Closed Bug 1294133 Opened 9 years ago Closed 9 years ago

Crash in mozilla::ContainerState::GetLayerCreationHint

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Version:
45 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox48 --- wontfix
firefox49 --- fixed
firefox-esr45 --- affected
firefox50 --- fixed
firefox51 --- fixed

People

(Reporter: philipp, Assigned: tnikkel)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

nullagr
1.03 KB, patch
mattwoodrow
: review+
gchang
: approval-mozilla-aurora+
gchang
: approval-mozilla-beta+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-48bddb54-1e56-41c0-b6bd-db8c12160810. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll mozilla::ContainerState::GetLayerCreationHint(AnimatedGeometryRoot*) layout/base/FrameLayerBuilder.cpp:2193 1 xul.dll mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) layout/base/FrameLayerBuilder.cpp:4029 2 xul.dll mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits> const*, unsigned int) layout/base/FrameLayerBuilder.cpp:5289 3 xul.dll mozilla::dom::XULDocument::ResumeWalk() dom/xul/XULDocument.cpp:2801 4 xul.dll js::detail::HashTable<js::HashMapEntry<js::jit::CacheIRStubKey, js::ReadBarriered<js::jit::JitCode*> >, js::HashMap<js::jit::CacheIRStubKey, js::ReadBarriered<js::jit::JitCode*>, js::jit::CacheIRStubKey, js::RuntimeAllocPolicy>::MapHashPolicy, js::RuntimeAllocPolicy>::prepareHash(js::jit::CacheIRStubKey::Lookup const&) obj-firefox/dist/include/js/HashTable.h:1205 5 mozglue.dll arena_dalloc_small memory/mozjemalloc/jemalloc.c:4609 6 mozglue.dll je_free memory/mozjemalloc/jemalloc.c:6479 7 xul.dll mozilla::Vector<RefPtr<js::PerformanceGroup>, 0, mozilla::MallocAllocPolicy>::growStorageBy(unsigned int) obj-firefox/dist/include/mozilla/Vector.h:948 8 xul.dll js::AutoStopwatch::addToGroup(JSRuntime*, unsigned __int64, unsigned __int64, js::PerformanceGroup*) js/src/vm/Stopwatch.cpp:389 9 @0x44e773 10 @0x2 11 xul.dll AutoGCIfRequested::~AutoGCIfRequested() js/src/vm/Interpreter.cpp:408 12 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:473 13 xul.dll InternalCall js/src/vm/Interpreter.cpp:497 14 xul.dll mozilla::dom::AutoJSAPI::ReportException() dom/base/ScriptSettings.cpp:615 crashes with this signature are appearing in crash stats data since firefox 45 and it looks related to the new code in bug 1222880. also, it's frequency is on rise with 49.0b1, where the signature is currently making up 0.14% of browser crashes.
Attached patch nullagrSplinter Review
Assignee: nobody → tnikkel
Attachment #8779899 - Flags: review?(matt.woodrow)
Attachment #8779899 - Flags: review?(matt.woodrow) → review+
Pushed by tnikkel@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/0bd27824832d Null check animated geometry root. r=mattwoodrow
Small crash volume, so, we won't take a fix in 48 as ride along. However, happy to take the fix in 49 (beta)
status-firefox48: affectedwontfix
https://hg.mozilla.org/mozilla-central/rev/0bd27824832d
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox51: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Hi :tnikkel, Since this bug is a regression and also affects 49/50, are you also considering to uplift this patch to 49/50?
Flags: needinfo?(tnikkel)
Comment on attachment 8779899 [details] [diff] [review] nullagr Approval Request Comment [Feature/regressing bug #]: bug 1222880 [User impact if declined]: crashes [Describe test coverage new/current, TreeHerder]: none, we don't have a testcase [Risks and why]: safe, it's a null check [String/UUID change made/needed]: none
Flags: needinfo?(tnikkel)
Attachment #8779899 - Flags: approval-mozilla-beta?
Attachment #8779899 - Flags: approval-mozilla-aurora?
Comment on attachment 8779899 [details] [diff] [review] nullagr Review of attachment 8779899 [details] [diff] [review]: ----------------------------------------------------------------- This patch fixes a crash. Take it in 49 beta and 50 aurora. Should be in 49 beta 5.
Attachment #8779899 - Flags: approval-mozilla-beta?
Attachment #8779899 - Flags: approval-mozilla-beta+
Attachment #8779899 - Flags: approval-mozilla-aurora?
Attachment #8779899 - Flags: approval-mozilla-aurora+
Crash volume for signature 'mozilla::ContainerState::GetLayerCreationHint': - nightly (version 51): 3 crashes from 2016-08-01. - aurora (version 50): 43 crashes from 2016-08-01. - beta (version 49): 391 crashes from 2016-08-02. - release (version 48): 7 crashes from 2016-07-25. - esr (version 45): 82 crashes from 2016-05-02. Crash volume on the last weeks (Week N is from 08-22 to 08-28): W. N-1 W. N-2 W. N-3 - nightly 0 0 3 - aurora 13 18 12 - beta 146 185 55 - release 2 3 1 - esr 12 3 8 Affected platform: Windows Crash rank on the last 7 days: Browser Content Plugin - nightly - aurora #632 - beta #287 - release #4990 - esr #918
status-firefox-esr45: --- → affected
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: