Closed Bug 828205 Opened 13 years ago Closed 13 years ago

crash in js::DebugScopeProxy::has with Firebug

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
18 Branch
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla21
Tracking Flags:
Tracking Status
firefox18 + verified
firefox19 + verified
firefox20 --- verified

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, topcrash, Whiteboard: [qa-])

Crash Data

It's #1 top browser crasher on Linux in the first hours of 18.0. It's correlated to Firebug: js::DebugScopeProxy::has|SIGSEGV (32 crashes) 100% (32/32) vs. 32% (62/195) firebug@software.joehewitt.com (Firebug, https://addons.mozilla.org/addon/1843) 6% (2/32) vs. 2% (3/195) 1.10.6 91% (29/32) vs. 30% (58/195) 1.11.1 3% (1/32) vs. 1% (1/195) 1.9.2 Signature js::DebugScopeProxy::has More Reports Search UUID 84e2516f-0f06-47df-8724-998672130109 Date Processed 2013-01-09 06:45:22 Uptime 9 Last Crash 37 seconds before submission Install Age 1.5 hours since version was first installed. Install Time 2013-01-09 05:14:19 Product Firefox Version 18.0 Build ID 20130108033946 Release Channel release OS Linux OS Version 0.0.0 Linux 2.6.32-45-generic #101-Ubuntu SMP Mon Dec 3 15:39:38 UTC 2012 x86_64 Build Architecture amd64 Build Architecture Info family 0 model 0 stepping 0 Crash Reason SIGSEGV Crash Address 0x0 User Comments Reloaded resources in script panel in firebug which reloaded the page when an alert was still open App Notes OpenGL: Mesa Project -- Software Rasterizer -- 2.1 Mesa 7.7.1 -- texture_from_pixmap Processor Notes /data/socorro/stackwalk/bin/exploitable: ERROR: unable to analyze dump EMCheckCompatibility True Frame Module Signature Source 0 libxul.so js::DebugScopeProxy::has jsscript.h:189 1 libxul.so js::Proxy::has jsproxy.cpp:2362 2 libxul.so proxy_LookupGeneric jsproxy.cpp:2576 3 libxul.so js::LookupName jsobjinlines.h:1026 4 libxul.so js::Interpret jsinterpinlines.h:430 5 libxul.so js::RunScript jsinterp.cpp:324 6 libxul.so js::ExecuteKernel jsinterp.cpp:509 7 libxul.so js::EvaluateInEnv Debugger.cpp:3429 8 libxul.so JS_EvaluateUCInStackFrame jsdbgapi.cpp:751 9 libxul.so jsd_EvaluateUCScriptInStackFrame jsd_stak.cpp:416 10 libxul.so JSD_AttemptUCScriptInStackFrame jsdebug.cpp:797 11 libxul.so jsdStackFrame::Eval jsd_xpc.cpp:2047 12 libxul.so NS_InvokeByIndex_P xptcinvoke_x86_64_unix.cpp:164 13 libxul.so XPCWrappedNative::CallMethod XPCWrappedNative.cpp:3083 14 libxul.so XPC_WN_CallMethod XPCWrappedNativeJSOps.cpp:1469 15 libxul.so js::InvokeKernel jscntxtinlines.h:364 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3ADebugScopeProxy%3A%3Ahas
"javascript debugger of firebug crashes on visiting an extjs 4 site" "Updated my Ubuntu 10.04.4 LTS with latest changes; rebooted; Access my gmail account; Mozilla crashes" "Crash while I was debuging script with firebug and DoJo framework 1.18. I had put a breakpoint in my script. When i reopen firebug, it crashs. I can reproduce incident many times." "Crash every time when i use firebug, it happen after i updated firefox" "Debugging dynamic web pages with web sockets. I have two tabs open. One issues a server request (through onclick handler) which leads to a socket message to the page in the second tab. To debug there is an "alert" when receiving it. The next line has break point in firebug. Bug is reproducable. Page addresses are useless to you - all are localhost. I can't make server side public." Jan - can you take a look at this issue? I've also CC'd David/Naveed from the JS team to help find somebody to help you. We should also get URLs and QA can try to reproduce as well.
Flags: needinfo?(kairo)
Keywords: needURLs, qawanted
QA Contact: jbecerra
This is only occurring on Ubuntu 10.04 builds which are built with GCC 4.4, and is fixed by turning off strict aliasing (see bug 821502)
Bug 821502 is wontfixed for 19.0 and 20.0.
Depends on: 821502
I'll ask if we can land it there; sounds like we should.
(In reply to Chris Coulson from comment #2) > This is only occurring on Ubuntu 10.04 builds which are built with GCC 4.4, > and is fixed by turning off strict aliasing (see bug 821502) Chris, do you have a bug for backporting bug 821502 to your builds?
(In reply to Justin Lebar [:jlebar] from comment #4) > I'll ask if we can land it there; sounds like we should. I have just approved the approvals for 19,20..Also reading the risk profile (in bug 821502))this seems to be a good ride-along for release as well if we have a 18.0.1. Please let us know if the risk profile still holds true for a release uplift or any other implications & help with the nomination of a backport patch on release accordingly ? Thanks !
We pretty much know the problem, so not posting URLs, most of which are localhost and internal sites anyhow.
Flags: needinfo?(kairo)
Keywords: needURLs
Keywords: verifyme
I have been trying to reproduce this issue on Firefox 18.0 on Ubuntu 10.04.4 LTS for quite a while now but with no luck. I used the Firebug JS debugger on pages with websockets, on google services etc. I even updated Ubuntu, as specified in one comment. I also used the google services, pages with websockets, tried to go for everything mentioned in comment 1, and did exploratory around those mentions. There were no crashes at any points. I can't verify this bug without first reproducing it on affected versions. If anyone has clear steps for reproducing it, please add them in a comment here or email me.
Whiteboard: [qa?]
(In reply to Ioana Budnar [QA] from comment #8) > I have been trying to reproduce this issue on Firefox 18.0 on Ubuntu 10.04.4 > LTS for quite a while now but with no luck. You used Ubuntu's builds of Firefox there? Note that Mozilla's Firefox build do not have this problem as they are compiled with a newer gcc.
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #9) > You used Ubuntu's builds of Firefox there? Note that Mozilla's Firefox build > do not have this problem as they are compiled with a newer gcc. Yes, I've been using Mozilla's Firefox build (ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/18.0-candidates/build1/linux-i686/en-US/). Can you direct me to where I can find a build with this issue?
The Ubuntu distribution comes with Firefox. Is it not there?
(In reply to Justin Lebar [:jlebar] from comment #11) > The Ubuntu distribution comes with Firefox. Is it not there? It comes with the last release - that helps me reproduce the bug. To verify it I need 18.0.1 and 19 beta. These are the build I am trying to find.
> To verify it I need 18.0.1 and 19 beta. These are the build I am trying to find. It does not look like the Ubuntu folks have spun an 18.0.1 build yet. See the package page [1]. Similarly, although there are builds of 19 beta, they're not for Ubuntu 10.0.4, as you can see on the package page. You can download the deb anyway here [2], although it may not work properly. (It'll probably be fine.) Chris, would you mind letting us know when you have an 18.0.1 build you'd like Ioana to verify? [1] https://launchpad.net/ubuntu/+source/firefox [2] https://launchpad.net/ubuntu/raring/amd64/firefox/19.0~b2+build1-0ubuntu1
Thanks for the info, Robert and Justin. I managed to reproduce this issue on Firefox 18, but I can't install 19 beta 2. When trying to install it, I get "Error: Dependency is not satisfiable: libc6 (>= 2.15)" - sudo apt-get upgrade tells me it's not installing any updates. Is there any way I can install this build? I've also tried to reproduce this bug on Ubuntu 12.04, on the Ubuntu Firefox 18 build, but it doesn't reproduce.
(In reply to Ioana Budnar [QA] from comment #14) > sudo apt-get > upgrade tells me it's not installing any updates. None of the upgrade, update, or install options install anything for this lib.
> Is there any way I can install this build? I don't think trying to install the FF19 beta build from Raring is a useful exercise. It's built with a newer version of GCC. You have verified that this version of GCC does not exhibit this bug by testing on Ubuntu 12.04.
(In reply to Justin Lebar [:jlebar] from comment #16) > > Is there any way I can install this build? > > I don't think trying to install the FF19 beta build from Raring is a useful > exercise. It's built with a newer version of GCC. You have verified that > this version of GCC does not exhibit this bug by testing on Ubuntu 12.04. I got the deb you suggested in comment 13 (the 32bit one, not the 64bit though). Can I find somewhere else another Firefox 19 beta 2, that is built with the right GCC?
> I got the deb you suggested in comment 13 (the 32bit one, not the 64bit though). Exactly, and that is for Raring (Ubuntu 13.04), which uses a newer GCC. I shouldn't have suggested it. :) > Can I find somewhere else another Firefox 19 beta 2, that is built with the right GCC? Even if you could find some such build floating around on the interwebs, you want to test the official releases anyway. There's no official release of FF19b2 for 10.04 that I can see, particularly because ESL versions of Ubuntu don't get beta software (afaik).
Given recent comments in this bug, I don't see that there's a way we can reliably verify this is fixed. I think it's safe enough to release 18.0.1 and 19.0b2 with the changes and rely on feedback channels to inform us. Please add the verifyme keyword if there's something QA can check above and beyond what we've already tried.
Keywords: qawanted, verifyme
Whiteboard: [qa?] → [qa-]
Hi, 18.0.1 builds are currently in https://launchpad.net/~ubuntu-mozilla-security/+archive/ppa. Sorry, this didn't get published to the main archive yet due to Friday release / timezone skew, but it will happen today
And betas for all Ubuntu versions are in https://launchpad.net/~mozillateam/+archive/firefox-next ;)
It's fixed by bug 821502. There are no crashes in 18.0.1.
status-firefox18: affectedverified
status-firefox19: affectedfixed
status-firefox20: --- → fixed
Target Milestone: --- → mozilla21
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.