Open
Bug 1277280
Opened 8 years ago
Updated 1 year ago
Crash in CCGraphBuilder::DescribeRefCountedNode in MOZ_RELEASE_ASSERT(aRefCount != 0, "CCed refcounted object has zero refcount");
Categories
(Core :: Cycle Collector, defect, P3)
Tracking
()
People
(Reporter: mccr8, Unassigned)
References
Details
(Keywords: crash, stalled)
Crash Data
This bug was filed from the Socorro interface and is report bp-4550322f-2bf0-46e2-96ee-255b32160530. ============================================================= We're hitting this assertion somewhat frequently. Mostly the stacks are not useful, but I found some that had class names. https://crash-stats.mozilla.com/report/index/b8757191-d174-4bdd-a6f4-dd1da2160531 https://crash-stats.mozilla.com/report/index/4a06154f-1c4c-4579-99b9-f00bd2160525 https://crash-stats.mozilla.com/report/index/041e182a-d0a9-446e-83c9-2a1c62160531 https://crash-stats.mozilla.com/report/index/42fc2c73-68aa-466f-beb7-f2aea2160601 https://crash-stats.mozilla.com/report/index/6c523533-4dd3-4222-a9f7-022ea2160527 https://crash-stats.mozilla.com/report/index/0b4ef824-dad3-451d-bba8-ce3ef2160527 https://crash-stats.mozilla.com/report/index/5cd16fc7-a719-4c5c-b349-d620e2160529 https://crash-stats.mozilla.com/report/index/b464457b-96aa-4ae2-8d9d-3df3a2160531 https://crash-stats.mozilla.com/report/index/9dedb186-819b-4aa2-a557-1a3ab2160531 https://crash-stats.mozilla.com/report/index/8ea5a15d-b558-46e6-abb3-bd7ef2160530 https://crash-stats.mozilla.com/report/index/b62b897a-4279-4d9b-b215-668f42160528 https://crash-stats.mozilla.com/report/index/6745a734-1b0d-4c44-ba49-be1492160531 https://crash-stats.mozilla.com/report/index/a8eeded8-dcd4-4e17-affa-e3ecb2160526 https://crash-stats.mozilla.com/report/index/0757cef7-6dbb-4268-802c-af1a62160527 Mostly but not entirely FragmentOrElement.
|
||
Comment 1•8 years ago
|
||
Crash volume for signature 'CCGraphBuilder::DescribeRefCountedNode':
- nightly (version 50): 0 crash from 2016-06-06.
- aurora (version 49): 11 crashes from 2016-06-07.
- beta (version 48): 190 crashes from 2016-06-06.
- release (version 47): 560 crashes from 2016-05-31.
- esr (version 45): 39 crashes from 2016-04-07.
Crash volume on the last weeks:
Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7
- nightly 0 0 0 0 0 0 0
- aurora 1 0 3 4 1 1 0
- beta 33 20 18 40 29 27 12
- release 86 75 88 86 93 75 25
- esr 3 4 4 4 1 5 2
Affected platforms: Windows, Mac OS X, Linux
status-firefox47:
--- → affected
status-firefox48:
--- → affected
status-firefox-esr45:
--- → affected
|
|
||
Comment 2•8 years ago
|
||
Crash volume for signature 'CCGraphBuilder::DescribeRefCountedNode':
- nightly (version 51): 0 crashes from 2016-08-01.
- aurora (version 50): 3 crashes from 2016-08-01.
- beta (version 49): 63 crashes from 2016-08-02.
- release (version 48): 106 crashes from 2016-07-25.
- esr (version 45): 57 crashes from 2016-05-02.
Crash volume on the last weeks (Week N is from 08-22 to 08-28):
W. N-1 W. N-2 W. N-3
- nightly 0 0 0
- aurora 1 2 0
- beta 15 27 4
- release 37 24 17
- esr 4 10 6
Affected platforms: Windows, Mac OS X, Linux
Crash rank on the last 7 days:
Browser Content Plugin
- nightly
- aurora #843
- beta #954 #688
- release #618
- esr #1109
status-firefox50:
--- → affected
|
||
Comment 3•7 years ago
|
||
I got this crash now 2 times in last week with Firefox 56 Beta: https://crash-stats.mozilla.com/report/index/256464d3-4834-47bb-bd9e-333c50170830
|
||
Comment 4•7 years ago
|
||
I can fairly regularly reproduce this issue when I have large GitHub issue pages open.
|
||
Comment 5•7 years ago
|
||
(In reply to Josh Triplett from comment #4) > I can fairly regularly reproduce this issue when I have large GitHub issue > pages open. Can you provide example pages, and what you're doing to trigger the crash? Or is loading the page sufficient?
Flags: needinfo?(josh)
|
|
||
Updated•7 years ago
|
Priority: -- → P3
|
|
||
Comment 6•7 years ago
|
||
Loading a github issue page and waiting, that's it. Often, I'll use the session restore mechanism after the crash, and a minute or so later it'll crash again, without interacting with it at all. In case it matters, I'm logged into Github. (Which changes some of the UI elements present on the page.)
