Closed
Bug 1443187
Opened 6 years ago
Closed 6 years ago
Crash in mozilla::layers::APZCTreeManager::NotifyLayerTreeAdopted
Categories
(Core :: Panning and Zooming, defect, P3)
Tracking
()
RESOLVED
FIXED
mozilla60
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox58 | --- | unaffected |
| firefox59 | --- | unaffected |
| firefox60 | --- | fixed |
People
(Reporter: marcia, Assigned: kats)
References
Details
(Keywords: crash, regression, Whiteboard: [gfx-noted])
Crash Data
Attachments
(1 file)
This bug was filed from the Socorro interface and is report bp-87d321dc-94eb-4051-a4a7-2fcfa0180304. ============================================================= Seen while reviewing nightly crash data - crashes started using 20180303100406: http://bit.ly/2oIQmFo Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=b2a9a4bb5c94de179ae7a3f52fde58c0e2897498&tochange=8cced2a46f73238da13e41bcae8f6f801419bb7a Bug 1441916 landed in that timeframe. Top 10 frames of crashing thread: 0 xul.dll mozilla::layers::APZCTreeManager::NotifyLayerTreeAdopted gfx/layers/apz/src/APZCTreeManager.cpp:275 1 xul.dll mozilla::layers::CompositorBridgeParent::RecvAdoptChild gfx/layers/ipc/CompositorBridgeParent.cpp:1716 2 xul.dll mozilla::layers::PCompositorBridgeParent::OnMessageReceived ipc/ipdl/PCompositorBridgeParent.cpp:761 3 xul.dll mozilla::layers::PCompositorManagerParent::OnMessageReceived ipc/ipdl/PCompositorManagerParent.cpp:121 4 xul.dll mozilla::ipc::MessageChannel::DispatchAsyncMessage ipc/glue/MessageChannel.cpp:2133 5 xul.dll mozilla::ipc::MessageChannel::DispatchMessageW ipc/glue/MessageChannel.cpp:2063 6 xul.dll mozilla::ipc::MessageChannel::RunMessage ipc/glue/MessageChannel.cpp:1909 7 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1942 8 xul.dll MessageLoop::DoWork ipc/chromium/src/base/message_loop.cc:535 9 xul.dll base::MessagePumpForUI::DoRunLoop ipc/chromium/src/base/message_pump_win.cc:210 =============================================================
Flags: needinfo?(bugmail)
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 1•6 years ago
|
||
The crash seems to be because a layer tree is getting "adopted" but it doesn't have an oldApzSampler. The comment at [1] implies that it's possible for a document which has no presentation (and therefore no layer tree) to trigger an "adoption" message. In this case there would be no "old" APZSampler. So I guess we should handle that case more gracefully. [1] https://searchfox.org/mozilla-central/rev/bffd3e0225b65943364be721881470590b9377c1/layout/ipc/RenderFrameParent.cpp#225
|
|
Assignee | |
Comment 2•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=528d788c3add6c3b006bb7d2eaef678d8508f472
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Updated•6 years ago
|
Priority: -- → P3
Whiteboard: [gfx-noted]
|
||
Comment 4•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8956464 [details] Bug 1443187 - Avoid crashing if a previously-uncomposited layer tree gets adopted. https://reviewboard.mozilla.org/r/225362/#review231784 ::: gfx/layers/ipc/CompositorBridgeParent.cpp (Diff revision 1) > } > > - // We don't support moving a child from a APZ-enabled compositor to a > - // APZ-disabled compostior. The mOptions assertion above should already > - // ensure this, since APZ-ness is one of the things in mOptions. > - MOZ_ASSERT((oldApzSampler != nullptr) == (mApzSampler != nullptr)); Can we keep in place a weaker version of this assertion, like: if (oldApzSampler) { MOZ_ASSERT(mApzSampler); } ?
Attachment #8956464 -
Flags: review?(botond) → review+
|
|
Assignee | |
Comment 5•6 years ago
|
||
(In reply to Botond Ballo [:botond] from comment #4) > Can we keep in place a weaker version of this assertion, like: > > if (oldApzSampler) { > MOZ_ASSERT(mApzSampler); > } Sure, that seems reasonable.
| Comment hidden (mozreview-request) |
Pushed by kgupta@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/020eaf331263 Avoid crashing if a previously-uncomposited layer tree gets adopted. r=botond
|
||
Comment 8•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/020eaf331263
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
|
||
Updated•6 years ago
|
status-firefox58:
--- → unaffected
status-firefox59:
--- → unaffected
status-firefox-esr52:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•