Bug 1041671

Summary: firefox-26.0-2.fc19: setInt32 [JIT]
Product: [Fedora] Fedora Reporter: Sergey Kurtsev <skurtsev>
Component: firefoxAssignee: Martin Stransky <stransky>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: doug.huffman1, ecdpalma, gecko-bugs-nobody, ra, rtc, stransky, w00e, wuwej
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/471426535c09fb7a4b4f84d692782f789dcb1089
Whiteboard: abrt_hash:5414ed28f37ed94d0d2a24444a86f2e9a97b1b80
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-15 13:30:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Sergey Kurtsev 2013-12-12 18:35:15 UTC 
Version-Release number of selected component:
firefox-26.0-2.fc19

Additional info:
reporter:       libreport-2.1.9
backtrace_rating: 4
cmdline:        /usr/lib/firefox/firefox
crash_function: setInt32
executable:     /usr/lib/firefox/firefox
kernel:         3.11.10-200.fc19.i686.PAE
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 setInt32 at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/assembler/assembler/X86Assembler.h:3250
 #1 setRel32 at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/assembler/assembler/X86Assembler.h:3197
 #2 PatchJump at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/x86/Assembler-x86.h:233
 #3 js::jit::IonRuntime::patchIonBackedges at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/Ion.cpp:433
 #4 InterruptCheck at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/VMFunctions.cpp:453
 #5 js::jit::CheckOverRecursedWithExtra at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/VMFunctions.cpp:136
 #6 ??
 #7 ??
 #8 EnterBaseline at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/BaselineJIT.cpp:121
 #9 js::jit::EnterBaselineMethod at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/BaselineJIT.cpp:152
Comment 1 Sergey Kurtsev 2013-12-12 18:35:32 UTC 
Created attachment 835983 [details]
File: backtrace
Comment 2 Sergey Kurtsev 2013-12-12 18:35:34 UTC 
Created attachment 835984 [details]
File: cgroup
Comment 3 Sergey Kurtsev 2013-12-12 18:35:37 UTC 
Created attachment 835985 [details]
File: core_backtrace
Comment 4 Sergey Kurtsev 2013-12-12 18:35:39 UTC 
Created attachment 835986 [details]
File: dso_list
Comment 5 Sergey Kurtsev 2013-12-12 18:35:42 UTC 
Created attachment 835987 [details]
File: environ
Comment 6 Sergey Kurtsev 2013-12-12 18:35:46 UTC 
Created attachment 835988 [details]
File: exploitable
Comment 7 Sergey Kurtsev 2013-12-12 18:35:48 UTC 
Created attachment 835989 [details]
File: limits
Comment 8 Sergey Kurtsev 2013-12-12 18:35:50 UTC 
Created attachment 835990 [details]
File: maps
Comment 9 Sergey Kurtsev 2013-12-12 18:35:52 UTC 
Created attachment 835991 [details]
File: open_fds
Comment 10 Sergey Kurtsev 2013-12-12 18:35:54 UTC 
Created attachment 835992 [details]
File: proc_pid_status
Comment 11 Sergey Kurtsev 2013-12-12 18:35:57 UTC 
Created attachment 835993 [details]
File: var_log_messages
Comment 12 Richard Allen 2013-12-14 04:14:43 UTC 
Since the recent Firefox update, firefox has been crashinf quite frequently for me as well.
I'm on x86_64
Comment 13 Peter Backes 2013-12-14 16:02:06 UTC 
(In reply to Richard Allen from comment #12)
> Since the recent Firefox update, firefox has been crashinf quite frequently
> for me as well.

Same issue here (frequent crashes)... even with all add-ons disabled

I can reproduce it by going to http://de.wikipedia.org/wiki/Volksrepublik_China

i686
Comment 14 Benjamin Hardill 2013-12-14 19:09:33 UTC 
This version won't stay up more than a few seconds at a time on most sites I'm visiting

Anybody got a link to the Firefox 25 build to roll back to, yum downgrade is only offering 21 as an alternative
Comment 15 Peter Backes 2013-12-15 11:52:45 UTC 
sudo yum downgrade http://kojipkgs.fedoraproject.org//packages/firefox/25.0/3.fc19/i686/firefox-25.0-3.fc19.i686.rpm http://kojipkgs.fedoraproject.org//packages/xulrunner/25.0/5.fc19/i686/xulrunner-25.0-5.fc19.i686.rpm
Comment 16 Martin Stransky 2013-12-16 14:41:54 UTC 
Unable to reproduce. Can you test upstream binaries from mozilla.com?
Comment 17 Mike H 2013-12-16 21:54:12 UTC 
I seem to be able to get it to crash trying to look at pdf files.
I have a 32 bit version on a PAE kernel, and had been using the
internal "preview in firefox" to look at the pdf.
Was crashing repeatedly clicking the pdf link in this
url:  http://www.diamondmm.com/6570pe32g-diamond-amd-radeon-hd-graphic-card.html

