Closed
Bug 896164
Opened 11 years ago
Closed 9 years ago
crash in nsAnimationManager::BuildAnimations
Categories
(Core :: CSS Parsing and Computation, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: scoobidiver, Unassigned)
Details
(Keywords: crash, regression, reproducible)
Crash Data
It started spiking in 25.0a1/20130712 and is #20 crasher in 25.0a1. The regression range for the spike is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=dde4dcd6fa46&tochange=b44898282f21 Signature nsAnimationManager::BuildAnimations(nsStyleContext*, nsTArray<ElementAnimation>&) More Reports Search UUID 4866f260-f9d1-4f80-9f3b-01ea32130719 Date Processed 2013-07-19 13:23:24.759828 Uptime 13 Last Crash 31 seconds before submission Install Age 478 since version was first installed. Install Time 2013-07-19 13:15:04 Product Firefox Version 25.0a1 Build ID 20130719030204 Release Channel nightly OS Mac OS X OS Version 10.8.4 12E55 Build Architecture amd64 Build Architecture Info family 6 model 37 stepping 5 | 4 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0x2c App Notes AdapterVendorID: 0x10de, AdapterDeviceID: 0x a29GL Layers! GL Context? GL Context+ GL Layers+ Frame Module Signature Source 0 XUL nsAnimationManager::BuildAnimations(nsStyleContext*, nsTArray<ElementAnimation>&) obj-firefox/x86_64/dist/include/nsTArray.h 1 XUL nsAnimationManager::CheckAnimationRule(nsStyleContext*, mozilla::dom::Element*) layout/style/nsAnimationManager.cpp 2 XUL nsStyleSet::GetContext(nsStyleContext*, nsRuleNode*, nsRuleNode*, nsIAtom*, nsCSSPseudoElements::Type, mozilla::dom::Element*, unsigned int) layout/style/nsStyleSet.cpp 3 XUL nsStyleSet::ResolveStyleFor(mozilla::dom::Element*, nsStyleContext*, TreeMatchContext&) layout/style/nsStyleSet.cpp 4 XUL nsFrameManager::ReResolveStyleContext(nsPresContext*, nsIFrame*, nsIContent*, nsStyleChangeList*, nsChangeHint, nsChangeHint, nsRestyleHint, mozilla::css::RestyleTracker&, nsFrameManager::DesiredA11yNotifications, nsTArray<nsIContent*>&, TreeMatchContext&) layout/base/nsFrameManager.cpp 5 XUL nsFrameManager::ComputeStyleChangeFor(nsIFrame*, nsStyleChangeList*, nsChangeHint, mozilla::css::RestyleTracker&, bool) layout/base/nsFrameManager.cpp 6 XUL nsCSSFrameConstructor::RestyleElement(mozilla::dom::Element*, nsIFrame*, nsChangeHint, mozilla::css::RestyleTracker&, bool) layout/base/nsCSSFrameConstructor.cpp 7 XUL mozilla::css::RestyleTracker::DoProcessRestyles() layout/base/RestyleTracker.cpp 8 XUL nsCSSFrameConstructor::ProcessPendingRestyles() layout/base/RestyleTracker.h 9 XUL PresShell::FlushPendingNotifications(mozilla::ChangesToFlush) layout/base/nsPresShell.cpp 10 XUL nsDocument::FlushPendingNotifications(mozFlushType) content/base/src/nsDocument.cpp 11 XUL mozilla::dom::Element::GetScrollFrame(nsIFrame**) content/base/src/Element.cpp 12 XUL mozilla::dom::ElementBinding::get_scrollLeft obj-firefox/x86_64/dist/include/mozilla/dom/Element.h 13 XUL mozilla::dom::ElementBinding::genericGetter obj-firefox/x86_64/dom/bindings/ElementBinding.cpp 14 XUL js::ion::DoCallNativeGetter js/src/ion/BaselineIC.cpp 15 @0x1000f8aab 16 XUL js::ion::DebugPrologue(JSContext*, js::ion::BaselineFrame*, int*) js/src/ion/VMFunctions.cpp More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=nsAnimationManager%3A%3ABuildAnimations%28nsStyleContext*%2C+nsTArray%3CElementAnimation%3E%26%29
Comment 1•11 years ago
|
||
My crash report: https://crash-stats.mozilla.com/report/index/7ada4189-cc51-429a-8e3f-903772130730 Test case for this: 1. Install Firebug 1.11.4 from addons.mozilla.org 2. Open Firebug at http://www.dropzonejs.com/ 3. Enable and switch to the Net panel 4. Drag a big file (in my case it was around 200MB) into the first "Drop files to upload" area The crash signature is not always the same. Sometimes I get the signature of bug 542120. Sebastian
Reporter | ||
Updated•11 years ago
|
Keywords: reproducible
Reporter | ||
Updated•11 years ago
|
status-firefox26:
--- → affected
Keywords: regressionwindow-wanted
I'm not sure if the steps in comment 1 are valid anymore as I cannot reproduce this as described in Firefox 25.0b1. Sebastian, can you please give this another go and report your results? By the way, looking at recent crash-stats this is pretty low volume, 3 crashes on Firefox 24.0 and 2 crashes on Firefox 23.0.1 in the last week (no crashes reported for any other version).
