Closed
Bug 600150
Opened 14 years ago
Closed 10 years ago
Crash [@ mozilla::`anonymous namespace''::ContainerState::ProcessDisplayItems(nsDisplayList const&, mozilla::FrameLayerBuilder::Clip&) ]
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | ? |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
Build : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7pre) Gecko/20100927 Firefox/4.0b7pre This is a new crash signature that was introduced by b6pre/20100911 build. It happens mainly under Windows XP. The crash daily rate is 1-4 crashes/day in trunk builds. It is #23 top crasher for b7pre/20100927 build. Signature mozilla::`anonymous namespace''::ContainerState::ProcessDisplayItems(nsDisplayList const&, mozilla::FrameLayerBuilder::Clip const&) UUID 5b8761de-e67a-4e4a-9f50-459a82100925 Time 2010-09-25 20:56:43.809952 Uptime 419 Last Crash 427 seconds (7.1 minutes) before submission Install Age 18618 seconds (5.2 hours) since version was first installed. Product Firefox Version 4.0b7pre Build ID 20100925041313 Branch 2.0 OS Windows NT OS Version 5.1.2600 Service Pack 2 CPU x86 CPU Info GenuineIntel family 15 model 2 stepping 7 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x0 App Notes AdapterVendorID: 5333, AdapterDeviceID: 8d04 Frame Module Signature [Expand] Source 0 xul.dll mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems layout/base/FrameLayerBuilder.cpp:1143 1 xul.dll mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems layout/base/FrameLayerBuilder.cpp:1068 2 xul.dll mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems layout/base/FrameLayerBuilder.cpp:1068 3 xul.dll mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems layout/base/FrameLayerBuilder.cpp:1068 4 xul.dll mozilla::FrameLayerBuilder::BuildContainerLayerFor layout/base/FrameLayerBuilder.cpp:1410 5 xul.dll nsDisplayOwnLayer::BuildLayer layout/base/nsDisplayList.cpp:1319 6 xul.dll mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems layout/base/FrameLayerBuilder.cpp:1097 7 xul.dll mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems layout/base/FrameLayerBuilder.cpp:1068 8 xul.dll mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems layout/base/FrameLayerBuilder.cpp:1068 9 xul.dll mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems layout/base/FrameLayerBuilder.cpp:1068 10 xul.dll mozilla::FrameLayerBuilder::BuildContainerLayerFor layout/base/FrameLayerBuilder.cpp:1410 11 xul.dll nsDisplayList::PaintForFrame layout/base/nsDisplayList.cpp:409 12 xul.dll nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:1429 13 xul.dll PresShell::Paint layout/base/nsPresShell.cpp:6114 14 xul.dll nsViewManager::RenderViews view/src/nsViewManager.cpp:447 15 xul.dll nsViewManager::Refresh view/src/nsViewManager.cpp:413 16 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:913 17 xul.dll AttachedHandleEvent view/src/nsView.cpp:193 18 xul.dll nsWindow::DispatchEvent widget/src/windows/nsWindow.cpp:3536 19 xul.dll nsWindow::DispatchWindowEvent widget/src/windows/nsWindow.cpp:3567 20 xul.dll nsWindow::OnPaint widget/src/windows/nsWindowGfx.cpp:603 21 xul.dll xul.dll@0x52334b The regression range is : http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=79d0beec27b5&tochange=73ab2c3c5ad9 More reports at : http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&date=09%2F27%2F2010%2023%3A58%3A31&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=mozilla%3A%3A%60anonymous%20namespace%27%27%3A%3AContainerState%3A%3AProcessDisplayItems%28nsDisplayList%20const%26%2C%20mozilla%3A%3AFrameLayerBuilder%3A%3AClip%20const%26%29
|
||
Updated•14 years ago
|
blocking2.0: --- → ?
|
||
Comment 1•14 years ago
|
||
Given the low volume of crashes, how confident are we in that regression range?
|
Reporter | |
Comment 2•14 years ago
|
||
> Given the low volume of crashes, how confident are we in that regression range? b6pre/20100910 : 0 crash b6pre/20100911 : 3 crashes (first appearance) From b6pre/20100913 to b6pre/20100915 : 0 crash The regression range can be extended to 3 days before : http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=cf0088ff07f2&tochange=73ab2c3c5ad9
|
|
||
Comment 3•14 years ago
|
||
Nothing pops out in the extended regression range. A lot of those crash reports have nsWindow::DealWithPopups in the stack before the painting. I wonder if we're painting a doomed popup or something.
