Crash in [@ mozilla::ipc::ProcessLink::SendMessage | IPC_Message_Name=PWindowGlobal::Reply_DrawSnapshot]
Categories
(Core :: DOM: Content Processes, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox70 | --- | wontfix |
| firefox71 | --- | wontfix |
| firefox72 | --- | fixed |
People
(Reporter: jseward, Assigned: mattwoodrow)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
This bug is for crash report bp-6e4f6657-468a-4abe-8636-2a2c50191108.
This crash appears in 3 different installations in the Windows nightly
20191107215315.
Top 10 frames of crashing thread:
0 xul.dll void mozilla::ipc::ProcessLink::SendMessage ipc/glue/MessageLink.cpp:151
1 xul.dll mozilla::ipc::MessageChannel::Send ipc/glue/MessageChannel.cpp:1020
2 xul.dll mozilla::ipc::IProtocol::ChannelSend ipc/glue/ProtocolUtils.cpp:477
3 xul.dll void std::_Func_impl_no_alloc<`lambda at z:/task_1573163227/build/src/obj-firefox/ipc/ipdl/PWindowGlobalChild.cpp:518:45', void, mozilla::gfx::PaintFragment&&>::_Do_call
4 xul.dll mozilla::dom::WindowGlobalChild::RecvDrawSnapshot dom/ipc/WindowGlobalChild.cpp:359
5 xul.dll mozilla::dom::PWindowGlobalChild::OnMessageReceived ipc/ipdl/PWindowGlobalChild.cpp:548
6 xul.dll mozilla::dom::PContentChild::OnMessageReceived ipc/ipdl/PContentChild.cpp:8096
7 xul.dll void mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2130
8 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:2003
9 xul.dll mozilla::SchedulerGroup::Runnable::Run xpcom/threads/SchedulerGroup.cpp:295
|
Reporter | |
Updated•4 years ago
|
|
Assignee | |
Comment 1•4 years ago
|
||
It looks like we're failing to send the message because it's too large.
We're not using DrawSanpshot for anything outside of testing yet, so not a huge priority, but we probably need to put the recordings into shmem instead of serializing them into the IPC message.
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
||
Comment 2•4 years ago
|
||
Based on comment 1 I'm going to set it as fix-optional. Is that ok with you, Matt?
|
|
Assignee | |
Comment 3•4 years ago
|
||
Yes, fix-optional is totally the right thing for now.
|
||
Comment 4•4 years ago
|
||
The priority flag is not set for this bug.
:jimm, could you have a look please?
For more information, please visit auto_nag documentation.
|
||
Comment 5•4 years ago
|
||
Matt, people are reporting this issue for Marionette and geckodriver (bug 1598731) while testing websites with Selenium. Given that we switched with Marionette to this new Fission compatible API (bug 1559592) it is basically a bad regression for us.
|
|
||
Updated•4 years ago
|
|
||
Comment 6•4 years ago
|
||
This is more of a Fission issue, so I'm forwarding Jim's ni to Neha.
|
||
Updated•4 years ago
|
|
|
Assignee | |
Updated•4 years ago
|
|
|
||
Comment 7•4 years ago
|
||
:mattwoodrow, since this bug is a regression, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Comment 8•4 years ago
|
||
We serialize an empty sized fragment if memory allocation fails rather than failing serialization to avoid crashing.
CrossProcessPaint::ReceiveFragment checks for an empty fragment, and reports an error to the caller, so this can be handled.
Pushed by mwoodrow@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/493e233b6787 Use Shmem for gfx::PaintFragment so that we can handle serializing large images. r=rhunt
|
||
Updated•4 years ago
|
|
||
Comment 10•4 years ago
|
||
| bugherder | ||
|
|
||
Comment 11•4 years ago
|
||
Please note that I also just hit this crash with an older Nightly build when selecting the IRCCloud tab:
https://crash-stats.mozilla.org/report/index/04834c1c-7a0b-482d-9033-116ee0191129
Description
•