Closed Bug 1431474 Opened 2 years ago Closed 2 years ago

Crash in nsPresContext::CacheAllLangs

Categories

(Core :: CSS Parsing and Computation, defect, critical)

defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla60
Tracking Status
firefox-esr52 --- unaffected
firefox58 --- unaffected
firefox59 - disabled
firefox60 --- verified

People

(Reporter: marcia, Assigned: emilio)

References

(Depends on 1 open bug)

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(2 files)

This bug was filed from the Socorro interface and is
report bp-aea96381-d8e3-48ec-8459-a3cf60180118.
=============================================================

Seen while looking at nightly crash stats - started with 20180118100101: http://bit.ly/2DuBFOQ. Affects Fennec more than Firefox.

Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4e429d313fd2e0f9202271ee8f3fb798817ec3e7&tochange=0a543687fd36bc0dc4188c3d33d117b0a8174721

Bug 1428491 is in the range. ni on :emilio

Top 10 frames of crashing thread:

0 libxul.so nsPresContext::CacheAllLangs layout/base/nsPresContext.cpp:2024
1 libxul.so mozilla::ServoStyleSet::PreTraverse layout/style/ServoStyleSet.cpp:426
2 libxul.so mozilla::ServoStyleSet::StyleDocument layout/style/ServoStyleSet.cpp:947
3 libxul.so mozilla::ServoRestyleManager::DoProcessPendingRestyles layout/base/ServoRestyleManager.cpp:1139
4 libxul.so mozilla::PresShell::DoFlushPendingNotifications layout/base/PresShell.cpp:4229
5 libxul.so mozilla::AccessibleCaretManager::UpdateCarets layout/base/AccessibleCaretManager.cpp:220
6 libxul.so mozilla::AccessibleCaretManager::OnScrollEnd layout/base/AccessibleCaretManager.cpp:700
7 libxul.so mozilla::AccessibleCaretEventHub::PostScrollState::OnScrollEnd layout/base/AccessibleCaretEventHub.cpp:294
8 libxul.so nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:701
9 libxul.so nsTimerEvent::Run xpcom/threads/TimerThread.cpp:286

=============================================================
Flags: needinfo?(emilio)
Volume has increased since I filed this - we have about 700 crashes/400 installs for nsPresContext::CacheAllLangs, Firefox and Fennec.
Yeah, this looks like a null deref. It's definitely caused by bug 1428491... I'm looking into how it can happen.
Blocks: 1428491
Depends on: 1431852
Flags: needinfo?(emilio)
Assignee: nobody → emilio
This crash signature is ranked #1 in nightly top-crashers for FennecAndroid and #4 in nightly top-crashers for Firefox (content process).
Keywords: topcrash
Depends on: 1432017
Blocks: 1432017
No longer depends on: 1432017
This is the #1 topcrash for the Android nightly of 20180118134238.
OS: Android → All
Hardware: Unspecified → All
the underlying bug 1428491 has been backed out from 59 beta.
Comment on attachment 8944098 [details]
Bug 1431474: Make AccessibleCaretManager flush notifications through the document.

https://reviewboard.mozilla.org/r/214414/#review220742

r=me, but saying in the commit message _why_ the notifications should be flushed through the document is a good idea.
Attachment #8944098 - Flags: review?(bzbarsky) → review+
Comment on attachment 8944099 [details]
Bug 1431474: Try to assert nice things about what's going on on our flushes.

https://reviewboard.mozilla.org/r/214416/#review220744
Attachment #8944099 - Flags: review?(bzbarsky) → review+
Pushed by ecoal95@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/00ae6912038d
Make AccessibleCaretManager flush notifications through the document. r=bz
https://hg.mozilla.org/integration/autoland/rev/60d339bdf87e
Try to assert nice things about what's going on on our flushes. r=bz
https://hg.mozilla.org/mozilla-central/rev/00ae6912038d
https://hg.mozilla.org/mozilla-central/rev/60d339bdf87e
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Depends on: 1433045
No more crashes since the patches landed.
Status: RESOLVED → VERIFIED
Depends on: 1433671
You need to log in before you can comment on or make changes to this bug.