All reports in the last 4 weeks (instead of prior to when the bug was filed): http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&range_value=4&range_unit=weeks&do_query=1&signature=mozilla%3A%3A%60anonymous%20namespace%27%27%3A%3AContainerState%3A%3AProcessDisplayItems%28nsDisplayList%20const%26%2C%20mozilla%3A%3AFrameLayerBuilder%3A%3AClip%20const%26%29
The URLs associated with this crash show significant Brazilian bias; there's a possibility it's related to the Orkut talk gadget.
Based on the current crash volume and the lack of steps to reproduce, I don't think we can block on this right now. However, I'd want to reconsider if either: (1) we had steps to reproduce, or, (2) crash volume in betas showed it was in the top 50 or so crashes
blocking2.0: ? → -
Keywords: qawanted
|
|
Reporter | |
Comment 7•14 years ago
|
||
It is #43 top crasher on 4.0b8pre for the last 3 days.
|
|
Reporter | |
Updated•13 years ago
|
Summary: crash mainly under Windows XP [@ mozilla::`anonymous namespace''::ContainerState::ProcessDisplayItems(nsDisplayList const&, mozilla::FrameLayerBuilder::Clip const&) ] → Crash [@ mozilla::`anonymous namespace''::ContainerState::ProcessDisplayItems(nsDisplayList const&, mozilla::FrameLayerBuilder::Clip&) ]
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0a2) Gecko/20110413 Firefox/5.0a2 https://crash-stats.mozilla.com/report/index/bp-0392f265-645e-4fa8-b2ef-cb4002110414 http://cubicvr.org/CubicVR.js/bd3/BeatDetektor3HD.html I used the time slider -> crash reproduceable = always
|
|
Reporter | |
Comment 10•13 years ago
|
||
(In reply to comment #6) > However, I'd want to reconsider if either: > (1) we had steps to reproduce, or, > (2) crash volume in betas showed it was in the top 50 or so crashes Its dupe is #5 top crasher in 4.0.1 over the last 3 days.
blocking2.0: - → ?
|
|
Reporter | |
Updated•13 years ago
|
tracking-firefox5:
--- → ?
|
||
Updated•13 years ago
|
|
||
Comment 11•13 years ago
|
||
here is the volume profile for various releases over the last several days.
the bump on may 12 looks due to a site problem or malware, and not connected to any firefox release.
mozilla::.anonymous.namespace..::ContainerState::ProcessDisplayItems.nsDisplayList.const.,.mozilla::FrameLayerBuilder::Clip..
date total breakdown by build
crashes count build, count build, ...