Flags: needinfo?(sebastianzartner)
Comment 3•11 years ago
|
||
I also can't reproduce my steps anymore using Firefox 24.0/25.0/26.0a2/27.0a1 + Firebug 1.12.2. Though I need to say that I'm also currently testing on another system. Later I'll test on the original system I tested before and check if the problem is also gone there. So I don't clear the 'needinfo' flag yet. Sebastian
Comment 4•11 years ago
|
||
Hmm, on the other machine there are still crashes, though with different signatures: https://crash-stats.mozilla.com/report/index/2e8f030c-f8da-4408-86f1-095aa2130926 https://crash-stats.mozilla.com/report/index/1bc34cc1-a643-48a4-b59d-f3f262130926 https://crash-stats.mozilla.com/report/index/775058cc-fba4-4ccd-8c31-528052130926 I need to do one additional step to trigger the crash, though. I am moving the mouse over the request's "Size" column within Firebug's Net panel. (Didn't try that at the other machine before.) Sebastian
Flags: needinfo?(sebastianzartner)
My steps: 1. Install Firefox 24.0 and start with a new profile 2. Install Firebug from https://addons.mozilla.org/en-US/firefox/addon/firebug 3. Open a new tab to http://www.dropzonejs.com/ 4. Open Firebug, click the Net tab and click the Enable link 5. Drag a 258MB text file onto the drop zone > RESULT: Crash IMPORTANT: This crash only reproduces if the Net panel is not enabled before loading Dropzone. If it's already enabled the browser will hang for a bit while the file is loaded but ultimately recovers. Note that as per step 1 this bug affects Firefox 24 as well. I will try to see if this goes back even further.
Version: 25 Branch → 24 Branch
FWIW, I can reproduce this on any page, even about:home and I can reproduce this going back to Firefox 20 so far but only with Firebug installed. I'm starting to think this is Firebug's bug. I'm not convinced this is a regression at this point. Perhaps the signature first showed up in Firefox 25 but the crashing situation did not. Unfortunately I cannot confirm 100% since my crash reports are returning "report could not be located" even though they've been submitted. Sebastian, if you have evidence that this is definitely a Firefox regression I think you'll need to provide the regression window. We have a tool for this: http://mozilla.github.io/mozregression/
Comment 7•11 years ago
|
||
My latest crash reports also don't show up.
I tried on my Win 8.1 machine again now and it also crashed. Though I always has to hover the "Size" column for the request within the Net panel.
FWIW I reproduced my test case again on the other machine and it also crashes for me, though only when I hover the "Size" column within the Net panel.
> FWIW, I can reproduce this on any page, even about:home
What are the exact steps there?
Sebastian
(In reply to Sebastian Zartner from comment #7) > > FWIW, I can reproduce this on any page, even about:home > What are the exact steps there? 1. Install Firefox 24.0 and start with a new profile 2. Install Firebug from https://addons.mozilla.org/en-US/firefox/addon/firebug 3. Load about:home in the current tab 4. Open Firebug, click the Net tab and click the Enable link 5. Drag a 258MB text file into content
Watching the process in Task Manager the memory usage grows quite rapidly -- this could be generic OOM situation.
Updated•9 years ago
|
Crash Signature: [@ nsAnimationManager::BuildAnimations(nsStyleContext*, nsTArray<ElementAnimation>&)] → [@ nsAnimationManager::BuildAnimations(nsStyleContext*, nsTArray<ElementAnimation>&)]
[@ nsAnimationManager::BuildAnimations]
Comment 10•9 years ago
|
||
No recent crash reports with this signature. Can you still reproduce this, Anthony?
Flags: needinfo?(anthony.s.hughes)
Comment 11•9 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #10) > No recent crash reports with this signature. Can you still reproduce this, > Anthony? No, the crash does not reproduce in the latest Nightly.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(anthony.s.hughes)
Resolution: --- → INCOMPLETE
Updated•9 years ago
|
Keywords: regressionwindow-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•