Closed Bug 1575498 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::layers::CompositorBridgeParent::RecvAdoptChild]

Categories

(Core :: Panning and Zooming, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla70
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox68 --- unaffected
firefox69 --- unaffected
firefox70 --- fixed

People

(Reporter: calixte, Assigned: botond)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

This bug is for crash report bp-8b986966-ed4d-4a66-b0aa-408dd0190821.

Top 10 frames of crashing thread:

0 XUL mozilla::layers::CompositorBridgeParent::RecvAdoptChild gfx/layers/ipc/CompositorBridgeParent.cpp:1698
1 XUL mozilla::layers::PCompositorBridgeParent::OnMessageReceived ipc/ipdl/PCompositorBridgeParent.cpp:1092
2 XUL mozilla::layers::PCompositorManagerParent::OnMessageReceived ipc/ipdl/PCompositorManagerParent.cpp:197
3 XUL mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2184
4 XUL mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1986
5 XUL MessageLoop::DoWork ipc/chromium/src/base/message_loop.cc:523
6 XUL base::MessagePumpDefault::Run ipc/chromium/src/base/message_pump_default.cc:35
7 XUL base::Thread::ThreadMain ipc/chromium/src/base/thread.cc:192
8 XUL ThreadFunc ipc/chromium/src/base/platform_thread_posix.cc:40
9 libsystem_pthread.dylib _pthread_body 

There are 2 crashes (from 2 installations) in nightly 70 with buildid 20190820215247. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1565525.

[1] https://hg.mozilla.org/mozilla-central/rev?node=71b6b2fc33cb

Flags: needinfo?(botond)

The line of the crash is the GetGeckoContentControllerForRoot() call added in bug 1565525. I guess the call is inlined, and the crash is somewhere inside that function or its callees.

Looking at what that function does, the only place I see where we could potentiall crash is it state->mParent is null here.

Assignee: nobody → botond
Flags: needinfo?(botond)

I notice RecvAdoptChild null-checks mParent later on, so perhaps that's a necessary thing to do.

Priority: -- → P1
Pushed by bballo@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ae871e76cfae
Null-check state->mParent in GetStateForRoot(). r=hsivonen
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
See Also: → 1575833
You need to log in before you can comment on or make changes to this bug.