20110501 114 75 4.0.12011041322,
32 4.02011031805, 5 4.0b112011020314,
2 4.0b122011022221,
20110502 113 78 4.0.12011041322,
26 4.02011031805, 3 4.0b112011020314,
2 5.0a22011042704, 2 4.0b122011022221,
1 6.0a12011050203, 1 6.0a12011050103,
20110503 101 80 4.0.12011041322,
12 4.02011031805, 5 4.0b122011022221,
3 4.0b112011020314, 1 5.0a22011050204,
20110504 111 77 4.0.12011041322,
20 4.02011031805, 6 4.0b112011020314,
5 4.0b122011022221, 2 6.0a12011042803,
1 4.02011030319,
Advertised/prompted MU FF3.5.19 → 4.0.1, FF3.6.17 → 4.0.1 May 05
20110505 133 112 4.0.12011041322,
10 4.02011031805, 6 4.0b112011020314,
3 4.0b122011022221, 1 6.0a12011050103,
1 5.0a22011050404,
20110506 140 108 4.0.12011041322,
16 4.02011031805, 8 4.0b112011020314,
5 4.0b122011022221, 1 6.0a12011050503,
1 5.0a22011050504, 1 5.02011042714,
20110507 121 98 4.0.12011041322,
8 4.0b112011020314, 7 4.02011031805,
5 4.0b122011022221, 2 5.02011042714,
1 4.02011030319,
20110508 163 138 4.0.12011041322,
13 4.02011031805, 6 4.0b122011022221,
4 4.0b112011020314, 2 5.02011042714,
20110509 168 137 4.0.12011041322,
17 4.02011031805, 9 4.0b112011020314,
2 5.0a22011050804, 1 6.0a12011050903,
1 6.0a12011050403, 1 4.0b122011022221,
20110510 175 145 4.0.12011041322,
16 4.02011031805, 6 5.02011042714,
5 4.0b112011020314, 1 6.0a12011050903,
1 4.0b122011022221, 1 4.02011030319,
20110511 154 133 4.0.12011041322,
9 4.02011031805, 5 4.0b122011022221,
3 5.02011042714, 3 4.0b112011020314,
1 5.0a22011051004,
20110512 208 187 4.0.12011041322,
13 4.02011031805, 3 5.02011042714,
2 4.0b122011022221, 1 6.0a12011051203,
1 4.0b112011020314, 1 4.02011030319,
20110513 183 149 4.0.12011041322,
22 4.02011031805, 9 5.02011042714,
3 4.0b122011022221,
20110514 189 162 4.0.12011041322,
12 4.02011031805, 8 4.0b112011020314,
5 5.02011042714, 1 6.0a12011051303,
1 5.0a22011051304,
20110515 217 198 4.0.12011041322,
6 4.02011031805, 5 4.0b112011020314,
4 5.02011042714, 2 6.0a12011051503,
1 5.0a22011051404, 1 4.0b122011022221,
20110516 208 177 4.0.12011041322,
11 4.02011031805, 6 4.0b122011022221,
5 5.02011042714, 5 4.0b112011020314,
1 6.0a12011051503, 1 6.0a12011051003,
1 5.0a22011051204, 1 4.02011030319,|
|
||
Comment 12•13 years ago
|
||
If there's malware tickling this, can we get someone to dig into that and see about a blocklist solution? Alternatively, if we can't get anywhere through that rout, who can look at this code and see if there's a client-side fix we can employ? Are the steps in comment 9 sufficient to try to get this diagnosed on the code side?
|
|
||
Comment 13•13 years ago
|
||
marcia/tomcat can you check out comment 9 on a few different vms? I was unable to reproduce on mac. crash volume has leveled off about the same as ending period of comment 11. I looked at which addons are installed in about 300 reports and the list looks something like this: 243 {972ce4c6-7e08-4474-a285-3208198ce6fd}</td 4.0.1</td 212 NO_ADDONS_FOUND 104 <a href="" </a 1.0</td 71 <a href="" </a 3.3.3.2</td 64{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}</td 6.0.24</td 51 {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}</td 6.0.22</td 45 {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}</td 6.0.23</td 38 {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}</td 6.0.21</td 31 <a href="http://addons.mozilla.org/en-US/firefox/addon/13661" Test Pilot 1.1.1 31 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}</td 6.0.20</td 26 <a href="http://addons.mozilla.org/en-US/firefox/addon/9449" Microsoft .NET Framework Assistant</a <a href="http://addons.mozilla.org/en-US/firefox/addon/9449" 0.0.0</td 21 {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}</td 5.3.0.7280</td 21 <a href="" </a 20 <a href="http://addons.mozilla.org/en-US/firefox/addon/1865" Adblock Plus</a <a href="http://addons.mozilla.org/en-US/firefox/addon/1865" {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}</td 1.3.7</td
|
||
Comment 14•13 years ago
|
||
Tried reproducing with the latest trunk using Mozilla/5.0 (Windows NT 6.1; rv:6.0a1) Gecko/20110518 Firefox/6.0a1 - so far no luck with the steps in Comment 9. Note that user is running with Add on Compat reporter and a few extensions. Will try on a few other machines.
