1516907 - Crash in SnowWhiteKiller::MaybeKillObject

Status: NEW

(Core :: XPCOM, defect)

Description

[Julian Seward [:jseward]]

This bug was filed from the Socorro interface and is
report bp-879edf05-c294-400c-88dc-b160b0181228.
=============================================================

This occurred in two different installations of 
the Android nightly 20181227092648.

Top 10 frames of crashing thread:

0 libxul.so SnowWhiteKiller::MaybeKillObject xpcom/base/nsCycleCollector.cpp:2426
1 libxul.so SnowWhiteKiller::Visit xpcom/base/nsCycleCollector.cpp:2457
2 libxul.so void nsPurpleBuffer::VisitEntries<SnowWhiteKiller> xpcom/base/nsCycleCollector.cpp:956
3 libxul.so nsCycleCollector::FreeSnowWhiteWithBudget xpcom/base/nsCycleCollector.cpp:2622
4 libxul.so AsyncFreeSnowWhite::Run js/xpconnect/src/XPCJSRuntime.cpp:141
5 libxul.so IdleRunnableWrapper::Run xpcom/threads/nsThreadUtils.cpp:317
6 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1157
7 libxul.so NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:468
8 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:88
9 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:314

=============================================================

Comment 1

[Andrew McCreight [:mccr8]]

I don't know what is happening here. I feel like we've had similar crashes before, so maybe this is a signature change, but I can't find any similar bugs. It looks like it might be a null deref crash in aObject.mParticipant.

Comment 2

[Andrew McCreight [:mccr8]]

Maybe this is a variant of bug 1540166, which had a patch land recently.

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.