Open Bug 1798957 Opened 2 years ago Updated 2 years ago

High CPU and memory consumption with Selection::Stringify using SVG animation

Categories

(Core :: DOM: Serializers, defect)

defect

Tracking

()

Tracking Status
firefox106 --- wontfix
firefox107 --- affected
firefox108 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: csectype-oom, testcase)

Attachments

(1 file)

Attached file testcase.html

Found while fuzzing m-c 20221101-f8dff2edfe1b (--enable-address-sanitizer --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -a --fuzzing -n firefox
$ ASAN_OPTIONS=hard_rss_limit_mb=6144 python -m grizzly.replay ./firefox/firefox testcase.html

NOTE: Set a reasonable memory limit via ASAN_OPTIONS=hard_rss_limit_mb=# to avoid system OOMs.

When the test case is opened high CPU usage and memory consumption is triggered, leading to an OOM.

This might not be a bug but it may highlight an area that could benefit from optimization. The test case may be magnifying an issue that would otherwise go unnoticed in many cases. Addressing this would help make the browser more fuzzing friendly.

This test case does not trigger increased memory consumption on Chrome.

The heap profile was collected when the memory limit was reached.

HEAP PROFILE at RSS 8216Mb
Live Heap Allocations: 5512616374 bytes in 4978390 chunks; quarantined: 182496984 bytes in 2506899 chunks; 37544 other chunks; total chunks: 7522833; showing top 90% (at most 20 unique contexts)
2446068000 byte(s) (44%) in 611517 allocation(s)
    #0 0x5567bf963c7e in malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x5567bf9a87e5 in moz_xmalloc /builds/worker/checkouts/gecko/memory/mozalloc/mozalloc.cpp:52:15
    #2 0x7f849a6aa581 in operator new[] /builds/worker/workspace/obj-build/dist/include/mozilla/cxxalloc.h:42:10
    #3 0x7f849a6aa581 in nsPlainTextSerializer::nsPlainTextSerializer() /builds/worker/checkouts/gecko/dom/serializers/nsPlainTextSerializer.cpp:273:15
    #4 0x7f849a6a7de6 in NS_NewPlainTextSerializer(nsIContentSerializer**) /builds/worker/checkouts/gecko/dom/serializers/nsPlainTextSerializer.cpp:84:42
    #5 0x7f849b972259 in CreatePlainTextSerializer(nsID const&, void**) /builds/worker/checkouts/gecko/layout/build/nsLayoutModule.cpp:167:1
    #6 0x7f8491e5ed36 in mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsID const&, void**) /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:11162:27
    #7 0x7f8491e96606 in nsComponentManagerImpl::CreateInstanceByContractID(char const*, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:840:19
    #8 0x7f8491e9dd56 in CallCreateInstance /builds/worker/checkouts/gecko/xpcom/components/nsComponentManagerUtils.cpp:128:43
    #9 0x7f8491e9dd56 in nsCreateInstanceByContractID::operator()(nsID const&, void**) const /builds/worker/checkouts/gecko/xpcom/components/nsComponentManagerUtils.cpp:169:21
    #10 0x7f8491cf8471 in nsCOMPtr_base::assign_from_helper(nsCOMPtr_helper const&, nsID const&) /builds/worker/checkouts/gecko/xpcom/base/nsCOMPtr.cpp:109:7
    #11 0x7f849a69a425 in operator= /builds/worker/workspace/obj-build/dist/include/nsCOMPtr.h:787:5
    #12 0x7f849a69a425 in nsDocumentEncoder::EncodeToStringWithMaxLength(unsigned int, nsTSubstring<char16_t>&) /builds/worker/checkouts/gecko/dom/serializers/nsDocumentEncoder.cpp:1384:17
    #13 0x7f84953c17e7 in mozilla::dom::Selection::ToStringWithFormat(nsTSubstring<char16_t> const&, unsigned int, int, nsTSubstring<char16_t>&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/Selection.cpp:377:17
    #14 0x7f84953c11fd in mozilla::dom::Selection::Stringify(nsTSubstring<char16_t>&, mozilla::dom::Selection::FlushFrames) /builds/worker/checkouts/gecko/dom/base/Selection.cpp:339:3
    #15 0x7f8496425fdb in mozilla::dom::Selection_Binding::__stringifier(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/SelectionBinding.cpp:1064:24
    #16 0x2aa8672c3f45  (<unknown module>)
    #17 0x2aa8672a14ed  (<unknown module>)
    #18 0x7f84a169a1b1 in EnterJit(JSContext*, js::RunState&, unsigned char*) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:107:5
    #19 0x7f84a00b1e2e in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:421:32
    #20 0x7f84a00de0d5 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:579:13
    #21 0x7f84a00dfc5e in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:614:10
    #22 0x7f84a00dfc5e in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646:8
    #23 0x7f84a0485d7a in PromiseResolveThenableJob(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/builtin/Promise.cpp:2315:7
    #24 0x7f84a00ddfb3 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:459:13
    #25 0x7f84a00ddfb3 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:547:12
    #26 0x7f84a00dfc5e in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:614:10
    #27 0x7f84a00dfc5e in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646:8
    #28 0x7f84a01e7c85 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10
    #29 0x7f8495fab6fc in mozilla::dom::PromiseJobCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/PromiseBinding.cpp:83:8
    #30 0x7f8491cd06e7 in Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:198:12
    #31 0x7f8491cd06e7 in Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:211:12
    #32 0x7f8491cd06e7 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:213:18
    #33 0x7f8491cb0d57 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:676:17
    #34 0x7f849b06d695 in LeaveMicroTask /builds/worker/workspace/obj-build/dist/include/mozilla/CycleCollectedJSContext.h:246:7
    #35 0x7f849b06d695 in ~nsAutoMicroTask /builds/worker/workspace/obj-build/dist/include/mozilla/CycleCollectedJSContext.h:397:13
    #36 0x7f849b06d695 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2546:5
    #37 0x7f849b07bd57 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:375:13
    #38 0x7f849b07bd57 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:353:7
    #39 0x7f849b07babd in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:369:5
    #40 0x7f849b07b845 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:913:5

1257281008 byte(s) (22%) in 611518 allocation(s)
    #0 0x5567bf963c7e in malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x7f8491c4ca9d in nsStringBuffer::Alloc(unsigned long) /builds/worker/checkouts/gecko/xpcom/string/nsStringBuffer.cpp:68:42
    #2 0x7f849a69a154 in nsDocumentEncoder::EncodeToStringWithMaxLength(unsigned int, nsTSubstring<char16_t>&) /builds/worker/checkouts/gecko/dom/serializers/nsDocumentEncoder.cpp:1367:21
    #3 0x7f84953c17e7 in mozilla::dom::Selection::ToStringWithFormat(nsTSubstring<char16_t> const&, unsigned int, int, nsTSubstring<char16_t>&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/Selection.cpp:377:17
    #4 0x7f84953c11fd in mozilla::dom::Selection::Stringify(nsTSubstring<char16_t>&, mozilla::dom::Selection::FlushFrames) /builds/worker/checkouts/gecko/dom/base/Selection.cpp:339:3
    #5 0x7f8496425fdb in mozilla::dom::Selection_Binding::__stringifier(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/SelectionBinding.cpp:1064:24
    #6 0x2aa8672c3f45  (<unknown module>)
    #7 0x2aa8672a14ed  (<unknown module>)
    #8 0x7f84a169a1b1 in EnterJit(JSContext*, js::RunState&, unsigned char*) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:107:5
    #9 0x7f84a00b1e2e in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:421:32
    #10 0x7f84a00de0d5 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:579:13
    #11 0x7f84a00dfc5e in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:614:10
    #12 0x7f84a00dfc5e in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646:8
    #13 0x7f84a0485d7a in PromiseResolveThenableJob(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/builtin/Promise.cpp:2315:7
    #14 0x7f84a00ddfb3 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:459:13
    #15 0x7f84a00ddfb3 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:547:12
    #16 0x7f84a00dfc5e in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:614:10
    #17 0x7f84a00dfc5e in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646:8
    #18 0x7f84a01e7c85 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10
    #19 0x7f8495fab6fc in mozilla::dom::PromiseJobCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/PromiseBinding.cpp:83:8
    #20 0x7f8491cd06e7 in Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:198:12
    #21 0x7f8491cd06e7 in Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:211:12
    #22 0x7f8491cd06e7 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:213:18
    #23 0x7f8491cb0d57 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:676:17
    #24 0x7f849b06d695 in LeaveMicroTask /builds/worker/workspace/obj-build/dist/include/mozilla/CycleCollectedJSContext.h:246:7
    #25 0x7f849b06d695 in ~nsAutoMicroTask /builds/worker/workspace/obj-build/dist/include/mozilla/CycleCollectedJSContext.h:397:13
    #26 0x7f849b06d695 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2546:5
    #27 0x7f849b07bd57 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:375:13
    #28 0x7f849b07bd57 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:353:7
    #29 0x7f849b07babd in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:369:5
    #30 0x7f849b07b845 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:913:5
    #31 0x7f849b07aa9f in mozilla::VsyncRefreshDriverTimer::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:827:5
    #32 0x7f849b079ccc in mozilla::VsyncRefreshDriverTimer::NotifyVsyncOnMainThread(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:748:5
    #33 0x7f849b0794e9 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:594:14
    #34 0x7f849b079094 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:551:9
    #35 0x7f8499c4390d in mozilla::dom::VsyncMainChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncMainChild.cpp:68:15
    #36 0x7f849a0aca02 in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:220:78
    #37 0x7f849376954b in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6267:32