|
|
||
Comment 15•13 years ago
|
||
Not able to reproduce in a Windows XP VM either - I even tried installing all the extensions the user has and still can't get it to reproduce when I move the slider. Tried with both latest trunk nightly and Firefox 5 B2 build.
|
|
Reporter | |
Comment 16•13 years ago
|
||
The problem is with the mozalloc_abort(char const* const) | mozalloc_handle_oom() | mozilla::`anonymous namespace''::ContainerState::ProcessDisplayItems(nsDisplayList const&, mozilla::FrameLayerBuilder::Clip&) crash signature (see bug 633903): https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char%20const*%20const%29%20|%20mozalloc_handle_oom%28%29%20|%20mozilla%3A%3A%60anonymous%20namespace%27%27%3A%3AContainerState%3A%3AProcessDisplayItems%28nsDisplayList%20const%26%2C%20mozilla%3A%3AFrameLayerBuilder%3A%3AClip%26%29 This crasher is #4 top crasher in 4.0.1 and it exists in 5.0b2 at a lower volume.
|
||
Comment 17•13 years ago
|
||
Not much we can do about this unless we have clear steps to reproduce. About 76 windows crashes in the last week on b3. If we can reproduce it, I am removing it from tracking since it's unlikely to get any traction in the next week.
tracking-firefox5:
+ → ---
|
|
||
Comment 18•13 years ago
|
||
I meant, if we CAN'T repro, removing it from tracking.
|
|
||
Comment 19•13 years ago
|
||
I will take a look at 4.0.1 to see if there are any correlations or comments that may help us get some STR.
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ mozilla::`anonymous namespace''::ContainerState::ProcessDisplayItems(nsDisplayList const&, mozilla::FrameLayerBuilder::Clip&) ]
|
|
||
Comment 20•13 years ago
|
||
This has gone way down in the ranking for releases. It's at #75 on 8.0, #103 on 9.0b4. Removing the top crash keyword.
Keywords: topcrash
|
||
Comment 21•11 years ago
|
||
signature is gone after version 16.0.2. but still exists in other variations https://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A22.0a1&version=Firefox%3A21.0a2&version=Firefox%3A20.0b7&version=Firefox%3A19.0.2&version=Firefox%3A20.0&version=Firefox%3A20.0b6&version=Firefox%3A20.0b5&version=Firefox%3A20.0b4&version=Firefox%3A20.0b3&version=Firefox%3A20.0b2&version=Firefox%3A20.0b1&version=Firefox%3A19.0.1&version=Firefox%3A19.0&version=Firefox%3A19.0b6&version=Firefox%3A19.0b5&version=Firefox%3A19.0b4&version=Firefox%3A18.0.2&version=Firefox%3A18.0.1&version=Firefox%3A18.0&version=Firefox%3A17.0.5esr&version=Firefox%3A17.0.4esr&version=Firefox%3A17.0.3esr&version=Firefox%3A17.0.2esr&version=Firefox%3A17.0.1&query_search=signature&query_type=contains&query=ntainerState%3A%3AProcessDisplayItems%28nsDisplayList%20const%26amp%3B%2C%20mozilla%3A%3AFrameLayerBuilder%3A%3AClip&reason_type=contains&date=03%2F30%2F2013%2013%3A40%3A06&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&admin=1&signature=mozilla%3A%3A%60anonymous%20namespace%27%27%3A%3AContainerState%3A%3AProcessDisplayItems%28nsDisplayList%20const%26%2C%20mozilla%3A%3AFrameLayerBuilder%3A%3AClip%26%2C%20unsigned%20int%2C%20nsIFrame%20const*%29 Stacks vary widely in current versions, so I didn't check to see if they match this bug
|
||
Comment 22•10 years ago
|
||
According to Socorro, this issue stopped reproducing with Firefox 16: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3A%60anonymous+namespace%27%27%3A%3AContainerState%3A%3AProcessDisplayItems%28nsDisplayList+const%26%2C+mozilla%3A%3AFrameLayerBuilder%3A%3AClip%26%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&hang_type=any&date=2014-01-13+13%3A00%3A00&range_value=4#reports
You need to log in
before you can comment on or make changes to this bug.
Description
•