-plugin-checker 0.6.4.2 true auto-plugin-checker@jetpack Awesome screenshot: Capture and Annotate 2.4.4 true jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack Battlefield Play4Free 1.0.96.0 true battlefieldplay4free@ea.com Bug 566510 - Allow multiselect operations on tabs 0.12.4 true bug566510@vovcacik.addons.mozilla.org">bug566510@vovcacik.addons.mozilla.org bug419911 (diagonal dragging) 2.1 true bug419911@alice Classic Theme Restorer (Customize UI) 1.2.9.6 true ClassicThemeRestorer@ArisT2Noia4dev Configuration Mania 1.20.2015021801 true {c4d362ec-1cff-4ca0-9031-99a8fad7995a} ContextMenuPlus 1.4.5 true jid1-JslOo8hXnC8AZA@jetpack CookieKeeper 1.8.3 true cookiekeeper@cookiekeeper.mozdev.org Customizations for Adblock Plus 1.0.3 true customization@adblockplus.org Diagnostics for Adblock Plus 1.2.4 true abpwatcher@adblockplus.org DownThemAll! 2.0.18 true {DDC359D1-844A-42a7-9AA1-88A850A938A8} DownThemAll! AntiContainer 1.3 true anticontainer@downthemall.net Element Hiding Helper dla Adblock Plusa 1.3.1 true elemhidehelper@adblockplus.org Enhanced Steam 7.3 true jid1-YdiFiTEkQgInxA@jetpack Fasterfox 3.9.85 true {c36177c0-224a-11da-8cd6-0800200c9a91} FEBE 8.5.1 true {4BBDD651-70CF-4821-84F8-2B918CF89CA3} Firebug 2.0.8 true firebug@software.joehewitt.com Firefinder for Firebug 1.4 true firefinder@robertnyman.com FireFTP 2.0.22 true {a7c6cf7f-112c-4500-a7ea-39801a327e5f} Flash Game Maximizer 1.3.6 true {258735dc-6743-4805-95fc-f95941fffdad} FlashGot 1.5.6.10 true {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FlashStopper 1.2.5 true flashstopper@byo.co.il FMix 0.3 true id@baku.fmix Google search link fix 1.4.9 true jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack Google Shortcuts 2.1.8.2 true {5C46D283-ABDE-4dce-B83C-08881401921C} Greasemonkey 2.3 true {e4a8a97b-f2ed-450b-b12d-ee082ba24781} Hola Better Internet 1.6.850 true jid1-4P0kohSJxU1qGg@jetpack IE Tab 2 (FF 3.6+) 5.12.12.1 true {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} LastPass 3.1.77 true support@lastpass.com MEGA 2.0.219 true firefox@mega.co.nz Microsoft .NET Framework Assistant 1.3.1 true {20a82645-c095-46ed-80e3-08825760534b} MinimizeToTray revived (MinTrayR) 1.1.2 true mintrayr@tn123.ath.cx New Tab Tools 39 true newtabtools@darktrojan.net Open With Photoshop 35.2 true {f3f219f9-cbce-467e-b8fe-6e076d29665c} Permanent List-all-tabs Button 1.0 true listalltabs@sdrocking.com Personas Plus 1.7.3 true personas@christopher.beard Priv8 0.0.7 true id@baku.priv8 Prywatna karta 0.1.7.3 true privateTab@infocatcher Restart 1.2.3 true Restart@schuzak.jp S3.Google Translator 3.09 true s3google@translator Saved Password Editor 2.8.3 true savedpasswordeditor@daniel.dawson SettingSanity 0.8.2 true {12A60D0F-0077-4F41-81B2-1286DDD278BB} Stylish 2.0.2 true {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} Theme Font & Size Changer 35.4 true {f69e22c7-bc50-414a-9269-0f5c344cd94c} TV-Fox 19.0.0 true {2f17f610-5e97-4fed-828f-9940b7b577a4} Weather Forecast 0.1.6 true jid1-aqwHRwQpv3JUMs@jetpack Webmail Ad Blocker 4.28 true gmailnoads@mywebber.com Xmarks 4.3.5 true foxmarks@kei.com Yet Another Smooth Scrolling 3.1.7 true yetanothersmoothscrolling@kataho Auto Refresh 1.0.2 false autorefresh@plugin ChatZilla 0.9.91.1 false {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} EPUBReader 1.5.0.4 false {5384767E-00D9-40E9-B72F-9CC39D655D6F} FavIconReloader 0.8 false FavIconReloader@mozilla.org FBMemes.org 1.0.7 false {e7b8f3ea-257c-44c7-86b6-5e8803761d7f} Font Finder 1.1.1 false fontfinder@bendodson.com FoxLingo 2.7.8 false {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} FxKeyboard 