Flags: needinfo?(josh)
|
Reporter | |
Comment 7•7 years ago
|
||
Thanks for the information. I'll try leaving the Github issues pages for Angular and Bootstrap open and see if it crashes.
|
|
||
Comment 8•7 years ago
|
||
I'm still encountering this, dozens of times every day, on two different systems. I've submitted numerous crash reports; look for those that have github.com URLs.
|
|
Reporter | |
Comment 9•7 years ago
|
||
(In reply to Josh Triplett from comment #8) > I'm still encountering this, dozens of times every day, on two different > systems. I've submitted numerous crash reports; look for those that have > github.com URLs. I only see 3 crash reports with this signature that have Github URLs in them. A NodeJS pull request, one that 404s (presumably from a private repo) and some .md file. I'll leave those two open, along with the other ones. Could you post the crash id from about:crashes? Also, does this reproduce in safe mode (maybe an addon is causing this somehow)? Thanks. Hmm, I thought I'd added an annotation for the object that is crashing, but I guess that's for another place. I'll file a bug for that.
|
|
||
Comment 10•7 years ago
|
||
Here are 7 from today: bp-d4b1a90b-60a3-4526-b8f4-31ce61170915 bp-54787d18-17c8-474c-853c-112551170915 bp-2114558b-4119-42e7-9f31-6b4e01170915 bp-09fccf4e-86e1-44d5-8fe3-208a91170915 bp-080e2d20-0465-421f-ba1a-ba9101170915 bp-c9dac141-b7e7-4cc8-b6b3-c6c8f1170915 bp-020990de-4b97-4163-8f6e-7a4f51170915
|
|
||
Comment 11•7 years ago
|
||
I'm not sure, but I think I might have a hypothesis here. I disabled the It's All Text extension, and I have yet to reproduce this issue again. Github issue pages have a huge number of "hidden" textareas, all of which trigger some handling from It's All Text. I'm wondering if something It's All Text is doing makes the problem much more likely to occur. And that would be consistent with longer issues (more comments) seeming to trigger this more often. Perhaps installing It's All Text and then waiting around on a large GitHub issue page (hundreds of comments) might reproduce the issue more quickly?
|
|
||
Comment 12•7 years ago
|
||
I left It's All Text disabled, and I still haven't reproduced this problem. Considering that it previously happened many times per day, that seems rather definitive.
|
|
Reporter | |
Comment 13•7 years ago
|
||
(In reply to Josh Triplett from comment #12) > I left It's All Text disabled, and I still haven't reproduced this problem. > Considering that it previously happened many times per day, that seems > rather definitive. Thanks for checking. Olli, could you take a look at this? I'm going on PTO for a few weeks and I won't have a chance to look at this before that. It would be good to understand what is going wrong here.
Flags: needinfo?(bugs)
|
||
Comment 14•7 years ago
|
||
Hmm, "It's All Text" is not compatible with current beta/nightly releases. I guess I'll need to build FF56. Unfortunately the crash reports in comment 10 don't seem to have symbols
|
|
||
Comment 15•7 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #14) > Hmm, "It's All Text" is not compatible with current beta/nightly releases. > I guess I'll need to build FF56. Note that I'm seeing this on FF55.
|
|
||
Comment 16•7 years ago
|
||
oh, the addon is up to FF49 only. But ok, I'll force enable it.
|
|
||
Comment 17•7 years ago
|
||
In case it helps, I'm using the version packaged in Debian's "xul-ext-itsalltext" package, version 1.9.3-1, which seems compatible with Firefox 55.
|
|
||
Comment 18•7 years ago
|
||
Josh, any example links where this has happened most often? So far I haven't managed to reproduce with It's All Text
|
|
||
Comment 19•7 years ago
|
||
Wait, are you not using Firefox from Mozilla, but Debian version of it?
Flags: needinfo?(bugs) → needinfo?(josh)
|
|
||
Comment 20•7 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #18) > Josh, any example links where this has happened most often? > So far I haven't managed to reproduce with It's All Text https://github.com/rust-lang/rfcs/pull/2052 https://github.com/rust-lang/rfcs/pull/2137 https://github.com/rust-lang/rfcs/pull/2102 While logged in, in particular. (In reply to Olli Pettay [:smaug] from comment #19) > Wait, are you not using Firefox from Mozilla, but Debian version of it? Correct.
Flags: needinfo?(josh)
|
|
||
Comment 21•7 years ago
|
||
Ok, can you test mozilla provided build. I don't know what all changes Debian has made to their release.
|
|
Reporter | |
Updated•7 years ago
|
Crash Signature: [@ CCGraphBuilder::DescribeRefCountedNode] → [@ CCGraphBuilder::DescribeRefCountedNode] [@ PtrInfo::AnnotatedReleaseAssert ]
|
||
Updated•2 years ago
|
Severity: critical → S2
|
|
Reporter | |
Updated•1 year ago
|
Component: XPCOM → Cycle Collector
|
|
Reporter | |
Comment 22•1 year ago
|
||
The crash volume isn't very high here, and it will be difficult to fix without steps to reproduce.
Severity: S2 → S3
Keywords: stalled
You need to log in
before you can comment on or make changes to this bug.
Description
•