Closed
Bug 868905
Opened 11 years ago
Closed 5 years ago
Crash while playing Epic Citadel demo [@ mozilla::dom::Element::UnbindFromTree ]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: whimboo, Unassigned)
References
()
Details
(Keywords: crash, crashreportid)
Crash Data
While playing the Epic Citadel demo Firefox crashed with the following stack. It happened after leaving the castle and walking down the pathway right before the brigde. 0 libxul.so mozilla::dom::Element::UnbindFromTree content/base/src/nsNodeUtils.h:119 1 libxul.so nsGenericHTMLElement::UnbindFromTree content/html/content/src/nsGenericHTMLElement.cpp:655 2 libxul.so nsGenericDOMDataNode::UnbindFromTree content/base/src/nsGenericDOMDataNode.cpp:530 3 libxul.so mozilla::dom::Element::UnbindFromTree content/base/src/Element.cpp:1353 4 libnspr4.so PR_Unlock nsprpub/pr/src/pthreads/ptsynch.c:205 5 libnspr4.so PR_ExitMonitor nsprpub/pr/src/pthreads/ptsynch.c:557 6 libxul.so nsEventQueue::GetEvent obj-firefox/dist/include/mozilla/ReentrantMonitor.h:80 7 libxul.so nsThread::HasPendingEvents xpcom/threads/nsThread.cpp:501 8 libxul.so nsGenericHTMLElement::UnbindFromTree content/html/content/src/nsGenericHTMLElement.cpp:655 9 libxul.so mozilla::dom::HTMLSharedElement::UnbindFromTree content/html/content/src/HTMLSharedElement.cpp:305 10 libxul.so mozilla::dom::Element::UnbindFromTree content/base/src/Element.cpp:1353 11 libxul.so nsPropertyTable::PropertyList::DeletePropertyFor content/base/src/nsPropertyTable.cpp:337 12 libxul.so NS_CycleCollectorSuspect2 obj-firefox/dist/include/mozilla/ThreadLocal.h:123 13 libxul.so nsGenericHTMLElement::UnbindFromTree content/html/content/src/nsGenericHTMLElement.cpp:655 14 libxul.so mozilla::dom::HTMLSharedElement::UnbindFromTree content/html/content/src/HTMLSharedElement.cpp:305 15 libxul.so nsDocument::cycleCollection::UnlinkImpl content/base/src/nsDocument.cpp:1777 16 libxul.so nsHTMLDocument::cycleCollection::UnlinkImpl content/html/document/src/nsHTMLDocument.cpp:226 17 libxul.so nsCycleCollector::CollectWhite xpcom/base/nsCycleCollector.cpp:2344 18 libxul.so nsCycleCollector::FinishCollection xpcom/base/nsCycleCollector.cpp:2790 19 libxul.so nsCycleCollectorRunner::Collect xpcom/base/nsCycleCollector.cpp:1148 May it be that the cycle collector has been caused it?
Socorro link?
Keywords: crashreportid
Reporter | ||
Comment 2•11 years ago
|
||
Sorry, missed it: bp-f129b1fb-8cd4-4906-bc28-d378d2130506
Keywords: crashreportid
Comment 3•11 years ago
|
||
(In reply to Henrik Skupin (:whimboo) from comment #2) > Sorry, missed it: bp-f129b1fb-8cd4-4906-bc28-d378d2130506 The build from April 25 is quite old. Does it happen with the latest one?
Flags: needinfo?(hskupin)
Reporter | ||
Comment 4•11 years ago
|
||
It crashed once so I was not able to get reliable steps.
Flags: needinfo?(hskupin)
Comment 5•11 years ago
|
||
> May it be that the cycle collector has been caused it?
Crashes in the cycle collector are usually due to other code leaving around garbage that the CC touches.
The stack looks a little junky. The non-UnbindFromTree stuff doesn't make much sense.
Comment 6•11 years ago
|
||
4:43 UTC is too soon to make it appear in crash stats because of bug 865146. You need to tweak the signature later or wait 7:00 UTC to file a bug about crashes.
