Closed
Bug 768383
Opened 13 years ago
Closed 13 years ago
crash in nsFrameManager::ReResolveStyleContext mainly with AMD Radeon HD 6xxx series
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox14 | - | --- |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
It's #11 top browser crasher in the first hours of 14.0b9 while only #691 in 14.0b8.
It's likely related to bug 714320 which also spiked.
The Beta regression range is:
http://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=f8d3886db65a&tochange=d050090e578c
Signature nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*) More Reports Search
UUID 8ff944fb-7b84-4a35-a280-84e202120626
Date Processed 2012-06-26 05:26:07
Uptime 33
Last Crash 1.3 minutes before submission
Install Age 4.5 minutes since version was first installed.
Install Time 2012-06-26 05:21:08
Product Firefox
Version 14.0
Build ID 20120624012213
Release Channel beta
OS Windows NT
OS Version 6.1.7600
Build Architecture x86
Build Architecture Info AuthenticAMD family 20 model 1 stepping 0
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0x0
App Notes
AdapterVendorID: 0x1002, AdapterDeviceID: 0x9804, AdapterSubsysID: 00000000, AdapterDriverVersion: 8.860.0.0
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers-
EMCheckCompatibility True
Adapter Vendor ID 0x1002
Adapter Device ID 0x9804
Total Virtual Memory 2147352576
Available Virtual Memory 1876348928
System Memory Use Percentage 39
Available Page File 2478833664
Available Physical Memory 1052139520
Frame Module Signature Source
0 xul.dll nsTransitionManager::StyleContextChanged layout/style/nsTransitionManager.cpp:254
1 xul.dll nsFrameManager::ReResolveStyleContext layout/base/nsFrameManager.cpp:1321
2 xul.dll nsFrameManager::ReResolveStyleContext layout/base/nsFrameManager.cpp:1615
3 xul.dll nsFrameManager::ReResolveStyleContext layout/base/nsFrameManager.cpp:1615
...
21 xul.dll nsFrameManager::ComputeStyleChangeFor layout/base/nsFrameManager.cpp:1706
22 xul.dll mozilla::css::RestyleTracker::DoProcessRestyles layout/base/RestyleTracker.cpp:242
23 xul.dll nsCSSFrameConstructor::ProcessPendingRestyles layout/base/nsCSSFrameConstructor.cpp:11632
24 xul.dll PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:4004
25 xul.dll nsStaticCaseInsensitiveNameTable::Lookup xpcom/ds/nsStaticNameTable.cpp:250
26 xul.dll nsComputedDOMStyle::GetPropertyCSSValue layout/style/nsComputedDOMStyle.cpp:499
27 xul.dll nsComputedDOMStyle::GetPropertyValue layout/style/nsComputedDOMStyle.cpp:322
28 xul.dll nsComputedDOMStyle::GetPropertyValue layout/style/nsComputedDOMStyle.cpp:267
29 xul.dll nsIDOMCSS2Properties_Get obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:6879
30 xul.dll nsIDOMCSS2Properties_GetHeight obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:7569
31 mozjs.dll js::Shape::get js/src/jsscopeinlines.h:295
32 mozjs.dll js_NativeGet js/src/jsobj.cpp:4976
33 mozjs.dll js::NativeGet js/src/jsinterpinlines.h:168
34 mozjs.dll js::GetPropertyOperation js/src/jsinterpinlines.h:253
35 mozjs.dll js::Interpret js/src/jsinterp.cpp:2654
36 mozjs.dll WrapForSameCompartment js/src/jscompartment.cpp:184
37 mozjs.dll js::RunScript js/src/jsinterp.cpp:467
38 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:535
39 mozjs.dll js::Invoke js/src/jsinterp.cpp:567
40 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5419
41 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1893
42 xul.dll nsCycleCollectingAutoRefCnt::incr obj-firefox/dist/include/nsISupportsImpl.h:161
43 user32.dll CalcWakeMask
44 xul.dll PeekUIMessage widget/windows/nsAppShell.cpp:102
More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsTransitionManager%3A%3AStyleContextChanged%28mozilla%3A%3Adom%3A%3AElement*%2C+nsStyleContext*%2C+nsStyleContext*%29
https://crash-stats.mozilla.com/report/list?signature=nsStyleContext%3A%3ACalcStyleDifference%28nsStyleContext*%29
|
||
Updated•13 years ago
|
Crash Signature: [@ nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*)]
[@ nsStyleContext::CalcStyleDifference(nsStyleContext*)] → [@ nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*)]
[@ nsStyleContext::CalcStyleDifference(nsStyleContext*)]
[@ nsCSSFrameConstructor::ResolveStyleContext(nsStyleContext*, nsIContent* nsFrameConstructor…
|
Reporter | |
Comment 1•13 years ago
|
||
The three crash signatures have all in common nsFrameManager::ReResolveStyleContext in the first frames.
