Closed
Bug 561277
Opened 14 years ago
Closed 6 years ago
Firefox Crash @ nsGenericElement::UnbindFromTree
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
blocking2.0 | --- | - |
People
(Reporter: chofmann, Unassigned)
References
Details
(Keywords: crash)
Crash Data
spotted while digging for 3.6.4 crashes, but looks like it has been around for a while. maybe some code inspection can figure out what's going in with these.
http://crash-stats.mozilla.com/report/index/43813bda-ee3d-445b-b857-080a92100422
Frame Module Signature [Expand] Source
0 xul.dll nsGenericElement::UnbindFromTree content/base/src/nsGenericElement.cpp:2725
1 xul.dll nsGenericDOMDataNode::UnbindFromTree content/base/src/nsGenericDOMDataNode.cpp:609
2 xul.dll nsGenericElement::UnbindFromTree content/base/src/nsGenericElement.cpp:2725
3 xul.dll nsXULElement::UnbindFromTree content/xul/content/src/nsXULElement.cpp:913
4 xul.dll nsXULElement::UnbindFromTree content/xul/content/src/nsXULElement.cpp:913
5 xul.dll nsCOMPtr_base::assign_from_qi obj-firefox/xpcom/build/nsCOMPtr.cpp:98
6 xul.dll nsXBLBinding::ChangeDocument content/xbl/src/nsXBLBinding.cpp:1184
7 xul.dll nsSubDocumentFrame::`scalar deleting destructor'
8 xul.dll nsINode::GetFlags obj-firefox/dist/include/nsINode.h:736
9 xul.dll nsGenericElement::DestroyContent content/base/src/nsGenericElement.cpp:3450
...
... repeated frames like 9 seen in 10-38
...
39 xul.dll nsGenericElement::DestroyContent content/base/src/nsGenericElement.cpp:3461
40 xul.dll nsDocument::Destroy content/base/src/nsDocument.cpp:6920
41 xul.dll DocumentViewerImpl::Destroy layout/base/nsDocumentViewer.cpp:1578
42 xul.dll DocumentViewerImpl::Show layout/base/nsDocumentViewer.cpp:1918
43 xul.dll nsPresContext::EnsureVisible layout/base/nsPresContext.cpp:1588
44 xul.dll PresShell::UnsuppressAndInvalidate layout/base/nsPresShell.cpp:4647
45 xul.dll PresShell::ProcessReflowCommands layout/base/nsPresShell.cpp:7470
46 xul.dll PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:4910
47 xul.dll PresShell::ReflowEvent::Run layout/base/nsPresShell.cpp:7099
48 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:527
49 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:118
50 xul.dll xul.dll@0x9a4307
51 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:199
52 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:2199
53 xul.dll xul.dll@0x307d13
54 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:173
55 nspr4.dll _PR_MD_CLEAN_THREAD nsprpub/pr/src/md/windows/w95thred.c:21
more at
http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=nsGenericElement%3A%3AUnbindFromTree%28int%2C%20int%29&version=Firefox%3A3.6.4
possible related signature list
42 nsGenericElement::UnbindFromTree(int, int)
4 nsCOMPtr_base::assign_with_AddRef(nsISupports*) | nsGenericElement::UnbindFromTree(int, int)
1 _purecall | nsGenericElement::UnbindFromTree(int, int)
Correlation to releases
checking --- nsGenericElement::UnbindFromTree.int 20100421-crashdata.csv
found in: 3.6.3 3.5.9 3.6.4 3.6.3plugin1 3.6 3.5.6 3.5.4 3.0.8 3.0.19
release total-crashes
nsGenericElement::UnbindFromTree.int crashes
pct.
all 383147 47 0.000122668
3.6.3 257898 32 0.00012408
3.5.9 34290 6 0.000174978
3.6.4 16781 3 0.000178774
3.6.3plugin1 397 1 0.00251889
3.6 17989 1 5.55895e-05
3.5.6 1028 1 0.000972763
3.5.4 1294 1 0.000772798
3.0.8 644 1 0.0015528
3.0.19 11658 1 8.5778e-05
os breakdown
nsGenericElement::UnbindFromTree.intTotal 42
Win5.1 0.79
Win6.0 0.07
Win6.1 0.12
1 https://finanzportal.fiducia.de/ebpp01/entry?rzid=XC&rzbk=1814
1 https://connect.delta.com/f5-w-687474703a2f2f69637265772e64656c74612e636f6d3a3130303830$$/icrew.html
1 http://www.webtvenvivo.com/
1 http://www.tvn24.pl/
1 http://www.qvc.com/qic/qvcapp.aspx/app.detail/params.item.tsv!.tpl.tsv.cm_scid.TSV?cm_re=PROMOTIONS-_-TSV-_-TSV,TSV&cm_sp=TSV-_-HP-_-IMAGE
1 http://www.prosieben.de/video/
1 http://www.orkut.com/Logout?msg=0&hl=pt-BR
1 http://www.orkut.com.br/Main#Home
1 http://www.orkut.co.in/Main#Home
1 http://www.myz99.com/what_song_was_that/view/
Reporter | ||
Updated•14 years ago
|
Updated•14 years ago
|
blocking2.0: --- → ?