Crash Signature: [@ mozilla::dom::Element::UnbindFromTree(bool, bool) ] → [@ mozilla::dom::Element::UnbindFromTree(bool, bool)]
Comment 7•11 years ago
|
||
str |
User Agent: Mozilla/5.0 (Windows NT 6.3; rv:25.0) Gecko/20100101 Firefox/25.0 Build ID: 20130926170421 I've managed to crash Epic Citadel (twice in two tries) with Firefox 25 beta 3 on Windows 8.1 32bit. STR: 1. Open Firefox. 2. Go to http://www.unrealengine.com/html5/ 3. Click play and wait for the download to complete. The browser crashed when the download was almost complete (at about 98-99%). Crash report: https://crash-stats.mozilla.com/report/index/bp-275f79b5-1310-4419-bbab-7ec5b2130927
(In reply to Cornel Ionce [QA] from comment #7) > Crash report: > https://crash-stats.mozilla.com/report/index/bp-275f79b5-1310-4419-bbab- > 7ec5b2130927 Andrew, anything you can determine from this crash report? The signature seems to be completely different. Also note that the original signature has another correlated bug report (bug 829105) which appears to be a Thunderbird shutdown crash.
Comment 9•11 years ago
|
||
Yes, the signature in comment 7 is an OOM in IndexedDB. My impression was that Citadel is pretty OOMy right now on 32-bit Windows, but I could be wrong...
Comment 10•11 years ago
|
||
Yes, 32-bit is pretty OOM-y. I wonder if some of the recent Emscripten changes would decrease memory usage or some other ones we found this week like setting noImageDecoding=false would improve the situation.
Comment 11•11 years ago
|
||
Actually, I just learned that on 32-bit Firefox running on 64-bit Windows, we get more address space (because of the -LARGEADDRESSAWARE flag we set on the FF binary) than when we run 32-bit Firefox on 32-bit Windows (where the whole OS has to be booted with a special flag). That explains why most of us have never seen an OOM with 32-bit FF (we're running Win64) but some people see it reliably. Another note: these infallible-malloc crashes in IDB are do to some crazzzy memory copying being done by IDB when storing large objects. Bugs will be filed.
FWIW, I think that most windows installs after XP, especially Win 7 and above, is 64-bit. XP is almost always 32-bit, and Vista is probably half and half. And yes, IDB be baaaaaad.
The IDB stuff is probably covered by bug 902909.
Updated•9 years ago
|
Crash Signature: [@ mozilla::dom::Element::UnbindFromTree(bool, bool)] → [@ mozilla::dom::Element::UnbindFromTree(bool, bool)]
[@ mozilla::dom::Element::UnbindFromTree]
Comment 14•8 years ago
|
||
Crash volume for signature 'mozilla::dom::Element::UnbindFromTree': - nightly (version 51): 5 crashes from 2016-08-01. - aurora (version 50): 3 crashes from 2016-08-01. - beta (version 49): 87 crashes from 2016-08-02. - release (version 48): 70 crashes from 2016-07-25. - esr (version 45): 24 crashes from 2016-05-02. Crash volume on the last weeks (Week N is from 08-22 to 08-28): W. N-1 W. N-2 W. N-3 - nightly 0 2 1 - aurora 0 3 0 - beta 19 30 11 - release 16 17 12 - esr 0 1 5 Affected platforms: Windows, Mac OS X, Linux Crash rank on the last 7 days: Browser Content Plugin - nightly #347 - aurora - beta #1048 #130 - release #767 - esr #4947
status-firefox48:
--- → affected
status-firefox49:
--- → affected
status-firefox50:
--- → affected
status-firefox51:
--- → affected
status-firefox-esr45:
--- → affected
Comment 15•5 years ago
|
||
(In reply to Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) from comment #13)
The IDB stuff is probably covered by bug 902909.
The above bug was fixed. And the original crash was 32-bit.
Is this worth keeping?
Flags: needinfo?(htsai)
Summary: Crash while playing Epic Citadel demo [@ mozilla::dom::Element::UnbindFromTree(bool, bool) ] → Crash while playing Epic Citadel demo [@ mozilla::dom::Element::UnbindFromTree ]
Comment 16•5 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #15)
(In reply to Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) from comment #13)
The IDB stuff is probably covered by bug 902909.
The above bug was fixed. And the original crash was 32-bit.
Is this worth keeping?
Thanks for the kind comment. I think we can close it as FIXED.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(htsai)
Resolution: --- → FIXED
Updated•5 years ago
|
Resolution: FIXED → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•