Crash in nsWrapperCache::GetWrapperPreserveColor
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox-esr60 | --- | affected |
firefox55 | --- | wontfix |
firefox56 | --- | wontfix |
firefox57 | --- | wontfix |
firefox64 | --- | wontfix |
firefox65 | --- | wontfix |
firefox66 | --- | fix-optional |
People
(Reporter: philipp, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
This bug was filed from the Socorro interface and is report bp-a91512d7-5c58-4e22-96a9-e65300170811. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll nsWrapperCache::GetWrapperPreserveColor() dom/base/nsWrapperCacheInlines.h:18 1 xul.dll NeedsScriptTraverse dom/base/FragmentOrElement.cpp:511 2 xul.dll mozilla::dom::FragmentOrElement::CanSkipInCC(nsINode*) dom/base/FragmentOrElement.cpp:1720 3 xul.dll nsGenericDOMDataNode::cycleCollection::CanSkipInCCReal(void*) dom/base/nsGenericDOMDataNode.cpp:84 4 xul.dll nsCycleCollectionParticipant::CanSkipInCC(void*) xpcom/base/nsCycleCollectionParticipant.h:195 5 xul.dll CCGraphBuilder::AddPurpleRoot(void*, nsCycleCollectionParticipant*) xpcom/base/nsCycleCollector.cpp:2234 6 xul.dll SelectPointersVisitor::Visit(nsPurpleBuffer&, nsPurpleBufferEntry*) xpcom/base/nsCycleCollector.cpp:1184 7 xul.dll nsPurpleBuffer::VisitEntries<SelectPointersVisitor>(SelectPointersVisitor&) xpcom/base/nsCycleCollector.cpp:1071 8 xul.dll nsCycleCollector::BeginCollection(ccType, nsICycleCollectorListener*) xpcom/base/nsCycleCollector.cpp:3884 9 xul.dll nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) xpcom/base/nsCycleCollector.cpp:3671 10 xul.dll nsCycleCollector_collectSlice(js::SliceBudget&, bool) xpcom/base/nsCycleCollector.cpp:4223 11 xul.dll nsJSContext::RunCycleCollectorSlice(mozilla::TimeStamp) dom/base/nsJSEnvironment.cpp:1727 12 xul.dll CCRunnerFired dom/base/nsJSEnvironment.cpp:2108 13 xul.dll CollectorRunner::Run() dom/base/nsJSEnvironment.cpp:260 14 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1446 15 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:97 16 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:302 17 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:319 18 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:299 19 xul.dll nsBaseAppShell::Run() widget/nsBaseAppShell.cpp:156 20 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp:278 21 xul.dll XRE_RunAppShell() toolkit/xre/nsEmbedFunctions.cpp:882 22 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:270 23 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:319 24 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:299 25 xul.dll XRE_InitChildProcess(int, char** const, XREChildData const*) toolkit/xre/nsEmbedFunctions.cpp:699 26 xul.dll mozilla::BootstrapImpl::XRE_InitChildProcess(int, char** const, XREChildData const*) toolkit/xre/Bootstrap.cpp:65 27 firefox.exe content_process_main(mozilla::Bootstrap*, int, char** const) ipc/contentproc/plugin-container.cpp:64 28 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:115 29 firefox.exe __scrt_common_main_seh f:/dd/vctools/crt/vcstartup/src/startup/exe_common.inl:253 30 kernel32.dll BaseThreadInitThunk 31 ntdll.dll __RtlUserThreadStart 32 ntdll.dll _RtlUserThreadStart crashes with this signature are regressing in pre-release versions since version 55, but are generally rather low volume so far.
Updated•7 years ago
|
Updated•7 years ago
|
Comment 1•5 years ago
|
||
Closing because no crashes reported for 12 weeks.
Comment 2•5 years ago
|
||
There are still some crashes so reopen it.
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 3•5 years ago
|
||
Happy to take a patch in nightly 67, or potentially, in beta 66 for this.
I'm marking it fix-optional to remove it from weekly regression triage, since it has a priority assigned.
Comment 4•5 years ago
|
||
mccr8, do you know why this might be showing up? Bonus points if you can why all the crashes are on Fennec and not on desktop.
Comment 5•5 years ago
•
|
||
(In reply to Nathan Froyd [:froydnj] from comment #4)
mccr8, do you know why this might be showing up? Bonus points if you can why all the crashes are on Fennec and not on desktop.
There's not a ton of commonality to these crashes that I can see. Probably just the first place we're touching some mangled DOM objects.
My guess for why these are on Fennec would be that this method is probably inlined with PGO, and we weren't PGOing Android in 64?
Assignee | ||
Updated•5 years ago
|
Comment 6•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3
. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Description
•