This bug was filed from the Socorro interface and is report bp-fd69cbcd-b9c6-4247-8bce-7b3152140805. ============================================================= Tolgay reports that the "Mind the Time" add-on crashes when e10s is enabled: 0 xul.dll XPCWrappedNativeScope::XPCWrappedNativeScope(JSContext*, JS::Handle<JSObject*>) js/xpconnect/src/XPCWrappedNativeScope.cpp 1 xul.dll xpc::CreateGlobalObject(JSContext*, JSClass const*, nsIPrincipal*, JS::CompartmentOptions&) js/xpconnect/src/nsXPConnect.cpp 2 xul.dll xpc::CreateSandboxObject(JSContext*, JS::MutableHandle<JS::Value>, nsISupports*, xpc::SandboxOptions&) js/xpconnect/src/Sandbox.cpp 3 xul.dll XPCWrappedNativeScope::EnsureAddonScope(JSContext*, JSAddonId*) js/xpconnect/src/XPCWrappedNativeScope.cpp 4 xul.dll xpc::GetAddonScope(JSContext*, JS::Handle<JSObject*>, JSAddonId*) js/xpconnect/src/XPCWrappedNativeScope.cpp 5 xul.dll mozilla::EventListenerManager::CompileEventHandlerInternal(mozilla::EventListenerManager::Listener*, nsAString_internal const*, mozilla::dom::Element*) dom/events/EventListenerManager.cpp 6 xul.dll mozilla::EventListenerManager::SetEventHandler(nsIAtom*, nsAString_internal const&, bool, bool, mozilla::dom::Element*) dom/events/EventListenerManager.cpp 7 xul.dll mozilla::dom::Element::SetEventHandler(nsIAtom*, nsAString_internal const&, bool) content/base/src/Element.cpp 8 xul.dll nsGenericHTMLElement::AfterSetAttr(int, nsIAtom*, nsAttrValue const*, bool) content/html/content/src/nsGenericHTMLElement.cpp 9 xul.dll mozilla::dom::Element::SetAttrAndNotify(int, nsIAtom*, nsIAtom*, nsAttrValue const&, nsAttrValue&, unsigned char, bool, bool, bool) content/base/src/Element.cpp 10 xul.dll mozilla::dom::Element::SetAttr(int, nsIAtom*, nsIAtom*, nsAString_internal const&, bool) content/base/src/Element.cpp 11 xul.dll nsGenericHTMLElement::SetAttr(int, nsIAtom*, nsIAtom*, nsAString_internal const&, bool) content/html/content/src/nsGenericHTMLElement.cpp 12 xul.dll nsHtml5TreeOperation::CreateElement(int, nsIAtom*, nsHtml5HtmlAttributes*, mozilla::dom::FromParser, nsHtml5DocumentBuilder*) parser/html/nsHtml5TreeOperation.cpp 13 xul.dll nsHtml5TreeOperation::Perform(nsHtml5TreeOpExecutor*, nsIContent**) parser/html/nsHtml5TreeOperation.cpp 14 xul.dll nsHtml5TreeOpExecutor::RunFlushLoop() parser/html/nsHtml5TreeOpExecutor.cpp 15 xul.dll nsHtml5ExecutorFlusher::Run() parser/html/nsHtml5StreamParser.cpp 16 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 17 xul.dll NS_ProcessPendingEvents(nsIThread*, unsigned int) xpcom/glue/nsThreadUtils.cpp 18 xul.dll nsWindow::DispatchPendingEvents() widget/windows/nsWindow.cpp 19 xul.dll nsWindow::ProcessMessage(unsigned int, unsigned int&, long&, long*) widget/windows/nsWindow.cpp 20 xul.dll nsWindow::WindowProcInternal(HWND__*, unsigned int, unsigned int, long) widget/windows/nsWindow.cpp 21 xul.dll CallWindowProcCrashProtected xpcom/base/nsCrashOnException.cpp 22 xul.dll nsWindow::WindowProc(HWND__*, unsigned int, unsigned int, long) widget/windows/nsWindow.cpp 23 user32.dll InternalCallWinProc 24 user32.dll UserCallWinProcCheckWow 25 user32.dll DispatchMessageWorker 26 user32.dll DispatchMessageW 27 xul.dll nsAppShell::ProcessNextNativeEvent(bool) widget/windows/nsAppShell.cpp 28 xul.dll nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool, unsigned int) widget/xpwidgets/nsBaseAppShell.cpp 29 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 30 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 31 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 32 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 33 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 34 xul.dll nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 35 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp 36 xul.dll nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 37 xul.dll XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 38 xul.dll XREMain::XRE_main(int, char** const, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp 39 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp 40 firefox.exe do_main browser/app/nsBrowserApp.cpp 41 firefox.exe NS_internal_main(int, char**) browser/app/nsBrowserApp.cpp 42 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp 43 firefox.exe __tmainCRTStartup f:/dd/vctools/crt_bld/self_x86/crt/src/crtexe.c:552 44 kernel32.dll BaseThreadInitThunk

Tolgay says Mind the Time crashes every time he uses it.

Another add-on crashes Firefox e10s in the same way, see bug 1050209. STR: 1) Install Divel Notepad https://addons.mozilla.org/en-us/firefox/addon/divel-notepad/ 2) In e10s mode, you need to disable/reenable the add-on to display the add-on icons (bug surely). 3) Write a note and save it. 4) Display the note. Result: crash.

Tolgay and Loic: do "Mind the Time" and "Divel Notepad" still crash for you?

I tried with Divel Notepad but only with a single e10s window because I'm not able to display the add-on icons in the toolbar (it's a bug). With a single e10s window, it doesn't crash, but I can't confirm it doesn't crash in full e10s mode.

I tested again and "Mind the Time" crashed.Here crash report:https://crash-stats.mozilla.com/report/index/553bea4c-0c36-468d-a262-075492140829

Edit:Sorry,I updated nightly now then tested again it is still crashing.Here new crash report for latest version of nightly: https://crash-stats.mozilla.com/report/index/35c58e6d-63fa-45e4-b425-104f42140829

(In reply to Loic from comment #5) > I tried with Divel Notepad but only with a single e10s window because I'm > not able to display the add-on icons in the toolbar (it's a bug). Filed bug 1060907.

Instant crash at start-up on my side with the addon "Mind the Time" in e10s mode. CR: https://crash-stats.mozilla.com/report/index/16d1d86c-d625-48cb-9753-fc5e12140831

The problem here is that Jetpack can load HTML unprivileged pages from its add-on package. (I'm sure XUL add-ons can do this too, but it's probably a lot more rare.) Any event listeners on the page will trigger a call to GetAddonScope, which will assert because the original scope doesn't have system principals. Even if we were to fix this issue and allow content scopes to have associated add-on scopes, we'd still have problem that <script> tags inside HTML documents wouldn't load inside the add-on scope--we only do that for XUL documents. I think the best thing to do here is for GetAddonScope to return the original scope. We won't get any shims, but that's okay. We have a GSoC student working on getting Jetpack to work without shims.

Comment on attachment 8496339 [details] [diff] [review] fix-mind-the-time Review of attachment 8496339 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/xpconnect/src/XPCWrappedNativeScope.cpp @@ +378,5 @@ > } > > JSAutoCompartment ac(cx, contentScope); > XPCWrappedNativeScope *nativeScope = CompartmentPrivate::Get(contentScope)->scope; > + if (!nsContentUtils::IsSystemPrincipal(nativeScope->GetPrincipal())) { Please do an equality check with nsXPConnect::SystemPrincipal() rather than using nsCOntnetUtils, in case this happens early in startup.