Closed
Bug 768383
Opened 11 years ago
Closed 11 years ago
crash in nsFrameManager::ReResolveStyleContext mainly with AMD Radeon HD 6xxx series
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox14 | - | --- |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
It's #11 top browser crasher in the first hours of 14.0b9 while only #691 in 14.0b8. It's likely related to bug 714320 which also spiked. The Beta regression range is: http://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=f8d3886db65a&tochange=d050090e578c Signature nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*) More Reports Search UUID 8ff944fb-7b84-4a35-a280-84e202120626 Date Processed 2012-06-26 05:26:07 Uptime 33 Last Crash 1.3 minutes before submission Install Age 4.5 minutes since version was first installed. Install Time 2012-06-26 05:21:08 Product Firefox Version 14.0 Build ID 20120624012213 Release Channel beta OS Windows NT OS Version 6.1.7600 Build Architecture x86 Build Architecture Info AuthenticAMD family 20 model 1 stepping 0 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x0 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x9804, AdapterSubsysID: 00000000, AdapterDriverVersion: 8.860.0.0 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- EMCheckCompatibility True Adapter Vendor ID 0x1002 Adapter Device ID 0x9804 Total Virtual Memory 2147352576 Available Virtual Memory 1876348928 System Memory Use Percentage 39 Available Page File 2478833664 Available Physical Memory 1052139520 Frame Module Signature Source 0 xul.dll nsTransitionManager::StyleContextChanged layout/style/nsTransitionManager.cpp:254 1 xul.dll nsFrameManager::ReResolveStyleContext layout/base/nsFrameManager.cpp:1321 2 xul.dll nsFrameManager::ReResolveStyleContext layout/base/nsFrameManager.cpp:1615 3 xul.dll nsFrameManager::ReResolveStyleContext layout/base/nsFrameManager.cpp:1615 ... 21 xul.dll nsFrameManager::ComputeStyleChangeFor layout/base/nsFrameManager.cpp:1706 22 xul.dll mozilla::css::RestyleTracker::DoProcessRestyles layout/base/RestyleTracker.cpp:242 23 xul.dll nsCSSFrameConstructor::ProcessPendingRestyles layout/base/nsCSSFrameConstructor.cpp:11632 24 xul.dll PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:4004 25 xul.dll nsStaticCaseInsensitiveNameTable::Lookup xpcom/ds/nsStaticNameTable.cpp:250 26 xul.dll nsComputedDOMStyle::GetPropertyCSSValue layout/style/nsComputedDOMStyle.cpp:499 27 xul.dll nsComputedDOMStyle::GetPropertyValue layout/style/nsComputedDOMStyle.cpp:322 28 xul.dll nsComputedDOMStyle::GetPropertyValue layout/style/nsComputedDOMStyle.cpp:267 29 xul.dll nsIDOMCSS2Properties_Get obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:6879 30 xul.dll nsIDOMCSS2Properties_GetHeight obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:7569 31 mozjs.dll js::Shape::get js/src/jsscopeinlines.h:295 32 mozjs.dll js_NativeGet js/src/jsobj.cpp:4976 33 mozjs.dll js::NativeGet js/src/jsinterpinlines.h:168 34 mozjs.dll js::GetPropertyOperation js/src/jsinterpinlines.h:253 35 mozjs.dll js::Interpret js/src/jsinterp.cpp:2654 36 mozjs.dll WrapForSameCompartment js/src/jscompartment.cpp:184 37 mozjs.dll js::RunScript js/src/jsinterp.cpp:467 38 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:535 39 mozjs.dll js::Invoke js/src/jsinterp.cpp:567 40 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5419 41 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1893 42 xul.dll nsCycleCollectingAutoRefCnt::incr obj-firefox/dist/include/nsISupportsImpl.h:161 43 user32.dll CalcWakeMask 44 xul.dll PeekUIMessage widget/windows/nsAppShell.cpp:102 More reports at: https://crash-stats.mozilla.com/report/list?signature=nsTransitionManager%3A%3AStyleContextChanged%28mozilla%3A%3Adom%3A%3AElement*%2C+nsStyleContext*%2C+nsStyleContext*%29 https://crash-stats.mozilla.com/report/list?signature=nsStyleContext%3A%3ACalcStyleDifference%28nsStyleContext*%29
|
||
Updated•11 years ago
|
Crash Signature: [@ nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*)]
[@ nsStyleContext::CalcStyleDifference(nsStyleContext*)] → [@ nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*)]
[@ nsStyleContext::CalcStyleDifference(nsStyleContext*)]
[@ nsCSSFrameConstructor::ResolveStyleContext(nsStyleContext*, nsIContent* nsFrameConstructor…
|
Reporter | |
Comment 1•11 years ago
|
||
The three crash signatures have all in common nsFrameManager::ReResolveStyleContext in the first frames. With combined signatures, it's currently #2 top crasher in 14.0b9. More reports at: https://crash-stats.mozilla.com/report/list?signature=nsFrameManager%3A%3AReResolveStyleContext%28nsPresContext*%2C+nsIFrame*%2C+nsIContent*%2C+nsStyleChangeList*%2C+nsChangeHint%2C+nsRestyleHint%2C+mozilla%3A%3Acss%3A%3ARestyleTracker%26%2C+nsFrameManager%3A%3ADesiredA11yNotifications%2C+nsTArray%3CnsIContent*%2C+nsTArrayDefaultAllocator%3E%26%2C+Tr...
