Crash in nsWrapperCache::GetWrapperPreserveColor

REOPENED
Unassigned

Status

()

P3
critical
REOPENED
2 years ago
24 days ago

People

(Reporter: philipp, Unassigned)

Tracking

({crash, regression})

55 Branch
crash, regression
Points:
---

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox-esr60 affected, firefox55 wontfix, firefox56 wontfix, firefox57 wontfix, firefox64 wontfix, firefox65 wontfix, firefox66 fix-optional)

Details

(crash signature)

(Reporter)

Description

2 years ago
This bug was filed from the Socorro interface and is 
report bp-a91512d7-5c58-4e22-96a9-e65300170811.
=============================================================
Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	xul.dll 	nsWrapperCache::GetWrapperPreserveColor() 	dom/base/nsWrapperCacheInlines.h:18
1 	xul.dll 	NeedsScriptTraverse 	dom/base/FragmentOrElement.cpp:511
2 	xul.dll 	mozilla::dom::FragmentOrElement::CanSkipInCC(nsINode*) 	dom/base/FragmentOrElement.cpp:1720
3 	xul.dll 	nsGenericDOMDataNode::cycleCollection::CanSkipInCCReal(void*) 	dom/base/nsGenericDOMDataNode.cpp:84
4 	xul.dll 	nsCycleCollectionParticipant::CanSkipInCC(void*) 	xpcom/base/nsCycleCollectionParticipant.h:195
5 	xul.dll 	CCGraphBuilder::AddPurpleRoot(void*, nsCycleCollectionParticipant*) 	xpcom/base/nsCycleCollector.cpp:2234
6 	xul.dll 	SelectPointersVisitor::Visit(nsPurpleBuffer&, nsPurpleBufferEntry*) 	xpcom/base/nsCycleCollector.cpp:1184
7 	xul.dll 	nsPurpleBuffer::VisitEntries<SelectPointersVisitor>(SelectPointersVisitor&) 	xpcom/base/nsCycleCollector.cpp:1071
8 	xul.dll 	nsCycleCollector::BeginCollection(ccType, nsICycleCollectorListener*) 	xpcom/base/nsCycleCollector.cpp:3884
9 	xul.dll 	nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) 	xpcom/base/nsCycleCollector.cpp:3671
10 	xul.dll 	nsCycleCollector_collectSlice(js::SliceBudget&, bool) 	xpcom/base/nsCycleCollector.cpp:4223
11 	xul.dll 	nsJSContext::RunCycleCollectorSlice(mozilla::TimeStamp) 	dom/base/nsJSEnvironment.cpp:1727
12 	xul.dll 	CCRunnerFired 	dom/base/nsJSEnvironment.cpp:2108
13 	xul.dll 	CollectorRunner::Run() 	dom/base/nsJSEnvironment.cpp:260
14 	xul.dll 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp:1446
15 	xul.dll 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp:97
16 	xul.dll 	mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp:302
17 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/message_loop.cc:319
18 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc:299
19 	xul.dll 	nsBaseAppShell::Run() 	widget/nsBaseAppShell.cpp:156
20 	xul.dll 	nsAppShell::Run() 	widget/windows/nsAppShell.cpp:278
21 	xul.dll 	XRE_RunAppShell() 	toolkit/xre/nsEmbedFunctions.cpp:882
22 	xul.dll 	mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp:270
23 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/message_loop.cc:319
24 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc:299
25 	xul.dll 	XRE_InitChildProcess(int, char** const, XREChildData const*) 	toolkit/xre/nsEmbedFunctions.cpp:699
26 	xul.dll 	mozilla::BootstrapImpl::XRE_InitChildProcess(int, char** const, XREChildData const*) 	toolkit/xre/Bootstrap.cpp:65
27 	firefox.exe 	content_process_main(mozilla::Bootstrap*, int, char** const) 	ipc/contentproc/plugin-container.cpp:64
28 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:115
29 	firefox.exe 	__scrt_common_main_seh 	f:/dd/vctools/crt/vcstartup/src/startup/exe_common.inl:253
30 	kernel32.dll 	BaseThreadInitThunk 	
31 	ntdll.dll 	__RtlUserThreadStart 	
32 	ntdll.dll 	_RtlUserThreadStart

crashes with this signature are regressing in pre-release versions since version 55, but are generally rather low volume so far.
status-firefox55: affected → wontfix
status-firefox56: affected → fix-optional
status-firefox57: affected → fix-optional
Priority: -- → P3
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → WONTFIX
There are still some crashes so reopen it.
Status: RESOLVED → REOPENED
status-firefox56: fix-optional → wontfix
status-firefox57: fix-optional → wontfix
status-firefox64: --- → affected
status-firefox65: --- → affected
status-firefox-esr60: --- → affected
Resolution: WONTFIX → ---
status-firefox64: affected → wontfix
Component: JavaScript: GC → XPCOM
status-firefox65: affected → wontfix
status-firefox66: --- → affected

Happy to take a patch in nightly 67, or potentially, in beta 66 for this.
I'm marking it fix-optional to remove it from weekly regression triage, since it has a priority assigned.

status-firefox66: affected → fix-optional

mccr8, do you know why this might be showing up? Bonus points if you can why all the crashes are on Fennec and not on desktop.

Flags: needinfo?(continuation)

(In reply to Nathan Froyd [:froydnj] from comment #4)

mccr8, do you know why this might be showing up? Bonus points if you can why all the crashes are on Fennec and not on desktop.

There's not a ton of commonality to these crashes that I can see. Probably just the first place we're touching some mangled DOM objects.

My guess for why these are on Fennec would be that this method is probably inlined with PGO, and we weren't PGOing Android in 64?

Component: XPCOM → DOM
Flags: needinfo?(continuation)
You need to log in before you can comment on or make changes to this bug.