Closed Bug 1444373 Opened 2 years ago Closed 2 years ago
Crash in Mac
IOSurface::CGLTex Image IOSurface2D
59 bytes, text/x-review-board-request
Bug 1444373 - Update mBounds on mPopupContentView every time mBounds on the containing window changes.
59 bytes, text/x-review-board-request
This bug was filed from the Socorro interface and is report bp-9687e240-f8ca-42ae-bd39-6ef8c0180308. ============================================================= Top 10 frames of crashing thread: 0 XUL MacIOSurface::CGLTexImageIOSurface2D gfx/2d/MacIOSurface.cpp:424 1 XUL mozilla::widget::RectTextureImage::BindIOSurfaceToTexture widget/cocoa/RectTextureImage.mm:165 2 XUL mozilla::widget::RectTextureImage::Draw widget/cocoa/RectTextureImage.mm:111 3 XUL nsChildView::DoRemoteComposition widget/cocoa/nsChildView.mm:2831 4 XUL nsChildView::StartRemoteDrawingInRegion widget/cocoa/nsChildView.mm:2782 5 XUL mozilla::layers::BasicCompositor::BeginFrame gfx/layers/basic/BasicCompositor.cpp:928 6 XUL mozilla::layers::LayerManagerComposite::Render gfx/layers/composite/LayerManagerComposite.cpp:918 7 XUL mozilla::layers::LayerManagerComposite::UpdateAndRender gfx/layers/composite/LayerManagerComposite.cpp:534 8 XUL mozilla::layers::LayerManagerComposite::EndTransaction gfx/layers/composite/LayerManagerComposite.cpp:464 9 XUL mozilla::layers::CompositorBridgeParent::CompositeToTarget gfx/layers/ipc/CompositorBridgeParent.cpp:1044 ============================================================= this browser crash signature from macos users is spiking up on nightly starting with 60.0a1 build 20180308100121. the changelog to the build published before that would be https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a859a4b2257e6c61f7c2aab456cf551df856bd95&tochange=a6a32fb286fa9e5d5f6d5b3b77423ab6b96c9502
Comments: *I am trying to open a tab inside an email from Allianz Global Assistance (insurance coverage or Amtrak) labeled “contact us.” The tab gives me a web address but when I click on that, Firefox crashes. The same sequence has yielded the same result 4 times. Sorry. Help! *Clicking on Tunnel Bear extension icon always crashes Firefox Nightly, yes, I’m up to date currently *Still crashing when click on addon icon which normally shows a menu. *Clicked on Persona Plus icon. Crash followed. Disabled, closed Nightly, enalbled still carashed. Total of 3 tmes and out.
Stephen can you take a look here? It sounds like a reproducible issue and we may be able to pin down the regression range. Probably too late to fix in 59.
Bug 1385403 seems like the likely culprit.
Flags: needinfo?(spohl.mozilla.bugs) → needinfo?(kmaglione+bmo)
I'm going to take a look at this one, too.
Assignee: nobody → mstange
Status: NEW → ASSIGNED
This is easily reproducible by setting layers.acceleration.disabled to true, restarting, and opening a panel from a remote WebExtension. The problem is that nsChildView::StartRemoteDrawingInRegion uses mBounds as the view rect, but mBounds does not accurately reflect the view's bounds. Instead, it's empty, so creating the IOSurface inside mBasicCompositorImage->BeginUpdate(renderSize, dirtyRegion); fails, and then later we attempt to bind a null IOSurface.
Comment on attachment 8966392 [details] Bug 1444373 - Don't crash when trying to draw an empty RectTextureImage. https://reviewboard.mozilla.org/r/235092/#review240782
Attachment #8966392 - Flags: review?(matt.woodrow) → review+
Comment on attachment 8966393 [details] Bug 1444373 - Update mBounds on mPopupContentView every time mBounds on the containing window changes. https://reviewboard.mozilla.org/r/235094/#review240804
Attachment #8966393 - Flags: review?(spohl.mozilla.bugs) → review+
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/49a092b664a6 Update mBounds on mPopupContentView every time mBounds on the containing window changes. r=spohl https://hg.mozilla.org/integration/autoland/rev/74863f508a8c Don't crash when trying to draw an empty RectTextureImage. r=mattwoodrow
Is this something we should consider for backport to 60 or can it ride the 61 train to release? Crash volume looks pretty low.
We only have OOP extensions enabled for non-release builds on OS-X in 60, so there probably isn't much point in backporting. It will only affect dev edition users, and only for a couple more weeks.
Good enough for me, thanks.
Issue was reproduced on Firefox 60.0a1 (20180201100326). Retested and verified in Firefox 60.0a1 (20180424013604) on Mac OS 10.13.3.
Updated correct FF version. Issue was reproduced on Firefox 60.0a1 (20180201100326). Retested and verified in Firefox 61.0a1 (20180424013604) on Mac OS 10.13.3.
You need to log in before you can comment on or make changes to this bug.