With combined signatures, it's currently #2 top crasher in 14.0b9.
More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsFrameManager%3A%3AReResolveStyleContext%28nsPresContext*%2C+nsIFrame*%2C+nsIContent*%2C+nsStyleChangeList*%2C+nsChangeHint%2C+nsRestyleHint%2C+mozilla%3A%3Acss%3A%3ARestyleTracker%26%2C+nsFrameManager%3A%3ADesiredA11yNotifications%2C+nsTArray%3CnsIContent*%2C+nsTArrayDefaultAllocator%3E%26%2C+Tr...
Crash Signature: [@ nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*)]
[@ nsStyleContext::CalcStyleDifference(nsStyleContext*)]
[@ nsCSSFrameConstructor::ResolveStyleContext(nsStyleContext*, nsIContent* nsFrameConstructor… → [@ nsTransitionManager::StyleContextChanged(mozilla::dom::Element*, nsStyleContext*, nsStyleContext*)]
[@ nsStyleContext::CalcStyleDifference(nsStyleContext*)]
[@ nsFrameManager::ReResolveStyleContext(nsPresContext*, nsIFrame*, nsIContent* nsStyleChange…
Component: Style System (CSS) → Layout
QA Contact: style-system → layout
Summary: crash in nsTransitionManager::StyleContextChanged or nsStyleContext::CalcStyleDifference mainly with AMD Radeon HD 6xxx series → crash in nsFrameManager::ReResolveStyleContext mainly with AMD Radeon HD 6xxx series
|
||
Comment 2•13 years ago
|
||
May be bug 686335. If this explosiveness continues in b10 (going to build today), we may need to consider backing that change out for b11 (going to build on Tuesday).
Blocks: 686335
|
|
||
Comment 3•13 years ago
|
||
Can we get a correlation report and URLs in the meantime? If this is related to plugins, it would be good to know which were in use at the time.
Keywords: needURLs
|
|
Reporter | |
Comment 4•13 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #2)
> May be bug 686335.
If it is, bug 714320 (appears randomly) and bug 768560 are also a regression from this bug.
(In reply to Alex Keybl [:akeybl] from comment #3)
> Can we get a correlation report and URLs in the meantime? If this is related
> to plugins, it would be good to know which were in use at the time.
There are no clear correlations (only Windows DLLs).
|
||
Comment 5•13 years ago
|
||
How did this bug get associated with AMD Radeon cards? I don't see the connection made in the bug comments.
|
|
Reporter | |
Comment 6•13 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #5)
> How did this bug get associated with AMD Radeon cards? I don't see the
> connection made in the bug comments.
Before I filed the bug, I had checked manually crash reports as there are no correlation files based on device and vendor IDs. The three signatures are correlated to those AMD GPUs (0x98.. device ID)
|
|
||
Comment 7•13 years ago
|
||
bz and I dived into the minidump from comment 0, and we're stumped. Given the callstack, "aElement" at the entry of nsTransitionManager::StyleContextChanged *can't* be null, because it's null-checked immediately before at http://hg.mozilla.org/releases/mozilla-beta/annotate/d050090e578c/layout/base/nsFrameManager.cpp#l735
So unless this is PGO-fail, or a device driver is clobbering the ECX register during execution, or something is clobbering stack memory, there is no logical way for this crash to occur. I think we should watch this is b10 to see if PGO effects change it.
|
|
Reporter | |
Comment 8•13 years ago
|
||
There are 3 crashes in 14.0b10.
|
||
Comment 9•13 years ago
|
||
(In reply to Scoobidiver from comment #8)
> There are 3 crashes in 14.0b10.
Scoobidiver, please don't untrack bugs that have had tracking set to + for a particular revision. Release management goes through tracked bugs and decides if we're still going to track something or not and if you do this for us you take away our ability to know the whole picture. I'm happy to see that this crash has drastically declined for beta 10 and of course we won't track as long as the crashes stay very low but it's really important that you let us make that call. Thank you for being on top of the data, and for regular updates to crash bugs.
|
|
||
Comment 10•13 years ago
|
||
[Triage comment]
Untracking since crash volume seems significantly decreased in 14 beta 10.
|
|
Reporter | |
Comment 11•13 years ago
|
||
(In reply to Lukas Blakk [:lsblakk] from comment #9)
> Scoobidiver, please don't untrack bugs that have had tracking set to + for a
> particular revision.
That's why I haven't set the tracking flag to --- but to ? in order for release drivers to reevaluate the tracking. It's something that is done regularly by other people.
Depends on: 772330
|
|
||
Comment 12•13 years ago
|
||
Bug 772330 has a more general report about these random per-build crashes, but it's clear that this has gone away after b9, so resolving.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•