Crash Signature: [@ nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*)]
[@ nsStyleContext::CalcStyleDifference(nsStyleContext*)]
[@ nsCSSFrameConstructor::ResolveStyleContext(nsStyleContext*, nsIContent* nsFrameConstructor… → [@ nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*)]
[@ nsStyleContext::CalcStyleDifference(nsStyleContext*)]
[@ nsFrameManager::ReResolveStyleContext(nsPresContext*, nsIFrame*, nsIContent* nsStyleChange…
Component: Style System (CSS) → Layout
QA Contact: style-system → layout
Summary: crash in nsTransitionManager::StyleContextChanged or nsStyleContext::CalcStyleDifference mainly with AMD Radeon HD 6xxx series → crash in nsFrameManager::ReResolveStyleContext mainly with AMD Radeon HD 6xxx series
|
||
Comment 2•11 years ago
|
||
May be bug 686335. If this explosiveness continues in b10 (going to build today), we may need to consider backing that change out for b11 (going to build on Tuesday).
Blocks: 686335
|
|
||
Comment 3•11 years ago
|
||
Can we get a correlation report and URLs in the meantime? If this is related to plugins, it would be good to know which were in use at the time.
Keywords: needURLs
|
|
Reporter | |
Comment 4•11 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #2) > May be bug 686335. If it is, bug 714320 (appears randomly) and bug 768560 are also a regression from this bug. (In reply to Alex Keybl [:akeybl] from comment #3) > Can we get a correlation report and URLs in the meantime? If this is related > to plugins, it would be good to know which were in use at the time. There are no clear correlations (only Windows DLLs).
|
||
Comment 5•11 years ago
|
||
How did this bug get associated with AMD Radeon cards? I don't see the connection made in the bug comments.
|
|
Reporter | |
Comment 6•11 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #5) > How did this bug get associated with AMD Radeon cards? I don't see the > connection made in the bug comments. Before I filed the bug, I had checked manually crash reports as there are no correlation files based on device and vendor IDs. The three signatures are correlated to those AMD GPUs (0x98.. device ID)
|
|
||
Comment 7•11 years ago
|
||
bz and I dived into the minidump from comment 0, and we're stumped. Given the callstack, "aElement" at the entry of nsTransitionManager::StyleContextChanged *can't* be null, because it's null-checked immediately before at http://hg.mozilla.org/releases/mozilla-beta/annotate/d050090e578c/layout/base/nsFrameManager.cpp#l735 So unless this is PGO-fail, or a device driver is clobbering the ECX register during execution, or something is clobbering stack memory, there is no logical way for this crash to occur. I think we should watch this is b10 to see if PGO effects change it.
|
|
Reporter | |
Comment 8•11 years ago
|
||
There are 3 crashes in 14.0b10.
|
||
Comment 9•11 years ago
|
||
(In reply to Scoobidiver from comment #8) > There are 3 crashes in 14.0b10. Scoobidiver, please don't untrack bugs that have had tracking set to + for a particular revision. Release management goes through tracked bugs and decides if we're still going to track something or not and if you do this for us you take away our ability to know the whole picture. I'm happy to see that this crash has drastically declined for beta 10 and of course we won't track as long as the crashes stay very low but it's really important that you let us make that call. Thank you for being on top of the data, and for regular updates to crash bugs.
|
|
||
Comment 10•11 years ago
|
||
[Triage comment] Untracking since crash volume seems significantly decreased in 14 beta 10.
|
|
Reporter | |
Comment 11•11 years ago
|
||
(In reply to Lukas Blakk [:lsblakk] from comment #9) > Scoobidiver, please don't untrack bugs that have had tracking set to + for a > particular revision. That's why I haven't set the tracking flag to --- but to ? in order for release drivers to reevaluate the tracking. It's something that is done regularly by other people.
|
|
||
Comment 12•11 years ago
|
||
Bug 772330 has a more general report about these random per-build crashes, but it's clear that this has gone away after b9, so resolving.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•