Closed
Bug 1258331
Opened 8 years ago
Closed 8 years ago
crash in StyleCoordToValue
Categories
(Core :: Layout, defect, P1)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jimm, Assigned: hiro)
References
Details
(Keywords: crash)
Crash Data
Currently #10 top crasher in the beat 46 e10s experiment. Crashes occur in the content process. report bp-2bbaa386-3d83-4751-a751-1e87e2160315 http://hg.mozilla.org/releases/mozilla-beta/annotate/fb3494d06dfb/layout/style/StyleAnimationValue.cpp#l2850 StyleCoordToValue mozilla::StyleAnimationValue::ExtractComputedValue(nsCSSProperty, nsStyleContext*, mozilla::StyleAnimationValue&) nsTransitionManager::ConsiderStartingTransition(nsCSSProperty, mozilla::StyleTransition const&, mozilla::dom::Element*, mozilla::AnimationCollection*&, nsStyleContext*, nsStyleContext*, bool*, nsCSSPropertySet*) sTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, RefPtr<nsStyleContext>*) @0x17 mozilla::RestyleManager::TryStartingTransition(nsPresContext*, nsIContent*, nsStyleContext*, RefPtr<nsStyleContext>*) mozilla::ElementRestyler::RestyleSelf(nsIFrame*, nsRestyleHint, unsigned int*, nsTArray<mozilla::ElementRestyler::SwapInstruction>&) mozilla::ElementRestyler::Restyle(nsRestyleHint)
|
||
Comment 1•8 years ago
|
||
All the reports has same OS version and graphics adapter. I suspect this repeatedly reported by one machine.
|
Reporter | |
Comment 2•8 years ago
|
||
Crashes per installation: 157 over 5 installs So yes this is affecting a very narrow group of users.
|
|
Reporter | |
Updated•8 years ago
|
|
||
Comment 3•8 years ago
|
||
Bas, any thoughts here? all reports have the same graphics driver.
Flags: needinfo?(bas)
|
||
Comment 4•8 years ago
|
||
(In reply to Brad Lassey [:blassey] (use needinfo?) from comment #3) > Bas, any thoughts here? all reports have the same graphics driver. The stack at the very least doesn't show anything reminiscent of graphics. As far as I can tell these are also already blacklisted drivers and they're not getting any form of acceleration. There's also no GPU driver loaded into the process address space (as per the modules section), it could be the graphics driver somehow plays a role in an obscure indirect way. A bug in the kernel mode portion of the driver which windows always uses somehow corrupting heap memory, or something like that, but that becomes extremely speculative.
Flags: needinfo?(bas)
|
|
||
Comment 5•8 years ago
|
||
Andrew, can you help find an assignee here? This is a top e10s crash
Flags: needinfo?(overholt)
|
||
Updated•8 years ago
|
Flags: needinfo?(overholt) → needinfo?(bugs)
|
||
Comment 6•8 years ago
|
||
There's at least one known bug affecting beta relating to transitions where we can get in a situation of repeatedly generating transitions ad-infinitum: bug 1245260 which I've just requested beta approval for. There's a very slight chance it is related to this although I don't know why it would only show up with e10s on. (That bug is triggered by certain content which is consistent with only a small number of users hitting it often.)
|
Assignee | |
Comment 7•8 years ago
|
||
It's hard to tell, but I think it might be related to bug 1245260. Here are other crashes which has similar stack traces (I think) with OOM in ConsiderStartingTransition. https://crash-stats.mozilla.com/report/list?signature=OOM+%7C+unknown+%7C+mozalloc_abort+%7C+mozalloc_handle_oom+%7C+moz_xmalloc+%7C+nsTransitionManager%3A%3AConsiderStartingTransition&#tab-reports I believe these crashes were caused by the same reason of bug 1245260 because the infinite restyling for transitions eventually exhaust memory. One thing I don't quite understand is that there is no memory fields in crash reports when the crash happened in the content process. If there were memory fields, it would tell us something.
|
|
Assignee | |
Comment 8•8 years ago
|
||
(In reply to Hiroyuki Ikezoe (:hiro) from comment #7) > One thing I don't quite understand is that there is no memory fields in > crash reports when the crash happened in the content process. If there were > memory fields, it would tell us something. Bug 1257486 has been already filed.
|
||
Comment 9•8 years ago
|
||
(In reply to Hiroyuki Ikezoe (:hiro) from comment #7) > It's hard to tell, but I think it might be related to bug 1245260. > > Here are other crashes which has similar stack traces (I think) with OOM in > ConsiderStartingTransition. Sure smells like it. Let's check again after we uplift of bug 1245260. Andrew: I don't have raw memdump access in bugzilla but if you do, a search for "history.com" may also point us back to bug 1245260.
Flags: needinfo?(bugs) → needinfo?(overholt)
|
|
||
Comment 10•8 years ago
|
||
I don't have raw dump access, sorry. Brad?
Flags: needinfo?(overholt) → needinfo?(blassey.bugs)
|
|
||
Comment 11•8 years ago
|
||
I don't have access either, but from someone who does its all gmail
Flags: needinfo?(blassey.bugs)
|
|
||
Comment 12•8 years ago
|
||
Jet, still need an assignee. This is the #3 top crash for e10s
Flags: needinfo?(bugs)
Priority: -- → P1
|
|
||
Comment 13•8 years ago
|
||
To Hiro for follow-up now that bug 1245260 is fixed in 46 as of today. If we see any more crashes, please note that in this bug.
Assignee: nobody → hiikezoe
Flags: needinfo?(bugs)
|
|
Assignee | |
Comment 14•8 years ago
|
||
Sure. I will watch carefully.
|
|
Reporter | |
Comment 15•8 years ago
|
||
appears to be fixed. not showing up in our e10s experiments at all.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•