2.4.2 false fxkeyboard@zabreznik.net ProxMate 4.1.2 false jid1-QpHD8URtZWJC2A@jetpack RealDownloader 17.0.15 false {338950EA-82DB-44C1-930D-0C28E023C9F0} Russian Hunspell spellchecking dictionary 1.0.20131101 false hunspell-ru@dictionaries.addons.mozilla.org Security Plus 0.1.2 false jid0-DjsrWcAS3Wgq2xyyqqVL8Dqk1Lo@jetpack Shumway 0.10.212 false shumway@research.mozilla.org Site Information Tool 1.2 false siteinfo@wmtips Tile View 4.3 false tileview@DW-dev Windows Media Player Extension for Firefox 1.1 false jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack
Updated•9 years ago
|
status-firefox39:
--- → affected
Comment 41•9 years ago
|
||
I suspect that the STR in comment 24 was fixed by bug 855402, so we need new STR. FWIW, it's currently #12 in 36.0.1 Top Crash list and rising.
Comment 42•9 years ago
|
||
This signature made a significant jump in crash-stats on 2015-03-14, across multiple channels/trains. Sounds a lot like some external factor, like add-on, website or 3rd-party software being updated.
Comment 43•9 years ago
|
||
We got bug 1144248 filed yesterday where Martin gets a similar crash when running our Mozmill tests and having a specific installed bootstrapped add-on uninstalled. The strack looks a bit different but maybe it is the same? Robert, do we have any correlation for which add-ons are involved in those crashes? Might be we can figure more details out with that information.
Comment 44•9 years ago
|
||
I will add that I have enabled DEP(Data Execution Prevention) for all programs - OptOut option. I have exceptions in DEP, for old games only.
Comment 45•9 years ago
|
||
(In reply to Henrik Skupin (:whimboo) from comment #43) > Robert, do we have any correlation for which add-ons are involved in those > crashes? Might be we can figure more details out with that information. Unfortunately, I didn't see any correlations of use at all when filing this, otherwise I would have noted them. I probably should have mentioned that fact, though.
Comment 46•9 years ago
|
||
Robert, do you have a link to the crash listing? The one in the URL field seems to be outdated and doesn't list any current ones.
Comment 47•9 years ago
|
||
Nowadays, the links in the Crash Signature field actually point to reports, but this is the signature we are seeing now: https://crash-stats.mozilla.com/report/list?signature=nsXBLService%3A%3AGetBinding%28nsIContent*%2C+nsIURI*%2C+bool%2C+nsIPrincipal*%2C+bool*%2C+nsXBLBinding**%2C+nsTArray%3CnsIURI*%3E%26%29 And it's now even listed as #5 for 36.0.1
Comment 48•9 years ago
|
||
atoll reported getting this clicking a tab in preferences. https://crash-stats.mozilla.org/report/index/8b6ee15e-8a1d-435b-9fe9-391b62150330
Comment 49•9 years ago
|
||
(In reply to Richard Newman [:rnewman] from comment #48) > atoll reported getting this clicking a tab in preferences. > > https://crash-stats.mozilla.org/report/index/8b6ee15e-8a1d-435b-9fe9- > 391b62150330 I updated to 36.0.4, then opening the Preferences dialog, clicking to various tabs in this order: Security, Privacy, Sync, Advanced, Certificates, (viewed a certificate or two), General, Tabs, Search, Content, Applications When it hit the Applications tab, it crashed before displaying the pane (to the best of my perception). I am not able to reproduce this after the crash, so I have no idea what's going on.
Comment 50•9 years ago
|
||
If it's of any help, the last time I clicked on the Applications tab was at least 1-3 years ago.
Comment 51•9 years ago
|
||
Neither deleting mimeTypes.rdf nor restoring it from yesterday's backup (dated Oct 01 2014) helped me repro this issue.
