Closed Bug 1547986 Opened 6 years ago Closed 6 years ago

Crash in [@ RetainedDisplayListBuilder::PreProcessDisplayList ][@ nsDisplayList::~nsDisplayList]

Categories

(Core :: Web Painting, defect, P1)

Product:
Core
Component:
Web Painting
Platform:
Unspecified
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox66 --- unaffected
firefox67 --- unaffected
firefox68 --- fixed

People

(Reporter: calixte, Assigned: mattwoodrow)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1547986 - Don't early return in PreProcessDisplayList if we need to re-link the display list on exit. r?miko
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-0b0daa07-3db3-48c8-9917-5cc190190429.

Top 10 frames of crashing thread:

0 libxul.so nsDisplayList::~nsDisplayList layout/painting/nsDisplayList.h:3169
1 libxul.so RetainedDisplayListBuilder::PreProcessDisplayList layout/painting/RetainedDisplayListBuilder.cpp:272
2 libxul.so RetainedDisplayListBuilder::PreProcessDisplayList layout/painting/RetainedDisplayListBuilder.cpp:227
3 libxul.so RetainedDisplayListBuilder::PreProcessDisplayList layout/painting/RetainedDisplayListBuilder.cpp:227
4 libxul.so RetainedDisplayListBuilder::PreProcessDisplayList layout/painting/RetainedDisplayListBuilder.cpp:227
5 libxul.so RetainedDisplayListBuilder::PreProcessDisplayList layout/painting/RetainedDisplayListBuilder.cpp:227
6 libxul.so RetainedDisplayListBuilder::PreProcessDisplayList layout/painting/RetainedDisplayListBuilder.cpp:227
7 libxul.so RetainedDisplayListBuilder::AttemptPartialUpdate layout/painting/RetainedDisplayListBuilder.cpp:1400
8 libxul.so nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:3829
9 libxul.so mozilla::PresShell::Paint layout/base/PresShell.cpp:6078

There are 5 crashes (from 3 installations) in nightly 68 with buildid 20190429095544. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1544948.

[1] https://hg.mozilla.org/mozilla-central/rev?node=900ceaf4d39c

Flags: needinfo?(matt.woodrow)

https://www.lightningmaps.org/ crashes after a while with this assertion.

Thanks Emilio! Looks like the current signature is just the Android one, but we have similar crashes on OSX (and almost certainly all platforms).

Assignee: nobody → matt.woodrow
Crash Signature: [@ nsDisplayList::~nsDisplayList] → [@ nsDisplayList::~nsDisplayList] [@ RetainedDisplayListBuilder::PreProcessDisplayList ]
Flags: needinfo?(matt.woodrow)
Priority: -- → P1
Summary: Crash in [@ nsDisplayList::~nsDisplayList] → Crash in [@ RetainedDisplayListBuilder::PreProcessDisplayList ][@ nsDisplayList::~nsDisplayList]

This early return is just an optimization to prevent the DAG from becoming too complex, and if we're keeping the list linked, then we know it won't be getting more complex on the current paint.
Future paints that actually modify the list will still take this path.

Pushed by mwoodrow@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/984c175f86f9 Don't early return in PreProcessDisplayList if we need to re-link the display list on exit. r=miko

https://hg.mozilla.org/mozilla-central/rev/984c175f86f9

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox68: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: