Closed
Bug 1342556
Opened 7 years ago
Closed 7 years ago
Crash in PLDHashTable::Add | TraversalTracer::onChild
Categories
(Core :: XPCOM, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 1296631
People
(Reporter: philipp, Unassigned)
References
Details
(4 keywords)
Crash Data
This bug was filed from the Socorro interface and is report bp-f43fdfee-296b-4c17-90f1-1d3992170224. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll PLDHashTable::Add(void const*, mozilla::fallible_t const&) xpcom/glue/PLDHashTable.cpp:571 1 xul.dll TraversalTracer::onChild(JS::GCCellPtr const&) xpcom/base/CycleCollectedJSContext.cpp:358 2 xul.dll JS::CallbackTracer::onObjectEdge(JSObject**) obj-firefox/dist/include/js/TracingAPI.h:142 3 xul.dll DispatchToTracer<JSObject*>(JSTracer*, JSObject**, char const*) js/src/gc/Marking.cpp:676 4 xul.dll mozilla::JSGCThingParticipant::Traverse(void*, nsCycleCollectionTraversalCallback&) xpcom/base/CycleCollectedJSContext.cpp:305 5 xul.dll CCGraphBuilder::BuildGraph(js::SliceBudget&) xpcom/base/nsCycleCollector.cpp:2279 6 xul.dll nsCycleCollector::MarkRoots(js::SliceBudget&) xpcom/base/nsCycleCollector.cpp:2871 7 xul.dll nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) xpcom/base/nsCycleCollector.cpp:3645 8 xul.dll nsCycleCollector_collect(nsICycleCollectorListener*) xpcom/base/nsCycleCollector.cpp:4133 this crash signature was around for a while already, but it first jumped up in the 48 release - 49 was curiously not affected but the signature returned in 50 and 51 with an increasing frequency. it happens across all versions of windows but user comments don't paint a clear picture what may be triggering this. some correlations for Firefox Beta: (96.12% in signature vs 09.76% overall) address = 0x0 (51.16% in signature vs 18.83% overall) "EGL+" in app_notes = true [92.31% vs 07.71% if process_type = null] (100.0% in signature vs 29.26% overall) is_garbage_collecting = null (100.0% in signature vs 33.85% overall) reason = EXCEPTION_ACCESS_VIOLATION_READ (74.42% in signature vs 33.21% overall) ipc_message_name = null (36.43% in signature vs 06.30% overall) contains_memory_report = 1 (31.01% in signature vs 04.24% overall) GFX_ERROR "Failed 2 buffer db=" = true [24.47% vs 04.28% if startup_crash = 0]
Updated•7 years ago
|
Component: DOM → XPCOM
Comment 1•7 years ago
|
||
This could be an OOM while trying to grow the table.
Comment 2•7 years ago
|
||
Too late for firefox 52, mass-wontfix.
Reporter | ||
Comment 3•7 years ago
|
||
this is the #9 browser crash on 54 release accounting for 1% of all browser crashes.
status-firefox55:
--- → affected
status-firefox56:
--- → affected
status-firefox-esr52:
--- → affected
tracking-firefox55:
--- → ?
Keywords: topcrash,
topcrash-win
Comment 4•7 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #1) > This could be an OOM while trying to grow the table. This seems unlikely. Consider https://crash-stats.mozilla.com/report/index/4d25a44e-a0b6-4c91-9b2e-0e3430170722 (crash in Firefox 54) for instance: the associated line 571 is: https://hg.mozilla.org/releases/mozilla-release/annotate/90f18f9c15f7/xpcom/ds/PLDHashTable.cpp#l571 which has nothing to do with memory allocation; we're just searching through the table. Crashes on 52esr and 53 point at the same line as well. I'm not sure what would be dealing with nullptr at that point...Thoughts?
Flags: needinfo?(continuation)
Priority: -- → P1
Comment 5•7 years ago
|
||
I don't know what the hashtable is doing here, or why it would have null. We do get the occasional weird hashtable crash in the CC.
Flags: needinfo?(continuation)
Reporter | ||
Updated•7 years ago
|
Crash Signature: [@ PLDHashTable::Add | TraversalTracer::onChild] → [@ PLDHashTable::Add | TraversalTracer::onChild]
[@ PLDHashTable::Add | js::DispatchTyped<T>]
Comment 6•7 years ago
|
||
Too late for 55 but tracking for 56 as the volume is pretty high.
This is a P1 bug without an assignee. P1 are bugs which are being worked on for the current release cycle/iteration/sprint. If the bug is not assigned by Monday, 28 August, the bug's priority will be reset to '--'.
Keywords: stale-bug
Updated•7 years ago
|
Crash Signature: [@ PLDHashTable::Add | TraversalTracer::onChild]
[@ PLDHashTable::Add | js::DispatchTyped<T>] → [@ PLDHashTable::Add | TraversalTracer::onChild]
[@ PLDHashTable::Add | js::DispatchTyped<T>] [@ PtrToNodeMatchEntry ]
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•7 years ago
|
status-firefox57:
--- → affected
Comment 10•7 years ago
|
||
Marking this as fix optional/wontfix since we are tracking it in the duplicate bug.
Comment 12•6 years ago
|
||
Signature report for PLDHashTable::Add | TraversalTracer::onChild Showing results from 7 days ago Firefox 60.0a1 12 1.0% 16 Firefox 59.0b6 7 0.6% 6 Firefox 59.0b5 33 2.8% 24 Firefox 59.0b4 26 2.2% 34 Firefox 59.0b3 8 0.7% 6 Firefox 58.0b99 4 0.3% 5 Firefox 58.0b16 3 0.3% 3 Firefox 58.0b14 3 0.3% 3 Firefox 58.0 79 6.8% 67 Firefox 57.0b4 1 0.1% 1 Firefox 57.0.4 36 3.1% 35 Firefox 57.0.2 1 0.1% 1
status-firefox58:
--- → affected
status-firefox59:
--- → affected
status-firefox60:
--- → affected
Keywords: nightly-community
You need to log in
before you can comment on or make changes to this bug.
Description
•