Comment 1•14 years ago
|
||
In trunk, since JM merge on 09/12/2010, the crash daily rate has increased from 1 crash/day to 5-21 crashes/day
Reporter | ||
Comment 2•14 years ago
|
||
not much interesting in recent urls.
domains of sites
12 http://www.facebook.com photos, profiles, home
5 \N//
3 http://www.youtube.com
1 http://www.youtube.com/watch?v=ugNQ5uIN09Q
1 http://www.youtube.com/watch?v=twuzFIUdOd0&feature=related
1 http://www.youtube.com/watch?v=XJYj1Zti9Ic
3 //
2 http://www.google.com.co
1 https://seguro.cam.es
1 https://nk.pl
1 https://mail.google.com
1 http://xhamster.com
1 http://www78.hattrick.ws
1 http://www.yuvutu.com
1 http://www.wscom.com.br
1 http://www.twirpx.com
1 http://www.tumomo.com
1 http://www.tuenti.com
1 http://www.target.com
Reporter | ||
Comment 3•14 years ago
|
||
we might need skip listing to help sort out the new regression.
looks like there are several forms of the stack with these being the top 3.
many of the b7pre stacks I looked at are like this first one.
10 Firefox
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsStyledElement::UnbindFromTree(int,int)
xul.dll nsGenericHTMLElement::UnbindFromTree(int,int)
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsStyledElement::UnbindFromTree(int,int)
xul.dll nsGenericHTMLElement::UnbindFromTree(int,int)
like http://crash-stats.mozilla.com/report/index/39afdf3b-fe4e-471a-8ff0-1df212100919
many of the 3.6.x reports look like this one.
9 Firefox
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsContentUtils::AddScriptBlocker()
xul.dll nsINode::nsSlots::`scalar deleting destructor'(unsigned int)
like 98 http://crash-stats.mozilla.com/report/index/bd46b469-4a32-49df-b9de-da88a2100919
this next one looks like mostly 3.6.x as well.
5 Firefox
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsGenericElement::UnbindFromTree(int,int)
xul.dll nsContentUtils::AddScriptBlocker()
like http://crash-stats.mozilla.com/report/index/d3a950c4-ebeb-487d-b001-44a552100919
Comment 4•14 years ago
|
||
Not blocking Firefox 4 on this unless this raises significantly in frequency.
blocking2.0: ? → -
Comment 5•13 years ago
|
||
Is it a dupe of bug 485941 as bug 657455 is?
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsGenericElement::UnbindFromTree(int, int) ]
Updated•13 years ago
|
Crash Signature: [@ nsGenericElement::UnbindFromTree(int, int) ] → [@ nsGenericElement::UnbindFromTree(int, int) ]
[@ nsGenericElement::UnbindFromTree(bool, bool) ]
Comment 6•13 years ago
|
||
There's a spike in crashes from 14.0a1/20120315. The regression range for the spike is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=8d1c74566a0b&tochange=082d016c341f
It's #2 top crasher in 14.0a1 over the last day.
The stack looks like:
Frame Module Signature [Expand] Source
0 xul.dll nsGenericElement::UnbindFromTree content/base/src/nsGenericElement.cpp:3276
1 xul.dll nsXULElement::UnbindFromTree content/xul/content/src/nsXULElement.cpp:925
2 xul.dll nsGenericElement::UnbindFromTree content/base/src/nsGenericElement.cpp:3326
3 xul.dll nsXULElement::UnbindFromTree content/xul/content/src/nsXULElement.cpp:925
4 xul.dll nsGenericElement::RemoveChildAt content/base/src/nsGenericElement.cpp:3845
5 xul.dll nsXULElement::RemoveChildAt content/xul/content/src/nsXULElement.cpp:997
6 xul.dll nsINode::ReplaceOrInsertBefore content/base/src/nsGenericElement.cpp:4260
7 xul.dll nsINode::ReplaceOrInsertBefore obj-firefox/dist/include/nsINode.h:1480
8 xul.dll nsINode::ReplaceChild obj-firefox/dist/include/nsINode.h:527
9 xul.dll nsIDOMNode_ReplaceChild obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:5311
10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:514
11 mozjs.dll js::Interpret js/src/jsinterp.cpp:2710
12 mozjs.dll js::ContextStack::pushInvokeFrame js/src/vm/Stack.cpp:778
13 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:529
14 mozjs.dll mozjs.dll@0x789f
More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsGenericElement%3A%3AUnbindFromTree%28bool%2C+bool%29
Depends on: CVE-2009-1232
Keywords: topcrash
Hardware: x86 → All
Summary: Firefox Crash [@ nsGenericElement::UnbindFromTree(int, int) ] → Firefox Crash @ nsGenericElement::UnbindFromTree
Updated•13 years ago
|
Crash Signature: [@ nsGenericElement::UnbindFromTree(int, int) ]
[@ nsGenericElement::UnbindFromTree(bool, bool) ] → [@ nsGenericElement::UnbindFromTree(int, int) ]
[@ nsGenericElement::UnbindFromTree(bool, bool) ]
[@ nsGenericElement::UnbindFromTree ]
Comment 7•13 years ago
|
||
Crashes after the spike are correlated to Video DownloadHelper:
100% (29/29) vs. 17% (64/376) {b9db16a4-6edc-47ec-a1f4-b86292ed211d} (Video DownloadHelper, https://addons.mozilla.org/addon/3006)
tracking-firefox14:
--- → ?
Updated•13 years ago
|
Comment 8•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046
Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.
If you have questions, please contact :mdaly.
Priority: -- → P5
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•