I just switched to xpdf and it worked fine.
Comment 18 Mike H 2013-12-16 21:58:33 UTC 
Switched back to "preview in firefox" and the pdf link makes it core
dump.

using xpdf seems to be a workaround.
Comment 19 Mike H 2013-12-16 22:17:11 UTC 
although the wikipedia page mentioned above seems to also crash my firefox..
Comment 20 Mike H 2013-12-17 17:15:22 UTC 
I downloaded the firefox from mozilla.com, and the wikipedia link did not
crash it.
Comment 21 Wu 2013-12-19 21:44:09 UTC 
The same problem here, it crashed almost on anything:
- after first letter of master pasword
- after download file confirmation 
- on bigger pages in Wikipedia
- when switching tabs on twitter from "connect" to "home"
Comment 22 Doug Huffman 2013-12-22 16:13:06 UTC 
Another user experienced a similar problem:

merely browsing

reporter:       libreport-2.1.10
backtrace_rating: 4
cmdline:        /usr/lib/firefox/firefox
crash_function: setInt32
executable:     /usr/lib/firefox/firefox
kernel:         3.12.5-200.fc19.i686.PAE
package:        firefox-26.0-2.fc19
reason:         firefox killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 23 ecdpalma 2013-12-22 21:01:27 UTC 
Some further info:

- firefox 26 crashes almost always when I visit certain Wikipedia pages. E.g.:

http://en.wikipedia.org/wiki/Ludwig_van_Beethoven
http://en.wikipedia.org/wiki/Heinrich_Himmler

- the backtrace is very similar to the one posted here previously (that's how I've found this).

- after some tests (new profile, safe mode, etc), I discovered that turning javascript.options.baselinejit.content to false is a workaround.

- downgraded to version 25.0-3 and the problem didn't show up.
Comment 24 Doug Huffman 2013-12-22 22:18:43 UTC 
Yes, "transferring bits from Wikipedia."  Unable to access Wikipedia.
Comment 25 Doug Huffman 2013-12-22 22:32:54 UTC 
Edit the above, "transferring from bits.wikipedia.org
Comment 26 Peter Backes 2013-12-23 20:56:53 UTC 
(In reply to ecdpalma from comment #23)
> - after some tests (new profile, safe mode, etc), I discovered that turning
> javascript.options.baselinejit.content to false is a workaround.

Indeed, thanks. How exactly did you figure that out?
Comment 27 Doug Huffman 2013-12-23 22:11:03 UTC 
Another user experienced a similar problem:

it ocurred while running a script in vBulletin

reporter:       libreport-2.1.10
backtrace_rating: 4
cmdline:        /usr/lib/firefox/firefox
crash_function: setInt32
executable:     /usr/lib/firefox/firefox
kernel:         3.12.5-200.fc19.i686.PAE
package:        firefox-26.0-2.fc19
reason:         firefox killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 28 Doug Huffman 2013-12-24 19:01:28 UTC 
Another user experienced a similar problem:

occurred as downloading from bits.wikipedia

reporter:       libreport-2.1.10
backtrace_rating: 4
cmdline:        /usr/lib/firefox/firefox
crash_function: setInt32
executable:     /usr/lib/firefox/firefox
kernel:         3.12.5-200.fc19.i686.PAE
package:        firefox-26.0-2.fc19
reason:         firefox killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 29 Peter Backes 2014-01-10 22:04:47 UTC 
bug still present after upgrading to f20

firefox-26.0-3.fc20.i686
Comment 30 Phil 2014-01-24 07:57:50 UTC 
first ocurred with 26.0-5.fc20.i686, firefox now crashes about twice a day.
Comment 31 Peter Backes 2014-02-08 19:47:02 UTC 
Upgraded to firefox-27.0-1.fc20.i686. Problem seems to be gone now.
Comment 32 Martin Stransky 2014-09-15 13:30:30 UTC 

*** This bug has been marked as a duplicate of bug 1047079 ***