826772336 byte(s) (14%) in 611518 allocation(s)
    #0 0x5567bf963c7e in malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x5567bf9a87e5 in moz_xmalloc /builds/worker/checkouts/gecko/memory/mozalloc/mozalloc.cpp:52:15
    #2 0x7f849a69b67e in operator new /builds/worker/workspace/obj-build/dist/include/mozilla/cxxalloc.h:33:10
    #3 0x7f849a69b67e in do_createDocumentEncoder(char const*) /builds/worker/checkouts/gecko/dom/serializers/nsDocumentEncoder.cpp:1486:22
    #4 0x7f84953c14f2 in mozilla::dom::Selection::ToStringWithFormat(nsTSubstring<char16_t> const&, unsigned int, int, nsTSubstring<char16_t>&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/Selection.cpp:350:7
    #5 0x7f84953c11fd in mozilla::dom::Selection::Stringify(nsTSubstring<char16_t>&, mozilla::dom::Selection::FlushFrames) /builds/worker/checkouts/gecko/dom/base/Selection.cpp:339:3
    #6 0x7f8496425fdb in mozilla::dom::Selection_Binding::__stringifier(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/SelectionBinding.cpp:1064:24
    #7 0x2aa8672c3f45  (<unknown module>)
    #8 0x2aa8672a14ed  (<unknown module>)
    #9 0x7f84a169a1b1 in EnterJit(JSContext*, js::RunState&, unsigned char*) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:107:5
    #10 0x7f84a00b1e2e in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:421:32
    #11 0x7f84a00de0d5 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:579:13
    #12 0x7f84a00dfc5e in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:614:10
    #13 0x7f84a00dfc5e in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646:8
    #14 0x7f84a0485d7a in PromiseResolveThenableJob(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/builtin/Promise.cpp:2315:7
    #15 0x7f84a00ddfb3 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:459:13
    #16 0x7f84a00ddfb3 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:547:12
    #17 0x7f84a00dfc5e in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:614:10
    #18 0x7f84a00dfc5e in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646:8
    #19 0x7f84a01e7c85 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10
    #20 0x7f8495fab6fc in mozilla::dom::PromiseJobCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/PromiseBinding.cpp:83:8
    #21 0x7f8491cd06e7 in Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:198:12
    #22 0x7f8491cd06e7 in Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:211:12
    #23 0x7f8491cd06e7 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:213:18
    #24 0x7f8491cb0d57 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:676:17
    #25 0x7f849b06d695 in LeaveMicroTask /builds/worker/workspace/obj-build/dist/include/mozilla/CycleCollectedJSContext.h:246:7
    #26 0x7f849b06d695 in ~nsAutoMicroTask /builds/worker/workspace/obj-build/dist/include/mozilla/CycleCollectedJSContext.h:397:13
    #27 0x7f849b06d695 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2546:5
    #28 0x7f849b07bd57 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:375:13
    #29 0x7f849b07bd57 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:353:7
    #30 0x7f849b07babd in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:369:5
    #31 0x7f849b07b845 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:913:5
    #32 0x7f849b07aa9f in mozilla::VsyncRefreshDriverTimer::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:827:5
    #33 0x7f849b079ccc in mozilla::VsyncRefreshDriverTimer::NotifyVsyncOnMainThread(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:748:5
    #34 0x7f849b0794e9 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:594:14
    #35 0x7f849b079094 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:551:9
    #36 0x7f8499c4390d in mozilla::dom::VsyncMainChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncMainChild.cpp:68:15
    #37 0x7f849a0aca02 in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:220:78
    #38 0x7f849376954b in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6267:32
Flags: in-testsuite?
Summary: High CPU and memory consumption → High CPU and memory consumption with Selection::Stringify using SVG animation
Severity: -- → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: