Open Bug 1516907 Opened 1 year ago Updated 1 year ago

Crash in SnowWhiteKiller::MaybeKillObject

Categories

(Core :: XPCOM, defect, critical)

Unspecified
Android
defect
Not set
critical

Tracking

()

Tracking Status
firefox66 --- affected
firefox67 --- affected
firefox68 --- affected

People

(Reporter: jseward, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is
report bp-879edf05-c294-400c-88dc-b160b0181228.
=============================================================

This occurred in two different installations of 
the Android nightly 20181227092648.

Top 10 frames of crashing thread:

0 libxul.so SnowWhiteKiller::MaybeKillObject xpcom/base/nsCycleCollector.cpp:2426
1 libxul.so SnowWhiteKiller::Visit xpcom/base/nsCycleCollector.cpp:2457
2 libxul.so void nsPurpleBuffer::VisitEntries<SnowWhiteKiller> xpcom/base/nsCycleCollector.cpp:956
3 libxul.so nsCycleCollector::FreeSnowWhiteWithBudget xpcom/base/nsCycleCollector.cpp:2622
4 libxul.so AsyncFreeSnowWhite::Run js/xpconnect/src/XPCJSRuntime.cpp:141
5 libxul.so IdleRunnableWrapper::Run xpcom/threads/nsThreadUtils.cpp:317
6 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1157
7 libxul.so NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:468
8 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:88
9 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:314

=============================================================
Flags: needinfo?(continuation)
I don't know what is happening here. I feel like we've had similar crashes before, so maybe this is a signature change, but I can't find any similar bugs. It looks like it might be a null deref crash in aObject.mParticipant.
Flags: needinfo?(continuation)

Maybe this is a variant of bug 1540166, which had a patch land recently.

Depends on: 1540166
You need to log in before you can comment on or make changes to this bug.