Comment 52•9 years ago
|
||
along the same lines, I crashed doing tools | options bp-abb5c779-f4bb-416c-a0d1-ffe8b2150403
Comment 53•9 years ago
|
||
Crashed today with 38.0.1 in a profile I created just this morning (has one extension). https://crash-stats.mozilla.com/report/index/82042572-39ef-4e58-9269-ce8372150515 Flagging for tracking in 38.
Comment 54•9 years ago
|
||
Tracking for 39. I don't think it is actionable for 38.*
Comment 55•9 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #42) > This signature made a significant jump in crash-stats on 2015-03-14, across > multiple channels/trains. Sounds a lot like some external factor, like > add-on, website or 3rd-party software being updated. Is this still a working assumption? (In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #52) > along the same lines, I crashed doing > tools | options > bp-abb5c779-f4bb-416c-a0d1-ffe8b2150403 I just crashed again bp-5c7c8512-8d7f-4c6b-9345-1bc302150520 in a more complex scenario - so I don't have steps. In fact it's a convoluted mess. I had two firefox instances of 2015-05-10 build running. Instance 1 ~150 tabs running for a couple days. Instance two firefox -P -no-remote was running for about 15 minutes, and it background updated firefox before I could tweak the options to have it not update, and it was wanting to restart. In the first instance, I had just clicked a URL in thunderbird, and had attempted to close a tab. And somewhere in there I also clicked update for 4 addons that showed up under available updates (but two disabled addons Greasmonkey and Gecko Profiler were still wanting to update after I restarted, so those updates apparently failed on first attempt). I then discovered crash reporter window hidden because instance 1 had crashed. Only AV I have running is Malwarebytes. The only notable addons I have enabled are Flashblock, Session manager, Tabhunter, Treesyletabs
Whiteboard: [external regression on 2015-03-14?]
Comment 56•9 years ago
|
||
There are also many user examples with no addons. In fact in my sample size of 6, 4 have no addons: bp-6e88948f-1839-4511-b2a5-7b4602150517 bp-8ddc4a91-6b35-4922-845a-8bd9e2150516 bp-e821b3e3-4e58-4bec-a86f-655922150514 CrashAddr 0x5a5a5a5a "I just refreshed Firefox and tried to sign in to Gmail to do my survey." bp-8a2ed0e4-992e-48f6-95f9-78afa2150515 CrashAddr 0x5a5a5a5a with addons: bp-7b163422-0b30-4f4f-a4e9-ec8902150516 CrashAddr 0x5a5a5a5a bp-1f2ddb69-cd5c-48ce-8564-d19092150518 (one addon)
Comment 57•9 years ago
|
||
Too late for 39 beta. Do we really want to be tracking this since we've been wontfixing it since Firefox 16? We are seeing some crashes in 38+. bholly, what do you think? Is this something that would be worth digging into? I'm asking since you're listed as a peer for XBL.
Flags: needinfo?(bobbyholley)
Comment 58•9 years ago
|
||
(In reply to Liz Henry (:lizzard) from comment #57) > bholly, what do you think? Is this something that would be worth digging > into? I'm asking since you're listed as a peer for XBL. The stacks don't point to an obvious XBL problem, and some of the stacks also look corrupt. An obvious thing would be to make baseBindingURI an nsCOMPtr, but I don't think it should matter, since the entire setup should be held alive by the reference to the nsXBLDocumentInfo at the top. Whether or not we spend more time investigating this depends on how bad the crash is. If we do, we probably need a crash specialist to look at it. I don't have any more cycles right now to give this myself, unfortunately.
Flags: needinfo?(bobbyholley)
Comment 59•9 years ago
|
||
(In reply to Bobby Holley (:bholley) from comment #58) > An obvious thing would be to make baseBindingURI an nsCOMPtr, but I don't > think it should matter, since the entire setup should be held alive by the > reference to the nsXBLDocumentInfo at the top. Is it possible to make it an nsCOMPtr and assert that the refcount is at least 2 at that point, or would that not actually result is useful information?
Comment 60•9 years ago
|
||
(In reply to Jed Davis [:jld] {UTC-7} from comment #59) > (In reply to Bobby Holley (:bholley) from comment #58) > > An obvious thing would be to make baseBindingURI an nsCOMPtr, but I don't > > think it should matter, since the entire setup should be held alive by the > > reference to the nsXBLDocumentInfo at the top. > > Is it possible to make it an nsCOMPtr and assert that the refcount is at > least 2 at that point, or would that not actually result is useful > information? Well, my reading of the code shows that the value being returned comes from an nsCOMPtr that doesn't change over the lifetime of the nsXBLPrototypeBinding, which should span the scope of the method. So I don't think that assert would help all that much, though it certainly can't hurt. It seems like the most likely that the nsXBLPrototypeBinding itself has been freed somehow, but I'm not sure how that would happen.
Comment 61•9 years ago
|
||
These have all similar backtraces: bp-d7769428-d57d-468f-abd8-ebb752150619 2015-06-19 21:58 bp-be58025f-fca6-4590-964b-937ba2150606 2015-06-06 16:42 bp-c804c8f3-ca01-465c-92cd-a77eb2150602 2015-06-02 20:40 bp-14c01d53-b05f-4347-94e7-58e9a2150513 2015-05-13 20:03 bp-c96b7ecb-16c7-4966-b5ea-545ac2150429 2015-04-29 19:26 bp-5eb518fd-7856-4bba-9671-638b22150109 2015-01-09 20:37 bp-e6bb2589-e7ca-4d72-943b-cd84a2150108 2015-01-08 19:21 bp-2e9de339-9f3c-4af7-9a63-bbd6d2150104 2015-01-04 18:58 bp-a0c08c13-b921-4842-8e85-eb51f2141205 2014-12-05 21:15 bp-9cc614ad-15dc-4613-929e-6367f2140924 2014-09-24 21:56 bp-ce2796b8-18e9-481e-9adc-e1b4b2140513 2014-05-14 24:01 bp-74797531-8e19-4b6d-b61f-32e4e2130408 2013-04-08 20:39 bp-f1f1f2e2-5de3-4134-bf40-048ac2130227 2013-02-27 22:49 The older ones don't seem to be available anymore, but I'm pretty sure the crashes were in nsXBLService::GetBinding. I say "similar" because only the top 5 frames are the same. Eg comparing: e6bb2589-e7ca-4d72-943b-cd84a2150108 (report points to this bug) with c96b7ecb-16c7-4966-b5ea-545ac2150429 (report does not point to a bug) Also note the sudden increase in crashes in 2015. There were more crashes actually, but I didn't bother submitting them.
Comment 62•9 years ago
|
||
several addons updated. I clicked a non-firefox window. crash nsXBLService::GetBinding(nsIContent*, nsIURI*, bool, nsIPrincipal*, bool*, nsXBLBinding**, nsTArray<T>&) bp-7c42ed1a-c649-4f0c-b650-b385f2150704
Comment 63•9 years ago
|
||
And another one: 88f866f5-9686-41ec-9813-43de92150711 What I did: middle-click a link to open in a new tab. A download was in progress. FF is becoming too unstable. When are you going to do something about this?
Comment 64•9 years ago
|
||
Another one that seems related: 9a3d53ce-acb4-409a-940e-29ea12150822 It has a different backtrace, top 3 frames seem random. But it has nsXBLService::LoadBindings in it. Looks like some memory corruption, uninitialized var or maybe use-after-free? I also think it's a lot more crashes that just don't get correlated having different top frames.
Updated•9 years ago
|
Crash Signature: , bool, nsIPrincipal*, bool*, nsXBLBinding**, nsTArray<nsIURI*>&)] → , bool, nsIPrincipal*, bool*, nsXBLBinding**, nsTArray<nsIURI*>&)]
[@ @0x0 | nsXBLService::GetBinding]
Comment 65•8 years ago
|
||
Just FYI: This crash (any similar looking ones) did not happen again for me since this commit: Bug 1202844, make nsXBLService::GetBinding deal with shutting down during binding loading, r=bz In fact I did not have any crashes for the last 5 months.
Comment 66•8 years ago
|
||
That's awesome to hear! Going to mark this fixed, then.
Updated•5 years ago
|
Comment 68•5 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
Keywords: regression
You need to log in
before you can comment on or make changes to this bug.
Description
•