Closed
Bug 1114976
Opened 9 years ago
Closed 9 years ago
crash in mozilla::AtomicRefCountedWithFinalize<mozilla::layers::TextureClient>::Release()
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
VERIFIED
FIXED
mozilla38
People
(Reporter: adalucinet, Assigned: mattwoodrow)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
1.13 KB,
patch
|
nical
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-fdd22aea-6823-47b6-9ecf-8670e2141223. ============================================================= More reports: https://crash-stats.mozilla.com/signature/?signature=mozilla%3A%3AAtomicRefCountedWithFinalize%3Cmozilla%3A%3Alayers%3A%3ATextureClient%3E%3A%3ARelease%28%29&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&page=1 Steps to reproduce: 1. Navigate to http://www.ebizmba.com/articles/best-html5-websites 2. In new tabs, open Three Dreams of Black and The Wilderness Downtown Notes: 1. Reproduced on Windows 7 64-bit with Firefox 35 beta 6 (Build ID: 20141222200458); not reproducible on Mac OS X 10.9.5.
Comment 1•9 years ago
|
||
Can you reproduce this with older versions of Firefox as well?
Reporter | ||
Comment 2•9 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #1) > Can you reproduce this with older versions of Firefox as well? Yes, reproduced with 31 beta 1 on Windows 7 32-bit: bp-7c961905-598c-40a1-bc13-a37e22141224
Comment 3•9 years ago
|
||
Thanks, this not being a regression makes it less crucial for release tracking.
Comment 4•9 years ago
|
||
Also effects Nightly
Comment 5•9 years ago
|
||
This signature showed up on today's beta explosive report: https://crash-analysis.mozilla.com/rkaiser/2015-01-29/2015-01-29.firefox.36.explosiveness.html with 30 crashes.
Yes, this exploded on 36 beta and most of the URLs are on youtube. Should this block the MSE bug? It looks like this==0x4 in the Release frame. The cause of this may be pretty distant from the point of crash so it's hard to say who should look at it. Matt, as someone who's worked in both gfx and media, maybe you can route this to an owner.
Crash Signature: [@ mozilla::AtomicRefCountedWithFinalize<mozilla::layers::TextureClient>::Release()] → [@ mozilla::AtomicRefCountedWithFinalize<mozilla::layers::TextureClient>::Release()]
[@ xul.dll@0x2571d5 | xul.dll@0x407471 | xul.dll@0x4df94e | xul.dll@0x152654 | xul.dll@0x152a83 | xul.dll@0x774fcb | xul.dll@0x1ae0b13 ]
Flags: needinfo?(matt.woodrow)
This may be the aftereffects of an OOM allocation failure. The reports are all very low on available address space.
Updated•9 years ago
|
status-firefox36:
--- → affected
tracking-firefox36:
--- → +
Assignee | ||
Comment 8•9 years ago
|
||
I'm having real trouble figuring out where the 0x4 comes from. The origin of this value is an nsRefPtr<> that we only ever assign with the result of new, or nullptr. I've also confirmed with a debugger that mRecycleCallback is at |this+0|. Other than that it just looks like an allocation failure.
Flags: needinfo?(matt.woodrow)
Assignee | ||
Comment 9•9 years ago
|
||
Nevermind, AtomicRefCountedWithFinalize<> is located at |this+4| in TextureClient (though I'm not entirely sure why). So, ImageBridgeChild::DispatchReleaseTextureClient is getting called with aClient == nullptr.
Assignee | ||
Comment 10•9 years ago
|
||
Assignee: nobody → matt.woodrow
Attachment #8558771 -
Flags: review?(nical.bugzilla)
Updated•9 years ago
|
Attachment #8558771 -
Flags: review?(nical.bugzilla) → review+
Assignee | ||
Comment 11•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/29495c25a811
Comment 12•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/29495c25a811
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox38:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Comment 13•9 years ago
|
||
Comment on attachment 8558771 [details] [diff] [review] Don't try to release null TextureClients Approval Request Comment [Feature/regressing bug #]: [User impact if declined]: Crashes. [Describe test coverage new/current, TreeHerder]: None. [Risks and why]: Not risky at all, just early-return in a case where we'd crash. [String/UUID change made/needed]: None.
Attachment #8558771 -
Flags: approval-mozilla-beta?
Attachment #8558771 -
Flags: approval-mozilla-aurora?
Updated•9 years ago
|
Attachment #8558771 -
Flags: approval-mozilla-beta?
Attachment #8558771 -
Flags: approval-mozilla-beta+
Attachment #8558771 -
Flags: approval-mozilla-aurora?
Attachment #8558771 -
Flags: approval-mozilla-aurora+
Comment 14•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/9a2113fcfa39 https://hg.mozilla.org/releases/mozilla-beta/rev/74c4e5bdde78
status-firefox37:
--- → fixed
Updated•9 years ago
|
Flags: qe-verify+
Crash Signature: [@ mozilla::AtomicRefCountedWithFinalize<mozilla::layers::TextureClient>::Release()]
[@ xul.dll@0x2571d5 | xul.dll@0x407471 | xul.dll@0x4df94e | xul.dll@0x152654 | xul.dll@0x152a83 | xul.dll@0x774fcb | xul.dll@0x1ae0b13 ] → [@ mozilla::AtomicRefCountedWithFinalize<mozilla::layers::TextureClient>::Release()]
[@ xul.dll@0x2571d5 | xul.dll@0x407471 | xul.dll@0x4df94e | xul.dll@0x152654 | xul.dll@0x152a83 | xul.dll@0x774fcb | xul.dll@0x1ae0b13 ]
[@ xul.dll@0x3e6f24 | xul.dll@0…
Comment 16•9 years ago
|
||
Verified as fixed with 36 beta 7 (Build ID: 20150205114429), Aurora 37.0a2 (Build ID: 20150208004039) and Nightly 38.0a1 (Build ID: 20150208030206) on Windows 7 64-bit (2 different machines - AMD 760G and nVIDIA GeForce 620 video cards) and Windows 8.1 64-bit (AMD Radeon HD 6450 video card). No crashes present in Socorro after this fix landed.
Status: RESOLVED → VERIFIED
QA Contact: cornel.ionce
You need to log in
before you can comment on or make changes to this bug.
Description
•