Description of problem: Accessing the Wikipedia in not-Safe Mode with Adblock Plus add-on installed. Note that there is no Mozilla Crash Reporter in this installation, nor a profile RESET button. Version-Release number of selected component: firefox-26.0-3.fc20 Additional info: reporter: libreport-2.1.10 backtrace_rating: 4 cmdline: /usr/lib/firefox/firefox crash_function: setInt32 executable: /usr/lib/firefox/firefox kernel: 3.12.5-302.fc20.i686+PAE runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 setInt32 at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/assembler/assembler/X86Assembler.h:3250 #1 setRel32 at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/assembler/assembler/X86Assembler.h:3197 #2 PatchJump at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/x86/Assembler-x86.h:233 #3 js::jit::IonRuntime::patchIonBackedges at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/Ion.cpp:433 #4 InterruptCheck at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/VMFunctions.cpp:453 #5 js::jit::CheckOverRecursedWithExtra at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/VMFunctions.cpp:136 #6 ?? #7 ?? #8 EnterBaseline at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/BaselineJIT.cpp:121 #9 js::jit::EnterBaselineMethod at /usr/src/debug/xulrunner-26.0/mozilla-release/js/src/jit/BaselineJIT.cpp:152 Potential duplicate: bug 1041671
Created attachment 842779 [details] File: backtrace
Created attachment 842780 [details] File: cgroup
Created attachment 842781 [details] File: core_backtrace
Created attachment 842782 [details] File: dso_list
Created attachment 842783 [details] File: environ
Created attachment 842784 [details] File: exploitable
Created attachment 842785 [details] File: limits
Created attachment 842786 [details] File: maps
Created attachment 842787 [details] File: open_fds
Created attachment 842788 [details] File: proc_pid_status
Created attachment 842789 [details] File: var_log_messages
Another user experienced a similar problem: i was trying to save an image. when i clicked the ok button and firefox crash. reporter: libreport-2.1.10 backtrace_rating: 4 cmdline: /usr/lib/firefox/firefox crash_function: setInt32 executable: /usr/lib/firefox/firefox kernel: 3.12.5-302.fc20.i686+PAE package: firefox-26.0-3.fc20 reason: firefox killed by SIGSEGV runlevel: N 5 type: CCpp uid: 1000
This is an automated bug update. If you can reproduce the bug, please reopen and remove the [abrt] string from subject. Thanks!
This bug is still happening in Fedora 20 with latest updates. Why was it just closed as WORKSFORME, and how can it be reopened?
Please try to disable baseline jit compiler (set javascript.options.baselinejit.* in about:config to false).
*** Bug 1041671 has been marked as a duplicate of this bug. ***
We're hitting various baseline jit crashes on i686 now. Still investigating. The ION jin engine is disabled right now for all i686 Fedora builds because the package even fails to build with it. It also fails the JS tests so we have a reproducer for it. Interesting thing is that js fails only when build with "disable-debug" options.
Anyway, seems to be fixed on latest trunk.
Seems to be working fine now.