Closed Bug 1440815 Opened 3 years ago Closed 3 years ago

Crash in [@ mozilla::layers::FixedSizeSmallShmemSectionAllocator::AllocShmemSection ]

Categories

(Core :: Graphics: WebRender, defect, P2)

x86_64
Linux
defect

Tracking

()

RESOLVED FIXED
mozilla61
Tracking Status
firefox-esr52 --- unaffected
firefox59 --- disabled
firefox60 --- disabled
firefox61 --- fixed

People

(Reporter: jan, Assigned: sotaro)

References

(Blocks 1 open bug)

Details

(Keywords: crash, nightly-community)

Crash Data

Attachments

(1 file, 2 obsolete files)

Nightly 60 x64 20180223100113 de_DE @ Debian Testing (KDE, Radeon RX480)
main profile: webrender.all, gpu-process, omtp, stylo-chrome, etc.

I closed some tabs and then the current open tab was an app tab which crashed then.

bp-6e8b21d7-3750-4cd4-aede-b672b0180223

> 0 	libxul.so 	mozilla::layers::FixedSizeSmallShmemSectionAllocator::AllocShmemSection 	gfx/layers/ipc/ISurfaceAllocator.cpp:96
> 1 	libxul.so 	mozilla::layers::ShmemTextureReadLock::ShmemTextureReadLock 	gfx/layers/client/TextureClient.cpp:1663
> 2 	libxul.so 	mozilla::layers::NonBlockingTextureReadLock::Create 	mfbt/RefPtr.h:649
> 3 	libxul.so 	mozilla::layers::TextureClient::EnableReadLock 	gfx/layers/client/TextureClient.cpp:595
> 4 	libxul.so 	mozilla::layers::PersistentBufferProviderShared::GetTextureClient 	gfx/layers/PersistentBufferProvider.cpp:387
> 5 	libxul.so 	mozilla::layers::ShareableCanvasRenderer::UpdateCompositableClient 	gfx/layers/ShareableCanvasRenderer.cpp:227
> 6 	libxul.so 	nsDisplayCanvas::CreateWebRenderCommands 	layout/generic/nsHTMLCanvasFrame.cpp:151
> 7 	libxul.so 	mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList 	gfx/layers/wr/WebRenderCommandBuilder.cpp:222
> 8 	libxul.so 	mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands 	gfx/layers/wr/WebRenderCommandBuilder.cpp:77
> 9 	libxul.so 	mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer 	gfx/layers/wr/WebRenderLayerManager.cpp:285
> 10 	libxul.so 	nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) [clone .cold.797] 	
> 11 	libxul.so 	nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) 	
> 12 	libxul.so 	mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) 	
> 13 	libxul.so 	nsViewManager::ProcessPendingUpdates() 	
> 14 	libxul.so 	nsViewManager::WillPaintWindow(nsIWidget*) 	
> 15 	libxul.so 	nsView::WillPaintWindow(nsIWidget*) 	
> 16 	libxul.so 	mozilla::widget::PuppetWidget::Paint 	widget/PuppetWidget.cpp:1074
> 17 	libxul.so 	mozilla::dom::TabChild::RecvRenderLayers 	dom/ipc/TabChild.cpp:2640
> 18 	libxul.so 	mozilla::dom::PBrowserChild::OnMessageReceived 	ipc/ipdl/PBrowserChild.cpp:4454
> 19 	libxul.so 	mozilla::dom::PContentChild::OnMessageReceived 	ipc/ipdl/PContentChild.cpp:5023
> 20 	libxul.so 	mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) 	
> 21 	libxul.so 	mozilla::ipc::MessageChannel::MessageTask::Run() 	
> 22 	libxul.so 	mozilla::SchedulerGroup::Runnable::Run 	xpcom/threads/SchedulerGroup.cpp:413
> 23 	libxul.so 	nsThread::ProcessNextEvent(bool, bool*) 	
> 24 	libxul.so 	NS_ProcessNextEvent 	xpcom/threads/nsThreadUtils.cpp:517
> 25 	libxul.so 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	
> 26 	libxul.so 	MessageLoop::Run() 	
> 27 	libxul.so 	nsBaseAppShell::Run 	widget/nsBaseAppShell.cpp:157
> 28 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:892
> 29 	libxul.so 	MessageLoop::Run() 	
> 30 	libxul.so 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:718
> 31 	firefox 	content_process_main 	ipc/contentproc/plugin-container.cpp:63
> 32 	firefox 	main.cold.3 	
> Ø 33 	libc-2.26.so 	libc-2.26.so@0x20f29 	
> 34 	firefox 	firefox@0x15fef 	
> 35 	firefox 	double_conversion::BignumDtoa(double, double_conversion::BignumDtoaMode, int, double_conversion::Vector<char>, int*, int*) 	
> 36 	firefox 	double_conversion::BignumDtoa(double, double_conversion::BignumDtoaMode, int, double_conversion::Vector<char>, int*, int*) 	
> 37 	firefox 	_start
There are some older Nightly 59 reports.
Assignee: nobody → sotaro.ikeda.g
(In reply to Jan Andre Ikenmeyer [:darkspirit] from comment #0)
> Nightly 60 x64 20180223100113 de_DE @ Debian Testing (KDE, Radeon RX480)
> main profile: webrender.all, gpu-process, omtp, stylo-chrome, etc.
> 
> I closed some tabs and then the current open tab was an app tab which
> crashed then.
> 
> bp-6e8b21d7-3750-4cd4-aede-b672b0180223
> 

From the crash stack, CompositorBridgeChild::GetTileLockAllocator() might return nullptr.
Attachment #8957486 - Flags: review?(nical.bugzilla)
Attachment #8957486 - Flags: review?(nical.bugzilla)
Attachment #8957486 - Attachment is obsolete: true
Attachment #8957489 - Flags: review?(nical.bugzilla)
Attachment #8957489 - Flags: review?(nical.bugzilla) → review+
Attachment #8957489 - Attachment is obsolete: true
Pushed by sikeda@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c65de777e53f
Add check to TextureClient::EnableReadLock() r=nical
https://hg.mozilla.org/mozilla-central/rev/c65de777e53f
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in before you can comment on or make changes to this bug.