Closed
Bug 1406729
Opened 8 years ago
Closed 8 years ago
Crash in mozilla::layers::ClientLayerManager::ClientLayerManager
Categories
(Core :: Graphics: Layers, defect, P3)
Tracking
()
RESOLVED
DUPLICATE
of bug 1391262
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox56 | --- | wontfix |
| firefox57 | --- | wontfix |
| firefox58 | --- | fixed |
People
(Reporter: philipp, Assigned: kechen)
Details
(Keywords: crash, regression, Whiteboard: [gfx-noted])
Crash Data
This bug was filed from the Socorro interface and is
report bp-24a4feb4-762d-4519-a1aa-a72dc0171007.
=============================================================
Crashing Thread (0)
Frame Module Signature Source
0 xul.dll mozilla::layers::ClientLayerManager::ClientLayerManager(nsIWidget*) gfx/layers/client/ClientLayerManager.cpp:112
1 xul.dll mozilla::widget::PuppetWidget::GetLayerManager(mozilla::layers::PLayerTransactionChild*, mozilla::layers::LayersBackend, nsIWidget::LayerManagerPersistence) widget/PuppetWidget.cpp:609
2 xul.dll mozilla::dom::TabChild::ClearCachedResources() dom/ipc/TabChild.cpp:3112
3 xul.dll mozilla::dom::TabChild::MakeHidden() dom/ipc/TabChild.cpp:2905
4 xul.dll mozilla::dom::TabChild::InternalSetDocShellIsActive(bool, bool) dom/ipc/TabChild.cpp:2651
5 xul.dll mozilla::dom::TabChild::RecvSetDocShellIsActive(bool const&, bool const&, unsigned __int64 const&) dom/ipc/TabChild.cpp:2679
6 xul.dll mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) ipc/ipdl/PBrowserChild.cpp:4655
7 xul.dll mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) ipc/ipdl/PContentChild.cpp:4920
8 xul.dll mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) ipc/glue/MessageChannel.cpp:2119
9 xul.dll mozilla::ipc::MessageChannel::DispatchMessageW(IPC::Message&&) ipc/glue/MessageChannel.cpp:2049
10 xul.dll mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) ipc/glue/MessageChannel.cpp:1895
11 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run() ipc/glue/MessageChannel.cpp:1928
12 xul.dll mozilla::SchedulerGroup::Runnable::Run() xpcom/threads/SchedulerGroup.cpp:396
13 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1039
14 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:97
15 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:301
16 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:319
17 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:299
18 xul.dll nsBaseAppShell::Run() widget/nsBaseAppShell.cpp:158
19 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp:230
20 xul.dll XRE_RunAppShell() toolkit/xre/nsEmbedFunctions.cpp:880
21 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:269
22 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:319
23 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:299
24 xul.dll XRE_InitChildProcess(int, char** const, XREChildData const*) toolkit/xre/nsEmbedFunctions.cpp:705
25 xul.dll mozilla::BootstrapImpl::XRE_InitChildProcess(int, char** const, XREChildData const*) toolkit/xre/Bootstrap.cpp:65
26 firefox.exe content_process_main(mozilla::Bootstrap*, int, char** const) ipc/contentproc/plugin-container.cpp:63
27 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:115
28 firefox.exe __scrt_common_main_seh f:/dd/vctools/crt/vcstartup/src/startup/exe_common.inl:253
29 kernel32.dll BaseThreadInitThunk
30 ntdll.dll __RtlUserThreadStart
31 ntdll.dll _RtlUserThreadStart
this crash signature is regressing (at least in volume) on windows since firefox 56 - the first recorded crash on nightly was in 56.0a1 build 20170617030206.
|
||
Comment 1•8 years ago
|
||
Not high volume, looks like this is often a content crash, wontfix for 56. We could still potentially take a patch in 57.
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → kechen
|
|
Assignee | |
Comment 2•8 years ago
|
||
It's a null pointer access problem for sCompositorBridge[1]. This parameter can only be null before CompositorBridgeChild::InitForContent is called or after gfxPlatform::ShutdownLayersIPC is called.
And according to the crash reports[2], GPU process is killed and fallback to UI/Content process model when the crash happened.
However, at both cases, we shouldn't receive SetDocShellIsActive. Still investigating.
[1] http://searchfox.org/mozilla-central/rev/a984558fa2bbde6492d3fb918496fc0b0835b2ce/gfx/layers/ipc/CompositorBridgeChild.cpp#79
[2] https://crash-stats.mozilla.com/report/index/672ecdba-213d-4e8b-b276-d03790171015#tab-metadata
|
||
Updated•8 years ago
|
Priority: -- → P3
Whiteboard: [gfx-noted]
|
||
Comment 3•8 years ago
|
||
Because of low crash volume, we will address this on FF 58.
|
|
Assignee | |
Comment 4•8 years ago
|
||
I think this root cause of problem is the same as Bug 1391262, so I will mark this as a duplicate and keep monitoring if there are any new crashes after the fix.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 5•8 years ago
|
||
Looks like bug 1391262 fixed it - no crashes in 58 release so far.
You need to log in
before you can comment on or make changes to this bug.
Description
•